CyberWire Daily - FBI initiates router revolution.
Episode Date: February 16, 2024The FBI kicks Moobot out of small business routers. Sensitive data has been stolen from a state government network. AMC proposes a multi-million-dollar settlement after improperly sharing subscriber�...�s viewing habits. The U.S. targets an Iranian military ship in the Red Sea with a cyberattack. Lawmakers propose transparency in the use of algorithms in criminal trials. CERT-EU highlights a spear phishing spike. An infamous Zeus and IcedID operator pleads guilty. Our guests are Dr. Josh Brunty, Head Coach, and Brad Wolfenden, Program Director, of US Cyber Games join us to share the details of how their 2024 season is shaping up. And AI comes to video. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Dr. Josh Brunty, Head Coach, and Brad Wolfenden, Program Director, of US Cyber Games join us to share the details of how the 2024 season is shaping up. Selected Reading US disrupts Russian hacking campaign that infiltrated home, small business routers: DOJ (ABC News) U.S. State Government Network Hacked Via Former Employee Account (Cyber Security News) CISA Urges Patching of Cisco ASA Flaw Exploited in Ransomware Attacks (SecurityWeek) AMC to pay $8M for allegedly violating 1988 law with use of Meta Pixel (Ars Technica) U.S. conducted cyberattack on suspected Iranian spy ship (NBC News) New bill would let defendants inspect algorithms used against them in court (The Verge) Hackers Exploit EU Agenda in Spear Phishing Campaigns (Infosecurity Magazine) Ukrainian Hacker Pleads Guilty for Leading Zeus & IcedID Malware Attacks (GBHackers on security) OpenAI introduces Sora, its text-to-video AI model  (The Verge) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
The FBI kicks Moobot out of small business routers.
Sensitive data has been stolen from a state government network.
AMC proposes a multi-million dollar settlement after improperly sharing subscribers' viewing habits.
The U.S. targets an Iranian military ship in the Red Sea with a cyber attack.
Lawmakers propose transparency in the use of algorithms in criminal trials.
CERT-EU highlights a spear phishing spike.
An infamous Zeus and Iced ID operator pleads guilty.
Our guests are Dr. Josh Brunte,
head coach and Brad Wolfenden,
program director of U.S. Cyber Games,
joining us to share the details
of how their 2024 season is shaping up.
And AI comes to video.
It's Friday, February 16th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing.
Happy Friday to you, and thank you for joining us here today.
On Thursday, the FBI announced the disruption of
a Russian GRU-led hacking campaign, Operation Dying Ember, which compromised over a thousand
home and small office routers worldwide for cyber espionage. This operation, conducted with
international partners, successfully expelled the hackers and prevented their re-entry by
identifying and eliminating Moobot malware from the infected routers. The GRU utilized these
routers for extensive spear phishing campaigns targeting entities of interest to the Russian
government, including U.S. and foreign governments, military, and corporate organizations.
This initiative is part of the
Justice Department's increased efforts to counteract Russian cyber activities against the U.S. and its
allies. This announcement follows a similar FBI operation against Chinese government-sponsored
hackers targeting U.S. infrastructure, highlighting the FBI's ongoing efforts to dismantle malicious cyber operations and safeguard national and allied security.
CISA and the MS-ISAC have reported a cybersecurity breach where an unidentified group infiltrated a state government's network, stealing sensitive data.
At this point, neither the state nor the group have been identified.
At this point, neither the state nor the group have been identified.
The data was later found for sale on the dark web,
traced back to a compromised account of a former employee.
Using CISA's untitled goose tool, it was discovered that the attackers exploited credentials from the former employee and SharePoint
to access on-premises and Azure AD systems,
also conducting LDAP queries for further information.
The agencies recommend enhancing security by reviewing administrator accounts
and implementing multi-factor authentication.
Meanwhile, CISA has added a vulnerability affecting Cisco's ASA and FTD security products
to its known exploited vulnerabilities catalog due to its exploitation
by the Akira ransomware group. This flaw, identified back in 2020, allows unauthorized
remote access to sensitive device memory data, including credentials, via the AnyConnect SSL
VPN feature. Despite Cisco's patch in 2020, recent TruSec investigations reveal its active
exploitation in ransomware attacks. CISA mandates government agencies to patch this vulnerability
by March 7th and strongly advises all organizations to secure their systems against this exploit
to prevent unauthorized access and data breaches. Streaming media provider AMC has
proposed an $8.3 million settlement for sharing 6 million subscribers' viewing histories from its
streaming services with tech companies like Google, Facebook, and ex-Twitter, violating 1988's Video Privacy Protection Act, the VPPA.
AMC's use of tracking technologies like the Metapixel
enabled the linkage of personal information with viewing data.
Despite denying wrongdoing,
AMC seeks to settle to avoid litigation uncertainties
with a hearing set for May 16th.
The settlement includes altering tracking practices
and offers affected subscribers a one-week free subscription.
The Video Privacy Protection Act, by the way,
is designed to protect the privacy of individuals' video rental and purchase records.
The law was a direct response to the privacy concerns
raised during the confirmation hearings of Judge Robert Bork for the U.S. Supreme Court
when a newspaper published his video rental history.
Under the VPPA, videotaped service providers
and now streaming services are prohibited
from knowingly disclosing
without the consumer's written consent
information about the specific videos
and individual rents or purchases,
or about their personal information to third parties. Despite dating back to the 80s,
the VPPA is considered one of the stronger laws in the U.S. aimed at protecting consumer privacy,
particularly in the context of entertainment and media consumption.
NBC News reports that the U.S. executed a cyber attack on an Iranian
military ship in the Red Sea and Gulf of Aden. The ship was said to be gathering intelligence
for attacks on cargo vessels. This cyber operation came in response to an Iranian-backed
militia drone strike in Iraq, killing three U.S. service members, and aimed to disrupt the ship's
capability to aid Houthi rebels in Yemen. The Houthis have targeted shipping lanes,
affected global shipping, and prompting companies to halt operations in these waters.
The U.S. action follows airstrikes in Iraq and Syria and forms a broader strategy against Iranian aggression. Despite denials from Iran
regarding the ship's role, the U.S. continues to counter threats in the region.
Democratic Representatives Mark Takano and Dwight Evans have reintroduced the Justice in Forensic
Algorithms Act, aiming to increase transparency in the use of algorithms within criminal trials.
This legislation would grant defendants access to the source code of software analyzing evidence
against them and mandates the National Institute of Standards and Technology to establish testing
standards for forensic algorithms. The initiative addresses concerns over human bias in software, especially in facial
recognition technology, and the potential for technology to be viewed as infallible in legal
contexts. Highlighting the importance of due process over proprietary rights, the bill seeks
to ensure that defendants and their attorneys can scrutinize the technology that could impact the outcomes of criminal proceedings. Representative Takano says he's optimistic about bipartisan support due to
shared concerns over law enforcement's surveillance powers. A report from CERT-EU finds that in 2023,
EU-based organizations experienced a significant increase in spear phishing attacks,
particularly exploiting EU political and diplomatic events.
These attacks were notably linked to the EU's political processes
for the first time in such a concentrated period,
utilizing lures related to EU affairs and policies,
including documents and information related to specific EU bodies and
events. China-backed threat group Mustang Panda has been identified as a perpetrator since at
least 2022. Attackers targeted individuals and organizations involved with the EU,
often impersonating EU staff or public administration members from EU countries,
to increase the credibility of their
phishing attempts. The diplomacy, defense, and transport sectors outside public administration
were particularly targeted, with attackers also diversifying their methods to include instant
messaging and social media platforms. This escalation of spear phishing activities poses
a significant threat, especially with the upcoming EU elections in May of 2024.
and ICE-ID malware attacks, which led to massive financial threats from victims worldwide.
Arrested in Switzerland in 2022 and extradited to the U.S. in 2023,
Penshikov's crimes spanned from stealing bank account details via Zeus since 2009 to collaborating using the ICE-ID malware from 2018 to 2021,
which also facilitated ransomware attacks.
His criminal activities, which notably included an attack on Vermont Medical Center,
resulted in extensive damages and led to his placement on the FBI's Cyber Most Wanted list.
Penchikov faces sentencing on May 9th,
with each charge potentially carrying a maximum of 20 years in prison.
Coming up after the break, my conversation with Dr. Josh Bronte and Brad Wolfenden from U.S. Cyber Games.
They're going to update us on how their 2024 season is shaping up.
Stay with us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
It is my pleasure to be joined here today by Dr. Josh Brunte.
He is the head coach for the U.S. Cyber Games.
Also joining us is Brad Wolfenden.
He's the program director for U.S. Cyber Games. Gentlemen joining us is Brad Wolfenden. He's the program director for U.S. Cyber Games.
Gentlemen, thank you for joining us here today.
Thanks for having us, Dave.
Yeah, absolutely. Thank you for having us.
Brad, let me start with you here.
For folks who aren't familiar with the U.S. Cyber Games,
can you give us a little description
of what the organization is all about?
Yeah, certainly.
So the U.S. Cyber Games was founded about four years ago, 2019,
with the ultimate goal to recruit and train a team of young cyber professionals,
we call them athletes, cyber athletes, to compete at international competitions.
We were founded in collaboration with the National Institute for Cybersecurity Education
and received some additional federal funding from Department of Homeland Security.
And our mission is to bring together talented industry professionals, young athletes, corporate sponsors, and partners to deliver on our values.
And what are those values?
to deliver on our values.
And what are those values?
First and foremost, it's representing the United States soaring the red, white, and blue into international competition.
Second is to drive some new and different approaches
into cybersecurity workforce development.
And third is to collaborate with some of our international partners
on a global scale in really kind of bringing more folks into the world of cyber
and encouraging them to consider careers in the field.
So, Dr. Bronte, as head coach of the team this year,
what are your expectations here?
What are you hoping to see from this collection of athletes?
Well, you know, first and foremost, we're trying to produce a team that competes well at the international level. That's
two major competitions that we're preparing for the international cybersecurity competition,
which will be this October in Santiago, Chile, and the European Cybersecurity Competition, which will be held in Italy that
same month. So those are our two major competitions that we're focused on that we're preparing for.
But more importantly than that, we also want to prepare during that time through having our team compete in stateside capture the flag and attack defense competitions
as preparation for that. So to answer your question of what we're looking for and what
we're trying to achieve there competitively is to be the best team that we possibly can in the world.
And we do that through continuous competition.
You'll see us pop up in a lot of different CTFs. We'll be playing a CTF coming up here Friday night.
We'll be doing competition prep this weekend. So it really has a lot to do with just playing as
much as we possibly can, as any sports team would. We are constantly looking to gain the
competitive edge through our experience and competitions. Can you give us an idea of what
makes a good team? Are there a variety of skills that you're looking for to have a diversity of
knowledge and thought processes? Yeah, absolutely.
So one of the things that we're looking for when we pick our team
is we try to mix it across six different domains.
And that is across cryptography, forensics, reverse engineering,
PON and binary exploitation, web, and just what we call a miscellaneous category.
So, you know, and that can include hardware challenges that we may see pop up that may not fall across those original five categories.
So when we choose, we're looking for individuals that might be strong in forensics and reverse engineering because a lot of those cat items that we see in the workplace may be cross-cutting in terms of knowledge base.
But we're also looking for individuals that know how to think outside the box, that carry a different mindset. So I think different than in years past, when we were
picking our team this go around for season three, we wanted to have individuals that,
or at least when I was looking, that really would ask the right questions to think themselves out of the box.
And I've been really happy with the results
that we've seen so far in our successes,
even early on in the season.
Brad, can you share with us,
what are some of the eligibility requirements here?
What does it take to become a team member?
In order to participate in the OSI Games program
past the original phase of seasons,
and one thing that I will mention is
one of the aspects of the program
that's pretty unique and different
is our approach in terms of
fusing esports, athletics,
and cybersecurity competitions.
And so I'll reference many things I talked about,
athletes earlier and now seasons.
The first phase of the season is the U.S. Cyber Open.
It is free and available to anyone and everyone,
regardless of age, regardless of citizenship status.
Due to the fact that we receive federal funding,
we are not able to allow participation from the sanctioned countries,
as determined by the federal government here in the U.S. And once we move into the more
competitive aspects of the season that become invite-only, starting with what we call the U.S.
Cyber Combine, there are two eligibility requirements that are set forth by the rules and regulation of one of the competitions Josh mentioned, the international cybersecurity competition.
So we are looking for athletes that are 15 to 25 years old.
And then the other requirement is that they must be a U.S. citizen, either a born U.S. citizen or a naturalized U.S. citizen.
You've used the word athlete several times here.
Do you find that sometimes folks react to that with raised eyebrows?
I do, actually, yeah.
And I would say kind of one of our sub-values of the program
is to define a cyber athlete.
It's a little bit of a newer term. I've seen lots of
other competitions start to kind of adopt that term as well. And the term comes from the fact
that what Josh and the athletes are doing from a training perspective very much mirrors what you
typically think of out of athletes. Not just the determination and the focus, but qualities like
leadership and sportsmanship, massively important when we're talking U.S. Cyber Games. Of course,
availability and things like that. But then we get further into it. And as Joss mentioned,
in terms of the training approach, really kind of catering to those five categories,
In terms of the training approach, really kind of catering to those five categories, you even start to see athletes here with the US Cyber Games program take on roles or quote-unquote positions.
Whether that's somebody that is really kind of the go-to expert for a category like cryptography or somebody that is building and leveraging custom tools, those kinds of things. So the term cyber athletes, while it is newer, and sometimes folks do raise their eyebrows, I think it's gaining some pretty solid traction.
these athletes, the team that you have this year, beyond the goals of winning the prize and bringing it home for our nation, what do you hope that the participants get out of this in terms of their
own growth? Well, I mean, one of the things, as Brad had mentioned, you know, with the whole
program as a whole is we're teaching skills that transfer
directly into the workplace. So, this is not just something that we're doing for fun. These are
individuals that are either already working in the workplace that are closer to that 25-year-old
range or they're newer participants that are closer to the 15 to 18-year-old. So, I think our overall goal, obviously, is to build a competitive
team. But in the same token, we're teaching them skills that's going to make them very valuable
in the workplace. And this is why, as we kind of move deeper into this program, and Brad has talked
about this a little bit, we have sponsorshipships and we're starting to gain the eyes of sponsors to say, hey, you know, our athletes
are very valuable to us because they carry skill that no one else has. And that's really at the
end of the day as a coach, you know, if you produce individuals that carry enough skill that workplaces and government agencies and contractors and vendors look at your individuals that you've trained and say,
wow, I want to hire that person. I think that overall, to me, is more important and more valuable
than winning a simple competition, in a sense.
Brad, how do folks find out more?
If they're interested in participating here,
what's the best way to reach out?
Yeah, great question.
So we will be hosting an upcoming webinar,
all informational regarding Season 4,
which is just around the corner.
The first of two webinars
introducing Season 4
will happen on February 22nd,
and there will be another one in May.
The Season 4 timeline
begins on May 30th,
and that's with our
virtual kickoff event.
And then subsequently
the following day, we will open
what we call the U.S. Cyber Open.
It's a 10-day long capture the
flag competition.
You can learn more at uscybergames.com.
All right.
Well, Brad Wolfenden is Program
Director and Dr. Josh
Brunte is Head Coach of
U.S. Cyber Games. Gentlemen, thank you so much for
joining us. Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and
securely. Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe
and compliant.
With TD Direct Investing, new and existing clients could get 1% cash back.
Great! That's 1% closer to being part of the 1%...
Maybe, but definitely 100% closer to getting 1% cash back with TD Direct Investing.
Conditions apply. Offer ends January 31, 2025. Visit td.com slash dioffer to learn more.
And finally, having seen generative AI
applied to written content and still images,
it was only a matter of time before these rapidly evolving tools would be applied to video.
Yesterday, OpenAI introduced Sora, a new text-to-video generation model capable of creating realistic videos up to one minute long from text prompts.
Sora excels in generating complex scenes with accurate details, multiple characters, and various motions,
and can generate videos from still images or enhance existing videos.
Despite its impressive capabilities, Sora may face challenges with complex scene physics and cause-and-effect relationships.
The demo videos they've posted are simultaneously impressive and a little unsettling currently access is limited to red teamers for assessing potential risks in a select
group of visual artists designers and filmmakers for feedback i have a couple of thoughts first
i would hate to be in the stock footage business right now. Second, this particular genie is not going
back in the bottle and could contribute to making what is sure to be a wild election year even more
chaotic. And lastly, I can't help thinking of that old chestnut from Arthur C. Clarke,
that any sufficiently advanced technology is indistinguishable from magic.
Do check out the videos and let us know what you think.
And that's The Cyber Wire. For links to all of today's stories, check out our daily briefing
at thecyberwire.com. A programming note, we will not be publishing on Monday, February 19th
in observance of Washington's birthday here in the U.S. We'll have some great bonus content for
you to check out on Monday, and we'll be back on the mic Tuesday. We want to thank you for being
part of our N2K Cyber Wire community. Just by listening, you're staying ahead in cybersecurity
with our podcast. Share your thoughts at
cyberwire at n2k.com and be a part of shaping a daily briefing that's trusted by leaders and
security experts worldwide. With each episode, feel better informed, connected, and empowered
in the ever-evolving world of cybersecurity. Your insights make us better. Together,
we're not just informed, we're a step ahead.
And that's a great feeling to share.
And please do share with your colleagues and online.
Help us spread the word and continue to provide you with the news,
intelligence, and insights you count on.
Be sure to check out this weekend's Research Saturday
and my conversation with Ori David, a threat researcher from Akamai.
We're sharing their research, Frog for Shell. Thank you. We make you smarter about your team while making your team smarter. Learn more at n2k.com.
This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music by Elliot Peltzman.
Our executive producers are Jennifer Iben and Brandon Karp.
Our executive editor is Peter Kilby, and I'm Dave Bittner.
Thanks for listening. We'll see you back here next week. Thank you. AI and data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.