CyberWire Daily - Cybersecurity leaders gear up for the ultimate test.
Episode Date: August 8, 2024Black Hat kicks off with reassurances from global cyber allies. Researchers highlight vulnerabilities in car head units, AWS and 5G basebands. Alleged dark web forum leaders are charged in federal cou...rt. Tens of thousands of ICS devices are vulnerable to weak automation protocols. Kimsuky targets universities for espionage. Ransomware claims the life of a calf and its mother. A look at job risk in the face of AI. In our Threat Vector segment, host David Moulton speaks with Nir Zuk, Founder and CTO of Palo Alto Networks, about the future of cybersecurity. An alleged cybercrime rapper sees his Benjamins seized. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this Threat Vector segment, host David Moulton, Unit 42 Director of Thought Leadership, converses with Nir Zuk, Founder and CTO of Palo Alto Networks, about the future of cybersecurity. They discuss the pressing challenges organizations face today and the pivotal shift from traditional defense strategies to a mindset that assumes breaches. To listen to their full conversation, check out the episode here. You can catch new episodes of Threat Vector every Thursday on the N2K CyberWire network. Selected Reading US elections have never been more secure, says CISA chief (The Register) Black Hat USA 2024: vehicle head unit can spy on you, researchers reveal (Cybernews) AWS Patches Vulnerabilities Potentially Allowing Account Takeovers (SecurityWeek) Hackers could spy on cell phone users by abusing 5G baseband flaws, researchers say (TechCrunch) Exclusive: Massive Criminal Online Platform Disrupted (Court Watch) Web-Connected Industrial Control Systems Vulnerable to Attack (Security Boulevard) North Korea Kimsuky Launch Phishing Attacks on Universities (Infosecurity Magazine) Swiss cow and calf dead after ransomware attack on milking robot (Cybernews) AI Will Displace American Workers—When, How, and To What Extent Is Less Certain (Lawfare) Cybercrime Rapper Sues Bank over Fraud Investigation (Krebs on Security) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Blackhat kicks off with reassurances from global cyber allies.
Researchers highlight vulnerabilities in car head units, AWS, and 5G basebands.
Alleged dark web forum leaders are charged in federal court.
Tens of thousands of ICS devices are vulnerable to weak automation protocols.
Kimsuki targets universities for espionage.
Ransomware claims the life of a calf and its mother.
A look at job risk in the face of AI. In our Threat Vector segment, David Moulton speaks with
Nir Zook, founder and CTO of Palo Alto Networks, about the future of cybersecurity. And an alleged
cybercrime rapper sees his Benjamins seized. See what I did there?
It's Thursday, August 8th, 2024. I'm Dave Bittner, and this is your CyberWire Intel Briefing.
Thanks for joining us here today. It is great to have you with us.
The Black Hat Conference is in full swing in Las
Vegas, and during yesterday's opening keynote, U.S. CISA Director Jen Easterly, U.K. NCSC CEO
Felicity Oswald, and EU ANISA COO Hans de Vries emphasized that their respective nations' election
systems are more secure than ever.
They attributed this resilience to a stronger election stakeholder community and rigorous preparations against cyber threats.
Despite ongoing challenges from state actors like Russia and China,
they reported successful defenses during recent elections,
easterly stressed that while the threat landscape remains complex,
constant vigilance and collaboration
among international cybersecurity agencies are crucial.
The officials underscored the importance of data sharing,
continuous testing, and maintaining clear paper trails
to ensure election integrity.
They called on citizens to resist foreign disinformation efforts aimed at undermining
confidence in democracy. Elsewhere at Black Hat, Cisco Talos researchers revealed that Android-based
infotainment systems in vehicles from brands like Ford, GM, and Honda can be exploited to steal user
data. Dan Mazzella demonstrated how an attacker could extract sensitive information,
including GPS coordinates, from the head unit of his own car. These systems, running on Android
Automotive OS, can be infected via social engineering, such as malicious USB sticks or a
technique known as blue-snarfing. Rental cars are particularly vulnerable, as attackers could backdoor head units to target subsequent users.
To mitigate risks, users should avoid plugging untrusted devices into car systems.
AWS recently patched critical vulnerabilities
that could have allowed account takeovers,
revealed by Aqua Security at Black Hat.
could have allowed account takeovers revealed by Aqua Security at Black Hat.
These flaws affecting services like CloudFormation, Glue, EMR, SageMaker,
Service Catalog, and CodeStar could have led to arbitrary execution and control over AWS accounts.
Aqua Security's researchers detailed how attackers could predict S3 bucket names and exploit them using a method called bucket monopoly.
AWS confirmed the issue is fixed and no customer action is needed.
Aqua Security also released an open-source tool to check past vulnerabilities.
Rounding out our review of news from Black Hat,
researchers from Pennsylvania State University have uncovered security flaws in 5G basebands used in phones by Google, Oppo, OnePlus, Motorola, and Samsung.
Basebands are essentially the hardware processors used by cell phones to connect to mobile networks. These vulnerabilities, found in basebands by Samsung, Mediatek, and
Qualcomm, could allow hackers to stealthily spy on victims. Using their custom tool, 5G Base Checker,
the researchers tricked phones into connecting to fake cell towers to exploit these flaws.
Most vendors have since patched the vulnerabilities.
flaws. Most vendors have since patched the vulnerabilities. Pavel Kublitsky and Alexander Khodriev are the alleged leaders of the WWH Club, a darknet forum described as a cross between eBay
and Reddit for criminals. In a federal court case, they were charged with conspiracy to traffic and
possess unauthorized devices. The online forum facilitated the sale of stolen bank account numbers,
hired hackers, and organized denial of service attacks for over 170,000 users.
The FBI uncovered the identities of WWH's administrators
by obtaining a search warrant for DigitalOcean, a U.S.-based cloud company.
This allowed agents to gain administrative access to the site,
revealing tens of thousands of emails, passwords, and user activities.
The site's admin interface was in Russian, requiring translation for investigation.
Kublitsky, a Russian and Khodreev from Kazakhstan, sought asylum in the U.S. two years ago, but now face federal charges.
The site's admins enforced rules barring crimes in Commonwealth of Independent States member countries, including Russia and Kazakhstan.
Kublitsky had bought a luxury condo in Florida, while Khodriev purchased a 2023 Corvette with $110,000 in cash.
Both men appeared unemployed.
The Justice Department and Kublitsky's lawyer have declined to comment.
The criminal complaint, initially sealed, was first reported by Court Watch.
was first reported by CourtWatch.
Half of the 40,000 Internet-connected industrial control systems in the U.S.
are vulnerable due to weak automation protocols.
A report from security firm Census revealed that over 80% of exposed human-machine interfaces are in wireless networks like Verizon and AT&T.
Many HMIs, particularly those in water and wastewater
systems, can be accessed without authentication. The study also highlights risks from web admin
interfaces with default credentials. Recent minor attacks by state-linked actors underscore the need
for robust security measures, including VPNs, firewalls, and better training for device
administrators to prevent unauthorized access and ensure system protection.
Cybersecurity analysts have exposed critical details about the North Korean APT group
KimSuki, which targets universities for espionage. Active since 2012, Kim Sook-hee primarily attacks South Korean entities but
also extends to the U.S., U.K., and Europe. They use sophisticated phishing tactics,
posing as academics or journalists to steal sensitive information. Recent findings by
Resilience revealed operational mistakes by Kim Sook-hee, uncovering source code and login credentials. The group focuses on
stealing valuable research and intelligence aligning with North Korea's Reconnaissance
General Bureau objectives. Enhanced multi-factor authentication and careful URL verification
are recommended defenses. A ransomware attack on a Swiss farmer's computer systems had devastating consequences,
disabling milking robots and preventing access to crucial cattle data. This led to the tragic
deaths of a calf and its mother after the farmer couldn't monitor pregnant animals effectively.
Despite a $10,000 ransom demand, the farmer chose not to pay. Although the milking
robots operated without a network, the farmer incurred over $7,000 in veterinary and computer
replacement costs. The cybercriminals ultimately gained nothing, but the emotional and financial
toll on the farmer was significant. In an article at Lawfare, Kevin Frazier examines the ongoing
debate over the future of AI regulation. Three main camps have emerged, those prioritizing
existential risks, those focused on privacy concerns, and a third group emphasizing climate
impacts. With U.S. politicians and agency officials hesitant to take a definitive
stance, NIST recently issued a profile addressing the risks associated with the research, development,
deployment, and use of generative AI. This profile attempts to balance the concerns of all sides,
covering 12 different risks, including chemical and biological threats, data privacy, and harmful bias.
Notably absent, however, was job risk, also known as J-risk.
AI-driven job displacement, or J-risk, is an immediate concern.
Americans have already been displaced by AI,
particularly in industries like video gaming.
Kevin Frazier's article underscores that
AI will inevitably replace American workers. The uncertainty lies in the timing, method,
and extent of this displacement. Policymakers must take proactive steps to mitigate the worst
impacts of J-risk by implementing anticipatory governance strategies. These strategies include gathering more data on AI's effects on labor
and creating responsive economic security programs.
By focusing on J-risks, lawmakers can reduce uncertainty and long-term harm.
Fraser highlights the importance of learning from past economic disruptions,
such as those caused by globalization.
from past economic disruptions, such as those caused by globalization. The unchecked optimism about globalization's benefits led to widespread job losses and economic instability in many
American communities. Similarly, AI is poised to introduce significant economic turbulence,
necessitating a proactive policy response. Fraser's article emphasizes that prioritizing J-Risks
does not mean neglecting other AI governance approaches.
Efforts to address labor displacement
can also aid in mitigating other AI risks.
For instance, creating emergency relief programs
could be beneficial in various AI-related crises.
In summary, Kevin Fraser argues argues that addressing J-risks
is crucial for managing AI-induced economic instability.
Policymakers must take proactive steps to support displaced workers
and ensure a resilient labor market.
By focusing on the immediate and tangible impacts of AI,
lawmakers can develop comprehensive strategies to protect
workers' livelihoods and promote economic stability in the face of rapid technological advancement.
Coming up after the break on our Threat Vector segment, host David Moulton speaks with Nir Zook, founder and CTO of Palo Alto Networks.
Stay with us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass
your company's defenses is by targeting your executives and their families at home? Black
Cloak's award-winning digital executive protection platform secures their personal devices, home Thank you. Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
David Moulton is host of the Threat Vector podcast right here on the N2K Cyber Wire podcast network.
In his most recent episode,
he spoke with founder and CTO of Palo Alto Networks,
Nir Zook.
Here's a segment from their conversation.
Machines will do what humans do,
just they're going to do it much faster
and in a much more scalable way.
So that's the idea behind using AI in the Zook
to detect attacks and stop them.
Welcome to Threat Vector, the Palo Alto Network's podcast where we discuss
pressing cybersecurity threats and resilience and uncover insights into the latest industry trends.
I'm your host, David Moulton, Director of Thought Leadership. Today I sit down for a conversation with Nir Zook, founder and CTO for Palo Alto Networks.
Here's our conversation.
So you've seen a huge number of changes in the cybersecurity industry, next generation firewalls, XDR.
How do you see AI falling in with those?
next generation firewalls, XDR.
How do you see AI falling in with those?
I think that AI is something that's required to do what I'm talking about.
Meaning, look, today at the SOC,
at the Security Operations Center,
you have usually hunters,
which look at data and hunt for attacks.
They look at data that's collected into the sim.
It's not really data.
We're talking about logs mostly.
Yeah.
And they're not doing a very good job.
Every now and then they find an attack.
It takes them forever,
meaning if you look at the mean time to detect
at the time the attack is found,
it's very high.
It can be measured in days and weeks.
And it takes them forever to respond to the attacks.
Nevertheless,
we don't have a better way of doing it in the sense that machines are not going to do something that humans cannot do.
You can't expect machines to detect attacks doing things in different ways than humans do it.
Machines will do what humans do, just they're going to do it much faster and in a much more scalable way.
So that's the idea behind using AI in the SOC to detect attacks and stop them.
It's take what the humans are doing and just make it into a machine learning-based.
Massively speed it up.
Massively speed it up, massively make it more scalable, meaning you're able to look at more
data and process that data much, much quicker.
So if we move to a moment where AI has this ability to speed up the things that we're
good at but slow, that AI is fully integrated into security operations,
what would the human tasks be? Is there oversight? Are there new jobs? Talk to me about that.
I think the role of the humans is to do what the machines cannot do. I don't think machines can
replace people. Certainly not anytime soon. The autonomous car advocates have been talking about
how autonomous cars are going to be out there next year. There's this famous, I don't know if you saw it on YouTube,
Elon Musk video.
Someone cuts every year.
He said that next year there will be autonomous driving.
And of course, it's not there,
and it's going to be a while until we see it.
And the reason for that is that machines are still not as good as people.
And I think it's the day where they are,
if the day ever comes, is very, very far away.
But that's good news.
That's really good news for the people in the SOC.
The people in the SOC, the analysts, the engineers, the hunters, they all need to know that with the use of AI or machine learning, the way engineers call it in this case, because it's machine learning based AI, they're going to be
left with the things that machines cannot do, which is the more interesting high-end work.
Do you worry, though, with an AI-driven, scaled environment that we might become over-reliant
on artificial intelligence?
No. No, I think that if you build the processes right,
both we as a vendor for our customers and our customers, and you make sure that humans are
a part of the process, then I'm not worried about it. I think the bigger challenge we have
than worrying about relying on AI is that it's very difficult to understand why AI is doing what it's doing.
Talk to me a little bit more about that.
So when AI makes a decision that something is bad,
usually that decision is based on millions, billions,
sometimes more than that data points.
So for a human to go in and look at those billion data points and say,
oh, I understand now why the UI made the decision that it made is very, very difficult.
So a human can't disentangle a billion data points that are coming in and a similar looking set was fine, but this one isn't.
That becomes a bit of a mystery or a black box. Correct. And that means that humans need to start relying on AI
without understanding why AI did what it did.
And that's tough.
It's tough for humans in general to do it,
especially security conscience humans,
such as those that you find in the Security Operations Center
and generally in InfoSec.
And also, it can lead to trouble if the AI is wrong.
Of course.
So certainly, there needs to be more work done around being able to explain to humans why AI did what it did.
And I think we're not there yet.
and I think we're not there yet.
And also, we need to do more work at making people comfortable with AI.
Is this discomfort with AI giving you a decision,
you not understanding it,
more acute insecurity?
I would see it being one that
no matter where that decision was made,
AI in financial markets or in medicine, I'd want to understand the decision.
How do we move to a point where we have acceptance in a culture that has trust?
So, like I said, we need to educate people, convince them that they can trust AI. We need to show them that they can trust AI.
And we need to do a better job at having AI explain why it did what it did.
Mirza, thanks for coming on Threat Vector today.
It's been a fascinating conversation.
Appreciate your time.
Thank you for having me.
Thanks for joining today.
Stay tuned for more episodes of Threat Vector. If you like what you heard, please subscribe wherever you listen and leave us a review on Apple Podcast or Spotify.
Your reviews and feedback really do help us understand what you want to hear about.
I want to thank our executive producer, Michael Heller.
I edit Threat Vector and Elliot Peltzman mixes the audio.
We'll be back next week. Until then, stay secure, stay vigilant. Goodbye for now.
Be sure to check out the complete ThreatVector podcast wherever you get your favorite podcasts. Cyber threats are evolving every second, and staying ahead is more than
just a challenge. It's a necessity. That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and securely. Visit ThreatLocker.com today to see how a default deny approach can keep your company
safe and compliant.
And finally, in January, Krebs on Security spotlighted rapper Punchmade Dev, who glorifies cybercrime in his music and promotes stores selling stolen financial data.
This 22-year-old Kentucky native, also known as Devon Turner,
is now suing his bank after they froze his account amid a $75,000 wire transfer
and an active law enforcement investigation. With hits like Internet Swiping and Million Dollar
Criminal, Punchmade Dev gained fame and sold tutorials on financial fraud. According to
Krebs, his social media handles were linked to stores offering illicit goods, leading to his
bank troubles. Turner filed a lawsuit against PNC Bank, claiming discrimination and alleging the
bank made disparaging comments about his financial status. The bank told Turner his account was flagged for law enforcement scrutiny.
Despite promises to release his funds,
PNC allegedly seized half a million dollars from his account.
Ironically, punch-made dev who teaches about maintaining OPSEC,
or operational security in cybercrime,
couldn't anonymize his own online activities. His lawsuit
includes contact information tying him directly to his fraudulent operations. With a significant
social media following, Punchmade Dev's story highlights the bizarre intersection
of internet fame and criminal activity.
and criminal activity.
And that's The Cyber Wire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
We'd love to know
what you think of this podcast.
Your feedback ensures
we deliver the insights
that keep you a step ahead
in the rapidly changing world
of cybersecurity.
If you like our show, please share a rating and review in your podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
We're privileged that N2K Cyber Wire is part of the daily routine of the most influential
leaders and operators in the public and private sector, from the Fortune 500 to many of the
world's preeminent intelligence and law enforcement agencies. N2K makes it easy for companies to
optimize your biggest investment, your people. We make you smarter about your teams while making
your teams smarter. Learn how at n2k.com. This episode was produced by Liz Stokes. Our mixer
is Trey Hester, with original music and sound design by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Park.
Simone Petrella is our president.
Peter Kilby is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Thank you. AI and data into innovative uses that deliver measurable impact. Secure AI agents connect,
prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role. Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.