CyberWire Daily

Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4 and host of the 8th Layer Insights podcast, sits down to share his story trying different paths, before ultimately switching over to the cyber industry. After trying to go down the paths of music and law and finding neither were what he wanted to do, he decided to take an internship to get more into computer programming. That led him to getting his first job. After his first job, he moved onto other big name companies like Walmart, Alltel, and Gartner, and landing finally with KnowBe4. He compares his work to working with music, when he initially wanted to begin making music early in his career. He says "I think for me, when it was the kind of the connection between music and computing is that whenever you're kind of joining things together or at a, a musical scale to make chords, or whenever you're adding different, um, instruments and octaves together or timbers together to get some kind of bigger result." We thank Perry for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week our guests are, Larry Cashdollar, Chad Seaman and Allen West from Akamai Technologies, and they are discussing their research on "Uncovering HinataBot: A Deep Dive into a Go-Based Threat." The team discovered a new Go-based, DDoS-focused botnet. They found it was named after the popular anime show "Naruto," they are calling it "HinataBot"In the research it says "HinataBot was seen being distributed during the first three months of 2023 and is actively being updated by the authors/operators." Akamai was able to get a deep look into the malware works by using a combination of reverse engineering the malware and imitating the command and control (C2) server.The research can be found here:Uncovering HinataBot: A Deep Dive into a Go-Based Threat Learn more about your ad choices. Visit megaphone.fm/adchoices

Cl0p and LockBit exploit PaperCut vulnerability in ransomware campaigns. Infostealer traded in the C2C market. All ads are trying to get your money, but some just take it. CISA requests comment on software self-attestation form. Our guest is Marcin Kleczynski, CEO of Malwarebytes, sharing thoughts on the current threat landscape, attacks on students and academic institutions. Betsy Carmelite from Booz Allen, discussing themes from the RSAC tied into critical infrastructure resilience. Ukraine argues that cyberattacks against civilian infrastructure should be classified as war crimes. And are there any genuine disinterested hacktivists on Russia's side, or are they all fronts?For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/82Selected reading.Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware (The Hacker News)Microsoft: Clop and LockBit ransomware behind PaperCut server hacks (BleepingComputer) ​New 'Atomic macOS Stealer' Malware Offered for $1,000 Per Month (SecurityWeek) “Malverposting” — With Over 500K Estimated Infections, Facebook Ads Fuel This Evolving Stealer… (Guardio)Request for Comment on Secure Software Self-Attestation Common Form (CISA)OMB, CISA set to release common form for software self-attestation (FCW)Pro-Russian hacktivism isn’t real, top Ukrainian cyber official says (CyberScoop)Pro-Russian hacktivism isn't real, top Ukrainian cyber official says (CyberScoop)  Learn more about your ad choices. Visit megaphone.fm/adchoices

Google targets CryptBot malware infrastructure. FIN7 attacked Veeam servers to steal credentials. Ransomware-as-a-service offering threatens Linux systems. Evasive Panda targets NGOs in China. Anonymous Sudan is active against targets in Israel. Russian ransomware operations aim at disrupting supply chains into Ukraine. Our guest is Stuart McClure, CEO of Qwiet AI. Microsoft’s Ann Johnson stops by with her take on the RSA conference. And bots want new kicks.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/81Selected reading.Continuing our work to hold cybercriminal ecosystems accountable (Google)Google Disrupts Massive CryptBot Malware Operation (Decipher)Google disrupts malware that steals sensitive data from Chrome users (TechCrunch) FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability (SecurityWeek)RTM Locker Ransomware as a Service (RaaS) Now on Linux (Uptycs) Evasive Panda APT group delivers malware via updates for popular Chinese software (WeLiveSecurity) NSA sees 'significant' Russian intel gathering on European, U.S. supply chain entities (CyberScoop) Ukraine at D+427: Russian cyberattacks and disinformation before Ukraine's spring offensive. (CyberWire)Releasing leak suspect a national security risk, feds say (AP NEWS)Pentagon leak suspect may still have access to classified info, court filings allege (the Guardian) Netacea Quarterly Index: Top 5 Scalper Bot Targets of Q1 2023 (Netacea) Learn more about your ad choices. Visit megaphone.fm/adchoices

BellaCiao is malware from Iran's IRGC, while PingPull is malware used by the Chinese government affiliated Tarus Group. Ransomware continues to be a pervasive international threat. An overview of hacktivism. Our guest is CyberMindz founder Peter Coroneos, discussing the importance of mental health in cybersecurity. Johannes Ullrich shares insights from his RSAC panel discussions. And Ukraine continues to collect evidence of Russian war crimes.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/80Selected reading.Unpacking BellaCiao: A Closer Look at Iran’s Latest Malware (Bitdefender Blog)Chinese Alloy Taurus Updates PingPull Malware (Unit 42)Abuse of the Service Location Protocol May Lead to DoS Attacks (Cybersecurity and Infrastructure Security Agency CISA)#RSAC: Ransomware Poses Growing Threat to Five Eyes Nations (Infosecurity Magazine)Hacktivism Unveiled, April 2023 Insights into the footprints of hacktivists (Radware)FBI aiding Ukraine in collection of digital and physical war crime evidence (CyberScoop) Learn more about your ad choices. Visit megaphone.fm/adchoices

BlackCat (ALPHV) follows Cl0p, exploiting the GoAnywhere MFA vulnerability. The Mirai botnet exploits a vulnerability disclosed at Pwn2Own. An RSAC presentation describes US response to Russian prewar and wartime cyber operations. The US Department of Homeland Security outlines cyber priorities. Andrea Little Limbago from Interos shares insights from her RSAC 2023 panels. US indicts, sanctions DPRK operators in crypto-laundering campaign. Our guest is Marc van Zadelhoff, CEO of Devo, with insights from the conference. And the latest on KillNet.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/79Selected reading.BlackCat Ransomware Group Exploits GoAnywhere Vulnerability (At-Bay) Zero Day Initiative — TP-Link WAN-side Vulnerability CVE-2023-1389 Added to the Mirai Botnet Arsenal (Zero Day Initiative)Years after discovery of SolarWinds breach, Russian hackers could be struggling (Washington Post) U.S. deploys more cyber forces abroad to help fight hackers (Reuters)DHS Outlines Cyber Priorities in Release of Delayed Review (Nextgov.com) US sanctions supporters of North Korean hackers, Iranian cyberspace head (Record) North Korean Foreign Trade Bank Rep Charged for Role in Two Crypto Laundering Conspiracies (Department of Justice. U.S. Attorney's Office District of Columbia) Treasury Targets Actors Facilitating Illicit DPRK Financial Activity in Support of Weapons Programs (U.S. Department of the Treasury) Learn more about your ad choices. Visit megaphone.fm/adchoices

3CX is not the only victim in the recent supply chain attack. The PaperCut critical vulnerability is under active exploitation. The Bumblebee malware loader is buzzing around in the wild. A new unique malware toolkit called Decoy Dog. Rick Howard, CSO from N2K Networks, shares RSA Conference predictions and talks about his new book, "Cybersecurity First Principles." Our guest Theresa Lanowitz from AT&T Cybersecurity shares insights on Securing the Edge. And the alleged Discord Papers leaker shared earlier and more widely than previously known.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/78Selected reading.3CX Hackers Also Compromised Critical Infrastructure Firms (Infosecurity Magazine)That 3CX supply chain attack keeps getting worse (Register)Energy sector orgs in US, Europe hit by same supply chain attack as 3CX (Record) Even more victims found in complex 3CX supply chain attack (CybersecurityConnect) X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe (Symantec Enterprise Blogs) URGENT | PaperCut MF/NG vulnerability bulletin (March 2023) (PaperCut)PaperCut CVE-2023-27350 Deep Dive and Indicators of Compromise (Horizon3.ai) Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers (The Hacker News) CISA KEV Breakdown | April 21, 2023 (Nucleus Security)CISA Adds Three Known Exploited Vulnerabilities to Catalog (Cybersecurity and Infrastructure Security Agency CISA)CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug (The Hacker News) CISA adds printer bug, Chrome zero-day and ChatGPT issue to exploited vulnerabilities catalog (Record)Bumblebee Malware Distributed Via Trojanized Installer Downloads (Secureworks).Google ads push BumbleBee malware used by ransomware gangs (BleepingComputer) Bumblebee malware infects victims via fake Zoom, Cisco and ChatGPT software installers (Record) Decoy Dog malware toolkit found after analyzing 70 billion DNS queries (BleepingComputer) Analyzing DNS Traffic for Anomalous Domains and Threat Detection (Infoblox Blog) Airman Shared Sensitive Intelligence More Widely and for Longer Than Previously Known (New York Times) FBI leak investigators home in on members of private Discord server (Washington Post)From Discord to 4chan: The Improbable Journey of a US Intelligence Leak (bellingcat) Europe’s Planes Keep Flying Despite Cyberattack (Wall Street Journal) Learn more about your ad choices. Visit megaphone.fm/adchoices

Maria Varmazis, N2K's Space Correspondent and host of N2K's newest podcast T-Minus, sits down to share her journey on combining her two passions of space and cyber. Maria grew up wanting to be an astronomer, in school she focused on joining anything with technology and enjoyed the classes that made her think. After transferring to a new college, she went into journalism, absolutely falling in love with the new career path she had made for herself. She got herself a job at Sophos and that's where she learned about cybersecurity. Now she discusses cyber and space in her new podcast, combining her two passions into one for all to understand. Maria discusses some of the setbacks she overcame in this industry and shares the wise advice of "I would never pretend that failure isn't painful, but it is an incredible teaching tool. So if you feel like you've had a huge career fail or a really big misstep, you can still pivot from that and you can make that into something." We thank Maria for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

T-Minus Deep Space GuestScott Stalker, Command Senior Enlisted Leader at US Space Command, shares how the combatant command is adapting to new challenges in the digital era of space operations, new operational concepts, and building the force to deter aggression.You can follow US Space Command on LinkedIn and Twitter, and you can follow MGySgt Scott Stalker on LinkedIn.Remember to leave us a 5-star rating and review in your favorite podcast app.Miss an episode? Sign-up for our weekly intelligence briefing, Signals and Space, and you’ll never miss a beat.Audience SurveyWe want to hear from you! Please complete our wicked fast 4 question survey. It’ll help us get better and deliver you the most mission-critical space intel every day.Want to hear your company in the show?You too can reach the most influential leaders in the industry. Here’s a link to our media kit. Contact us at space@n2k.com to request more info about sponsoring T-Minus.Want to join us for an interview?Please send your interview pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal, and our editor will get back to you for scheduling.T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Shiran Guez from Akamai sits down with Dave to discuss their research on "Chatbots, Celebrities, and Victim Retargeting and Why Crypto Giveaway Scams Are Still So Successful." Researchers at Akamai have been on the lookout for crypto giveaway scams. These scams have been impersonating celebrities and brands, most notably Elon Musk and his associated companies.The research states "the scams are delivered through various social media platforms as well as direct messaging apps such as WhatsApp or Telegram." These scams have helped add to the existing damages that exceed $1 billion caused by crypto fraud.The research can be found here:Chatbots, Celebrities, and Victim Retargeting: Why Crypto Giveaway Scams Are Still So Successful Learn more about your ad choices. Visit megaphone.fm/adchoices