CyberWire Daily

The South Korean nuclear research organization sustained an apparent cyberespionage incident. Norway’s investigation of its 2018 breach of government networks concludes that China’s APT31 was behind it. Poland accuses Russia in a long-running email hacking case. Our guest is Mark Testoni from SAP NS2 on where the Justice Department should focus during its upcoming cyber review. Chris Novak of Verizon on financial vs. espionage breaches. NATO seeks to clarify its policies in cyberspace, including a recommitment to Article 5 and a revision of the Tallinn Manual.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/118 Learn more about your ad choices. Visit megaphone.fm/adchoices

CEO and co-founder of Orca Security Avi Shua shares his thoughts on ways to succeed in cybersecurity. Avi's excitement about cybersecurity began when he was 13 as he tried to think of ways to get around the school's network security. He joined the Israeli Army's Intelligence Unit 8200 and experienced some unique cybersecurity training programs that he would eventually come to teach. Learning to solve problems on your own is a skill Avi acquired and took into his professional career. In his current position, Avi works to advance Orca's mission. He loves that his company works to reduce friction and enables security people to do their jobs. Instead of becoming of plumbers connecting things, Avi says they can do their job and become real security practitioners. We thank Avi for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guests Gage Mele and Yury Polozov join Dave to talk about Anomali's research "Primitive Bear (Gamaredon) Targets Ukraine with Timely Themes." Anomali Threat Research identified malicious samples that align with the Russia-sponsored cyberespionage group Primitive Bear’s (Gamaredon, Winterflounder) tactics, techniques, and procedures (TTPs). Primitive Bear, known primarily to focus on Ukraine, has been very active in 2021. However, the themes of the samples Anomali found, as well as those shared by the security community, could also be used to target multiple former Union of Soviet Socialist Republic (USSR) countries. Anomali Threat Research found malicious .docx files being distributed by Primitive Bear, likely through spearphishing, that attempted to download remote template .dot files through template injection.The research can be found here:Primitive Bear (Gamaredon) Targets Ukraine with Timely Themes Learn more about your ad choices. Visit megaphone.fm/adchoices

Phishing, with a bogus hardware wallet as bait. Empty threats from a DarkSide impersonator. Cyber vigilantes may be distributing anti-piracy malware. Data security incidents at a cruise line and a US grocery chain. Malek Ben Salem from Accenture looks at optimizing security scanning. Our guest is Edward Roberts of Imperva on their 2021 Bad Bots Report. And a conviction for a crypter, with sentencing to follow.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/117 Learn more about your ad choices. Visit megaphone.fm/adchoices

The US-Russian summit took up cyber conflict, cyber privateering, and cyber deterrence, ending with the prospect of further discussions. Ferocious Kitten’s domestic surveillance. Ransomware gangs are using a lot of initial access brokers. The Molerats are back. Troubleshooting a wave of intermittent Internet interruptions. NSA offers advice on securing business communication tools. Ukrainian police arrest six alleged Clop gangsters. Andrea Little Limbago from Interos on bringing the private sector back into the defense equation. Our guest is Charles Herring of WitFoo, with the case for cybersecurity as an extension of law enforcement. Nine alleged ransomware hoods collared in Seoul. For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/116 Learn more about your ad choices. Visit megaphone.fm/adchoices

Southwest flights are back in the air after an IT issue disrupted them yesterday. Paradise ransomware source code has been leaked online. Some networked camera feeds may be accessible to unauthorized viewers. TSA is preparing a second, more prescriptive pipeline cybersecurity directive. The Russo-US summit is underway. Our guest is Jay Paz from Cobalt on bad actors targeting hackers. Joe Carrigan looks at malware hosted on Steam. And the “face of Anonymous” has been extradited from Mexico to the US.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/115 Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft disrupts a major BEC campaign. The scope of cyberespionage undertaken via exploitation of vulnerable Pulse Secure instances seems wider than previously believed. Secureworks offers an account of Hades ransomware, and differs with others on attribution. Final notes during the run-up to tomorrow’s US-Russia summit, where cyber will figure prominently. Helping employees stay secure. Carole Theriault wonders if the internet of things is becoming the internet of everything. Ben Yelin weighs in on the Supreme Court’s ruling affecting the Computer Fraud and Abuse Act. And Reality Winner has been released to a halfway house.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/114 Learn more about your ad choices. Visit megaphone.fm/adchoices

Volkswagen warns North American customers of a third-party data breach. An “anti-monopoly agenda” advances in the US House Judiciary Committee. Speculation about how the FBI recovered ransom from DarkSide. How EA was hacked. Is Avaddon going out of business? Craig Williams from Cisco Talos explains why they’re calling some cyber criminals “privateers”. Rick Howard shares thoughts on professional development. And a strange case of a gamekeeper turned poacher (allegedly).For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/113 Learn more about your ad choices. Visit megaphone.fm/adchoices

Principal Research Scientist for Human Behavior at Forcepoint, Margaret Cunningham shares her story of how she landed in cybersecurity. With a background in psychology and counseling and not feeling that one-on-one counseling was her thing, Margaret had a transformational moment in her PhD program in applied experimental technology when she realized she could "provide helping services and good work services at a broader scale." Margaret found her professional footing at DHS's Human Systems Integration Branch of Science and Technology Department as the person who figured out how to measure how new technologies impacted human performance. Margaret points out that making connections and reading whatever you can is important to stay up to date in the field. She notes that her statistical analysis skills are an asset. She hopes to create champions in human behavior and performance in the world of technology. We thank Margaret for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest Adam Tagert is a Science of Security (SoS) Researcher in the National Security Agency Research Directorate. The National Security Agency (NSA) sponsors the Science of Security (SoS) Initiative for the promotion of a foundational cybersecurity science that is needed to mature the cybersecurity discipline and to underpin advances in cyberdefense. Adam works in all aspects of SoS particularly in the promotion of collaboration and use of foundational cybersecurity research. He promotes rigorous research methods by leading the Annual Best Scientific Cybersecurity Paper Competition. Adam joins Dave Bittner to discuss the NSA's SoS Initiative and their Science of Security and Privacy 2021 Annual Report.Information on the SoS Initiative and the report can be found here: Science of Security Science of Security and Privacy 2021 Annual Report Learn more about your ad choices. Visit megaphone.fm/adchoices