CyberWire Daily

Phishing threats unleashed.

Feb 13, 2024

Andrew Scott, Associate Director of China Operations at CISA, and Brett Leatherman, Section Chief for Cyber at the FBI, discuss Chinese threat actor Volt Typhoon and living off the land techniques. Topics include phishing attacks on Azure accounts, healthcare cybersecurity bill, industrial vulnerabilities, gender parity in tech, and online obituary spam.

36:19

Creator website

Episode guests

Andrew Scott

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Attackers are targeting Microsoft Azure accounts with sophisticated phishing techniques, compromising data and financial assets.

Bank of America warns customers of a data breach caused by the LockBit ransomware gang, affecting a service provider and exposing personal information of thousands of individuals.

Deep dives

Sophisticated Phishing Attacks Target Azure Accounts

A recent campaign is targeting Microsoft Azure accounts, using sophisticated phishing techniques to compromise the accounts and gain access to data and financial assets. The attackers secure the compromised accounts with multi-factor authentication, hindering victims' ability to change passwords or review access. They engage in data exfiltration, internal and external phishing, financial fraud attempts, and create mailbox rules to hide their activities. The attackers leverage proxies, compromised domains, and data hosting services to obfuscate their operations. Organizations are advised to monitor user agents and source domains for signs of compromise and employ security defenses against initial and post-compromised activities.

Introduction

3min

Cybersecurity incidents and threats

3min

Cybersecurity Measures and Healthcare Bill

7min

Living Off the Land Techniques Used by Volt Typhoon

13min

Disrupting Cybercrime and Online Obituary Spam

4min

Attackers lock up Azure accounts with MFA. Bank of America alerts customers to a third party data breach. Malicious cyber activity targets elections worldwide. CISA highlights a vulnerability in Roundcube Webmail. Lawmakers introduce a bipartisan bill to enhance healthcare cybersecurity. Siemens and Schneider Electric address multiple industrial vulnerabilities. Perception in tech gender parity still has a ways to go. Dave Bittner speaks with Guests Andrew Scott, Associate Director of China Operations at CISA, and Brett Leatherman, Section Chief for Cyber at the FBI, about Chinese threat actor Volt Typhoon. And the scourge of online obituary spam.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Guests Andrew Scott, Associate Director of China Operations at CISA, and Brett Leatherman, Section Chief at FBI, discussing PRC/Volt Typhoon advisory and living off the land guidance. Read the press release on “U.S. and International Partners Publish Cybersecurity Advisory on People’s Republic of China State-Sponsored Hacking of U.S. Critical Infrastructure.”

Selected Reading

Ongoing campaign compromises senior execs’ Azure accounts, locks them using MFA (Ars Technica)

Bank of America warns customers of data breach after vendor hack (BleepingComputer)

Global Malicious Activity Targeting Elections is Skyrocketing (Security Affairs)

CISA Warns Of Active Attacks on Roundcube Webmail XSS Vulnerability (CISA)

Bipartisan Senate Bill Requires HHS to Bolster Cyber Efforts (Gov Info Security)

ICS Patch Tuesday: Siemens Addresses 270 Vulnerabilities (SecurityWeek)

Four in five men in tech say women are treated equally, as women criticise ‘invisible challenges’ (Euronews)

The rise of obituary spam (The Verge)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

CyberWire Daily

Phishing threats unleashed.

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Sophisticated Phishing Attacks Target Azure Accounts

Bank of America Alerts Customers to Data Breach

Malicious Cyber Activities Target Global Elections

CyberWire Guest

Selected Reading

Share your feedback.

Want to hear your company in the show?

Remember Everything You Learn from Podcasts