CyberWire Daily

Historically, the U.S. government has relied almost solely on its own intelligence analysis to inform strategic decisions. This has been especially true surrounding geopolitical events and nation-level cybersecurity situations.However, the explosion of assets being connected to the internet, along with the fact that most critical infrastructure is owned by private sector organizations, means that commercially developed cyber threat intelligence is being generated at a faster pace than ever before.In the Russia/Ukraine conflict, we saw how commercially generated satellite intelligence played a critical role in alerting the public and ensuring our allies were ready for an invasion. At LookingGlass, we believe commercial threat intelligence can provide similar anticipatory insight – and that it can be shared more easily and quickly than intelligence generated solely by the U.S. government.Ultimately, the public and private sectors need to work together to protect the interests of the American people. Currently, both private industry and academia are targeted by foreign adversaries, just as are government agencies. This means that commercial entities also have access to adversary tactics, techniques, and procedures (TTPs) and indicators of compromise, and they have that access from a different perspective, which is valuable intelligence for the government.On this episode of CyberWire-X, host Rick Howard, the CyberWire’s CISO, Chief Analyst and Senior Fellow, speaks with Hash Table member Wayne Moore, CISO at Simply Business, and host Dave Bittner speaks with Bryan Ware, CEO at episode sponsor LookingGlass Cyber Solutions. They’ll discuss why the U.S. government needs commercial cyber threat intelligence now more than ever before and how both the public and private sectors will benefit from closer, trusted cyber partnerships.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Jameeka Aaron, Chief Information Security Officer at Auth0, a product unit of Okta, sits down to share her story following two different paths that led her to where she is today. Jameeka has 20 years of IT and cybersecurity experience and has mitigated security risks at Nike, the U.S. Navy, and now Auth0. She joined the Navy not knowing what she wanted to do after high school and ended up becoming a Radioman, which is now titled IT. She shares her experiences of challenges she faced being the youngest, and the only woman, and the only woman of color in her group. She followed two different paths, getting an education as well as being in the Navy, and started her career at Lockheed Martin Mission Systems in San Diego. She eventually found her way to Auth0 in 2018. She says "I realized cybersecurity folks can do anything, everywhere. We're everywhere, we're in every industry and so I started to kind of say, I wanna work on programs that are fun for me." We thank Jameeka for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

AJ Nash from ZeroFox sits down with Dave to discuss Cybersecurity threats including social engineering attacks planned surrounding the Qatar 2022 World Cup. The research shares some of the key threats we might see while the World Cup is happening this year.Researchers say "During the World Cup, there will likely be threat actors aiming to acquire personal information or monetary value through phishing and scams." In the research we can find how the venue host is preparing for these claims of attacks.The research can be found here:Qatar 2022 World Cup Event Assessment Learn more about your ad choices. Visit megaphone.fm/adchoices

Cobalt Mirage deploys Drokbk malware. Zombinder in the C2C market. Impersonation scams: that's not Ukraine’s Ministry of Digital Transformation. On the cyber front, nothing new. CISA releases three new ICS advisories. Caleb Barlow on attack surface management. Mike Hamilton from Critical Insight explains how state and local governments apply for the $1 billion allocated by the feds for cybersecurity funding. And criminals prey on other criminals.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/235Selected reading.Drokbk Malware Uses GitHub as Dead Drop Resolver (Secureworks)Zombinder: new obfuscation service used by Ermac, now distributed next to desktop stealers (ThreatFabric)Crypto Winter: Fraudsters Impersonate Ukraine’s Government to Steal NFTs and Cryptocurrency (DomainTools)Danish defence ministry says its websites hit by cyberattack (Reuters)Kela website hit by DoS attack (Yle)Advantech iView (CISA) AVEVA InTouch Access Anywhere (CISA)Rockwell Automation Logix controllers (CISA) The scammers who scam scammers on cybercrime forums: Part 1 (Sophos News) Cyber-criminals Scammed Each Other Out of Millions in 2022 (Infosecurity Magazine) Learn more about your ad choices. Visit megaphone.fm/adchoices

The IT Army of Ukraine claims responsibility for DDoS against a Russian bank. North Korea exploits an Internet Explorer vulnerability. A new variant of Babuk ransomware has been reported. Blind spots in air-gapped networks. Rob Boyce from Accenture has insights on the most recent ransomware trends. Our guest is Nathan Howe from Zscaler with the latest on Zero Trust. And the hacking of cats and dogs.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/234Selected reading.IT Army of Ukraine Hit Russian Banking Giant with Crippling DDoS Attack (HackRead) Internet Explorer 0-day exploited by North Korean actor APT37 (Google)Morphisec Discovers Brand New Babuk Ransomware Variant in Major Attack (PRWeb)Bypassing air-gapped networks via DNS (Pentera) What to Know About an Unlikely Vector for Cyber Threats: Household Pets (Insurance Journal) Learn more about your ad choices. Visit megaphone.fm/adchoices

Rackspace reacts to ransomware. Third-party incidents in New Zealand and the Netherlands. Russian intelligence goes phishing. Mustang Panda uses Russia's war as phishbait. A Malicious package is found in PyPi. Kevin Magee from Microsoft Canada shares thoughts on cybersecurity startups in an economic downturn. Our guest is IDology's Christina Luttrell to discuss how consumers feel about digital identity, fraud, security and data privacy. And a French-speaking investment scam.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/233Selected reading.Rackspace Technology Hosted Exchange Environment Update (Rackspace Technology) Multiple government departments in New Zealand affected by ransomware attack on IT provider (The Record by Recorded Future) Antwerp's city services down after hackers attack digital partner (BleepingComputer) Russian hacking group spoofed Microsoft login page of US military supplier: report (The Record by Recorded Future)Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets (BlackBerry) Inside the Face-Off Between Russia and a Small Internet Access Firm (New York Times) Apiiro’s AI engine detected a software supply chain attack in PyPI (Apiiro | Cloud-Native Application Security) Anatomizing CryptosLabs: a scam syndicate targeting French-speaking Europe for years (Group-IB) Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI and CISA are releasing this alert to disseminate known Cuba Ransomware Group indicators of compromise and TTPs identified through FBI investigations.FBI and CISA would like to thank BlackBerry, ESET, The National Cyber-Forensics and Training Alliance (NCFTA), and Palo Alto Networks for their contributions to this CSA.AA22-335A Alert, Technical Details, and MitigationsFor a downloadable copy of IOCs, see AA22-335A.stixStopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts.Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide.No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment.U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices

A Chinese cyberespionage campaign is believed to be active in the Middle East. Poor quality control turns ransomware into a wiper, and a typo crashes a cryptojacker. A large DDoS attack is reported to have hit a Russian state-owned bank. Privateers compromise Western infrastructure to stage cyberattacks. Cyber operations against national morale. A look at the Vice Society. Ben Yelin on the growing concerns over TicTok. Ann Johnson from Afternoon Cyber Tea speaks with Charles Blauner about the evolution of the CISO role. And CISA has added an entry to its Known Exploited Vulnerabilities Catalog.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/232Selected reading.BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign (Bitdefender Labs) The Story of a Ransomware Turning into an Accidental Wiper | FortiGuard Labs (Fortinet Blog) Syntax errors are the doom of us all, including botnet authors (Ars Technica) Russia's No. 2 bank VTB suffers largest DDoS in history (Computing) Russia compromises major UK and US organisations to attack Ukraine (Lupovis) Russia’s online attacks target Ukrainians’ feelings (POLITICO) Vice Society: Profiling a Persistent Threat to the Education Sector (Unit 42)CISA Adds One Known Exploited Vulnerability to Catalog (CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices

Wiper malware hits Russian targets. Microsoft sees an intensification of Russian cyber operations against Ukraine. State policy, privateering, or an APT side-hustle? The US Cyber Safety Review Board will investigate the Lapsu$ Group. Rackspace works to remediate a security incident. The Schoolyard Bully Trojan harvests credentials. Grayson Milbourne of OpenText Security Solutions on attacks on common open source dev libraries. Rick Howard looks at CISO career paths. And trends in ransomware: cybercrime succeeds when the gang runs like a business.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/231Selected reading.CryWiper: fake ransomware (Kaspersky).CryWiper data wiper targets Russian courts and mayors' offices (Computing)Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices (Ars Technica)Russian regions attacked by new wiper posing as ransomware (Cybernews)Preparing for a Russian cyber offensive against Ukraine this winter (Microsoft On the Issues)Russia coordinating Ukraine hacks with missiles, could increasingly target European allies, Microsoft warns (POLITICO)Russia Is Boosting Its Cyber Attacks on Ukraine, Allies, Microsoft Says (Bloomberg.com) Hackers linked to Chinese government stole millions in Covid benefits (NBC News)Cyber Safety Review Board to Conduct Second Review on Lapsus$ (US Department of Homeland Security)Rackspace: Ongoing Exchange outage caused by security incident (BleepingComputer) Schoolyard Bully Trojan Facebook Credential Stealer (Zimperium)The Professionalization of Ransomware: How Gangs Are Becoming Like Businesses (LookingGlass Cyber Solutions Inc.) Learn more about your ad choices. Visit megaphone.fm/adchoices

Rohit Dhamankar from Fortra’s Alert Logic sits down with Dave Bittner to share his experiences as he navigates the industry. Rohit has over 15 years of security industry experience across product strategy, threat research, product management and development, and customer solutions. Before Alert Logic he served in Product roles for Live Oak Venture Capital at Infocyte and Razberi Technologies. He has previously worked in senior roles in several start-up companies in security analytics, intrusion detection/prevention, end-point protection, and security risk and compliance, including VP, Click Labs Solutions at Click Security, acquired by AlertLogic, and he was a Co-Founder of Jumpshot, acquired by Avast. Rohit shares the advise of never closing a door too prematurely, because you never know what could be behind the door waiting for you. We thank Rohit for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices