CyberWire Daily

Notes on today’s Russo-America summit. Microsoft seizes websites used by the Chinese threat actor Nickel. Google takes technical and legal action against a Russian botnet. Ben Yelin unpacks Australia’s aim to uncover online trolls. Our guest is Ed Amorosa from TAG Cyber. And the real Satoshi Nakamoto has yet to stand up--just ask a Florida jury.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/233 Learn more about your ad choices. Visit megaphone.fm/adchoices

Cryptocurrency exchange loses almost $200 million as two hot wallets are compromised. Phones belonging to US State Department personnel concerned with Uganda are found to have been infected with NSO Group’s Pegasus surveillance technology. Mandiant reports recent activity by the threat group thought responsible for the SolarWinds compromise. Cybersecurity will be on the agenda at tomorrow’s Russo-US summit. Caleb Barlow outlines threats to the Winter Olympics. Rick the-toolman Howard looks at the marketing hype-cycle. And US Cyber Command says it’s been imposing costs.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/232 Learn more about your ad choices. Visit megaphone.fm/adchoices

Distinguished Security Strategist at Splunk, Ryan Kovar, shares his journey that started in the US Navy and how it contributed to his leadership in life after the military. Cutting his teeth as sysadmin on the USS Kitty Hawk, Ryan worked as a contractor following the Navy. At Splunk, he leads the SURGe research team to solve what he calls the "blue collar for the blue team problems". He works hard on incorporating diversity of thought. Ryan notes, "I've been doing cybersecurity or IT now for over 20 years and of that 20 years of knowledge, only about five years of that knowledge is really relevant. You can't sit on your laurels in this industry." We thank Ryan for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

It's important for employees to be brought into the fold as security's allies, rather than as its adversaries. For cybersecurity teams that operate with an adversarial mindset appropriate for external threats, it can be challenging to approach internal threats differently. You can't treat employees the same way you treat nation-state hackers. But employees play a pivotal role in preventing data leaks, making it important to create a company-wide culture of transparency. Transparency feeds trust, which builds a strong foundation for Security Awareness Training to be truly effective.The CyberWire's Jennifer Eiben hosts this women in cybersecurity podcast. Kathleen Smith of ClearedJobs.Net moderates the panel. Panelists include Michelle Killian from Sponsor Code 42, Sam Humphries of Exabeam, and Masha Sedova of Elevate Security. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest Christo Butcher of NCC Group's Research and Intelligence Fusion Team discusses their research into a cybercriminal group they dubbed SnapMC. Forget ransomware, too expensive and too much hassle. Randomly enter through a known vulnerability, take a look around, lock away data and leave again. And all that within half an hour: hit & run. An email is then sent to the affected organization: pay or else the stolen data will be published and/or sold.This is the opportunistic approach of a new group of blackmailers who don't even bother to encrypt data. NCC Group has given them the name SnapMC: a combination of 'snap' (a sudden, sharp cracking sound or movement) and MC, from mc.exe, the primary tool they use to exfiltrate data. They have only seen SnapMC's attacks in the Netherlands for the time being. They do not target specific sectors and we have not (yet) been able to associate them with known attackers.The research can be found here: SnapMC: extortion without ransomware SnapMC skips ransomware, steals data Learn more about your ad choices. Visit megaphone.fm/adchoices

SideCopy, a Pakistani APT, is phishing for information in both India and Afghanistan. A Colorado electrical utility continues to recover from a cyber incident it sustained early last month. The GAO tells the US Congress that the nation still lacks a comprehensive cybersecurity strategy. The Missouri Highway Patrol continues, for some reason, to investigate a responsible disclosure as a criminal hack. Dinah Davis from Arctic Wolf on hackers targeting Minecraft. Our guest is Blake Darché from Area 1 Security with research on phishing. And it appears Moscow thinks a Group-IB leader outed Fancy Bear to the US. For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/231 Learn more about your ad choices. Visit megaphone.fm/adchoices

An APT is exploiting Internet-facing instances of ServiceDesk Plus. Meta releases its end-of-year Adversarial Threat Report, and adds “Brigading” and “Mass Reporting” to “Coordinated Inauthentic Behavior” as activities that will get accounts shut down. CISA names the first members of its Cybersecurity Advisory Committee. Sentencing, American and Russian style. Malek Ben Salem has a look at cyber resilience. Our guest is PJ Kirner from Illumio with a look ahead to 2022. And an alleged false whistleblower is under indictment, and under arrest.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/230 Learn more about your ad choices. Visit megaphone.fm/adchoices

RTF template injection is newly favored by APTs. Malware hides in February 31st. Milords and miladies, the Principality of Sealand hath been hacked. Finland's National Cyber Security Center warns of a large-scale Flubot campaign in progress. False alarms are flagging Emotet where it isn’t found. Iranians victimized by a smishing campaign. CISA issues industrial control system advisories. Kevin Magee from Microsoft is really trying to rid the world of passwords. Our guest is Mike Hendrickson of Skillsoft to discuss turning the tide in this fight against cybercrime. And Mr. Putin says Russia’s in favor of international cooperation against cybercrime.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/229 Learn more about your ad choices. Visit megaphone.fm/adchoices

Today, it’s all crime all the time. Cybercrime, the C2C underground market, and the expansive holiday shopping season. Rebranding in gangland. How crooks exclude targets on the basis of language or geolocation. Shaming as a criminal pressure tactic. Bad apps in the Play Store. Andrea Little Limbago looks at internet blackouts. Carole Theriault wonders what the Metaverse really means. And living large while living on the lam.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/228 Learn more about your ad choices. Visit megaphone.fm/adchoices

A reply-chain incident is reported at a major international furniture and housewares retailer. North Korean operators are phishing for South Korean marks using bogus Samsung recruiting emails as phishbait. Fancy Bear has been seen pawing at Gmail. A regional escalation to civilian targets in the cyber conflict between Iran and Israel. More organizations are added to the US Entity List. Johannes Ullrich looks at decrypting Cobalt Strike. Our own Rick Howard wonders if executive really need to know how to drive that tank. And tension between Russia and Ukraine continues to rise.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/227 Learn more about your ad choices. Visit megaphone.fm/adchoices