CyberWire Daily

Reports of cyberattacks against Ukrainian targets as the parties to the crisis resume negotiations. The US has been forthcoming with intelligence on Russia’s ambitions in the region; those revelations form part of an influence strategy. An apparent criminal group is targeting aviation and related sectors. BlackCat ransomware victims are having difficulty recovering. Why conditions favor romance scams. Ben Yelin looks at pending cyber breach notification laws. Our guest Padraic O'Reilly from CyberSaint on the effectiveness of Biden's plan to protect the water sector. And “beamers” defraud Roblox players.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/31 Learn more about your ad choices. Visit megaphone.fm/adchoices

The US and the UK warn of the possibility of false-flag provocations as Russia keeps the pressure on Ukraine. NATO members and others issue warnings of the threat of Russian cyber operations spilling over the Ukrainian border. Two US Senators want an accounting from the CIA over an alleged bulk collection operation. No charges filed in the case of a reporter who viewed a website source. Hacktivism and vigilantism. 49ers hacked. Daniel Prince from Lancaster University on improving security in agile health IoT development. Rick Howard targets supply chain issues with the hash table. And have a careful Valentine’s Day.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/30 Learn more about your ad choices. Visit megaphone.fm/adchoices

CEO and Founder of KeyCaliber, Roselle Safran, takes us on her circuitous career journey from startup to White House and back to startup again. With a degree in civil engineering, Roselle veered off into a more technical role at a startup and she says "caught the startup bug." After convincing a hiring manager that she could learn on the job, she transitioned to computer forensics and started on the path of cybersecurity. Roselle worked in government for the Department of Homeland Security and then to the Executive Office of the President leading all of the security operations. She jumped back into the world of startups and has stayed there. Roselle tells people interested in a career in cybersecurity to just apply. Learn as much as you can and go for it. We thank Roselle for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guests Avigayil Mechtinger and Ryan Robinson from Intezer discuss SysJoker malware, a backdoor that targets Windows, Linux and MacOS, Malware targeting multiple operating systems has become no exception in the malware threat landscape. Vermilion Strike, which was documented just last September, is among the latest examples until now.  In December 2021, the team at Intezer discovered a new multi-platform backdoor that targets Windows, Mac, and Linux. The Linux and Mac versions are fully undetected in VirusTotal. Intezer named this backdoor SysJoker.SysJoker was first discovered during an active attack on a Linux-based web server of a leading educational institution. After further investigation, Intezer found that SysJoker also has Mach-O and Windows PE versions. Based on Command and Control (C2) domain registration and samples found in VirusTotal, Intezer estimates that the SysJoker attack was initiated during the second half of 2021.  The research can be found here:New SysJoker Backdoor Targets Windows, Linux, and macOS Learn more about your ad choices. Visit megaphone.fm/adchoices

Update on Russia’s hybrid threat to Ukraine, with observations on possible international spillover. Vodafone Portugal continues its recovery. The FritzFrog peer-to-peer botnet is back, and has resumed operations against government, healthcare, and education targets. Caleb Barlow warns of attacks coming from inside your network. Our guest is Tom Boltman of Kovrr on the shift in the cyber insurance market due to ransomware. And there’s a new wrinkle in the old familiar Nigerian prince scam–did you know the UN was compensating victims by sending them ATM cards? Neither did the UN.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/29 Learn more about your ad choices. Visit megaphone.fm/adchoices

Ukraine takes down two botfarms pushing panic. Thoughts on hybrid warfare. Russia and China explain how we ought to see the political and online worlds. Digital frameups are reported in India. Lazarus phishes with bogus job offers. Espionage services looking for journalists’ sources. David Dufour from Webroot ponders the Metaverse. Our guest is Amanda Fennell, host of the Security Sandbox podcast. And public and private-sector warnings about ransomware. Learn more about your ad choices. Visit megaphone.fm/adchoices

Britain’s Foreign Office sustained a cyberattack last month (the details are secret). Poland stands up a Cyber Defense Force as Europe and North America raise their level of cyber readiness. Negotiations over the Russian pressure on Ukraine are likely to be protracted. Threats to multi-cloud environments. Patch Tuesday notes. Dinah Davis from Arctic Wolf on keeping kids safe online. Carole Theriault examines Mozilla’s Privacy Not Included campaign. And Razzlekhan rocks the mic with her mad skillz, or used to, anyway.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/27 Learn more about your ad choices. Visit megaphone.fm/adchoices

Diplomacy continues over the Russian threat to Ukraine. In the meantime, hacktivists and others are said to be receiving crowdfunding through alt-coin remittances. The Molerats are back, and they have some new tools. Right-to-left override is being seen again in the wild. Vodafone Portugal is taken offline by a cyberattack. Joe Carrigan on Meta’s ten billion dollar privacy hit. Our guest is Greg Otto from Intel 471 to discuss shifts in ransomware strains. And two arrests are made in a money-laundering case connected with the Bitfinex hack.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/26 Learn more about your ad choices. Visit megaphone.fm/adchoices

The FSB is active against Ukrainian targets as NATO continues to work out the cybersecurity assistance it will provide Kyiv. BlackCat is found to be connected to the DarkSide gang, either as a superseding affiliate or as a simple rebranding of the same old crew. The FBI issues an alert about LockBit. Kevin Magee from Microsoft on their final report on Nobellium and the Solar Winds attack. Rick Howard steers the hash table toward supply chains. And the US has indicted six call centers in India on charges related to some familiar scams.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/25 Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest Danny Adamitis from Black Lotus Labs joins Dave to discuss their team's new research "New Konni Campaign Kicks the New Year Off by Targeting Russian Ministry of Foreign Affairs." Black Lotus Labs, the threat research team of Lumen Technologies, uncovered a series of targeted actions against the Russian Federation’s Ministry of Foreign Affairs (MID). Based upon the totality of information available and the close correlation with prior reporting, we assess with moderate confidence these actions leveraged the Konni malware, which has previously been associated with the Democratic People’s Republic of Korea, and were undertaken to establish access to the MID network for the purpose of espionage. This activity cluster demonstrates the patient and persistent nature of advanced actors in waging multi-phased campaigns against perceived high-value networks. After gaining access through stolen credentials, the actor was able to exploit trusted connections to distribute and load the malware, first by impersonating a government software program coinciding with new Covid mandates, and then through sending trojanized files from a compromised account.The research can be found here:New Konni Campaign Kicks Off The New Year By Targeting Russian Ministry Of Foreign Affairs Learn more about your ad choices. Visit megaphone.fm/adchoices