CyberWire Daily

Enjoy this CyberWire classic.They did the Mash...they did the Malware Mash... Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA releases cross-sector cybersecurity performance goals. Trojans are spreading through scanners. Cyber seed rounds are an exception to a general downtrend in venture investment. Whistleblowing and corporate culture. Storing enterprise secrets. Robert M. Lee from Dragos explains the TSA Pipeline Security Directive. Our guests are Jenny Brinkley from Amazon AWS and Lisa Plaggemier from the National Cybersecurity Alliance with a collaborative educational project. Cyberattacks seen as opportunistic and disconnected from strategy.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/207Selected reading.Cross-Sector Cybersecurity Performance Goals (CISA)CISA unveils voluntary cybersecurity performance goals (Federal News Network) Sending Trojans via Scanners (Avanan) DataTribe Insights - Q2 2022: Economic Storm Makes Landfall (DataTribe) Ukraine: Russian cyber attacks aimless and opportunistic (SearchSecurity) Learn more about your ad choices. Visit megaphone.fm/adchoices

Sudan closes its Internet as the country sees protests on the first anniversary of a coup. A Chinese influence campaign targets US elections. A software supply chain security study, and a look at vulnerability scanning tools. Documenting cyber war crimes in Ukraine. CISA issues eight ICS Advisories. Andrea Little Limbago from Interos on the effects of water scarcity on data centers. And if you’ll indulge us, we’ve got some pretty exciting CyberWire news.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/206Selected reading.Internet is shut down in Sudan on anniversary of military coup (The Record by Recorded Future)Pro-PRC DRAGONBRIDGE Influence Campaign Leverages New TTPs to Aggressively Target U.S. Interests, Including Midterm Elections (Mandiant)Rezilion Vulnerability Scanner Benchmark Report Finds Top Scanners Only 73% Accurate (PR Newswire) Four in Five Software Supply Chains Exposed to Cyberattack in the Last 12 Months (BlackBerry)Ukraine Documenting Russian Hacks, Eyeing International Charges (Bloomberg) CISA Releases Eight Industrial Control Systems Advisories (CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices

US Department of Justice unseals three indictments in PRC spying cases. CERT-UA warns of Cuba ransomware group phishing campaign. Varonis discovers two Windows vulnerabilities. Mr Security Answer Person John Pescatore on security through obscurity. Ben Yelin on the DOJ’s spying cases against China. CISA expands its Known Exploited Vulnerabilities Catalog with six new entries.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/205Selected reading.Two Arrested and 13 Charged in Three Separate Cases for Alleged Participation in Malign Schemes in the United States on Behalf of the Government of the People’s Republic of China (US Department of Justice)U.S. Justice Department Fires Warning Shot at Chinese Spies (Foreign Policy)Chinese spies charged with trying to thwart Huawei investigation (Quartz)DOJ Charges 13 Over Chinese Interference In US Affairs (Law360) U.S. Says Chinese Tried to Obstruct Huawei Prosecution (Wall Street Journal)U.S. charges Chinese nationals with schemes to steal info, punish critics and recruit spies (CBS News)Cuba ransomware affiliate targets Ukrainian govt agencies (BleepingComputer)Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries (BlackBerry)The Logging Dead: Two Event Log Vulnerabilities Haunting Windows (Varonis) CISA Adds Six Known Exploited Vulnerabilities to Catalog (CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices

Breaking: US unseals three cases against Chinese intelligence officers. CISA says Daixin Team ransomware is an active threat. The FBI warns of Iranian threat group's activity. Meanwhile the Iranian nuclear agency says its email was hacked. Norway is concerned about threats to oil and gas infrastructure. A drop in ransomware correlates with Russia's hybrid war. Ann Johnson from Afternoon Cyber Tea speaks with AJ Yawn from ByteChek about breaking into the cybersecurity industry. Josh Ray from Accenture describes threats to the satellite industry. And cyber offense may be proving harder than thought.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/204Selected reading.CISA Alert AA22-294A – #StopRansomware: Daixin Team. (CyberWire)#StopRansomware: Daixin Team (CISA)CISA Warns of Daixin Team Hackers Targeting Health Organizations With Ransomware (The Hacker News)Iranian Cyber Group Emennet Pasargad Conducting Hack-and-Leak Operations Using False-Flag Personas (FBI)FBI warns Iranian hackers active ahead of the U.S. midterms (NBC News)FBI Warns of Attacks From Iranian Threat Group Emennet Pasargad (Decipher)Iran Hackers Behind Attempt on US Election Are Still Active (Gov Info Security)FBI warns of ‘hack-and-leak’ operations from group based in Iran (The Record by Recorded Future)Iran's Atomic Energy Agency Says Its E-Mail Server Was Hacked (RadioFreeEurope/RadioLiberty)Iran says ‘specific foreign country’ behind hacktivist leak of atomic energy emails (The Record by Recorded Future)Iran’s Top Nuclear Agency Says Its Email Servers Were Hacked (Bloomberg) Ukraine Could Still Face Cyberattacks, Experts Say (CNET)Fears over Russian threat to Norway's energy infrastructure (AP NEWS)Norway PM: Russia poses ‘real and serious’ cyber threat to oil and gas industry (The Record by Recorded Future) Ukraine war cuts ransomware as Kremlin co-opts hackers (The Telegraph) Q&A: Kenneth Geers on the cyber war between Ukraine and Russia (The Record by Recorded Future) Learn more about your ad choices. Visit megaphone.fm/adchoices

FBI, CISA, and Department of Health and Human Services are releasing this joint advisory to provide information on the Daixin Team, a cybercrime group that is actively targeting U.S. businesses, predominantly in the Healthcare and Public Health Sector.AA22-294A Alert, Technical Details, and MitigationsStopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts.Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide.Ongoing Threat Alerts and Sector alerts are produced by the Health Sector Cybersecurity Coordination Center (HC3) and can be found at hhs.gov/HC3For additional best practices for Healthcare cybersecurity issues see the HHS 405(d) Aligning Health Care Industry Security Approaches at 405d.hhs.gov CISA offers several no-cost scanning and testing services to help organizations reduce their exposure to threats by taking a proactive approach to mitigating attack vectors. See www.cisa.gov/cyber-hygiene-servicesU.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices

Megan Doherty, a Technical Specialist from Microsoft Canada sits down to share her story of overcoming barriers in the workforce to get to where she is today in her career. Megan started out being a mechanical engineer before making the switch to do something with more creativity and problem solving. She shares about her passion of working with a group Microsoft created called "DigiGirlz." As well as just being able to work with her team who she says helps her face the world of adversity in her career. Megan said "There's so many barriers, just even mentally that we put on ourselves when it comes to looking for a career change or even thinking of cybersecurity as your next career path." She hopes that she leaves a legacy of kindness and compassion behind especially in the industry she is works in. We thank Megan for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Dick O'Brien from Symantec's Threat Hunter team sits down with Dave to discuss their work on "Witchetty - Group Uses Updated Toolset in Attacks on Governments in Middle East." Their research has found that the group known as Witchetty aka LookingFrog, has been progressively updating its toolset, including the new tool, backdoor Trojan (Backdoor.Stegmap) to launch malware attacks on targets in the Middle East and Africa.The research states "The attackers exploited the ProxyShell and ProxyLogon vulnerabilities to install web shells on public-facing servers before stealing credentials, moving laterally across networks, and installing malware on other computers. The researchers describe more on the new tool being used and why this new group is a threat.The research can be found here:Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East Learn more about your ad choices. Visit megaphone.fm/adchoices

Blackbyte's new exfiltration tool. Hijacking student accounts for BEC. Zhora calls Russia's cyber campaigns a failure. Caleb Barlow explores new thinking for incident response. Our guest is Jon Hencinski of Expel, tracking the latest threat trends. OldGremlin ransomware is an outlier.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/203Selected reading.Exbyte: BlackByte Ransomware Attackers Deploy New Exfiltration Tool (Symantec)Hijacking Student Accounts to Launch BEC-Style Attacks (Avanan)This sneaky kind of cybercrime rules them all (Washington Post)Russia Failing to Reach Cyber War Goals, Ukrainian Official Says (Meritalk) EU supports cybersecurity in Ukraine with over €10 million - EU NEIGHBOURS east (EU NEIGHBOURS east) Gremlins’ prey, secrets, and dirty tricks: the ransomware gang OldGremlin set new records (Group-IB) OldGremlin hackers use Linux ransomware to attack Russian orgs (BleepingComputer)OldGremlin, which targets Russia, debuts new Linux ransomware (Computing) It is one of the few ransomware groups in the world that prefer to target Russian organisations, but this may change experts adviseMore Russian Organizations Feeling Ransomware Pain (Bank Info Security) Learn more about your ad choices. Visit megaphone.fm/adchoices

DDoS as misdirection. NSA shares lessons learned from cyber operations observed in Russia's war against Ukraine. Advice from CISA on Zimbra.. A misconfigured Microsoft storage endpoint has been secured. Notes from a study on the Cybersecurity Workforce . The cost to businesses of phishing. Betsy Carmelite from Booz Allen Hamilton on managing mental health in the cyber workforce. Our guest is Ismael Valenzuela of Blackberry with insights on "The Cyber Insurance Gap". And updates to the ransomware leaderboard.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/202Selected reading.Bulgarian cyberattack: Sabotage as a cover for spying? (Deutsche Welle)Bulgarian websites impacted by Killnet DDoS attack (SC Media) Lessons From Ukraine: NSA Cyber Chief Lauds Industry Intel (Meritalk)NSA Cybersecurity Director's Six Takeaways From the War in Ukraine (Infosecurity Magazine) NSA cyber chief says Ukraine war is compelling more intelligence sharing with industry (CyberScoop) Investigation Regarding Misconfigured Microsoft Storage Location (Microsoft Security Response Center)2019 Cybersecurity Workforce Study ((ISC)²) The Business Cost of Phishing (Ironscales)Leading Ransomware Variants Q3 2022 (Intel471) Learn more about your ad choices. Visit megaphone.fm/adchoices