Join us as we step inside the diverse and fascinating worlds of cybersecurity professionals around the globe and hear their personal stories in their own words. We're pleased to announce Career Notes, each episode of which features a look into one professional's journey, where it began, what influenced its course, and where it's going today.
We recently launched Recorded Future Express — a free browser extension for security teams. Use Express over any web-based SIEM, vulnerability management solution, security blog, and more to put real-time security intelligence at your fingertips. Instantly prioritize alerts, incidents, and vulnerabilities based on real-time risk scores from the world’s largest commercial collection platform. Sign up now.
Gamaredon Group seeks speed not elegance. Bogus contact tracers. Thanos gains criminal marketshare. Crypto Wars. Doxing police.
ESET reports that the Gamaredon Group has introduced remote template injectors for Word and Excel documents, and is deploying a distinctive Outlook mass-mailing macro. Gamaredon is an advanced persistent threat group that for the most part hits Ukrainian targets. It’s generally regarded as a nominally Ukrainian separatist group operating under Russian GRU control. Gamaredon is both noisy and careless, going for speed and spread as opposed to stealth, but as this latest report suggests, an operation might well rationally sacrifice quality for quantity. ESET also suspects that all the noise may be masking quieter, arguably more damaging operations.
Anomali yesterday released its findings that bogus contact-tracing apps were in fact carrying spyware payloads, mostly SpyNote and the banking Trojan Anubis. Contact-tracing programs are being spoofed for Armenia, Brazil, Colombia, India, Indonesia, Iran, Italy, Kyrgyzstan, Russia, and Singapore.
Researchers at Recorded Future describe the growing popularity of Thanos in the ransomware affiliate program criminal market. Thanos is a ransomware builder, believed to be the first to feature the RIPlace technique that’s designed to facilitate rapid weaponization of proof-of-concept exploits. It’s been well-received in the criminal-to-criminal sector.
In what the Washington Post sees as a shift in the latest Crypto Wars' EARN-IT Act skirmish, Reuters reports that some Senators are seeking information on a 2015 backdoor incident Juniper Networks sustained.
Police officers in major US cities (including Washington, Atlanta, Boston and New York) are being subjected to doxing, their home addresses and other personal information shared on social media, the AP reports.
Today's issue includes events affecting Australia, China, the European Union, Germany, Israel, Japan, Russia, Ukraine, the United Kingdom, and the United States.
Bring Your Own Context
Paul Rosenzweig, writing for the Lawfare Blog, said this: “There is a vision for the future of assessing cybersecurity: The goal is a system of cyber metrics that are transparent, auditable, practical, scalable and widely agreed upon. To that end, it is useful—indeed, imperative—to evaluate various approaches to cyber risk quantification with the aim of informing the development of a public standard for measuring cybersecurity.”
Paul is absolutely correct. But the network defenders of the world struggle with the concept of risk assessment especially when it comes down to forecasting the probability of negative material events caused by a cyber event sometime in the future. We struggle with the meaning of probability and think that it is too hard to forecast with any precision. That is incorrect but I think that is the feeling from the bulk of the network defender community.
CSO Perspectives, in CyberWire Pro, wrestles with these kinds of issues each week. This week, we talked about expanding your ideas about what a probability is and how you can use that expanded definition to assess risk with precision. Be sure to check out that podcast and essay there.
LastPass Identity provides simple control and visibility across every entry point to your business through single sign-on, password management and multi-factor authentication in one unified solution. LastPass Identity provides a holistic view of end user activity to simplify security for IT, all while delivering the passwordless login experience employees want. Start a free LastPass Identity trial today.
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at Webroot, as David Dufour talks about how organizations can successfully navigate their new workplace realities. Our guest is Chester Wisniewski from Sophos, discussing fleeceware found in Apple's app store.
Hacking Humans is up. In this week's episode, "Taking a selfie with your ID," Joe talks about HROs (High Reliability Organizations), and Dave has a scam on Upwork gigs. The Catch of the Day is about giving a scammer the runaround. Later in the show we have an interview with Sanjay Gupta from Mitek on how cybercriminals are capitalizing on the recently-deceased and creating synthetic identities.