CyberWire Daily - Attacks amidst anniversaries.
Episode Date: October 9, 2024Hackers target Russia’s court information system. Patch Tuesday rundown. GoldenJackal targets government and diplomatic entities in Europe, the Middle East, and South Asia.Cybercriminals are exploit...ing Florida’s disaster relief efforts. Australia introduced its first standalone cybersecurity law. CISA and the FBI issue guidance against Iranian threat actors. Mamba 2FA targets Microsoft 365 accounts. Casio reports a data breach. On our Solution Spotlight, Simone Petrella speaks with Andy Woolnough from ISC2's about their 2024 Cybersecurity Workforce Study. Keeping the AI slop off Wikipedia. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight today, our guest is Andy Woolnough, ISC2's Executive Vice President Corporate Affairs Executive Vice President Corporate Affairs. Andy shares a first look at ISC2's 2024 Cybersecurity Workforce Study with N2K's Simone Petrella. You can catch Simone and Andy’s full conversation on Monday, October 14th in our CyberWire Daily feed. That is also the day the ISC2 Security Congress 2024 kicks off. You can find out more about the event that has a virtual option here.  Selected Reading For a second day, Ukrainian hackers hit Russian institutions (Washington Post) Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (Bleeping Computer) GoldenJackal APT Group Breached Air-Gapped European Government Systems (The Cyber Express) Scammers Hit Florida Hurricane Victims with Fake FEMA Claims, Malware Files (Hackread) Australia Introduces First Standalone Cybersecurity Law (Infosecurity Magazine) CISA Issues Guidance to Counter Iran's Election Interference (BankInfo Security) New Mamba 2FA bypass service targets Microsoft 365 accounts (Bleeping Computer) Casio says recent cyberattack 'caused system failure' (The Record) The Editors Protecting Wikipedia from AI Hoaxes (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Packers target Russia's court information system.
We got a Patch Tuesday rundown.
Golden Jackal targets government and diplomatic entities in Europe, the Middle East, and South Asia.
Cyber criminals are exploiting Florida's disaster relief efforts.
Australia introduces its first stand-alone cybersecurity law.
CISA and the FBI issue guidance against Iranian threat actors.
Mamba 2FA targets Microsoft
365 accounts. Casio reports a data breach. On our Solutions Spotlight, Simone Petrella speaks with
Andy Woolnow from ISC2 about their 2024 cybersecurity workforce study and keeping the AI
slop off Wikipedia.
It's Wednesday, October 9th, 2024.
I'm Dave Bittner, and this is great as always to have you here.
Russia experienced significant digital disruptions for a second day following a cyber attack on its court information system, reportedly by a hacker group called BO Team. The group claimed to have wiped
court documents, timing the attack to coincide with President Vladimir Putin's 72nd birthday.
This follows another large-scale attack on Russian state media channels on Monday,
which disrupted multiple television and radio stations.
The VGTRK media company resumed online broadcasting, but court websites remained offline.
Cyberattacks have become a frequent tactic in the ongoing Ukraine-Russia conflict.
Russian intelligence attributed the media attack
to a Ukrainian-linked hacker group.
Although Russia has ramped up its cyberattacks on Ukraine,
the effectiveness has diminished
as Ukraine bolsters its cybersecurity defenses.
Recent reports also reveal
Russia's GRU military intelligence
has targeted NATO and European countries.
Meanwhile, Putin's birthday saw celebratory messages from Russian officials and nationalist
figures, highlighting his continued influence despite the digital chaos.
Yesterday was Patch Tuesday, and Microsoft released security updates to address 117 vulnerabilities across Windows and other software,
including two zero-day flaws already being exploited.
One of these is a vulnerability in MSHTML, the engine behind Internet Explorer,
which allows attackers to trick users into interacting with malicious content through phishing attacks.
to trick users into interacting with malicious content through phishing attacks.
Despite Internet Explorer being retired,
its underlying technology remains in use, posing risks to certain systems.
The more serious zero-day is a code execution flaw in Microsoft Management Console,
which could allow attackers to gain unauthorized control.
Microsoft has patched this issue to prevent untrusted files from being opened.
Meanwhile, Apple fixed a macOS 15 Sequoia bug that affected various security tools,
and Adobe released updates for 52 vulnerabilities across its product range.
Users are encouraged to backup data before applying updates to avoid potential compatibility issues. Golden Jackal, an advanced persistent threat group active since at least 2019,
has garnered attention for successfully breaching air-gapped systems, networks isolated from the
internet, targeting government and diplomatic entities in Europe, the Middle East, and South Asia.
This level of sophistication is typically seen only in nation-state actors.
Researchers from ESET revealed Golden Jackal's use of two distinct tool sets for these breaches.
The first tool set, used in a South Asian embassy,
includes Golden Dealer, which delivers executables via USB,
Golden Howl, a modular backdoor, and Golden Robo, a drive-accessing component.
A second toolset was deployed in attacks on a European Union governmental organization, allowing data collection and exfiltration.
allowing data collection and exfiltration.
Golden Jackal's ability to breach air gap systems with tailored tools within five years is unprecedented,
but researchers note that their methods, while sophisticated,
contain flaws that defenders can observe and counter.
Cybercriminals are exploiting Florida's disaster relief efforts amid recovery from Hurricane Helene and preparations for Hurricane Milton.
Scammers are targeting vulnerable individuals and organizations with phishing campaigns, fake FEMA claims, and malware disguised as legitimate FEMA documents. Cybersecurity firm Verity uncovered scams involving fraudulent FEMA claims and phishing websites masquerading as hurricane relief resources. These fake sites trick victims into
providing sensitive information, such as social security numbers, by creating a sense of urgency.
Additionally, cybercriminals are disguising malware in PDF files, which appear legitimate but contain harmful code.
While no active infections have been reported, these threats highlight the dangers of cyberattacks during disasters.
The Australian government introduced its first stand-alone cybersecurity law, the Cybersecurity Bill 2024,
to better protect citizens and organizations amid
rising cyber threats. The bill mandates minimum cybersecurity standards for IoT devices,
such as secure settings and regular updates. It also introduces mandatory ransomware reporting
for critical infrastructure organizations, requiring them to notify the
Australian Signals Directorate within 72 hours of making a payment. Additionally, the bill
establishes a Cyber Incident Review Board to assess significant cyber incidents and implements
reforms to the Security of Critical Infrastructure Act. These reforms aim to simplify information
sharing between industries and the government,
improving responses to all hazard incidents. The legislation is part of Australia's 2023-2030
cybersecurity strategy and provides a comprehensive framework to address whole-of-economy
cybersecurity challenges. CISA and the FBI have issued new guidance to combat escalating
cyber threats from Iranian actors targeting national political organizations. The guidance
warns that cyber actors linked to Iran's Islamic Revolutionary Guard Corps are using social
engineering tactics such as impersonating contacts and directing victims to fake login pages
to compromise accounts of senior officials, activists, and journalists.
CISA recommends using phishing-resistant multi-factor authentication, password managers,
and vigilance against unsolicited communications to help mitigate these threats,
which aim to undermine confidence in democratic institutions.
Mamba 2FA is an emerging phishing-as-a-service platform targeting Microsoft 365 accounts using
adversary-in-the-middle techniques to bypass multi-factor authentication. Priced at $250 a
month, it allows cybercriminals to capture authentication tokens, enabling
unauthorized access to victims' accounts. First tracked in May of this year, Mamba2FA has supported
phishing campaigns since November 2023, evolving its infrastructure to avoid detection. Recent
updates include the use of proxy servers from IP Royal to mask IP addresses
and rotating phishing domains weekly.
Mamba 2FA provides phishing templates for Microsoft 365 services
and dynamically mimics organizational branding for a more convincing attack.
Stolen credentials are delivered to attackers via a telegram bot, enabling immediate access.
To defend against such attacks, organizations should adopt security measures like hardware keys,
certificate-based authentication, and token lifespan management.
On October 5th, Casio experienced a cyber attack that caused system failures,
leaving some customer services unavailable.
The Japanese tech company is investigating the breach, along with external specialists, to determine whether personal or sensitive data was leaked.
Casio has not specified which customer systems were affected, whether it was a ransomware attack or if the hackers identified themselves.
whether it was a ransomware attack or if the hackers identified themselves.
The attack follows a 2022 breach where information from Casio's ClassPad.net education platform was compromised,
impacting customers in 148 countries.
In this recent breach, over 120,000 pieces of information, including customer names, email addresses, and order details, were exposed, though credit card information was not affected. The company reported the breach to
authorities and implemented security measures, including restricting external access to its network.
Coming up after the break on our Solutions Spotlight, Andy Woolnow from ISA2 talks about their 2024 Cybersecurity Workforce Study.
Stay with us. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning
digital executive protection platform secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact, over
one-third of new members discover they've already been breached. Protect your executives and their families 24-7, 365
with Black Cloak. Learn more at blackcloak.io.
Andy Wolno is Executive Vice President for Corporate Affairs at ISC2.
And in today's Solution Spotlight,
he speaks with our own Simone Petrella about ISC2's 2024 Cybersecurity Workforce Study.
I am thrilled to be joined today by Andy Woolnau.
Thank you so much for joining me today, Andy.
Thanks for having me. I'm looking forward to it.
Yeah, so I want to start because ISC2, just in September, put out your annual workforce study,
or at least the first look of it. And before we dive into it, can you tell me a little bit about
the history of ISE2 and doing these workforce studies and why it's so important for the
organization to kind of have a finger on the pulse of global profession like you do today?
Sure, I'm happy to. And thanks for the question. As you know, IC2 is one of the world's sort of
largest sort of membership associations for cybersecurity professionals. And we thought
it was really important for us to take an annual pulse check of how the profession is feeling about certain issues on a regular basis
so that we can feed that feedback back into a number of places
within our own organization in some of the professional education
and learning and development tools that we offer our membership
so we can feed it back into governments as they're thinking about policy,
especially around important areas like
AI, but also as they think about developing their workforce in cybersecurity as well. So we can feed
it back into organizations who we work with, who are, you know, in financial services or in
energy or government or wherever it is, so they can understand what's going on with cybersecurity
professionals. But also, it's a really important benchmark for a number of tangential issues that
we see in cybersecurity around things like burnout in the profession and the sorts of things that
cybersecurity people are looking at. Things like investment in cybersecurity teams,
both in career investment, but also skills training and development.
What skills are important to cybersecurity professionals
and hiring managers so we can try and match them up there.
But also important topics like DEI
and what the state of the diversity and inclusion in cybersecurity is.
So it tells us all of these things on an annual basis. One of the things that I think, you know,
really struck me this year was that the study indicated that this was the first year that the
cybersecurity workforce growth has stalled with a relatively modest, if almost insignificant growth of like 0.1%.
So we're kind of stuck at 5.5 million global professionals.
What do you think are some of the reasons for that stagnation this year?
Well, so what the recipients told us was for the first year, it wasn't so much a lack of
talent that they were seeing was
storming the workforce, but a lack of investment. And they thought that it was attributable mainly
to economic conditions that we're seeing around the world. Now, it's important to note there was
nuance within that. We didn't see stagnation throughout the globe. We measure a number of
different countries and we look at
sort of recipients from, you know, from Australia all the way through Europe into Africa and to the
United States. And yes, large markets like the US, the UK were fairly stagnant. And that's important
to know that that's probably off quite a high base as well. You know, those are quite developed markets when it comes to cybersecurity in relative terms.
Where we see a lot of growth was in some parts of Europe, in places like the Netherlands and Germany, but also in Australia.
But big, big growth in places like Saudi Arabia and South Africa.
like Saudi Arabia and South Africa.
And we think that that's down to the stance that governments and organizations
are sort of taking in those markets
to try and grow and develop their workforces.
In Australia's case, it could be, you know,
that they're part of the Five Eyes,
they're quite close to China and other places like that.
And so that could be taking a, playing a role there.
But the stagnation was, yes, you're right, very much sort of in the more developed markets in
the US in particular. One of the things that I know came out in the first look of the study was
around that the shortage of key skills, but maybe more interesting was the divergence between
what professionals see as some of the major skills
gaps or shortages versus maybe what HR departments organizationally view as the key skill divergences.
Can you highlight maybe a few of those discrepancies? And then maybe my second part
would be, you know, and for those who are members of ISE2 or who are considering being members,
like what are some of the areas that you view being most critical from a skills
development perspective for the cyber profession? Yeah, so I think there was that disparity
between what hiring managers and hiring, you know, the HR teams wanted and what professionals
thought were important. The professionals themselves thought that communication skills cloud computing skills
ai skills and grc were among the most important whereas hiring managers prioritized um yes they
prioritize communication skills maybe a little bit less but it was still important but but cloud
computing ai and grc were really, really low.
And so what that says is that the disconnect means that what's coming into the organization
and what's being looked for isn't necessarily going to fit in automatically
with the teams that are receiving those skill sets.
We haven't gone too deeply into why that is happening because that
that would involve then also surveying hr teams and and and so on so we we're not we're not doing
that at the moment um but but what it what it demonstrates is there needs to be um a much
greater alignment between um you know between the hiring functions
and talking to the individuals within those teams
and finding out what they're dealing with
and the areas they feel that they are lacking
in order to then go and hire the right kinds of mixes.
You know, they're still getting the cloud computing skills in. It's just maybe not to the right kinds of mixes. You know, they're still getting the cloud computing skills in.
It's just maybe not to the right level
or the right volume that they're requiring.
And that's putting more stress
on the existing teams
who are having to sort of cover those shortfalls
while also being told,
well, we've hired, you know, what's the problem?
So I think there needs to be that sort of more tight alignment
between what the teams themselves are saying and the HR process.
Totally fair.
You know, one of the things, and maybe the last question I'll leave us with
because I think it is related to your answer.
I have been so impressed over the last few years, in particular,
ISE2 has been very adamant about really proclaiming and moving away from the term
cybersecurity industry, which is someone who grew up in the space is what we kind of refer to
ourselves as being in the industry, but now to sort of evolving into it's we're part of a
profession. And so what you're describing in kind of like
those codes and the ethics and kind of what governs as some of these new technologies come out,
I guess my kind of parting question is, where does ISE2 see itself really sitting in relationship to
its membership, the professionals, and then the organizations and the governments that are
grappling with how to kind of systematically address some of these issues, whether it's with the workforce, the
advent of AI, you know, but anything else that affects our cybersecurity in general.
Wow, great question. I'm leaving you with a big one. I love that question. So you're right,
I think it is a, you know, it's got to be seen as a profession. And if you look at risk and compliance at the board level,
you can't move for financial managers, legal managers,
but where are the cybersecurity people?
And data and information is so critical to every organization.
It's more important than anything else.
And there are so many sort of risk points that it can be misused and leak and what have you.
And so I think, you know,
the recognition that cybersecurity
and information security, you know,
plays that critical role in the organization,
I think is slightly lacking.
You know, there's very little cyber experience
at the board level across the industries.
So I think that is a problem.
And also, you know, I think I was talking today to another conversation I was having,
and, you know, it occurred to me that cybersecurity is a little bit like air traffic control in that, you know, it is a high stress. So much relies on cybersecurity
to get it right. And when it goes wrong, it can go really, really wrong. And that comes with
burnout, that comes with stress, that comes with, you know high degree of training a high degree of technical expertise um you know it it really does need to be recognized um as as the profession it is and then
and then sort of frameworks put around that in in a much more defined way that that controls sort of
who can get in um you know without lowering keeping the gate broad without lowering the standards is something
we're all trying to do. But then help, you know, there is, if you look at the law,
law, legal profession, there's any number of structures in place, you know, codes of ethics
and training and degrees and, you know, lawyers, barristers, solicitors,
they're very, very supported in their profession.
They have, you know, sort of liability insurance.
It's a very, very well-tried and trusted risk profession
that is hundreds of years old.
And I think the sooner we can get to somewhere near that
for cybersecurity professionals, the better. And I think the sooner we can get to somewhere near that for cybersecurity
professionals, the better. And that involves organizations like ours, you know, pushing the
agenda and making sure that, you know, governments and other organizations recognize that. The UK's
chartering cybersecurity professionals at the moment, which is, again, another step in the
right direction of ensuring that cybersecurity professionals
are recognized.
Their work to get to where they got to
is very, very important.
And therefore, they have obligations,
but also they have resources that they can benefit from
and support they can benefit from.
And organizations like ours that need to pull together
things like global codes of ethics and
you know we've got all these members who are very willing and able to volunteer for us so
what they think matters and that should all go into into those um you know ethical canons
um and and then you know yes the work the governments are doing. You know, we have a very sort of strong advocacy
which works with governments across the world to try and have these conversations to help
the profession be sort of put up there with accountancy, with financial services, with legal
as a very high value and very well-respected professional standard.
Wonderful. Well, looking forward to it.
Thank you so much for joining, Andy.
Thanks for having me on. It was great fun.
A program note, you can catch Simone and Andy's full conversation
on Monday, October 14th in our CyberWire daily feed.
That's also the day the ISC2 Security Congress 2024 kicks off.
You can find out more about that event in our show notes.
Cyber threats are evolving every second, Thank you. suite of solutions designed to give you total control, stopping unauthorized applications,
securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant. And finally, 404 Media highlights a group of dedicated Wikipedia editors,
dubbed WikiProject AI Cleanup,
who've taken up the noble and no doubt frustrating task
of battling AI-generated content that's sneaking its way onto the platform.
Their mission? Protect one of the world's largest information sources from falling victim to the same AI misinformation plaguing Google and Amazon.
According to founding member Ilyas Lebleu, the group identified AI-generated content by spotting unnatural phrasing
and suspicious catchphrases, leading to the discovery of some shocking cases, like a detailed,
well-cited article on a fortress that never existed. Their work doesn't stop at fake text.
AI-generated images have also slipped through the cracks, like one depicting
people with mangled hands and seven-toed feet. The editors aren't just deleting AI content for
being AI-generated, though. If it's relevant, it stays. Despite their efforts, LeBleu and his
teammates acknowledge the challenge. AI detection tools aren't foolproof, and they often rely on human volunteers to catch errors.
While Wikipedia has fared better than some of the big platforms,
the editors know there's still much work to do
in keeping AI-generated slop at bay.
And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review
in your favorite podcast app. Please also fill out the survey on the show notes or send an email to
cyberwire at n2k.com. We're privileged that N2K Cyber Wire is part of the daily routine of the
most influential leaders and operators in the public and private sector, from the Fortune 500
to many of the world's preeminent intelligence and law
enforcement agencies. N2K makes it easy for companies to optimize your biggest investment,
your people. We make you smarter about your teams while making your team smarter. Learn how at
n2k.com. This episode was produced by Liz Stokes. Our mixer is Trey Hester with original music and
sound design by Elliot Peltzman. Our executive producer is Jennifer Iokes. Our mixer is Trey Hester, with original music and sound design
by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karp.
Simone Petrella is our president,
Peter Kilpie is our publisher,
and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Thank you. that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps
tailored to your role.
Data is hard.
Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.