Recent criminal activity–it’s as opportunistic as ever. Cyber risk to the pharma sector. Updates on the hybrid war. Returning Cobalt Strike to the legitimate red teams.

Daixin Team claims ransomware attack against AirAsia. DraftKings users suffer credential harvesting and paycard theft. Assessing cyber risk in the US pharmaceutical industry. Killnet claims successes few others can discern. In Ukraine, kinetic attacks on IT infrastructure eclipse cyberattacks. Carole Theriault on digital echo chambers and what's in it for us. Nancy Wang from Forta's Alert Logic discusses how she is helping more young women get into the STEM field and leadership positions. Google seeks to render Cobalt Strike less useful to threat actors. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/224 Selected reading. Daixin Team claims AirAsia ransomware attack with five million customer records leaked (Tech Monitor) Daixin Ransomware Gang Steals 5 Million AirAsia Passengers' and Employees' Data (The Hacker News) DraftKings Users Hacked, Money In Account "Cashed Out" (Action Network) DraftKings says no evidence systems were breached following report of a hack (CNBC) Assessing cyber risk in the US pharmaceutical industry. (CyberWire) Killnet DDoS hacktivists target Royal Family and others (ComputerWeekly.com)  Ukraine Data Centers Became Physical Targets When Cyber Attacks Failed (Meritalk) Making Cobalt Strike harder for threat actors to abuse (Google Cloud Blog) Google seeks to make Cobalt Strike useless to attackers (Help Net Security)  Google Releases YARA Rules to Disrupt Cobalt Strike Abuse (Dark Reading) Google releases 165 YARA rules to detect Cobalt Strike attacks (BleepingComputer)