CyberWire Daily - What up in the underworld’s C2C markets. An update on the Sony hack claims. Notes on cyberespionage, from Russia, China, and parts unknown. And there’s a market for bugs.
Episode Date: September 27, 2023A Joint Advisory warns of Beijing's "BlackTech" threat activity. ShadowSyndicate is a new ransomware as a service operation. A Smishing Triad in the UAE. Openfire flaw actively exploited against serve...rs. AtlasCross is technically capable and, above all, "cautious." Xenomorph malware in the wild. DDoS and API attacks hit the financial sector. In our Industry Voices segment, Joe DePlato from Bluestone Analytics demystified dark net drug markets. Our guest is Richard Hummel from Netscout with the latest trending DDoS vectors. And the FCC chair announces plans to restore net neutrality. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/185 Selected reading. CISA, NSA, FBI and Japan Release Advisory Warning of BlackTech, PRC-Linked Cyber Activity (Cybersecurity and Infrastructure Security Agency) Dusting for fingerprints: ShadowSyndicate, a new RaaS player? (Group-IB) Smishing Triad Stretches Its Tentacles into the United Arab Emirates (Security Affairs) Hackers actively exploiting Openfire flaw to encrypt servers (BleepingComputer) Vulnerability in Openfire messaging software allows unauthorized access to compromised servers (Dr.Web) Suspicious New Ransomware Group Claims Sony Hack (Dark Reading) Sony investigates cyberattack as hackers fight over who's responsible (BleepingComputer) Sony Investigating After Hackers Offer to Sell Stolen Data (SecurityWeek) Xenomorph Malware Strikes Again: Over 30+ US Banks Now Targeted (Threat Fabric) The High Stakes of Innovation: Attack Trends in Financial Services (Akamai) FACT SHEET: FCC Chairwoman Rosenworcel Proposes to Restore Net Neutrality Rules (Federal Communications Commission) Ukraine: Russian hackers infiltrating software supply chains (Computing) Russian hacking operations target Ukrainian law enforcement (CyberScoop) Ukraine accuses Russian spies of hacking law enforcement (Register) Russian hackers target Ukrainian government systems involved in war crimes investigations (Record) Ukraine Cyber Defenders Prepare for Winter (Bank Info Security) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
A joint advisory warns of Beijing's black tech threat activity.
Shadow Syndicate is a new ransomware as a service operation, a smishing triad in the UAE.
Open fire flaws actively exploited against servers.
Atlas Cross is technically capable and above all cautious.
Xenomorph malware in the wild.
DDoS and API attacks hit the financial sector. In our Industry Voices segment,
Joe DiPlato from Bluestone Analytics demystifies dark web drug markets.
Our guest is Richard Hummel from Netscout with the latest trending DDoS vectors,
and the FCC chair announces plans to restore net neutrality.
I'm Dave Bittner with your CyberWire Intel briefing
for Wednesday, September 27th, 2023. We open with some breaking news, a warning of state-sponsored industrial espionage.
A joint cybersecurity advisory was issued this morning by U.S. and Japanese security and intelligence
agencies, warning of BlackTech, an industry espionage activity cluster operated by China.
BlackTech has shown the ability to modify router firmware undetected and to exploit routers' domain
trust relationships. The campaign has begun by compromising routers in subsidiary companies
and then pivoting from the subsidiaries to corporate headquarters in the U.S. and Japan.
The goal of Black Tech's collection has, for the most part, been the acquisition of intellectual
property. Group IB describes a new ransomware-as-a-service affiliate called Shadow Syndicate.
The researchers state,
It's incredibly rare for one secure shell fingerprint to have such a complex web of connections with a large number of malicious servers.
In total, we found Shadow Syndicate's SSH fingerprint on 85 servers since July 2022.
fingerprint on 85 servers since July 2022. Additionally, we can say with various degrees of confidence that the group has used seven different ransomware families over the course
of the past year, making Shadow Syndicate notable for their versatility.
ReSecurity warns that the smishing triad threat actor has vastly expanded its attack footprint
in the United Arab Emirates.
The researchers believe the goal of the campaign is to steal personal and financial data from
Emirati citizens, stating, the group typically sends out malicious text messages from iCloud
accounts they have previously hijacked while masquerading as reputable organizations like government agencies, financial institutions, and shipping firms.
Smishing Triad is also offering its smishing kits for sale on Telegram to other cybercriminals,
so it's another player in the C2C market.
Bleeping Computer reports that threat actors are exploiting a vulnerability in OpenFire messaging servers
to deploy ransomware
and crypto miners. OpenFire released a patch for the flaw in May 2023, but as of last month,
more than 3,000 servers were still vulnerable. Dr. Webb warns that the ongoing campaign has
been active since at least June, stating, this exploit performs a directory
traversal attack and allows unauthorized access to the administrative interface of the OpenFire
software, which is used by attackers to create a new user with administrative privileges.
And, of course, the incidents are another lesson in the school of hard knocks on the importance of patching. We know that patching isn't always as easily done as it is advised,
but known vulnerabilities are far more often exploited
than are the flashier and feared zero days.
Cybersecurity Connect has reported that a ransomware gang, Ransomed.vc,
claimed to have successfully hacked into Sony,
gaining access to sensitive information the company holds.
Sony has said very little about the incident.
The company did offer a terse statement to IGN, which reads in full,
We are currently investigating the situation, and we have no further comment at this time.
Outsiders who've seen the proof-of-hack ransomed.vc offer are skeptical.
It seems far short of what one would expect from a compromise of the claimed magnitude,
and it's also consistent with being information culled from a variety of third-party sources.
Cybersecurity Connect says it consists of screenshots of an internal login page,
an internal PowerPoint presentation outlining test bench details, and a number of Java files.
Ransomed.vc is thought to be a new group, active only over the past month or so,
although some of its members may be alumni of other gangs,
it appears to operate mostly from Russia and Ukraine,
and seems to be both a direct ransomware operator and a player in the ransomware-as-a-service market where it recruits criminal affiliates.
Bleeping Computer notes that another criminal actor, Major Nelson,
disputes Ransomed.vc's claims,
saying that it's the actor who's in fact responsible.
A question, is the hacker handle Major Nelson an homage to I Dream of Jeannie?
The world wonders, or at least people who watch reruns of 1960s vintage American situation comedies wonder.
runs of 1960s vintage American situation comedies wonder. NS Focus Security Labs reports tracking a patient persistent low-profile APT that's impersonating the Red Cross to prospect its
victims. The researchers call the threat group Atlas Cross. The researchers believe that Atlas
Cross shares no significant attribution indicators with other known threat groups.
None of the usual markers, which NSFocus lists as execution flow, attack technology stack, attack tools, implementation details,
attack objectives, and behavior tendency show any similarity to those employed by other actors,
and the researchers offer no speculation about Atlas Cross's allegiance.
The initial approach is phishing.
An email with American Red Cross blood donation information
in its subject line carries an attachment,
Blood Drive September 2023.
For the fish bait document to be displayed,
the victim is prompted to enable macros.
The preliminary screen carries
a reassuring note. This document is protected by McAfee DLP. Click enable content to view.
Once the target does so, the document displays a promotional flyer for an American Red Cross
blood drive. It also initiates communication with the attacker and installs a loader trojan.
That loader detects the host environment and executes shellcode that subsequently loads the final payload, Atlas Agent,
which collects information about the host, executes shellcode, and carries out further actions against the target.
further actions against the target. Atlas Cross has compromised 12 servers, all of them in the United States, and all of them hosted in an Amazon cloud. The hosts are otherwise clean
and are unlikely to trip warnings or otherwise arouse suspicion.
A new version of the Xenomorph Android banking trojan is targeting customers of more than 35 U.S. financial institutions,
according to researchers at Threat Fabric. The threat actors also continue to target users in
Spain and Canada. The researchers note, from a purely technical point of view, this new campaign
of Xenomorph does not feature major modifications from its previous iteration. This is a testament to the maturity of this Android banker.
Most of the work from the threat actors operating Xenomorph
is going into developing additional ATS modules
and, most importantly, distributing their product.
Akamai this morning outlined trends in DDoS and API-based attacks
afflicting the financial sector.
They're up across the board. Akamai says web application and API attacks in the financial
services industry grew by 65% when comparing the second quarter of 2022 with the second quarter of
2023, accounting for 9 billion attacks in 18 months. This was driven in part by cyber criminal groups' active pursuit of zero-day and one-day vulnerabilities
as pathways for initial intrusion.
Additionally, the report found that banks are bearing the brunt of web attacks,
followed by other financial services companies such as fintech, capital markets,
property and casualty insurance, and payments and lending companies.
Jessica Rosenworcel, chair of the U.S. Federal Communications Commission,
announced plans this week to restore net neutrality rules that were established in 2015
but rescinded during the Trump administration.
The FCC said in a fact sheet that net neutrality would establish basic rules
for internet service providers
that prevent them from blocking legal content,
throttling your speeds,
and creating fast lanes that favor those
who can pay for access.
And finally, hey everybody,
there's more than a bounty on bugs.
There's an investment opportunity too.
VCs are pouring hundreds of millions with a capital M into bug farming startups,
which appears to represent a new development in the bug hunting industry.
Yes, the red teamers are moving from their primitive hunter-gathering phase
to the more systematic hydraulic farming stage of their civilization,
and investors are taking notice, says Crunchbase. Oh, sorry, they're talking about actual bugs,
the kinds with at least six legs, or sometimes none at all. We should probably read behind the
headline, boy are our faces red. It just shows how important it is to RTWT, as the kids like to say.
The VCs want to put their money in companies that will enable livestock pets and people to eat more bugs,
as if they aren't doing so already.
The bugs are an eco-friendly and protein-rich alternative to that gack you're probably eating right now.
If you're into this kind of bug, and let's face it, not everyone is,
we earnestly recommend a visit to Montreal's Insectarium, the world's biggest bug museum and zoo.
Those software bugs, the other kind, well, forget about it.
Not as tasty.
And those VCs invest in so many things.
In the software as opposed to the entomological world, we say step right up.
There's an NFT in Brooklyn you might be interested in.
Coming up after the break,
Joe DiPlato from Bluestone Analytics demystifies dark web drug markets.
Our guest is Richard Hummel from Netscout
with the latest trending DDoS vectors.
Stay with us. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like
Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber
for $1,000 off.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your
company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
There is a certain mystique when it comes to the dark web,
the metaphorical back alleys of the Internet
where buyers can find everything from stolen credit card numbers
to databases of login credentials,
and, of course, physical goods like drugs.
Bluestone Analytics, as an organization,
supports national security through their Dark Blue Intelligence Suite.
In this sponsored Industry Voices segment, I check in with Joseph DiPlato, CTO and co-founder of Bluestone Analytics, for his insights on dark web drug markets.
We define the dark web as a part of the general internet that requires additional input from the user to access.
And whether that's a username and password or some type of encrypted application
that allows a user to have end-to-end encryption,
there's an additional item that the user needs to access this environment.
Can you help demystify it a bit for us?
It was something that I wanted to
go poke around in, I was curious about, you know, what sort of effort would it take on my part to
be able to do that? Today, it's actually very easy. There's projects like the Onion Router,
better known as Tor, which is the most popular dark web that's out there. And there's an app
for it. So you can actually download an app for your iPhone or Android device, or just download a browser, a dedicated browser for your Mac or PC,
and then instantly have access to that specific dark web.
Well, let's dig into the topic of drugs on the dark web. I suppose it's that age-old thing that
where there's a desire, there's a market, and this is where we find a popular market for drugs?
Absolutely.
So you can find nearly any drug that you are looking for within this environment.
There are both individual sellers that will run their own sites as well as drug marketplaces that are run by a certain organization or certain individual where multiple vendors can come in and sell their goods.
And how does the marketplace work?
I mean, where are the providers getting their product?
How do things get paid for?
How does it all run?
So it's reputation-based.
So it's on the manufacturers or the vendors to ensure that their product is actually good, high quality,
and is not, for lack of a better word, killing their users. So they're finding their drugs or manufacturing their drugs in
multiple different places. From our research, from our analytical team, there's a lot of traffic of
Chinese-based companies selling what we call precursor chemicals. And then once you have a
precursor chemical, you can ship that anywhere that's not as regulated
or well-regulated like regular drugs.
And then you can create other drugs like fentanyl, which there's a huge opioid crisis in the
U.S.
You can create those anywhere in the world and then get those into whatever country you
need.
So what you could do is you could buy precursor chemicals from China, let's say, have them
shipped directly into the US or Mexico,
and then actually manufacture and create the drugs there.
So you're not moving drugs internationally,
you're moving pizzas or parts of those drugs internationally.
Are there legitimate uses for the dark web here?
I mean, beyond the drug markets?
I think it has this reputation of being this dark, scary place. Is there another
side to it or does it reputation come deserved? Yeah. So historically, the whole reason the
dark web came about was a way for marginalized individuals or citizens of a country who are
under a dictatorship or having their rights taken away to get information out of that country into the international community without direct connections back to themselves.
So an anonymous way that they could report on the ground information without themselves or their families becoming a target of these oppressive governments. And I think of countries like Iran, Russia now, even China, where what we see on
news might not necessarily be the truth on the ground.
Are there any of these chemicals that are of particular concern to you,
that are particularly troublesome?
Yeah, so essentially any synthetic opioid. So there's one synthetic opioid in particular, isotonitazine, that has its potency when compared
with other opioids is a lot, a lot greater.
It's more potent than morphine, with estimates ranging anywhere from 50 to over 100 times
more potent than morphine.
So this makes it one of the more potent synthetic opioids,
although there's even more potent substances out there like carfentanil. When you compare those
opioids like fentanyl, another synthetic opioid, it's approximately 50 to 100 times more potent
than morphine as well, giving the potency of isotonitazine in a similar range. And the two
can be considered roughly comparable in strength.
But again, that's the issue with these synthetic opioids is the potencies can vary based on how
they were produced, right? Unlike pharmaceuticals, like actual, we'll say legal drugs that have a
pretty substantial and reviewed manufacturing process. These don't.
People are making them anywhere.
Cartels are making them in warehouses and people's basements.
It's difficult to have a consistent strength when you're not consistently making a batch
with the same equipment and the same people every single time.
And to what degree are these folks aware of your efforts
and actively attempting to thwart what you're up to?
That's a great question.
So we do monitor our back end,
and obviously we have to have our security team
and security crew have their T's crossed and I's dotted.
Oftentimes when we publish reports
and we publish public white papers
that we'll push
off to various government agencies and throw up on our websites, oftentimes after those
reports are published, we do see sudden spikes in traffic, let's say, against both our website
as well as our tools coming from various countries.
And I'm not going to name those countries on here.
But it does make you a target.
But beyond that, what type of target is
unknown. To date, we really haven't had any major compromises. So it's hard to know what specific
information these groups are actually looking for. And at the end of the day, we're just a small
company, right? To them, it might be more effective to go after the actual government agencies
themselves versus, you know, small crew that's just trying to do good in the world.
You know, for the folks in our audience who are security professionals,
what's your advice for them keeping an eye on these markets, you know, to have intelligence
into these sorts of places? How do they dial that in an effective way?
It really depends on the tooling that they have on their back end.
However, I am a huge fan of consuming threat intelligence,
and my recommendation would be to pull up as much white papers
and as much information from experts that are in this space
that are actively going in there, collecting and aggregating this information
and presenting it in a digestible way
or purchasing a threat intel feed
or an API from some of these vendors
that you actually have that information
in your specific system
so that when you're doing searches,
when you're looking for selectors
or trying to find correlations,
you have the biggest view
and the biggest net possible
to catch whenever you see anomalous activity.
That's Joseph DiPlato from Bluestone Analytics.
The folks at application and network performance monitoring company Netscout
recently shared the latest edition of their biannual DDoS threat report,
documenting the trends they're tracking in distributed denial of service incidents.
Richard Hummel is senior manager of threat intelligence at Netscout,
and he joins us with insights from the report.
One, we have more DDoS attacks than we've ever had.
Two, the adversary has gotten wise
to many of the defensive postures and have changed tactics.
Three, there's different kinds of infrastructure
being used to deploy these attacks
in ways that we've not seen previously.
Four, vectors are still being discovered,
which means new things that adversaries are using
and defenders have to come up with ways to mitigate.
We also have the encrypted traffic that's causing issues.
We have DNS query floods attacking DNS servers,
authoritative, recursive, you name it.
We have all of this different methodology employed in place.
And so I would say where we're in the state of the union is we're in a hot mess.
And DDoS attacks are kind of surging in levels unprecedented.
Whether it's methodology, it's direct path attacks, it's botnet-based attacks, it's attacks against application layer, kind of web apps, websites, things like that.
Geopolitical hacktivism involved in DDoS at levels we've never seen before.
You've got Anonymous Sudan, you've got Kilnet, you've got DDoS, you have all these different
gangs out there.
We had the spurt of financially motivated DDoS extortion is what we would call it.
So I would say that we're further down the creek than we wanted to without all of our paddles.
Well, let's dig into some of the details of the report here.
What were some of the highlights that caught your eye?
I think the biggest thing that has changed for us, or not really changed per se,
is that every time we think we've reached a new watermark, that watermark just disappears.
And we're, wait a minute, where are we at now?
And we're doing things with our data now
that we've not previously done to kind of predict,
not necessarily predict,
but try to get a better understanding
of what's happening in different nuances.
Let me put it this way.
When you go and you look at the DDoS threat landscape and you say,
wow, NETSCOUT saw 13, 14 million DDoS attacks in this year, you're like, wow, that's a lot of
attacks. And if you look at all of the other DDoS reporting out there, many of them will say,
well, we saw 30,000 attacks in a year. Well, we see like 44,000 DDoS attacks per day.
And that is a conservative estimate. I would say that that's a drop in the bucket compared to what actually is out there.
The reality is that many of the DDoS attacks that are launched by adversaries just go completely unnoticed because they don't cause a ripple effect.
They don't cause downstream damage.
There's a lot of things to consider here where service providers are like, you know what?
Okay, it's a DDoS attack, but do I really care?
Is it really knocking anyone offline?
Can I just saturate across my network? And so I would put a thought-provoking question out there.
Is 14 million attacks really what we see in a year? Or is it more like 200 million?
And that's actually something that I've been spending a lot of time on and researching.
And when we actually go live with our webinars sometime mid-October for the threat report,
we're going to talk about something calledober for the threat report, we're going
to talk about something called a DDoS tax. We're going to talk about something called the calculated
ceiling of DDoS attacks. And both of these are, look, DDoS attacks are always there. They're
always present. They're always underlying normal internet traffic. And also the actual numbers of
these things are way higher than we even think or what we report typically.
And so I would say that if there's a watermark, if there's a record, it's there to be broken.
And at some point in time, it's going to be broken. And that's really kind of what we've seen
time and time again. This is our 11th report. So five and a half years now, we've been doing this.
And that's really every single time. We don't think something's going to get broken. And guess what? It gets broken. And so DDoS attacks, the methodology,
the different vectors, what adversaries are doing, how they're innovating, how infrastructure is
changing. That's really kind of the most surprising to me. There's a couple of individual key findings
in there that were also a little bit eye-opening, but I would say that's the biggest one, is just understanding that no matter what we think is the ceiling, we need to
think again. And where do we stand in terms of being able to adequately defend against these
attacks? I mean, are the tools that we have today up to the task? Absolutely. I think if the right
tools are chosen, the right solutions are in place,
and the right training is present, as well as that periodic retesting, that's going to solve
your problems. Now, let me put it this way. Do you need DDoS protections, mitigations,
providers from Netscap? Now, this could be biased a little bit. I will say we have the best solutions, but practicing things like BCPs or best current practices, making sure that your systems are patched, making sure you have proper segmentation and isolation of your network, make sure your crown jewels are taken offline or unaccessible to the public, making sure that you have redundancies in place. If you follow BCPs, that's like 80% of the way there.
It's the extra 20% where you need the solutions.
You need something.
If you're an enterprise, you're a large enterprise, you need something on-prem.
Why?
Because a service provider has hundreds, thousands of downstream subscribers and enterprises
that they have to protect at the same time. Now,
if you have a thousand people being attacked at one time, can you dedicate the resources necessary
to make sure that this one entity over here is always protected and always going to get the best
absolute possible protection that your upstream can provide? Chances are it's probably not, right?
So if you're an enterprise and you have to maintain your always up posture,
then you need to make sure you have something online protecting you from packet one.
You can't wait for the service provider to free up or have capacity or trigger some really high
bandwidth throughput threshold that's just way too high for you. So enterprises must have an on-prem.
You must have it in line. You also don't want it stateless because the problem a lot of enterprises make is they
try to defend DDoS with firewalls.
Firewalls are not designed for this.
You want your firewall focused on the more insidious threats, the things where you need
to reassemble the sessions.
You need to examine inside those packets, understand the payloads.
No, you need a stateless device here that says, I'm going to just drop all this stuff
here because I know it's bad.
Now, that's not even a full solution because
what happens when you get a 100 gig attack? Now the on-prem solution for an enterprise doesn't
scale, right? Maybe you can go up to 100 gigs, but what about the 300 gig attack? Maybe you're a
really massive enterprise that happens to get into the world stage in politics. And now you've got
Killnet and you've got Anonymous Sudan and all these guys coming after you, launching these big attacks.
Is it going to suffice that you have this on-prem inline?
No, now you need to have upstream protection as well.
So when your on-prem is overloaded, you can signal up to the cloud.
You can signal up somewhere else to say, hey, I need help with these.
If you're a service provider, now you've got to worry about all these subscribers.
So you have to have massive capacity and scale.
Then you have others that maybe can't afford these different things. So you're looking at
a cloud-only solution just to protect maybe a few websites or a few different assets.
So there's a lot of different scenarios here. And I would say that the solutions in place
absolutely work, but you have to have the solution in order for it to work.
That's Richard Hummel from NETSCOUT. Cyber threats are evolving every second,
and staying ahead is more than just a challenge. It's a necessity. That's why we're thrilled to Thank you. ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach
can keep your company safe and compliant.
This episode is brought to you by RBC Student Banking.
Here's an RBC Student offer that turns a feel-good moment into a feel-great moment.
Students, get $100 when you open a no-monthly-fee RBC Advantage banking account
and we'll give another $100 to a charity of your choice.
This great perk and more only at RBC.
Visit rbc.com slash get 100, give 100.
Conditions apply.
Ends January 31st, 2025.
Complete offer eligibility criteria by March 31st, 2025.
Choose one of five eligible charities.
Up to $500,000 in total contributions.
And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
You can email us at cyberwire at n2k.com. We'd love to know what you think of this podcast. You can email us at cyberwire
at n2k.com. Your feedback helps us ensure we're delivering the information and insights that help
keep you a step ahead in the rapidly changing world of cybersecurity. We're privileged that
N2K and podcasts like the Cyber Wire are part of the daily intelligence routine of many of the most
influential leaders and operators in the public and private sector, as well as the critical security teams supporting
the Fortune 500 and many of the world's preeminent intelligence and law enforcement agencies.
N2K Strategic Workforce Intelligence optimizes the value of your biggest investment,
your people. We make you smarter about your team while making your team smarter.
Learn more at n2k.com. This episode was produced by Liz Ervin and senior producer Jennifer Iben.
Our mixer is Trey Hester with original music by Elliot Peltzman. The show was written by
our editorial staff. Our executive editor is Peter Kilby, and I'm Dave Bittner.
Thanks for listening. We'll see you back here
tomorrow.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable, Thank you. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.