CyberWire Daily - A new purchase is cause for a call out.
Episode Date: January 26, 2024Senator Wyden calls out the NSA for purchasing American’s internet records. Senators look to add IT and ICS environments to federal employee cyber competitions. The FTC asks big tech about their inv...estments in AI. Turns out the GSA bought a bunch of Chinese security cameras. Akira ransomware claims a breach of Lush cosmetics. ESET reports on the Blackwood cyberespionage group. Wired looks at Predatory Sparrow. The U.S. stands firm on the United Nations Cybercrime Treaty. Our guest is Tony Surak, CMO & Operating Partner from DataTribe, with insights on the state of venture capital in cyber. And a Trickbot gang member will be doing some time. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Tony Surak from DataTribe joins us to share his take on the state of the VC cyber market. Selected Reading Wyden Releases Documents Confirming the NSA Buys Americans’ Internet Browsing Records; Calls on Intelligence Community to Stop Buying U.S. Data Obtained Unlawfully From Data Brokers, Violating Recent FTC Order Senate Committee debuts bipartisan bill to add OT, ICS environments to federal employee cyber competition FTC officially asks Big Tech about their AI deals | Cybernews GSA Sparks Security Fears After Buying Risky Chinese Cameras Akira ransomware gang says it stole passport scans from Lush • The Register Elusive Chinese Cyberspy Group Hijacks Software Updates to Deliver Malware - SecurityWeek How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar | WIRED On eve of final negotiations, US says consensus growing around ‘narrow’ UN cybercrime treaty Trickbot malware developer sentenced to 5 years behind bars • The Register Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Senator Wyden calls out the NSA for purchasing Americans' Internet records.
Senators look to add IT and ICS environments to federal employees' cyber competitions.
The FTC asks big tech about their investments in AI.
Turns out the GSA bought a bunch of Chinese security cameras.
Akira Ransomware claims a breach of Lush Cosmetics.
ESET reports on the Blackwood Cyber Espionage Group.
Wired looks at predatory Sparrow. The U.S. stands firm on the United Nations Cybercrime Treaty.
Our guest is Tony Surak from DataTribe with insights on the state of venture capital in cyber
and a TrickBot gang member will be doing some time. It's Friday, January 26th, 2024. I'm Dave Bittner, and this
is your CyberWire Intel Briefing. briefing. Happy Friday, everyone, and thank you for joining us. It is great to have you here.
U.S. Senator Ron Wyden has confirmed that the NSA is purchasing Americans' Internet records,
highlighting what he says is a significant privacy issue.
Wyden criticized the intelligence community for legitimizing a data broker industry
that operates in violation of Americans' privacy rights.
These records can expose personal details like mental health or medical facility visits.
This practice, he argues,
not only breaches privacy ethics but may also be illegal, following a recent Federal Trade
Commission ruling requiring informed consent for data sales. Highlighting a legal gray area,
Wyden notes that data brokers and intelligence agencies have been covertly trading personal data.
He criticizes app developers and advertisers for not disclosing their data-sharing practices or seeking user consent. Responding to these concerns, Wyden urges the Director of National
Intelligence Avril Haines to direct intelligence agencies to stop buying illegally obtained
personal data. He also calls for
compliance with the FTC's recent guidelines, which state that Americans must consent to their data
being sold for national security purposes. Wyden proposes three actions for intelligence agencies.
Conduct an inventory of purchased personal data, verify data sources against FTC standards, and purge data not
meeting these standards, reporting any retained data to Congress and the public. This aligns with
the DNI's Senior Advisory Group's 2022 recommendations on managing commercially available
information. The U.S. Homeland Security and Governmental Affairs Committee, led by Senators Gary Peters and Mike Braun, introduced a bipartisan bill to enhance federal cybersecurity training.
This legislation aims to expand the President's Cup cybersecurity competition to include skills in operational technology and industrial control systems, vital for protecting critical infrastructure.
and industrial control systems vital for protecting critical infrastructure.
Organized by the Cybersecurity and Infrastructure Security Agency,
this national competition seeks to develop top cybersecurity talent in the federal workforce. The move responds to growing cybersecurity threats,
particularly against crucial systems like those in the water utility sector.
The initiative reflects a broader strategy to
strengthen national cybersecurity defenses. The U.S. Federal Trade Commission has initiated an
inquiry into the significant investments made by major tech companies in leading AI firms.
The FTC's orders target Microsoft, Google, Amazon, OpenAI, and Anthropic, spurred by concerns that these
investments may reinforce the dominance of these tech giants in the internet economy.
Microsoft's substantial investment in OpenAI, known for ChatGPT, and its use of Microsoft's
cloud computing, along with Amazon and Google's deals with Anthropic, a company focused on responsible AI, are under scrutiny.
FTC Chair Lina M. Khan emphasized the need to ensure healthy competition and innovation in AI,
avoiding tactics that could distort these objectives.
The inquiry, authorized under Section 6B of the FTC Act,
seeks to understand the strategic rationale, competitive impact,
and market dynamics of these investments and partnerships.
The General Services Administration was reported to have procured 150 Chinese-made cameras
after receiving misleading information, according to an Inspector General report.
This procurement, which contravenes a statute limiting federal
agencies from buying Chinese products, highlights the challenges in keeping unauthorized foreign
technologies out of U.S. federal systems. The complexity of global supply chains and the
difficulty in vetting every component for security risks contribute to this issue. The Inspector
General recommended the GSA to dispose of these
cameras and improve its procurement processes to prioritize secure and authorized technologies.
The GSA has agreed with these recommendations, though it's unclear how many non-compliant
cameras are still in use. The Akira ransomware gang has claimed responsibility for a cybersecurity breach at British cosmetics company Lush,
allegedly stealing 110 gigabytes of data, including personal documents like passport scans
and company information related to accounting, finances, and clients.
There's no evidence of customer data exposure.
Akira, known for its extortion tactics, has threatened to publish the stolen data.
The group, which emerged in early 2023, is notorious for targeting organizations across the UK, Australia, and North America,
and is linked to the defunct Conti ransomware operation.
Lush acknowledged the incident, working with forensic experts and taking immediate
security measures. Akira's tactics often involve exploiting vulnerabilities in remote access tools,
underscoring the importance of timely patching and multi-factor authentication.
The cyber espionage group Blackwood, active since at least 2018, has been covertly targeting organizations and individuals in China and Japan.
According to cybersecurity firm ESET, Blackwood uses adversary-in-the-middle attacks
to deploy the sophisticated NSPX-30 implant through updates of legitimate software like SoGal Pinyin, Tencent QQ, and WPS Office.
Togao Pinyin, Tencent QQ, and WPS Office.
The implant, which includes a backdoor and other malicious components,
is adept at concealing its command and control operations.
Blackwood's targets include individuals linked to a British research university and various businesses in China and Japan.
ESET's findings suggest that Blackwood has a sophisticated operational capability,
including the ability to deploy backdoors remotely and exfiltrate data effectively.
Wired takes a closer look at the predatory Sparrow hacker group that's been targeting Iran with
disruptive cyber attacks for years, focusing on civilian infrastructure. One of their most notable attacks
was on the Khuzestan steel mill in Iran. Despite Predatory Sparrow's claim of caution, the attack
endangered workers, causing a spill of molten steel and fire. Predatory Sparrow has also disrupted
Iran's railway system and gas station payment systems, causing widespread inconvenience.
Iran's railway system and gas station payment systems, causing widespread inconvenience.
Their tactics suggest high technical proficiency, possibly indicating government or military backing.
Analysts believe Predatory Sparrow aims to demonstrate a capability to disrupt Iranian
society in response to Iran's aggression.
The group's actions, including sophisticated malware deployment and strategic targeting, highlight its role in the ongoing geopolitical tensions between Iran and its adversaries.
As final negotiations wrap up, the U.S. is pushing for a narrower United Nations Cybercrime Treaty, focusing on cyber-dependent crimes rather than a broader range of tech-enabled offenses,
differing from Russia and China's preference for a wider scope.
The U.S. emphasizes human rights protections and collaboration in law enforcement,
countering concerns that the current draft could criminalize cybersecurity research and impact data privacy.
Critics, including tech firms and human rights groups,
call for significant revisions to align the treaty with human rights standards.
The U.S., part of the Budapest Convention,
seeks a treaty focused on serious cybercrimes
and maintains that existing draft provisions adequately cover cybersecurity research.
The U.S. aims to prevent the misuse of the treaty for controlling
information and insists on safeguarding human rights in the final agreement.
Coming up after the break, Tony Sirach from DataTribe has insights on the state of venture
capital in cyber.
Stay with us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with
Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews,
and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures
their personal devices, home networks, and connected lives. Because when executives are
compromised at home, your company is at risk. In fact, over one-third of new members discover
they've already been breached. Protect your executives and their families 24-7, 365,
with Black Cloak. Learn more at blackcloak.io.
Longtime CyberWire listeners know that we are funded in part by an investment from DataTribe,
an organization that bills itself as a global cyber foundry based in Fulton,
Maryland, that invests in and co-builds cybersecurity and data science companies.
So, last week, when we had a story cross our desks about how 2023 had been a down year for
cybersecurity investment, I reached out to Tony Surak, Chief Marketing Officer and Operating Partner at DataTribe, for his insights.
Well, I see a continuation of the great extinction that was going on over the last 18 months,
where companies that weren't getting the traction, that were not controlling their spend,
were having an impossible time raising additional funds.
And so you would see these companies, most would go away.
Some will be exited through aqua hires.
And the ones that are able to survive and get through this will be the winners later on. The question
is, how long does that continue? To what degree is that the result of the running out of what I've
seen described as free money? You know, when we had interest rates as low as they were,
it seems to me it was a lot easier for folks to raise funds. How does that play into this?
lot easier for folks to raise funds. How does that play into this? Yes, that's a big part of it. It's just like the big controller to the public markets. It's either the Fed is accommodative
or they're restrictive at kind of a high, you know, kind of gross level. And that trickles down
into venture and PE and other areas.
For such a long time, there was easy to obtain money.
Individuals had money because stocks, companies were exiting and they were getting money.
So people felt flush with cash and they all wanted to participate.
They either became angels, they invested as LPs in funds, the ones they can get
into. As long as companies are exiting or seeing bump-ups in multiples, you'd have this kind of
frenzy. And then when the music stops, you know, like musical chairs, I don't know if people know
what musical chairs is anymore, but the music stops and there's not enough chairs for the companies that unless they
had a good model, they're going to fall to the ground. So the cycle continues.
Where do we stand now? I mean, what's your outlook for 24 as we look ahead?
Well, I see this continuation of the same until it stops. But I will say that there is money available for good founders with new ideas, looking to raise money at the seed round.
There's money available for bigger companies that got their product market fit and their cost structures in place. I mean, January has already seen
several VC deals that are $100 million plus size checks and rounds. So those are happening.
But for companies that may have raised money at previously higher valuations and they weren't
there on their metrics, they're going to have a hard time.
And they'll slowly run out of cash or if they haven't made the hard cuts, they're going to have to do it soon.
How has this affected you and your colleagues here at DataTribe in terms of the forecasting you're doing, the companies that you're trying to invest in,
to show interest in? Yes. So for those folks who don't know, Data Tribe is a
early stage seed equity investor. We have a very hands-on model where we co-build the companies.
We focus on cyber and data science, and there's no shortage of ideas
and opportunities there. So we continue to see a pretty healthy deal flow of new company
founders coming in. If anything, the six years I've been here, every year the teams and the
founders get stronger and there's just really good solid founder market fit. So there's no shortage of
ideas there. For companies that may have received their seed rounds one, two, three years ago,
the ones that don't really get the product market fit right are going to struggle with
raising an A round. But if they have a good idea and are close and just need
more time, there is opportunities to raise either smaller second seed rounds or some other type of
debt financing to give them the extra runway to hopefully hit the metrics that allows them to
raise a more traditional A round size company. I want to get your advice coming from two
different directions here for both the hopeful startup, the person who is sitting in that
proverbial garage and thinks that they have a great idea, but then also from the investor,
looking at where we stand and where we're headed. What's your advice for folks coming at this from both of those directions?
It's getting back to an area where it's the right time to be both a starter,
startup founder, and investor.
There's data to show,
and I give a shout out to the folks
over at Bowen Associates
who sent some recent data around
that the tech IPO cycle has been consistently a seven-year cycle
from the beginning of time. If that's truly the case, we should be at peak IPO for technology
companies in roughly the 27 timeframe, 2027. So it is a perfect time to be starting a company at the seed or raise money or invest in companies
at the seed a and even b rounds because then you'll be growing with the right metrics so that
you hit this window an opportunity for for exits through the ipo window and window and better times. So if anything, it was a bad time 18 months ago.
We turned down a lot of deals where founders come in with expectations of $20, $30 million
pre-evaluations and they have a slide deck and no product. And for the investors who were
disciplined and didn't jump in on that, they did okay. The ones who weren't, they're the ones hurting now.
So I've been doing this, unfortunately, for 30, 40 years.
I've seen a few cycles.
It's getting back to the time where the fields have been burned, the nutrients are back in the soil.
For those planting the seeds in there now, you should see some really good times in the future.
It sounds to me like you are optimistic. I hear a lot of pessimism out there,
but that doesn't seem to be your attitude. Yeah, the pessimism is the people who have
raised $25 million, had a $100 million post-valuation, and they have $1 million ARR.
post-valuation, and they have 1 million ARR. Those people are very sad and scared and having a hard time. But we just closed our latest investment in December,
less than a month ago, and continue to see really good companies. So it's the right time, right?
It's like, do you buy Miami Beach property now when it's crazy, or did you buy it
six, seven years ago when it was less crazy? Right. It's like that old joke,
the best time to buy a beachfront house was 50 years ago.
Well, there, yeah.
That's Tony Surak, Chief Marketing Officer and Operating Partner at Datatron.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized
applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
And finally, Vladimir Duneyev, a former developer for the TrickBot cybercrime gang,
was sentenced to five years and four months in a U.S. prison for his involvement in deploying ransomware and malware,
which caused significant financial damage to American hospitals and businesses.
Duneyev pleaded guilty to charges of conspiracy to commit computer and wire fraud.
He played a key role in TrickBot's operations from June 2016 through 2021, including developing
browser modifications to steal credentials, managing servers, encrypting malware, and laundering
stolen funds. The TrickBot gang is responsible for extorting at least $180 million globally,
using the TrickBot malware initially as a banking trojan before evolving it into a versatile
malware-as-a-service platform. The dismantling of TrickBot in 2022 marked the end of its operations,
although many of its developers have since engaged in other criminal activities.
although many of its developers have since engaged in other criminal activities.
The U.S. and U.K. have sanctioned several individuals associated with TrickBot and related ransomware.
Dunaev was extradited from South Korea.
To quote the Register's coverage of his initial arrest,
redactions in Dunaev's indictment document black out the names of other defendants,
suggesting more of the TrickBbot gang has been identified. Among those mentioned but not named is one gang member whose job title was
Malware Manager. Just imagine having that on your business card.
And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
You know, one of the many ways we track how our daily news brief is doing
is by checking in on Apple's podcast ranking charts.
We've always had the good fortune of being highly ranked,
thanks to all of you listening and sharing with your friends.
Most recently, in the tech news category,
we've been sitting in the number two position,
right behind the Wall Street Journal.
It's great to even be in the top ten, let alone number two,
but man, it sure would be great to be number one.
So please, help us out.
Keep on downloading those episodes, sharing on social
media, and recommending the Cyber Wire to your friends and colleagues. We can do this together.
And thanks. Be sure to check out this weekend's Research Saturday and my conversation with Jaron
Bradley from Jamf Threat Labs. We're discussing their work. Jamf Threat Labs discovers new malware
embedded in pirated applications. That's Research Saturday. Check it out. Jamf Threat Labs. We're discussing their work. Jamf Threat Labs discovers new malware embedded
in pirated applications. That's Research Saturday. Check it out. We'd love to know what you think of
this podcast. You can email us at cyberwire at n2k.com. We're privileged that N2K and podcasts
like the Cyber Wire are part of the daily intelligence routine of many of the most
influential leaders and operators in the public and private sector,
as well as the critical security teams supporting the Fortune 500
and many of the world's preeminent intelligence and law enforcement agencies.
N2K Strategic Workforce Intelligence optimizes the value of your biggest investment, your people.
We make you smarter about your team while making your team smarter.
Learn more at n2k.com. This episode was produced by Liz Stokes. Our mixer is Trey Hester with original music by
Elliot Peltzman. Our executive producers are Jennifer Ivan and Brandon Karp. Our executive
editor is Peter Kilby, and I'm Dave Fittner. Thanks for listening. We'll see you back here next week.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable. Thank you. AI agents connect, prepare, and automate your data workflows, helping you gain insights,
receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.