Microsoft releases results of their investigation into cloud email compromise. A vulnerability affects a resort booking service. Adversary emulation for OT networks. Identity protection and identity attack surfaces. Sanctioning privateers (with a bonus on vacation ideas). Rob Boyce from Accenture Security tracks new trends in ransomware. Our Threat Vector segment features Mastering IR Sniping A Deliberate Approach to Cybersecurity Investigations with Chris Brewer. And Estonia warns of ongoing cyber threats.
On this segment of Threat Vector, Chris Brewer, a Director at Unit 42 and expert in digital forensics and incident response, joins host David Moulton discussing Mastering IR Sniping: A Deliberate Approach to Cybersecurity Investigations.

For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/171

Threat Vector links.
Sniper Incident Response from Cactus Con on GitHub
Sniper Incident Response presentation by Chris Brewer on YouTube

Selected reading.
Results of Major Technical Investigations for Storm-0558 Key Acquisition (Microsoft Security Response Center)
Check-Out With Extra Charges - Vulnerabilities in Hotel Booking Engine Explained (Bitdefender)
Deep Dive into Supply Chain Compromise: Hospitality's Hidden Risks (Bitdefender) 
MITRE and CISA release Caldera for OT attack emulation (Security Affairs) 
MITRE Caldera for OT now available as extension to open-source platform (Help Net Security)
Silverfort and Osterman Research Report Exposes Critical Gaps in Identity Threat Protection (Silverfort) 
United States and United Kingdom Sanction Additional Members of the Russia-Based Trickbot Cybercrime Gang (US Department of the Treasury)
Estonian PM: cyberspace is Ukraine war frontline (Euromaidan Press)
Cyberwar and Conventional Warfare in Ukraine (19FortyFive)
Learn more about your ad choices. Visit megaphone.fm/adchoices