CyberWire Daily - Proton66’s malware highway.
Episode Date: April 22, 2025The Russian Proton66 is tied to cybercriminal bulletproof hosting services. A new Rust-based botnet hijacks vulnerable routers. CISA budget cuts limit the use of popular analysis tools. A pair of heal...thcare providers confirm ransomware attacks. Researchers uncover the Scallywag ad fraud network. The UN warns of cyber-enabled fraud in Southeast Asia expanding at an industrial scale. Fog ransomware resurfaces and points a finger at DOGE. The cybercrime marketplace Cracked relaunches under a new domain. On our Industry Voices segment, Bob Maley, CSO of Black Kite, shares insights on the growing risk of third-party cyber incidents. Taking the scenic route through Europe's digital landscape. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Kim Jones, the new Host of CISO Perspectives podcast, previewing the latest episode where Kim is joined by Larry Whiteside Jr. discussing “Are we a trade or a profession?” Industry Voices On our Industry Voices segment, Bob Maley, CSO of Black Kite, sharing insights on the growing risk of third-party cyber incidents. Selected Reading Many Malware Campaigns Linked to Proton66 Network (SecurityWeek) New Rust Botnet Hijacking Routers to Inject Commands Remotely (Cyber Security News) CISA Issues Warning Against Using Censys, VirusTotal in Threat Hunting Ops (GB Hackers) Two Healthcare Orgs Hit by Ransomware Confirm Data Breaches Impacting Over 100,000 (SecurityWeek) Scalllywag Ad Fraud Network Generates 1.4 Billion Bid Requests Daily (Infosecurity Magazine) $40bn Southeast Asian Scam Sector Growing “Like a Cancer” (Infosecurity Magazine) Fog ransomware notes troll with DOGE references, bait insider attacks (SC World) Reborn: Cybercrime Marketplace Cracked Appears to Be Back (BankInfo Security) Nemesis darknet market founder indicted for years-long “borderless powerhouse of criminal activity” (Cybernews) Digital Weaning Guide from the United States (Dagbladet Information) Two top cyber officials resign from CISA (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
And now a word from our sponsor, Spy Cloud.
Identity is the new battleground, and attackers are exploiting stolen identities to infiltrate
your organization.
Traditional defenses can't keep up.
Spy Cloud's holistic identity threat protection helps security teams uncover and automatically
remediate hidden exposures across your users from breaches, malware, and phishing to neutralize
identity-based threats like account takeover, fraud, and ransomware.
Don't let invisible threats compromise your business. Get your free corporate dark net exposure report
at spycloud.com slash cyberwire
and see what attackers already know.
That's spycloud.com slash cyberwire.
The Russian Proton-66 is tied to cyber criminal bulletproof hosting services. A new Rust-based botnet hijacks vulnerable routers.
CISA budget cuts limit the use of popular analysis tools.
A pair of healthcare providers confirm ransomware attacks. Researchers
uncover the scallywag ad fraud network. The UN warns of cyber-enabled fraud in Southeast
Asia expanding at an industrial scale. Fog ransomware resurfaces and points a finger
at Doge. The cybercrime marketplace cracked relaunches under a new domain. On our industry voices segment
Bob Mailey, CSO of Black Kite, shares insights on the growing risk of third party cyber incidents
and taking the scenic route through Europe's digital landscape.
It's Tuesday, April 22nd, 2025. I'm Dave Bittner and this is your CyberWire Intel Briefing. Thanks for joining us here today.
Great to have you with us.
The Russian autonomous system Proton 66 is tied to bulletproof hosting services that
enable cyber criminal operations, according to Trustwave's Spider Labs. Since January of this year,
Proton 66 has been linked to global attacks targeting tech and financial
sectors, including brute-force logins and vulnerability exploits. One IP address
was tied to super black ransomware, hitting nonprofits and engineering firms.
Attackers exploited flaws in products from D-Link, Fortinet, Mitel, and Palo Alto networks.
Proton 66 also powered phishing campaigns using hacked WordPress sites and served ex-worm
malware to Korean-speaking users via social engineering.
Its infrastructure was used to spread Strela stealer malware in Central Europe
and hosted C2 servers for weak-sore ransomware. Some malicious domains were recently moved
to infrastructure linked to Chang-Wei technologies.
A new Rust-based botnet called Rustobot is hijacking vulnerable routers globally to execute remote commands.
It targets TotoLink and Draytech devices using known command injection flaws.
Affected regions include Japan, Taiwan, Vietnam, and Mexico.
The malware uses crafted payloads to download and run architecture-specific binaries on
compromised routers supporting ARM and MIPS platforms. Rust-O-Bot features advanced
techniques like XOR encryption and system API retrieval via the global offset
table. Once active, it connects to command and control domains and can
launch large-scale DDoS attacks, such as UDP floods.
Fortinet researchers stress that this threat highlights ongoing risks to IoT devices
and the rising use of modern languages like Rust to build resilient and cross-platform malware.
CISA has ordered its threat-hunting teams to stop using Census and VirusTotal, key tools for
cyber threat analysis and malware detection. This shift, driven by budget cuts and political
pressure, may disrupt operations. Census use already ended in March, and VirusTotal use
ceased by April 20. The agency is is seeking alternatives but acknowledges potential
operational impacts. Contractor layoffs and broader downsizing are also underway.
Experts warn these changes could weaken CISA's ability to track cyber threats
amid rising attacks. Two health care providers, Bell Ambulance in Milwaukee
and Alabama Ophthalomology Associates,
have confirmed ransomware attacks that exposed sensitive data of over 100,000 individuals
each.
Bell Ambulance detected the breach in February, with Medusa Ransomware claiming responsibility
and HHS reporting 114,000 affected. Alabama Ophthalmology Associates breach began in January
with B and Leon ransomware behind the attack,
impacting over 131,000 people.
Both incidents compromised personal,
financial, and medical data.
These breaches add to a troubling trend
with over 700 US healthcare data breaches reported in 2024
alone.
Researchers at security vendor Human have uncovered Scallywag, a large-scale ad fraud
network using four WordPress plugins to drive illicit ad traffic through piracy and URL
shortening sites.
The scheme reroutes users through cash-out pages filled with ads before reaching their
intended content.
These intermediary sites slow users down with captions, forced scrolling, wait times, and
extra page clicks to maximize ad views.
Scallywag relies on deep linking to cloak ad-heavy pages as benign blogs, revealing
content only after specific user actions.
Before involved plugins, SoraLink, UIDA, WP SafeLink, and Droplink are either sold to
threat actors or offered for free.
At its peak, Scallywag generated 1.4 billion daily ad requests,
though traffic briefly dropped 95% before rebounding with new sites.
Cyber-enabled fraud in Southeast Asia is expanding at an industrial scale driven by transnational
crime syndicates, warns the U.N. Office on Drugs and Crime.
These fraud operations, rooted in Myanmar and Cambodia, exploit vulnerable border regions,
building scam hubs disguised as tech parks, casinos and hotels.
Syndicates include traffickers, launderers and data brokers, with hundreds of thousands
of trafficked victims supporting operations.
Criminals leverage encrypted platforms, crypto, and even generative AI to scale their fraud,
earning $37 billion in 2023.
The crisis is spreading globally, reaching Africa, South America, and the Pacific.
UNODC calls for urgent action, better regulations, international cooperation,
and stronger law enforcement. The region now faces a deeply entrenched criminal ecosystem
that undermines state sovereignty and governance, likened to a spreading cancer.
Fog ransomware has resurfaced with a new twist. A ransomware note referencing the U.S. Department of Government Efficiency, DOJ, and encouraging
victims to spread the malware.
Trend Micro reports the malware is distributed via phishing emails containing a zip file
with a malicious LNK disguised as a PDF.
Once clicked, a PowerShell script downloads various payloads, including
the ransomware loader, data exfiltration scripts, and a vulnerable driver for privilege escalation.
Victims also see QR codes for Monero payments and strange political references embedded
in the script. Since January of this year, Fog has claimed 100 victims across multiple
sectors, while Trend Micro suspects this latest wave may involve an impersonator using Fog's
tools. They urge vigilance through updated backups, network segmentation, and monitoring
for Fog-related indicators of compromise. The cybercrime marketplace Cracked has relaunched under a new domain, Cracked.sh, after being
taken offline in January during Operation Talent.
Authorities had seized 12 domains and a payment processor linked to Cracked and nulled, but
no arrests were made in Cracked's case.
The site's new admin claims servers
were encrypted, preventing law enforcement from accessing user data. Researchers verified
login access using old credentials, suggesting authenticity.
Meanwhile, Breach Forums, previously seized and known for leaking data, is also claiming
a return, although its legitimacy is in question.
A new site under the name Breach.fi appeared briefly, but confusion surrounds whether it's
authentic or a scam. Cybersecurity experts urge skepticism, noting such sites often return
under false pretenses or become law enforcement traps. Nulled remains offline with arrests made in that case.
Elsewhere, Iranian national Baruz Parsarad
has been indicted by the US Justice Department
for running Nemesis Market,
a dark web marketplace active from 2021 through 2024.
The site facilitated over 400,000 illegal transactions, including $30 million in drug
sales and various cybercrimes, like selling stolen financial data, fake IDs, and malware.
At its peak, it had 150,000 users and 1,100 vendors.
Parserad also offered money laundering and crypto mixing services. He faces up to life in prison if convicted.
Coming up after the break on our industry voices segment,
Bob Mailey, Chief Security Officer at BlackKite,
shares insights on the growing risk of third-party
cyber incidents, and taking the scenic route through Europe's digital landscape.
Stay with us.
What's the common denominator in security incidents?
Escalations and lateral movement.
When a privileged account is compromised, attackers can seize control of critical assets.
With bad directory hygiene and years of technical debt, identity attack paths are easy targets
for threat actors to exploit, but hard for defenders
to detect.
This poses risk in active directory, intra-ID, and hybrid configurations.
Identity leaders are reducing such risks with attack path management.
You can learn how attack path management is connecting identity and security teams while
reducing risk with Bloodhound Enterprise, powered by SpectorOps.
Head to SpectorOps.io today to learn more.
SpectorOps, see your attack paths the way adversaries do.
Do you know the status of your compliance controls right now? Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls
with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you
get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Bob Mailey is CSO of BlackKite, and on today's sponsored industry voices segment, he shares
insights on the growing risk of third party cyber incidents.
The research showed that a lot of the breaches didn't just happen overnight. So what the bad actors like to do is they like to discover vulnerabilities, they find their way in,
and they're pretty silent when they're in there. That's something you're very good at hiding behind the scenes,
looking for assets that are valuable to them before they actually start the exfiltration.
And a lot of times people find out the breach happened after the bad guys, they either announce
it, they're selling their data or they're shutting their systems down with ransomware. Well, how do you define a third-party breach?
What's the breadth of what you include in that definition?
Well, essentially, if a vendor of yours has something happen to them,
and due to that breach, your data is exposed at that company, or what happens sometimes is software that
that third party produces gets compromised and you're using it in your environment.
So it's used as a pivot point for bad actors, that third party, they'll pivot from there
into your environment.
Well, let's go through some of the things that are covered in the report here.
I mean, when we're looking back to 2024,
are there any particular standout breaches from last year
that in your mind really exemplify the risks
of third-party vulnerabilities?
Yeah, there were several.
CrowdStrike was one,
and I don't have all the companies in front of me,
but I think there was five or six that were very public that are in their report that just shows how extensive this problem can be and you
have to be very careful with your third parties. What industries do you think were hit hardest by
these breaches? If I look back through the statistics I believe healthcare was number one,
manufacturing was up there and technology was also in the top five.
Well, let's dig into some of the mechanics here.
I mean, what are some of the key methods
that the threat actors are using
to exploit these third-party relationships?
Well, essentially, they're very good at finding things
that are wrong on the outside of people's environment.
What I mean by that is there's vulnerabilities present on the Internet,
there's credentials that have been leaked,
and they combine a lot of these things when they're examining the data to look for victims.
Once they find something where they can get inside,
it's typically they don't go all of a sudden,
oh, they find the barn door is wide open,
they get in and they get the keys to the kingdom right away.
Really doesn't happen that way.
They'll find a way in and once they're inside,
and again, that's where the silent talks about,
is they'll start, their reconnaissance of what they can see
from their beachhead and they'll figure their reconnaissance of what they can see from their beachhead,
and they'll figure out how to pivot to those assets in your environment that are more valuable.
That's one way. Another way is the old simple phishing. We've sent out phishing emails to
your employees and one of them clicks on it and they are automatically inside because
that click will then launch some type of malware and it depends on what that
employee, what their privileges are at that company, then what the bad actors
can do. But essentially it's another way to establish that beachhead.
One of the things in the report that your team talks about the ripple effect
of third-party breaches
Can you explain that to us? I mean, how does one suppliers breach impact an entire ecosystem?
Well, you might want to look at the crowd strike breach
So they were breached and then how the ripples went out to so many
Thousands of other companies that were affected. So that's
the challenge and I think that's why third parties have really become a
primary target. It's all about scaling your efforts and from a bad actor's
point of view if I can breach one company and exfiltrate data get a ransomware paid. Hey, that's great. But what if I could breach a single company that I can use now to allow me to jump off into a thousand other victims.
So it is economies of scale and bad actors are doing what they do. They're getting money illegally and they want to do it in the
fastest, easiest, simplest way. So they're just leveraging the fact that, well, more of the world
is using third parties. I have a hard time wrapping my head around how a defender comes at this
particular problem because it can be so broad.
You know, there's so many potential suppliers and how do you know what's going on under
the hood of your supplier's software and products and so on and so forth?
What are your recommendations for people who feel like this is such a big hill to climb?
Bourbon? hill to climb. Urban?
Love it.
That may help alleviate the pain on a short term.
It doesn't help solve this from a long term.
That's where research is really valuable.
That's where understanding how you approach
third party risk management,
and I think that's where the challenges are.
That we're still stuck in a very old thought process
of how we look at those.
Questionnaires are typically the go-to risk assessment process
to look at those third parties.
Twenty years ago, they were fabulous because there was nothing else.
But time has changed,
bad actors have changed,
the vulnerabilities have changed,
the scope of our third parties has risen significantly.
Moving to the cloud used to be, oh, we had a hard, crunchy exterior and we protected
our environment that way.
And then the bad actors started figuring out how to kind of get around our hard, crunchy
exterior and it was an ongoing battle. But now we've moved out to the Cloud.
It's easy to spin up new vendors,
and new vendors can get started.
If you don't have to invest a significant amount of money
into physical servers and you can do it on the Cloud,
which I think everybody today, that's what they're doing.
You get spun up on the cloud, which I think everybody today, that's what they're doing.
You get spun up on the cloud.
So it's just the attack surface has grown significantly and it is daunting.
So we have to think about a different way of how we look at assessing third parties.
What do you hope that people get from this report?
What do you hope the take homes would be?
To wake up and look at how their program is running today.
What's the focus of their program?
Risk management involving third parties should be focused on the reduction of
risk and
I think a lot of programs today are more focused on well, we're being told we have to do it
So it's more of a compliance
checkbox
process that
Sure, you're compliant
process that sure, you're compliant, but have you reduced risk? And it's changing that thought process, having a more agile way of thinking about, well,
how do we do this?
And it's interesting because I always, when I'm talking to folks about looking at the
outside in view of vendors, they go,
oh, well, that's not that important.
I'd rather have an inside view, so I have to collect all of their documents,
and I have to ask them all these questions.
And while that information is valuable, it's also dated.
It's not current.
It's not real time.
And bad actors aren't looking at your documentation
to figure out how to break into your environment.
They are looking at that external surface.
So being able to shift your thinking to see the value
in thinking like a bad actor,
and try to get on a level playing field with them
in the battle that we're engaged here.
You know, Bob, we can't have a conversation
about security these days without mentioning AI,
and how does it play into people defending themselves
against third-party risks?
Very interesting.
I've watched this whole space over the last two nap years
since ChachiTP became a thing and every time I would go to a conference, every vendor
had the signs up, now with AI. And most of them really didn't. I was at a
conference last week and instead of now with AI, everybody just has the AI symbol that lends the belief that they're all using AI in an effective way.
And that's the challenge.
They think just because we're going to use AI that we're going to beat the bad actors.
And I heard some folks talking about, well, we're using AI to help speed up the questionnaire process,
to help solve your issues with questionnaires,
the time issue, and you look at it and,
okay, well, yeah, I get that.
You use AI to ingest old documents, old information,
and you pre-fill questionnaires and you've automated
a process with AI that's really not
effective, where AI, I think, has the ability to help us go
through a lot of data and let us focus on areas
that are problematic.
Bad actors use an AI not to be ingenious,
but they're improving their existing processes that work.
And that's what we need to look at,
because AI's not going away.
The big discussions around third party risk management
is how do we assess someone else's use of AI that we want to buy that vendor? Again, this is changing so rapidly that it's hard
to keep track of and it's exciting and it's scary at the same time. The big thing going
on today is that, oh, you can take your picture now and you can put yourself in a Ghibli
movie. Right? Right. You know, I'm guilty of that. On my Zoom icon, that's my, I'm now,
been Ghibli-ized, that's what you call it. And that's all fun. But yeah, there's a lot of value
and potential. But everybody's expecting AI
to solve all the big problems for us.
And today they can't,
but they can use to help us identify,
to improve, to automate, to do better
at what we're already doing.
That's Bob Mailey from BlackKite.
It is always a pleasure to welcome back to the show my next guest, and that is Kim Jones,
host of the CISO Perspectives podcast,
part of CyberWire Pro right here on the N2K CyberWire network.
Kim, welcome back.
Great to be back as always, Dave. We are continuing down this road of exploring cyber talent
and the episode you have coming up really intriguing to me it's titled, Are
We a Trade or a Profession? Unpack that for us. Yeah, so I've been in the
profession long enough.
In fact, I'll take a step back.
This topic began to intrigue me around the mid-20 teens.
The National Academy of Sciences released a report saying that cyber should still be
seen as just an occupation because we were too young, etc.
And then as I've continued throughout my professional path, I've seen arguments from folks that
say what you know should be the only thing that actually contributes to us being promoted
or selected in terms of our raw skills, which would seem to indicate that we are more trade-like
within the environment.
Yet, there are certain skills and business capabilities
and communication skills as we advance up our career
to get a seat at the table that would indicate
that we may be more profession-like
within the environment.
So remember, continuing along this multi-episode arc
regarding talent, it's worth understanding
as to are we a trade? Are we a profession?
Are we both?
Are we neither?
Because we probably have some parts of both of those things within our career passing and how do we distinguish between the two?
Because that can impact how folks enter our, you know, our career, how they enter
the cyber, how they enter the
cybersecurity domain.
And unless we understand what that is and when the inflection points are and what's
needed, we can end up inadvertently excluding people who want to actually come join us.
Well, I mean, let's dig into that.
Why does it matter whether we are a trade or a profession?
What difference does it make?
Okay.
So let me just dig onto the trade portion.
All right.
And I'm going to go to plumbers and electricians and I'm going to give a shout out to my old
admin's husband, Chad, who was a lineman. alignment. And okay, trades have several things in terms of there are clearly defined standards
of entry in terms of this is what I need. If you're a lineman, you have to have a high
school degree with at least two semesters of algebra in order to consider to enter the
trade. There are structured mechanisms to allow you to advance in terms of knowledge requirements to go forth.
If you want to go from an apprentice you might by the way there is a formal apprentice structure.
In order to become a journeyman you must learn certain things have the capability to do certain things and have X number of hours as an apprentice before you become a journeyman
and the list goes on.
So there are pieces and parts of what we do that said, okay, if that's the case, then
I can have clear expectations of requirements of knowledge when I come in.
I must be in a situation where we must massively support true apprenticeship within the environment,
not just internship where we have people go for coffee
or go for the mail room, et cetera,
but true learning apprenticeships within the environment.
And I know what I can expect from those individuals
as we advance.
So we can clarify what those needs are
if we are truly a trade.
But if we say we're a trade, there's a lot there, Dave,
just what I've talked about, that we're not doing. And if we believe we're a trade, then,
excuse my language, damn it, we ought to start doing that. And if you look on the profession
side, there are things that would advocate for us to be a profession, but there are some
things we're missing, such as an overarching code of ethics,
although we would all indicate we do act morally and ethically within the environment.
The biggest thing is sanctioning the organization. If you do certain things as a lawyer, you
can be disbarred andited from practicing your craft.
Same thing if you're a doctor.
We have no standardization body here.
So if I understand what's required in order to advance and I understand how that advancement
is structured, I can then begin to solve the problem that we all have, and we talked about
this last week, in terms of we
now have more openings, we don't know how to fill them.
As we're filling these openings, we're complaining about lack of skills, lack of capabilities,
etc., because we don't know what we want to be when we grow up.
So maybe one of the ways that we can dissect that is to say, are we a trade?
In which case, we should be doing these things in order to advance our careers.
Are we a profession, which means we should be doing these things to advance our careers?
Or is there an inflection point because we're actually both and say that a certain point
in your career or your or certain jobs, we need to shift from one to the other and then
talk about what's needed to make that shift successful.
Well, it's CISO Perspectives.
It is part of CyberWire Pro,
which you can learn all about on our website.
And the host is Kim Jones.
Kim, thanks so much for taking the time for us.
As always, thanks for having me, Dave. Secure access is crucial for U.S. public sector missions.
Ensuring that only authorized users can access certain systems, networks, or data.
Are your defenses ready? Cisco's Security
Service Edge delivers comprehensive protection for your network and users.
Experience the power of Zero Trust and secure your workforce wherever they are.
Elevate your security strategy by visiting cisco.com slash GO slash SSE.
And finally, every time you check your email, map a route, search for a hot dog recipe,
or stream a show, odds are your data packs its bags and settles in the arms of American
tech giants.
Google, Apple, Meta, Amazon, Microsoft.
You know the crew.
The US is basically the digital landlord of modern life.
But what if you'd rather not
have your online behavior monitored under the watchful eye of American data laws?
Well, Europe has alternatives, and Denmark's information publication has published a handy
guide.
Privacy-respecting search engines like France's Quant, Britain's Mojic, or Germany's Ecosia offer
solid Google-free searching.
The Vivaldi browser from Norway, built by ex-Opera devs, lets you surf ad-free with
nerdy flair.
Ditch Gmail for encrypted inboxes like ProtonMail from Switzerland or Tutanota from Germany.
Navigating without Google Maps.
Organic Maps based on OpenStreetMap works offline
and doesn't track your steps.
Social media isn't off limits either.
Try Mastodon instead of XTwitter.
PixelFed over Instagram and PeerTube for decentralized
video sharing.
Just don't expect to find your grandma's casserole recipe
there, not yet.
Streaming fans can dive into DRTV, Mubi, or Filmstribben
for curated European content.
And for cloud storage, Nextcloud and Tresorit are
strong privacy-focused contenders.
Even hardware is an out of reach.
Fairphone from the Netherlands and Mourinha1 from France strong privacy-focused contenders. Even hardware isn't out of reach.
Fairphone from the Netherlands and Mourinha One from France offer de-Googleized smartphones,
while Slimbook from Spain and France and Tuxedo from Germany make Linux-powered laptops.
Escaping the U.S. digital grip takes effort and a bit of curiosity, but if you're ready
to explore tech without
the stars and stripes, Europe's got your back. And that's the CyberWire.
For links to all of today's stories, check out our daily briefing at the cyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly
changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey and the show notes or
send an email to cyberwire at n2k.com.
N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're
mixed by Trey Hester with original music and sound design by Elliot Peltsman. Our executive
producer is Jennifer Iben,
Peter Kilpey is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting
your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal
devices, home
networks and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.