CyberWire Daily - AT&T outage leaves major cities offline.
Episode Date: February 22, 2024AT&T experiences a major outage. The LockBit takedown continues. An updated Doppelgänger is spreading misinformation. A roundup of critical infrastructure initiatives. Toshiba and Orange make a quant...um leap. An eyecare provider hack comes into focus. A phony iphone repair scheme leads to convictions. In our Learning Layer segment, Sam Meisenberg shares the latest learning science research. And we are shocked - shocked! - to discover that phone chargers can be used to attack our devices. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On this month’s Learning Layer segment, host Sam Meisenberg of N2K discusses learning science research. Sam breaks down research about quizzes and their impact on learner motivation and long term retention. Want to know more? Sam suggests you check out The Value of Using Tests in Education as Tools for Learning—Not Just for Assessment. Selected Reading AT&T, Verizon and T-Mobile customers hit by widespread cellular outages in U.S. (NBC News) US Offering $10M for LockBit Leaders as Law Enforcement Taunts Cybercriminals (SecurityWeek) LockBit Group Prepped New Crypto-Locker Before Takedown (Gov Info Security) Ukraine arrests father-son duo in Lockbit cybercrime bust (Reuters) Russian Cyberwarfare campaign (ClearSky Cyber Security) US Coast Guard issues cybersecurity directive for Chinese-made cranes after Biden's Executive Order (Industrial Cyber) US agencies release joint fact sheet to strengthen cybersecurity in water and wastewater systems (Industrial Cyber) E-ISAC 2023 report highlights cybersecurity triumphs and challenges in electricity sector (Industrial Cyber) Toshiba and Orange test quantum encryption on traditional network (Computer Weekly) Hack at Services Firm Hits 2.4 Million Eye Doctor Patients (Gov Info Security) Chinese Duo Found Guilty of $3m Apple Fraud Plot (Infosecurity Magazine) VoltSchemer attacks use wireless chargers to inject voice commands, fry phones (BleepingComputer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
AT&T experiences a major outage.
The Lockabit takedown continues.
An updated doppelganger is spreading misinformation.
A roundup of critical infrastructure initiatives.
Toshiba and Orange make a quantum leap.
An iCare provider hack comes into focus.
A phony iPhone repair scheme leads to convictions.
In our Learning Layers segment,
Sam Meisenberg shares the latest learning science research.
And we're shocked, shocked to discover that phone chargers can be used to attack our devices.
It's Thursday, February 2nd, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing.
Thanks for joining us here today. It is great to have you with us.
AT&T experienced a significant network outage affecting cellular and Internet services nationwide.
The outage impacted major cities, including Houston, Chicago, Dallas, Los Angeles, and Atlanta.
While Verizon and T-Mobile customers also faced issues, these were primarily when
attempting to connect with AT&T users, with relatively minor outages reported for both.
The cause of the disruption remains unknown. AT&T acknowledged the problem, advising customers to
use Wi-Fi calling and working to restore service. Verizon clarified their network was not directly
impacted and that it only affected their customers when reaching out to AT&T.
By midday Thursday, most of the network seems to be back to normal.
The U.S. is offering up to $15 million in rewards for information on the LockBit ransomware operation's cybercriminals.
This comes despite law enforcement, including the UK's National Crime Agency,
already disrupting the group by seizing its domains and servers. LockBits seize domains,
now redirect to a site mimicking LockBits, but display law enforcement messages,
including details on the ransomware's activities, rewards, and sanctions against its affiliates.
The NCA has listed nearly 200 LockBit affiliates' usernames, signaling a direct challenge to the group.
Additionally, servers tied to LockBit's Steelbit data exfiltration tool have been destroyed,
and over 14,000 accounts linked to the operation's
infrastructure have been shut down. Authorities claim access to key infrastructure has been
obtained, potentially aiding victim recovery, with 1,000 decryption keys already recovered.
Trend Micro reports that before the takedown, LockBit was developing a new version of its malware,
dubbed LockBitNG Dev, potentially marking a significant evolution in its capabilities.
Meanwhile, Ukrainian police arrested a father-son duo linked to the LockBit cybercrime gang,
implicating the two in a series of ransomware attacks targeting enterprises and institutions in France. Despite the crackdown,
lock-bit administrators remain defiant, denying the effectiveness of law enforcement actions and claiming wrongful arrests. Clear Sky Cybersecurity and Sentinel Labs have identified
a resurgence of the Russian information warfare campaign Doppelganger, linked to the cyber
espionage group ABT28, Fancy Bear. Initially exposed by Meta and further analyzed by Recorded
Future, Doppelganger involves disseminating false information through numerous fake websites and
social media channels. The new wave, Doppelganger NG, utilizes updated infrastructure and expands its target list to include the U.S., Germany, Israel, and France, operating over 150 domains.
This campaign demonstrates significant investment, suggesting state-level backing, and aims to influence international perceptions and political discourse, aligning with Russia's hybrid warfare strategy.
The campaign's success relies on building credibility over time,
making engineered messages more difficult to detect
and influential on public actions and societal norms.
In response to an executive order by President Joe Biden to combat maritime cyber threats,
the U.S. Coast Guard issued a directive targeting cyber risk management for ship-to-shore cranes,
especially those from China.
This directive, part of the Maritime Security Framework,
aims to bolster cybersecurity across critical port infrastructures
by mandating specific risk management steps for the operators
of these cranes. Highlighting the predominant use of Chinese-manufactured STS cranes in U.S. ports,
the directive underscores the potential for these cranes to be exploited,
thereby jeopardizing critical maritime infrastructure. To address these risks,
the directive advises immediate engagement with local Coast Guard authorities for guidance, reflecting a broader government strategy to enhance maritime cybersecurity resilience and protect the national transportation system from cyber threats.
CISA, the EPA, and the FBI have released a collaborative fact sheet aimed at bolstering the cybersecurity of water and wastewater systems. This guidance addresses the increased cyber threats to WWS, offering
actionable steps to mitigate risks and enhance system security. Key recommendations include
reducing public internet exposure of WWS infrastructure, conducting regular cybersecurity assessments, changing default passwords,
cataloging OT and IT assets, developing cybersecurity incident response and recovery
plans, implementing regular backups, mitigating known vulnerabilities, and conducting cybersecurity
awareness training. The Electricity Information Sharing and Analysis Center, the EISAC, released its 2023 End-of-Year Report reflecting on the Electric Reliability Organization's effective response to a year marked by unprecedented cyber vulnerabilities in the electricity sector.
These included malware, ransomware, supply chain exploits, and more. The report showcases EISAC's achievements in
enhancing information sharing among its U.S. and Canadian government partners and members
and outlines its strategic plans for 2024. It highlights the identification of malicious
traffic, monitoring of extremist threats to electricity assets, and prioritization of
critical threats for comprehensive analysis. The report emphasizes EISAC's commitment to improving physical and cybersecurity practices
within the industry, including the introduction of new programs and workshops
focused on real-world events and security best practices.
Toshiba and digital service provider Orange have successfully conducted experiments on quantum-safe networking,
showing that quantum-key distribution can coexist with conventional data signals over existing fiber-optic networks.
They demonstrated a 400 gigabit per second quantum-secure data transmission with QKD encryption over a 184-kilometer fiber link, indicating that
current networks can be protected against quantum computer threats. The tests confirmed that QKD
secured signals can share the same fiber network with classical data transmissions, offering a
cost-effective and rapid deployment method without needing dedicated fibers for QKD.
Further evaluations emulated typical metro-based fiber network architectures
using Toshiba's commercial QKD systems for quantum-secure encrypted data transmission.
This collaboration marks a significant step towards integrating quantum key distribution
into existing network infrastructures, enhancing
security against potential quantum threats.
American Vision Partners has notified nearly 2.4 million patients of a November hacking
incident that compromised sensitive data.
The firm provides administrative services to about a dozen ophthalmology practices in
several states.
The breach involved unauthorized server access, potentially exposing patient information,
including names, contact details, birthdates, medical records, social security numbers,
and insurance details. In response, the company has isolated the affected system,
engaged cybersecurity firms, notified law enforcement, and taken steps to secure its IT infrastructure. Affected individuals
are advised to monitor their credit reports and have been offered two years of free identity and
credit monitoring. Two Chinese nationals, Ho-Shan Sun and Peng-Fui Zhu were convicted of mail fraud and conspiracy
for attempting to defraud Apple by sending thousands of counterfeit iPhones to the company for repair,
aiming to receive genuine replacements.
Operating between May 2017 and September 2019,
they, along with accomplices, shipped fake iPhones from Hong Kong to the U.S.,
then submitted them for repairs or replacements under Apple's warranty program.
The scheme involved over 5,000 counterfeit devices
with genuine replacements sent back to Hong Kong for sale.
The fraud was uncovered after Sun used his identification
to open several mailboxes
for receiving the counterfeit phones. They were arrested in December 2019.
Sentencing will take place on June 21st, with each facing a maximum penalty of 20 years.
Coming up after the break,
Sam Meisenberg shares the latest learning science research.
Stay with us. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this. More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals
to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been
breached. Protect your executives and their families 24-7, 365 with Black Cloak. Learn more
at blackcloak.io. In our latest Learning Layer segment,
my N2K colleague Sam Meisenberg
shares the latest learning science research.
Here's Sam.
I'm going to do my best Dave Bittner impression.
Not like an actual impersonation.
I could never.
But I'm going to share some news.
On Learning Layer, we usually don't do news recaps,
but this news
is worth sharing. The news is that there's new research out about assessments and their impacts
on learning. I read the academic research, so you didn't have to, and there's so many interesting
nuggets and takeaways, but I want to share just two things with you that might be relevant.
So today on Learning Layer, we're going to talk about that research and what it means for you.
Like I said, two takeaways.
Number one, pre-testing.
Do it.
Pre-testing means quizzing yourself about material that you haven't yet learned.
So say you want to learn about dinosaurs.
Well, step one in the learning journey
would be to take a quiz about dinosaurs. According
to the research, pre-testing improves long-term performance and retention, even if you're not
able to answer any of the pre-test questions correctly. Even more fascinating is that there's
research that shows pre-testing can also lead to, quote, a reduction in mind-wandering, which basically
means increased focus during later lessons about the material that was covered in the pre-test.
This is probably because you're more likely to be invested in the material if you didn't know
it up front, and that pre-test sort of creates a tangible purpose or need to learn it. So the big
takeaway is that if you want to learn something new, take a cold diagnostic
assessment. That's step one. Not only will this help get a baseline of your knowledge and you can
study efficiently using that data, but according to the research, it's going to help you retain
the information and be more engaged and focused when you do learn it. The second big takeaway
is that you can retain more information by doing more frequent assessments
that are, quote, low stakes. What do they mean by low stakes? Well, they just encourage learners
to try to remove the feeling of dread and anxiety around tests and quizzes. This, according to the
research, dramatically improves, quote, the creation of more robust retrieval routes for future access,
which is a very fancy way of saying that you remember the material better and can recall it faster.
An example of lower-stakes testing is group assessments.
In the study, they asked students to work together in small groups and do quiz questions in a communal setting.
They found that this modality helps students feel motivated and less anxious, which led to better learning outcomes.
Now, here's the thing. One big caveat here.
The study was about high school students.
Our use case is slightly different.
Our use case is slightly different.
So we, as we prepare for a cybersecurity certification exam,
actually want to feel that anxiety.
We want to get to know that feeling.
That's because at the end of all the studying that we're doing awaits a pass-fail exam,
which is a very nerve-wracking experience for most people.
We will be anxious on test day. And the best way to deal with test anxiety is to feel it before
test day. We want to get comfortable performing in those high-stakes situations. We want to
experience it so we can know it and then overcome it. So basically you want to use practice test
to simulate test day.
Practice tests help you practice
test anxiety mitigation strategies.
So in sum, to help with long-term retention and learning,
do a diagnostic before you start studying
and then try to lower the stakes on quizzes.
But not all quizzes,
not all practice tests, right? Because we want to raise those stakes because we want to experience
anxiety before test day rolls around. Okay, there you go. You now have the latest in learning
science research. Hopefully you got something out of this. Happy studying, and I'll see you next time on Learning
Lab. All right, fine. I'll do it. Okay, I'll do it. Here's my Dave Bittner impersonation.
The YouTuber Stack Smashing, we'd love to know what you think of this podcast.
The YouTuber Stack Smashing.
We'd love to know what you think of this podcast.
Write your comments on the box of an Apple Vision Pro and send it to me, Dave Bittner, care of the Cyber Wire.
That's N2K's Sam Meisenberg. Thank you. and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
With TD Direct Investing, new and existing clients could get 1% cash back.
Great! That's 1% closer to being part of the 1%...
Maybe, but definitely 100% closer to getting 1% cash back with TD Direct Investing.
Conditions apply. Offer ends January 31, 2025. Visit td.com slash dioffer to learn more.
And finally, a recent study conducted by academic researchers at the University of Florida and blockchain security firm Certik has identified a novel set of attacks, collectively termed Volt Schemer. The exploits target the electromagnetic fields generated by wireless
chargers to carry out a range of malicious activities. These activities include injecting
unauthorized voice commands into smartphones' voice assistants, causing physical damage to the devices, and excessively heating
nearby objects to temperatures exceeding 536 degrees Fahrenheit, that's 280 degrees Celsius.
This groundbreaking research highlights significant security vulnerabilities within
the prevalent technology of wireless charging. Wireless charging systems typically function through electromagnetic
induction, where an alternating current flowing through a transmitter coil in the charging station
generates an oscillating magnetic field. The receiver coil in the smartphone captures this
magnetic energy and converts it back into electrical energy to charge the device's battery.
The researchers demonstrated that by introducing voltage manipulation
through an interposing device,
they could interfere with the data exchange
between the charging station and the smartphone.
This interference allows for the distortion of power signals
and the corruption of transmitted data with high precision.
In the lab, the researchers conducted experiments
on nine of the top-selling
wireless chargers worldwide. In one case, they managed to keep a smartphone charging beyond its
capacity, leading to severe overheating. This was achieved by corrupting the communication signals
between the phone and the charger, preventing the phone from signaling that it had reached full
charge and needed to stop receiving power.
The researchers' findings not only expose the vulnerabilities in current wireless charging technology,
but also call for immediate action to enhance the security protocols governing these systems.
The researchers have engaged with the vendors of the tested charging stations
to discuss potential countermeasures that could mitigate the risks associated with Volt Schemer attacks.
I gotta say, I never imagined I'd have to worry about my phone charger
being the entry point for destruction or cyber spies.
You might even say the revelation is shocking.
is shocking.
And that's The Cyber Wire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
We'd love to know
what you think of this podcast.
You can email us
at cyberwire at n2k.com.
We're privileged that N2K
and podcasts like The CyberWire are part of the
daily intelligence routine of many of the most influential leaders and operators in the public
and private sector, as well as the critical security teams supporting the Fortune 500
and many of the world's preeminent intelligence and law enforcement agencies. N2K Strategic
Workforce Intelligence optimizes the value of your biggest investment,
your people. We make you smarter about your team while making your team smarter. Learn more at
n2k.com. This episode was produced by Liz Stokes. Our mixer is Trey Hester with original music by
Elliot Peltzman. Our executive producers are Jennifer Iben and Brandon Karp. Our executive
editor is Peter Kilby, and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow. Thank you. That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.