The CyberWire Daily Podcast 9.6.22
Ep 1656 | 9.6.22

Notes on the C2C market. A new cyberespionage threat actor has surfaced. Sharkbot made a brief return to Google Play. Privateering and catphishing in the hybrid war.

Show Notes

A Phishing-as-a-service offering on the dark web bypasses MFA. The Worok cyberespionage group is active in Central Asia and the Middle East. Prynt Stealer and the evolution of commodity malware. Sharkbot malware reemerged in Google Play. BlackCat/ALPHV claims credit for attack on the Italian energy sector. Joe Carrigan shares stats on social engineering. Our guest is Angela Redmond from BARR Advisory with six cybersecurity KPIs. And the Los Angeles Unified School District was hit with ransomware.

Selected reading.

EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web (Resecurity)

Worok: The big picture (WeLiveSecurity) 

Dev backdoors own malware to steal data from other hackers (BleepingComputer) 

The Prynt Stealer malware contains a secret backdoor. Crooks steal data from other cybercriminals (Security Affairs)

Fake Antivirus and Cleaner Apps Caught Installing SharkBot Android Banking Trojan (The Hacker News)

SharkBot malware sneaks back on Google Play to steal your logins (BleepingComputer) 

BlackCat ransomware claims attack on Italian energy agency (BleepingComputer)

11.84GB of United States Military Contractor and Military Reserve data has been leaked. (vx-underground)

Hackers honeytrap Russian troops into sharing location, base bombed: Report (Newsweek) 

LAUSD hit by hackers in apparent cyber attack (FOX 11 Los Angeles)

Los Angeles Unified Targeted by Ransomware Atta (Los Angeles Unified School District)