CyberWire Daily

Pyongyang establishes a template for pariah states trying to profit in cyberspace. The FBI warns that there’s a RAT in the ICS software supply chain. The US has a new counterintelligence strategy, and cyber figures in it prominently. Likud’s exposure of Israeli voter data may benefit opposition intelligence services. Notes on the Equifax breach indictments. As New Hampshire votes in its primaries, CISA warns everyone not to get impatient. And Iowa? Still counting. Robert M. Lee from Dragos on their recent report, “Industrial Cyber Attacks: A Humanitarian Crisis in the Making.” Guest is Andrew Wajs from Scenera on the NICE Alliance and Cloud Privacy.  For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_11.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

US indicts four members of China’s People’s Liberation Army in connection with the 2017 Equifax breach. North Korea establishes an Internet template for pariah regimes’ sanctions evasion. Iran sustained a major DDoS attack Saturday. US Democratic Party seeks to avoid a repetition of the Iowa caucus in other states as the Sanders campaign asks for a partial recanvas. Israel’s Likud Party involved in a voter database exposure incident via its own app. Joe Carrigan from JHU ISI with a look back at the Clipper chip. Guest is Shannon Brewster from AT&T Cybersecurity with thoughts on election security.  For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_10.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

The Chameleon attack technique is a new type of OSN-based trickery where malicious posts and profiles change the way they are displayed to OSN users to conceal themselves before the attack or avoid detection. Joining us to discuss their findings in a new report entitled "The Chameleon Attack: Manipulating Content Display in Online Social Media" is Ben-Gurion University's Rami Puzis. The research can be found here:The Chameleon Attack: Manipulating Content Display in Online Social MediaDemonstration video of a Chameleon Attack Learn more about your ad choices. Visit megaphone.fm/adchoices

Chinese espionage groups target Malaysian officials, and two more Japanese defense contractors say they were breached, also by China. Google patches Android problems, including an unusual Bluetooth bug. Google also expels apps that wanted unreasonable permissions from the Play store. Some in Iowa say the DNC pushed an eleventh-hour security patch to IowaReporterApp. The US may indict more Chinese nationals for hacking. More Senate reporting on 2016 Russian influence. Caleb Barlow from Synergistek with more insights on hospitals and ransomware, this time from the patient’s perspective. Guest is Matt Cauthorn from ExtraHop comparing cloud platforms’ similarities and differences. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_07.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Iowa Democrats continue to count their caucus results, and blame for the mess is falling squarely on Shadow, Inc.’s IowaReporterApp. Bitbucket repositories are found spreading malware. The attack on Toll Group turns out to be Mailto ransomware. The Gamaredon Group is active, against, against Ukrainian targets. Charming Kitten’s been phishing. And there’s a new legal theory out and about: the pain-in-the-ass defense. (We know some colleagues who’d plead to that.) Justin Harvey from Accenture on DNS over HTTPS (DoH). Guest is Peter Smith from Edgewise Networks on defending against Python attacks. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_06.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Iowa’s Democrats are still counting their caucus results, but on the other hand they weren’t hacked. A poorly built and badly tested app is still being blamed, and that judgment seems likely to hold up. The FBI warns of a DDoS attempt against a state voter registration site. Trends in DDoS. Some new strains of ransomware are out in the wild. Spoofed emails may be an Iranian espionage effort. And the confessed Ninendo hacker cops a plea. Craig Williams from Cisco Talos with updates on Emotet. Guest is Kurtis Minder from GroupSense on the Pros and Cons of notifying breached companies. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_05.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Iowa Democrats work to sort out app-induced confusion over Monday’s Presidential caucus. A McAfee study finds widespread susceptibility to influence operations in US county websites. Twitter fixes an API vulnerability and suspends a large network of fake accounts. NIST’s proposed ransomware defense standards are out for your review--comments are open until February 26th. Ben Yelin from UMD CHHS on rules regarding destruction of electronic evidence. Guest is Alex Burkardt from VERA on how to protect critical financial data beyond the corporate perimeter.  For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_04.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Dragos publicly releases its full report on EKANS ransomware, the first known ransomware with a real if primitive capability against industrial control systems. An Australian logistics company struggles with an unspecified malware infestation. Coronovirus fake news used as phishbait. Election security may get an early test in Iowa. The US Department of Defense issues new cybersecurity rules for contractors. And two cases of insider threats (alleged insider threats). Joe Carrigan from JHU ISI with reactions to ransomware legislation proposed in Maryland. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_03.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

On this Special Edition, our extended conversation with Eric Haseltine on his book "The Spy in Moscow Station." The book... "tells of a time when—much like today—Russian spycraft had proven itself far beyond the best technology the U.S. had to offer. The perils of American arrogance mixed with bureaucratic infighting left the country unspeakably vulnerable to ultra-sophisticated Russian electronic surveillance and espionage."  Learn more about your ad choices. Visit megaphone.fm/adchoices

Operation Wocao (我操, “Wǒ cāo”, is a Chinese curse word) is the name that Fox-IT uses to describe the hacking activities of a Chinese based hacking group.We are joined by Fox-IT's Maarten van Dantzig who shares his insights into their new report entitled "Operation Wocao: Shining a light on one of China’s hidden hacking groups".The Research can be found here: Operation Wocao: Shining a light on one of China’s hidden hacking groups Learn more about your ad choices. Visit megaphone.fm/adchoices