CyberWire Daily - Preparing for the cyber battlespace.
Episode Date: May 16, 2025NATO hosts the world’s largest cyber defense exercise. The DOJ charges a dozen people in a racketeering conspiracy involving the theft of over $230 million in cryptocurrency. Japan has enacted a new... Active Cyberdefense Law. Lawmakers push to reauthorize the Cybersecurity Information Sharing Act. Two critical Ivanti Endpoint Manager Mobile vulnerabilities are under active exploitation. Hackers use a new fileless technique to deploy Remcos RAT. The NSA’s Director of Cybersecurity hangs up their hat. Our guest is Christopher Cleary, VP of ManTech's Global Cyber Practice, discussing the cyber battlespace of the future. Coinbase flips the script on an extortion attempt. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Joining us on our Industry Voices segment, Christopher Cleary, VP of ManTech's Global Cyber Practice, talks about the battlespace of the future. If you would like to hear the full-length interview between Christopher and Dave, listen here. Learn more about ManTech’s cybersecurity work here. Selected Reading NATO's Locked Shields Reflects Cyber Defense Growth (SecurityWeek) US charges 12 more suspects linked to $230 million crypto theft (Bleeping Computer) Japan enacts new Active Cyberdefense Law allowing for offensive cyber operations (The Record) Lawmakers push for reauthorization of cyber information sharing bill as deadline looms (The Record) Ban sales of gear from China’s TP-Link, Republican lawmakers tell Trump administration (The Record) Scammers are deepfaking voices of senior US government officials, warns FBI (The Register) Multiple Ivanti Endpoint Mobile Manager Vulnerabilities Allows Remote Code Execution (Cyber Security News) Updated Remcos RAT deployed in fileless intrusion (SC Media) NSA cyber director Luber to retire at month’s end (The Record) Coinbase offers $20 million bounty after extortion attempt with stolen data (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
Hey everybody, Dave here.
I've talked about DeleteMe before, and I'm still using it because it still works.
It's been a few months now, and I'm just as impressed today as I was when I signed
up.
DeleteMe keeps finding and removing my personal information from data broker sites and they
keep me updated with detailed reports so I know exactly what's been taken down.
I'm genuinely relieved knowing my privacy isn't something I have to worry about every
day.
The DeleteMe team handles everything.
It's the set it and forget it
peace of mind.
And it's not just for individuals. Delete Me also offers solutions for businesses, helping
companies protect their employees' personal information and reduce exposure to social
engineering and phishing threats.
And right now, our listeners get a special deal, 20% off your Delete Me plan.
Just go to joindeleteeme.com slash n2k and use promo code n2k at checkout.
That's joindeleteeme.com slash n2k, code n2k. The DOJ charges a dozen people in a racketeering conspiracy involving the theft of over $230
million in cryptocurrency.
Japan has enacted a new active cyber defense law.
Lawmakers push to reauthorize the Cybersecurity Information Sharing Act.
Two critical Avanti endpoint manager mobile vulnerabilities are under active exploitation.
Hackers use a new file-less technique to deploy RemcosRat.
The NSA's director ofsecurity hangs up their hat.
Our guest is Chris Cleary, VP of Mantex Global Cyber Practice, discussing the cyber-battle
space of the future. It's Friday, May 16, 2025. Thanks for joining us here today.
Happy Friday.
It is great to have you with us.
Earlier this week, the NATO Cooperative Cyber Defense Center of Excellence, hosted Locked Shields 2025,
the world's largest cyber defense exercise in Tallinn, Estonia.
Around 4,000 experts from 41 countries participated remotely,
simulating the defense of over 8,000 systems against thousands of cyber attacks.
The event, which began in 2010 with just four nations,
now features advanced challenges,
including AI-driven narratives and quantum computing scenarios.
Teams also tackled legal, strategic, and disinformation challenges.
While Germany, Singapore, Poland, France, and Italy, Slovenia, U.S. teams scored highest,
organizers stressed scores don't reflect overall national readiness.
The exercise, planned by 450 experts and 25 industry partners, highlights growing global
focus on cyber resilience.
Looking ahead, 2026 will expand cloud infrastructure and introduce critical special systems to
further bolster national defense
capabilities.
Twelve people have been charged by the DOJ in a racketeering conspiracy involving the
theft of over $230 million in cryptocurrency.
They allegedly used spoofed phone calls and social engineering to breach victim accounts,
reset 2FA, and
access private keys.
A major theft involved 4,100 Bitcoin stolen from a victim in Washington, D.C. in August
of last year.
The group used crypto mixers, exchanges, VPNs, and PeelChains to launder funds into currencies
like Monero. The money funded extravagant lifestyles, private jets, exotic cars, $500,000 nightclub tabs,
and other luxury goods.
Two suspects were arrested earlier.
The scheme involved roles ranging from hackers to money launderers.
Despite laundering efforts, investigators linked the stolen funds back to the group with help from crypto sleuth Zach XBT and the FBI.
Japan has enacted a new active cyber defense law allowing preemptive cyber operations to disrupt threats before they cause harm.
This marks a shift from Japan's traditionally defensive stance and aligns its cyber policy more closely with Western powers.
The law authorizes law enforcement to neutralize hostile servers
and grants the Self-Defense Force's authority over complex attacks.
It also permits monitoring of foreign internet traffic entering or transiting Japan,
with oversight measures in place. The move follows a surge in state-sponsored and financially driven cyber attacks.
In the U.S., lawmakers from both parties are pushing to reauthorize the Cybersecurity Information
Sharing Act, confusingly named CISA, before it expires on September 30.
The law is seen as vital for enabling threat intelligence sharing between the government
and private sector bolstered by liability and privacy protections.
Despite strong support from DHS Secretary Kristi Noem, reauthorization faces a tight
deadline and unclear leadership support.
Privacy concerns remain the biggest hurdle,
though a recent DHS report found no violations under the law. Lawmakers are calling for a
clean reauthorization with a possible update later. Subcommittee members also pushed to
expand security clearance access to more technical professionals, arguing that current restrictions
limit response effectiveness.
The law has enabled the sharing of critical cyber threat data and is considered key to
national cyber defense.
Meanwhile, 17 Republican lawmakers led by Senator Tom Cotton urged the Trump administration
to ban U.S. sales of TP-Link routers, citing national security concerns.
They allege the Chinese company has ties to the CCP,
uses predatory pricing, and poses a surveillance risk.
TP-Link denies these claims,
calling them baseless and politically motivated.
Lawmakers referenced Executive Order 13873
to justify the ban signed by President Donald Trump in May 2019.
It grants the U.S. Secretary of Commerce the authority to block transactions involving information and communications technology or services linked to foreign adversaries, if they pose an unacceptable risk to national security. TP-Link, which has a U.S. office in California,
insists it isn't state-sponsored
and has not been contacted by U.S. regulators.
Two critical vulnerabilities in
Ivanti endpoint manager Mobile
are under active exploitation,
putting organizations at risk
of unauthenticated remote code execution.
The flaws affect all on-premises versions up to 12.5 and stem from open source library
issues, not Avanti's core code.
When chained, they let attackers bypass authentication and inject malicious Java code via improperly
validated API input. The vulnerabilities allow attackers to install malware,
access data, or disable device management.
Ivanti and global cybersecurity agencies
urge immediate patching to fixed versions.
If updating is impossible, temporary mitigations
and close monitoring are essential.
Unpatched systems are at high risk
as proof of concept code circulates publicly.
Hackers are using a new file-less technique
to deploy Remcos RAT malware
through a PowerShell-based loader
bypassing Windows Defender.
The attack begins with a malicious zip file
containing a spoofed LNK shortcut.
When opened, it triggers an obfuscated script
that alters registry settings for persistence and injects multiple payloads, including Remcos
Version 6 Pro. This updated version adds idle time tracking and infected host management.
Researchers stress monitoring for LNK files, PowerShell misuse, and registry changes to detect and prevent such threats.
Dave Luber, the National Security Agency's Director of Cybersecurity,
will retire at the end of this month after 38 years of distinguished service.
Luber's career, which began as a high school work-study participant, reflects deep commitment
and steady leadership across decades of change.
Rising through roles including executive director of U.S. Cyber Command and director of NSA
Colorado, Luber brought a calm, collaborative approach to cybersecurity at a time of global
digital unrest.
Colleagues praise his efforts to improve intelligence sharing and strengthen public-private partnerships
amid escalating threats like China's Volt Typhoon campaign.
Former NSA Deputy Director George Barnes called him competent, caring, communicative, and
an all-around great leader, adding that Luber's presence will be sorely missed.
His legacy, rooted in service and strategy, will continue shaping national cybersecurity
for years to come.
Coming up after the break, my conversation with Chris Cleary, VP of Mantech's Global Cyber Practice,
we're discussing the cyber-battle space of the future.
And Coinbase flips the script on an extortion attempt. Stay with us. And now, a word from our sponsor, ThreatLocker.
Keeping your system secure shouldn't mean constantly reacting to threats.
ThreatLocker helps you take a different approach by giving you full control over what software
can run in your environment.
If it's not approved, it doesn't run. Simple as that.
It's a way to stop ransomware and other attacks before they start,
without adding extra complexity to your day.
See how ThreatLocker can help you lock down your environment at www.threatlocker.com. Let's be real, navigating security compliance can feel like assembling IKEA furniture without
the instructions.
You know you need it, but it takes forever and you're never quite sure if you've done
it right.
That's where Vanta comes in.
Vanta is a trust management platform that automates up to 90% of the work for frameworks
like SOC 2, ISO 27001, and HIPAA, getting you audit-ready in weeks, not months.
Whether you're a founder, an engineer, or managing IT and security for the first time,
Vanta helps you prove your security posture without taking over your life.
More than 10,000 companies, including names like Atlassian and Quora, trust Vanta to monitor
compliance, streamline risk, and speed up security reviews by up to five times.
And the ROI?
A recent IDC report found Vanta saves businesses over half a million dollars a year and pays
for itself in just three months.
For a limited time, you can get $1,000 off Vanta at vanta.com slash cyber.
That's v-a-n-t-a dot com slash cyber. Christopher Cleary is VP of Mantex Global Cyber Practice, and in today's sponsored
industry voices discussion, we consider the cyber battle space of the future. What are some of the biggest cyber threats
that you see facing the US today?
If you would have asked me that question 20 years ago,
I might have said, you know,
based on the things that I'm seeing,
this is what I'm concerned about.
The uniqueness of today is everybody sees them.
This is no longer an academic exercise.
It's not a philosophical conversation
of what could happen or what might
happen if a sophisticated adversary started looking at our, let's say, our critical infrastructure.
The vault typhoon and salt typhoon have been eye-opening experiences. You know, this is
something that we no longer have to confirm or deny. You know, they're doing it for us. They're
demonstrating the capabilities to do these things.
And I think what is more and more interesting
when you start getting to some of the philosophical
military philosophy of let's say
the Chinese military organization,
you know, the targeting of our critical infrastructure
is a key first indicator, first movement advantage of them.
So this is not them being in our infrastructure
because it's an interesting
intelligence problem they're trying to solve. This is prepositioning to degrade certain
functionality of what we do over here prior to, let's say, a move on Taiwan. But we all
see it now. We're all witnessing it. My concern is we're not moving fast enough.
Why do you say that? What are the shortcomings here? Well, it is clear what, let's say in this instance,
China is doing.
Again, vault and salt typhoon.
So there's no questioning the capabilities
of certain adversaries to do certain things
in our infrastructure.
There's also no shortage of companies
that have come up with technologies to solve this problem.
There's plenty of those out there.
The question that I've always had is, how have those two things still not seem to come up with technologies to solve this problem. There's plenty of those out there. The question that I've always had is,
how have those two things still not seem to come together?
So are we waiting for the problem?
I hate to say, you know,
that old chestnut of Cyber 9-11,
but is that what it's gonna take?
That is the thing I'm struggling with.
So the Cyber 9-11 is something we talk a lot of.
I don't know if we're actually gonna see that
in the way that we think we're gonna see it
because we've seen other things that I would argue
culminate to that.
Solar winds, Colonial Pipeline,
the North Korean attack on Sony.
There's several, and again, salt and vault typhoon
that have happened just recently.
Now, the problem is with the exception of what we saw at Sony, those other things I would
argue were using the word attack incorrectly.
I'm a classically trained military officer, enlisted in the Navy, went to the Naval Academy,
went to the Naval War College.
When the military uses the word attack, it has a very, very specific definition.
Definitionally it's something that is with the intent to injure or kill personnel or
damage or destroy equipment.
That is an attack.
Everything shy of that can be fun stuff that we're not happy about, but it doesn't always
say quantify to the category of an attack.
When we call every cyber incident an attack, then the ones that are really, really bad
are called an attack and the ones that are not so bad are called an attack.
And they all begin to blend together
and they all begin to lose meaning.
Because I would argue, if we save the word attack
for things that met a very specific definition,
it would then call into question
how we are going to respond to these things.
So you doing a firewall scan, quote unquote, an event,
somebody might call that an attack.
Well, I would disagree that it wasn't done
with the intent to damage or destroy equipment.
Even if you steal something,
well, that's a criminal activity.
It might even be associated with espionage.
But was it an attack?
I would say no.
Now, Sony on the other hand,
the North Koreans intentionally had the intentions
to damage and destroy equipment that was arguably
a U.S. company or some affiliates in the U.S. I know it's owned by a parent in Japan.
But the point is it was done with the intent to damage or destroy information.
To me that's an attack by its definition.
It's an attack.
And we should have had a way to respond to that.
And then we missed that opportunity, in my opinion, to respond in a way that we could
have.
The Department of Defense needs information technology to support those missions.
Yes, we need computers to send email and we need command and control systems to push data,
but now this is also a domain in which we're going to conduct warfare.
They are looking for means and methods to deliver effects in the domain that are not
necessarily kinetic in nature.
What makes this space really interesting in the near term,
almost every major weapon system that we're acquiring
right now is over budget, behind schedule,
and suffers from major supply chain and workforce shortages.
The ability to move over to the non-kinetic space,
and when I say cyber, I'm really talking about
electronic warfare, information operations,
space, AI, machine learning, all of that is sort of,
I'm just using cyber as sort of the blanket term,
which is referencing all things fundamentally non-kinetic,
which are relatively inexpensive to acquire
compared to, let's say, a Ford-class aircraft carrier,
relatively quick to market
and relatively unconstrained by range.
And I think when you look at companies like Mantek
that are trying to push this narrative,
it's really about, hey, the way that we see warfare today
really lives in the world of the kinetic mind.
Drones have been introduced into the space,
autonomous systems, systems that are cheaper,
attritable, i.e. we don't care if we lose them,
and easy to sort of maintain.
That's the drone world. Well, outside don't care if we lose them, you know, and easy to sort of maintain.
That's the drone world.
Well outside of that, the next one is leveraging non-kinetic effects to go after command and
control systems and targeting systems and satellite systems and infrastructure that
moves trains around or moves water around or keeps electricity flowing.
All of those are target sets and all of those can be engaged theoretically through the non-kinetic
spectrum at a much reduced cost.
It's my perception that
from the government's point of view there is an intentionality in not drawing
bright lines when it comes to cyber.
And when you combine that with the private industry's desire
to sell cyber to businesses and to the government,
so it's in their best interest to make this seem
as scary as possible,
I think you get an interesting tension there.
So what you're sort of hinting at is another really hotly
debated topic with inside, you
know, the cyber community, you know, should we have a cyber force?
Should cybercom and NSA be separated?
I have my opinions.
A lot of them are predicated around things like force generation.
You know, cybercom can enhance budget control, but cybercom can't force the Navy to produce
more cyberwar for engineers.
So that is one of the problems that would be one of my arguments for a cyber service.
But I'm only like 51% in favor of that.
And it's all around fourth generation.
I know all the other problems that would be caused by a cyber service.
But to get back to the other point of your question, what's interesting about that is
I had a general that I'm very, very fond of when we were having a conversation very similar
like this. and I was advocating
for offensive cyber, and he's bringing to the attention
the vulnerabilities that we have, and he says,
Chris, when you're covered in gasoline,
you don't want to have a match fight.
And I said, okay, I get that, but you're saying
I am covered in gasoline, if I don't have a match,
they won't have a match.
So they're certainly going to throw a match at me
because I'm covered in gasoline.
So the point is our vulnerabilities
that we have in all of our systems,
I think are one of the reasons why we didn't necessarily
wanna poke the bear, right?
I don't wanna necessarily have a cyber on cyber fight
because maybe I have much more to lose
because our adversaries are for the most part
unconstrained in the way they would think about targeting
US, whether population or infrastructure
or critical infrastructure. and we are more
constrained, where we would only want to leverage, let's
say, cyber capabilities to engage, let's say, military
warfighting capacity of our adversaries. I think that's
one of the things. And then you get into this idea of the
difference between tools and weapons. You know, Google and
Microsoft are never going to get into the cyber weapons
game, but they certainly provide an environment that is an attractive target to our adversaries.
You know, the Department of Defense runs on Windows. I mean, that's just a fact. And there's
some weapons systems that run on Windows. Just a fact. Commercially provided, and our
adversaries know that, and they work on means and methods to figure out how to deliver effects
against that environment.
For instance, infrastructure is a really good topic to talk about because if I find an adversary
in my water treatment plant, there's nothing there that's inherently an intelligence value
to them.
There's no piece of equipment in that plant that they couldn't go out and buy commercially.
Hell, you could probably ask the company that made that plant to come into your country
and build the exact same thing there.
So there's really no,
all that stuff's publicly available.
So the only reason you're there
is potentially want to impact the operations
of that water treatment plant
at a time and place of your choosing.
Now, there are some cyber norms that were put out by,
there's a group in Estonia that puts cyber norms
and infrastructure is one of these things
they would consider a cyber norm.
Like thou shall not engage critical infrastructure
of another country because of the impact
it would have to the civilian population.
But when you really become sort of a student
of the art of warfare or the laws of armed conflict,
well, if I have a bridge and that bridge supports commerce,
but for two towns on either side,
it's not a military target until there's a tank on it.
If a tank is crossing that bridge,
it's a legitimate military target for those reasons.
And I think what you're seeing is there's a lot of industry
in the United States that is not only of interest
to our adversaries to maybe gain
some inherent intelligence value from it, sure. Steel and actual property, all that
other stuff. But then there's a lot of things that are here that are legitimate
military targets because the way those things support military activities.
Baltimore gas and electric is a legitimate military target because it
provides something like 80% of electricity to the National Security Agency,
which is a military target, right?
So the things supporting it,
you know, the second and third order things
are in themselves defined as legitimate military targets.
Now, if Baltimore Gas and Electric
did not support electricity
to a military war fighting capacity,
then you'd say, well, no, that's not in bounds.
You just made a lot of people unhappy.
You could argue a lot of the things
the Soviets are targeting in Ukraine
are just to make the population over there miserable.
I'm bombing a power plant
because I want the power to go off in the city.
And that power doesn't necessarily support military activity.
Or a hospital.
Or a hospital, right?
Those are out of bounds.
And now the real question comes in
is how do these companies really protect themselves?
Because there's only so much I would expect a company to do.
If you find yourself in the crosshairs of a well-resourced, dedicated, sophisticated
adversary like China, I wouldn't expect Baltimore Gas and Electric to fully be able to protect
itself.
There's some things they should be doing, of course.
There's best practices.
There's probably a lot of technology they should be doing, of course. There's best practices, there's probably a lot of technology
they should be applying to protect and defend.
But a company like Baltimore Gas and Electric,
I need to be survivable, not necessarily cyber secure.
Let's talk about this notion of full spectrum cyber
and this idea that offensive cyber expertise
informs defensive cyber strategies.
Can you unpack that for us?
Everybody says that offense has the advantage, right?
You know, I have to be right once,
the defender has to be right all the time.
And you're always going to find some kind of little hole.
You know, offense is intent.
I think when we really start talking about
what could be happening in the future,
we're really talking about the difference between
like our tool and a weapon, right?
If I'm on your system because I want to break it,
it's not the same because I'm on your system
because I want to steal the information.
Now, stealing the information,
mostly we see through intellectual property
or, you know, just good old intelligence collection.
But when we start talking about, you know,
offense informs defense,
I think we are pretty mature as a, as a community,
whether it's people in uniform or people out of uniform, you know,
there's lots of people that have demonstrated proficiency,
whether it's companies or organizations or, you know, communities to do those things.
What you find is most cyber is in the mind.
It's the person that knows how to sort of operate in and through an environment,
leveraging whatever technology they have access to.
There's a lot of things that script kiddies can use now.
So there are tools that make it easier,
but your real professionals are the ones
that still live in the command line
and know how to operate on demand or operate on the fly.
The trick is when you look at equipping,
let's say cyber forces in the DoD,
is how do I begin to present
capability in such a way that the lowest common denominator cyber operator can be presented
something and still have the ability to be effective in the area that you've asked them
to be.
I think you see variances in capability when you look at the cyber community, whether people
in uniform, out of uniform, you uniform, or working with industry building,
offense and defense capability to support all the above.
So in your estimation, what is the role
that industry plays here helping government agencies
improve their cyber posture?
I guess it's kind of mission dependent, right?
So I'm going to speak for Mantek specifically.
You know, we are a national security company.
So when we look at the things that we do, we're principally
supporting the Department of Defense or the intelligence community.
So the things that we're looking to provide are things that
you wouldn't necessarily go to Microsoft or Google or Amazon to get.
We're supporting very specific missions, which means we're making capabilities
that you're not going to find out there on the public market.
To put not a too fine point on it,
non-kinetic capabilities designed to deny, degrade,
destroy, disrupt, or collect intelligence,
or support the survivability of things
that we need to go beyond cybersecurity
and move into cyber survivability. Like there's lots of companies that are going to do the cybersecurity and move into cyber survivability.
Like there's lots of companies that are going to do
the basic cybersecurity stuff just better than us.
But we're going to acknowledge that there's people
that make really, really good products.
When you start moving beyond traditional cybersecurity
and moving into cyber survivability
and survivor strike or dominance
or delivering effects in the community,
it's more than a slightly different skill
set, but it's also a different intention and where you want to invest resources to enable,
support DOD specific missions, which again, there's a smaller market for us.
Operational technology needs to be survivable, and our military branches need to be able to deliver effects
in this domain that put the hurt on adversary systems,
whether it be in weapon systems or infrastructure
that goes to support them.
I'm not going to go so far as to say critical infrastructure
like civilian water and power,
but certainly infrastructure in place to use
to support those systems
or the things we're going to be thinking about
building capability for.
So you're, you're collaborating with the government on the, the horizon of the possible.
What makes this interesting, this world so interesting is, you know, the cyber game,
the book has not been written yet.
Right?
If I looked at air warfare or we've seen Top Gun and we've seen Hanford October, you know,
those communities have been around for a long, long time.
I think what's interesting in this space is,
new fresh talent could be as relevant,
if not more relevant on day one
because of the idea of them being digital natives.
A lot of the senior military people
are arguably still struggling
with what this thing called cyber is.
When the new cadre of digital natives graduating school,
who know Twitter and X and all,
I can't even keep up with my own kids, apps,
I wish I'd, and I do this for a living, right?
They're just more comfortable in this environment.
And I think those are the ones that are really going to
turn this domain into what it's destined to be.
So, when I talk to a lot of new people coming into the world, or, you know, one of my sayings, I go to them and say,
look, I know I don't know what you know, and I know I know that.
My point is, I know, and I'm just going to push the believe button, that I'm probably never even going to understand what you're trying to tell me.
Even though I don't understand it,
it doesn't mean I'm not going to approve it
or endorse it or support it or champion it
because I believe you are the future
even if I can't understand the ones and zeros
of how you're getting there.
The irony is a lot of the debates we're having
as a military over these new technologies,
if you started reading books of the late 1800s,
early 1900s talking about the submarine or the airplane, all these debates are exactly
the same. We had all of these debates 100 and some odd years ago. And the irony
is, is 100 years later, we're having them again. It's we just insert, you know,
cyber for submarine and AI for airplane. They're all the same.
Well, Chris, thank you so much for taking the time for us today and sharing your
expertise.
Yeah, thank you so much. I really enjoyed being here.
That's Christopher Cleary, VP of Global Cyber Practice at ManTech. What's the common denominator in security incidents?
Escalations and lateral movement.
When a privileged account is compromised, attackers can seize control of critical assets.
With bad directory hygiene and years of technical debt, Identity
Attack Paths are easy targets for threat actors to exploit but hard for defenders to detect.
This poses risk in Active Directory, Entra ID and Hybrid configurations. Identity leaders
are reducing such risks with Attack Path Management. You can learn how Attack Path Management is connecting identity and security teams
while reducing risk with Bloodhound Enterprise,
powered by SpectorOps.
Head to spectorops.io today to learn more.
SpectorOps, see your attack paths the way adversaries do.
And finally, Coinbase is offering a $20 million bounty, but not for lost treasure.
The crypto giant is hunting the modern-day pirate who tried to extort the company using
stolen customer
data.
The would-be blackmailer emailed Coinbase demanding $20 million or else they'd leak
user info.
Coinbase's response?
Affirm no, followed by a blog post worthy of a cyber thriller.
According to Coinbase, the breach stemmed from a small group of overseas customer support
agents, reportedly in India, who were persuaded by cash offers to leak data affecting fewer
than 100,000 users.
The company fired the insiders and is now prepping for remediation costs between $180
million and $400 million because, apparently, loose lips really do sink crypto ships.
While no funds or login credentials were stolen, customer info like emails, masked social security
numbers and transaction histories were.
Coinbase urges users to beware of imposters and phishing scams, promising reimbursement
to any victims
duped by the fallout.
The moral of the story?
If you plan to extort a crypto giant, don't forget that karma is also decentralized. And that's the CyberWire.
For links to all of today's stories, check out our daily briefing at the cyberwire.com.
Be sure to check out this weekend's research Saturday.
My conversation with Max Gannon from Kofence Intelligence.
The research is titled, The Rise of Precision Validated Credential Theft, A New Challenge
for Defenders.
That's Research Saturday.
Check it out.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly
changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
N2K's senior producer is Alice Carruth.
Our Cyberwire producer is Liz Stokes.
We're mixed by Trey Hester with original music and sound design by Elliot
Peltsman. Our executive producer is Jennifer Iben, Peter Kilpe is our publisher, and I'm
Dave Bittner. Thanks for listening. We'll see you back here next week. Worry about cyber attacks? Cyber care from Storm Guidance is a comprehensive cyber incident response and resilience service that helps you stay prepared and protected.
A unique onboarding process integrates your team with industry leading experts. So if an incident occurs, your response is optimal.
Get priority access to deeply experienced responders, digital investigators, legal
and crisis PR experts, ransom negotiators, trauma counselors, and much more.
The best part? 100% of unused response time can be repurposed for a range of proactive resilience activities. Find out more at cyber.care slash cyberwire.