CyberWire Daily - An internet blackout.
Episode Date: December 12, 2023A cyberattack on Ukraine's largest telecom operator. Ukraine's GUR claims a hit on Russia's tax service, while the fate of the ALPHV/BlackCat group remains shrouded in mystery. The Air Force disciplin...es members over a classified documents breach, and Apple releases urgent security updates. From Spain, a significant arrest in the Kelvin Security hacking group. On today’s Industry Voices segment, my conversation with Andre Durand, CEO and Founder of Ping Identity, on digital experiences, brand trust and loyalty, behaviors and attitudes towards security, authentication and fraud. Plus, a cautionary tale about burning bridges. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices segment, we speak with Andre Durand, the CEO and Founder of Ping Identity. Andre discusses the state of digital experiences. Ping recently commissioned a study to better understand the changing sentiments around digital experiences, brand trust and loyalty, behaviors and attitudes towards security, authentication and fraud, as well as digital wallets and the use of decentralized identity. Selected Reading Ukraine’s Mobile Operator Kyivstar Facing ‘Powerful’ Cyberattack (Bloomberg) Ukraine's top mobile operator hit by biggest cyber attack of war so far (Reuters) GUR says it has hacked servers of Russian tax service (Interfax-Ukraine) ALPHV/BlackCat Site Downed After Suspected Police Action (Infosecurity Magazine) BlackCat ransomware site down amidst rumours of law enforcement action (Computing) No confirmation on rumored ALPHV/BlackCat site takedown by law enforcement (SC Media) Cloudflare 2023 Year in Review (Cloudflare) Bitsight and Google collaborate to reveal global cybersecurity performance (Bitsight) 15 Air National Guardsmen disciplined in Discord server leak (C4ISRNET) Apple emergency updates fix recent zero-days on older iPhones (Bleeping Computer) Kelvin Security hacking group leader arrested in Spain (Bleeping Computer) Cloud engineer gets 2 years for wiping ex-employer’s code repos (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
A cyber attack on Ukraine's largest telecom operator.
Ukraine claims a hit on Russia's tax service.
While the fate of the Alfie Black Cat Group remains shrouded in mystery.
The Air Force disciplines members over a classified documents breach.
And Apple releases urgent security updates.
From Spain, a significant arrest in the Kelvin security hacking group.
On today's Industry Voices segment,
my conversation with Andre Duran,
CEO and founder of Ping Identity,
on digital experiences, brand trust, and loyalty,
plus a cautionary tale about burning bridges.
It's Tuesday, December 12, 2023. I'm Dave Bittner, and this is your CyberWire Intel Briefing.
Ukraine's largest telecom operator, Kivstar, faced a cyber attack on Tuesday,
leaving millions of customers without cellular and internet service.
The trouble started early in the morning, with Kivstar later announcing via Facebook what they called a powerful cyber attack, causing significant technical failures.
However, they assured
that customer data remained secure. Despite efforts, services remained disrupted into
Tuesday afternoon with uncertainty about when normal operations would resume.
The incident is currently under investigation by Ukraine's State Cyber Security Agency and CERT-UA.
Vion, Kivstar's parent company, confirmed the attack in a news release.
Internal sources revealed that the attack compromised parts of Kivstar's systems,
leading to a decision to shut down systems to contain the damage.
This disruption prompted many Ukrainians to switch to alternative mobile carriers
like Vodafone and LifeCell,
causing network congestion. The attack likely targeted Kyivstar's core network,
essential for regional connectivity and traffic routing. The cyber attack's ripple effect was
felt beyond telecoms, with PrivatBank and Monobank reporting operational disruptions
due to their reliance on Kyivstar's network.
Kyivstar's service outage also impacted air raid alert systems in the Kyiv region,
compelling authorities to resort to loudspeakers for warnings. The suspected perpetrator of the
attack is believed to be Russian intelligence, with Ukraine's security service, the SBU,
launching criminal proceedings
on charges including high treason and sabotage. The incident underscores the ongoing cyber warfare
between Ukraine and Russia, with both sides experiencing significant attacks on their
telecom and internet infrastructure. In other news from the region, Ukraine's military intelligence service, the GUR, claims to have successfully executed a cyberattack against Russia's Federal Tech Service.
According to Interfax and the GUR, the attack infiltrated a key central server of the FTS and over 2,300 regional servers across Russia, including Crimea. The cyber attack deployed
malicious software, resulting in the complete destruction of configuration files vital for the
tax system's operation. This included the elimination of the entire database and its backups.
The attack has effectively paralyzed communication between the FTS's central office in Moscow, its territorial administrations,
and a data center crucial for tax services. This operation signifies a major disruption
in Russia's tax system infrastructure. Recent reports about the takedown of servers used by
the AlfV Black Cat ransomware group remain unconfirmed.
Computing observed that the gang's dump site has been offline for five days.
SC Magazine's efforts to verify the situation with law enforcement agencies yielded no confirmation.
VX Underground shared a message from ALF-V citing hardware failure as the reason for the downtime,
though they noted having heard similar claims in the past.
VX Underground believes AlfV may indeed be facing server issues but cannot confirm this.
They also clarified that there are no rumors or evidence regarding the arrest of AlfV members or seizure of their servers.
The legitimacy of these claims remains unsubstantiated
due to the lack of concrete evidence.
Cloud Flare's 2023 year-in-review revealed 180 internet outages,
many directed by governments.
Notable examples include prolonged shutdowns in Manipur, India,
and Amhara, Ethiopia, lasting over seven and four months, respectively.
Iraq also experienced frequent shorter outages to prevent academic exam cheating,
particularly during June to August. Additionally, the report identified the two most prevalent
threats of the year as malicious links and extortion attempts via phishing emails.
links and extortion attempts via phishing emails. Separately, a joint report by BitSight and Google on the Minimum Viable Secure Product Framework assessed cybersecurity controls across industries.
It found that while most industries passed 10 of the 16 MVSP controls, critical failings persist
in areas like self-assessment, dependency patching, vulnerability prevention, and timely vulnerability resolution.
This highlights ongoing challenges in cybersecurity readiness across various sectors.
The Air Force has disciplined 15 members of Airman First Class Jack Teixeira's chain of command following a security breach where Teixeira, a 21-year-old
National Guardsman, removed and posted classified information online. The investigation revealed
that Teixeira was observed accessing intelligence beyond his role on four occasions, but his
supervisors failed to report these incidents promptly. This lack of action allowed Teixeira to continue his unauthorized disclosures for several months.
The investigation highlighted inadequacies in workspace inspections,
inconsistent reporting of security breaches,
and a general lack of supervision and understanding of access to sensitive information.
The 102nd Intelligence Support Squadron was specifically criticized for
creating confusion over access to classified material in its intelligence briefings.
Teixeira, who maintained computer systems that stored sensitive information,
faces six federal criminal charges under the Espionage Act and has pleaded not guilty. The incidents leading to his arrest included him accessing top-secret websites
and posting classified information on a Discord server.
The investigation found that the intelligence oversight program within Teixeira's wing
was compliant but lacking, with many airmen not completing necessary training
and supervisors failing to enforce reporting violations.
The 102nd Intelligence Surveillance and Reconnaissance Group, Teixeira's unit, is no longer handling sensitive information.
Apple has released emergency security updates to address two actively exploited zero-day vulnerabilities in older iPhone models, going back to the iPhone 8,
as well as some Apple Watch and Apple TV models.
These vulnerabilities, discovered in the WebKit browser engine,
could allow attackers to access sensitive data
and execute arbitrary code through malicious web pages.
The patches, improving input validation and locking, are included in the latest updates
for iOS, iPadOS, tvOS, and watchOS. Discovered by Clement LeSing from Google's Threat Analysis
Group, these flaws have been actively exploited, leading to the Cybersecurity and Infrastructure
Security Agency instructing federal agencies to patch their
devices. This brings Apple's total number of patched zero-day vulnerabilities to 20 for the
year. The Spanish National Police have apprehended a key leader of the Kelvin Security Hacking Group,
known for orchestrating over 300 cyber attacks across 90 countries since 2020.
The arrest announcement highlights the
group's focus on critical infrastructure and government institutions, with notable attacks
in Spain, Germany, Italy, Argentina, Chile, Japan, and the United States. Kelvin Security,
active since 2013, has exploited public-facing system vulnerabilities to steal user credentials and confidential data.
The group's activities included selling or freely leaking stolen data on hacking forums like
raid forums and breach forums. Significant breaches by Kelvin Security include attacks
on Vodafone Italia and U.S. consulting firm Frost & Sullivan. Additionally, recent findings link Kelvin
Security to Ares, a cybercrime platform trading databases from state organizations.
Spanish police, coordinating with multiple units and the Alicante Prosecutor's Office,
began investigating the group in December 2021. The Venezuelan national arrested was primarily engaged in
laundering criminal proceeds from data sales utilizing cryptocurrency exchanges. The arrest
led to the seizure of electronic items for forensic analysis, potentially uncovering
more information about the group's network and operations.
and operations.
Coming up after the break,
my conversation with Andre Duran,
CEO and founder of Ping Identity on digital experiences.
Stay with us. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
Look at this. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies,
access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk. In fact,
over one-third of new members discover they've already been breached. Protect your executives
and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
andre durand is ceo and founder of ping identity a company that provides secure employee and customer experiences online in this sponsored industry voices segment andre durand shares
insights from ping's own research on digital experiences. You know, I could say
personally, and I think lots of people have experienced this, there is a wide spectrum of
experiences out there when it comes to dealing with organizations online. Can you give us an
idea of that spectrum from your point of view? What represents a good experience and what
represents one that's going to lead to
frustration? Well, I'll start with the registration experience. Today, I would say the registration
experience to create a new account, establish a relationship with a company does vary widely.
You will find companies that kind of the old school method of doing that was, here's a form,
tell us everything you can about us,
and we'll create an account for you. And so that included everything ranging from
your username and password that you typically type in twice to other information about you,
where both the email address and phone number then need to get verified before the account gets created.
And those experiences have historically been kind of fraught with friction, if you will,
especially if you're typing on a phone, you're registering with a phone. The more modern way
of doing that in the last maybe four or five years is what we refer to as progressive profiling.
So rather than ask for everything up front,
it's just, hey, you want to create an account?
What's your email address and password?
And we are on the cusp of a new method.
We have not seen this at large,
but the technology is now here,
where it is possible for an individual to,
in essence, store their verifiable identity on their phone,
is what we call a digital credential.
And when you hit a registration screen in the future,
rather than type anything at all,
you would simply, say, scan a QR code,
share that information, call it automagically, if you will,
to the QR code between your phone and the
website that you're interacting with, and you'll have an account. So we've been moving from
high friction, if you will, to establish trust through the registration process as a consumer
to one in which it's quite a bit more frictionless. Look, the perfect interaction,
you know, it's quite a bit more frictionless. Look, the perfect interaction,
the best interactions require what we call low cognitive load, if you will. So they're just kind of seamless and fast versus the ones that where we get stuck, if that makes sense.
And I suppose if I'm an online retailer, I want to reduce that friction as much as possible. I
don't want to give my consumer time to have second thoughts.
That's exactly correct. And it's not just at the new account creation or what we call
registration phase where frustration hits. And a lot of people abandon that. But on a repetitive
basis, once you've created the account, logins can also be fairly friction-prone, if you will.
And especially, it's true with passwords.
We're all advised to use unique and strong passwords.
And so unless you have, say, a password manager, doing that is challenging.
Obviously, it requires a lot of cognitive load.
And again, for long, strong passwords on a mobile phone, that's not a great login experience.
That also is going through a bit of a renaissance right now as we move towards passwordless.
And this notion called passkeys, which is this concept that your phone can store these keys that are essentially long numbers, but you don't have to remember anything.
And in subsequent logins, once you establish the key, if you will, that opens up a website,
all you have to do is your face ID, in essence. So your biometric is used to share these very long,
very strong keys that are stored on your mobile phone. And from a user experience point of view, all you had to do was the face ID.
So it's a very strong phishing resistant way to authenticate.
And it's a much better experience.
So it's kind of the holy grail that we seek, which is both higher security and less friction.
I know you and your colleagues there at Ping have gathered some interesting information
when it comes to people's digital experiences here. What are some of the items that caught your eye?
So, you know, we broke the survey up into several categories, but it was obvious that a few themes
emerged. Number one is that the login and registration experience really does matter. There is a fickleness
with as much choice as we have online. You might as well say competitors are measured in keystrokes
in the online world, right? Which is milliseconds, not miles. And so a frustrating login experience
sets the tone for what the rest of the experience is going to look like. Over 60% of consumers said that they've stopped using an online service due to frustration with
the login process. I mean, that's just massive. 65% said that they would be willing to switch
to a comparable brand if it offered a passwordless experience. So you can't underestimate how
experience. So you can't underestimate how significant the friction is to, in essence,
establish an online connection with a third party and keep it secure. So everything related to brand loyalty, as related to the login and identity experience, there was a tight correlation there.
The second thing that really stood out was that consumers are definitely concerned about
the safety of their identity.
They do not have high trust that corporations in general are going to be good stewards of
identity information that could be leaked in a
breach. There have just been too many breaches over the years. They do appreciate, even though
it does include a little bit more friction, they do appreciate companies that offer higher levels
of security, such as two-factor authentication and others, they are willing to put up with a little bit more friction
if in return they feel as if the company that they're interacting with
does value their privacy, values their security,
and offers the security that they feel is appropriate.
So there just was a very, very high, I guess, correlation, if you will,
of the intersection of, we say, of ease of use,
desire for ease of use and willingness to change if ease of use was not there,
combined with concern around their security, and is their data being protected,
and is the company being a good steward? So the folks that you work with who are finding
success here, I mean, what are the common elements? What are the things that you consider to
be best practices? The companies that are actively pursuing the intersection of seamless experience
and security, not one or the other, but both at the same time, those are the companies that are
pushing the boundaries of what's possible here.
And you'll find companies where it's all about the user experience, and security is a secondary priority.
Others, security is the primary priority. User experience takes second.
And neither one of those are wrong, they're just not complete. And so the companies that are having the best experience are the ones that, like I said, are pushing the boundaries of passwordless.
They're pushing the boundaries of new technology to allow customers and consumers to, in essence, register a new account without filling out a form to do so.
They are pushing the boundaries of leveraging risk and fraud signals to strengthen authentication and reduce fraud without the user actually ever having to do anything.
It's all behind the scenes and under the covers.
That's Andre Durand, CEO and founder of Ping Identity.
Thank you. worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep
your company safe and compliant. And finally, Miklos Daniel Brody, a former cloud engineer at First
Republic Bank, received a two-year prison sentence and a restitution order of $529,000 for his destructive
farewell gift to his ex-employer. Brody's vengeful coding spree was triggered by his firing for
violating company policies, which included using a USB drive containing pornography on company
computers. Post-dismissal, Brody went on a digital rampage,
deleting the bank's code repositories,
erasing logs, inserting taunts in the code,
impersonating colleagues,
and even emailing himself proprietary code.
His digital tantrum included running a script
named DAR.SH to wipe the bank's servers
and meddling with the bank's GitHub repository.
Caught in his web of lies, Brody falsely reported his work laptop stolen and maintained this story
even when interrogated by the Secret Service until his arrest in March 2021. In April 2023,
he pleaded guilty to lying and two counts of violating the Computer Fraud and Abuse Act.
His sentence also includes three years of supervised release.
So much for leave no trace.
Brody left enough digital footprints to warrant a virtual marathon and a real-world sentence.
world sentence. And that's The Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com. We'd love to know what you think of this podcast. You can email
us at cyberwire at n2k.com. We're privileged that N2K and podcasts like The Cyber Wire
are part of the daily intelligence routine
of many of the most influential leaders
and operators in the public and private sector,
as well as the critical security teams
supporting the Fortune 500
and many of the world's preeminent
intelligence and law enforcement agencies.
N2K Strategic Workforce Intelligence
optimizes the value of your biggest investment, your people.
We make you smarter about your team while making your team smarter.
Learn more at n2k.com.
This episode was produced by Liz Ervin.
Our mixer is Trey Hester with original music by Elliot Peltzman.
Our executive producers are Jennifer Ivan and Brandon Karp.
Our executive editor is Peter Kilby, and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow.
Thank you. AI and data into innovative uses that deliver measurable impact. Secure AI agents connect,
prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role. Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.