CyberWire Daily - Crackdown on privacy leads to a multi-million dollar fine.

Episode Date: February 23, 2024

The FTC fines Avast over privacy violations. ConnectWise's ScreenConnect is under active exploitation. AT&T restores services nationwide. An Australian telecom provider suffers a data breach. EU Membe...r States publish a cybersecurity and resilience report. Microsoft unleashes a PyRIT. A new infostealer targets the oil and gas sector. A cyberattack cripples a major US healthcare provider. Our guest is Kevin Magee from Microsoft Canada with insights on why cybersecurity startups in Ireland are having so much success building new companies there. And  a USB device is buzzing with malware. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Kevin Magee from Microsoft Canada talks about recently meeting 15 cybersecurity startups in Ireland and finding out why they are having so much success building new companies there.  Selected Reading FTC Order Will Ban Avast from Selling Browsing Data for Advertising Purposes, Require It to Pay $16.5 Million Over Charges the Firm Sold Browsing Data After Claiming Its Products Would Block Online Tracking (FTC) Cybercriminal groups actively exploiting ‘catastrophic’ ScreenConnect bug (The Record) AT&T services resume, company blames "incorrect process" (Data Center Dynamics) 230k Individuals Impacted by Data Breach at Australian Telco Tangerine (SecurityWeek) EU releases comprehensive risk assessment report on cybersecurity, resilience of communication networks (Industrial Cyber) Microsoft Releases Red Teaming Tool for Generative AI (SecurityWeek) New Infostealer Malware Attacking Oil and Gas Industry (GB Hackers on Security) UnitedHealth says Change Healthcare hacked by nation state, as US pharmacy outages drag on (TechCrunch) Vibrator virus steals your personal information (Malwarebytes) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 You're listening to the Cyber Wire Network, powered by N2K. Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions. This coffee is so good. How do they make it so rich and tasty? Those paintings we saw today weren't prints. They were the actual paintings. I have never seen tomatoes like this. How are they so red? With flight deals starting at just $589, it's time for you to see what Europe has to offer.
Starting point is 00:00:31 Don't worry. You can handle it. Visit airtransat.com for details. Conditions apply. AirTransat. Travel moves us. Hey, everybody. Dave here.
Starting point is 00:00:44 Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me. I have to say, Delete.me is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected. Delete.me's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Delete.me.
Starting point is 00:01:22 Now at a special discount for our listeners. private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code n2k at checkout. That's joindeleteme.com slash N2K, code N2K. The FTC finds Avast over privacy violations. ConnectWise's Screen Connect is under active exploitation. AT&T restores services nationwide. An Australian telecom provider suffers a data breach.
Starting point is 00:02:14 EU member states publish a cybersecurity and resilience report. Microsoft unleashes a pirate. A new infostealer targets the oil and gas sector. A cyber attack cripples a major U.S. healthcare provider. Our guest is Kevin McGee from Microsoft Canada with insights on why cybersecurity startups in Ireland are having so much success. And a USB device is buzzing with malware. It's Friday, February 23rd, 2024. I'm Dave Bittner, and thank you for joining us.
Starting point is 00:03:13 It is great to have you with us. The Federal Trade Commission has concluded a significant enforcement action against Avast, a prominent software provider known for its antivirus and security products. a prominent software provider known for its antivirus and security products. The action requires Avast to pay $16.5 million and imposes strict limitations on its handling of web browsing data. The FTC's complaint details how Avast, under the guise of offering privacy protection through its browser extensions and antivirus software, engaged in the collection
Starting point is 00:03:45 of detailed browsing data from users. This data encompassed sensitive information, potentially revealing individuals' religious beliefs, health concerns, political leanings, and financial status, among other private details. The core of the FTC's complaint was the contradiction between Avast's privacy assurances and its actual practices. Despite advertising its products as tools to safeguard user privacy and block third-party tracking, Avast was found to have collected extensive browsing data, which it stored indefinitely and sold to over 100 third parties through its subsidiary, Jumpshot. This practice was not only in direct conflict with Avast's privacy promises,
Starting point is 00:04:30 but also occurred without providing adequate notice to consumers or obtaining their consent. Highlighting the severity of Avast's misconduct, the FTC criticized the company for not sufficiently anonymizing the browsing data before sale. Avast's claims of deploying special algorithms to strip identifying information were challenged, with the FTC pointing out the continued risk of re-identification due to the detailed nature of the data sold, including unique browser identifiers and precise activity logs. including unique browser identifiers and precise activity logs. The FTC's settlement with Avast includes several critical provisions aimed at rectifying the identified privacy breaches and preventing future violations.
Starting point is 00:05:15 Notably, Avast is now prohibited from selling or licensing browsing data from its branded products for advertising purposes. Additionally, the company is required to secure affirmative express consent from consumers before engaging in similar practices with data from non-Avast products. The agreement also mandates the deletion of all browsing information previously collected, along with any derivative products or algorithms. Beyond these immediate remedies, the settlement obliges Avast to notify consumers affected by the unauthorized data sales about the FTC's enforcement action. Furthermore, Avast is tasked with establishing a comprehensive privacy program
Starting point is 00:05:57 designed to address the misconduct highlighted by the FTC and to safeguard consumer privacy moving forward. A critical vulnerability in ConnectWise's ScreenConnect, scoring a maximum CVSS score of 10, is being exploited by ransomware criminals shortly after disclosure. Described as trivial to exploit for remote code execution, the flaw poses a significant risk, especially to managed service providers that are valuable targets for cyberattacks. Cybersecurity firms like Huntress and Sophos have observed ransomware attacks exploiting this vulnerability, impacting both servers and client machines. Despite the recent law enforcement operation against the LockBit ransomware group, attacks persist using
Starting point is 00:06:45 tools like the leaked LockBit 3 builder. Sophos warns that compromised systems need thorough investigation beyond patching, as various attackers are exploiting ScreenConnect to deploy ransomware and other malicious software. AT&T says that network services have been restored after a significant outage yesterday affected many users across North America. The outage was attributed to an incorrect process during network expansion, not a cyber attack. The disruption impacted at least 70,000 customers, including 911 emergency services. AT&T has apologized to affected customers and says they are committed to maintaining reliable service. Tangerine, an Australian telecommunications provider,
Starting point is 00:07:35 reported a cyber attack that compromised the personal information of 230,000 individuals involving current and former customer accounts. The breach was discovered two days after its occurrence on February 18th and exposed names, addresses, dates of birth, email addresses, mobile numbers, and account numbers. Tangerine claims financial and sensitive identification data remained secure. The intrusion was linked to a contractor's login credentials. Tangerine has since revoked access to the compromised account, enhanced security measures, and started notifying affected individuals.
Starting point is 00:08:13 EU member states, supported by the European Commission and ENISA, have published a report on the cybersecurity and resilience of Europe's communication infrastructure and networks. The document advances EU-wide efforts to secure telecommunications, particularly focusing on 5G network security. It results from a detailed risk assessment identifying threats, including ransomware and supply chain attacks. The report outlines 10 new risk scenarios, and recommendations include enhancing
Starting point is 00:08:46 resilience against physical and cyber attacks, assessing the criticality of international connections, and fostering collaboration for improved security measures. The report emphasizes the need for swift implementation of these resilience-enhancing steps to address the rapidly changing threat landscape. Microsoft has introduced Pirate. That's capital T, little y, capital R, capital I, capital T, because of course it is. It's an open-source tool aimed at enhancing the red-teaming process for generative AI systems. Developed to help security experts and machine language engineers uncover risks, Pirate automates auditing tasks and highlights areas needing deeper examination. Addressing the unique challenges of red teaming and generative AI,
Starting point is 00:09:37 which involves assessing both security and responsible AI risks due to its probabilistic nature and the variability in system architectures, Pirate enhances rather than replaces manual efforts. Originating in 2022 as a script collection for red teaming generative AI, it's demonstrated effectiveness with systems like Copilot. Pirate allows for controlled red team strategies, generates harmful prompts, adapts We note in full disclosure that Microsoft is a N2K CyberWire partner. The oil and gas sector is under threat from a new malware-as-a-service called Radamathi's Stealer, a sophisticated phishing campaign targeting critical infrastructure and sensitive data. This C++ information stealer, originally emerging in August of 2022, focuses on pilfering email, FTP, and online banking credentials.
Starting point is 00:10:42 and online banking credentials. It has quickly evolved, adding capabilities and improving evasion techniques, including altering clipboard data for cryptocurrency theft and recovering deleted Google account cookies. The deployment of Radamanthi's Stealer follows the takedown of the LockBit ransomware group, hinting at cybercriminals' strategic shifts or opportunistic behavior. With phishing emails as its delivery mechanism, Radamanthes poses a significant risk to the increasingly digital-dependent oil and gas industry,
Starting point is 00:11:14 emphasizing the necessity for robust cybersecurity measures, continuous monitoring, and employee awareness to help mitigate risks. UnitedHealthcare Group has reported that its subsidiary, Change Healthcare, was targeted by a cyber attack likely conducted by government-backed hackers, according to a regulatory filing. UHG has not specified a timeline for system recovery or identified the attacker's nation. Change Healthcare, a major player in the U.S. healthcare system for patient billing and handling approximately one-third of U.S. patient records,
Starting point is 00:11:52 experienced the attack early Wednesday. The specific nature of the cyberattack remains undisclosed. The incident has disrupted pharmacies nationwide, preventing prescription fulfillments through insurance. UHG has engaged security experts, cooperated with law enforcement, and informed affected stakeholders. Coming up after the break, Kevin McGee from Microsoft Canada has insights on why cybersecurity startups in Ireland are having so much success. Stay with us. Do you know the status of your compliance controls right now? Like, right now.
Starting point is 00:12:54 We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks. But get this. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off. And now a message from Black Cloak. Did you know the easiest way for
Starting point is 00:13:57 cyber criminals to bypass your company's defenses is by targeting your executives and their families at home? Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives. Because when executives are compromised at home, your company is at risk. In fact, over one-third of new members discover they've already been breached. Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io. It is always my pleasure to welcome back to the show Kevin McGee. He is the Chief Security Officer with Microsoft Canada.
Starting point is 00:14:49 Kevin, it is my understanding that you recently took a trip to Ireland and found out some interesting things by meeting some interesting people. Fill us in. What was this all about? Thanks for having me back, Dave. Yes, I got to go to my homeland. Kevin McGee, I'm a good Irish boy. I had my first opportunity to set foot on Irish soil, which was fantastic. Dave, we've talked in the past. I have my day job in security, but I'm also a fellow of the cybersecurity catalyst at Toronto Metropolitan University.
Starting point is 00:15:15 And one of the things I'm really interested in is understanding the unique challenges that cybersecurity startups face in not only developing their technologies and products, but bringing them to market and scaling. And what's really interested me the last couple of years is these clusters we've seen develop. Now, there's the large ones, San Francisco, your area, the Washington, D.C. area. Israel has a very well-documented cluster. But there's also micro-clusters of innovation, like New Brunswick in Canada has a micro-cluster. And Ireland was a country that is really producing incredible cybersecurity startups. And population-wise, you wonder, how are they doing it and what makes them unique? So I got the opportunity to go over there and poke around and see if I could find out why. Well, what did you learn? What is it about Ireland that gives them this environment to be successful? There's a few interesting things at the higher level. One,
Starting point is 00:16:11 they're a neutral country, which really, I hadn't really thought about how that impacts the ability to bring products to market. Being a neutral country, you know, they have a unique world view and world perspective and also the ability to interact with other nation states and whatnot in a different way, in a different means than some of the other countries that are due out of these clusters. They're also part of the EU. They're English-speaking, for the most part, with excellent tech schools. Lots of big companies are investing in facilities there, data centers, branch offices, whatnot. But it's also a very highly connected community. So I think the groundwork is there for scale, but they seem to be really focused on the cybersecurity market as one of these growth markets, which I think is fantastic. What I think coming away from it, as I learned,
Starting point is 00:17:01 is that the Irish are everywhere, and we have these global connections. So they're really leveraging that, and they're leveraging those global connections and individual connections to introduce products and services well beyond sort of the Irish market. And I think that's been one of the secrets to their success. I think when we think about things like manufacturing around the world, for me, just something as simple as cars. American companies build cars a certain way. Germans build them their way. The Japanese build them their way. But do you find that there's that cultural influence that people bring to developing new products and ideas in cyber as well?
Starting point is 00:17:46 I think it's very true. I think the Irish people, one, very entrepreneurial in how they approach things, but they've also made it a priority. And often governments will say, we'll make this area a priority. But I saw clear evidence on the ground. Enterprise Ireland is a firm that the government's put together. It's a venture capital firm, but they also have international trade delegations set up all around the world to introduce their startups to individuals. That's how I first got connected
Starting point is 00:18:15 with those folks. So the government has invested it out there, making sure that they're making those introductions. They're making sure they're not just providing capital as well. The amount of just connection in the community, the community feeling within the cybersecurity startup market was very tight. Everyone knew each other. Everyone was super supportive. The universities were very engaged as well. And there seems to be sort of three, I really looked at three sort of clusters around Dublin, of course, Galway on the West Coast, which is the site of many of the historically where the famine was very hard hit. And then in the south in Cork, there seems to be a cluster that's really emerging around the Munster University as well, too. too. And as these large sort of startups sort of grow, they also throw off additional funding, additional people and additional talent to found new startups. So they are micro clusters that I'm seeing in other areas of the world. But because of this ability and the investment of the
Starting point is 00:19:18 government to export this technology and these sort of thought leadership as well, I think they're punching way above their size in terms of global impact. When you came back home, what were some of the lessons you brought with you? Were there things that you learned there that you could apply to your own day-to-day? Yeah, I think really when I look at sort of an analysis of my LinkedIn contacts, I have my corporate cybersecurity friend group, and I also have this startup-y entrepreneurial innovation startup group. And there wasn't many visual links between the two groups. I think they sort of operate independently. When I looked at the DC area in particular, and the contacts I have there is much more integrated. So the folks that I knew in the corporate world versus the startup world, say the data tribes, which you're familiar with, very much more integrated.
Starting point is 00:20:11 And I don't know if that's a factor of place, if that's just a factor of integration of, say, the defense market or whatnot. But that seems to be one of the key ingredients is how do we leverage sort of the overall corporate scale with startup and innovation? And that's one of the things we're doing at Toronto Metropolitan University. We have what's called a corporate in residence, not just an entrepreneur in residence, where we ask people from large companies, banks, and whatnot to provide folks to assist some of the startups. And we're starting to see that traction, and we're starting to see those interactions in Canada now, learning on some of the lessons that I took from Ireland and some of the other research I've done as well.
Starting point is 00:20:49 All right, interesting insights. Kevin McGee is Chief Security Officer for Microsoft Canada. Kevin, thanks so much for joining us. Thanks, Dave. Thank you. a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant. With TD Direct Investing, new and existing clients could get 1% cash back.
Starting point is 00:22:09 Great! That's 1% closer to being part of the 1%? Maybe, but definitely 100% closer to getting 1% cash back with TD Direct Investing. Conditions apply. Offer ends January 31st, 2025. Visit td.com And finally, our marital aids desk made us aware of a report from Malwarebytes about one of their customers successfully blocking an attempted malware infestation from an unusual source. We're a family show, so I'll do my best to keep the descriptions clean. You know those catalogs your grandparents get in the mail? The ones that include neck massagers that are suspiciously torpedo-shaped? The infected device was one of those. Purchased at the Spencer's Novelty Shop in the local shopping mall,
Starting point is 00:23:04 the device features a USB port for battery charging, but if you plug the unit into your PC, it attempts to install the Luma information stealer. Luma, which is distributed via a malware-as-a-service model, targets cryptocurrency wallets, browser extensions, and two-factor authentication details, and can be spread through infected USB devices. The incident raises concerns about how the device became infected, and Spencer's has acknowledged awareness of the situation but has provided no further details. Advice for USB device safety includes using AC plug sockets for charging to avoid data transfer, and, of course,
Starting point is 00:23:47 employing USB condoms for data exchange prevention. Happy Friday, everyone. And that's The Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com. Be sure to check out this weekend's Research Saturday and my conversation with Asaf Dahan and Daniel Frank from Palo Alto Network's Cortex. We're talking about their research Manic Menagerie 2.0, the evolution of a highly motivated threat actor. That's Research Saturday. Check it out.
Starting point is 00:24:28 We'd love to know what you think of this podcast. You can email us at cyberwire at n2k.com. We're privileged that N2K and podcasts like The Cyber Wire are part of the daily intelligence routine of many of the most influential leaders and operators in the public and private sector, as well as the critical security teams supporting the Fortune 500 and many of the world's preeminent intelligence and law enforcement agencies. N2K Strategic Workforce Intelligence optimizes the value of your biggest investment,
Starting point is 00:24:55 your people. We make you smarter about your team while making your team smarter. Learn more at n2k.com. This episode was produced by Liz Stokes. Our mixer is Trey Hester with original music by Elliot Peltzman. Our executive producers are Jennifer Iben and Brandon Karp. Our executive editor is Peter Kilby, and I'm Dave Bittner. Thanks for listening. We'll see you back here next week. Thank you. Your business needs AI solutions that are not only ambitious, but also practical and adaptable. That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Starting point is 00:25:57 Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.