CyberWire Daily - Enter Sandman. A look at an initial access broker. Iran’s OilRig hits Israeli targets. Cyber ops and soft power. Update on casino ransomware attacks. Bermuda’s government sustains cyberattacks.
Episode Date: September 22, 2023A new APT is found: enter Sandman. Tracking an initial access broker called Gold Melody. Iran’s OilRig group is active against Israeli targets. Cyber ops as an instrument of soft power. Recovery and... investigation in the casino ransomware attacks. In our Solutions Spotlight, Simone Petrella speaks with MK Palmore from Google Cloud about talent retention and the cybersecurity skills gap. Our guest is Kristen Marquardt of Hakluyt with advice for cyber startups. And Bermuda points to Russian threat actors. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/182 Selected reading. Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit (SentinelOne) GOLD MELODY: Profile of an Initial Access Broker (Secureworks) OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes (We Live Security) Cyber Soft Power | China's Continental Takeover (SentinelOne) MGM Resorts computers back up after 10 days as analysts eye effects of casino cyberattacks (AP News) MGM Restores Casino Operations 10 Days After Cyberattack (Dark Reading) MGM Resorts computers back up after being down 10 days due to casino cyberattacks (CBS News) MGM says its recovered from cyberattack, employees tell different story (Cybernews) 'Power, influence, notoriety': The Gen-Z hackers who struck MGM, Caesars (Reuters) Apple emergency updates fix 3 new zero-days exploited in attacks (BleepingComputer) Russia linked to cyberattack on government services (Royal Gazette) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
A new APT is found. Enter Sandman.
Tracking an initial access broker called Gold Melody.
Iran's Oil Rig Group is active against Israeli targets.
Cyber Ops as an instrument of soft power.
Recovery and investigation in the casino ransomware attacks.
In our Solutions Spotlight, Simone Petrella speaks with M.K. Palmore from Google Cloud about talent retention and the cybersecurity skills gap.
Our guest is Kristen Marquardt of Hacklet with advice for cyber startups.
And Bermuda points to Russian threat actors.
I'm Dave Bittner with your CyberWire Intel briefing for Friday, September 22, 2023. That's right. Enter Sandman.
Only in this case, it's not Metallica, and it's not walk-up music, and it's not sleepy time.
It's an APT.
Sentinel-1 is tracking a new threat group it's calling Sandman,
and Sandman is targeting telecommunications providers in the Middle East, Western Europe, and South Asia.
The threat actor is using a backdoor called Luodream,
which Sentinel-1 says indicates a well-executed,
maintained, and actively developed project of a considerable scale.
Dreamy.
The researchers note,
At this time, we don't have a consistent sense of attribution.
LuaDream does not appear to be related to any known threat actors.
While the development style is historically associated with a specific type of
advanced threat actor, inconsistencies between the high-end development of the malware and poor
segmentation practices lead us towards the possibility of a private contractor or mercenary
group similar to Metador. But it is being called an APT, which suggests that contractor or mercenary, some government is probably paying the bills.
SecureWorks has published a report on the financially motivated threat actor Gold Melody, which acts asin operating system utilities, and proprietary remote-access Trojans and tunneling tools
to facilitate its activity once inside a compromised environment.
The researchers add,
Gold Melody conducts a considerable amount of scanning to understand a victim's environment.
Scanning begins shortly after gaining access but is repeated and continued throughout the intrusion.
The group normally conducts this activity from the initially compromised server.
Gold Melody sometimes uses the initially exploited vulnerability to conduct reconnaissance.
ESET describes two campaigns the Iranian threat actor Oil Rig, also known as APT34, launched against
Israeli organizations. The first campaign, Outer Space, occurred in 2021 and used a compromised
Israeli human resources site as a command and control server for a previously undocumented
C-sharp.net backdoor, Solar. The second campaign, Juicy Mix, was launched in 2022
and used a compromised Israeli job portal website as a command and control server for a new backdoor
called Mango. Mango, which is a successor to the solar backdoor, was used to target an Israeli
healthcare organization. Sentinel-1 yesterday announced the formation of the Under-Monitored Regions Working Group
in an effort to better manage the challenge of tracking state-aligned cyber activities
in less monitored areas like Africa and Latin America.
The company stated,
This effort calls upon established security researchers to join analytic capabilities,
combine telemetry resources and local expertise,
and promote a unified approach to analyzing cyber operations
used to support soft power agendas in Africa and Latin America.
In a blog post, Sentinel-1 outlined China's cyber operations in Africa,
Sentinel-1 outlined China's cyber operations in Africa, which conspicuously align with China's broader soft power and technological agenda in the region, focusing on critical areas such as
the telecommunications sector, financial institutions, and governmental bodies.
Cyber operations have recently been thought of to a considerable extent in terms of combat support for kinetic war.
It's worth remembering that they can play a supporting role in soft power too,
supporting diplomacy through intelligence collection and influence operations.
MGM Resorts reported that customer-facing operations had returned to normal
10 days after the casino operator sustained a ransomware attack.
Cyber News reports, however, that employees complain of having to rely on manual backups
as familiar automated systems remain imperfectly available. The employees themselves are also said
to have expressed concern about the possible exposure of their own personal data in the
incident. Reuters describes Scattered Spider,
the gang at the center of the recent ransomware attacks against casino operators,
as careful in its research into potential victims, fluent in English, and relentless in its pursuit
of its chosen targets. Its members are believed to be young, for the most part 17 to 22 years old, and Okta thinks their activities
show they've studied its product, perhaps even taken Okta online training. Mandiant says they've
engaged in swatting, which is of course making bogus 911 calls reporting phony active threats
designed to send police SWAT teams to innocent homes. Their motivation is complex, apparently at least,
as interested in cachet as they're interested in cash.
Mandiant founder Kevin Mandia said,
I don't even think these intrusions are about money.
I think they're about power, influence, and notoriety.
That makes it harder to respond to.
The frenzy of renown, the taste for influence, the desire to count coup
motivates some youths to pick up a can of spray paint.
Others sit down in front of a keyboard.
Yesterday, Apple issued patches for macOS, iOS, and iPadOS.
Three vulnerabilities in all were patched,
and there are reports that they've been exploited in the wild.
The vulnerabilities could permit privilege escalation and signature validation bypass incidents.
And finally, Bermuda's government judges that widespread disruption of official networks and services in the island at week's end is the work of Russian threat actors. The Royal Gazette reports that Premier David Burt said,
our initial indication is it's come from an external source,
most likely from Russia,
and we are working with agencies to make sure
that we can identify any particular challenges
and make sure that services are restored
as quickly as possible.
Whether the attack is simply criminal
or has a political purpose is
unclear. Authorities in Bermuda believe that some Caribbean countries have been similarly affected.
According to Burr News, the government says that service disruptions are expected to continue into
today. So, Bermuda dodges the tropical storm headed up the Carolina banks toward Maryland.
That's where we are, of course, only to be clobbered by Russian crooks.
Forget it, Jake. It's the Internet.
Coming up after the break, in our Solutions Spotlight,
Simone Petrella speaks with M.K. Palmore from Google Cloud
about the talent retention and cybersecurity skill gap.
Our guest is Kristen Marquardt from Hacklet with advice for cyber startups.
Stick around.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
programs, we rely on point-in-time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings
automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI. Now that's a new way
to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash
cyber for $1,000 off.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your
company's defenses is by targeting your executives and their families at home.
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached. Protect
your executives and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
In this edition of our Solutions Spotlight, N2K's Simone Petrella speaks with MK Palmore
from Google Cloud about talent retention and the cybersecurity skills gap.
Here's their conversation.
I am honored to be here today with MK Palmore,
Director in the Office of the CISO at Google Cloud.
MK, thank you so much for joining me.
Thanks, Simone. I appreciate the offer and looking forward to the conversation.
Sure. We'll get right into it. So I know one of the reasons that we connected in the first place,
and this is true both in your professional capacity at Google as well as some of the work
you do outside, is around just the coordination and the work that
organizations are focused on in increasing the pipeline of not only talent in cybersecurity,
but specifically diverse talent. How do you think about retaining talent within Google Cloud?
So, great question. Talent retention is, I think, the same across any organization, and that is if you can provide good leadership, if you can provide your employees with a pathway towards their own professional development, and you can engage them in interesting work, then likely you have the elements necessary to keep employees on board.
is on board. Now, as quickly as I said that, though, you should recognize that I think any organization really has challenges with retention. It can be, especially in today's environment with
things like remote work, the variabilities involved in where you work, what regions you're
actually allowed to work out of, and of course, all things pay. But at the end of the day, I do
believe that the subject of leadership,
people oftentimes leave employers because of bad leadership, not because of bad situations at work
or anything like that. And so if you can provide good leadership, you can provide them a mission
where they're effectively engaged and a pathway for their own success, people will likely stay
where they are. But that, you know, easier said than done. Those challenges, I think,
are felt across every enterprise on the planet. And, you know, specific to that, because obviously we
want to retain the talent. It's so difficult to get it in the first place, but we also want to
increase the diversity that we see in the field writ large. So how do you think about that as it
comes to identifying and bringing in new talent and then trying to retain the talent
as they move through their careers.
Yeah, so anyone that's listened to me,
seen my musings in terms of writings,
knows that this issue of increasing diversity
in the cybersecurity workforce and pipeline
is a real passion topic for me.
I honestly believe that this is one of the core components of solving,
if you will, the cybersecurity challenge. Diversity helps us in every aspect of life.
And in the cybersecurity realm, the need to diversify the cyber workforce answers the mail
on a couple of different issues. One, our ability to actually create and invent solutions that apply
across the board. You know, here at Google, we're always trying to solve for global problems,
and cybersecurity happens to be one of them. When we think about solving problems, we think,
how can we solve this for the planet, not how can we solve it for some individual instance,
although we do a pretty good job at that as well, how do we solve for globally
for a particular challenge? And when we think about issues like the cybersecurity workforce,
we absolutely believe that diversity is a way for us to close down this gap, this ongoing gap
of here in the U.S., 750,000 plus open cybersecurity positions annually. If you include the numbers
globally, that number ekes up, I think, to probably 1.5 million
annually open positions.
And in addition to widening sort of the lens that we use to identify cyber talent, as an
industry, all of us have to do a much better job at getting diverse talent to the table.
And that happens in a couple of different ways.
better job at getting diverse talent to the table. And that happens in a couple of different ways.
We know for a fact that training helps get individuals to the table if you can provide them with training, some of which, especially some of the best training in the world, can be
truly expensive. If you're not already on board with one of the global providers like the Googles
of the world, where things like training may be covered by your employer,
it can be extremely challenging for someone to actually get the certifications or academic training that they need in order to break into the cybersecurity field.
But the second piece of that in terms of answering the challenge of the workforce
is, of course, the piece of actually getting people experience.
And hopefully we can dive a little bit deeper into that challenge because I actually think
that that's really the critical piece that we're all challenged with trying to identify how we close that gap now.
Because Google has put training certifications on the table.
We, this year, released the Grow with Google cybersecurity cert.
There are a number of certifications by other organizations and agencies out there that folks can get access to.
Grow with Google is certainly one that we would promote that prepares people for entry-level jobs.
But there's lots of opportunities to train. And I think as an industry where we're really
challenged is this area of actually getting work experience for these folks. Because the
truth of it is, is that cybersecurity companies,
big vendors like Google and others, are challenged with hiring brand new talent.
It's really difficult for organizations that have as much on the line as they do to open up the
employment doors for folks with little to no experience. And that's really the area, I think,
as we move forward, that's the area where all organizations
are gonna have to start thinking about
how do we solve that problem?
Because that's the critical piece that we're missing now.
Yeah, really great point.
One thing that I would be curious
if you could share your perspectives as a leader
in a large organization is what are your recommendations
when you think about that necessity to train
and to invest in people? How do you think about, necessity to train and to invest in people?
How do you think about or what are the recommendations you have to evaluate and
measure not only the team skills that are required for the business to achieve its security strategy,
but then what are the pathways or what are the recommendations and how you prioritize
those investments if you're already going to make, in order to align the need with the actual training you're going to send someone to. If
you're going to make that investment, you want it to be related back to the business in some way.
So there's a lot to unpack there. And I think that certainly in the curriculum realm,
the cybersecurity curriculum realm, they're starting to understand this. I think that the
certifications realm maybe has a better handle on this than, say, the traditional academic
environments and, say, four-year colleges and that kind of thing, because they're still kind
of training towards, I won't call it an outdated model, but one that doesn't necessarily keep pace
with all of the changes that are in the industry. And there are certainly shorter return on
investment time and effort that you can make in terms of investing in certifications because the turnaround on those types of things are quicker. the job and get better at the job. And that is where the concentration of investment and training
needs to happen. As opposed to thinking about domain-specific, overriding strategic knowledge,
we need to start thinking about what does this person need in order to be excellent at this job
so that they get what they need to get out of the experience and the organization gets
the kind of productivity that they're expecting. You know, security operations, case in point, is a fantastic example of that.
There is no way that you can be an absolute expert on all of those products.
There are a handful of individuals who even could probably run down the list and provide
you at least level one, level two on what those products do and what they're capable
of.
And so as an organization, the office of the CISO, we spend some of our
cycles taking time aside and making sure that we get deep dives on products that we think
will come up in conversations with our customers as it relates to cybersecurity. And so we don't
need to learn the entirety of the landscape, but we do need to be able to do deep dives on the
products that are relevant to our portion within the Google Cloud story.
And oftentimes that revolves around the subject of security.
So that's just one example of very targeted training that organizations can undertake
to make sure that their workforce is prepared for their role.
Right.
Amazing.
Well, MK, thank you so much for joining.
Really appreciate you taking the time this afternoon.
That's our own Simone Petrella speaking with MK Palmore from Google Cloud.
There's a lot more to this conversation.
If you want to hear more, head on over to the CyberWire Pro and sign up for Interview Selects, where you'll get access to this and many more extended interviews. Kristen Marquardt is head of digital and cyber practice at Hacklett & Company.
She's also one of the judges of this year's Data Tribe Challenge,
where hopeful startups will pitch their ideas to a panel of industry luminaries.
I asked Kristen Marquardt about some of the challenges startup CEOs face
when considering the business side of starting a cyber business.
Oftentimes there's a misalignment of expectation,
either in terms of funding, timing of funding, control.
I think there's oftentimes also a misalignment of how you talk about things. And when I oftentimes
think about the business of cyber, what I really am focused on, and this comes from the various
places I've worked professionally, is that there's oftentimes a disconnect around the fundamentals
and the framing of conversations. So it's the business of cyber, or really it's the cyber from a business perspective.
It's understanding, particularly for startups
or companies who want to work
and who are dedicated to solving problems in this space.
The way that they speak to the solving of those problems
is oftentimes at a disconnect with the business
or with the business quarter
because they're so focused on the technical piece of it, the problem as they see it, the really cool thing that they're going to solve
for you. And what they're failing to really frame it as is this is how it enables your business to
make money, to be successful, to endure, to grow. And it is that disconnect and framing and a
fundamental understanding of what the other person needs and wants that oftentimes I see really stymies people. I think of it sometimes as a bit of a
marriage between business and cybersecurity. Businesses exist to make money that is enabled
by having secure operations. And cyber exists to make that all happen. But the business and cyber functionalities, particularly in-house, but also when you're
bringing in an outside vendor to solve a particular problem for you, is can you talk about what
this is going to do for you in the context of your business and why it's going to matter
and why the adoption of it is going to matter, not just from a technology piece, but from
a culture piece, from a planning and process piece. And that
oftentimes is a disconnect. So I think of it as a marriage, like I said, but it's one that can
either be unholy and uncomfortable, filled with all sorts of miscommunications and misread
assumptions, or it can be a pretty happy one that's got good communication, shared expectation,
a willingness to work through things, and really kind of framing
it from that perspective. And that is not a tech thing. That's not an innovation piece. That is
straight up linguistics and culture and a little bit of patience and grace. One thing I think about
with a lot of the VCs that I've spoken to is they're evaluating some of these startups who are looking to get funding,
they'll say, quite often someone has an interesting feature, but it's not a product.
That can be often is a common thing. And it can be, you got really excited about solving
one aspect of one problem, or you found a way to do something really cool and you're in search
of a problem that it can solve. And you're trying to engineer from that perspective, oftentimes that feature is not enough, right?
If you're going to layer into an existing ecosystem or an existing budget, it can't just be one thing
anymore unless that thing is an intrinsic existential problem that you're going to solve
for them. But it's how does that work
in conjunction with everything else? How does it complement everything else? Is it just a slight
innovation or is it a sea change? And can you articulate that not only for yourself, but for
the business? It's context of what is this going to do for me? How does it make my life easier?
How does it make me more successful, faster, smarter,
better, as opposed to, it's just going to solve this problem, but why? Why does it matter?
You are set to be one of the judges for the upcoming Data Tribe 2023 Data Tribe Challenge,
and I will be there for that as well. As these hopeful organizations are putting together their presentations, Do you have any words of wisdom,
any advice for someone who's in this situation of effective ways to communicate their message?
Don't get so excited that you dive straight in to the nitty gritty before you paint the landscape
of what a difference you're going to be able to make. Oftentimes when you're talking to people
who have spent months, weeks, years, hard-earned sweat, love, toil, every moment of every day
obsessing about something, they start there. And it's a bit like starting in the middle or the end
of a conversation for everybody else. You need to make sure that the people you're talking to
really understand where you're starting from and that you've taken into account that you need to paint that picture for them.
You want to take them with you on a journey. And it is a funny thing that in such a technical space,
you still need to have those communication skills to be able to paint the picture,
capture the audience, and take them with you. Do you find sometimes that perhaps the founder of a company or
the person who has the technical expertise is best perhaps sitting on the sidelines when it comes to
these sort of communications types of things? You know, to have someone, a partner who is the person
out there being the face of the company or does the founder need to have all of those skills?
face of the company or does the founder need to have all of those skills?
Such a guppy answer in the DC area, but I'm going to say it depends, right?
It's going to depend because I do think what you need is to have enough humility to know what you're good at and what you can bring and enough humility to recognize if you need somebody who
has that other skill set, you can develop a lot of it.
You can learn to do it to a certain degree.
But if you just fundamentally cannot think
like your target audience,
then you need to find somebody who can
and who can communicate it.
If however you come from that
or you think you really understand the mindset,
absolutely you can develop the skills to communicate, right?
We all can through practice, through trial, through a lot of failure, right? But I think it requires a certain
degree of humility. What am I really good at? Where am I going to bring the value? Is there
someone else who can do this better so that it's better for the company? And also the flip side of
that is if you do have, if you recognize that this is a limitation of yours and you have somebody who
can do that, you also can step back and take all of the energy and the focus that you would have
dedicated to that and turn it right back around to the place where you really drive value for
your company. Yeah. I mean, it strikes me that one of the really interesting insights I think
you're making here is that it's really important to be coachable, both from being a good
presenter, but also this relationship that you're starting down with your investors.
Absolutely. You got to be coachable. You have to be willing to offer grace to other people
and hear the feedback in the way that it's intended. Not everybody has a lot of emotional
intelligence for how they're going to frame
feedback, right? They may be in a hurry. They may think they're doing you a favor by being
hyper, hyper blunt, and you've got to see it for what it is and take from it the things that you
know you can do. That's not to say that all feedback is good feedback. Again, there's a
self-reflection period here where you've got to really take a look at yourself and what you're
trying to accomplish and who you're trying to accomplish it with and think to yourself, there's context for all of that.
Yeah, being coachable really matters everywhere in life.
It's not just on the peewee field.
It's for the rest of your life.
Are you coachable?
Are you adaptable?
Do you recognize your strengths for what they are?
And are you willing to bring somebody else's strengths into the picture
and balance that with yours? That's Kristen Marquardt from Hacklet. She's one of the judges
at the upcoming Data Tribe Challenge, where startup companies compete for seed funding in
a live competition. The submission deadline is Saturday, September 23rd, and the event itself
is November 2nd.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full
suite of solutions designed to give you total control, stopping unauthorized applications,
securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach
can keep your company safe and compliant.
This episode is brought to you by RBC Student Banking.
Here's an RBC student offer
that turns a feel-good moment
into a feel-great moment.
Students, get $100 when you open a no-monthly-fee
RBC Advantage banking account
and we'll give another $100 to a charity of your choice.
This great perk and more only at RBC.
Visit rbc.com slash get 100, give 100.
Conditions apply.
Ends January 31st, 2025.
Complete offer eligibility criteria by March 31st, 2025.
Choose one of five eligible charities.
Up to $500,000 in total contributions. And that's The Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com.
Be sure to check out this weekend's Research Saturday and my conversation with Maxim Zavadchik from Akamai.
We're discussing Zoram, a new Magento campaign that's been discovered.
That's Research Saturday. Check it out.
We'd love to know what you think of this podcast.
You can email us at cyberwire at n2k.com.
Your feedback helps us ensure we're delivering the information and insights that help keep you a step ahead in the rapidly changing world of cybersecurity.
We're privileged that N2K and podcasts like The Cyber Wire are part of the daily intelligence routine of many of the most influential leaders and operators in the public and private sector,
as well as the critical security teams supporting the Fortune 500 and many of the world's preeminent intelligence and law enforcement agencies. N2K Strategic Workforce Intelligence optimizes the value of your biggest
investment, your people. We make you smarter about your team while making your team smarter.
Learn more at n2k.com. This episode was produced by Liz Ervin and senior producer Jennifer Iben.
Our mixer is Trey Hester with original music by Elliot Peltzman.
The show was written by our editorial staff.
Our executive editor is Peter Kilpie, and I'm Dave Bittner.
Thanks for listening. We'll see you back here next week. Thank you. AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses
that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your Data is hard. Domo is easy. Learn more at ai.domo.com.
That's ai.domo.com.