CyberWire Daily - China accuses the US of cyberespionage. Backdoors found in NetScaler. Account hijacking campaigns. Raccoon Stealer gets an update. Cryptocurrency recovery scams. Narrative control in the hybrid war.
Episode Date: August 16, 2023China accuses the US of installing backdoors in a Wuhan lab. NetScaler backdoors are found. A Phishing scam targets executives. LinkedIn sees a surge in account hijacking. Raccoon Stealer gets an upda...te. Cryptocurrency recovery scams. We kick off our new Learning Layer segment with N2K’s Sam Meisenberg. And a Moscow court fines Reddit and Wikipedia, for unwelcome content about Russia's war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/156 Selected reading. Ministry warns of data security risks after US agencies identified behind cyberattack on Wuhan Earthquake Monitoring Center (Global Times) China accuses U.S. intelligence agencies as source behind Wuhan cybersecurity attack (ZDNET) China teases imminent exposé of seismic US spying scheme (Register) 2,000 Citrix NetScaler Instances Backdoored via Recent Vulnerability (SecurityWeek) Cloud Account Takeover Campaign Leveraging EvilProxy Targets Top-Level Executives at over 100 Global Organizations (Proofpoint) LinkedIn Accounts Under Attack (Cyberint) LinkedIn faces surge of account hijacking (Computing) LinkedIn accounts hacked in widespread hijacking campaign (BleepingComputer) Raccoon Stealer malware returns with new stealthier version (BleepingComputer) FBI warns of increasing cryptocurrency recovery scams (BleepingComputer) Russia slaps Reddit, Wikipedia with fines (Cybernews) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
China accuses the U.S. of installing backdoors in a Wuhan lab.
Netscaler backdoors have been found.
A phishing scam targets executives.
LinkedIn sees a surge in account hijacking.
Raccoon Stealer gets an update.
Cryptocurrency recovery scams.
We kick off our new Learning Layer segment with N2K's Sam Meisenberg.
And a Moscow court finds Reddit and Wikipedia
for unwelcome content about Russia's war.
I'm Dave Bittner with your CyberWire Intel briefing
for Wednesday, August 16th, 2023.
China's Ministry of State Security has accused the U.S. of a cyber attack incident targeting the Wuhan Earthquake Monitoring Center. The Global Times, a news service operated by the Central Committee
of the Chinese Communist Party, quotes Zhao Jingguang of the National Committee of the
Chinese People's Political Consultative Conference as stating, U.S. intelligence agencies not only actively collect various signal
intelligence, but have also long obtained other countries' comprehensive Earth system science
remote sensing and telemetry data as strategic intelligence through various means. Chinese
statements express concern about collection of technical information and the possibility of collateral interference with earthquake alerts and emergency response.
The record writes that seismic data could serve as a form of massint, that is, measurement and signature intelligence,
noting as well that seismic monitoring has long provided information about nuclear testing.
Whatever merit it may or may not have, China's
announcement also serves as an influence operation, as pushback to U.S. accusations of Chinese cyber
espionage and staging of potentially disruptive malware in critical infrastructure.
NCC Group's Fox IT has discovered a massive exploitation campaign of approximately 2,000 Citrix Netscaler products.
A threat actor automated the exploitation of CVE-2023-3519, a remote code execution vulnerability, to place web shells on the devices.
The researchers note, the adversary can execute arbitrary commands with this web shell,
even when a net scaler is patched and or rebooted.
At the time of writing, more than 1,900 net scalers remain backdoored.
Using the data supplied by Fox IT, the Dutch Institute of Vulnerability Disclosure has notified victims.
disclosure has notified victims. Proofpoint is tracking what it calls a dramatic surge of over 100% in successful cloud account takeover incidents impacting high-level executives at
leading companies. The threat actors used the evil proxy phishing tool to target executives
at more than 100 organizations around the world between March and June of 2023.
The researchers state, amongst the hundreds of compromised users,
approximately 39% were C-level executives,
of which 17% were chief financial officers and 9% were presidents and CEOs.
Attackers have also shown interest in lower-level management,
focusing their efforts on personnel with access to financial assets or sensitive information.
Cyberint researchers are tracking an increase in the hijacking of LinkedIn accounts.
Much of the evidence the researchers have collected is circumstantial,
like a surge in Google searches as LinkedIn account hacked or LinkedIn account recovery.
CyberInch says, while LinkedIn has not yet issued an official announcement,
it appears that their support response time has lengthened
with reports of a high volume of support requests.
Unsurprisingly, poorly protected accounts are most vulnerable,
accounts with weak passwords or without two-factor authentication.
Better protected accounts typically see a temporary disruption while LinkedIn verifies the owner's
identity. The more poorly protected accounts suffered full account compromise. In these cases,
the owners were unable to regain access on their own. The attacks followed a common process. First,
the attackers gain access either through credential theft or brute forcing of weak credentials.
Second, they alter the email address associated with the account.
Third, they change the account password.
That second step is the one that renders it difficult for the legitimate owner to recover access, since they can no longer receive a recovery email.
owner to recover access, since they can no longer receive a recovery email. The new email addresses assigned to the hijacked accounts often use the mail system of Rambler.ru, a Russian online
platform and news service owned by the government-controlled financial institution
Sberbank. The motive for the hijacking is unclear and the clues are inconsistent.
There have been reports of ransom messages directed to the legitimate account owners,
but the ransoms demanded don't amount to much, only tens of dollars.
CyberRent concludes,
although the specific intentions of the threat actors are uncertain yet,
whether they are financial, phishing, or internal information acquisition,
the potential impact on victims is serious.
The developers of the Raccoon Stealer malware have returned after a six-month hiatus
with a new version of their InfoStealer, Bleeping Computer Reports.
This version includes a new search feature that allows threat actors to find credentials
and other information stolen in data breaches.
The new version is also better at evading bots used by security researchers.
Additionally, the developers added various new features
that make it easier for less skilled threat actors to use the tool.
The criminal-to-criminal market, here as elsewhere, responds to customer feedback.
The malware's developers said in a forum market, here as elsewhere, responds to customer feedback. The malware's developers
said in a forum post, changes were implemented based on feedback and analysis of our customers'
requirements and market trends. The U.S. FBI has warned that criminals are exploiting fear
of cryptocurrency scams to operate cryptocurrency recovery scams. The criminals claim to be businesses that can
trace and recover stolen cryptocurrency. They reach their victims either by contacting them
directly through messaging or social media service, or by attracting victims with ads or
news articles hawking their bogus services. Sometimes they pose as law enforcement authorities, and as the FBI points out,
law enforcement agencies don't charge crime victims for their services. The scam either
obtains payment from its victims or collects their personal information in furtherance of other
crimes. Bleeping Computer ran an experiment in which they tweeted a call for assistance in recovering lost cryptocurrency.
The tweet, which was nicely phrased, stating,
I need Trust Wallet Metamask Phantom Yori support. I lost all my crypto and password recovery phrase.
Well, it drew an immediate response from bots offering to redirect them to people who could help.
The FBI advises reporting recovery service fraud come-ons to the IC3 portal.
And finally, CyberNews reports that a Russian magistrate court in separate actions yesterday
fined Reddit and Wikipedia a billion rubles each, the equivalent of a little more than $20,000,
the ruble not being what it used to be.
equivalent of a little more than $20,000, the ruble not being what it used to be.
The fines to Reddit and Wikipedia came for their failure to remove content not in line with the Kremlin's view of its special military operation, that is, its war against Ukraine. Wikipedia has
been fined before and has no intention of complying with the takedown orders that accompanied the fine.
Coming up after the break, we kick off our new Learning Layers segment with N2K's Sam Meisenberg. Stay with us. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews,
and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And it is my pleasure to welcome to the studio Sam Meisenberg.
He is one of my colleagues here at N2K.
Happy to have you join us here on the Cyber Wire today, Sam.
Great to be here, Dave. Thanks for having me.
So let's start off by getting to know you a little bit. Can you tell us about your responsibilities at N2K?
Sure. So my official title is I'm the Director of Learning Experience at N2K. All that really means is I make sure students have a good learning experience when they go through our
training programs and make sure that they're learning something. But perhaps more importantly and more rewarding, I'm also an instructor at N2K.
So I make appearances in our on-demand learning content as well as our live online sessions.
So for folks who may not be familiar, of course, if you're listening to this, chances are you
know about the CyberWire and perhaps have been listening for a while.
Along the way in the past year,
we merged with a company called CyberVista, and that is where you were working. And then the new
company, the combined forces of both of those companies is N2K. Right. So let's talk about the
learning space itself. How did you get into this? Absolutely. So when I came to CyberVista, I actually
didn't have a background in cybersecurity at all.
I was a speechwriter before, actually, and did a lot of internal and external communications at a strategic communications firm.
But I was able to sort of teach myself the material.
And sort of how I did that is by studying for all these certification exams.
Wow.
So I dove right in.
I got my CSSP, SECPLUS 401, 501, 601, CEH, among other certs.
And I sort of fell in love with the cert-taking process.
And I know as an industry, we sort of like...
That's ambitious, Sam.
Well, you know what's interesting is like,
I think the cert sort of,
as much as we make fun of it as an industry,
it helps on the learning side because it fixes the two problems that have always plagued learning from the dawn of time and will always plague learning in the future, which is motivation and accountability.
If you have a cert at the end, the students can be focused and motivated and sort of interested in actually engaging with the content.
Right.
Because you have, you know, sort of something at the end to measure,
and you have a goal, a tangible goal to go after.
Yeah, there's a finish line there.
Exactly.
So I kind of fell in love with the test-taking art.
In fact, I recently sat for the LSAT.
If you don't know what the LSAT is, that's the test for folks who are going to law school.
Wow. I am not going to law school. I just heard it was a hard test and I'm kind of ultra competitive
and wanted to beat my girlfriend who's a lawyer. So I'm proud to say I scored in the 95th percentile.
And the only day, the only reason I'm mentioning that number is because I started in the 14th percentile. Wow. Yes. Okay. That's not a spoken typo. So
the point is, I am proud of that because, you know, I did a lot of work, learned a new skill,
and I really think just having, again, that exam focus is really helpful for learning.
And you practice what you preach. Exactly. Yeah, exactly. You know, I've heard
people say that one of the best ways to ensure that you know how to do something is to be able
to teach it. And I'm curious what sort of lessons you've learned along the way when it comes to
learning about learning. Yeah. So it's a really interesting question because I think your question
gets to the heart of actually something that we tell our students when you're studying is if you can teach it, if you can explain it, especially to somebody who has no idea about the content, that's when you really understand it. what I've learned, I mean, I think what I've come to realize, and I think this is good to say
because it's an expectation for everybody who's listening, learning is hard. Learning is not easy.
Learning isn't always fun. If you're having too much fun in learning, something's wrong.
Meaning you either already know the information too well and you shouldn't be in the class,
or again, the content is not challenging enough. So it is one of those things where you
have to actively engage with the content. You have to wrestle with it. You have to like take it out
of your brain and put it back in that repetition. It takes a lot of willpower. It takes a lot of
dedication. And so it's something that you really have to work at. And it's a sort of learning as a
muscle and a skill that you have to develop. And it doesn't really come naturally for a lot of people.
Yeah.
As an instructor, what is it like for you?
I'm thinking particularly when you're not in front of a live audience,
when you're creating some of these educational programs
that you know people are going to be viewing on their own time and their own terms.
Absolutely.
It's one of those things that always is a little strange.
It takes a little bit to get used to. What I sort of use myself and when we train instructors,
we always say, pretend like there's somebody on the other side of the camera. So trick yourself
and look into the lens or look above the lens. If you need to tape a picture of a real human being
above the lens and just convince yourself that somebody's there and pour your heart out as if there is somebody there,
make love to the camera is what we say. So we really try to, like you said, sort of pretend
like there is somebody there. But going back to my first answer about why learning is so hard,
that I think is the ultimate job of the instructor, to motivate, to hold people accountable,
to inspire people to actually want to learn.
Because all good instructors, of course,
can explain content, right?
But the best instructors are the ones
who can motivate people to study.
And if you can help people tap into some motivation to learn,
because when you start to learn,
you realize how hard it is,
the instructor is really there to get people inspired and motivated.
Well, you're going to be hosting a regular segment here on the Cyber Wire called Learning Layer.
What can we expect from that? What sort of stuff are you going to be discussing?
Yes, I'm really excited for this segment. It's a segment, right? Don't call it a podcast,
because it's not its own thing. Right, right. I'm really excited
for that segment because I think we're going to talk about a lot of different stuff or things,
but all of which I think people will get something out of. So we're going to talk about everything
from certification exam prep to learning science in general, a little bit of brain science. But I think the most value will come from when I
have on the show actual real learners who are in the space, right? Who are sort of learning how to
learn. Because I think folks will get value of talking to their peers in the industry and
listening to what they have to say about how they do it, right? What's their learning experience
like? What's their journey? What are their habits? What do they actually do to retain information and stay
sort of on top and keep up with all the information? So I think exposure to real
human beings who are in the space doing it will be the greatest value add for this segment.
You know, it's such a rapidly changing space. Where do you see things headed?
What's the future of learning from your point of view?
So I typically don't like to forecast, but Dave, if you insist, I will.
So I think something that we could see in the future is a slightly different approach to how we measure and assess folks and how we measure success.
So what I mean by that is right now,
we typically measure folks compared to their peers.
So think about like grades, right?
That is a grade that is you're being compared to all your classmates
or even folks who are studying for the Sec Plus.
You guys will appreciate this, that the passing score is 750, right?
And it's the same for everybody.
But the reality is
that not everybody comes in at the same place. So why should the finish line be the same? So I think
a better way to measure learning success is to figure out the delta. The delta between, for
example, where you come in at, like a diagnostic, and where you end at. Figuring out that personal
growth, I think, is good for folks who,
you know, may be on the lower end of the spectrum or meaning like they come in
at a slightly lower knowledge level.
And it's also good for those advanced people
because then you can sort of set a finish line
that's appropriate for them.
So it really benefits all types of learners
when you think about success like that.
All right.
Well, the segment is called Learning Layer
and Sam Meisenberg is the host.
Sam, thanks so much for joining us.
Thanks, Dave.
Appreciate it.
And coming up after this short break,
we'll have our first segment of the Learning Layer
featuring host Sam Meisenberg. Okay, pop quiz.
Do you remember the first headline that Dave discussed today?
Take a second, think about it, see if you remember.
China's Ministry of State Security has accused the U.S. of a cyber attack incident targeting the Wuhan Earthquake Monitoring Center.
The Global Times, a news service operated by the Central...
Okay, how about another memory quiz?
Do you remember any of the headlines from yesterday's Cyber Wire Daily?
It can be any headline.
It doesn't have to be the first one.
yesterday's Cyber Wire Daily. It can be any headline. It doesn't have to be the first one.
A cyber attack against data hosting provider Rapatoni Corporation has taken down numerous multiple listing services, the MLS, used by realtors around the country. Peg King,
a Coldwell banker agent in Petaluma... So if you answered no to either or both those questions
and were not able to recall the headlines, that's actually normal, even expected. If you answered no to either or both those questions and were not able to recall the headlines, that's actually normal, even expected.
If you answered yes, well, you have a huge brain and we mortals bow down to you.
But for the rest of us, retaining information doesn't come naturally.
So on this episode of Learning Layer, we'll discuss how to retain more of what you hear on the daily and anywhere else.
Now, before we get into how to remember more of what you hear, I want to address something you
might be thinking. You might be thinking, I don't need to remember news segments. The point of news
is not to have the information in my long-term memory, but to just get a daily update of daily
happenings. And I would agree that you can still get value from things even if they're not sort of stored in your long-term memory. But for some super important news stories, you actually want to remember them. That's because
remembering news stories and case studies allows you to make connections across them. This is very
important for our industry. A headline isn't helpful without context. You want to recognize themes or parallels across the news stories
so they aren't just random events, but rather parts of a larger story.
A good cyber practitioner and leader sees the forest, not just the trees.
And you can only make those connections and see the big picture
if you remember the news stories.
Another reason it's important to remember
what you hear on the daily is so you can have case studies in your back pocket. Whether it's using
an example as part of a business case or being a thought leader in the space, sharing real-world
tangible examples are crucial. So hopefully I've convinced you that remembering news stories is
important, but it's not easy. Going back to
the pop quiz, the reason I wasn't expecting you to remember what you heard is that our brains,
by default, aren't really good at remembering most things. Really, the only thing we're good
at remembering are things that we have emotional ties to. That's why we remember well what our
crush said to us years ago, or we remember very happy or very low moments,
but don't remember where we parked the car.
So unless you have an emotional tie to any of the news stories,
which, you know, it's possible,
like maybe your organization was part of a breach and you lived through it,
but usually you probably won't have that connection,
so you probably won't remember what was discussed on the daily.
And to be clear, this is no fault of Dave remember what was discussed on the daily. And to be clear,
this is no fault of Dave's or the format of the daily. It's simply that without emotional ties,
our brain needs to actively work hard to remember things. The other challenge you face retaining information on the daily is that a lot of you are probably multitasking while listening. We know,
for example, that the daily is a popular commute or household chores soundtrack. There's well-documented brain science that shows
multitasking is damaging to short-term retention. Now, to be fair, if you're driving, you're
probably using what we call your procedural memory, meaning you're not stealing much brain
power away from what you're listening to, but still, it's not optimal. So with all of those challenges,
we're finally ready to discuss the solution. So we're finally here. All these minutes in,
we're here for the main event. How do we retain information? Well, the bad news, as I mentioned
earlier, it's not easy and it's not fun. You have to actively engage with the content that you want to remember.
So how would we apply this to the daily?
Well, for example, say you identify one important headline that you want to remember.
Well, the next day, listen to the same headline again for a second time.
That sounds really obvious, but it'll work.
This is called spaced repetition.
You're having the information repeated to you over time. Research tells us that the ideal repetition schedule is to listen to it again
for a third time on day seven, and then on day 21, and then day 30. The dates don't really matter.
All I'm saying is that basically across a month, you want to listen to it about five times.
across a month, you want to listen to it about five times. Now, if that seems a little drawn out and boring, one thing you can do to speed up the retention process is to write it down. Meaning,
after you listen to the segment for the first time at a moment when you're not driving,
summarize what you heard and jot it down in a journal. The act of summarizing will help you
remember it. And then you can actually revisit that journal over time
and reread your own summary.
You can watch your CyberWire daily journal grow
and make those connections that we discussed,
you know, across your news notes.
I also like the name news notes.
I think that should be a thing.
As you can tell on Learning Layer,
we like the concept of alliteration.
News notes, I like that.
All right, look, if writing it down
also seems too burdensome, you can try just telling a friend or colleague about the news story.
Again, it's just the process of summarizing and putting into your own words, putting into your
brain, taking out of your brain, engaging with it. That's the thing that's going to help you
remember it. So what I'm proposing is actually really simple, right?
Choose a news story that you want to remember,
re-listen a bunch of times, talk about it, write it down.
Build your CyberWire daily journal and consider those themes or parallels across the stories
and make connections across them.
It's hard work, but if you're diligent and put in the work,
you'll have a valuable pile of news stories
and case studies at your disposal, both in your brain and in a journal, ready to be recalled on demand.
Try it. See what happens. Try it for like, I don't know, a couple days.
If you hate it, that's fine. If it's not for you, again, totally fine.
But regardless, let me know if it works for you or if you have any better ideas.
Let us know by emailing learninglayer at n2k.com.
Happy learning. We'll see you next time.
That's N2K's own Sam Meisenberg with our Learning Layer segment.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant. Thank you. us at cyberwire at n2k.com. Your feedback helps us ensure we're delivering the information and insights that help keep you a step ahead in the rapidly changing world of cybersecurity.
We're privileged that N2K and podcasts like the Cyber Wire are part of the daily intelligence
routine of many of the most influential leaders and operators in the public and private sector,
as well as the critical security teams supporting the Fortune 500 and many of the world's preeminent intelligence and law enforcement agencies.
N2K Strategic Workforce Intelligence optimizes the value of your biggest investment,
your people. We make you smarter about your team while making your team smarter.
Learn more at n2k.com. This episode was produced by Liz Ervin and senior producer Jennifer Iben.
Our mixer is Trey Hester with original music by Elliot Peltzman.
The show was written by our editorial staff.
Our executive editor is Peter Kilby and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Your business needs AI solutions that are not only ambitious, Thank you. impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain
insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.