CyberWire Daily

Tories delay a leadership vote over security concerns. A summary of the cyber phases of the hybrid war. Cyberattacks affect three official sites in Taiwan. Malware designed to abuse trust. Gunter Ollmann of Devo to discuss how Cybercriminals are Winning the AI Race. Renuka Nadkarni of Aryaka explains enterprises can recession proof security architecture. Plus, putting a price on your privacy.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/148Selected reading.Tory leadership vote delayed after GCHQ hacking alert (The Telegraph) Nozomi Networks Labs Report: Wipers and IoT Botnets Dominate the Threat Landscape – Manufacturing and Energy at Highest Risk (Nozomi Networks) Those Pelosi-inspired cyberattacks in Taiwan probably weren't all they were cracked up to be (Washington Post)Increase in Chinese "Hacktivism" Attacks (SANS Internet Storm Center)Cyberattacks crashed several Taiwanese government websites hours before Pelosi’s visit. (New York Times)Taiwan presidential office website hit by cyberattack ahead of Pelosi visit (POLITICO) Taiwanese government sites disrupted by hackers ahead of Pelosi trip (The Record by Recorded Future)Deception at a scale (VirusTotal)The Price Cybercriminals Charge for Stolen Data (SpiderLabs Blog) Learn more about your ad choices. Visit megaphone.fm/adchoices

Nomad cryptocurrency bridge is looted. The BlackCat ransomware gang hits a Luxembourgeois energy company. DSIRF disputes Microsoft's characterization of the Austrian firm as cyber mercenaries. Ben Yelin looks at privacy concerns in the education software market. Our guest is PJ Kirner from Illumio to discuss Zero Trust Segmentation. And, finally, are there spies under Mr. Putin’s very very long table?For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/147Selected reading.Crypto Firm Nomad Loses Nearly $200 Million in Bridge Hack (Bloomberg) Crypto Bridge Nomad Drained of Nearly $200M in Exploit (CoinDesk)Nomad token bridge drained of $190M in funds in security exploit (Cointelegraph) Nomad token bridge hacked in nearly $200 million exploit (mint) BlackCat ransomware gang hits Luxembourg energy supplier Creos (Computing)Luxembourg energy provider Encevo Group battles ransomware attack by BlackCat (Tech Monitor)BlackCat ransomware claims attack on European gas pipeline (BleepingComputer)Luxembourg energy companies struggling with alleged ransomware attack, data breach (The Record by Recorded Future)Austrian spy firm accused by Microsoft says hacking tool was for EU states (Reuters)Dilyana Gaytandzhieva: Putin’s Elite Inner Circle Infiltrated By Nato Informants (SouthFront)GEC Special Report: Pillars of Russia’s Disinformation and Propaganda Ecosystem (US Department of State) Learn more about your ad choices. Visit megaphone.fm/adchoices

KillNet threatens hack-and-leak op against HIMARS maker. Online investment scams hit Europe. Microsoft associates Raspberry Robin with EvilCorp. Rick Howard previews season ten of the CSO Perspectives podcast. Our guest is Nate Kharrl of SpecTrust on deploying fraud detection at the gateway. And a heartfelt farewell to a woman who’s inspiration lives on.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/146Selected reading.Cyberactivist Group Killnet Declares War on Lockheed Martin (Sputnik)Russian Hackers Target U.S. HIMARS Maker in 'New Type of Attack': Report (Newsweek)Founder of pro-Russian hacktivist Killnet quitting group (SC Magazine) Huge network of 11,000 fake investment sites targets Europe (BleepingComputer)Microsoft links Raspberry Robin malware to Evil Corp attacks (BleepingComputer) Microsoft ties novel ‘Raspberry Robin’ malware to Evil Corp cybercrime syndicate (The Record by Recorded Future)FakeUpdates malware delivered via Raspberry Robin has possible ties to EvilCorp (SC Magazine)Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself (Microsoft Security)Australia charges dev of Imminent Monitor RAT used by domestic abusers (BleepingComputer) Brisbane teenager built spyware used by domestic violence perpetrators across world, police allege (the Guardian) Learn more about your ad choices. Visit megaphone.fm/adchoices

Larry Cashdollar, Principal Security Intelligence Response Engineer at Akamai Technologies, sits down with Dave Bittner to discuss his life leading up to working at Akamai. He shares his story from his beginnings to now, describing what college life was like as a young computer enthusiast. He says "If you look at my 1986 yearbook, I think it was my sixth grade class, it says computer scientist for my career path. So I had a love of computers when I was really young. I guess I knew what field I wanted to get into right off the bat." He describes different career paths that all led him to his current position. He also shares his love for computers and technology through the decades of his youth, and how he is learning, even now. We thank Larry for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Israel Barak, CISO from Cybereason, sits down with Dave to discuss their research, "Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation." Cybereason researchers recently found an attack lurking beneath the surface which was assessed to be the work of Chinese APT Winnti. Cybereason briefed the FBI and the DOJ on the investigation into the malicious campaign.The research states, "For years, the campaign had operated undetected, siphoning intellectual property and sensitive data." The team quickly made two reports on the campaign, one sharing an examination on the tactics and techniques. The second gives a detailed analysis of the malware and exploits used.The research can be found here:Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation Learn more about your ad choices. Visit megaphone.fm/adchoices

Anonymous's hacktivism in a hybrid war. Pyongyang's [un]H0lyGh0st. Phishing in the IPFS. Update on the initial access criminal-to-criminal market and its effect on MSPs. Cyber gangs move away from malicious macros. Thomas Etheridge from CrowdStrike on managed detection and response. Rick Howard sits down with Art Poghosyan from Britive to discuss DevSecOps and Identity Management. And Rewards for Justice seeks some righteous snitches.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/145Selected reading.Putin 'embarrassed' as hackers launch cyber war on Russian President over Ukraine invasion (Express.co.uk)Is Anonymous Rewriting the Rules of Cyberwarfare? Timeline of Their Attacks Against the Russian Government (Website Planet) HolyGhost’s Bargain Basement Approach To Ransomware (Digital Shadows)IPFS: The New Hotbed of Phishing (Trustwave)Threat Advisory: Hackers Are Selling Access to MSPs (Huntress) We’re currently monitoring a situation that entails a hacker selling access to an MSP with access to 50+ customers, totaling 1,000+ servers.Experts warn of hacker claiming access to 50 U.S. companies through breached MSP (The Record by Recorded Future)How Threat Actors Are Adapting to a Post-Macro World (Proofpoint)Rewards for Justice – Reward Offer for Information on Russian Interference in U.S. Elections (United States Department of State) Learn more about your ad choices. Visit megaphone.fm/adchoices

SSSCIP and CISA sign a memorandum of cooperation. Are private-sector offensive actors tailored security services, or are they just hired guns? Bringing cyber mercenaries to heel. Malek Ben Salem from Accenture on why crisis management is at the heart of ransomware resilience. Our guest is Derek Manky from Fortinet on the World Economic Forum Partnership Against Cybercrime. And more credential-harvesting scams are out in the wild.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/144Selected reading.United States and Ukraine Expand Cooperation on Cybersecurity (CISA)US, Ukraine sign pact to expand cooperation in cyberspace (The Hill)Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits (Microsoft Security)Continuing the fight against private sector cyberweapons (Microsoft On the Issues)Experts Urge Congress to Pressure Commercial Spyware Vendors (Decipher)Mirroring Actual Landing Pages for Convincing Credential Harvesting (Avanan) Learn more about your ad choices. Visit megaphone.fm/adchoices

IBM reports on the cost of a data breach. Personal apps as a potential business risk. Over on the dark side, there’s help wanted in the C2C labor market. An employee engagement study reaches predictably glum conclusions. Betsy Carmelite from Booz Allen Hamilton on reducing software supply chain risks with SBOMs. Our guest is Elaine Lee from Mimecast discussing the pros and cons of AI in cybersecurity. And Why so much attempted DDoS, but not so much ransomware?For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/143Selected reading.IBM Report: Consumers Pay the Price as Data Breach Costs Reach All-Time High (IBM Newsroom)Cost of a Data Breach Report 2022 (IBM Security)Netskope Threat Research: Data Sprawl Creating Risk for Organizations Worldwide as Personal App Use in Business Continues to Rise (PR Newswire)Financial Incentives May Explain the Perceived Lack of Ransomware in Russia’s Latest Assault on Ukraine (Council on Foreign Relations)Tessian | 1 in 3 Employees Do Not Understand the Importance of Cybersecurity at Work, According to New Report (RealWire) Learn more about your ad choices. Visit megaphone.fm/adchoices

LockBit gets an upgrade. CosmicStrand firmware rootkit is out in a new and improved version. Are thieves being treated like white hats? AV-Test's Twitter account is hijacked. Joe Carrigan considers the mental health effects of the online scam economy. Mr. Security Answer Person John Pescatore ponders the cybersecurity talent gap. And ongoing speculation on the cyber phase of the hybrid war.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/142Selected reading.LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities (Trend Micro)CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit (Securelist)Crypto Firms Make Thieving Hackers an Offer: Keep a Little, Give Back the Rest (Wall Street Journal)Phishers’ Favorites Top 25, H1 2022: Microsoft Is the Most Impersonated Brand in Phishing Attacks (Vade Secure)Testing times for AV-Test as Twitter account hijacked by NFT spammers (Graham Cluley)Ukraine fall-out and new ransomware tactics elevate cyber risks (Strategic Risk Europe)Ed’s note: The Ukrainian-Russian cyber war no one speaks about (Smart Energy) Learn more about your ad choices. Visit megaphone.fm/adchoices

The minor mystery of GPS-jamming. Twitter investigates an apparent data breach. Ransomware command and control staging is discovered. Andrea Little Limbago from Interos looks at the intersection of social sciences and cyber. Our guest is Nelly Porter from Google Cloud on the emerging idea of confidential computing. A C2C offering restricted to potential privateers.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/141Selected reading.Why Isn’t Russia jamming GPS harder in Ukraine? (C4ISRNet)Twitter data breach exposes contact details for 5.4M accounts; on sale for $30k (9to5Mac)Twitter investigating authenticity of 5.4 million accounts for sale on hacking forum (The Record by Recorded Future)Russian Ransomware C2 Network Discovered in Censys Data (Censys)Researcher finds Russia-based ransomware network with foothold in U.S. (The Record by Recorded Future)New Cross-Platform 'Luna' Ransomware Only Offered to Russian Affiliates (SecurityWeek)  Learn more about your ad choices. Visit megaphone.fm/adchoices