The CyberWire Daily Podcast 1.31.23
Ep 1750 | 1.31.23

The cybercriminal labor market and the campaigns it’s supporting. Russia’s Killnet is running DDoS attacks against US hospitals, but Russia says, hey, it’s the real victim here.

Show Notes

Some perspective on the cybercriminal labor market. DocuSign is impersonated in a credential-harvesting campaign. Social engineering pursues financial advisors. Killnet is active against the US healthcare sector. Mr. Security Answer Person John Pescatore has thoughts on cryptocurrency. Ben Yelin and I debate the limits of section 230. And, hey, who’s the real victim in cyberspace? A hint: probably not you, Mr. Putin.

Selected reading.

Perspectives on the cybercriminal labor market. (CyberWire).

IT specialists search and recruitment on the dark web (Securelist)

Cybercrime job ads on the dark web pay up to $20k per month (BleepingComputer) 

Report on hackers' salaries shows poor wages for developers (Register)

Cybercrime groups offer six-figure salaries, bonuses, paid time off to attract talent on dark web (CyberScoop)

Application security risks. (CyberWire)

Survey gives insight into new app security challenges (Cisco App Dynamics)

DocuSign impersonated in credential phishing attack. (CyberWIre)

Breaking the Impersonation: Armorblox Stops DocuSign Attack (Armorblox)

"Pig butchering" and financial advisor impersonation scams. (CyberWire)

No Blocking, No Issue: The Curious Ecosystem of Financial Advisor Impersonation Scams (Domain Tools)

Ukraine at D+341: Killnet hits US hospitals.(CyberWire)

HC3 TLP Clear Analyst Note: Pro-Russian Hacktivist Group Threat to HPH Sector (American Hospital Association)

HHS, AHA Warn of Surge in Russian DDoS Attacks on Hospitals (Gov Info Security) 

Russian hackers allegedly take down Duke University Hospital’s website (Carolina Journal)

The Evolution of DDoS: Return of the Hacktivist (FSISAC)

Russia becomes target of West’s coordinated aggression in cyberspace — MFA (TASS)