0:02

this episode of the summer wire is made possible

0:04

in part by hunters printers

0:07

, a soccer platform that ingested data

0:09

from your id and security tool and

0:11

applies a built in detection engine

0:13

encoded with hundreds of pee pee pees

0:15

attack methodologies and threatened intelligence

0:18

and security teams use hunters to reduce

0:21

the meantime to detect and respond by

0:23

automatically investigating correlating

0:25

and prioritizing suspicious events

0:28

combining hunters sock platform

0:30

with snowflakes data lake and hope

0:32

your security team achieve greater coverage

0:34

i'd up regrettable cost and

0:36

mitigate threats faster and more

0:38

reliably then sam visit

0:41

hunters dot ai to learn more

0:53

the away any as stains major de

0:55

dos attacks lessons from not purchase

0:57

counties brand appears to have gone into hiding

1:00

online stores and now tends to skip

1:02

the ran somewhere proper just re

1:04

for like centered on how social engineering

1:06

is evolving for underground threat actors

1:09

recovered looks the chaos engineering

1:11

and us financial institutions

1:13

conduct coordinated cyber security

1:16

access

1:27

cyberwire studios at datatribe

1:29

i'm dave bittner with your cyberwire summary

1:31

for monday june 27th

1:33

2022

1:46

lithuania this morning announced that it

1:48

has sustained a distributed denial

1:50

of service attack reuters

1:52

quotes lithuania's national cyber

1:54

security center to the effect

1:56

that further attacks of this kind are expected

1:59

they say it is very likely that

2:01

attacks have similar or greater intensity

2:04

will continue in the coming days especially

2:07

in the transportation energy and financial

2:09

sectors the nominally

2:11

activist russian group kill net responsible

2:14

for earlier de dos attacks against

2:16

italian targets the responsibility

2:19

for the incident a group associated

2:22

with kill net the cyber spetsnaz

2:25

last week threaten lithuania with cyber

2:27

attack should persist in it's policy

2:29

of restricting rail delivery of

2:31

embargoed goods to russia's non

2:33

contiguous province kaliningrad

2:36

it's now been five years

2:38

since the gr you hit ukraine was

2:40

not patches pseudo ran somewhere in

2:43

campaign that was marked by degree

2:45

of indifference to the damage done to other

2:47

countries in the course of the attacks

2:50

it moves one to the conclusion that

2:52

the international consequences of the

2:54

malware weren't so much collateral damage

2:56

as side benefit

2:58

the a so reviews some of the major

3:00

lessons from not patch the

3:02

campaign showed that ran somewhere

3:04

and wiper malware representing itself

3:07

as ran somewhere the serve

3:09

as an effective weapon the g

3:11

are you was willing to use it as

3:13

such adam flatly

3:15

director of threatened telegent sat redacted

3:17

commented it's interesting that

3:19

the russians are being little more careful this

3:22

time with their cyber attacks that's

3:24

only constrained by their desire

3:26

to be careful the technology

3:28

is still there for them to easily change

3:31

the setting and let it loose if they

3:33

wanted to computer

3:35

weekly looks at the results anonymous

3:37

has obtained so far and it's op russia

3:40

hacked of his campaign and it finds

3:42

that they've generally been more consequential

3:44

than had been generally expected although

3:47

of course falling short of the devastation

3:50

anonymous customarily threatens you're

3:53

a non news tweeted the

3:55

anonymous collective is officially in

3:57

cyber war against the russian government

3:59

that was hours after the russian invasion

4:01

of ukraine scope and

4:03

sweep of the attacks mostly to face

4:06

months doc sing and de dos have been

4:08

surprising and potential targets

4:10

of activism elsewhere are considering

4:12

how they might harden themselves against similar

4:15

operations on

4:17

t seems to have retired as a brand

4:20

bleeping computer reports that the gang

4:22

shut down it's data leak and negotiations

4:24

sides last wednesday and

4:26

they seem to have remained down these

4:29

for the rest the week observers

4:31

read this as the retirement of the brand

4:33

not the retirement still the reform

4:36

of the criminals behind it sleeping

4:39

computer writes some the ransom

4:41

were gangs known to now include

4:43

old conti members include hive

4:46

avast locker black cat hello

4:48

kitty and the recently revitalized

4:51

quantum operation other

4:53

members have launched their own data

4:55

extortion operations that

4:57

do not encrypt data such as care

4:59

occurred black might and the bizarre

5:01

call collective the

5:03

gangs arm attack campaign

5:05

last november and december short

5:07

but intense retrospectively

5:10

looks like the brand's last big hurrah

5:13

except of course for it's public declaration

5:15

of it here the moscow's cause

5:17

in russia's war against ukraine group

5:20

i be describes arm attack

5:23

has having had some forty organizations

5:25

in the us and elsewhere with

5:27

noticeable effect assuming

5:30

the country brand stays retired

5:32

the leading ran somewhere brand is

5:34

now lock bit to point though the

5:37

ncc groups may ran somewhere

5:39

report puts the leaderboard like this

5:41

like a bit two point oh black buster

5:44

a rising criminal star i've

5:46

and the rump of a retiring county

5:49

bleeping computer reports that on lab

5:51

has noticed a trend in lock bit to

5:53

point out attack technique the

5:55

approach is still through fishing but the

5:57

fish bait has changed typical

6:00

lock big come on now consists

6:02

of a bogus copyright infringement notice

6:04

you see the infringing material the

6:06

email says the recipient should

6:08

open and attached file which carries

6:11

the hook the payload it's

6:13

not unique fish bait the operators

6:15

of both bizarre loader and bumble bee

6:17

have also used copyright infringement claims

6:20

to induce their victims tonight

6:23

the register briefly describes a trend

6:26

currently observed in ran somewhere attacks

6:28

increasingly there's thing the ran somewhere

6:31

that is they're not bothering to

6:33

encrypt the victims files instead

6:35

they're relying on the threat of dancing

6:38

promising to release sensitive stolen

6:40

data if the ransom isn't paid

6:42

though the trend toward double extortion

6:45

ran somewhere encrypting data

6:47

to hold them hostage but not before stealing

6:49

it and then threatening to release it publicly

6:52

is now often skipping the encryption

6:54

stuff it used to be like kidnapping

6:56

followed by blackmail now

6:59

more often than not it's just blackmail

7:03

and finally major us financial

7:05

institutions motivated in part

7:07

by the possibilities of cyber attack

7:09

that russia's war against ukraine raises

7:11

and at the urging of us department

7:14

of treasury have recently conducted

7:16

a coordinated exercise designed to

7:18

help them refine their defenses and

7:20

their plans for coping with cyber attack

7:23

bloomberg reports that the exercise

7:25

jpmorgan, chase bank of

7:27

america and morgan stanley

7:30

explains it ran through five

7:33

hypothetical threat levels, ranging from

7:35

minor assaults to a a full-scale onslaught

7:38

on multiple banks and critical payment

7:40

systems the exercise

7:42

is regarded as showing an an unusual degree

7:44

of cooperation and information-sharing among

7:47

competitors of her

7:54

and

7:56

now a word

7:57

from from our sponsor, devo by

7:59

devo devo [unk] they understand cyber

8:01

threat landscape is rapidly expanding

8:04

and it's becoming increasingly difficult for

8:06

organizations to protect themselves from

8:08

sophisticated cyber attacks as

8:10

why they pride themselves on being true allies

8:13

not just another vendor and why

8:15

they're cloud native logging and security

8:17

analytics platform is built to

8:19

not only transform security operations

8:21

for today by beyond depot

8:24

is always looking learn more about how

8:26

they can continuously support and serve

8:28

the cyber security community and

8:30

their ceo mark then settle

8:32

half new podcast cyber ceos

8:35

decoded is part of that commitment

8:38

marcos candid ceo to

8:40

ceo conversations with leaders

8:42

from cyber security companies big and small

8:44

about delivering valued customers

8:47

creating enduring cultures and

8:49

managing successes and failures

8:51

in an ever evolving technology lands

8:53

and soon a month for you for fresh

8:55

perspectives on what's top of mild

8:57

for those working to protect us and some

8:59

of the gold as cyber threats we face today

9:02

and evil more data more clarity

9:05

of confidence and we thank

9:07

for sponsoring or

9:16

enjoy me once again is rick howard he

9:18

is the cyber wires to security officer

9:20

and also our chief analyst rick always

9:22

great welcome you back a day the

9:24

i was reading we call seats and rundown

9:27

for are discussing this morning and i

9:29

noticed that this week see a so

9:31

perspectives episode is the end

9:33

of season nine man

9:35

the sears go by fast i know

9:37

what you mean it and we covered lot of ground

9:39

the season two we did alone episodes

9:42

history we've covered the current state

9:44

in future of software below materials

9:47

we did some identity stuff about single sign

9:49

on in two factor authentication and

9:51

software defined perimeter and we talked

9:54

about the current state of intelligence sharing

9:56

today at the end that the last

9:58

episode we did was a cyber sense will

10:00

exercise for the colonial pipeline

10:02

it acts of two thousand and nineteen and oh

10:04

my goodness that's lot of stuff

10:06

the cigarettes to the euro for i can

10:09

remember my mom's at a so

10:12

what you have in store for us

10:14

in your season finale here

10:16

so have you ever heard of a resilience program

10:18

called chaos monkey yes

10:21

yes i have that is

10:23

is netflix right where they they

10:26

sort of a eight it's exactly

10:28

what it sounds like they'd be randomly go in

10:30

and like blow things up and

10:32

and to test their resilience to make sure

10:34

that their engineers have engineered

10:36

in enough resilience of that

10:38

basically no matter what happens customers

10:41

won't notice that that things have happened

10:43

do that in my own the right track their

10:45

yeah you know that's why i thought to until i do

10:47

the deep dive here in but it turns out

10:50

as with most things in cybersecurity it's

10:52

a lot more nuanced than that

10:54

netflix and other big silicon valley

10:56

companies like linkedin and google and

10:58

microsoft and bunch of others invented

11:01

this thing called chaos engineering the

11:03

advanced resilience discipline designed

11:05

it discover potential systemic

11:08

weaknesses and they're deployed architectures that

11:10

they didn't know about before engineering

11:13

emerge because in last fifteen years

11:15

these organizations find themselves

11:17

running gigantic systems systems

11:20

with thousands of dependencies that no

11:22

human could keep track of in their head though

11:25

there's engineering is a response to that situation

11:27

where they could run carefully controlled

11:30

experiments on production systems

11:32

mean they are blown stuff up here but

11:34

they wanted figure out all ,

11:36

unknown areas of weakness of they have discovered

11:38

before so in this last

11:40

episode see as of see of

11:42

the season we do a deep dive on

11:44

t as engineering to discuss how

11:46

for the right organization it might be

11:48

useful tidy for your resilient

11:50

strategy

11:52

i would like to see a book or an article

11:54

or something about the times when chaos

11:56

engineering went horribly wrong

12:01

what are you know they have a nice dogs are no

12:04

no no they're probably you know traded in

12:06

in dark shadow corners and said

12:08

as industry events know the other

12:10

valuables your know but rest of us to

12:12

darkest secret to spread around as

12:14

berlin and of of book before go

12:17

what is the cyber security term

12:19

that you're covering over on word notes podcast

12:21

as this

12:22

week we're talking about identity and access

12:24

management or i am for short

12:27

and you know dave i'm little bit of nerd

12:29

and i like to throw a little pop culture

12:31

references into discussion mostly

12:33

to entertain myself on this up for the audience

12:35

is mostly friends let's be clear ric

12:37

it's only to entertain yourself as a

12:39

go on oh that but

12:42

i gotta tell you this week this have outdone

12:44

myself i found a way to connect

12:46

my favorite star trek movie of all

12:48

time nineteen eighty two movie

12:50

the wrath of khan of khan

12:52

to i am how great that

12:55

a that is great and i

12:57

a concur with your excellent taste

12:59

and star trek movies ib

13:02

, lots of cards a letters about that one but but

13:06

its defensible a position not exactly

13:08

a kobayashi maru but a there

13:13

all right well you can find all of is

13:15

stuff over on our website

13:17

the cyber wire dot com were you can learn

13:19

about cyber wire pro thanks

13:33

and now a word from our sponsor microsoft

13:36

federal abiding administration

13:38

is taking steps to modernize security

13:40

approaches across the federal government with

13:42

a cyber security executive order microsoft

13:45

federal is your partner in meeting those mandates

13:48

they help federal agencies better understand

13:50

the executive order milestones build

13:53

a strategic response that aligns to

13:55

security modernization priorities and

13:57

executive order requirements and

14:00

determine how old technology partners help

14:02

extend ain't the journey their unique

14:04

approach is based on the decades of trust

14:06

they've earned from partnering with federal agencies

14:09

microsoft federal empowers agencies

14:11

with free tools like cloud adoption

14:14

framework and zero trust reference architecture

14:16

and together we can move forward into a

14:18

new era of cyber security and

14:21

empower a secure brazilian federal

14:23

workforce learn more at

14:25

aka dot m s slash

14:27

cyber he oh that's aka

14:30

dot m s slash cyber

14:32

yeah and we hang half

14:34

federal for sponsoring earth

14:47

and join he once again is just re

14:49

he is managing director and global cyber

14:51

defense lead at accents or security it's

14:53

just it's always great to have you back you

14:56

know i know you and your team spent good amount

14:58

of time tracking some of the threats

15:00

that are going on going sir that criminal

15:02

underground and wanted to touch today

15:05

particularly on social engineering

15:07

is the some of the things that you all are seeing

15:09

evolving there that

15:11

they save for again for having me back

15:13

we are continuing to see that

15:15

professionalization that professionalization crime the

15:18

underground and specifically

15:20

around highly specialized areas

15:23

and we spent a lot time talking about things like

15:25

technical exploit creation as

15:27

a service but really over the last

15:30

three years and more increasingly over the

15:32

past six months so cj

15:34

i team is observe

15:36

the increase availability of these social

15:38

engineering as service offerings

15:41

on the underground and is significantly

15:44

magnifies threat actor capabilities a

15:46

brilliant shows that the threat actors or

15:49

has maximum impact and you know me day

15:51

i'm normally even

15:53

feel when i hear about these types of says

15:56

after you know been in the industry for a while

15:58

but enough speaking to my team that

16:00

if really believe that the same now

16:02

is significantly improved third act keep abilities

16:05

but will be problematic for

16:07

security prick practitioners and that defender

16:10

can you give us some specific examples here

16:12

i'm in your social engineering certainly

16:14

isn't news so what's the approach

16:16

that has you concern

16:18

in a exactly right i and

16:20

think it speaks specifically planted

16:22

to the adversary tactics and what they're doing

16:25

the for actors you know or are

16:27

leveraging this service on

16:29

across the a skills gamble

16:32

what we're seeing is that lower skilled

16:34

actors or this obviously provide some

16:36

a new and had set of capabilities that

16:38

they wouldn't otherwise have access

16:40

to in investing in as as well

16:42

so for the big groups like com

16:45

to your laptop them dedicated

16:47

department for this and they don't just

16:49

have one individual they have team

16:52

with dedicated lead that's

16:54

really responsible just for social engineering

16:56

so they're very well organized around this particular

16:58

piece we're also seeing the thread

17:01

making more realistic

17:04

you know socially engineered emails really

17:06

kind of looking at the user awareness

17:08

training i think and pivoting

17:10

their on their tactics as such

17:13

it's very well written whether it's an

17:15

english or french german or italian

17:17

because he used to be was spot the broken english

17:20

something like that and was dead giveaway the

17:22

threatened definitely kind of caught up with this

17:24

and these tells that humans

17:26

used spot the suspicious email

17:29

now i've heard that they're they're getting

17:31

their way into systems and

17:33

and taking advantage of of people's

17:35

said like even the calendar and systems

17:38

yeah no to succeed a sassy

17:40

it again and slightly as scary

17:42

i mean the speak specifically

17:44

the the timeliness of or when

17:46

they launched attacks so they they

17:48

will buy access or one of them many

17:51

dark that cookie market sir see

17:53

facility facilitating access to an

17:55

outlook calendar the

17:57

now they have his internal visibility as

18:00

we've seen actors by the current will

18:02

soon email account these market

18:04

and instead of this isn't an email

18:07

send phishing email from an internal

18:09

email address

18:11

your social engineering firm it's anyone corporate

18:14

town which is much more effective strategy

18:17

coupled with the visibility component

18:19

where you can send it when somebody on t t

18:21

o getting ready to attend a conference or

18:24

has a you know important business meeting come

18:26

up and this is been

18:28

one of the things that we've used said you

18:30

educate our user base and

18:33

we see that the threat is continuing

18:35

kid you know to pivot to

18:37

kind of these said user way screenings

18:40

are they getting better with being able

18:42

to to use the lingo of individual

18:45

organizations that have they up their game

18:47

there yeah that that's

18:49

actually one of the most fascinating

18:51

things and a really complicates

18:53

matters further emily's observe they've

18:55

actually started to employees the

18:57

industry subject matter expert so that

18:59

can speak the jargon and understand

19:01

nuance of the business operations

19:04

are like to draw the comparison like much like

19:06

we you know as as extensive

19:08

would have had our industry expertise

19:11

the day we actually have ability now

19:13

the do that i in way that

19:16

increases the effectiveness of ah

19:18

of the attack so now you have you a

19:20

a that can leverage a highly specialized

19:23

sophisticated service employing

19:26

proper grammar across multiple languages

19:29

then through the use of you know

19:31

that it is reconnaissance they can target

19:33

see personnel the proper

19:35

time based on their internal visibility

19:37

and with their increased industry knowledge

19:40

they make their emails much more realistic

19:43

they can send from valid internal

19:45

account now

19:46

well let's talk about that i'm in given this

19:48

new reality and how much they've

19:50

stepped up what you recommending

19:52

to people to best protect themselves the

19:55

yet be great at you in basics is always

19:57

and we talked lot about lot of the detective

20:00

gold controls such as

20:02

pushing for you know i'm a fan

20:05

once again you know people

20:07

are being targeted as as though the

20:09

weakest link in that same the

20:11

more specifically you know high level executives

20:14

the employees that have access

20:16

to see internal business operations

20:19

are top targets what

20:21

they post on social media and

20:23

what their extended circle and family members

20:25

may post on social media can

20:27

be easily weaponize south now

20:29

is staying in a vigilant in an increasing

20:31

monitoring on iran enterprise are

20:34

you to think about how do you extend

20:36

that user awareness training that

20:38

trusted circle and we've

20:41

begun to your have clients think about

20:43

things like monitoring in

20:45

the dark net not only gets the intelligence

20:47

on these available threats and

20:49

capabilities but and think

20:51

about exerted cyber protection for your

20:53

t and highly visible employees

20:55

as well see the south those are things that

20:57

we're gonna have to do to relax and that intelligence

21:00

gathering in

21:02

, with us patrols as a kid

21:05

kid to mitigate the threat or i

21:07

have just re

21:15

our sponsors making the cyber

21:17

wire possible especially our supporting

21:20

sponsor sina find the

21:22

vulnerabilities that matter most go

21:24

to sina dot com slash

21:26

government today to find your

21:28

better way to pulse test in the sina

21:31

says brand moderate environment

21:42

and thats the cyber wire were links

21:44

all todays stories check out our daily briefing

21:46

at the cyber wire dot com

21:48

dont forget check out the grumpy old geeks podcast

21:51

were i contribute to a regular segment called

21:53

security joined

21:55

jason in brian on their show for a lively

21:57

discussion of the latest security news every

21:59

week

22:00

he didn't hide grumpy old weeks where all

22:02

the fine podcast solicitous the

22:04

, wire podcast is probably produced

22:06

in maryland at the start of studios of data tribes

22:09

were there cove building the next generation

22:11

of cyber security teams and technologies

22:14

technologies amazing cyber wire team is

22:16

liz urban elliot hulse mint train

22:18

hester friend and park only on

22:20

white group for costs just and

22:22

saving rachel bilson him node

22:24

are so paragon and will carry

22:26

oh and yellen lucky tina

22:28

johnson and had most the throttle

22:30

john patrick for i've been recovered

22:33

stupid humor

22:59

everybody dave here our your sales

23:01

and marketing teams tasked with ever

23:03

growing brand awareness and lead gen

23:06

goals the cyber wire is

23:08

great way to put your message into the ear

23:10

of decision makers across cyber

23:12

and help fill your funnel we

23:14

have great sponsorship opportunities

23:16

available but were filling up fast

23:19

contact our team now to learn more

23:21

about how sponsorship up the cyber wire

23:23

can help build your business at

23:25

the cyber wire dot com slash

23:27

sponsor