CyberWire Daily

CyberWire Daily podcast host Dave Bittner is joined by CyberWire editor John Petrik for an extended discussion about the Russian invasion of Ukraine and its effect on cybersecurity at the one year anniversary. John and his team have covered the Ukrainian conflict with daily news stories since the invasion began, and in fact, had quite a lot of coverage prior to the invasion. They take stock of where things stand, what has happened, and what we expected versus reality. Learn more about your ad choices. Visit megaphone.fm/adchoices

The White House releases its US National Cybersecurity Strategy. Red-teaming critical infrastructure. Redis cryptojacker discovered. Russia bans several messaging apps. Our guest is Kapil Raina from CrowdStrike with the latest on Threat Hunting. Dinah Davis from Arctic Wolf on the top healthcare industry cyber attacks. And hacktivist auxiliaries continue their nuisance-level activities.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/41Selected reading.National Cybersecurity Strategy (The White House)FACT SHEET: Biden-Harris Administration Announces National Cybersecurity Strategy (The White House)Biden administration releases new cybersecurity strategy (AP NEWS)White House pushes for mandatory regulations, more offensive cyber action under National Cyber Strategy (The Record from Recorded Future News)Here's why Biden's new cyber strategy is notable (Washington Post)How the U.S. National Cyber Strategy Reaches Beyond Government Agencies (Wall Street Journal)Biden National Cyber Strategy Seeks to Hold Software Firms Liable for Insecurity (Wall Street Journal)CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks (Cybersecurity and Infrastructure Security Agency CISA)CISA red-teamed a 'large critical infrastructure organization' and didn't get caught (The Record from Recorded Future News) Redis Miner Leverages Command Line File Hosting Service (Cado Security | Cloud Investigation)Russia bans foreign messaging apps (Computing)U.S. Consulate hacked by "Putin supporters" (Newsweek) Learn more about your ad choices. Visit megaphone.fm/adchoices

The LastPass data breach built on an earlier attack. Forensic visibility and the Google Cloud Platform. An overview of hacktivist auxiliaries in Russia's war against Ukraine. Dish acknowledges sustaining a cyberattack. MKS Instruments discloses a ransomware incident. Carole Theriault has a lesson about ChatGPT and school systems. Ann Johnson from Afternoon Cyber Tea speaks with Stacy Hughes from Voya Financial about her journey to being CISO. And Bitdefender releases a decryptor for MortalKombat ransomware.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/40Selected reading.LastPass sustains a second data breach. (CyberWire)Incident 2 – Additional details of the attack (LastPass Support) LastPass Says DevOps Engineer Home Computer Hacked (SecurityWeek) LastPass: Keylogger on home PC led to cracked corporate password vault (Naked Security) LastPass data was stolen by hacking an employee’s home computer (The Verge) LastPass says employee’s home computer was hacked and corporate vault taken (Ars Technica) LastPass is in Big Trouble (Gizmodo) LastPass: DevOps engineer hacked to steal password vault data in 2022 breach (BleepingComputer) The LastPass security breach is still going from bad to worse (Cybersecurity Connect) Mitiga on forensic visibility and the Google Cloud Platform. (CyberWire)Mitiga Security Advisory: Insufficient Forensic Visibility in GCP Storage (Mitiga) Google Cloud Platform Exfiltration: A Threat Hunting Guide (Mitiga)The Cyber Warfare Report (GroupSense) Dish Network confirms ransomware attack behind multi-day outage (BleepingComputer)DISH tells SEC that ransomware attack caused outages; personal info may have been stolen (The Record from Recorded Future News)Ransomware attack on chip supplier causes delays for semiconductor groups (Financial Times)Bitdefender Releases Decryptor for MortalKombat Ransomware (Bitdefender Labs) Victims of MortalKombat ransomware can now decrypt their locked files for free (The Record from Recorded Future News) Learn more about your ad choices. Visit megaphone.fm/adchoices

The US Marshals Service sustains a data breach. Blind Eagle is a phish hawk. Dish continues to work toward recovery. OneNote attachments are used to distribute Qakbot. Ben Yelin has analysis on the Supreme Court’s hearing on a section 230 case. Mr Security Answer Person John Pescatore has thoughts on Chat GPT. And CISA Director Easterly urges vendors to make software secure-by-design.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/39Selected reading.U.S. Marshals Service investigating ransomware attack, data theft (BleepingComputer)US Marshals says prisoners’ personal information taken in data breach (TechCrunch)Blind Eagle Deploys Fake UUE Files and Fsociety to Target Colombia's Judiciary, Financial, Public, and Law Enforcement Entities (BlackBerry)Dish hit by multiday outage after reported cyberattack (TechCrunch)DISH says ‘system issue’ affecting internal servers, phone systems (The Record from Recorded Future News) Take Note: Armorblox Stops OneNote Malware Campaign (Armorblox) Ukraine & Intelligence: One Year on – with Shane Harris (SpyCast)U.S. cyber official praises Apple security and suggests Microsoft, Twitter need to step it up (CNBC)U.S. cyber chief warns tech companies to curb unsafe practices (CBS News)Tech manufacturers are leaving the door open for Chinese hacking, Easterly warns (The Record from Recorded Future News)CISA Director Calls Out Industry Using Consumers as Cyber 'Crash Test Dummies' (Nextgov.com)The Designed-in Dangers of Technology and What We Can Do About It (Cybersecurity and Infrastructure Security Agency) Learn more about your ad choices. Visit megaphone.fm/adchoices

Social engineering with generative AI. Mylobot and BHProxies. PureCrypter is deployed against government organizations and staged through Discord. Dish Network reports disruption. Third-party app and software as a service risk. Further assessments of the cyber phase of Russia's war so far, with warnings to stay alert. Are tough times coming in gangland? Comments on NIST's revisions to its Cybersecurity Framework are due this Friday. AJ Nash from ZeroFox on Mis/Dis/and Malinformation. Rick Howard digs into Zero Trust. And get this—AI is writing science fiction!For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/38Selected reading.Social engineering with generative AI. (CyberWire)Who’s Behind the Botnet-Based Service BHProxies? (KrebsOnSecurity)Mylobot: Investigating a proxy botnet (Bitsight)PureCrypter targets government entities through Discord (Menlo Security)PureCrypter malware hits govt orgs with ransomware, info-stealers (BleepingComputer)Uncovering the Risks & Realities of Third-Party Connected Apps: ‍2023 SaaS-to-SaaS Access Report (Adaptive Shield)Ukraine war anniversary likely to bring ‘disruptive’ cyberattacks on West, agencies warn (Global News)How the Ukraine War Has Changed Russia’s Cyberstrategy  (Foreign Policy) A year of wiper attacks in Ukraine (WeLiveSecurity)Russia's yearlong cyber focus on Ukraine (Axios)A year after Russia's invasion, cyberdefenses have improved around the world (Washington Post)One year on, how is the war playing out in cyberspace? (WeLiveSecurity) The Russia-Ukraine cyber war: one year later (IT World Canada) Russia launched large-scale operations in cyberspace alongside war (euronews)WSJ News Exclusive | Hackers Extort Less Money, Are Laid Off as New Tactics Thwart More Ransomware Attacks (Wall Street Journal)AI-generated fiction is flooding literary magazines — but not fooling anyone (The Verge) Learn more about your ad choices. Visit megaphone.fm/adchoices

Mike Fey, CEO and co-founder of Island.io, joins to share his story, falling in love with technology and being fascinated by it at a young age. Mike quickly started working for companies where he grew in his role, becoming CTO of McAfee and then GM of the Enterprise business, stepping out to then become president and COO of Blue Coat, which was eventually acquired by Symantec, eventually wanting to get into his own business. He shares that being a small business owner is a lot of hard work and very tiring at times, he says "especially in a startup, the highs are very high and the lows are very low." Mike also mentions how easy it is to get knocked down when being in charge of your own business, but that teamwork is what helps to bring him back up. Mike says he wants to eventually help change the world and hopefully his legacy will help him to do that some day. We thank Mike for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Andy Patel from WithSecure Labs joins with Dave to discuss their study that demonstrates how GPT-3 can be misused through malicious and creative prompt engineering. The research looks at how this technology, GPT-3 and GPT-3.5, can be used to trick users into scams.GPT-3 is a user-friendly tool that employs autoregressive language to generate versatile natural language text using a small amount of input that could inevitably interest cybercriminals. The research is looking for possible malpractice from this tool, such as phishing content, social opposition, social validation, style transfer, opinion transfer, prompt creation, and fake news.The research can be found here:Creatively malicious prompt engineering Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA advises increased vigilance on the first anniversary of Russia's war. CERT-UA reports current Russian cyberattacks were prepared in December 2021. How the war has changed the cyber underworld. Air raid alerts sound in nine Russian cities; Russia blames hacking. Our space correspondent Maria Varmazis speaks with Zhanna Malekos Smith at the Center for Strategic & International Studies about a new security agreement between Japan and the US. Kathleen Smith of ClearedJobs.Net clears misperceptions about the cleared space. And Dole continues recovery from ransomware. For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/37Selected reading.CISA Urges Increased Vigilance One Year After Russia's Invasion of Ukraine (Cybersecurity and Infrastructure Security Agency | CISA)Ukraine says Russian hackers backdoored govt websites in 2021 (BleepingComputer)Ukraine suffered more data-wiping malware than anywhere, ever (Ars Technica) The First Crypto War? Assessing the Illicit Blockchain Ecosystem One Year Into Russia's Invasion of Ukraine (TRM Insights)Ransomware Gang Conti Has Re-Surfaced and Now Operates as Three Groups: TRM Labs (CoinDesk).Ukraine suffered more data-wiping malware than anywhere, ever (Ars Technica) Russia-Ukraine War: 3 Cyber Threat Effects, 1 Year In (ReliaQuest) Russian cybercrime alliances upended by Ukraine invasion (Register) Study: Old pacts ditched the moment Moscow moved inHow the Russia-Ukraine war has changed cyberspace (The Hill) Authorities blame hackers after air raid sirens sound over radio in multiple Russian cities (Meduza)Russia blames 'hackers' for fake missile strike alerts (Register)Fruit giant Dole suffers ransomware attack impacting operations (BleepingComputer)Food giant Dole hit by ransomware (Computing) CISA Releases Three Industrial Control Systems Advisories (CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyberattacks in Russia's war so far, and their future prospects. The Lazarus Group may be employing a new backdoor. Clasiopa targets materials research organizations. Ransomware interferes with food production. Evernote is used in a BEC campaign to bypass security filters. Identity-based cyberattacks. Pirated versions of Final Cut Pro deliver cryptominers. Caleb Barlow has thoughts on Twitter, Mudge, and lessons learned. Marc Van Zadelhoff from Cyber CEOs Decoded podcast speaks with Amanda Renteria, CEO of Code for America, about attracting diverse talent. And what have the scalperbots been up to, lately.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/36Selected reading.A year into Ukraine, looking back at 5 prewar predictions (Breaking Defense)Dutch intelligence: Many cyberattacks by Russia are not yet public knowledge (The Record from Recorded Future News)WinorDLL64: A backdoor from the vast Lazarus arsenal? (WeLiveSecurity)Clasiopa: New Group Targets Materials Research (Symantec)Cyberattack on food giant Dole temporarily shuts down North America production, company memo says (CNN Business)Business Email Compromise Scam Leads to Credential Harvesting Evernote Page (Avanan)The 2023 State of Identity Security Report (Oort)Beware of macOS cryptojacking malware. (Jamf Threat Labs) Quarterly Index: Top 5 Scalper Bot Targets of Q4 2022 (Netacea) Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA adds three entries to its Known Exploited Vulnerabilities Catalog. "Hydrochasma" is a new cyberespionage threat actor. IBM claims the biggest effect of cyberattacks in 2022 was extortion. Social network hijacking in the C2C market. A credential theft campaign against data centers. LockBit claims an attack on a water utility in Portugal. Tim Starks from the Washington Post describes calls to focus on harmonizing cyber regulations. Our guest is Luke Vander Linden, host of the RH-ISAC Podcast. Disrupting Mr. Putin's speech, online, and what the hybrid war suggests about the future of cyber auxiliaries.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/35Selected reading.CISA Adds Three Known Exploited Vulnerabilities to Catalog (CISA)Hydrochasma: Previously Unknown Group Targets Medical and Shipping Organizations in Asia (Symantec)IBM Security X-Force Threat Intelligence Index 2023 (IBM)S1deload Stealer – Exploring the Economics of Social Network Account Hijacking (Bitdefender Labs) Cyber Attacks on Data Center Organizations (Resecurity)Hackers Scored Data Center Logins for Some of the World's Biggest Companies (Bloomberg)LockBit gang takes credit for attack on water utility in Portugal (The Record from Recorded Future News) Ukraine Suffered More Data-Wiping Malware Last Year Than Anywhere, Ever (WIRED) Ukrainian hackers claim disruption of Russian TV websites during Putin speech (The Record from Recorded Future News) Ukraine's volunteer cyber army could be model for other nations: experts (Newsweek) Ukraine's largest charity wants to raise $1.3 million for ‘cyber offensive’ (The Record from Recorded Future News) Learn more about your ad choices. Visit megaphone.fm/adchoices