CyberWire Daily - Flight fiasco: UK Defence Minister's jet faces GPS jamming.
Episode Date: March 15, 2024Russia’s accused of jamming a jet carrying the UK’s defense minister. Senators introduce a bipartisan Section 702 compromise bill. The Cybercrime Atlas initiative seeks to dismantle cybercrime. St...opCrypt ransomware grows stealthier. A Scottish healthcare provider is under cyber attack. Workers in France are at risk of data exposure. CERT-BE warns of critical vulnerabilities in Arcserve UDP software. The FCC approves IoT device labeling. Researchers snoop on AI chat responses. A MITRE-Harris poll tracks citizens’ concern over critical infrastructure. On our Solution Spotlight, N2K President Simone Petrella discusses the shortage of ethical hackers against the rise of AI with IOActive's CTO Gunter Ollmann. The FTC fines notorious tech support scammers. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, N2K President Simone Petrella discusses the shortage of ethical hackers against the rise of AI with IOActive's CTO Gunter Ollmann. Coming this weekend Tune in to the CyberWire Daily Podcast feed on Sunday for a Special Edition podcast we produced in collaboration with our partners at NICE, “Unveiling the updated NICE Framework & cybersecurity education’s future.” We delve into the history of the NICE Framework, dig into its latest update, and look into the future of cybersecurity education. Selected Reading Defence Secretary jet hit by an electronic warfare attack in Poland (Security Affairs) Russia believed to have jammed signal on UK defence minister's plane - source (Reuters) Senators propose a compromise over hot-button Section 702 renewal (The Record) WEF effort to disrupt cybercrime moves into operations phase (The Register) StopCrypt: Most widely distributed ransomware now evades detection (Bleeping Computer) Scottish health service says ‘focused and ongoing cyber attack’ may disrupt services (The Record) Massive Data Breach Exposes Info of 43 Million French Workers (Hack Read) WARNING: THREE VULNERABILITIES IN ARCSERVE UDP SOFTWARE DEMAND URGENT ACTION, PATCH IMMEDIATELY! (certbe) FCC approves cybersecurity label for consumer devices (CyberScoop) Hackers can read private AI-assistant chats even though they’re encrypted (Ars Technica) MITRE-Harris poll reveals US public's concerns over critical infrastructure and perceived risks (Industrial Cyber) Tech Support Firms Agree to $26M FTC Settlement Over Fake Services (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Russia is accused of jamming a jet carrying the UK's defense minister.
Senators introduce a bipartisan Section 702 compromise bill.
The Cybercrime Atlas initiative seeks to dismantle cybercrime.
Stop crypt ransomware grows stealthier.
A Scottish healthcare provider is under cyber attack.
Workers in France are at risk of data exposure.
CertBE warns of critical vulnerabilities in ArcServe
UDP software. The FCC
approves IoT device labeling.
Researchers snoop on AI
chat responses. A MITRE
Harris poll tracks citizens' concern
over critical infrastructure.
On our Solution Spotlight, N2K
President Simone Petrella discusses
the shortage of ethical hackers
against the rise of AI with
IOactive's CTO Gunter Ohlmann. And the FTC finds notorious tech support scammers.
It's Friday, March 15th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing. During a flight from Poland to the UK, a jet carrying UK Defence Minister Grant Shapps
experienced GPS jamming for about 30 minutes,
suspected to be orchestrated by Russia.
The interference occurred near Russia's Baltic exclave of Kaliningrad,
disrupting internet on mobile phones
and forcing the
aircraft to employ alternate navigation methods. The Russian Defense Ministry has not commented
on the incident. However, Prime Minister Rishi Sunak's spokesperson acknowledged the event,
noting that GPS jamming in the vicinity of Kaliningrad is not uncommon and did not compromise the aircraft's safety.
The incident took place as Shapps was returning from visiting British troops
participating in Steadfast Defender 2024, NATO's largest military exercise since the Cold War.
The exercise tests the alliance's readiness across multiple domains.
The jamming incident, labeled as wildly irresponsible by a defense source,
reflects the ongoing tensions and the risk of electronic warfare in Eastern Europe,
particularly since the Russian invasion of Ukraine.
British officials maintain that the plane's safety was not endangered,
attributing the jamming to broad Russian interference with
satellite communications, affecting not just military but also civilian aircraft.
Senators Dick Durbin, a Democrat from Illinois, and Mike Lee, a Republican from Utah,
introduced a bipartisan bill to reauthorize and reform Section 702 of the Foreign Intelligence Surveillance Act,
addressing both national security needs and privacy concerns. The program, set to expire
on April 19th, has faced criticism for its incidental collection of U.S. citizens'
communications and alleged FBI misuses. The proposed legislation seeks a balance
by allowing intelligence searches of the
database for Americans' communications with the stipulation of obtaining a warrant for accessing
content, except in certain cases like digital attacks. It also restricts intelligence and
law enforcement from purchasing Americans' data without a warrant. This move aims to break months of deadlock in Congress
over the extension of the surveillance tool,
proposing a compromise that upholds security
while protecting citizens' rights.
The Cybercrime Atlas Initiative,
a groundbreaking effort aimed at dismantling
the global cybercriminal ecosystem,
has entered its operational phase.
Launched in 2023 by the World Economic Forum,
founding members include prominent entities like Banco Santander,
Fortinet, Microsoft, and PayPal.
This public-private partnership seeks to map and understand
the connections between criminal groups, their infrastructures,
and dependencies
to disrupt their operations effectively. The initiative has garnered support from over 20
law enforcement agencies, private security firms, financial institutions, NGOs, and academic
institutions. Through weekly intelligence meetings and collaborative efforts, the group focuses on
profiling threat actors,
seizing criminal infrastructures, making arrests, and attributing attacks to decrease the profitability and feasibility of cybercrime. A newly discovered variant of stop crypt ransomware
now employs a complex multi-stage execution process to evade detection. Unlike prominent ransomware that targets
corporations, Stop mainly preys on consumers, aiming for numerous small ransoms between $400
to $1,000. It spreads through malvertising and deceptive sites offering free software or game
cheats. This latest variant, identified by SonicWall,
uses a deceptive initial load,
API manipulation for memory allocation,
process hollowing for discrete payload execution,
and modifies system permissions to ensure persistence,
including a task that re-executes the ransomware every five minutes.
Despite not engaging in data theft and demanding
relatively small ransoms, the widespread distribution and evolving sophistication
of StopCrypt pose a significant risk to many individuals. NHS Dumfries and Galloway,
a Scottish healthcare provider, is addressing a focused and ongoing cyber attack. The specifics
of the cyber incident remain undisclosed, but it's anticipated to cause service disruptions.
The region, with nearly 150,000 people, may face significant data breach risks,
including patient and staff information. Authorities, including the Scottish Government,
Police Scotland, and the National
Cyber Security Centre, have been alerted and are collaborating to assess the data accessed.
A cyber attack on two French employment agencies, France Travaille and Cap Employ,
compromised the personal information of 43 million French workers, roughly two-thirds of the country's workforce.
The breach, which went unclaimed, exposed sensitive data including names,
social security numbers, and contact details,
but crucially did not include login credentials, passwords, or bank details.
Following the discovery, the agencies alerted the CNIL and initiated a police investigation. The breach,
which spanned from February 6 to March 5 of this year, is under scrutiny for potential security
lapses and delayed notification to authorities. The incident has sparked warnings about increased
risks of identity theft, phishing, and financial fraud, prompting calls for affected individuals to monitor their
financial activities and communications closely. The Center for Cybersecurity Belgium warns that
three critical vulnerabilities in ArcServe UDP software pose significant security risks to backup
and disaster recovery systems. One allows unauthorized users to bypass authentication,
another enables the uploading of malicious files with system privileges, and the third can lead to
denial-of-service attacks. These flaws can result in data exfiltration, ransomware deployment,
and disrupted recovery efforts. While there's no evidence of current exploitation,
and disrupted recovery efforts.
While there's no evidence of current exploitation,
the release of a proof of concept increases the risk of future attacks.
Affected versions are ARCSERV UDP 9.2 and 8.1.
The Center for Cybersecurity Belgium urges immediate patching with patches available on ARCSERV's support portal,
and they recommend enhancing monitoring and detection
efforts to safeguard against potential breaches. The Federal Communications Commission has approved
the U.S. Cyber Trust Mark, a voluntary label for Internet of Things devices indicating compliance
with baseline security standards. This initiative is part of a White House effort
and developed with standards from NIST.
It aims to guide consumers toward more secure products,
thereby reducing vulnerabilities in smart devices.
The label will feature a QR code
linking to detailed security information about the device.
Companies seeking to use the label must meet certain requirements,
including listing security configurations and expected software update information. The program, initially
focused on consumer IoT devices, may expand in scope with plans for international recognition
and collaboration with other label programs. The initiative has been praised for addressing security concerns,
but noted for lacking requirements on encryption and privacy disclosure.
Researchers at Ben-Gurion University in Israel have discovered a method to decrypt responses
from AI assistants like ChatGPT with notable accuracy,
exploiting a side channel in the token sequence transmission
process. This vulnerability allows a passive observer in a network to infer the content of
encrypted chats, potentially exposing sensitive information. The technique relies on analyzing
the encrypted token lengths transmitted by the AI, which correspond to the lengths of the actual words,
and then using specially trained large language models
to reconstruct the message.
This attack can achieve perfect accuracy
in deducing responses 29% of the time
and can identify the specific topic of 55% of responses.
The findings reveal a significant privacy risk
in current AI chat services encryption methods,
excluding Google Gemini,
and highlights the need for improved security measures
to protect confidential communications.
The research suggests either delaying token transmission
or applying packet padding
to mitigate the side-channel vulnerability,
both of which could impact user experience.
A MITRE-Harris poll reveals widespread concern among U.S. residents over the security of
the nation's critical infrastructure, highlighting fears of cyberattacks, terrorism, and deterioration
due to aging.
of cyberattacks, terrorism, and deterioration due to aging. Homeowners, urban dwellers, and individuals over 27 particularly express apprehension about potential threats to systems
crucial for society's functioning, such as energy, water, communications, healthcare, and financial
services. With recent upticks in infrastructure failures, 80% of respondents are worried, identifying energy,
water, and communications as the top three sectors affecting daily life if compromised.
The poll indicates a public call for both government and private sector involvement
in bolstering infrastructure resilience, with 78% attributing responsibility to the federal
government, either solely or in partnership with others.
Despite this, there's divided opinion on the country's recovery capability post-attack,
especially among older generations and rural residents.
The survey underscores the urgency for proactive measures to secure essential services
against increasing and sophisticated threats.
Coming up after the break, on our Solutions Spotlight, N2K President Simone Petrella
discusses the shortage of ethical hackers against the rise of AI
with IOactive's CTO, Gunter Ullmann.
Stay with us.
Do you know the status of your compliance controls right now? Like, right now? We know
that real-time visibility is critical for security, but when it comes to our GRC programs,
we rely on point-in-time checks. But get this, more than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta. Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
On this latest edition of our Solution Spotlight, N2K President Simone Petrella
discusses the shortage of ethical hackers against the rise of AI with IOactive's CTO, Gunter Ohlmann.
I'll start by asking the big question first. So is AI a threat or an opportunity when it comes
to the ways that we develop and test software? Well, you know, like any technology, then you
have to take the good with the bad. But certainly from an AI perspective, I'm seeing a lot more good
than bad. But we're keeping an eye out about how
the miscreants and malcredents and organized crime are abusing it as well.
What are some of the specific tasks or processes within coding that you see most affected right now?
Well, that's a pretty broad topic. I think the biggest changes really are really about almost democratizing much of the advanced coding and the pace that code can be developed.
I think it's really where we're seeing those increases there.
But I think from a security perspective, what I'm loving is that there is more guidance that's been provided to those software developers, software engineers, and how to apply best security practices.
A lot more sort of warnings about security,
and hopefully over time, even better, more secure code
actually being produced through these systems.
So tell me a little bit about what kind of role
that AI is playing on the security side of things.
Is it creating a capacity for more secure code in its creation,
or is it actually creating more potential for vulnerabilities
that we need a different skill set to help us address?
I think like all security for the last three decades now,
every innovation is driving new security needs,
but also new skills and tooling.
So I think that's just an evolution of the security field in general.
But I think that's, you know,
there's just some exciting things
we're sort of seeing on the AI front,
you know, in terms of sort of co-pilots
and augmentation, right?
And I think what we're excited about
is the way that those technologies
are helping to reduce the, you helping to reduce the number of vulnerabilities
that are there, but also help to speed up the detection of new vulnerabilities in that space.
I come from different backgrounds originally. I've been using AI and security from a defense side,
and now from the attack side, we're seeing it working to its fullest.
Yeah. Well, and I was going to say, is there anything you can share about how this is impacting the way that you think about things in your role at IOactive today?
How is that changing the way that you all do business?
I think if we look at a couple of places, right?
So we're seeing many of the IOactive clients deploying more AI systems.
So whether they are developing AI from scratch or they are leveraging cloud-provided services and pre-trained AI systems.
I think one of the problems that we're seeing is that many organizations don't yet fully understand the new attack surface that
they've opened up and are maybe a little naive about the strength of many of the AI technologies
that they're deploying. So I think we're going through almost like a recap of 10 years ago of
the stealth IT where everyone was sort was moving on to SaaS services.
We're now seeing the same sort of thing reflected with the use of AI.
So there's been plenty of news about data breaches and loss of intellectual property through that side.
But I think what we're most excited about really is the use of the AI systems to provide new set of services.
use of their AI systems to provide new sort of services.
And from my side, as we look at IAM Active and sort of researching in this area, where it is the use of AI technologies to both
identify new flaws and vulnerabilities and coach
developers into writing more secure code and more secure
architecture, but also having to develop new AI tools for testing
AIs themselves. It's one of
these quandaries that to be able to detect threats inside advanced AIs, you actually have to be able
to replicate that AI and use the AI to query that AI to understand the nature of the threat. And I
think that will be one of the bigger fields going forward. Is that something that you are actively exploring now with your team? Because
your team focuses on that testing and kind of red teaming of these software tools, right? So is this
an area that you're looking to explore? Is how AI can be used from a testing and kind of vulnerability
identification standpoint? Oh, absolutely. Absolutely. You know, IO Act was said like,
you know, almost a quarter of a century of research fuel security service innovation.
So it's one of the things that brought me to IO Act in the first place.
And we've invested tremendously in developing these new classes of tools.
I am excited, though, about the pace of innovation that's going on, right? In particular, as more organizations
use AI to create their own code
and create the new applications
and the democratization
of codes and application creation,
there's just more and more code
coming out there, right?
And so having to build
a new set of tools
that can efficiently detect threats
at that code level
and provide that advice to developers or CISOs or to vending teams.
And doing that at the pace and the size that's necessary, it's cutting edge AI now.
Yeah. I'm curious what you see as some of the challenges to that actually becoming a reality.
And the reason I ask is because I know from experience working with a lot of organizations as well that the developers and on the technology side of the house are often under a completely different hierarchy and structure in the organization than security. And so it's not for lack of will,
but sometimes security wants to have more rigorous development,
like secure development cycles, more testing,
but it's not within their direct control.
So do you see this as something that's going to help overcome that challenge
or is that going to remain?
I think it's somewhere in between.
I think that the challenge part gets removed.
I don't see any reason why the ownership for these tools
or the ownership for security can't be distributed in this space.
For example, there's been an awful lot of articles
about using co-pilot technologies to develop code
and whether that code is more secure than an elite software developer. Today, you can sort of treat those co-pilot technologies to develop code and whether that code is more secure than an elite software developer.
Today, you can sort of treat those co-pilot systems
as if they were a fifth grader.
What people are sort of forgetting is that
that fifth grader is actually only a year old.
Next year, maybe they're going to be a 10th grader, right?
So I think they're sort of forgetting
about the evolution path that we're on.
The other side of this is that the tooling is just getting smarter for the inspection of code, but also the guidance.
And I think one of the key pieces really is where the technology allows us to move from,
here is a big long list of 200 vulnerabilities that all look roughly the same in your code.
And every single one of them has a pro forma description of what it is and what
to go fix it versus you know from an ai perspective tuning that content you know triaging that content
and arriving at you know here are the things in the developer code for the developer and the
language that they use and the vocabulary that they, that they now need to go fix, and the ability to verify right there and then that the code is
secure. Yeah, I think one of the things we talk about a lot on this segment is, you know, how
advances like AI, what impact does it have on the existing skill shortage that we have in
cybersecurity, but also in coding, and how does it change the the existing skill shortage that we have in cybersecurity, but also in coding?
And how does it change the skill requirements? What are we looking at? So you just described on
the development side that it actually might eliminate the need for only experienced coders,
or at least minimize that, but then there's more prompting. What are the skills that you sort of
foresee on the development side
that AI is going to kind of help us evolve
into needing in our new workforces?
And what's that converse on the security side?
What is that going to change
in the profile of what we're looking for
in our teams on security?
I think from a security perspective,
the industry has suffered for the last decade at least
that there are no real entry-level jobs for
security professionals nowadays. Automation has removed
those jobs. So the entry level into cybersecurity
is quite high. I don't think AI is going to
make it easier for people to enter the AI. What I do expect, though, is that AI
will take those um
early starters if you like the the middle tier of security professionals and elevate them uh through
augmentation and through the the knowledge that's available at their fingertips into the higher
echelons uh for you know of those security professionals the The same is for software developers.
I think the tools themselves,
we've seen this evolution of tooling over the last 20 years,
where today about 75% of vulnerabilities
and a massive source code
can be detected through AI
and automated processes.
I expect that over the next couple of years,
it's probably going to reach about 90%.
But that remaining 10% is really,
really hard and will be beyond
the average penetration tester
or code reviewer. It will be beyond the average human
with the augmentation and will rely more on highly
specialized, highly experienced
professionals.
So there's almost a stretching at the ends for the most experienced people.
But I would offer one thing that I think is very, very interesting here is that in the
cybersecurity world, we've always been very short or been very poor of having female representation
and having a diverse workforce in this space.
What we're largely predicting is that there's a high probability
that the future of coding and the coding language
will actually be English.
And I think what we're seeing with the growth of prompt engineering
and the way it's rapidly transforming software development
and security assessment.
Women traditionally have had stronger, more mature communication skills.
And so prompt engineering and some of the new AI interfaces,
I think we're going to see more women entering the field
and being more successful in both the software development
and in the security field because of AI in this field.
That's IOactive's Gunther Ullmann speaking with our own N2K president, Simone Petrella.
Thank you. suite of solutions designed to give you total control, stopping unauthorized applications,
securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and With TD Direct Investing, new and existing clients could get 1% cash back.
Great! That's 1% closer to being part of the 1%... Maybe, but definitely 100% closer to getting 1% cash back with TD Direct Investing.
Conditions apply. Offer ends January 31, 2025. Visit td.com slash dioffer to learn more.
And finally, the past few months have seen a noteworthy uptick in enforcement activity from the Federal Trade Commission.
In their latest effort, the FTC is imposing a $26 million settlement on two notorious tech support scammers, Restoro and Reimage.
firms operating out of Cyprus and previously the Isle of Man, played on consumers' fears with bogus Windows pop-ups, tricking them into thinking their computers were riddled with viruses.
The scam didn't stop at selling useless software. No, it dove deeper, with victims coerced into
calling a hotline, only to be further swindled by telemarketers peddling even costlier technical support.
These scams brazenly target mainly older adults, milking tens of millions from those least capable
of defending themselves against such high-tech deceit. The settlement includes a directive for
Restoro and Reimage to cease their tactics. But one can't help wonder about the lasting damage
and the countless consumers who've fallen prey to their schemes.
This payout is a step in the right direction,
but the fight against such predatory practices is far from over.
A tip of the hat to the public servants at the FTC,
fighting the good fight. And that's the Cyber Wire. For links to all of
today's stories, check out our daily briefing at thecyberwire.com. We'd love to know what you
think of this podcast. You can email us at cyberwire at n2k.com. N2K Strategic Workforce Intelligence
optimizes the value of your biggest investment,
your people.
We make you smarter about your team
while making your team smarter.
Learn more at n2k.com.
A quick program note,
we've got a special edition podcast
dropping this Sunday
that dives into the newly released
NICE framework for cyber workforce development.
It's an interesting series
of conversations,
so be sure to check it out.
Be sure to check out
this weekend's Research Saturday
and my conversation
with Robert Duncan from Netcraft.
The research we're discussing
is titled Fishception,
SendGrid abused to host phishing attacks,
impersonating itself.
That's Research Saturday. Check it out.
This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music by Elliot Peltzman.
Our executive producers are Jennifer Iben and Brandon Karp.
Our executive editor is Peter Kilby, and I'm Dave Bittner.
Thanks for listening. We'll see you back here next week. Thank you. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com. That's ai.domo.com.