CyberWire Daily - Confidence on election day.
Episode Date: November 5, 2024On election day U.S. officials express confidence. A Virginia company is charged with violating U.S. export restrictions on technology bound for Russia. Backing up your GMail. Google mandates MFA. Goo...gle claims an AI-powered vulnerability detection breakthrough. Schneider Electric investigates a cyberattack on its internal project tracking platform. A Canadian man suspected in the Snowflake-related data breaches has been arrested. On our Threat Vector segment, David Moulton sits down with Christopher Scott, from Unit 42 to explore the essentials of crisis leadership and management. I spy air fry? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of the Threat Vector podcast, host David Moulton sits down with Christopher Scott, Managing Partner at Unit 42 by Palo Alto Networks, to explore the essentials of crisis leadership and management in cybersecurity. You can hear the full discussion here and catch new episodes of Threat Vector every Thursday on your favorite podcast app. Selected Reading In final check-in before Election Day, CISA cites low-level threats, and not much else (The Record) Joint ODNI, FBI, and CISA Statement (FBI Federal Bureau of Investigation) Exclusive: Nakasone says all the news about influence campaigns ahead of Election Day is actually 'a sign of success' (The Record) Virginia Company and Two Senior Executives Charged with Illegally Exporting Millions of Dollars of U.S. Technology to Russia (United States Department of Justice) Gmail 2FA Cyber Attacks—Open Another Account Before It’s Too Late (Forbes) Mandatory MFA is coming to Google Cloud. Here’s what you need to know (Google Cloud) Schneider Electric says hackers accessed internal project execution tracking platform (The Record) Google claims AI first after SQLite security bug discovered (The Register) Suspected Snowflake Hacker Arrested in Canada (404 Media) Is your air fryer spying on you? Concerns over ‘excessive’ surveillance in smart devices (The Guardian) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
On election day, U.S. officials express confidence.
A Virginia company is charged with violating U.S. export restrictions on technology bound for Russia.
Backing up your Gmail?
Google mandates MFA and claims an AI-powered vulnerability detection breakthrough.
Schneider Electric investigates a cyber attack on its internal project tracking platform. A Canadian man suspected in the
snowflake-related data breaches has been arrested. On our Threat Factor segment, David Moulton sits
down with Christopher Scott from Unit 42 to explore the essentials of crisis leadership
and management. And I spy air fry?
It's Tuesday, November 5th, 2024.
I'm Dave Bitt Command, and the FBI
are tackling a surge of influence operations and disinformation campaigns from foreign adversaries,
especially Russia and China.
Former Cyber Command leader Paul Nakasone notes in an exclusive interview with The Record
that there's been significant progress since 2016 in how the U.S. manages election security,
citing a series of safe and secure elections enabled by a coordinated defense
strategy. This year, officials like CISA Director Jen Easterly emphasized that while minor incidents
like low-level DDoS attacks and ballot box vandalism have occurred, there's no evidence
of threats that could alter election outcomes. Russia remains the most active threat, deploying
false narratives and fabricated videos
to sow distrust and potentially incite violence, particularly in swing states. China's salt typhoon
has also targeted U.S. telecommunications networks for intelligence collection,
though officials believe this poses no immediate risk to election security.
Meanwhile, CISA and the FBI have debunked
misleading videos on social media, urging the public to rely on verified sources for election
information. The unified efforts across federal agencies, international partners, and AI-powered
defenses are credited with enhancing election security. Nakasone sees the current transparency about disinformation campaigns as a success,
reflecting a matured response framework.
CISA plans to release a post-election assessment
to confirm whether any foreign actors attempted to influence the outcome,
marking a proactive approach in the face of evolving threats.
In Virginia, two executives and their
company are facing serious charges for allegedly violating U.S. export restrictions on technology
bound for Russia. Ellevue International, based in Virginia, and its top leaders, Oleg Nayandin
and Vitaly Borisenko, are accused of creating an elaborate scheme to sidestep U.S. export controls.
According to federal prosecutors, after the Russian invasion of Ukraine,
Ellevue's leaders funneled restricted U.S. goods through countries like Turkey, Finland, and Kazakhstan,
disguising their true destination, Russian state-linked entities.
Let's break down these three alleged schemes.
In one case, Ellevue routed about $1.5 million worth of telecommunication gear through a fake
Turkish entity, knowing it would end up supporting Russian government agencies,
including the Federal Security Service, or FSB. In Finland, they allegedly used Russian postal tracking to sneak nearly three and a half
million dollars in goods, including high-priority components found in Russian suicide drones,
right to Russian customers. And through Kazakhstan, they moved an additional one and a half million
dollars in dual-use items. If found guilty, the men could each face up to 20 years in prison.
This case falls under the Department of Justice's Disruptive Technology Strike Force and Task Force
KleptoCapture initiatives that work together to prevent unauthorized transfers of critical U.S.
technology to hostile states. It's a high-profile reminder that U.S. export laws are under close watch,
especially with wartime restrictions in place. With cyber attacks on Gmail accounts rising,
Google has introduced advanced security measures to protect users.
Yet, session cookie theft and two-factor authentication bypasses remain threats for Gmail's 2.5 billion active users.
Security experts warn that although 2FA is essential,
attackers have become adept at circumventing it,
using tools to steal session cookies and evade application-bound encryption.
An article in Forbes describes one proactive measure to mitigate the impact of an attack,
A article in Forbes describes one proactive measure to mitigate the impact of an attack,
opening a second Gmail account and forwarding all messages from your primary account to it.
While this won't prevent a hack, it offers a backup to store critical information,
providing an accessible fallback if the primary account is compromised.
Cybersecurity specialists recommend enabling all available protections, including secure passkey sign-ins and Chrome's safe browsing features. A recent user experience shared on
Reddit illustrates the value of such backup accounts, as recovering from a Gmail breach
can be challenging. Ultimately, a second account offers a simple yet effective safety net for irreplaceable data.
Google Cloud is strengthening security by making multi-factor authentication mandatory for all users by the end of 2025.
The phased rollout begins this month, initially encouraging MFA adoption through resources and reminders. By early 2025, MFA will be required for password-based
logins on Google Cloud platforms, and by the end of the year, all federated users will need MFA,
with options for integration with primary identity providers.
This transition builds on Google's long history with MFA, starting with the 2011 launch of two-step verification
and the introduction of phishing-resistant security keys in 2014. Google's decision is
driven by data showing that MFA significantly reduces hacking risks, especially in cloud
environments. With phishing and stolen credentials being major threats, this mandatory MFA aims to provide stronger protection for Google Cloud's sensitive deployments.
And staying with Google for just a little while longer,
Google recently claimed a breakthrough in AI-powered cybersecurity with its tool BigSleep,
marking the first time an AI has uncovered an exploitable memory safety vulnerability in live code,
specifically a stack buffer underflow in SQLite.
Developed in collaboration between Google's Project Zero and DeepMind,
Big Sleep identified the flaw, allowing it to be fixed before the affected code's official release.
to be fixed before the affected code's official release. The flaw, found in early October,
involved an array index error that could lead to a crash or potential code execution.
Traditional fuzzing techniques hadn't detected the bug, but Google's LLM managed to locate it by analyzing recent commits in SQLite's repository. While BigSleep is still experimental,
Google views it as a promising tool
for uncovering elusive bugs missed by standard methods.
This AI-driven discovery underscores the growing role
of machine learning in finding complex real-world vulnerabilities,
complementing tools like Project AI's Vulnhunter,
which specializes in identifying zero days in Python.
Schneider Electric confirmed it's investigating a cyberattack on its internal project tracking
platform following a breach claim by the emerging Hellcat ransomware group.
Schneider, a global leader in energy management and automation, activated its incident response
team after Hellcat claimed access to the company's Atlassian Jira system,
allegedly stealing around 40 gigabytes of project and user data.
The group is demanding $125,000 in ransom to avoid leaking the data.
This attack follows a ransomware incident in January that affected Schneider's Sustainability Division systems.
incident in January that affected Schneider's sustainability division systems. Hellcat,
which surfaced recently, has also claimed responsibility for an attack on Jordan's Ministry of Education, though this is unverified. The FBI notes that increased ransomware disruptions
this year have likely driven ransomware operators into smaller groups, possibly fueling attacks like
this one.
Schneider continues to investigate, prioritizing containment and security measures.
A Canadian man suspected of leading this year's wave of snowflake-related data breaches,
linked to over 165 instances, has been arrested. Known online as Judish and Waifu, the hacker is allegedly responsible for breaches impacting AT&T, Ticketmaster, and LendingTree, among others. The arrest follows a coordinated
investigation involving cybersecurity researchers and international law enforcement who'd been
gathering intelligence on the suspect for months. Sources identified the hacker as Connor Mocha,
also known as Alexander Mocha. The Canadian Department of Justice confirmed his arrest
on October 30 at the request of the United States. Mocha reportedly communicated with
404 Media in mid-October, expressing fears of imminent arrest. He claimed to have destroyed evidence, suggesting his
activities might be hard to prosecute fully. The hacking group he's associated with, known as
The Calm, is a collective of young hackers behind high-profile cybercrimes worldwide.
Coming up after the break in our Threat Vector segment,
David Moulton sits down with Christopher Scott to discuss the essentials of crisis leadership.
Stay with us. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals
to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been
breached. Protect your executives and their families 24-7, 365, with Black Cloak. Learn
more at blackcloak.io. David Moulton is host of the Threat Vector podcast right here on the N2K Cyber Wire Network.
He recently sat down with Christopher Scott, managing partner at Unit 42 by Palo Alto Networks.
They discussed the essentials of crisis leadership and management in cybersecurity.
These attackers know that if they can cause true business disruption, an organization's
ability to operate with their partner ecosystem, with the vendors that are so critical to doing
their job, and then to provide services to their clients, like on the healthcare front,
we're seeing an impact in billions of dollars, in some cases really impacting GDP of particular countries throughout the world
because of the downtime that's being caused by just the level of these attacks.
Welcome to Threat Factor, the Palo Alto Network's podcast where we discuss pressing cybersecurity
threats and resilience and uncover insights into the latest industry trends. I'm your host,
David Moulton, Director of Thought Leadership. Today, I'm speaking with Wendy Whitmore,
the Senior Vice President at Palo Alto Networks, who leads the Uni42 team. With an impressive
background spanning government, academia, and industry, Wendy is a recognized leader in national security and cybersecurity.
She's contributed her expertise to the U.S. Department of Homeland Security's Safety Review
Board, served on advisory boards for Duke University and the University of San Diego,
and actively engages with organizations like the World Economic Forum.
Throughout her career, from serving as a special agent with the U.S. Air Force to leading global cybersecurity teams at Mandiant, CrowdStrike, and IBM,
Wendy has demonstrated an unwavering commitment to safeguarding organizations and individuals from cyber threats.
Today, we're discussing the increasing speed and sophistication of cyber attacks.
Today, we're discussing the increasing speed and sophistication of cyber attacks.
As cyber threats continue to evolve, how can organizations keep pace with attackers and adapt their strategies?
This is critical for organizations' operational resilience and for the national and global security landscape.
Here's our conversation.
Wendy, welcome back to Threat Factor. It's always a pleasure to have you on the podcast.
First, David, great to be here. Excited to be on Threat Factor. Love the show. Love listening to it. So happy to talk to you again today. In your last appearance, we talked about the
evolving speed and sophistication of cyber attacks and how AI is becoming a game changer for
attackers. I remember you specifically pointed out how AI is enabling attackers to move faster,
reducing language
barriers, and increasing the effectiveness of social engineering tactics. That conversation
really opened a lot of eyes in our audience. Before we dive into today's discussion, I'd love
to revisit your work shaping the next generation of cybersecurity professionals. You're involved
with academic institutions like Duke University and the University of San Diego,
helping guide future leaders in this field. Could you share a bit more about your passion
for mentoring these students and what skills you think are most critical for their success
in cybersecurity? Well, I think it's no surprise that there's a massive shortage of jobs that are
filled today, right? So we don't have enough skills in cybersecurity to fill the jobs
we have today, and those jobs are likely only to continue to grow. So the more great students we
can get involved at an early age, the better. One of the areas we want to continue to focus on is
just awareness. So making sure that students, not just starting at the high school level,
but certainly before that, are aware that
cybersecurity is a great field, that there's some really cool jobs out here that are challenging,
and that those students are then going into the college programs at the undergraduate level,
and then continuing that right at the graduate level to really hone those skills and then have
great opportunities for really fulfilling work moving forward. So the more that all of us can do to get great students in the pipeline, the better.
My daughter came into my office about a year ago and told me, Dad, I want to go into the FBI.
And she goes, I like helping people, and I like solving puzzles. And had an opportunity to visit
the San Antonio FBI office and visited with the CART team there.
And that ended up being that awareness that this career exists and that this is a really
valuable place to spend your time and your talent and go crack some tough problems.
And I love it that you're an advisor to students. Those students are really,
really fortunate to have such a great mentor in you.
advisor to students. Those students are really, really fortunate to have such a great mentor in you. So today we're going to get into adapting to some new attack vectors, and we've got a lot
to cover. So let's jump into our conversation. Wendy, we've seen a huge surge in high-profile
attacks targeting a lot of different sectors. Could you share some insights into the most
impactful cybersecurity attacks in recent years and what made them so damaging?
So over the last year to let's say year and a half, what we've seen is just a huge increase in the scale of the attacks, in the sophistication of attackers, and certainly the speed with which they're operating. When I'm mentioning sophistication
of attackers, I'm going to focus particularly right now on cyber criminals and just their
ability to really understand how businesses operate and how they work together, what that
organizational landscape looks like in terms of when contracts are awarded, how an organization
onboards a vendor, how they offboard a vendor, and then what results
in that are times where there may be more vulnerabilities based on access to credentials,
access to certain providers. Well, that said, I want to really specifically talk about the last
six months. And what we have seen now more than ever is disruption of business and very specific intentional disruption to the end
customer and the end consumer. And it really seems to be that if you can bring pain to the
end consumer, the attackers can leverage the end consumer to put pressure on businesses to make
decisions faster. And what the attackers are hoping is that that ultimately commands a higher payout in terms and in the form of a ransom.
We have seen the payments of ransoms, I think, become an even hotter topic.
At this point, just in 2023 alone, chain analysis provided a record $1 billion in ransomware payments that were made in that year alone.
dollars in ransomware payments that were made in that year alone. And if you think about that,
that's only really what's recorded and what's known. That number is actually likely to be a good amount higher. And the reality is that these attackers are taking that money, not only paying
themselves and their teams and all of the delegate systems they have set up, but they're also
leveraging that to invest in future R&D and making sure that their capabilities continue to grow
and become even more advanced. I think that's pretty concerning.
How has the rise of automated and AI attacks changed the nature of the threat landscape?
And as a defender, can we keep up? I think there's good news. The defense can keep up. As you mentioned in the earlier
commentary of cat and mouse game, it's going to continue to be that sixth scenario that we live
in. And I think the reality of doing business, if you have business connected to any kind of
online environment. But I think as we think about how do we really combat this threat as it continues
to evolve, there's more focus than there ever has been on real-time visibility.
So creating the opportunity for your organization to detect at every step of an attack, to make
sure you've got logging and monitoring at each of those steps so you can go back and
quickly identify what action occurred, who was responsible for it, and then really being
able to leverage AI at every step of the way, right? So integration
into your ability to defend at the network level, at the cloud level, at the endpoint,
and to coalesce all that information as quickly and rapidly as possible is absolutely going to
be key. The faster then that we can create kind of that embedded sequence all together is going
to mean your SOCs able to
detect threats in real time. They're going to then be able to reduce the volume of attacks
and focus on those with which are going to cause the most destruction or disruption
and be able to prevent those singular events from becoming a widespread
organizational wide compromise.
Thanks for listening to this segment
of the Threat Vector podcast.
If you want to hear the whole conversation,
you can find the show in your podcast player.
Just search for Threat Vector by Palo Alto Networks.
Each week, I interview leaders from across our industry
and from Palo Alto Networks
to get their insights on cybersecurity,
the threat landscape,
and the constant changes we face.
See you there.
And don't forget to check out the complete Threat Vector podcast.
You can find that right here on the N2K CyberWire network or wherever you get your favorite podcasts.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping
unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
And finally, in today's age of smart everything,
even air fryers seem to have developed a taste for data.
UK consumer group Witch discovered that some smart air fryers are a little too curious.
These fryers by brands like Jomi request microphone permissions through their apps,
and Jomi's friar was found sharing
personal data with Facebook, TikTok, and even servers in China. The consumer group also flagged
smart speakers loaded with trackers from Google, Facebook, and Urban Airship, along with watches
asking for risky permissions like location and audio access. The UK's Information Commissioner's Office voiced concerns,
stating that many devices flunk both data protection standards
and consumer expectations.
It's crafting new guidance for Spring 2025
to make smart tech makers step up their privacy game.
Meanwhile, device manufacturers assure us they're all about privacy. Still, before your
air fryer becomes a spy, be careful you're not cooking up some data leaks.
And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
We're privileged that N2K Cyber Wire is part of the daily routine of the most influential leaders and operators in the public and private sector,
from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people.
We make you smarter about your biggest investment, your people.
We make you smarter about your teams while making your teams smarter.
Learn how at n2k.com.
This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music and sound design by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Park.
Simone Petrella is our president.
Peter Kilby is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here
tomorrow. Thank you. Business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to