CyberWire Daily

The Winnti Group is interested in Hong Kong protestors. The UK, the US, and the EU all look for a cooperative way forward into 5G. DDoS for hire hits an independent Serbian media outlet. Ransomware may have hit a US defense contractor. EvilCorp is back. The Sodinokibi ransomware gang is running an essay contest. And the 2015 Ashley Madison breach keeps on giving, in the form of blackmail. Emily Wilson from Terbium Labs on the sale of “points” and “status benefits” on the dark web. Guest is Michael Sutton from Stonemill Ventures with insights from the cyber VC world. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_31.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

UN agencies in Geneva and Vienna were successfully hacked last summer in an apparent espionage campaign. Avast shuts down its Jumpshot data analysis subsidiary and resolves to stick to its security last. Facebook reaches a preliminary, $550 million settlement in a privacy class-action lawsuit. SpiceJet and Sprint suffer data exposures. LiveRamp was compromised for ad fraud. And Russia blocks ProtonMail and StartMail. Caleb Barlow from Cynergistek on the business impact of ransomware on a hospital. Guest is Matthew Doan, cyberecurity policy fellow at New America, discussing his recent recent Harvard Business Review article “Companies Need to Rethink What Cybersecurity Leadership Is.” For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_30.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Snake ransomware appears to have hit industrial control systems, and may be connected to Iran. The verdict on the Saudi hack of Mr. Bezos’ phone seems to stand at not proven, but the Kingdom does seem to have used Pegasus intercept tools against journalists and critics of the regime. Neither the US nor China are happy with Britain’s decision on Huawei. Cards from the Wawa breach are on sale in the Joker’s Stash. And CardPlanet’s boss will do some Federal time. Ben Yelin from UMD CHHS on AOC’s comments during House hearings on facial recognition technology. Guest is Dan Conrad from One Identity on sophisticated “pass the hash” attacks. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_29.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Britain decides to let Huawei into its 5G infrastructure, just a little bit, anyway. Citizen Lab reports on its investigation of Saudi use of Pegasus spyware against journalists. Avast is again collecting user data and sharing anonymized data with a subsidiary for sale to business customers. Some Data Privacy Day thoughts on agreeing to terms and conditions, with reflections on the first systematic look at End User License Agreements, found in the final chapter of Plato’s Republic. Joe Carrigan from JHU ISI on evolving ransomware business models. Guest is Dr. Christopher Pierson from BLACKCLOAK with insights on the alleged Bezos phone hack and the vulnerabilities of high-profile individuals. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_28.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Someone has been running a DNS hijacking campaign against governments in southeast Europe and southwest Asia, and Reuters thinks that someone looks like Turkey. Experts would like to see a more thorough forensic analysis of Mr. Bezos’ iPhone: that hack may look like a Saudi job, but the evidence remains circumstantial. Interpol’s Operation Night Fury dismantles a gang that had been preying on e-commerce. And ave atque vale, Clayton Christensen, theorist of disruptive innovation. Robert M. Lee from Dragos with 2020 predictions (reluctantly). For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_27.html Support our show   Learn more about your ad choices. Visit megaphone.fm/adchoices

The electric utility industry is a valuable target for adversaries seeking to exploit industrial control systems (ICS) and operations technology (OT) for a variety of purposes. As adversaries and their sponsors invest more effort and money into obtaining effects-focused capabilities, the risk of a disruptive or destructive attack on the electric sector significantly increases.Selena Larson from Dragos joins us to discuss their new report North American Electric Cyber Threat Perspective.The report can be found here: North American Electric Cyber Threat Perspective Learn more about your ad choices. Visit megaphone.fm/adchoices

PupyRAT was found in a European energy organization: it may be associated with Iranian threat actors. Another threat actor, the Konni Group, was active against a US government agency last year. Saudi Arabia maintains it had nothing to do with hacking Jeff Bezos’s phone. The EU and Ukraine separately consider anti-disinformation regulations. Canada may be ready to “impose costs” in cyberspace. And Huawei’s a threat, but what’re you gonna do? Justin Harvey from Accenture with an outlook on 2020. Guests are Hank Thomas and Mike Doniger from SCVX, describing their plan to bring a funding mechanism know as a SPAC to cyber security. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_24.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

There’s more phishing around the Arabian Gulf, but it doesn’t look local. Reactions to Brazil’s indictment of Glenn Greenwald. The forensic report on Jeff Bezos’s smartphone has emerged, and the UN wants some investigating. Microsoft discloses an exposed database, now secured. Ransomware gets even leakier--if it hits you, assume a data breach. And Windows 7 is going to enjoy an afterlife in software Valhalla--you know, around Berlin. Tom Etheridge from CrowdStrike with thoughts on incident response plans. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_23.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

UN rapporteurs say that the Saudi Crown Prince was probably involved in the installation of spyware on Amazon founder Jeff Bezos’s personal phone. Brazilian prosecutors have indicted Glenn Greenwald, co-founder of the Intercept, on hacking charges. IBM describes a renewed NetWire campaign, and Microsoft says StarsLord is back, too. And in cyberspace, there’s nothing new on the US-Iranian front. Ben Yelin from UMD CHHS on surveillance cameras hidden in gravestones. Guest is Sean Frazier from Cisco Duo on their most recent State of the Auth report.  For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_22.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

A new RAT goes after Arabic-speaking targets. Updates on US-Iranian tension in cyberspace. An Internet Explorer bug is being exploited in the wild; a patch will arrive in February. A pseudo-vigilante seems to be preparing Citrix devices for future exploitation. Mitsubishi Electric discloses a breach. A booter service dumps half a million Telnet credentials online. And tomorrow is the last day to file a claim under the Equifax breach settlement. Joe Carrigan from JHU ISI with the story of a random encounter that set him on his professional path. Carole Theriault speaks with Jon Fielding from Apricorn on whether or not anything has really changed with GDPR, 18 months into it. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_21.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices