CyberWire Daily

Tehran’s Lyceum group expands its activities against ISPs and telcos in Israel, Morocco, Tunisia, and Saudi Arabia. Clopp is going after unpatched instances of SolarWinds. Cyber mercenaries are quietly competing with lawful intercept vendors. NSO Group receives a setback from the US 9th Circuit. Mexico makes an arrest in its Pegasus investigation. Carole Theriault shares her thoughts on the supply chain. Josh Ray from Accenture Security on Moving Left of the Ransomware Boom. And notes on Patch Tuesday. For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/217 Learn more about your ad choices. Visit megaphone.fm/adchoices

Hive ransomware hits electronics retailer Media Markt. Robinhood Markets sustains a data breach it traces to social engineering. Ben Yelin looks at the law behind U.S. police demanding your phone passcode. Dave checks in with Rick Howard for his thoughts on the Trojan Source vulnerability. And more notes on the international action against REvil, including the US application of sanctions (with Baltic cooperation) to three companies involved in supporting the gang’s financial infrastructure.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/216 Learn more about your ad choices. Visit megaphone.fm/adchoices

REvil operators arrested and indicted. China says a foreign intelligence service accessed passenger travel records. Suspected Emissary Panda campaign. Conti (sort of) apologizes. Caleb Barlow thinks it’s time to re-think your security documentation. Our guest is Jessica Hetrick of Optiv Security on cyber fraud running rampant. And the FBI warns of ransomware attacks targeting casinos.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/215 Learn more about your ad choices. Visit megaphone.fm/adchoices

Senior Vice President for Strategy, Partnerships, and Corporate Development at IronNet Cybersecurity, Jamil Jaffer, shares how his interest in technology brought him full circle. Always a tech guy, Jamil paid he way through college doing computer support. Jamil went to law school and worked in various jobs in Washington DC including a stint in the newly-created National Security division of the Justice Department just after 9/11. When talking about adversity, Jamil notes, "Adversity has happened in life, but you gotta run at those things. To me, you know, I like risk. I think risk is something that a lot of people shy away from." We thank Jamil for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest Mor Levi, Vice President of Cyber Practices from Cybereason, joins Dave Bittner to discuss her team's work on "Operation GhostShell - Novel RAT Targets Global Aerospace and Telecoms Firms." In July 2021, the Cybereason Nocturnus and Incident Response Teams responded to Operation GhostShell, a highly-targeted cyber espionage campaign targeting the Aerospace and Telecommunications industries mainly in the Middle East, with additional victims in the U.S., Russia and Europe. The Operation GhostShell campaign aims to steal sensitive information about critical assets, organizations’ infrastructure and technology. During the investigation, the Nocturnus Team uncovered a previously undocumented and stealthy RAT (Remote Access Trojan) dubbed ShellClient which was employed as the primary espionage tool. To learn more, listen to the episode.The research can be found here:Operation GhostShell - Novel RAT Targets Global Aerospace and Telecoms Firms Learn more about your ad choices. Visit megaphone.fm/adchoices

The US offers a reward of up to ten million dollars for information leading to the identification or location of the leaders of the DarkSide ransomware gang. Researchers expect BlackMatter’s nominally retired operators to resurface in other criminal organizations. Ukraine outlines Russian FSB cyber operations during the hybrid war that’s been waged since 2014. Deterrence in cyberspace. Carole Theriault takes on high value targets. Our guest is Bill Mann of Styra on rising compliance regulations and security drift. An arrest is made in Special Counsel Durham’s investigation.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/214 Learn more about your ad choices. Visit megaphone.fm/adchoices

Britain’s Labour Party is affected by a ransomware incident a third-party provider sustained. ANSSI identifies a new ransomware affiliate gang, “Lockean.” Notes on how and why BlackMatter and REvil went on the lam. Russo-American talks discussed cybercrime and cybersecurity. Iran’s gas stations are fully back in business, following the cyber sabotage they sustained. Kevin Magee from Microsoft has highlights from their 2021 Digital Defence Report. Our guest is Ofer Ben Noon of Talon Cyber Security addressing browser vulnerabilities. And DataTribe has announced the winners of its fourth annual Cybersecurity Start-up Challenge.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/213 Learn more about your ad choices. Visit megaphone.fm/adchoices

The BlackMatter ransomware gang says that it’s retiring under pressure from the authorities. The spokesman for the Groove group says his gang doesn’t exist--he was just playing the media. Quiet, high-level talks held between senior US and Russian officials. The US Commerce Department sanctions four spyware vendors. Carole Theriault wonders if you can train yourself free of social engineering. Josh Ray from Accenture Security with insights from their Cyber Investigations and Forensic Response team. CISA tells Federal agencies to get patching.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/212 Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers describe Trojan Source, a hard-to-detect threat to the software supply chain. A ransomware gang takes a page from the information operator’s book. From double extortion to triple extortion, as other ransomware gangs add distributed denial-of-service to encryption and doxing. Criminals are now hacking on material, non-public information, the FBI warns. Joe Carrigan looks at multifactor adoption at Twitter. Our guest is Steve Ragan from Akamai on API security. And criminals hit healthcare providers in Newfoundland.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/211 Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran hasn’t finished investigating its gas station cyber sabotage, but Tehran is pretty sure the Great and Lesser Satans are behind it. NSO Group says it’s going in a new, nicer direction. The Conti gang hits a luxury jewelry dealer, and another, unknown group hits an upscale art dealership. The Chaos gang is after Minecraft players (players who cheat). Caleb Barlow on pre-breach pre-approvals. Rick Howard introduces sand tables in cyber space. And sugar daddies come to the world of advance fee scams.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/210 Learn more about your ad choices. Visit megaphone.fm/adchoices