Risky Business #655 -- USG: Expect Russian cyber drama

When the sanctions fly, so will the packets...
23 Feb 2022 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Ukraine sanctions may lead to Russia going “cyber feral”
  • Brian Krebs links Red Cross breach to Iranian actor
  • APT10 uses cred stuffing as misdirection
  • Report: Global logistics behemoth Expeditors ransomwared
  • NFT thefts still hilarious
  • Inside the epic KlaySwap hack
  • Much, much more

In this week’s sponsor interview Thinkst Canary’s Marco Slaviero talks about some work they’ve done on introducing a “Safety Net” against AWS token enumeration edge cases. That’s a very interesting interview.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

White House attributes Ukraine DDoS incidents to Russia's GRU - CyberScoop
U.S. issues blanket warning on potential of destructive Russian hacks
Russian hackers have probably penetrated critical Ukraine computer networks, U.S. says - The Washington Post
Ukraine dismantles social media bot farm spreading "panic" - The Record by Recorded Future
US says Russian hackers breached multiple DOD contractors - The Record by Recorded Future
Red Cross blames hack on Zoho vulnerability, suspects APT attack - The Record by Recorded Future
Red Cross Hack Linked to Iranian Influence Operation? – Krebs on Security
Deep dive into hack against Iranian state TV yields wiper malware, other custom tools
VMware Horizon servers are under active exploit by Iranian state hackers | Ars Technica
Chinese hackers linked to months-long attack on Taiwanese financial sector - The Record by Recorded Future
San Francisco 49ers confirm ransomware attack - The Record by Recorded Future
Global logistics giant Expeditors suffers cyberattack, shuts down operations systems - FreightWaves
Vodafone Portugal struggles to restore service following cyberattack | Ars Technica
The US Crackdown on Spyware Vendors Is Only Beginning
People Whose NFTs Were Stolen Are Getting Wildly Different Refunds from OpenSea
Scam artists swindle NFTs worth 'millions' in OpenSea phishing attack | ZDNet
KlaySwap crypto users lose funds after BGP hijack - The Record by Recorded Future
Jaw-dropping Coinbase security bug allowed users to steal unlimited cryptocurrency | The Daily Swig
For signs of cryptocurrency laundering, look closely at Moscow firms, report says
Srsly Risky Biz: Thursday February 17
More data on Canadian 'Freedom Convoy' donors leaked -website | Reuters
Stream Episode 179: Truck Yeah, Canada feat Dan Boeckner by QAnon Anonymous | Listen online for free on SoundCloud
FBI sees increase in use of virtual meeting platforms for BEC scams - The Record by Recorded Future
This Is the ‘Hacking’ Investigation Into Journalist Who Clicked ‘View Source’ on Government Website
Bhima Koregaon case: New report finds activist Rona Wilson was targeted by hackers linked to cyber espionage - The Washington Post
Thousands of npm accounts use email addresses with expired domains - The Record by Recorded Future
EARN IT Act gets no changes to encryption language in Senate committee
SEC's breach notification proposal one step closer to a final vote
In touch with Reality Winner - The Record by Recorded Future
A “Safety Net” for AWS Canarytokens