CyberWire Daily - DOJ strikes justice.
Episode Date: February 12, 2024The DOJ shuts down the Warzone rat. Ransomware hits over twenty Romanian hospitals, and Rysida gets a decryptor. Canada may ban the Flipper Zero. Chinese espionage claims against the US are light on f...acts. Australia looks to criminalize doxxing. Federal IT leaders seek better coordination with CISA and the JCDC. Wired looks at the effect of cyberattacks on inequality. Our guest is Manny Felix, Founder and CEO of US Cyber Initiative, sharing their work in unlocking cyber career opportunities for young people. And this thumb drive will self-destruct in five seconds. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Manuel "Manny" Felix, Founder and CEO of US Cyber Initiative, sharing their work in unlocking career opportunities for young people who are interested in cyber and emergent technology. US Cyber Initiative grew out of AZ Cyber. Learn more about AZ Cyber here. Selected Reading DOJ shuts down ‘Warzone’ malware vendor and charges two in connection (The Record) Ransomware attack forces 18 Romanian hospitals to go offline (BleepingComputer) Decryptor for Rhysida ransomware is available (Help Net Security) Canada moves to ban the Flipper Zero amid rising auto theft concerns (TECHSPOT) China’s Cyber Revenge | Why the PRC Fails to Back Its Claims of Western Espionage (SentinelOne) ‘Doxxing’ laws to be brought forward after Jewish WhatsApp leak (The Sydney Morning Herald) Exclusive: Duke Energy to remove Chinese battery giant CATL from Marine Corps Base (Reuters) Federal IT officials call on CISA for tougher standards, more coordination (FedScoop) Priorities of the Joint Cyber Defense Collaborative for 2024 (CISA) The Hidden Injustice of Cyberattacks (WIRED) Ovrdrive USB stick with data-hiding and overheating self-destruct features nears crowdfunding goal (TechSpot) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
The DOJ shuts down the war zone, Rat.
Ransomware hits over 20 Romanian hospitals and Rycida gets a decryptor.
Canada may ban the Flipper Zero.
Chinese espionage claims against the U.S. are light on facts.
Australia looks to criminalize doxing.
Federal IT leaders seek better coordination with CISA and the JCDC.
Wired looks at the effect of cyber attacks on inequality.
Our guest is Manny Felix,
founder and CEO of U.S. Cyber Initiative,
sharing their work in unlocking
cyber career opportunities for young people.
And this thumb drive will self-destruct in five seconds.
It's Monday, February 12th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing. Happy Monday, everyone. Thank you for joining us. We are glad to have you with us.
The U.S. Justice Department has taken decisive action against the distribution of Warzone remote access Trojan malware,
which enabled cybercriminals to exploit victims' devices for data theft and surveillance.
Authorities shut down the warzone.ws website and three related domains and unveiled indictments
against individuals in Malta and Nigeria involved in the malware's sale and support. Daniel Melly, 27,
from Malta, was arrested and charged with offering malware services since 2012, including Warzone
and Pegasus, with a U.S. court seeking his extradition. Prince Onyizori Odenakashi, age 31,
from Nigeria, was also arrested,
charged with hacking and providing customer support for war zone purchasers.
The operation saw collaboration across international law enforcement,
including the FBI, Europol, and agencies from multiple countries,
leading to the disruption of war zone's infrastructure.
Melly faces up to 25 years in prison and a minimum fine of $500,000,
while Odinokaci could face 15 years and a similar fine. A ransomware attack over the weekend targeted a medical management and patient data software platform in Romania, used by at least
21 hospitals, rendering the system offline by encrypting its database.
The Romanian Ministry of Health announced that the attack is under investigation
with the aid of IT and cybersecurity experts from the National Cybersecurity Directorate
as they explore recovery options and implement precautionary measures for unaffected hospitals.
The attack impacted various medical centers, including
emergency, oncology, and cardiovascular hospitals. There's currently no information about the
ransomware group responsible or whether patient data was compromised. The software provider,
RSC, has not commented on the incident. Meanwhile, Korean researchers have created a decryptor for files encrypted by Ryceda Ransomware,
known for attacks on high-profile targets since May 2023.
The decryptor's development hinged on analyzing the ransomware's use of the LibTom Crypt library
and its pseudo-random number generator for key and initialization vector generation.
The breakthrough was identifying the PRNG's reliance on the ransomware's execution time,
allowing the researchers to predict the encryption key and vector
by the order of files encrypted and the random numbers generated.
This research marks the first successful decryption of Ryceta ransomware,
offering hope for mitigating its impact.
Canadian officials are poised to ban the sale and use of the Flipper Zero,
a popular hacking tool, due to concerns over its potential for malicious use,
particularly in escalating car thefts.
Announced by Minister François-Philippe Champagne,
the ban aims to curb the rising trend of vehicle thefts,
which see around 90,000 cars stolen annually,
costing the country approximately $1 billion.
The Flipper Zero, which retails at about $170,
is a versatile device capable of testing vulnerabilities
in various wireless networks
and systems. While it's marketed toward tech enthusiasts and white-hat hackers for penetration
testing, its misuse has raised alarms, leading to its impending prohibition in Canada. This move
highlights the ongoing challenge of balancing the empowerment of ethical hacking
with the prevention of technology's nefarious applications.
Critics of Canada's pending prohibition wonder why officials aren't focusing their energy
on improving automobile security.
Researchers at Sentinel-1 highlight the fact that when Western cybersecurity reports detail nation-state espionage,
especially linking such activities to China, the reports base their claims on thorough technical
evidence. In contrast, Chinese claims about Western espionage, particularly from the U.S.,
lack this level of detail, relying more on policy-driven narratives than on technical proof.
This discrepancy has been a consistent pattern, with Chinese cybersecurity entities typically
refraining from publishing in-depth technical data, instead echoing information from foreign
sources or leaked U.S. documents. This approach shifted slightly in 2021 when China began to more actively disseminate narratives about U.S. cyber operations, yet still without presenting new technical evidence
Recent allegations from China about U.S. hacking, including claims of targeting the Wuhan Earthquake Monitoring Center, remain unsubstantiated. The narrative push appears more propaganda-driven than based
on factual analysis, highlighting a strategic play by China to frame the U.S. negatively in
the global cybersecurity discourse without adhering to the evidentiary standards expected
in Western cybersecurity circles. This dynamic underscores a broader geopolitical contest in the domain of
cyber intelligence and information warfare, where the balance between making public accusations and
providing concrete evidence remains a contentious issue. Speaking of China, Duke Energy is set to
decommission and phase out Chinese energy storage batteries at a major Marine Corps base
and its civilian projects amid U.S. concerns over potential network vulnerabilities to Chinese
government-linked hackers. The decision marks a shift in Duke Energy's strategy, aiming to replace
battery technology from China firm CATL with domestic or allied suppliers by 2027, reflecting broader U.S.
efforts to secure critical infrastructure and support a robust American supply chain.
Despite industry views that Chinese battery cells may not pose significant security risks,
concerns over the potential for hacking through battery communication systems have prompted legislative actions to limit the use of Chinese-produced batteries in U.S. defense applications starting in 2027.
Australia is set to introduce new federal laws to criminalize doxing, the malicious publication of private information online. The effort was announced by Prime Minister Anthony Albanese
in response to activists publishing the names and details
of hundreds of Jewish individuals by anti-Zionist activists,
sparking widespread condemnation.
These changes, aimed at protecting personal privacy,
will make it a criminal offense to engage in doxing,
with exemptions for public interest journalism.
The government's rapid response also includes plans to develop stronger laws against hate speech,
reflecting a commitment to counter the rise of anti-Semitism
and other forms of religious or faith-based targeting in Australia.
This move has been welcomed by community leaders
and marks a significant step in bolstering privacy and anti-hate speech protections at the federal level in Australia.
Federal IT officials have called for improved coordination and stricter security standards from the Security and Infrastructure Security Agency and its Joint Cyber Defense Collaborative.
Agency and its Joint Cyber Defense Collaborative. While acknowledging CISA's critical role in federal cybersecurity, tech leaders from the Treasury Department and the Department of Veterans
Affairs stressed the need for more aggressive and common operating standards rather than voluntary
participation. They highlighted gaps in information sharing, especially regarding vulnerabilities and
threat indicators from
cloud service providers and major vendors. The officials also emphasized the importance of a
centralized cyber defense strategy and better preparation against cyber threats, including
those posed by artificial intelligence and machine learning. Collaboration within the JCDC,
involving various federal and private entities, was recognized as positive but still developing.
The JCDC has unveiled its 2024 priorities, reflecting a unified effort among public, private, and international partners towards key cybersecurity outcomes.
Building on the previous year's agenda, the JCDC introduces three main focus areas,
defending against advanced persistent threat operations,
with a special emphasis on threats from entities affiliated with the People's Republic of China,
raising the cybersecurity baseline to protect critical infrastructure and reduce the impact of ransomware, and anticipating emerging technology risks, particularly the cybersecurity challenges
posed by artificial intelligence. These priorities aim to enhance the collective defense posture,
support innovation in cyber defense, and ensure technology is secure by design.
A story in Wired from Nicole Tisdale makes the case that cyber attacks are exacerbating inequalities, impacting over 39 million people in 2023 through healthcare-related breaches alone, and disproportionately affecting marginalized communities, including low-income families, communities of color, veterans, people with disabilities, and immigrants.
communities of color, veterans, people with disabilities, and immigrants.
These attacks target essential pillars of society, such as health care, economic opportunity,
education, and democratic participation, creating a civil rights crisis.
Cybercriminals exploit vulnerabilities leading to identity theft, financial fraud,
and erosion of trust in crucial services.
Notably, health care breaches have sown distrust among communities historically mistreated by medical systems,
while economic attacks have stolen millions from public assistance funds, affecting those in financial hardship.
Educational institutions face ransomware threats, compromising sensitive student information and threatening equitable access to education. Cyber operations also undermine democratic participation,
using AI-powered disinformation to suppress minority votes and sow distrust in the electoral
process. Tisdale concludes that addressing these cyber threats requires a concerted effort to build inclusive defenses and incorporate civil rights perspectives into cybersecurity strategies, emphasizing the urgent need for a comprehensive response to secure digital access and equity for all communities.
Coming up after the break, our guest Manny Felix, founder and CEO of the U.S. Cyber Initiative,
shares their work in unlocking cyber career opportunities for young people.
Stay with us. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your executives and their families at home? Black Cloak's award-winning
digital executive protection platform secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact, over
one-third of new members discover they've already
been breached. Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
It is my pleasure to welcome to the show Manny Felix.
He is the founder and chief executive officer of the AZ Cyber Initiative.
That's a nonprofit that's dedicated to unlocking career opportunities
for young people who are interested in cyber and emergent technology.
Manny, welcome to the show.
Thank you for having me, Dave.
So let's start out with a little bit of your origin story here in terms of the AZ Cyber Initiative.
What prompted you to start this organization?
It really started once I enlisted in the United States Navy.
Upon graduating from college, I majored in a political science degree and with another double major in Spanish translation interpretation.
And shortly after graduating, I actually enlisted and my job or my rate within the Navy was actually
a cryptologic technician for networks, for Navy networks. So I was in charge of and went through
a training of how to protect the Navy's networks. And that was what really introduced me and started my awareness and exposure to the field of cybersecurity.
as a government contractor, working for industry and management consulting, or even working in the startup area within cybersecurity as well.
And in the military, all those backgrounds in cybersecurity led me to the conclusion
and to the realization that I always wish I would have learned about cybersecurity and perhaps even had the opportunity to brush up on my technical skills
that I think would have helped me advance much sooner and much faster in my career,
especially on the path where I was finding myself within this industry.
And I thought to myself, I'm hoping that no other student has to go through this realization too late into their career.
I would want them instead to learn early on and have the preparation, the awareness, so they can start to develop those skills early on.
And when they're in my position, they're way more advanced and set for success in whatever they choose to pursue.
and set for success in whatever they choose to pursue.
Well, take me through that moment when you decided to start the nonprofit itself.
I mean, what were your feelings going into it?
There were many feelings.
One, it really started at the peak of COVID in late 2020.
I had just commissioned as an officer earlier in that year. And when I came back,
one of the... Well, the entire world was sort of figuring out what was happening and what the next
day would look like. There was a lot of uncertainty happening. But I recall feeling... When I was at
that training in Newport, Rhode Island, I was surrounded by other
individuals and service members that were also commissioning, but were just so mission-driven
and impact-driven in their own fields and in their own careers. I remember feeling inspired
by those people and I held on to that feeling. And I started to figure out how I could combine
my passion of looking for ways to help others and trying to bring that. And I started to figure out how I could combine my passion of looking for ways
to help others and trying to bring that awareness that I mentioned earlier of bringing cybersecurity
literacy and awareness for the different job paths as well. And that's how I ultimately decided to
start the nonprofit. Well, let's talk about the day-to-day of the organization. I mean, how do you interact
with the folks who benefit from your services? And what's the range of services you provide?
Sure. The way that we interact has truly evolved since we initially started. So like I said,
we started at the height of the pandemic. So while I started to structure the organization in late 2020, our first what we call cyber boot camp wasn't organized or didn't take place until the summer of 2021.
And the cyber boot camp, what that is, it's a program, a week-long program that is designed for high school students so they can learn cybersecurity fundamentals.
program that is designed for high school students so they can learn cybersecurity fundamentals and also get to hear from different industry and professionals, whether they're in industry,
public sector, they're in military, they're entrepreneurs, they've exited companies,
or they're in marketing for a cybersecurity company or for a cybersecurity role. They get
to hear from their journey, as well as get to ask
some questions about what were some of the skills or activities they were doing in high
school and find ways for the students to draw connections to those skills and aptitudes.
And hopefully they can start to identify a path for themselves.
And that was virtual.
That was virtual.
And as COVID started to be a little bit behind us, we shifted to an in-person cyber bootcamp program.
And then for the following summer, summer of 2022, we had five in-person cyber bootcamps.
And we choose these in different locations throughout the state, often in a university campus or a community college.
And we want to choose these locations where students can start to see themselves and think of higher ed or what they want to do upon graduation.
All of this being said is that we now offer basically cyber boot camps whenever there is no school. So think summer break, fall break, and spring break.
We're able to really supplement and augment the learning that is happening during schools
or actually the lack of cyber learning that is happening in high schools
or in all K-12 institutions.
And we bring that awareness during this time.
But what we learned is that many students were interested in learning more about cybersecurity
and how to get into this field after they completed the cyber boot camp.
So then we started to think, all right, this is going beyond a one-week program.
Students are really interested in finding themselves invested in this career, and they
want to learn more.
really interested in finding themselves invested in this career and they want to learn more.
And schools just didn't have the resources sometimes in funding or sometimes with...
They don't have the teachers that are helping out with their CTE programs. And so they're not able to find a champion in their schools or sometimes even at home that is helping them pursue or continue to learn about cybersecurity.
And that responsibility sort of falls on us.
And we're very happy to take on that challenge because since then,
we've found ways to partner with different nonprofits and organizations to bring internship opportunities
for students that want to really learn how to be professional working,
quote unquote, working adults, right?
They get real hands-on experience, although they're held virtually,
but they're doing project management related work. They're working towards deliverables or they're working in teams or learning public speaking skills.
They're presenting to real customers, whether they're small or medium-sized businesses.
And they're meeting their deadlines and they're getting paid for it.
That's the real value of what we've been able to accomplish, I think, is identifying the students that are not just learning about cybersecurity.
And they're getting a stipend upon completing that week-long boot camp,
we're asking them to take some time off from other responsibilities or some of the students
that we serve, majority are of minority students. And therefore, there's very likely a reality of
many of these students means that they have to take some days off work in order to participate in this program.
And the stipend really helps supplement some of that income that they may be otherwise missing out if they go to work.
Right. It's my understanding that you have some aspirations here of growth.
Of growth.
Yes.
Again, we've recognized there's a lot of interest,
not just within the state,
but we've presented in different conferences and events. And we've had the pleasure of meeting many individuals
from different schools, different from out of state
that have been wondering how we can bring AZCyber
into their states or into their communities.
And for the longest time, it was, longest time, I hated giving this answer.
I did not want to be the bearer of bad news and say that we only offer this currently for Arizona students.
But we're very fortunate that this coming April, we're actually piloting and doing our first expansion into San Diego, which means that we're becoming a national organization.
And we're really growing into what is now becoming U.S. Cyber Initiative.
And we're hoping that through this new approach and through our new mission, we can continue to bring our model and our lessons learned and our successes, everything that we've
learned over the last couple of years into different communities and schools that are
looking to replicate what we've been able to accomplish in Arizona and into their backyards
and into their homes. So students at the end of the day are the ones that are really benefiting from this kind of program and this kind of work.
But it really trickles into not just youth,
but it also helps educators and it helps community.
It's helping build people who are cyber aware
or great digital citizens.
They have the cyber knowledge and skills
and then they pass on
that knowledge to their parents and grandparents, which are often the ones that are being most
targeted against cyber attacks and ransomware attacks. We're very excited that our mission
is able to reach now a national audience, and we're excited to what this opportunity can lead to.
Manny Felix is the founder and chief executive officer of the AZ Cyber Initiative.
Manny, thanks so much for taking the time for us today.
Thank you. approach can keep your company safe and compliant. of wildfires are burning. Be the first to know what's going on and what that means for you and for Canada.
This situation has changed very quickly.
Helping make sense of the world
when it matters most.
Stay in the know.
Download the free CBC News app
or visit cbcnews.ca. And finally, our gadgets desk tells us about the Overdrive USB stick,
nearing its crowdfunding target on CrowdSupply.
The device features a self-destruct mechanism that can heat its flash chip to 100
degrees Celsius, offering a Mission Impossible-style data protection. Developed by Ryan Walker of
Interrupt Labs, it includes a unique privacy feature where data remains hidden unless the
device is inserted in a specific manner. Manufacturing challenges led to retaining the self-destruction circuitry
without activation by default,
encouraging DIY enhancements for interested users.
OverDrive is aimed at journalists, security experts,
and open hardware enthusiasts,
especially in regions with encryption restrictions.
It has achieved 83% of its $3,500 goal,
with 24 days remaining in the campaign.
Ethan Hunt, call your office.
This tape will self-destruct in five seconds.
Good luck, Dave.
And that's The Cyber Wire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
Don't forget to check out the Grumpy Old Geeks podcast,
where I contribute to a regular segment on Jason and Brian's show every week.
You can find Grumpy Old Geeks
where all the fine podcasts are listed.
We'd love to know what you think of this podcast. You can email us at cyberwire at n2k.com.
We're privileged that N2K and podcasts like the Cyber Wire are part of the daily intelligence
routine of many of the most influential leaders and operators in the public and private sector,
as well as the critical security teams supporting the Fortune 500
and many of the world's preeminent intelligence
and law enforcement agencies.
N2K Strategic Workforce Intelligence
optimizes the value of your biggest investment,
your people.
We make you smarter about your team
while making your team smarter.
Learn more at n2k.com.
This episode was produced by Liz Stokes. Our mixer is Trey
Hester with original music by Elliot Peltzman. Our executive producers are Jennifer Iben and
Brandon Karp. Our executive editor is Peter Kilby, and I'm Dave Bittner. Thanks for listening.
We'll see you back here tomorrow. Thank you.