CyberWire Daily

Criminal-on-criminal cyber crime. Ransomware hits European and North American businesses. Big Tech goes (virtually) to Capitol Hill to talk disinformation and Section 230. The head or NSA and US Cyber Command discusses election security and cyber defense with the Senate Armed Services Committee. Russia complains of a US assault on Russia’s “civilizational pillars.” Accenture’s Josh Ray shares his thoughts on securing the supply chain. Our guest is Sergio Caltagirone from Dragos on their 2020 ICS/OT Cybersecurity Year in Review. And there appears to be a minor resurgence of hacktivism.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/58 Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI warns organizations that Mamba ransomware is out and about in a newly evolved form. Facebook takes down a Chinese cyberespionage operation targeting Uyghurs. Huawei joins the Organization of Islamic Cooperation. Slack thinks it might have made a security and privacy misstep. Caleb Barlow from CynergisTek on Healthcare Interoperability. Our guest is Roei Amit from Deep Instinct on their 2020 Cyber Threat Landscape Report. And a look at fleeceware.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/57 Learn more about your ad choices. Visit megaphone.fm/adchoices

COVID-themed phishbait has shifted to vaccines. Notes on the ransomware exploiting vulnerable Exchange Servers. Purple Fox gets wormy. Sierra Wireless halts operations to remediate a ransomware incident. Notes on ICS vulnerabilities. More victims of third-party risk. Joe Carrigan looks at SMS security issues. Our guest is Ron Brash from Verve Industrial with takeaways from their 2020 ICS Vulnerabilities report. And what are the cybercriminals thinking?For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/56 Learn more about your ad choices. Visit megaphone.fm/adchoices

The CyberWire partners with Recorded Future's threat intelligence podcast and our Dave Bittner is the host. It's a weekly show that comes out each Monday afternoon. We thought you might want to check it out and are adding it to our feed today. We hope you like it and consider subscribing in your favorite podcast app.The COVID-19 global pandemic has, predictably, attracted bad actors intent on using fear and uncertainty as a framework for a variety of actions, from run-of-the-mill money scams to targeting phishing, business email compromise, and even espionage.Recorded Future’s Insikt Group has been following these money trails and correlating them with a spectrum of bad actors around the globe. They recently published their findings in a blog post titled, “Follow the Money: Qualifying Opportunism Behind Cyberattacks During the COVID-19 Pandemic.”On today’s episode we’ve got a pair of Insikt Group analysts joining us to share their expertise. Lindsay Kaye is Director of Operational Outcomes and Charity Wright is a Cyber Threat Intelligence Analyst. Learn more about your ad choices. Visit megaphone.fm/adchoices

Exchange Server patching is going well, they say, but they also say that patching isn’t enough. Crooks are continuing to look for unpatched instances, and even in the patched systems, you’ve got to check to make sure the bad actors have been found and ejected. AFCEA and Shell both disclose being affected by third-party breaches. Citizen Lab sees no particular problem with TikTok. Ben Yelin ponders possible US response to the Microsoft Exchange Server attacks. Our guest is Alex Gizis from Connectify using VPNs to thwart government internet restrictions in Myanmar. And a major manga fan site is down.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/55 Learn more about your ad choices. Visit megaphone.fm/adchoices

Indian authorities warn the country’s transportation sector that it may be a target for cyberespionage. Google’s Project Zero describes an elaborate and expensive campaign that exploited zero-day vulnerabilities. The SilverFish threat group is elaborate, well-resourced, and well-organized. Threat actors are quietly altering mailbox permissions. REvil is back. Some say “yes” to Moscow; others say “nyet.” Dinah Davis from Arctic Wolf on Security Metrics. Our guest is Graeme Bunton from the DNS Abuse Institute. And two Infraud operators are sentenced.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/54 Learn more about your ad choices. Visit megaphone.fm/adchoices

Chief Security Officer of Microsoft Canada Kevin Magee shares his background as a historian and how it applies to his work in cybersecurity. Likening himself to a dashing Indiana Jones, Kevin talks about how he sees history unfolding and the most interesting things right now are happening in security. Spending time tinkering with things in the university's computer room under the stairs gave way to Kevin's love affair with technology. As Chief Security Officer, Kevin says he uses an analogy: "I think we focus on the arrows, not the the archer" meaning there's too much focus on the attacks rather than the ones mounting them. As a historian and witness to our current history, Kevin sees the changes all affecting cybersecurity. We thank Kevin for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest Jen Miller-Osborn from Palo Alto Networks' Unit 42 joins us to discuss their research into BendyBear. Highly malleable, highly sophisticated and over 10,000 bytes of machine code. The code behavior and features strongly correlate with that of the WaterBear malware family, which has been active since as early as 2009. The malware is associated with the cyber espionage group BlackTech, which many in the broader threat research community have assessed to have ties to the Chinese government, and is believed to be responsible for recent attacks against several East Asian government organizations. Due to the similarities with WaterBear, and the polymorphic nature of the code, Unit 42 named this novel Chinese shellcode “BendyBear.” It stands in a class of its own in terms of being one of the most sophisticated, well-engineered and difficult-to-detect samples of shellcode employed by an Advanced Persistent Threat (APT).The research can be found here:BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech Learn more about your ad choices. Visit megaphone.fm/adchoices

Helsinki blames Beijing’s APT31 for cyberespionage against Finland’s parliament. Russia withdraws its ambassador to the US, calling him home for consultation, post the US IC’s report on election influence ops. Risk management for industrial control systems, and especially for an often overlooked part of the power grid. Johannes Ullrich from SANS on Evading Anti-Malware Sandboxes with New CPU Architectures. Our guest is Tony Cole from Attivo on dealing with adversaries already inside your network. A guilty plea in an odd extortion attempt, why China’s wary of Teslas, and the indictment of a hacktivist.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/53 Learn more about your ad choices. Visit megaphone.fm/adchoices

Disinformation about a radiation leak that wasn’t. Another warning about Trickbot. The FBI says cybercrime cost victims more than $4.2 billion last year. Investigation and remediation of the SolarWinds and Exchange Server compromises continue. Crypters become a commodity for malware developers. Robert M. Lee from Dragos on lessons from the recent Texas power outages. Our guest is Bob Shaker from Norton Lifelock looking at baddies targeting online gamers. And some people are looking for jobs in all the wrong places.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/52 Learn more about your ad choices. Visit megaphone.fm/adchoices