CyberWire Daily

Chad Seaman, Team Lead at Akamai SIRT joins Dave to discuss their research about a record-breaking DDoS Attack. The research says "A new reflection/amplification distributed denial-of-service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks."Starting in mid-February 2022, security researchers, network operators, and security vendors noticed a spike in DDoS attacks. Researchers started to investigate the spike and determined that the devices that were being abused to launch these attacks are MiCollab and MiVoice Business Express collaboration systems. The research goes into how you can help mitigate the attacks and how Mitel has now released patched software.The research can be found here:CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector Learn more about your ad choices. Visit megaphone.fm/adchoices

Gangland goes to war. Is there a "cyber world war" in progress? Ukraine thinks so. A new North Korean ransomware operation is described, but it’s not yet clear if it’s a state operation or some moonlighting by Pyongyang’s operators. Media organizations remain attractive targets for state actors. NSA releases guidance on characterizing threats and risks to microelectronics. Betsy Carmelite from Booz Allen talks about why now is the time to plan for post-quantum cryptography. Our guest is Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly discussing her time at CISA and the work of her team. For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/135Selected reading.Inside The Russian Cybergang Thought To Be Attacking Ukraine—The Trickbot Leaks (Forbes)Who is Trickbot? (Cyjax)Who is Trickbot? (Cyjax)NATO and the European Union work together to counter cyber threats (NATO) The Man at the Center of the New Cyber World War (POLITICO)Russian cyber threat to Canada worse than previously reported: CSE (National Post) North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware (Microsoft Security) Above the Fold and in Your Inbox: Tracing State-Aligned Activity Targeting Journalists, Media (Proofpoint)NSA Publishes Guidance on Characterizing Threats, Risks to DoD Microelectronics (National Security Agency/Central Security Service) Learn more about your ad choices. Visit megaphone.fm/adchoices

In this extended interview, CyberWire Daily Podcast host Dave Bittner sits down with Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly to discuss her time at CISA and the work of her team. This interview from July 15, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. Learn more about your ad choices. Visit megaphone.fm/adchoices

An overview of the cyber phase of Russia's hybrid war. Smartphones as sources of targeting information. Lilith enters the ransomware game. ChromeLoader makes a fresh appearance. Honda acknowledges that Rolling-PWN is real (but says it's not as serious as some think). Part two of Carole Theriault’s conversation with Jen Caltrider from Mozilla's Privacy Not Included initiative. Our guest is Josh Yavor of Tessian to discuss Accidental Data Loss Over Email. A guilty verdict in the Vault 7 case.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/134Selected reading.Ukraine's Cyber Agency Reports Q2 Cyber-Attack Surge (Infosecurity Magazine)2022 Q2 (SSSCIP)The weaponizing of smartphone location data on the battlefield (Help Net Security) New Lilith ransomware emerges with extortion site, lists first victim (BleepingComputer) A new ransomware operation has been launched under the name 'Lilith,' and it has already posted its first victim on a data leak site created to support double-extortion attacks.New Ransomware Groups on the Rise (Cyble) Cyble analyzes new ransomware families spotted in the wild led by notable examples such as LILITH, RedAlert, and 0Mega.New Lilith ransomware emerges with extortion site, lists first victim (BleepingComputer)New Ransomware Groups on the Rise (Cyble)Researchers Uncover New Variants of the ChromeLoader Browser Hijacking Malware (The Hacker News)ChromeLoader: New Stubborn Malware Campaign (Unit 42) Honda Admits Hackers Could Unlock Car Doors, Start Engines (SecurityWeek) Honda redesigning latest vehicles to address key fob vulnerabilities (The Record by Recorded Future) Statement Of U.S. Attorney Damian Williams On The Espionage Conviction Of Ex-CIA Programmer Joshua Adam Schulte (US Department of Justice) Ex-C.I.A. Engineer Convicted in Biggest Theft Ever of Agency Secrets (New York Times)Former CIA Staffer Convicted For Massive Data Breach To WikiLeaks (Forbes) Learn more about your ad choices. Visit megaphone.fm/adchoices

Adversary-in-the-middle sites support business email compromise. Silent validation carding bot discovered. Attempted social engineering at the European Central Bank. Germany puts its shields up. Carole Theriault speaks with Jen Caltrider about Mozilla's *Privacy Not Included initiative. Our guest is Lucia Milica on Proofpoint’s Voice of the CISO report. And Hacktivism in a hybrid war.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/133Selected reading.From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud (Microsoft Security Blog) PerimeterX Discovers New Silent Validation Carding Bot (PerimeterX)Hackers posing as Merkel target ECB's Lagarde - German source (Reuters) European Central Bank head targeted in hacking attempt (AP NEWS)Cyberangriff auf Spitzenpolitiker: Hacker nutzten Merkels Handynummer, um das Whatsapp-Konto von Lagarde zu knacken (Business Insider)Germany bolsters defenses against Russian cyber threats (Deutsche Welle) Ukraine's cyber army hits Russian cinemas (CyberNews)DDoS attacks surge in popularity in Ukraine — but are they more than a cheap thrill? (The Record by Recorded Future)Microsoft Releases July 2022 Security Updates (CISA)CISA orders agencies to patch new Windows zero-day used in attacks (BleepingComputer)SAP Releases July 2022 Security Updates (CISA)Schneider Electric Easergy P5 and P3 (CISA)Dahua ASI7213X-T1 (CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices

High-end and low-end extortion. Vehicles from Honda may soon be rolling off the lot. Social media and open-source intelligence. Russian cyberattacks spread internationally. Joe Carrigan surveys items for sale in dark web markets. Our guest is Jonathan Wilson of AU10TIX to discuss consumer sentiment around data privacy. Preparing for cyber combat.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/132Selected reading.BlackCat (Aka ALPHV) Ransomware Is Increasing Stakes Up To $2,5M In Demands (Resecurity)Ransomware gang now lets you search their stolen data (BleepingComputer)Luna Moth: The Actors Behind the Recent False Subscription Scams (Sygnia)'Luna Moth' Group Ransoms Data Without the Ransomware (Dark Reading)Hackers can unlock Honda cars remotely in Rolling-PWN attacks (BleepingComputer)Hackers Say They Can Unlock and Start Honda Cars Remotely (Vice)Rolling PWN (PWN) Russia launches attack on Poland as hackers declare war on 10 countries, including UK (Express)Vice Minister: cyber attacks are aimed at seeking publicity and raising tensions (DELFI)How one Ukrainian ethical hacker is training 'cyber warriors' in the fight against Russia (The Record by Recorded Future)The Biggest Threat to the Military May Not Be What You Think (ClearanceJobs) Learn more about your ad choices. Visit megaphone.fm/adchoices

More deniable DDoS attacks strike countries friendly to Ukraine. Predatory Sparrow's assault on Iran's steel industry. A callback phishing campaign impersonates security companies. The Anubis Network is back. Thomas Etheridge from CrowdStrike on the importance of outside threat hunting. Rick Howard weighs in on sentient AI. And a ransomware gang ups the ante.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/131Selected reading.Pro-Russian cybercriminals briefly DDoS Congress.gov (CyberScoop)Lithuania's state-owned energy group hit by 'biggest cyber attack in a decade' (lrt.lt)Ignitis Group hit by DDoS attack as Killnet continues Lithuania campaign (Tech Monitor)Russian ‘Hacktivists’ Are Causing Trouble Far Beyond Ukraine (Wired - 07-11-2022) Predatory Sparrow: Who are the hackers who say they started a fire in Iran? (BBC News)Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents' (CyberScoop)Callback Phishing Campaigns Impersonate CrowdStrike, Other Cybersecurity Companies (CrowdStrike)Anubis Networks is back with new C2 server (Security Affairs)BlackCat (aka ALPHV) ransomware is increasing stakes up to $2.5 million in demands(Help Net Security)Resecurity - BlackCat (aka ALPHV) Ransomware is Increasing Stakes up to $2,5M in Demands (Resecurity) Learn more about your ad choices. Visit megaphone.fm/adchoices

Simone Petrella, CEO of cybersecurity training workforce firm CyberVista, spent her career in the Department of Defense as a threat intelligence analyst before founding CyberVista. She says that running a company has a new set of challenges each day thrown at you. She explains that the way she finds the most success is by letting her team contribute to each matter, and having a say in the decisions made as they pertain to each department. Simone says "I would say is I am a firm firm believer in the idea of empowering people to really own and kind of run with the things that they're passionate about." She notes that people will do amazing things when they are passionate and that faking it until you make it is true, because you will get where you're going by having that passion and that inspiration. We thank Simone for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Alden Wahlstrom, senior analyst on Mandiant's Information Operations Team, shares a comprehensive overview and analysis of the various information operations activities they’ve seen while responding to the Russian invasion. While the full extent of the Russia-Ukraine war has yet to come to light, more than two months after the start of the invasion, Mandiant has identified activity that they believed to be information operations campaigns conducted by actors possibly in support of the political interests of nation-states such as Russia, Belarus, China, and Iran.The research shares a chart with all of the known information operations events that have taken place so far dating back to January of 2022. It also states that following the beginning of the Russian attack they have seen concerning signs, including "incidents involving the deployment of wiper malware disguised as ransomware."The research can be found here:The IO Offensive: Information Operations Surrounding the Russian Invasion of Ukraine Learn more about your ad choices. Visit megaphone.fm/adchoices

An update on cyber operations in the hybrid war. NPM compromise updates. Free decryptors for AstraLocker and Yashma ransomware. Johannes Ullrich from SANS on attacks against Perimeter Security Devices. Our guest is Sonali Shah from Invicti Security with a look at DevSecOps anxiety. And who’s the villain who hijacked the Instagram account of Disneyland?For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/130Selected reading.Russia-Ukraine war: List of key events, day 135 (Al Jazeera)Russia-Ukraine war: Putin warns Moscow has 'barely started' its campaign (The Telegraph) Russian Cybercrime Trickbot Group is systematically attacking Ukraine (Security Affairs) US finance sector encouraged to stay vigilant against retaliatory Russian cyberattacks (SC Magazine) Someone may be prepping an NPM crypto-mining spree (Register) ICS CERT Advisories (CISA)Free decryptor released for AstraLocker, Yashma ransomware victims (BleepingComputer) Disneyland’s Instagram Account Hacked With a Series of Profane, Racist Posts (Wall Street Journal) Learn more about your ad choices. Visit megaphone.fm/adchoices