CyberWire Daily

Tracking apparent Chinese industrial cyberespionage. Tornado Cash sanctions. Twilio discloses a breach. Social engineering exposes data at Klaviyo. Microsoft’s Ann Johnson previews the latest season of Afternoon Cyber Tea. Joe Carrigan tracks the growth in cryptojacking. And what might the Mounties be monitoring?For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/152Selected reading.Cyberspying Aimed at Industrial Enterprises in Russia and Ukraine Linked to China (SecurityWeek)China-linked spies used six backdoors to steal defense info (Register)U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash (U.S. Department of the Treasury)Twilio hacked by phishing campaign (TechCrunch)Twilio, a texting platform popular with political campaigns, reports breach (CyberScoop)Incident Report: Employee and Customer Account Compromise - August 4, 2022 (Twilio Blog)Email marketing firm hacked to steal crypto-focused mailing lists (BleepingComputer)RCMP has used spyware to access targets’ communications as far back as 2002: Senior Mountie (Global News)RCMP says it has not used Pegasus spyware (POLITICO) Learn more about your ad choices. Visit megaphone.fm/adchoices

In order to run a successful SOC, security leaders rely on tools with different strengths to create layers of defense. This has led to a highly siloed industry with over 2,000 vendors, each with their own specific function and who very seldom work together. To gain an advantage on attackers, we need to start seeing cybersecurity as a team sport–united for a shared mission.In this episode of CyberWire-X, the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by two Hash Table members, Ted Wagner, CISO at SAP National Security Services, and Jenn Reed, CISO at Aviatrix. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor ExtraHop's Senior Product Marketing Manager, Chase Snyder, and CrowdStrike's Head of Product Marketing, Janani Nagarajan .They discuss why and how vendors should work together to enable better integrated security for their customers. They’ll answer questions like “what is XDR?” and “how do I get my vendors to work together?”.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Shifting cyber threats during Russia's war against Ukraine. A Twitter exploit may have compromised more than 5 million accounts. A Cyberattack disrupts NHS 111. Developments in the C2C market. An alleged Russian cryptocurrency exchange operator is extradited to the US. Rick Howard looks at FinTech. Andrea Little Limbago from Interos on Industrial policy and the tech divide. And a Crypto mixing service has been sanctioned by the US Treasury Department.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/151Selected reading.ESET Threat Report T 1 2022 (WeLiveSecurity) Twitter confirms zero-day used to expose data of 5.4 million accounts (BleepingComputer)NHS 111 software outage confirmed as cyber-attack (BBC News) Ministers coordinate response after cyber-attack hits NHS 111 (the Guardian)Thousands of hackers flock to 'Dark Utilities' C2-as-a-Service (BleepingComputer)Attackers leveraging Dark Utilities "C2aaS" platform in malware campaigns (Cisco Talos)Genesis Brings Polish to Stolen-Credential Marketplaces (Sophos)Cyber-related Designation (U.S. Department of the Treasury)U.S. imposes sanctions on virtual currency mixer Tornado Cash (Reuters)Crypto Mixing Service Tornado Cash Blacklisted by US Treasury (CoinDesk)Alleged Russian Cryptocurrency Money Launderer Extradited to United States (US Department of Justice)Russian accused of money laundering and running $4B bitcoin exchange extradited to US | CNN Politics (CNN) Learn more about your ad choices. Visit megaphone.fm/adchoices

Anna Belak, Director of Thought Leadership at Sysdig, shares her story from physics to cyber. Anna explains how she went into college with the thinking of getting a physics degree and then for her PhD decided to switch to material science and engineering. Both were not something she enjoyed and ultimately decided to go into cyber. She shares some advice on how you should never limit yourself to your degree, as well as always learning new skills and honing in on skills you already have. She say's by doing these things it will make you into a unicorn, meaning if you are good at one thing and teach yourself to be good at something else, you will become that much more valuable. Anna hopes she makes an impact with the people she works with, she hopes they will want to work with her even long after she leaves a company. We thank Anna for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Deepen Desai from Zscaler's ThreatLabz joins Dave to discuss how APTs, like Lyceum Group, create tactics and malware to carry out attacks against their targets. The Lyceum group has been active since 2017 and is a state-sponsored Iranian APT group. This group targets Middle Eastern organizations most notably in the energy and telecommunication sectors, and they rely heavily on .NET based malwares.Zscaler said in their research they "recently observed a new campaign where the Lyceum Group was utilizing a newly developed and customized .NET based malware targeting the Middle East by copying the underlying code from an open source tool." They go on to give an analysis explaining why the .NET based DNS backdoor is causing problems.The research can be found here:Lyceum .NET DNS Backdoor Learn more about your ad choices. Visit megaphone.fm/adchoices

CyberFront Z's failed influence operation. Iranian operators target Albanian government networks. CISA issues two ICS security advisories. Andy Robbins of SpecterOps to discuss Attack Paths in Azure. Denis O'Shea of Mobile Mentor talking on the intersection of endpoint security and employee experience. CISA and ACSC issue a joint advisory on top malware strains.for links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/150Selected reading.Quarterly Adversarial Threat Report (Meta)Meta took down Russian troll farm that supported country’s invasion of Ukraine (The Hill)Russia's Infamous Troll Farm Is Back -- and Sh*tting the Bed (Rolling Stone) Meta’s threat report highlights clumsy attempt to manipulate Ukraine discourse (TechCrunch) Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations (Mandiant) CISA Alert AA22-216A – 2021 top malware strains. (The CyberWire)2021 Top Malware Strains (CISA)Digi ConnectPort X2D (CISA)Cisco Releases Security Updates for RV Series Routers (CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices

Ukraine claims to have taken down a massive Russian bot farm. Russian cyber operations may have been premature. A report says Emergency Alert Systems might be vulnerable to hijacking. The Mirai botnet may have a descendant. Adam Flatley from Redacted with a look back at NotPetya. Ryan Windham from Imperva takes on Bad Bots. Attacks on a cryptocurrency exchange attempt to bypass 2FA. Solana cryptocurrency wallets looted.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/149Selected reading.Ukraine takes down 1,000,000 bots used for disinformation (BleepingComputer)Did Russia mess up its cyberwar with Ukraine before it even invaded? (Washington Post) So RapperBot, What Ya Bruting For? (Fortinet Blog)Gaming Respawned (Akamai)Coinbase Attacks Bypass 2FA (Pixm Anti-Phishing)Thousands of Solana wallets drained in multimillion-dollar exploit (TechCrunch)Thousands of Solana Wallets Hacked in Crypto Cyberattack (Wall Street Journal) Solana, USDC Drained From Wallets in Attack (Decrypt) Ongoing solana attack targets thousands of crypto wallets, costing users more than $5 million so far (CNBC) Solana and Slope Confirm Wallet Security Breach (Crypto Briefing)How Hackers Target Bridges Between Blockchains for Crypto Heists (Wall Street Journal) Learn more about your ad choices. Visit megaphone.fm/adchoices

This joint Cybersecurity Advisory was coauthored by CISA and the Australian Cyber Security Centre, or ACSC. This advisory provides details on the top malware strains observed in 2021.AA22-216A Alert, Technical Details, and MitigationsFor alerts on malicious and criminal cyber activity, see the FBI Internet Crime Complaint Center webpage.For more information and resources on protecting against and responding to ransomware, refer to StopRansomware.gov, a centralized, U.S. Government webpage providing ransomware resources and alerts.The ACSC recommends organizations implement eight essential mitigation strategies from the ACSC’s Strategies to Mitigate Cyber Security Incidents as a cybersecurity baseline. These strategies, known as the “Essential Eight,” make it much harder for adversaries to compromise systems.Refer to the ACSC’s practical guides on how to protect yourself against ransomware attacks and what to do if you are held at ransom at cyber.gov.au.All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov. Learn more about your ad choices. Visit megaphone.fm/adchoices

Tories delay a leadership vote over security concerns. A summary of the cyber phases of the hybrid war. Cyberattacks affect three official sites in Taiwan. Malware designed to abuse trust. Gunter Ollmann of Devo to discuss how Cybercriminals are Winning the AI Race. Renuka Nadkarni of Aryaka explains enterprises can recession proof security architecture. Plus, putting a price on your privacy.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/148Selected reading.Tory leadership vote delayed after GCHQ hacking alert (The Telegraph) Nozomi Networks Labs Report: Wipers and IoT Botnets Dominate the Threat Landscape – Manufacturing and Energy at Highest Risk (Nozomi Networks) Those Pelosi-inspired cyberattacks in Taiwan probably weren't all they were cracked up to be (Washington Post)Increase in Chinese "Hacktivism" Attacks (SANS Internet Storm Center)Cyberattacks crashed several Taiwanese government websites hours before Pelosi’s visit. (New York Times)Taiwan presidential office website hit by cyberattack ahead of Pelosi visit (POLITICO) Taiwanese government sites disrupted by hackers ahead of Pelosi trip (The Record by Recorded Future)Deception at a scale (VirusTotal)The Price Cybercriminals Charge for Stolen Data (SpiderLabs Blog) Learn more about your ad choices. Visit megaphone.fm/adchoices

Nomad cryptocurrency bridge is looted. The BlackCat ransomware gang hits a Luxembourgeois energy company. DSIRF disputes Microsoft's characterization of the Austrian firm as cyber mercenaries. Ben Yelin looks at privacy concerns in the education software market. Our guest is PJ Kirner from Illumio to discuss Zero Trust Segmentation. And, finally, are there spies under Mr. Putin’s very very long table?For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/147Selected reading.Crypto Firm Nomad Loses Nearly $200 Million in Bridge Hack (Bloomberg) Crypto Bridge Nomad Drained of Nearly $200M in Exploit (CoinDesk)Nomad token bridge drained of $190M in funds in security exploit (Cointelegraph) Nomad token bridge hacked in nearly $200 million exploit (mint) BlackCat ransomware gang hits Luxembourg energy supplier Creos (Computing)Luxembourg energy provider Encevo Group battles ransomware attack by BlackCat (Tech Monitor)BlackCat ransomware claims attack on European gas pipeline (BleepingComputer)Luxembourg energy companies struggling with alleged ransomware attack, data breach (The Record by Recorded Future)Austrian spy firm accused by Microsoft says hacking tool was for EU states (Reuters)Dilyana Gaytandzhieva: Putin’s Elite Inner Circle Infiltrated By Nato Informants (SouthFront)GEC Special Report: Pillars of Russia’s Disinformation and Propaganda Ecosystem (US Department of State) Learn more about your ad choices. Visit megaphone.fm/adchoices