CyberWire Daily

Tanya Janca, CEO and Founder of We Hack Purple, sits down to talk about her exciting path into the field of cybersecurity. Trying several different paths in high school, she soon found she was good at computer science. When it came to picking a college, she knew that was the field she wanted to get into. After college, she was able to use her skills to work at a couple of different organizations, eventually getting into the Canadian government. While there, she held the position of CISO for the Canadian election in 2015 when Justin Trudeau was elected, but she knew she wanted to try something new. She switched from programming to security and after working at Microsoft as a presenter, she eventually found that she wanted to start her own company, saying "at first it was just me presenting, but now we have community members present to each other and it's just been really beautiful to see that grow." She hopes that with her and her community's help, nobody is left feeling unsafe when it comes to being online. Learn more about your ad choices. Visit megaphone.fm/adchoices

Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships.We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles, Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's take on the strategy. Following that conversation, Dave had a discussion with Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology at the National Security Council, for a look at the strategy from inside the White House.Links to resources: Point of View: 2023 National Cybersecurity Strategy The Chertoff Group's blog National Cybersecurity Strategy 2023 Learn more about your ad choices. Visit megaphone.fm/adchoices

On this episode, Jérôme Segura, senior threat researcher at Malwarebytes, shares his team's work, "WordPress sites backdoored with ad fraud plugin." WordPress is an immensely popular content management system (CMS) powering over 43% of all websites. Many webmasters will monetize their sites by running ads and need to draw particular attention to search engine optimization (SEO) techniques to maximize their revenues.The Malwarebytes team discovered a few dozen WordPress blogs using the same plugin that mimics human activity by automatically scrolling a page and following links within it, all the while a number of ads were being loaded and refreshed. The blogs would only exhibit this invalid traffic behavior when launched from a specific URL created by this plugin, otherwise they appeared completely legitimate.The research can be found here:WordPress sites backdoored with ad fraud plugin Learn more about your ad choices. Visit megaphone.fm/adchoices

A CISA tool helps secure Microsoft clouds.JCDC and pre-ransomware notification. CISA releases six ICS advisories. Reply phishing. Cl0p goes everywhere exploiting GoAnywhere. Russian electronic warfare units show the ability to locate Starlink terminals. Betsy Carmelite from Booz Allen Hamilton on the DoD's zero trust journey. Analysis of the National Cybersecurity strategy from our special guests, Adam Isles, Principal at the Chertoff Group and Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology with the National Security Council.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/57Selected reading.JCDC Cultivates Pre-Ransomware Notification Capability (Cybersecurity and Infrastructure Security Agency CISA)US cyber officials make urgent push to warn businesses about vulnerabilities to hackers (CNN)Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments | CISA (Cybersecurity and Infrastructure Security Agency CISA)New CISA tool detects hacking activity in Microsoft cloud services (BleepingComputer)CISA Releases Six Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA)The Microsoft Reply Attack (Avanan)More victims emerge from Fortra GoAnywhere zero-day attacks (Security | More Clop GoAnywhere attack victims emerge (SC Media) Mass-Ransomware Attack on GoAnywhere File Transfer Tool Exposes Companies Worldwide (Medium) City of Toronto confirms data theft, Clop claims responsibility (BleepingComputer) Canadian movie chain Cineplex among the victims of GoAnywhere MFT hack (Financial Post) Personal data of Rio Tinto's Aussie staff may have been hacked - memo (Reuters) Another GoAnywhere Attack Affects Japanese Giant Hitachi Energy (Heimdal Security Blog) Using Starlink Paints a Target on Ukrainian Troops (Defense One)As CISA chief notes lack of Russian cyberattacks against US, experts focus on enhancing nuclear reactor security (Utility Dive)Using Deception to Learn About Russian Threat Actors (Security Boulevard) Learn more about your ad choices. Visit megaphone.fm/adchoices

DPRK threat actor Kimsuky uses a Chrome extension to exfiltrate emails, while ScarCruft prospects South Korean organizations. Hacktivists' claims of attacks on OT networks may be overstated. Ghostwriter remains active in social engineering attempts to target Ukrainian refugees. Joe Carrigan has cyber crime by the numbers. Our guest is Christian Sorensen from SightGain with analysis of the cyber effects of Russia’s war.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/56Selected reading.North Korean hackers using Chrome extensions to steal Gmail emails (BleepingComputer)Joint Cyber Security Advisory (Korean) (BundesamtfuerVerfassungsschutz)North Korean APT group ‘Kimsuky’ targeting experts with new spearphishing campaign (Record)ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques (The Hacker News)The Unintentional Leak: A glimpse into the attack vectors of APT37 (Zscaler)CHM Malware Disguised as Security Email from a Korean Financial Company: Redeyes (Scarcruft) (ASEC BLOG) A Propaganda Group is Using Fake Emails to Target Ukrainian Refugees (Bloomberg) We (Did!) Start the Fire: Hacktivists Increasingly Claim Targeting of OT Systems | Mandiant (Mandiant)Fact or fiction, hacktivists' claims of industrial sabotage in Russia or Ukraine get attention online (CyberScoop)The 5×5—Conflict in Ukraine's information environment (Atlantic Council)How the Russia-Ukraine conflict has impacted cyber-warfare (teiss)CommonMagic APT gang attacking organisations in Ukraine (Tech Monitor) Learn more about your ad choices. Visit megaphone.fm/adchoices

Malware could detect sandbox emulations. A VEC supply chain attack. A new APT is active in Russian-occupied sections of Ukraine. An alleged Russian patriot claims responsibility for the D.C. Health Link attack. CISA and NSA offer guidance on identity and access management (IAM). Tim Starks from the Washington Post has analysis on the BreachForums takedown. Our guest is Ryan Heidorn from C3 Integrated Solutions with a look at the CMMC compliance timeline. And Baphomet backs out.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/55Selected reading.ZenGo uncovers security vulnerabilities in popular Web3 Transaction Simulation solutions: The red pill attack (ZenGo)Stopping a $36 Million Vendor Fraud Attack (Abnormal Intelligence) Bad magic: new APT found in the area of Russo-Ukrainian conflict (Securelist)Unknown actors target orgs in Russia-occupied Ukraine (Register)New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (The Hacker News)Partisan suspects turn on the cyber-magic in Ukraine (Cybernews)Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' (CyberScoop) CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management | CISA (Cybersecurity and Infrastructure Security Agency CISA) ESF Partners, NSA, and CISA Release Identity and Access Management Recommended Best Practi (National Security Agency/Central Security Service)Identity and Access Management: Recommended Best Practices for Administrators (NSA and CISA) CISA Releases Updated Cybersecurity Performance Goals (Cybersecurity and Infrastructure Security Agency CISA) CISA Releases Eight Industrial Control Systems Advisories | CISA (Cybersecurity and Infrastructure Security Agency CISA)End of BreachForums could take a bite out of cybercrime (Washington Post)BreachForums says it is closing after suspected law enforcement access to backend (Record) Learn more about your ad choices. Visit megaphone.fm/adchoices

Threat group with novel malware operates in Southeast Asia. Data theft extortion on the rise. Key findings of Cisco's Cybersecurity Readiness Index. iPhones are no longer welcome in the Kremlin. Russian cyber auxiliaries and privateers devote increased attention to the healthcare sector. Chris Eng from Veracode shares findings of their Annual Report on the State of Application Security. Johannes Ullrich from SANS Institute discusses scams after the failure of Silicon Valley Bank. And BreachForums seems to be under new management. For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/54Selected reading.NAPLISTENER: more bad dreams from developers of SIESTAGRAPH (Elastic Blog) Unit 42 Ransomware and Extortion Report Highlights: Multi-Extortion Tactics Continue to Rise (Palo Alto Network)Ransomware and extortion trends. (CyberWire)Cisco Cybersecurity Readiness Index (Cisco)A look at resilience: companies' ability to fight off cyberattacks. (CyberWire)Putin to staffers: throw out your iPhones over security (Register)Black Basta, Killnet, LockBit groups targeting healthcare in force (SC Media)After BreachForums arrest, new site administrator says the platform will live on (Record)  Learn more about your ad choices. Visit megaphone.fm/adchoices

Cl0p ransomware hits Hitachi Energy. The US Department of Justice investigates ByteDance in alleged surveillance of journalists. A Hacktivist auxiliary hits Indian healthcare records. Pirated software is used to carry malware. The Effects of cyberattack on Latitude persist. Adam Meyers from CrowdStrike shares findings from the 2023 CrowdStrike Global Threat Report. Rick Howard has the latest preview of CSO Perspectives. And Pompompurin is arrested for an alleged role in BreachForums.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/53Selected reading.Hitachi Energy confirms data breach after Clop GoAnywhere attacks (BleepingComputer)Hitachi Energy Group hit by cyber-attack, says network operations not compromised (cnbctv18.com) Justice Department Probes TikTok’s Tracking of U.S. Journalists (Wall Street Journal) The FBI And DOJ Are Investigating ByteDance’s Use Of TikTok To Spy On Journalists (Forbes)KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks (Azure Network Security Team)Pro-Russia hackers are increasingly targeting hospitals, researchers warns (Record) Russian hacktivist group targets India’s health ministry (CSO Online)Russian Hacktivist group Phoenix targets India’s Health Ministry Website (Threat Intelligence | CloudSEK) Ukraine warns that hacked software can be infected with Russian viruses (Kyiv Independent)Russian hackers spread infected software through torrents (SSSCIP)Australia's Latitude takes systems offline, Federal Police investigate cyberattack (Reuters)FBI targets notorious cybercrime market with teen’s arrest (Washington Post) Dark Web ‘BreachForums’ Operator Charged With Computer Crime (Bloomberg) Feds arrest alleged BreachForums owner linked to FBI hacks (The Verge) NY Man Charged as 'Pompompurin,' the Boss of BreachForums (KrebsOnSecurity) Breach Forums Admin 'Pompompurin' Arrested in New York (Cyber Kendra) Pompompurin Unmasked: Infamous BreachForums Mastermind Arrested in New York (The Hacker News) Learn more about your ad choices. Visit megaphone.fm/adchoices

Kathleen Smith, CMO from ClearedJobs.Net, sits down to share her story as she remembers having big shoes to fill in her childhood. She strived for greatness at an early age, as her parents told her she would be going to college and would follow strong guidelines to become successful. Kathleen can remember being into the hard sciences when she was in school, which sparked an interest in becoming a biochemist and law student. Eventually she found her passion as a translator, saying that "doing the translator role, I wanted to get into international marketing and I was going on to get my degree on that." She found her way to ClearedJobs.Net and fell in love with it. She had sought to find a workplace that wouldn't burn her out, where she can also be a part of the team. Kathleen found what she was passionate about and made it a reality for herself, and now she just wants young women starting in the field to know the importance of finding something they are passionate about. We thank Kathleen for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA, FBI, and the Multi-State Information Sharing and Analysis Center are releasing this joint advisory to share known LockBit 3.0 ransomware IOCs and TTPs identified through FBI investigations as recently as March 2023.AA23-075A Alert, Technical Details, and MitigationsStopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts.Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide.No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment.See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure.U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices