CyberWire Daily

Cybersecurity Associate Consultant at BARR Advisory, Kristin Strand, shares her journey from the military to teaching and now to cybersecurity. Kristin shares how she'd wanted to be a teacher since she was young. She joined the Army to help pay for college and throughout her career has taken advantage of programs to help her move on to her next challenge. From teaching, Kristin decided to transition to IT and came to cybersecurity through a Department of Labor program. She's also currently training to be a drill sergeant. Kristin advises you stand firm to your goals and know what you want. It will come around. We thank Kristin for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest Jon DiMaggio, Chief Security Strategist at Analyst1, joins Dave Bittner to discuss his team's research "A History of REvil" that chronicles the rise and fall of REvil. The REvil gang is an organized criminal enterprise based primarily out of Russia that runs a Ransomware as a Service (RaaS) operation. The core members of the gang reside and operate out of Russia. REvil leverages hackers for hire, known as affiliates, to conduct the breach, steal victim data, delete backups, and infect victim systems with ransomware for a share of the profits. Affiliates primarily stem across eastern Europe, though a small percentage operate outside that region. In return, the core gang maintains and provides the ransomware payload, hosts the victim data leak/auction site, facilitates victim communication and payment services, and distributes the decryption key. In simpler terms, the core gang are the service provider and persona behind the operation, while the affiliates are the hired muscle facilitating attacks. Jon walks us through the team's findings and details REvil's story.The research can be found here:A History of REvil Learn more about your ad choices. Visit megaphone.fm/adchoices

An update on the hybrid war in Ukraine. Allegations of war crimes and Russian disinformation. Chemical, biological, and radiological weapons disinformation. Preparing for cyberattacks. Cyber operations against Russia. GPS interference reported along Finland’s border. Conti and its users are still up and active. CISA releases twenty-four ICS security advisories. Malek Ben Salem from Accenture on deception systems. Our guest is Joe Payne from Code42 on data exposure. An extradition in the NetWalker case.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/48Selected reading.Russia 'did not attack Ukraine' says Lavrov after meeting Kuleba (euronews) Read the latest cybersecurity analysis (Accenture)Where conflict is reported in Ukraine right now (The Telegraph) How U.S. Bioweapons in Ukraine Became Russia’s New Big Lie (Foreign Policy) Russian embassy demands Meta stop 'extremist activities' (NASDAQ:FB) (SeekingAlpha)Transparency Org Releases Alleged Leak of Russian Censorship Agency (Vice) SecurityScorecard Discovers new botnet, ‘Zhadnost,’ responsible for… (SecurityScorecard) Inside the Russian cyber war on Ukraine that never was (Task & Purpose) Report: Recent 10x Increase in Cyberattacks on Ukraine (KrebsOnSecurity) Russian defense firm Rostec shuts down website after DDoS attack (BleepingComputer) The Spectacular Collapse of Putin’s Disinformation Machinery (Wired) Will Russians Choose Truth or Lies? Ukraine’s Fate Depends on Them (Bloomberg) Finnish govt agency warns of unusual aircraft GPS interference (BleepingComputer)Corporate website contact forms used to spread BazarBackdoor malware (BleepingComputer)U.S. Warns of Conti Ransomware Attacks as Gang Deals With Leak Fallout (SecurityWeek) Ex Canadian government worker extradited to U.S. to face more ransomware charges (CBC) Former Canadian Government Employee Extradited to the United States to Face Charges for Dozens of Ransomware Attacks Resulting in the Payment of Tens of Millions of Dollars in Ransoms (US Department of Justice)  Learn more about your ad choices. Visit megaphone.fm/adchoices

Prebunking a provocation. A spot report on the cyber phases of a hybrid war. Google stops a Judgment Panda campaign against US Government Gmail users. Symantec continues to track the origins and uses of the Daxin backdoor. CISA updates its Conti alert. Josh Ray from Accenture has tips on Log4J. Our guest is Chetan Conikee of ShiftLeft with strategies for reducing attackability. And law northeast of the Pecos, as an alleged member of REVil is arraigned in Texas.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/47Selected reading.Vladimir Putin ‘plotting chemical weapons attack in Ukraine’ (The Telegraph)White House warns Russia could use chemical weapons in Ukraine (TheHill) Russia, China May Be Coordinating Cyber Attacks: SaaS Security Firm (eSecurityPlanet) More Than 5 Million Anti-Propaganda Text Messages Sent to Russians in Anonymous Information Warfare (Hstoday) Anonymous hacked Russian cams, websites, announced a clamorous leak (Security Affairs) EXCLUSIVE BNP Paribas bars Russia-based staff from computer systems as cyber attack fears grow (Reuters) CISA updates Conti ransomware alert with nearly 100 domain names (BleepingComputer) Google Blocks Chinese Phishing Campaign Targeting U.S. Government (SecurityWeek)Symantec tracked down one developer of ‘China’s most advanced piece of malware’ (Sc Magazine) Daxin Backdoor: In-Depth Analysis, Part One (Symantec)Daxin Backdoor: In-Depth Analysis, Part Two (Symantec)Sodinokibi/REvil Ransomware Defendant Extradited to United States and Arraigned in Texas (US Department of Justice) Learn more about your ad choices. Visit megaphone.fm/adchoices

Zelenskyy addresses the House of Commons. Cyber operations in Russia's war against Ukraine. Chinese cyber espionage campaign hits six US state governments (but it might be an APT side-hustle). A surge in mobile malware. Joe Carrigan looks at derestricting your software. Our guest Bob Dudley discusses cyberattacks against the European energy sector. And a quick look back at Patch Tuesday.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/46Selected reading.Volodymyr Zelensky speech: Ukrainian President vows to fight Russians in 'forests, fields and on shores' as he channels Winston Churchill (The Telegraph) Putin’s Endgame Starts to Look Like Reducing Ukraine to Rubble (BloombergLive Updates: Biden Bans Russian Oil Imports and Major U.S. Brands Close Outlets (New York Times)The March 2022 Security Update Review (Zero Day Initiative) EU countries call for cybersecurity emergency response fund -document (Reuters)Annual Threat Assessment of the U.S. Intelligence Community (Office of the Director of National Intelligence)PTC Axeda agent and Axeda Desktop Server | (CISA) AVEVA System Platform (CISA)Sensormatic PowerManage (CISA)  Learn more about your ad choices. Visit megaphone.fm/adchoices

Updates from the UK’s Ministry of Defense on Russia’s War in Ukraine. Influence operations: the advantage still seems to go to Ukraine, as Russian efforts look inward. Assessing the effects of hacktivism and cyber operations in the hybrid war. Privateering: Conti, Ragnar Locker, and (probably) others. Mustang Panda rears up in European diplomatic networks. Ransomware hits a Romanian fuel distributor. Andrea Little Limbago from Interos on data traps. Carole Theriault tracks the fight against deepfakes. Vulnerabilities found in UPS devices.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/45 Learn more about your ad choices. Visit megaphone.fm/adchoices

Russian influence operations fail as few support Russia's war of aggression. Ukraine will become a "contributing participant" in NATO's CCDCOE. Ukrainian cyberattacks, and the marshaling of hacktivists. Russian cyberattacks: surprisingly restrained and unsurprisingly supported by criminal organizations like Conti. The FBI’s Bryan Vorndran joins us with insights on the work his team did on Sodinokibi. Rick Howard looks at vulnerability management. Lapsu$ gang releases data taken from NVIDIA and Samsung in separate extortion incidents.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/44Selected reading.What Happened on Day 11 of Russia’s Invasion of Ukraine (New York Times)Putin says Ukraine's future in doubt as cease-fires collapse After temporary cease-fires break down, Putin threatens Ukraine’s government (AP NEWS) Ukraine to join NATO cyber defence centre as 'contributing participant' (Reuters)Putin Is Raising an Iron Firewall Around Russia (Bloomberg) Three reasons Moscow isn't taking down Ukraine's cell networks (POLITICO) Hacktivists Stoke Pandemonium Amid Russia’s War in Ukraine (Wired) DDoS hacktivism: A highly risky exercise (Avast)This Ukrainian cyber firm is offering hackers bounties for taking down Russian sites (The Record by Recorded Future)Ukraine Cyber Official: We Only Attack Military Targets (SecurityWeek) Volunteer Hackers Converge on Ukraine Conflict With No One in Charge (New York Times) Russia shares list of 17,000 IPs allegedly DDoSing Russian orgs (BleepingComputer) Ukraine's 'IT army' targets Belarus railway network, Russian GPS (Reuters) HawkEye 360 detects GPS interference in Ukraine (SpaceNews) Hackers are being forced to pick sides in the Russia-Ukraine war (KTVH) Nvidia allegedly hacks back (Avast)Credentials of 71,000 NVIDIA Employees Leaked Following Cyberattack (SecurityWeek) Leaked stolen Nvidia cert can code-sign Windows malware (Register) Hackers claim massive Samsung leak, including encryption keys and source code (Android Police) Lapsus$ group leaks 190GB of Samsung data, source code (Computing) Samsung’s secret data leaks after devastating cyberattack (SamMobile)  Learn more about your ad choices. Visit megaphone.fm/adchoices

Founder and CTO of ShiftLeft, Chetan Conikee shares his story from computer science to founding his own company. When choosing a career, Chetan notes that "the liking and doing has to matter and be in conjunction with each other." Explaining the parallels in his home country of India and where he studied his for his masters in the US, Chetan stresses the need to find someone who inspires you to follow and learn from. On being an entrepreneur, he says, "The entrepreneurial mindset is a sum total of many sufferings that lead to success." Chethan advises you take time out to write narratives so that you are remembered and so that others following a similar path may learn from you. We thank Chetan for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Modern enterprises have evolved drastically over the last two years as a result of the global pandemic. Due in part to organizations pivoting quickly to new business models by migrating apps and services to the cloud to enable hybrid and remote workforces, the “new” office has quickly become the web browser. Today, business users are spending an average of 75% of their workday in a browser – that’s where productivity takes place! But the digital enhancements of the last two years have ushered in widespread transformation that expanded attack surfaces and created new opportunities for cyber miscreants, giving rise to Highly Evasive Advanced Threats (HEAT).During this episode of CyberWire-X, the CyberWire's Dave Bittner speaks with Dan Prince, Senior Lecturer in Security and Protection Science at the School of Computing and Communications at Lancaster University, about the topic. Show Sponsor Menlo Security's Nick Edwards and Dave explore what HEAT attacks are, how they work, and why they’re resulting in the rise of ransomware attacks and account takeovers. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest Mike Benjamin, VP of Security Research at Fastly, joins Dave Bittner to talk about the Fastly Security Research Team's work on "Open redirects: real-world abuse and recommendations." Open URL redirection is a class of web application security problems that makes it easier for attackers to direct users to malicious resources. This vulnerability class, also known as “open redirects,” arises when an application allows attackers to pass information to the app that results in users being sent to another location. That location can be an attacker-controlled website or server used to distribute malware, trick a user into trusting a link, execute malicious code in a trusted way, drive ad fraud, or even perform SEO manipulation. Knowing how an open redirect can be abused is helpful — but knowing how to design around it in the first place is even more important.Mike walks us through what his team uncovered, explains how redirects are used, how they can be abused, and how you can prevent that abuse.The research can be found here:Open redirects: real-world abuse and recommendations Learn more about your ad choices. Visit megaphone.fm/adchoices