Each week the CyberWire’s Hacking Humans podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on organizations around the world. We talk to social engineering experts, security pros, cognitive scientists, and those practiced in the arts of deception (perhaps even a magician or two). We also hear from people targeted by social engineering attacks and learn from their experiences. Trust us: check out the first episode and subscribe today. (Thanks to KnowBe4, our sponsors for season 1.)
The VPNFilter botmasters may be attempting to reconstitute their botnet. Researchers at JASK and GreyNoise reported late Friday that the threat actors behind the first round of infestations are working to herd another set of routers. They're actively scanning Mikrotik routers with port 2000 exposed online, and they're looking only for routers in Ukrainian networks. The focus is unsurprising, given that the threat actor in question is widely believed, on compelling if circumstantial evidence, to be Fancy Bear, a.k.a APT28, a.k.a. Russia's GRU.
FireEye says a news site that popped up last month, USA Really, is in fact a Russian information operation, run out of the same building in St. Petersburg that housed the famous Internet Research Agency troll farm. Some of the features are charmingly bizarre (blood-sucking mosquitoes invade Wisconsin, Louisiana oughta secede again, etc.) but the intent is thought to be malign erosion of such civic trust that Americans may enjoy.
The seesaw of criminal practice currently seems to be tilting financial Trojans up and ransomware down. Ransomware hasn't, however faded to insignificance. AlienVault notes that the Satan ransomware family has adopted new approaches to spreading itself, some of them involving the ShadowBrokers' EternalBlue exploit.
Netscout Arbor reports that criminals continue to make extensive use of evolved forms of Mirai for denial-of-service attacks.
Weekend rumors that Microsoft was in talks to buy open-source code repository GitHub were borne out this morning. Microsoft has indeed made the acquisition for $7.5 billion, about $2.5 billion more than rumor had predicted.
Today's issue includes events affecting Australia, Canada, China, European Union, India, NATO/OTAN, Russia, Ukraine, United Kingdom, and United States.
Insider threat incidents come with a hefty price tag, according to the “2018 Cost of Insider Threats: Global Organizations” report released by independent research group, The Ponemon Institute. Make sure that you understand the full context (and cost) of these threats by downloading the full report. Get your copy today.