CyberWire Daily - Hack-proofing the future to shape cyberspace.
Episode Date: May 7, 2024Secretary Blinken and Senator Warner weigh in on cybersecurity at RSA Conference. Ransomware profits are falling. Proton Mail is under scrutiny for information sharing. A senior British lawmaker blame...s China for a UK cyberattack. Medstar Health notifies patients of a potential data breach. A study finds cybersecurity education programs across the U.S vary wildly. Brandon Karpf, N2K Man on the Street, stops by to share his thoughts on the 2024 RSA Conference. An Australian pension fund gets lost in the clouds. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests Brandon Karpf, N2K Man on the Street, stops by to share his thoughts on the 2024 RSA Conference. Selected Reading Blinken unveils State Dept. strategy for ‘vibrant, open and secure technological future’ (The Record) Warner: Lawmakers 'in process' of finding Section 702 fix (The Record) Ransomware operations are becoming less profitable (Help Net Security) Proton Mail Discloses User Data Leading to Arrest in Spain (Restore Privacy) UK says defence ministry targeted in cyberattack (Digital Journal) Novel attack against virtually all VPN apps neuters their entire purpose (Ars Technica) MedStar Health data breach affects 183,079 patients (WUSA9) Researchers say cybersecurity education varies widely in US (Tech Xplore) System outage affecting UniSuper services (UniSuper) UniSuper private cloud, secondary systems taken out by "rare" Google Cloud "issues" (iTnews) Superannuation: What It Is, How It Works, Types of Plans (Investopedia) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K. Thank you. For information sharing, a senior British lawmaker blames China for a UK cyber attack.
MedStar Health notifies patients of a potential data breach.
A study finds cybersecurity education programs across the U.S. vary widely.
Brandon Karpf, our N2K Cyber Wire man on the street,
stops by to share his thoughts on the 2024 RSA conference.
And an Australian pension fund gets lost in the clouds.
It's Tuesday, May 7th, 2024. I'm Dave Bittner, and this is your CyberWire Intel Briefing. briefing. It is great to have you with us here today. Thank you for joining us.
U.S. Secretary of State Antony Blinken unveiled an international cyber strategy at the 2024 RSA conference in San Francisco.
The strategy focuses on collaborating globally to shape cyberspace and digital technology development and governance.
Now, it's true that move fast and break things is literally the exact opposite of what we try to do at the State Department.
is literally the exact opposite of what we try to do at the State Department.
But it's also true that when it comes to our mandate to try to deliver on the priorities that matter most to our fellow Americans,
the issues that are the bread and butter of this conference
are increasingly a major focus of our diplomacy.
And that's really why I'm here today.
Today's revolutions in technology are at
the heart of our competition with geopolitical rivals. They pose a real test to our security.
And they also represent an engine of historic possibility for our economies, for our democracies,
for our people, for our planet. Put another way, security, stability, prosperity,
they are no longer solely analog matters.
The choices that we make today, that you make today,
will be decisive, and they will reverberate for generations.
That's why it's important for me to be here with you
and to share how, under President Biden's leadership,
our administration thinks about this inflection point.
The strategy outlines four goals,
advancing economic prosperity,
enhancing security to fight cybercrime,
promoting human rights and democracy,
and tackling other transnational challenges.
This plan emphasizes
digital solidarity involving mutual aid for cyber attack victims and supporting partners,
especially emerging economies, in developing secure and sustainable technologies.
The strategy criticizes Russia, China, and other authoritarian regimes for exploiting technology and seeks to counteract
their influence in shaping global internet governance. Key actions include promoting a
secure, resilient digital ecosystem, coordinating with allies on digital governance, and expanding
U.S. capabilities to combat cybercrime and influence global cyber policy. Elsewhere at RSA Conference,
Senator Mark Warner, head of the Senate Intelligence Committee,
emphasized the ongoing challenges
in defining electronic communications service providers
under the renewed Section 702
of the Foreign Intelligence Surveillance Act.
During a discussion, Warner acknowledged
the complexity introduced by a
House amendment that broadly expanded this definition, potentially increasing U.S.
surveillance powers. Despite privacy concerns, Warner defended the provision but committed to
refining it in the upcoming Intelligence Authorization Bill. He stressed the necessity
of updating the definition to align with technological advances
since 2008, while ensuring it remains narrow to avoid overreach. Warner expressed confidence
that resolving this issue would not be a significant obstacle. Ransomware operations
are becoming less profitable despite an increase in attacks, with both the number of ransom payments
and the average amount paid declining. This trend is attributed to better cyber resilience among
organizations, availability of decryptors by law enforcement and cybersecurity firms,
and increased law enforcement action. Chainalysis reports a 46% drop in ransomware attack payments in 2023.
Meanwhile, law enforcement successes, such as the disruption of the LockBit gang and QuackBot botnet,
have undermined criminal operations and trust within these networks.
The exit scam by the BlackCat group, which once commanded over 30% of ransomware payments,
has also damaged the
ransomware-as-a-service business model. These developments reflect a growing resistance to
paying ransoms bolstered by concerted efforts from the private sector and law enforcement
to disrupt ransomware ecosystems comprehensively. ProtonMail, a Swiss-based security email service known for its privacy,
is under scrutiny once again due to its compliance with a legal request involving Spanish authorities
and a Catalan independence advocate. This incident echoes a previous case where ProtonMail complied
with Swiss law to provide a user's IP address,
leading to the arrest of a French activist. The current controversy involves ProtonMail giving a recovery email to Spanish police,
which then led to further identification processes with Apple.
This sequence of actions highlights the ongoing tension between maintaining user privacy
and adhering to national security demands under anti-terrorism laws.
Despite ProtonMail's encryption of contents,
the company confirmed compliance with 5,971 data requests in 2023,
emphasizing the challenge of balancing privacy with legal obligations.
A senior British lawmaker, MP Tobias Elwood,
suggested that China was likely behind a cyber attack
targeting UK armed forces personnel data,
including names and banking details,
through a third-party payroll system.
This claim, which Elwood described
as having the characteristics of a Chinese operation
to potentially coerce individuals, was met with strong denial from Beijing,
labeling the accusations as utter nonsense and reaffirming its stance against cyberattacks.
Despite this, the UK government has not officially blamed China,
describing the challenge posed by Beijing as epoch-defining but emphasizing
caution in attributing the attack. This incident adds to ongoing tensions,
with the UK and US previously accusing China of various cyber-intrusions.
Researchers from Leviathan Security have discovered a vulnerability named Tunnel Vision that significantly
undermines the security of virtually all VPN applications.
This attack exploits a DHCP server setting to reroute VPN traffic to allow
attackers to intercept, read, and modify data that should be encrypted within the VPN tunnel.
This vulnerability impacts VPNs on most operating systems except Android,
which does not implement option 121.
While Linux offers a partial mitigation,
the breach remains largely exploitable on other systems.
The flaw exposes the limitation of VPNs in securely anonymizing user traffic, especially when connecting to hostile networks.
The findings emphasize the necessity for more robust security measures for VPN devices,
like running the VPN within a non-bridged virtual machine or using a cellular device's Wi-Fi for Internet access. MedStar Health has notified just over
183,000 patients of a potential data breach after unauthorized access to three employee
email accounts was detected, as reported to the U.S. Department of Health and Human Services.
The breach occurred intermittently between January 25th and October 18th of 2023.
Although there's no evidence that patient information was viewed or acquired, the possibility cannot be dismissed.
Exposed data may include patients' names, addresses, birthdates, service dates, provider names, and health insurance information.
health insurance information. A review led by Washington State University revealed significant variation in cybersecurity education programs across U.S. institutions designated as National
Centers of Academic Excellence in Cybersecurity by the NSA. The study highlighted a lack of
uniformity in program types, course offerings, and the depth of cybersecurity content.
The research suggests enhancing these programs by incorporating educational theories from fields
like educational psychology to better prepare graduates for the rapidly evolving cybersecurity
industry. The findings stress the need for closer alignment with industry expectations
and advocate for continuous adaptation to meet the changing tactics of cyber adversaries.
The study serves as a benchmark for comparing programs
and shaping future education strategies in cybersecurity.
Coming up after the break, my N2K colleague, Brandon Karp,
shares his thoughts from the 2024 RSA Conference.
Stay with us. Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes!
Yes!
Yes! With savings of up to 40% on Transat South packages, it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply.
Air Transat. Travel moves us.
Do you know the status of your compliance controls right now?
Like, right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks. have continuous visibility into their controls with Vanta. Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And joining us from the RSA conference in San Francisco is my N2K colleague and our
executive editor, Brandon Karf. Brandon, thank you so much for joining us.
Hey, Dave. Good to catch up with you today.
I'm excited to talk about the conference.
Well, let's dig in here.
I mean, you've been on the ground for, oh gosh, about two days now.
Let's just start off with initial reactions.
How do you describe this year's show?
Well, as always, those first two days feels like an entire week.
show? Well, as always, those first two days feels like an entire week. So the conference is bustling as everyone would expect. Every major company is here. Every minor company is here.
The community has come out in force. So it is crowded and bubbling. And the keynote yesterday
by Antony Blinken was particularly focused on really the security threats that we are facing as an industry and as a cybersecurity profession.
And I thought it was the right choice to have him come and give this really candid perspective on the security industry and as it stands today.
on the security industry and as it stands today.
Well, speaking of candid perspectives,
I mean, I think it's no secret that the hot topic,
certainly from the marketing point of view,
is generative AI.
How do you walk the show floor and try to make sense and cut through
what I think a lot of people are looking at skeptically
as noise?
Right, yeah.
And certainly the booth designers and
event marketing folks have basically taken the last five years of marketing language and shoved
it into one sentence, it seems like, which is next-gen XDR, gen AI, or some combination grab
bag of those terms. And I do think it is very easy. And I've
had these conversations with numerous people already, leaders in the security industry and
major CISOs at large, Fortune 500 companies just in the last day. And it's easy to get cynical and
skeptical about this idea of AI, that it's breathless, that it's in the midst of the hype cycle. But I think what we need to do as a profession, as security professionals, is take
a step back and look at the fundamentals, right? What is AI? Why is this the moment for AI? But
what does it really mean from the first principles of information security? Well, let's dig in there.
I mean, how should we approach this?
Well, when you think about this moment and why AI is having this moment, what is artificial
intelligence, especially generative artificial intelligence? And I think why it's having a
moment right now is you look at the core of it. It is extraordinary amounts of data, right? That's
the fuel and access to incredibly cost-effective and powerful compute
resources, right? So you have incredible amounts of data, right? Insightful data, unique data that
a lot of folks can get access to. And you have access to these compute resources that are very
cost-effective and more powerful than anything we've ever seen before. And when you
combine access to unique data, massive, massive amounts of data with that powerful compute,
you have something that could actually be quite useful and meaningful to a security professional,
right? It is providing or giving you the environment where you could elevate insights
and extract insights from that data and make them useful
through compute. And when you bring those things together, you have something actually quite
powerful. And so when we look at these companies who are pitching AI products and new capabilities
and all this product marketing language, what I really encourage the security professional and
the CISO and the SOC manager and the analyst to do is look at and ask who has access to the compute, you have something really useful for the security professional.
And so when we ask the question, who's going to come out with something helpful?
Who's going to break through the noise with something useful?
Look at those intersections.
And I think that's where the signal will be.
The show itself, I mean, as you approach scheduling the limited time that you
have there, how do you come at this? Something that is as big as RSA Conference is, do you have
any words of wisdom for folks who may be first-timers? Certainly. I accept the fact that
there's no possible way I can get to it all, and there's no possible way that I can see it all and connect with everyone or everything I want to. So it's really a triage. There's a couple things that I personally think is really important.
who's getting attention, a few of the keynotes and talks where you really think about from the strategic level, where is this community moving and going? And then a couple of the events in
the evenings. For example, last night I was at ForgePoint, an In-Q-Tel's event, which is primarily
focused on national security. And those are the types of things that I focus on and really curating
my own experience around the topics I find really important. Again, national security,
curating my own experience around the topics I find really important. Again, national security,
you know, early stage companies bringing new technologies and new capabilities to the fore,
and then, you know, finding those individuals that I know that will have something interesting to say,
the various CISOs and thought leaders that we connect with on a daily basis here at CyberWire.
The last piece of advice which I would offer to everyone is make sure you schedule time for lunch, which is something I've personally forgotten to do this
year. It's the little things that really matter. Right. Don't forget to eat. Don't forget to
hydrate and wear comfortable shoes, right? Right. Yeah, exactly. Those creature comforts,
those creature comforts that are necessary. But it's about building a curated experience.
What do you want to get out of it?
And what I wanted to get out of it, knowing that there was going to be a huge amount of hype around AI,
I wanted to come in here and curate an experience for myself where I was breaking through the noise to find the signal.
And that's this initial insight of the combination of big data and big compute in a really meaningful way for the security operator.
Having been to the conference many times myself, from year to year, there can be a shift in tone.
Sometimes you sense that the crowd is optimistic.
Other years, you feel as though it's more cautious.
What's your sense from the crowd this year?
I think it's a little cautious.
your sense from the crowd this year? I think it's a little cautious. The community, and I've heard this actually numerous times from people in very different positions in the community just in
the last two days, this idea that over the last few years, we've been asked to do more with less.
And that has just pervaded the whole industry. Do more with less, cost savings, resource saving,
and then trying to apply technology to limit resource uh spend and resource
allocations and so i think the sense i'm getting the community is a little tired of that and i i
would encourage any business leader out there to do not ask your people to do more with less
and if you do they should respond with no let's do less with less uh i think that that that that
real view of what you're able to accomplish, given the resources you have,
really matters.
And I see it in the faces and in the conversations I'm having.
The community is a little tired right now.
And the breathlessness that we have around issues like critical infrastructure security
and international relations, geopolitics, activism, and the massive ransomware gangs
that just, we keep fighting,
but they keep popping back up.
There is a little bit of exhaustion
starting to creep in.
So that balance and that health
and the proper resourcing of these teams,
I think is something that the community
needs to focus on in the coming year.
Brandon Karp is executive editor
here at N2K CyberWire.
Brandon, thanks so much for taking the time for us today.
Yeah, thanks, Dave.
Cyber threats are evolving every second, and staying ahead is more than just a challenge. It's a necessity. Thank you. you total control, stopping unauthorized applications, securing sensitive data, and ensuring your
organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company
safe and compliant.
Australian firm Unisuper, a superannuation fund, the U.S. equivalent would be a defined benefit or defined contribution plan,
recently faced a week-long systems outage traced to a series of rare issues at Google Cloud.
systems outage traced to a series of rare issues at Google Cloud. These issues caused misconfigurations during the provisioning of Unisuper's private cloud and activated a
secondary software bug, affecting both primary and secondary systems. This incident occurred
shortly after Unisuper transitioned many of its workloads from Azure and its own data centers to Google Cloud,
specifically using the Google VMware engine for easier migration. Despite the disruption,
Unisuper plans to begin progressive restoration of member services, including online access and
mobile app functionalities. The fund also highlighted its use of multiple cloud providers,
which helped mitigate data loss.
Google Cloud has since taken steps to prevent such occurrences
and is working continuously with Unisuper to restore all services,
and they emphasized this was the result of cascading internal errors
and was not the result of a cyber attack.
I guess Unisuper found out the hard way that not
every cloud has a silver lining. And that's the Cyber Wire. For links to all of today's stories,
check out our daily briefing at thecyberwire.com. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead
in the rapidly changing world of cybersecurity. If you like our show, please share a rating and
review in your podcast app. Please also fill out the survey in the show notes or send an email to
cyberwire at n2k.com. We're privileged that N2K Cyber Wire is part of the daily routine
of the most influential leaders and operators in the public and private sector, from the Fortune
500 to many of the world's preeminent intelligence and law enforcement agencies. N2K makes it easy
for companies to optimize your biggest investment, your people. We make you smarter about your teams while making your teams smarter.
Learn how at n2k.com.
This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music
and sound design by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karpf.
Simone Petrella is our president.
Peter Kilpie is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here
tomorrow. Thank you. but also practical and adaptable. That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.