CyberWire Daily - Crime, compliance, and controversy.
Episode Date: August 29, 2024French authorities outline the allegations against Telegram’s CEO. Google finds familiar spyware in Mongolian government websites. The Mirai botnet leverages obsolete security cameras. Iran’s Peac...h Sandstorm targets the space industry. A federal appeals court says platforms may be liable to algorithmically recommended content. Scam cycles are getting shorter. McDonald’s officials are grimacing after hackers take over their Instagram account. Our guests today are Dave DeWalt, Founder and CEO of NightDragon, and Nicole Bucala, CEO and GM at DataBee, sharing their joint initiative which aims to propel future cybersecurity innovations. A would-be extortionist fails to cover his tracks. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guests today are Dave DeWalt, Founder and CEO of NightDragon, and Nicole Bucala, CEO and GM at DataBee, sharing their joint initiative to propel future cybersecurity innovations. Learn more. Selected Reading French authorities charge Telegram's Durov in probe into organized crime on app (Reuters) Russian government hackers found using exploits made by spyware companies NSO and Intellexa (TechCrunch) Old CCTV cameras provide a fresh opportunity for a Mirai botnet variant (The Record) Notorious Iranian Hackers Have Been Targeting the Space Industry With a New Backdoor (WIRED) Appeals court revives TikTok ‘blackout challenge’ death suit (The Register) Online scam cycles are getting shorter and more effective, Chainalysis finds (CyberScoop) Cisco Patches Multiple NX-OS Software Vulnerabilities (SecurityWeek) Crypto scammers who hacked McDonald's Instagram account say they stole $700,000 (Bitdefender) IT Engineer Charged For Attempting to Extort Former Employer (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
French authorities outline the allegations against Telegram's CEO.
Google finds familiar spyware in Mongolian government websites.
The Mirai botnet leverages obsolete security cameras.
Iran's peach sandstorm targets the space industry.
A federal appeals court says platforms may be liable to algorithmically recommended content.
Scam cycles are getting shorter.
liable to algorithmically recommended content.
Scam cycles are getting shorter.
McDonald's officials are grimacing after hackers take over their Instagram account.
Our guests today are Dave DeWalt, founder and CEO of NightDragon, and Nicole Bukala,
CEO and general manager at DataBee, sharing their joint initiative which aims to propel future cybersecurity innovations.
And a would-be extortionist fails to cover his tracks.
It's Thursday, August 29th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel briefing.
Thanks for joining us here today. It is great to have you with us.
Telegram CEO Pavel Durov is under formal
investigation in France for alleged involvement in organized crime through the messaging platform.
A French judge imposed bail conditions, including a 5 million euro payment, twice-weekly police
check-ins, and a travel ban from France Dourav faces accusations related to complicity in illegal
activities on Telegram, such as child abuse, drug trafficking, and money laundering. His arrest has
sparked debates about the balance between free speech and law enforcement. The investigation,
which began in February, highlights tensions between Telegram's operations and government compliance.
France's move has strained diplomatic relations with Russia,
where Durov also holds citizenship.
While Telegram asserts compliance with EU laws,
French authorities criticize the platform's lack of cooperation
in criminal investigations.
This case underscores the broader issue
of how governments deal with encrypted platforms
used for both lawful and illicit activities.
Researchers at Google have revealed
that Russian government hackers,
specifically the APT-29 group
linked to Russia's Foreign Intelligence Service,
have used exploits resembling those
developed by spyware
firms Intellixa and NSO Group. These exploits were found embedded in Mongolian government websites,
potentially compromising visitors' iPhones and Android devices through a watering hole attack.
The exploits targeted vulnerabilities in Safari on iPhones and Chrome on Android,
even though those vulnerabilities had been patched.
The attack aimed to steal user account cookies,
potentially granting hackers access to government accounts.
Google is unsure how the Russian hackers obtained the exploits,
but speculate they may have purchased or stolen them.
Google advises users to keep software updated to prevent such attacks.
Cybersecurity researchers at Akamai have identified a zero-day vulnerability in CCTV cameras
manufactured by Taiwan-based Avtech,
which is being exploited by hackers to expand a botnet based on the notorious Mirai
malware. The flaw found in the camera's brightness setting allows remote control of the devices,
enabling the spread of a Mirai variant called Corona. Despite the cameras being old and
discontinued, they remain in widespread use, including in critical infrastructure.
they remain in widespread use, including in critical infrastructure.
CISA issued an advisory warning about the vulnerability,
highlighting its ease of exploitation and the lack of response from Avtec.
Akamai notes that this incident reflects a growing trend of attackers exploiting older unpatched vulnerabilities to deploy malware.
The vulnerability was publicly known since 2019,
but only recently received a formal CVE designation.
The Iranian hacking group APT33,
also known as Peach Sandstorm,
has intensified its focus on space-related infrastructure
alongside other critical sectors,
according to new findings from Microsoft.
Active for over a decade, Peach Sandstorm is notorious for its aggressive cyber espionage,
particularly through password-spraying attacks.
Recently, the group has developed a sophisticated multi-stage backdoor named Tickler,
which allows them to remotely access and control victim networks.
Tickler, which allows them to remotely access and control victim networks.
Since April of this year, Peach Sandstorm has targeted space, satellite, and defense sectors using Tickler to infiltrate these high-stakes environments.
Microsoft reports that the group also manipulated victims' Azure cloud infrastructure, gaining
further control.
Additionally, the hackers have been using fake LinkedIn profiles
to conduct intelligence gathering in the space and satellite industries.
These actions underline a significant and evolving threat to global space infrastructure,
with Peach Sandstorm demonstrating a persistent interest
in disrupting and exploiting this critical sector.
In a significant legal development, a U.S. appeals court has opened the door for TikTok
to face potential liability over the tragic death of 10-year-old Nyla Anderson.
The young girl died after attempting the Blackout Challenge,
a dangerous trend that TikTok's algorithm had placed on her For You page.
Initially, a lower court had ruled that TikTok was protected under Section 230 of the Communications Decency Act,
which typically shields social media platforms from being held accountable for content posted by users.
However, the Third Circuit Court of Appeals in Pennsylvania disagreed,
arguing that by curating content through its algorithms,
TikTok may have played an active role in the harm caused.
Judge Paul Maddy, in his opinion,
emphasized that Section 230 wasn't meant to create a lawless no-man's land for platforms.
Instead, he argued, platforms should be accountable when their
algorithms actively push harmful content. This ruling challenges the broad immunities social
media companies have relied on and could have far-reaching implications across the industry.
The case will now return to the district court, where TikTok will face renewed scrutiny over its role in Anderson's death.
Cybercriminals have increasingly shifted to shorter, more targeted online scams,
significantly reducing the duration of their operations over the past four years,
according to a report from Chainalysis. Scammers are rapidly refreshing their infrastructure, with 43% of scam revenues tracked in 2024 linked to newly active wallets.
This trend reflects a move from large, prolonged schemes to quicker, smaller campaigns, often leveraging tactics like pig butchering.
This approach reduces the risk of detection and allows criminals to launder stolen funds more effectively.
Cisco has released patches for multiple vulnerabilities in its NXOS software,
with the most critical being a high-severity flaw in the DHCPv6 relay agent
that could allow remote attackers to cause a denial-of-service condition.
This flaw affects the Nexus 3000, 7000, and 9000 series switches
in standalone NXOS mode with specific configurations.
Other patched issues include medium-severity command injection and sandbox escape vulnerabilities,
potentially allowing unauthorized code execution or privilege escalation.
Cisco reports no known exploitations of these vulnerabilities in the wild.
Faster than you can say, would you like fries with that? Hackers took over McDonald's official
Instagram account, promoting a fake cryptocurrency called Grimace and allegedly stealing $700,000 from investors. They used the
account's 5.1 million followers and tweets from McDonald's social media head Guillaume Huynh
to lend credibility to the scam, promising investors a follow from the official account.
The fake coin's market value surged to $25 million within 30 minutes before crashing
when the hackers withdrew the funds and vanished. Heughan later confirmed that his Twitter account
had been compromised. McDonald's apologized for the incident, stating they are working
with authorities to investigate the breach and remove offensive content.
The swift deletion of the fraudulent posts
likely limited the number of victims.
Coming up after the break, my conversation with Dave DeWalt, founder and CEO of Night
Dragon, and Nicole Bucala, CEO and General Manager at DataBee. Stay with us.
Do you know the status of your compliance controls right now? Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize
key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices,
home networks, and connected lives. Because when executives are compromised at home, your company is at risk. In fact, over one-third of new members discover they've already been
breached. Protect your executives and their families 24-7, 365 with Black Cloak. Learn more
at blackcloak.io.
Dave DeWalt is founder and CEO of Night Dragon, and Nicole Bukala is CEO and General Manager at
DataBee. I recently sat down with them to share news of their
joint initiative, which aims to propel future cybersecurity innovations.
So today we're talking about this collaboration that is going to be happening and indeed is
happening between NightDragon and DataBee. I would love to start out with some descriptions
of the two organizations for folks who may not be familiar.
Nicole, everybody knows about Comcast, but I think DataBee might be a new name for folks.
How do you describe the organization?
Yeah, there's actually two new names I'd like to introduce.
One is DataBee.
The other is Comcast Technology Solutions. So within Comcast, which is a very large, highly diversified global company, Comcast
Technology Solutions is an arm that brings Comcast's own internal inventions to market
to other large enterprises.
It's highly diversified.
There are four business units with offerings across advertising and media and critical infrastructure, and now cybersecurity and enterprise data management through DataBee.
And so DataBee is sort of like a Series C startup within Comcast under the purview of Comcast Technology Solutions.
And Dave, for folks who haven't heard of it, few and far between as they may be, tell us about NightDragon.
Yeah, thank you. NightDragon, as I mentioned, is an investment and advisory firm.
We focus in on the market segment called security technology, secure tech.
So think of it like biotech or fintech, but the world of security technology. At the core of that is our focus in on the five major domains
that are essentially at risk or threats, which is space, air, oceans, land, and cyber. Cyber is where
a lot of our roots are, but we certainly see a lot of opportunity in all the markets. So Night Dragon focuses in on those threats and risks. We look for
growth stage companies, and part of our business is investing from funds. And the other part is
advising companies as part of the work we do with our platform. So in addition to being investors,
we help operate companies, help companies scale, and we built a series of
partnerships, one of which we have today, and a very important one, which is really to help
companies grow, especially in the worlds of data and AI meeting these threats and risks that are
occurring. So happy to be on the call today. Nicole, I'm curious about the motivation here. When you look at NightDragon, Comcast Technology Solutions has expertise in that infrastructure.
And right now, we're trying to diversify now into a new sector.
We want to be selling a SaaS product in cybersecurity and data management to other large enterprises, some of our existing customers as well.
to other large enterprises, some of our existing customers as well.
And so it's exciting to me to be able to collaborate with the folks at Night Dragon,
to be able to also meet some of the other founders that they invest in, right?
Because there may be synergies that we see across the Night Dragon portfolio and also what CTS is bringing to market.
Dave, Nicole mentions synergies.
Do you have any examples of potential synergies here between Comcast Technology Solutions and Night Dragon?
Yeah, I do.
As a matter of fact, I would underscore what Nicole just mentioned,
but maybe flip it around from my perspective for a minute.
You know, it's somewhat of an orthodox kind of
partnership. I mean, Comcast partnering with a venture capital firm in the security world,
you know, we don't see a lot of that, you know, over the years, but a credit to Comcast and
Nicole for thinking about, you know, the partnership in a different way, an innovative way.
And when you look at it from our perspective,
what does Comcast have? They have very powerful infrastructure, telemetry of intelligence that
they can gather. They have what I call the crowd. I always talk about crowd, cloud, and AI.
They have one of the biggest crowds of telemetry and data that you could see.
Most of our companies at Night Dragon
are all about crowd, cloud, and AI too,
depending on what sector that they're a part of.
And we look for AI and machine learning
to help generate threat intelligence
and risk capabilities in a way
that makes our world more secure for tomorrow.
But the idea here is Comcast, we see,
has really got the same mission.
How do we make it a safer mission. How do we make it
a safer world? How do we make it more secure? How do we leverage data? How do we leverage that cloud
in a way that can come together to be more than one plus one, Night Dragon and Comcast together,
but also with our portfolio companies and their expertise, making it a much bigger equation of
value together.
And we have a lot of respect for the people, for the process, for the capabilities Nicole brings,
but also the whole entity of Comcast. And so we're looking forward to a lot more time together and
a lot more fun, hopefully. Yeah, yeah. Thanks so much, Dave, for mentioning that. You know,
I think the thing you said to me before that is really fascinating from that security sector perspective and also from all the buzz around generative AI is the fact that Comcast brings to the table, again as well solved around critical infrastructure as it may be in other sectors.
Right. Critical infrastructure obviously powers a lot of other critical infrastructure.
Right. Some of the technologies obviously that are used in critical infrastructure can be very different.
Right. From some of the core technologies and therefore it necessitates a different approach to data analysis, to protection, to even the concept of doing the fun things in the data world,
right, writing advanced models that can deliver cool insights, right? It's different. And so,
you know, I'm excited, particularly about how this partnership, I think, is going to really
dive into what are the emerging threats and challenges in the digital landscape
and how do we really advance and provide greater value, right, not just to our customers, but also to better protect the world.
Dave, I'm curious about this notion of having early access to each other's technology, to each other's developments.
I mean, do you see that being a differentiating factor here in the collaboration?
Absolutely.
And I'm glad you asked that because for us as an investor and operator of emerging technologies,
you know, Nicole just mentioned generative AI or how to secure AI.
So we're looking at all the companies.
There's about 50 companies in AI security, as an example.
We look at them all.
We inventory them all.
We think we know where we can make an investment.
But Comcast can be a great validator.
And they, with their infrastructure and footprint, can help us with due diligence, help us understand which of these companies might be the
best for us to invest in. Maybe eventually they'll invest alongside of us as well or go to market
with these companies. So the partnership almost starts at the beginning of deal sourcing where
we're looking at markets and focus areas together. So I see it as a whole life cycle from the
beginning of our investment cycle to potentially liquidating at the end of the cycle.
How do we work together throughout all of that for the betterment of our companies together, but also the betterment of our customers together?
You know, Dave, it's an interesting point that you bring forward, which is the practitioner perspective that comes from the partnership with Comcast. And that's actually how
DataBee came to start, right? It had been developed by Comcast's own global CISO,
Nuber Davis, and her team. And I've done emerging technology and security before.
And one of the many challenges early on is product market fit, simply making sure that your idea
is actually helping someone in a way that they will pay money for it. A second problem that I've
seen in emerging technology and security is the question of scale. First, you create something and
you deploy it at a small scale, but then eventually you may have some success. You may have a hard time scaling.
And so Comcast also offers the perspective of scale. And so when we take Comcast scale and we take the practitioner mindset of what the practitioners are seeing, not only as the
real problems they're facing today, but also what are the right architectural approaches to address those in the most cost-efficient way?
That's really the value of Comcast and Comcast Cybersecurity in partnering with a venture
firm and in looking at some of those early-stage investments.
I would just say, if I could, maybe Nicole can end it, but I would just say I'm very
excited about the partnership.
There's no doubt about it.
A lot of respect for Nicole, a lot of respect for the company.
You know, the future is bright, as I said.
There's so many new technologies, company, AI, quantum, threats and risks.
I'm just proud to be a partner.
And, Nicole, thank you for the sponsorship, the relationship, and I look forward to many years working together.
Oh, well, thank you so much,
Dave. And likewise, I mean, for us at Comcast, we've made a commitment to fully get into the
cybersecurity industry. And when you think about what we have, we have our internal innovations
in Newbers.org. We have Comcast Ventures, which is starting to, it has invested in cybersecurity before, several good investments,
and it's now starting to do even more and looking to potentially collaborate with Night Dragon on
that. You know, as Dave said, it's unique that Comcast is doing this. And so we're just so
honored to have a partnership with Night Dragon and have your guidance to help us with this journey.
That's Dave DeWalt, founder and CEO of NightDragon,
and Nicole Bukala, CEO and general manager at DataBee.
Cyber threats are evolving every second, Thank you. designed to give you total control, stopping unauthor case of crime doesn't pay,
a Missouri man, Daniel Rine, age 57,
found himself on the wrong side of the law
after attempting to extort his former employer.
Rine, a core infrastructure engineer who clearly took his job too literally, allegedly wreaked
havoc on his ex-employer's systems, locking out administrators, deleting accounts, and
shutting down servers, all in a bid to score a $750,000 Bitcoin ransom.
But here's where the plot thickens.
Like a poorly scripted movie,
Ryan left a trail leading right back to his virtual doorstep.
Investigators trace the cyber sabotage to a remote desktop session linked to his own laptop.
Now, instead of counting his ransom money,
Ryan is facing some hefty charges, including extortion,
intentional damage to a protected computer, and wire fraud.
With the possibility of decades behind bars and up to $750,000 in fines,
it's safe to say this caper didn't quite go as planned.
And that's The Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com. We'd love to know what you think of this podcast. Your feedback
ensures we deliver the insights that keep you a step ahead in the rapidly changing world of
cybersecurity. If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
We're privileged that N2K Cyber Wire is part of the daily routine of the most influential
leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. N2K makes it easy
for companies to optimize your biggest investment, your people. We make you smarter about your teams
while making your team smarter. Learn how at n2k.com. This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music and
sound design by Elliot Peltzman. Our executive producer is Jennifer Iben. Our executive editor
is Brandon Karp. Simone Petrella is our president. Peter Kilby is our publisher.
And I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Thank you. and data into innovative uses that deliver measurable impact. Secure AI agents connect,
prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role. Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.