CyberWire Daily

Mary Writz, Vice President of Product Strategy at ForgeRock, shares how each career path she has taken has led her to where she is now. Mary describes how she has been a woman working in a male dominated field for most of her career and how she had to take charge, and she had to get the men to take charge with her. She says "I was often leading people, mostly men older than me, potentially smarter than me, more well paid than me. So I had to learn how to think about galvanizing this group to charge forward with me, even though I was a bit of a minority in that way." She also states that she tells herself to always make a positive out of a negative by showing people how you can respond to what's happening with a lot of energy, focus, and care and that's what got her to where she is today. Learn more about your ad choices. Visit megaphone.fm/adchoices

Shifting left has been a buzzword in the application security space for several years now, and with good reason – making security an integral part of development is the only practical approach for modern agile workflows. But in their drive to build security testing into development as early as possible, many organizations are neglecting application security in later phases and losing sight of the big picture. In this episode of CyberWire-X, the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, talks with two Hash Table members, Centene’s VP and CISO for Healthcare Enterprises, Rick Doten, and Akamai’s Advisory CISO, Steve Winterfeld. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor Invicti’s Chief Product Officer, Sonali Shah. They discuss the challenges and misunderstandings around shifting left, and provide tips on how organizations can implement web application security program without tradeoffs throughout the whole application security lifecycle. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rob Pantazopoulos from Secureworks, joins Dave to discuss their work on "REvil Development Adds Confidence About GOLD SOUTHFIELD Reemergence." Secureworks researchers published a new analysis on what can be considered the ‘first’ set of ransomware samples associated with the reemergence. These updated samples indicate that GOLD SOUTHFIELD has resumed operations.The research states "The identification of multiple samples containing different modifications and the lack of an official new version indicate that REvil is under active development." Researchers identified two samples, one in October of 2021, and the other in March of 2022. The March sample has modifications that lead researchers to distinguish the two samples from one another.The research can be found here:REvil Development Adds Confidence About GOLD SOUTHFIELD Reemergence Learn more about your ad choices. Visit megaphone.fm/adchoices

Traditional espionage and counterespionage during the hybrid war. Assessing Russian cyberattacks. Conti's fate and effects. Investigating cut Internet cables in France. My conversation with AD Bryan Vorndran of the FBI Cyber Division on reverse webshell operation and Hafnium. Our guest is Tom Kellermann of VMware to discuss the findings of their Modern Bank Heists report. And, finally the dark online world of “pig-butchering.”For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/140Selected reading.UK Spy Chief Sees Russia’s Military Running ‘Out of Steam’ Soon (Bloomberg)Exhausted Russian army gives Ukraine chance to strike back, says British spy chief (The Telegraph) 'Cut by half' Putin's masterplan backfires as 400 Russian spies thrown out of Europe (Express) Half of Russian spies in Europe expelled since Ukraine invasion, says MI6 chief (the Guardian) MI6 chief: Russia’s spies ‘not having a great war’ in Ukraine (The Record by Recorded Future) CIA chief says 15,000 Russians killed in war, dismisses Putin health rumors (Washington Post) CIA Chief Says Russia’s Iran Drone Deal Shows Military Weakness (Bloomberg) Ukraine confronts Kremlin infiltration threat at unreformed state bodies (Atlantic Council) US seeking to understand Russia’s failure to project cyber power in Ukraine (Defense News)Battling Moscow's hackers prior to invasion gave Kyiv 'full dress rehearsal' for today's cyber warfare (CyberScoop)How Conti ransomware hacked and encrypted the Costa Rican government (BleepingComputer) Anatomy of Attack: Truth Behind the Costa Rica Government Ransomware 5-Day Intrusion (AdvIntel) Conti Criminals Resurface as Splinter RaaS Groups  (Security Boulevard)The Unsolved Mystery Attack on Internet Cables in Paris (Wired) Massive Losses Define Epidemic of ‘Pig Butchering’ (KrebsOnSecurity) Learn more about your ad choices. Visit megaphone.fm/adchoices

A criminal talent broker emerges. Developing threats to financial institutions. Phishing through PayPal. Lessons to be learned from LAPSUS$, post-flameout. More spearphishing of Ukrainian targets. US Cyber Command releases IOCs obtained from Ukrainian networks. Johannes Ullrich from SANS on the value of keeping technology simple. Our guests are Carla Plummer and Akilah Tunsill from the organization Black Girls in Cyber. And not really honor, but honor’s self-interested first cousin.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/139Selected reading.Atlas Intelligence Group (A.I.G) – The Wrath of a Titan (Cyberint)'AIG' Threat Group Launches With Unique Business Model (Dark Reading)Buy, Sell, Steal, EvilNum Targets Cryptocurrency, Forex, Commodities (Proofpoint)Sending Phishing Emails From PayPal (Avanan) Brazen, Unsophisticated and Illogical: Understanding the LAPSUS$ Extortion Group (Tenable®)Evacuation and Humanitarian Documents used to Spear Phish Ukrainian Entities (Mandiant)Cyber National Mission Force discloses IOCs from Ukrainian networks (U.S. Cyber Command) The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back (HP Wolf Security) Learn more about your ad choices. Visit megaphone.fm/adchoices

What’s Russia up to in cyberspace, nowadays? Belgium accuses China of cyberespionage. LockBit ransomware spreading through compromised servers. Malek Ben Salem from Accenture explains the Privacy Enhancing Technologies of Federated Learning with Differential Privacy guarantees. Rick Howard speaks with Rob Gurzeev from Cycognito on Data Exploitation. And Micodus GPS tracker vulnerabilities should motivate the user to turn the thing off.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/138Selected reading.Continued cyber activity in Eastern Europe observed by TAG (Google)Declaration by the High Representative on behalf of the European Union on malicious cyber activities conducted by hackers and hacker groups in the context of Russia’s aggression against Ukraine (European Council)China: Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors (Federal Public Service Foreign Affairs) Déclaration du porte-parole de l'Ambassade de Chine en Belgique au sujet de la déclaration du gouvernement belge sur les cyberattaques (Embassy of the People's Republic of China in the Kingdom of Belgium)LockBit: Ransomware Puts Servers in the Crosshairs (Broadcom Software Blogs | Threat Intelligence)Critical Vulnerabilities Discovered in Popular Automotive GPS Tracking Device (MiCODUS MV720) (BitSight)CISA released Security Advisory on MiCODUS MV720 Global Positioning System (GPS) Tracker (CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices

A Cozy Bear sighting. Shaking up Ukraine's intelligence services. Albania's national IT networks continue to work toward recovery. US Justice Department seizes $500k from DPRK threat actors. The FBI warns of apps designed to defraud cryptocurrency speculators. A White House meeting today addresses the cyber workforce. Ben Yelin looks at our right to record police. Our guest is Tim Knudsen, Director of Product Management for Zero Trust at Google Cloud, speaking with Rick Howard. And another trend we’d like to be included out of.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/137Selected reading.Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive (Unit 42)Russian hacking unit Cozy Bear adds Google Drive to its arsenal, researchers say (CyberScoop)Russian SVR hackers use Google Drive, Dropbox to evade detection (BleepingComputer) Ukraine’s spy problem runs deeper than Volodymyr Zelensky’s childhood friend (The Telegraph) Albanian government websites go dark after cyberattack (Register) On Google Play, Joker, Facestealer, & Coper Banking Malware (Zscaler) Justice Department seizes $500K from North Korean hackers who targeted US medical organizations (CNN) Cyber Criminals Create Fraudulent Cryptocurrency Investment Applications to Defraud US Investors (US Federal Bureau of Investigation)Announcement of White House National Cyber Workforce and Education Summit | The White House (The White House)Fortinet Announces Free Training Offering for Schools at White House Cyber Workforce and Education Summit (Fortinet)Not your average side hustle: the women making thousands from 'pay pigs' who enjoy being financially dominated (Business Insider) Learn more about your ad choices. Visit megaphone.fm/adchoices

Ukraine shakes up its security and prosecutorial services. Cyberattacks hit Albania. Advanced persistent threat actors prospect journalists. The GRU is said to be trolling researchers who look into Sandworm. Thomas Etheridge from CrowdStrike on identity management. Our guest is Robin Bell from Egress discussing their Human Activated Risk Report. And CISA opens a liaison office in London.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/136Selected reading.Ukraine's Zelenskyy fires top security chief and prosecutor (AP NEWS)Zelenskiy Ousts Ukraine’s Security Chief and Top Prosecutor (Bloomberg)Volodymyr Zelensky sacks top aides over 'Russian collaboration' (The Telegraph)A massive cyberattack hit Albania (Security Affairs)Information Systems Are Intact, Says Albanian Government after Cyber Attack (Exit - Explaining Albania) Albania closes down online gov't systems after cyber attack (ANI News).Albania Shuts Down Digital Services and Government Websites after Cyber Attack (Exit - Explaining Albania)Hackers pose as journalists to breach news media org’s networks (BleepingComputer)Cybersecurity Firm: What US Journalists Need To Know About The Foreign Hackers Targeting Them Forbes)Sandworm APT Trolls Researchers on Its Trail as It Targets Ukraine (Dark Reading) Learn more about your ad choices. Visit megaphone.fm/adchoices

Mike Arrowsmith, Chief Trust Officer at NinjaOne, leads the organization’s IT, security, and support infrastructure to ensure they meet customers’ security and data privacy demands as it scales. Mike discusses how his career path has led him to the position he currently holds and how exciting the world of cybersecurity can be. He mentioned how he mentored students in college thinking of going into the field, and he used a metaphor to help describe the industry, saying "We are working against adversaries that are always typically one step ahead. Figuratively, if you could imagine, you're trying to chase a ball, but you never can quite get your hands on it." He shares how he loves the evolving field and that he thrives in a situation where things are constantly changing. We thank Mike for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

On this episode of CyberWire-X, we examine double extortion ransomware. The large-scale cyber events of yesterday – Stuxnet, the Ukraine Power Grid Attack – were primarily focused on disruption. Cybercriminals soon shifted to ransomware with disruption still the key focus – and then took things to the next level with Double Extortion Ransomware.When ransomware first started to take off as the attack method of choice around 2015, the hacker playbook was focused on encrypting data, requesting payment and then handing over the encryption keys. Their methods escalated with Double Extortion, stealing data as well as encrypting it - and threatening to leak data if they don’t receive payment. We’ve seen with ransomware groups like Maze that they will follow through with publishing private information if not paid.In the first part of the show, Rick Howard, the CyberWire’s CSO, Chief Analyst, and Senior Fellow, talks with Wayne Moore, Simply Business' CISO and CyberWire Hash Table member, and, in the second half of the show, the CyberWire's podcast host Dave Bittner talks with Nathan Hunstad, episode sponsor Code42’s Deputy CISO. They discuss how classic ransomware protection such as offsite backups are no longer enough. They explain that Double Extortion means that you need to understand what data has been stolen and weigh the cost of paying with the cost of your data going public. Learn more about your ad choices. Visit megaphone.fm/adchoices