The third season of the CyberWire's CSO Perspectives is beginning. Among other topics, we'll be taking up four matters that tend to be treated with a broad brush: SD-WANs, containers versus lambda functions, SOAR, and orchestration. We'll be trying to get beyond the general, high-level discussions these tend to receive, and work toward a deeper understanding.
LastPass Identity provides simple control and visibility across every entry point to your business through single sign-on, password management and multi-factor authentication in one unified solution. LastPass Identity provides a holistic view of end user activity to simplify security for IT, all while delivering the passwordless login experience employees want. Start a free LastPass Identity trial today.
Updates on campaign hacking and influence operations. TrickBot's recovery. Schools remain attractive targets.
Late Friday Google published an update on what it’s observed of foreign intelligence services’ activities against US political campaigns. Over the summer Google’s Threat Analysis Group monitored attempts by Iran’s APT35 (also known as Charming Kitten) and China’s APT31 (or Judgment Panda) to compromise email accounts belonging to staffers at both the Trump and Biden presidential campaigns. The attacks were carried out by phishing. Google saw no signs of the attacks’ succeeding. The Threat Analysis Group also observed “spammy,” clumsily executed attempts at influence operations directed against US audiences by APT31. Most of these were carried out over YouTube.
CrowdStrike has a dispiriting follow-up to the recent public-private interference with the TrickBot gang. The disruption that interference caused seems to have been quick and sharp, but unfortunately the TrickBot gang (“Wizard Spider” in CrowdStrike’s threat menagerie) seems to have recovered faster than anyone would have wished. Their BazarLoader Trojan’s distribution is rising, and the rates of Conti and Ryuk infestations seem to have returned to their normal levels.
BleepingComputer reports that TrickBot operators have begun using the legitimate project-management solution BaseCamp to host the Trojan BazarLoader with the ultimate goal of installing Ryuk ransomware.
Schools, forced by the COVID-19 pandemic to operate online, with large, often poorly protected attack surfaces, continue to attract the attention of cybercriminals, the Wall Street Journal says.
Iran’s Ports and Maritime Organization reported that last week’s cyberattacks against the country targeted ports but were unsuccessful. Port Strategy reports that no other details have been forthcoming.
Today's issue includes events affecting Australia, China, Estonia, the European Union, France, Germany, India, Iran, Ireland, Japan, the Netherlands, New Zealand, Nigeria, Russia, Ukraine, the United Kingdom, and the United States.
scoutPRIME® provides an “outside-in” view of your organization’s cybersecurity posture so you can see what an adversary sees from the public-facing internet. scoutPRIME helps you protect your organization by identifying vulnerabilities across your organization and down your supply chain so you can reduce your external threat surface and improve your cybersecurity response.
See how scoutPRIME can help you manage the risks associated with systems outside of your perimeter with visibility, context, and actionable intelligence.