CyberWire Daily

SHOW NOTESThis interview from October 28th, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down with Nick Schneider of Arctic Wolf to discuss why he believes 2023 will see a resurgence of ransomware and why the decline of crypto will not deter future ransomware actors. Learn more about your ad choices. Visit megaphone.fm/adchoices

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds.On this episode, Dave and Rick are joined by guest contributor Amanda Fennell. You can find Amanda on Twitter at @Chi_from_afar.Links to this episode's clips if you'd like to watch along: Dave's clip from the movie Zombieland Rick's clip from the movie Traveller Amanda's clip from the movie The Girl with the Dragon Tattoo Learn more about your ad choices. Visit megaphone.fm/adchoices

This interview from September 16th, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down with Diana Kelley, CSO & Co-founder of Cybrize to discuss the need for innovation and entrepreneurship in cybersecurity. Learn more about your ad choices. Visit megaphone.fm/adchoices

This interview from September 30th, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down with MK Palmore from Google Cloud to talk about why collective cybersecurity ultimately depends on having a diverse, skilled workforce. Learn more about your ad choices. Visit megaphone.fm/adchoices

Spearphishing against Japanese political entities. Trojanized Windows 10 installers target Ukraine. XLL files abused to deliver malware. Learn more about your ad choices. Visit megaphone.fm/adchoices

Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game! Check out our video for the full effect!The 12 Days of Malware lyricsOn the first day of Christmas, my malware gave to me:A keylogger logging my keys.On the second day of Christmas, my malware gave to me:2 Trojan Apps...And a keylogger logging my keys.On the third day of Christmas, my malware gave to me:3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the fourth day of Christmas, my malware gave to me:4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the fifth day of Christmas, my malware gave to me:5 Zero Days!4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the sixth day of Christmas, my malware gave to me:6 Passwords spraying...5 Zero Days!4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the seventh day of Christmas, my malware gave to me:7 Scripts a scraping...6 Passwords spraying...5 Zero Days!4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the eighth day of Christmas, my malware gave to me:8 Worms a wiping...7 Scripts a scraping...6 Passwords spraying...5 Zero Days!4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the ninth day of Christmas, my malware gave to me:9 Rootkits rooting...8 Worms a wiping...7 Scripts a scraping...6 Passwords spraying...5 Zero Days!4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the tenth day of Christmas, my malware gave to me:10 Darknet markets...9 Rootkits rooting...8 Worms a wiping...7 Scripts a scraping...6 Passwords spraying...5 Zero Days! (Bah-dum-dum-dum!)4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the eleventh day of Christmas, my malware gave to me:11 Phishers phishing...10 Darknet markets...9 Rootkits rooting...8 Worms a wiping...7 Scripts a scraping...6 Passwords spraying...5 Zero Days! (Bah-dum-dum-dum!)4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the twelfth day of Christmas, my malware gave to me:12 Hackers hacking...11 Phishers phishing...10 Darknet markets...9 Rootkits rooting...8 Worms a wiping...7 Scripts a scraping...6 Passwords spraying...5 Zero Days!4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys. Learn more about your ad choices. Visit megaphone.fm/adchoices

Dr. May Wang, CTO of IoT Security at Palo Alto Networks, joins Dave Bittner to discuss their findings detailed in Unit 42's "Know Your Infusion Pump Vulnerabilities and Secure Your Healthcare Organization" research. Unit 42 recently set out to better understand how well hospitals and other healthcare providers are doing in securing smart infusion pumps, which are network-connected devices that deliver medications and fluids to patients. This topic is of critical concern because security lapses in these devices have the potential to put lives at risk or expose sensitive patient data.Unit 42's discovery of security gaps in three out of four infusion pumps that they reviewed highlights the need for the healthcare industry to redouble efforts to protect against known vulnerabilities, while diligently following best practices for infusion pumps and hospital networks. May walks us through Unit 42's work.The research can be found here:Know Your Infusion Pump Vulnerabilities and Secure Your Healthcare Organization Learn more about your ad choices. Visit megaphone.fm/adchoices

The Vice Society may be upping its marketing game. Royal ransomware may have a connection to Conti. Royal delivers ransom note by hacked printer. KillNet goes after healthcare. CISA's Stakeholder Engagement Strategic Plan. Adam Meyers from CrowdStrike looks at cyber espionage. Giulia Porter from RoboKiller does not want to talk to you about your car’s extended warranty. And holiday wishes to all.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/245Selected reading.Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development (SentinelOne)Vice Society ransomware gang switches to new custom encryptor (BleepingComputer) Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks (Trend Micro)Researchers Link Royal Ransomware to Conti Group (SecurityWeek)Major Australian university dealing with suspected cybersecurity attack (7NEWS) Printers at Queensland's second-largest university spit out ransomware messages after cyber attack (ABC) Pro-Russian Hacktivist Group ‘KillNet’ Threat to HPH Sector (HC3)HHS alert warns KillNet hacktivist group targeted US healthcare entity (SC Media) HC3 Analyst Note TLP Clear Pro-Russian Hacktivist Group Killnet Threat to HPH Sector December 22, 2022 | AHA (American Hospital Association) Strategic Plan for Stakeholder Engagement (CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI warns of malicious advertising. A new gang makes an unwelcome appearance in the holiday season. Ukraine will receive more Starlink terminals after all. Cyber phases of the hybrid war: a view from Kyiv–the bears and their adjuncts are opportunistic agents of chaos. Caleb Barlow thinks boards of directors need to up their cyber security game. Our guest is AJ Nash from ZeroFox with a look at legislative restrictions on TikTok. And reports say that US National Cyber Director Chris Inglis is preparing to retire. We wish him the best of luck.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/244Selected reading.Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users (FBI)A sophisticated fraud ring is waging war on commerce, using rapidly changing tactics (Signifyd)Ukraine to Get Thousands More Starlink Antennas, Minister Says (Bloomberg)Ukraine’s Cyber Units Aim to Retain Staff, Keep Services Stable as War Enters Year Two (Wall Street Journal)Top Biden cybersecurity adviser to step down (CNN)Chris Inglis to resign as national cyber director (CyberScoop).First-ever national cyber director Chris Inglis set to retire in coming months: sources (Axios).White House cyber adviser to resign  (The Hill)Chris Inglis, Biden's top cyber adviser, plans to leave government in coming months (POLITICO).White House Cyber Director Chris Inglis to Step Down (Bank Info Security) Learn more about your ad choices. Visit megaphone.fm/adchoices

The Godfather banking Trojan has deep roots in older code. FuboTV was disrupted around its World Cup coverage. The Guardian has been hit with an apparent ransomware attack. A threat actor abuses AWS Elastic IP transfer. Moldova may be receiving more Russian attention in cyberspace. CISA releases six industrial control system advisories. Ben Yelin looks at legislation addressing health care security. Our guest is Hugh Njemanze of Anomali with advice on preparing for the holiday break. And criminals are impersonating other criminals' underworld souks.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/243Selected reading.Godfather: A banking Trojan that is impossible to refuse (Group-IB)FuboTV outage during World Cup semifinal was caused by cyberattack (Record)Guardian hit by serious IT incident believed to be ransomware attack (the Guardian) Elastic IP Hijacking — A New Attack Vector in AWS (Mitiga)Telegram Hack Exposes Growing Russian Cyber Threat in Moldova (Balkan Insight)Fuji Electric Tellus Lite V-Simulator (CISA)Rockwell Automation GuardLogix and ControlLogix controllers (CISA)ARC Informatique PcVue (CISA)Rockwell Automation MicroLogix 1100 and 1400 (CISA)Delta 4G Router DX-3021 (CISA)Prosys OPC UA Simulation Server (CISA)The scammers who scam scammers on cybercrime forums: Part 3 (Sophos News) Learn more about your ad choices. Visit megaphone.fm/adchoices