CyberWire Daily

Edward Wu, senior principal data scientist at ExtraHop, joins Dave to discuss the company's research, "A Technical Analysis of How Spring4Shell Works." ExtraHop first noticed chatter from social media in March of 2022 on a new remote code execution (RCE) vulnerability and immediately started tracking the issue. In the research, it describes how the exploit works and breaks down how the ExtraHop team came to identify the Spring4Shell vulnerability...

Alan Neville, a Threat Intelligence Analyst from Symantec Broadcom, joins Dave to discuss their research "Lazarus Targets Chemical Sector." Symantec has observed the North Korea-linked threat group known as Lazarus conducting an espionage campaign targeting organizations operating within the chemical sector. The campaign appears to be a continuation of the group's activity called Operation Dream Job, which Symantec first came across in August of 2020...

Larry Cashdollar from Akamai, joins Dave to discuss their research on a DDoS campaign claiming to be REvil. The research shares that Akamai's team was notified last week of an attack on one of their hospitality customers that they called "Layer 7" by a group claiming to be associated with REvil. In the research, they dive into the attack, as well as comparing it to other similar attacks that have been made by the group...

Alden Wahlstrom, senior analyst on Mandiant's Information Operations Team, shares a comprehensive overview and analysis of the various information operations activities they’ve seen while responding to the Russian invasion...

Chad Seaman, Team Lead at Akamai SIRT joins Dave to discuss their research about a record-breaking DDoS Attack. The research says "A new reflection/amplification distributed denial-of-service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks." Starting in mid-February 2022, security researchers, network operators, and security vendors noticed a spike in DDoS attacks...

Rob Pantazopoulos from Secureworks, joins Dave to discuss their work on "REvil Development Adds Confidence About GOLD SOUTHFIELD Reemergence." Secureworks researchers published a new analysis on what can be considered the ‘first’ set of ransomware samples associated with the reemergence. These updated samples indicate that GOLD SOUTHFIELD has resumed operations...

Israel Barak, CISO from Cybereason, sits down with Dave to discuss their research, "Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation." Cybereason researchers recently found an attack lurking beneath the surface which was assessed to be the work of Chinese APT Winnti. Cybereason briefed the FBI and the DOJ on the investigation into the malicious campaign...

Deepen Desai from Zscaler's ThreatLabz joins Dave to discuss how APTs, like Lyceum Group, create tactics and malware to carry out attacks against their targets. The Lyceum group has been active since 2017 and is a state-sponsored Iranian APT group. This group targets Middle Eastern organizations most notably in the energy and telecommunication sectors, and they rely heavily on .NET based malwares...

Ashley Taylor from SANS.edu, joins Dave to discuss fake job ads and methods to proactively detect these scams. The research shares how job seekers are under attack, with scammers posing as fake job recruiters to steal information from people who are interested in the job posting. The brands being impersonated as are at risk of losing credibility to their brand identity...

Dick O'Brien from Symantec, a part of Broadcom Software, joins Dave to discuss how the cyber-criminal operation, Clipminer Botnet, makes operators behind it at least $1.7 million. Symantec's research says "The malware being used, tracked as Trojan.Clipminer, has a number of similarities to another crypto-mining Trojan called KryptoCibule, suggesting it may be a copycat or evolution of that threat...