CyberWire Daily - Google strikes back.
Episode Date: May 14, 2024Google patches another Chrome zero-day. UK insurance agencies and the NCSC team up to reduce ransom payments. The FCC designates a robocall scam group. Vermont passes strong data privacy laws. A malic...ious Python package targets macOS users. ESET unpacks Ebury malware. Don’t answer Jenny’s email. Guest is author Barbara McQuade discussing her book "Attack from Within: How Disinformation is Sabotaging America.” The White House says, “Keep your crypto mining away from our missile silos!” Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Barbara McQuade joins us to discuss her book "Attack from Within: How Disinformation is Sabotaging America" with Caveat co host Ben Yelin. You can hear Barbara and Ben’s full conversation on last week’s episode of Caveat here. You can catch Caveat on your favorite podcast app each Thursday where hosts Dave and Ben examine the latest in surveillance, digital privacy, cybersecurity law and policy. Selected Reading Google Patches Second Chrome Zero-Day in One Week (SecurityWeek) UK Insurance and NCSC Join Forces to Fight Ransomware Payments (Infosecurity Magazine) FCC Warns of 'Royal Tiger' Robocall Scammers (SecurityWeek) Vermont passes data privacy law allowing consumers to sue companies (The Record) PyPi package backdoors Macs using the Sliver pen-testing suite (Bleeping Computer) Apple backports fix for RTKit iOS zero-day to older iPhones (Bleeping Computer) Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain (WeLiveSecurity) Security Experts Issue Jenny Green Email Warning For Millions (Forbes) US government shuts down Chinese-owned cryptomine near nuclear missile base in Wyoming (Data Centre Dynamics) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K. Google patches another Chrome Zero Day.
UK insurance agencies and the NCSC team up to reduce ransom payments.
The FCC designates a robocall scam group.
Vermont passes strong data privacy laws.
A malicious Python package targets macOS users.
ESET unpacks eBury malware.
Don't answer Jenny's email.
Our guest is author Barbara McQuaid, discussing her book, Attack From Within,
how disinformation is sabotaging America.
And the White House says, keep your crypto mining away from our missile silos.
It's Tuesday, May 14th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing.
Thanks for joining us once again here. It is great to have you with us.
Google has released patches for a new Chrome vulnerability,
a high-severity out-of-bounds write issue in the V8 JavaScript and WebAssembly engine.
This zero-day flaw, reported by an anonymous researcher on May 9th,
is the second such vulnerability patched by Google within a week, and the third of 2024.
such vulnerability patched by Google within a week and the third of 2024. While there is a known exploit in the wild, details about the attacks remain undisclosed. Additionally,
a proof-of-concept exploit has been claimed, though its effectiveness is uncertain.
Three major UK insurance associations have collaborated with the National Cybersecurity Center to issue
new guidance aimed at reducing ransom payments following ransomware attacks. This initiative,
based on a 2023 NCSC-sponsored research by the Royal United Services Institute, encourages
organizations to thoroughly assess the impact of ransomware incidents and consider alternatives before paying ransoms.
The guidance, while non-mandatory, seeks to deter the impulse to pay ransoms,
which the NCSC's CEO, Felicity Oswald, argues only fuels further criminal activity.
Oswald emphasized the ineffectiveness of ransom payments
in eliminating future risks
and noted that organizations with a cyber essentials certificate
are significantly less likely to file insurance claims
related to cyber incidents.
Despite this, the decision to pay a ransom
ultimately remains with the victim organization.
The FCC has issued an alert about a robocall scam group named Royal Tiger,
marking it as the first consumer communications information services threat, CSIST.
This designation aims to enhance awareness among law enforcement
and industry stakeholders to combat scams,
led by Prince Javanshlal Anand,
also known as Frank Murphy, and Kashal Bhavsar, operate from multiple countries and has been
involved in illegal robocall operations impersonating banks, government bodies, and
utilities. The group's entities, including several voice-over IP companies in the U.S. and abroad, have been linked to substantial consumer fraud and financial losses.
The FCC, along with the FTC, has taken actions, including cease-and-desist orders, to halt their illicit activities and protect consumer trust in communications services.
consumer trust, and communication services.
Vermont's legislature has passed one of the strongest comprehensive data privacy laws in the U.S., featuring a unique provision that allows individuals to sue companies directly for privacy violations.
This private right of action is limited to large data brokers and will need reauthorization after two years. The law includes stringent requirements on data minimization
and bans the sale of sensitive consumer data.
This move aligns with recent efforts in other states, like Maryland,
and ongoing attempts to create a federal privacy law.
Vermont's law also addresses the use of geolocation data
and establishes robust civil rights protections
to prevent discrimination. This legislation is seen as a significant step in empowering
consumers against data abuses by large tech companies. A malicious Python package named
Requests Darwin Lite on PyPy, mimicking the popular Requests library, targeted macOS devices using the Sliver C2 framework, a tool for gaining access to corporate networks.
Discovered by Phylum, the attack included multiple obfuscation steps, such as steganography within a PNG image, to covertly install Sliver.
The package has since been removed from PyPi following Phylum's report.
Sliver is known for its post-exploitation capabilities
and has become a preferred tool for cybercriminals
due to its effectiveness in simulating adversary actions
and evading detection compared to other frameworks like Cobalt Strike.
This recent incident underscores the ongoing rise in cybercriminal adoption of Sliver
for targeting various platforms, including macOS.
Meanwhile, Apple has extended security updates to older iPhones and iPads,
addressing a zero-day vulnerability initially patched in March for newer devices.
This vulnerability, found in the iOS kernel's RT kit,
could allow attackers to bypass kernel memory protections.
Although the exploiters of this flaw and the specific nature of the attacks remain undisclosed,
such iOS zero-days are often used in targeted state-sponsored spyware attacks.
iOS zero days are often used in targeted state-sponsored spyware attacks.
Devices including the iPhone 8, iPhone 10, and various iPad models have received the patches.
Users of the devices are strongly encouraged to update immediately to safeguard against potential exploits.
Researchers from ESET reveal that eBury malware, initially exposed a decade ago, continues to be a significant threat, now compromising around 400,000 servers globally.
This malware primarily targets Linux systems and has been utilized by cybercriminals for financial gain, including credit card and cryptocurrency theft. Despite the arrest of
one perpetrator, eBury has evolved with new propagation methods and obfuscation techniques,
making it harder to detect. It leverages compromised servers within data centers
to intercept and steal credentials, particularly targeting Bitcoin and Ethereum nodes.
The recent developments in eBury's capabilities suggest an increasing sophistication in cyberattacks,
underscoring the need for continued vigilance and advanced security measures.
Security experts from Proofpoint have observed a large-scale email campaign
distributing the LockBit 3.0 ransomware, also known as LockBit Black,
directly via emails purportedly from Jenny Green.
Facilitated by the 4PX botnet, the campaign sends out millions of emails daily
with a subject line,
Your Document. Each email contains a zip file that, when executed, downloads and activates
the ransomware on the user's system. This kind of ransomware distribution via email at such a
volume is unusual and has not been observed since before 2020. The 4PX botnet, known for delivering malware in high-volume email campaigns,
has been active despite law enforcement efforts.
Users are advised to be cautious of emails from Jenny Green
and to avoid opening unexpected attachments.
Coming up after the break,
my Caveat co-host Ben Yellen speaks with our guest
Barbara McQuaid.
We're discussing her book
Attack From Within,
How Disinformation
Is Sabotaging America.
Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes!
Yes!
Yes!
With savings of up to 40% on Transat South packages, it's easy to say so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply.
Air Transat. Travel moves us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize
key workflows like policies, access reviews, and reporting, and helps you get security questionnaires
done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
Ben Yellen from the University of Maryland Center for Health and Homeland Security is my co-host on the Caveat podcast. He recently spoke with Barbara McQuaid, author of the book Attack From Within,
How Disinformation is Sabotaging America. So I want to start very high level. You have recently written and published
a book called Attack from Within, How Disinformation is Sabotaging America. So if you could just give
us a high level overview of the genesis for this book, why you decided to write it, what was the
impetus, what was the galvanizing event? Although I'm a professor at Michigan Law School now,
I started my career, spent most of my
career working as a prosecutor in national security. And during the time I was working
as a national security prosecutor, I saw the threat to national security evolve from Al-Qaeda
to ISIS to cyber intrusions to Russia. And now that I teach law, I teach a course in national security, and a growing area
has been disinformation. It started with Russian disinformation. I have my students read Robert
Mueller's report on Russia's interference in the 2016 election. And it's really evolved, in my view,
from an external threat to an internal threat. I think now we see a really significant threat to our
national security coming from American sources, hence the name of the book, Attack From Within.
And I think that there are people in this country who don't care about truth so much as advancing
their own political agenda, personal agenda, or profit agenda. So let's address the elephant in the room here, which is that what
you identify as misinformation or disinformation, others will identify as maybe as Kellyanne
Conway once said, alternative facts. And efforts such as yours to call out disinformation are met
with the likes of people like Elon Musk, who say that your real goal is censorship. And so I
just want off the bat to give you a chance to respond to people who I think would be making
that argument. Yeah, I'm so glad to get this question because I think that our country
cherishes First Amendment freedoms, as do I. And it's something that is highly regarded on the left
and the right. Without First Amendment free speech, we lose our ability to speak out against
our government. And so I cherish our First Amendment rights of free speech. But I think
that there are people who use the C word, censorship, in an effort to silence all critics
of anything that anybody says and is carte blanche to be able to say anything they want
to say. Of course, the First Amendment has some limitations on it, like all fundamental rights.
And so the Supreme Court has held that rights of free speech, like other fundamental rights,
may be limited when the limitation is narrowly tailored to achieve a compelling governmental
interest. And so it's for that reason that you
can't yell fire in a crowded theater, because you might be creating chaos or havoc or danger
to other people. It is a crime to threaten to kill somebody and to communicate a threat in
interstate commerce. It is a threat to engage in a conspiracy with somebody, even though it is
communicated by speech. It is a
crime to commit fraud, even though your fraud is committed by speech. So those who claim that the
First Amendment is absolute either don't know better or they do know better and they're lying.
This idea of, you know, who's the truth police anyway? What is truth? There's no such thing as
truth. You're playing a very dangerous game because although we can all have our own opinions and we can have our views on,
you know, eternal truths like the meaning of life and other things, there are such things as facts.
I spent my career as a prosecutor in court where there are facts and you have to use evidence to
support your factual assertions. This idea that truth is unknowable and there are no facts
is something that is used in Russia, in Putin's Russia, the idea that there are no facts,
truth is for suckers, truth is non-existent, everything is political spin, everything is PR,
and if you seek truth, then you're naive. And instead, what you should focus on is maximizing
your profit and disengage from politics because everybody's corrupt anyway.
I think there is such a thing as truth.
I think there are such things as facts.
And I think that we should not be duped into thinking that any effort to focus on truth is itself an act of censorship.
What strikes me is that efforts at disinformation have been extremely successful.
I mean, you look at just polling how many people have these false beliefs. So I'm wondering if you
could talk a little bit about effective disinformation tactics. What sort of, think of
the person you picture as the greatest purveyor of disinformation. I have mine. I suspect many of
our listeners and our guests
might share that person. But what are those techniques that you recognize that you talk
about in your book? Yeah. So a lot of these tactics are ones that have been around for decades.
Although the means for communicating them has changed with social media, I think many of the
same techniques are still in use. Hitler, Stalin, Mussolini used
these techniques. One of them is this idea of declinism, that things are awful in society.
We are a country in decline. Our unemployment is down. Wages are up. There's a lot of really good
things going on in the country. But instead, the narrative is again and again and
again how awful things are. Because then if things are awful, one, we can scapegoat and blame other
people for that and cast someone as the enemy that we need to work against and hate. So these are
really the same techniques we've seen throughout history being used again. I guess the difference,
you know, we've seen these techniques throughout history.
The difference now is, of course, the internet, which brings us to this podcast, which is about long policy of cybersecurity, privacy, surveillance, that sort of thing.
So can you talk about the role the internet has played in fostering disinformation, how
it's kind of changed the game, even though the techniques are
the same. Yes, I think the greatest example of this comes from Robert Mueller's report,
which I assigned to my students, about the Internet Research Agency's work to spread
disinformation using social media, Facebook, Twitter, now X, YouTube. And it was achieved by creating false personas
online, creating accounts with names that portrayed themselves as members of various
affinity groups in the United States. And the goal was to sow division among these groups,
to destabilize American society, to get us fighting with each other and ignoring Russia on the world
stage so they could do what they wanted to do, you know, invade Ukraine and ex-Crimea,
destabilize NATO. And so, you know, they would portray themselves as, for example, there was
an account called Blacktivist. Many months before the election, Blacktivist cultivated a lot of
followers of African-Americans who thought that
blacktivists was one of them. There was another group called United Muslims of America. There was
a group called Tennessee GOP. There was one called Heart of Texas. And they all portrayed themselves
as being grassroots Americans with a particular affinity or identity. And then they would do
things to stoke divisions, to say outrageous things,
to get people looking at that group and say, look at how outrageous those people are. They say all
of these horrible things. Well, it's because they weren't those people at all. They were some,
you know, Russian operative in a hoodie somewhere in a boiler room in Moscow. Or what blacktivists
wrote just before the 2016 election.
Again,
followers thinking that this was their black political activists saying things
like, you know, Hillary Clinton has never done anything for our community.
We should send her a message that we should not be taken for granted by not
showing up at the polls for her.
We should stay home on election day and send an important message.
So we'll never know how
many people heeded that call, but if even only a few did in a swing state that was decided by a
narrow margin, you could see that it could have tremendous influence on the outcome of the
election. And so in this way, we now have technology that can spread messages instantly
to millions of people and can do so anonymously. I'm always amazed at the precision of the Internet
Research Agency. I mean, I lived in Baltimore City at the time. We had gone through the Freddie Gray
unrest. And the memes that you saw that were so specific to the circumstances that, through the
Mueller report, we realized were the result of Russian disinformation. It was just really
striking to me. What would you like to see happen to help break the spell of disinformation. It was just really striking to me. What would you like to see happen to help
break the spell of disinformation? Yeah, I think one thing we need to do is to get our arms around
media literacy. So the things we've been talking about so far are things on the supply side of
how we might regulate social media to prevent so much disinformation from reaching us.
But I think on the demand side, there are some things we can do to make us more resilient when we receive
disinformation. And one is this idea of media literacy. In Finland, they have introduced media
literacy into their schools because in light of their proximity to Russia, they have been bombarded
with disinformation from Russia for decades, trying to reduce the power of NATO and reclaim some of their former Soviet satellite countries. And so media literacy in schools, you know, teaching students things like there may be fake news out there. It may be that someone creates a false newspaper that looks like a real one, but it's called something like, you know, in Detroit,
we have the Detroit News
and the Detroit Free Press.
They create something called
the Detroit Tribune, right?
And it doesn't even exist,
but it looks pretty good.
And then it pushes stuff out there
on social media and says,
the Detroit Tribune is reporting X, Y, and Z.
Well, maybe you do a little research
to find out if the Detroit Tribune
is a real thing
before you take what they report
at face value. Learning that the headlines don't
always reflect accurately what is in the story of a newspaper. Looking for a second source before
you assume some fact to be true. So, you know, teach people these things so that they can spot
them. And, you know, we could do that in our schools, but we could also do it for adults
through civic organizations and faith communities. There's a lot of great lifelong learning programs out there.
I think there is sometimes this temptation when there are people out there stoking division on
social media, you know, trolls who will argue with you. And it turns out they're just bots
who are picking a fight with you and, you know, berating you because you are of your gender,
your race, your whatever. And they're just there to stoke division. And so learning to not take
the bait when we see these things, to not argue with bots, because that is what ramps up the heat
in all of these exchanges. And so sometimes we jump to conclusions because we read something on social media and we
believe it to be true, when in fact, if we look for the evidence there, it's really missing. And so I
think that building that resilience requires our own media literacy, but our own sort of tolerance
and respect for those who might share different views politically. I think that's a very positive message to end on.
And I agree that it's incumbent upon all of us.
We're all susceptible to it.
I know both you and I are users of ex-formerly Twitter
and spending an hour on there,
I think we break our own rules frequently.
So I appreciate that as a message.
Thank you, Professor Barbara McQuaid.
The book is Attack From Within, How Disinformation is Sabotaging America. And thank you so much for
joining us today. Thank you, Ben. Great to be here. That's author Barbara McQuaid. The book
is titled Attack From Within, How Disinformation is Sabotaging America. It's a necessity. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company
safe and compliant. And finally, President Joe Biden has officially called game over for a Chinese-owned crypto mining data center in Cayenne, Wyoming, located suspiciously close to a nuclear missile base.
Via executive order, Biden told MineOne, the operators of the data center, to pack up their crypto gear and put the facility on the market within 120 days.
Just a stone's throw from Francis E. Warren Air Force Base,
home to America's Minuteman III nuclear missiles,
the center's location raised more than a few eyebrows and national security concerns.
Apparently, running a crypto mining operation near high-stakes military hardware is a big no-no.
Microsoft, playing the neighborhood watch, flagged the operation to the government,
leading to an investigation and the eventual shutdown order.
Mine One hasn't chimed in yet, but the message from the White House is clear.
Close shop and move your digital digging elsewhere.
And that's The Cyber Wire. For links to all of today's stories, check out our daily briefing
at thecyberwire.com. We'd love to know what you think of this podcast. Your feedback ensures we
deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and a review in your podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
We're privileged that N2K CyberWire is part of the daily routine of the most influential leaders and
operators in the public and private sector, from the Fortune 500 to many of the world's preeminent
intelligence and law enforcement agencies. N2K makes it easy for companies to optimize your
biggest investment, your people. We make you smarter about your teams while making your team
smarter. Learn how at N2K.com. This episode was produced by Liz Stokes.
Our mixer is Trey Hester,
with original music and sound design by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karpf.
Simone Petrella is our president.
Peter Kilpie is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Thank you. and data products platform comes in. With Domo, you can channel AI and data
into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare,
and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps
tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com Learn more at ai.domo.com.
That's ai.domo.com.