CyberWire Daily - High-stakes sabotage.
Episode Date: September 18, 2024Exploding pagers in Lebanon are not a cyberattack. Europol leads an international effort to shut down the encrypted communications app Ghost. Microsoft IDs Russian propaganda groups’ disinformation ...campaigns. California’s Governor signs bills regulating AI in political ads. A multi-step zero-click macOS Calendar vulnerability is documented. A new phishing campaign targets Apple ID credentials.The US Cyber Ambassador emphasizes deterrence. Our guest is Linda Betz, Executive Vice President of Global Community Engagement at the FS-ISAC, sharing their work on maintaining security support at all levels of cyber maturity. AI tries to out-Buffett Warren Buffett. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Linda Betz, Executive Vice President of Global Community Engagement at the FS-ISAC, sharing their work and the recently-published guide on maintaining security support at all levels of cyber maturity. You can check out their guide “Cyber Fundamentals: Critical baseline security practices for today’s threat landscape” here. Selected Reading Israel Planted Explosives in Pagers Sold to Hezbollah, Officials Say (The New York Times) Criminal-favored Ghost messaging app busted, owners arrested (Cybernews) Russians made videos falsely accusing Harris of hit-and-run, Microsoft says (The Washington Post) California governor signs laws to crack down on election deepfakes created by AI (Associated Press) Researcher chains multiple old macOS flaws to compromise iCloud with no user interaction (Beyond Machines) iPhone Users Warned As New Email Password-Stealing Attacks Reported (Forbes) Deterrence in cyberspace is possible — and ‘urgent’ — amid ‘alarming’ hybrid attacks, State cyber ambassador says (CyberScoop) New Chatbot ETF Promises to Mimic Warren Buffett, David Tepper (Bloomberg) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K. Thank you. Microsoft IDs Russian propaganda group's disinformation campaigns. California governor signs bills regulating AI and political ads.
A multi-step zero-click macOS calendar vulnerability is documented.
A new phishing campaign targets Apple ID credentials.
The U.S. cyber ambassador emphasizes deterrence.
Our guest is Linda Betts, Executive Vice President of Global Community Engagement at the FSISAC,
sharing their work on maintaining security support at all levels of cyber maturity.
And AI tries to out-Buffett Warren Buffett.
It's Wednesday, September 18th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing.
The recent explosions in Lebanon, which killed 12 people and injured nearly 2,800,
were not the result of a cyber attack, but rather a coordinated physical operation.
According to Lebanese state media and Hezbollah, the devices affected were pagers used by members of the group.
The devices affected were pagers used by members of the group. U.S. and other officials confirmed that Israel had likely planted small explosives in these pagers,
which were remotely detonated.
This sabotage disrupted Hezbollah's communication infrastructure,
which had relied on pagers due to concerns about the security of mobile networks.
The pagers, sourced from a Taiwanese company,
were tampered with before reaching Hezbollah.
Israel has not officially commented on the attack,
but it aligns with their broader covert efforts against Hezbollah and Iran.
Despite the technological sophistication of the operation,
the blasts were not the result of a cyber breach,
but rather a physical modification of the communication devices. Hospitals in Beirut were overwhelmed
with casualties, and the explosions have heightened tensions in the ongoing conflict
between Israel and Hezbollah, which has been further complicated by the Gaza War.
While Hezbollah has vowed retaliation, this incident
underscores the intensifying covert conflict between Israel and its regional adversaries.
Axios reports that a second wave of attacks occurred today, blowing up thousands of Hezbollah
walkie-talkies. Axios says the devices were similarly booby-trapped by Israeli intelligence before
they were delivered to Hezbollah. Authorities from nine countries, in collaboration with Europol,
dismantled the encrypted communications app Ghost, which had been a key tool for organized crime.
The app facilitated illegal activities such as drug trafficking, money laundering,
and violent crimes. Criminals favored Ghost because it allowed them to evade law enforcement
through robust encryption and message self-destruction features. Servers were
located in France and Iceland, while its creators resided in Australia. The international operation resulted in 51 arrests,
including the app's mastermind, Zhezhe Yunzhong. Several threats to life were thwarted,
and a drug lab was uncovered in Australia. Europol highlighted the collaborative effort,
stating that even highly encrypted networks cannot evade law enforcement.
Russian propaganda groups have
escalated a disinformation campaign targeting Vice President Kamala Harris's presidential run
through fake videos, Microsoft researchers revealed. These videos, shared widely on social
media, falsely accuse Harris of crimes like a fabricated hit-and-run incident
and a staged assault at a Donald Trump rally.
One viral video accusing Harris of paralyzing a girl reached 7 million views on ex-Twitter.
Another video depicted a fake New York billboard with offensive messages about Harris.
Microsoft identified three Russian government-backed
groups involved in these smear campaigns, with one group particularly focused on creating
attention-grabbing, scandalous content. This activity persists despite previous exposures
of these attacks, with Russia continuing efforts to undermine the U.S. election.
Microsoft also noted six Russian hacktivist groups working
in coordination with Russian intelligence services. Alongside Russia, a Chinese-influenced
group has also been active, seeking to amplify divisions within the U.S. rather than promoting
a specific candidate. California Governor Gavin Newsom signed three bills to regulate the use of artificial intelligence in political ads ahead of the 2024 election.
One new law, effective immediately, prohibits the creation and distribution of AI-generated deepfakes related to elections starting 120 days before and 60 days after Election Day.
Courts can now block such materials and impose civil penalties.
Additionally, large social media platforms must remove deceptive AI content under a separate law,
while political campaigns must disclose if their ads use AI-altered material.
California was the first state to ban election-related deepfakes in 2019, and these measures further strengthen its proactive stance.
A zero-click vulnerability in macOS Calendar was discovered by researcher Miko Kentola, allowing attackers to write or delete files within the Calendar sandbox.
This flaw could lead to malicious code execution and
unauthorized access to sensitive iCloud photos data. By exploiting the vulnerability, attackers
could send malicious calendar invites that bypassed file name sanitization, facilitating
directory traversal. The attack chain involved multiple phases, including injecting malicious files to execute remote code during a macOS upgrade and gaining access to iCloud photos by altering the photo app's configuration.
Apple patched these vulnerabilities in a series of updates between October 2022 and September 23.
23. The exploit was detailed in a Disobey 2024 presentation demonstrating how attackers could compromise user data without interaction. Action Fraud, the UK's national fraud and
cyber reporting center, has issued a warning to iPhone users about a phishing campaign targeting
Apple ID credentials. The scam involves emails that falsely claim
the recipient's iCloud storage is nearing capacity,
prompting them to upgrade or update payment information.
These emails appear to come from Apple,
but direct users to malicious sites
designed to steal Apple ID login details,
payment card information, and personal data.
Over 1,800 reports of this phishing attack have been filed in just two weeks.
To avoid falling victim, Action Fraud advises users to never click on links and suspicious emails,
and instead check their iCloud storage directly through their iPhone or Apple device settings.
If unsure, users should contact Apple through official channels.
Nate Fick, the U.S. cyber ambassador, argues that deterrence is crucial in cyberspace,
contrary to some views within the security community.
In an interview with CyberScoop's Tim Starks, Fick emphasizes that cyber deterrence is increasingly urgent
due to the rise of hybrid threats, blending cyber attacks with foreign influence and physical
warfare seen in countries like Estonia, Poland, and Ukraine. He stresses the need to enforce norms
and prevent adversaries like China and Russia from expanding their influence through digital means.
Fick also highlights the importance of public education to combat disinformation,
comparing it to successful campaigns for public health issues like smoking.
His bureau focuses on expanding cyber capabilities,
including foreign aid to bolster allied nations' defenses.
Specific near-term priorities include Costa Rica and Moldova,
both facing significant cyber challenges.
Fick believes strategic resource allocation is key,
with the U.S. cyber policy delivering strong returns on investment in global security.
global security. Coming up after the break, my conversation with Linda Betts, Executive Vice President of Global Community Engagement at the FSISAC. Stay with us. Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes! Yes! Yes!
With savings of up to 40% on Transat South packages, it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details. Conditions apply.
Air Transat. Travel moves us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster
with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass
your company's defenses is by targeting your executives and their families at home? Black
Cloak's award-winning digital executive protection platform
secures their personal devices,
home networks, and connected lives.
Because when executives are compromised at home,
your company is at risk.
In fact, over one-third of new members discover
they've already been breached.
Protect your executives and their families
24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
Linda Betts is Executive Vice President of Global Community Engagement at the FSISAC.
I recently chatted with her about their work on maintaining security
support at all levels of cyber maturity. So FSISAC is a 25-year-old non-profit
focused on financial services, improving their security, resiliency, trust across the financial sector. We have over 5,000 members across 75 countries.
And the guide that you all recently published, this is titled Cyber Fundamentals,
Critical Baseline Security Practices for Today's Threat Landscape.
What prompted the creation of this guide?
Sure, Dave. So there are probably two major reasons why we decided to do this guide.
You know, as part of our mission working with the financial sector, we're involved in understanding
things that affect the financial sector on a daily basis, be it, you know, it could be through
vendors, issues, breaches, all of those things. So if you think about it, one is the supply chain.
So I think things fundamentally have changed
over the last five to 10 years.
It used to be that a lot of companies
and financial sectors had their data centers
and they were in control of most of their IT resources.
That has truly flipped.
And instead of being more like a castle
moat, it's more like a spider web that, you know, you're using multiple different services,
and if there's a problem with any of them, they're affecting you. So still, the regulators
and the companies are held responsible for the third parties they use. And a lot of those
third-party services are not regulated at the same level that the financial services are.
So really, this guide is helping our members as they reach out to their suppliers, you know,
for IT services, what are the key things they should be asking them. So that was one, you know, supply chain.
The second big driver to this was that, you know, we have huge organizations that have huge staff
and can actually focus on the many different regulations that they have that are applicable
to them. But a lot of our smaller organizations do not have the staff
to be able to spend the kind of time that a really large financial institution can.
So this is trying to help them focus on what we think, what we have seen over the course of many
years as being the repeated things that often lead you into trouble of a breach or your vendor having a breach.
So this was to try to make it easy and net out for a lot of the smaller institutions.
Well, the guide lays out 15 recommendations that organizations of all levels of cyber maturity can use.
In the time we have here, are there any particular you want to highlight?
Sure. I mean, there's, just as we said, there's 15, but one is good hygiene. If you think about
it, it's the least sexy thing. But if you're not patching, if you don't have, you know,
firewalls closed into default, if you don't have the right security configurations,
50%, 7% of the breaches could have been prevented by installing the available patches.
So it really is some basic hygiene, I think is one of them. Another one that has been
a big focal point for the financial sector is multi-factor authentication. So certainly if people are using passwords and those passwords are stolen in some level, if you don't have multi-factor, people are just replaying them back. same password on all different platforms. And so certainly password management and strong
passwords with multi-factor are key. And per Verizon, 24% of the breaches have stolen credentials
as their first step of attack. You know, it strikes me as I'm looking through the list here that while you're focused on the financial services sector, that these fundamentals apply to every organization.
And really anybody could benefit from taking a look at this.
Steve, that was a perfect question for me because that was one of the reasons why we made this available on our public website.
reasons why we made this available on our public website. The majority of the work we do to help our members are not on a public website, but part of putting this on our public website was to help
across industry and to help everybody. So it really was to raise all boats up. And in fact,
you can find this guide if you go to the fsisac.com website and type in fundamentals.
It's available for all of your listeners to be able to read.
Yeah, there's that old joke about, you know, why do you rob banks?
Because that's where the money is.
And it strikes me that if security steps are good enough for the folks in the financial services sector, that's a good place to start for just about anybody. I personally think one of the wonderful things about information security
is the level of sharing and trying to help your colleague out that may even be in a different
company. And so I think having some of the best minds come together, you know, under the umbrella of FSISAC as our members
trying to help each other is just wonderful. And you'll actually see other things that we've shared
on our external website. So, for example, we've had a working group around artificial intelligence.
And again, we didn't want to save that just for the financial sector. And so that too is public
out on our external website. Can you tell us a little
bit about the ISACs in general? I mean, it really seems to me like this is a real multiplier for
organizations to benefit from each other's knowledge and the way that you facilitate
these conversations. I think you're absolutely right. And so there are multiple ISACs.
And again, that started about 25 years ago with FS-ISAC being, you know, one of the first. So
depending on whatever industry you're in, you probably want to see if there is an ISAC for you.
And chances are there are because there are many. But besides that, FS-ISAC is actually part of the Cross-ISAC group. There are ISACs that get together and make sure that we are sharing, you know, among ourselves and helping each other. And if you kind of put that in that perspective,
it is a wonderful thing that we can share with each other and help each other out.
That's Linda Betts, Executive Vice President of Global Community Engagement at the FS-ISAC.
Check out their guide, Cyber Fundamentals,
Critical Baseline Security Practices for Today's Threat Landscape.
We'll have a link in the show notes.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe
and compliant.
And finally, fintech startup Intelligent Alpha is launching an exchange-traded fund powered by AI chatbots modeled after legendary investors like Warren Buffett and Stanley
Druckenmiller. The Intelligent Livermore ETF, trading under the ticker LIVR, uses ChatGPT, Gemini, and Claude as its investment committee.
These chatbots mimic the strategies of iconic money managers to curate a global portfolio across various sectors like healthcare and renewables.
healthcare and renewables. CEO Doug Clinton likens this AI-driven approach to hedge fund pods, each focusing on specialized areas of expertise. While it's an audacious attempt to
weaponize AI for riches, the strategy remains experimental, with little evidence proving AI's
investment edge over traditional methods. Still, the ETF includes human oversight
to prevent any hallucinations from the AI,
like accidentally investing in fraudulent companies.
Despite the hype,
AI-powered ETFs have mostly struggled
to outperform traditional funds,
but Intelligent Alpha hopes to change that
by adding more products in the future.
What could possibly go wrong?
And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
We're privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector,
from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people.
We make you smarter about your teams while making your teams smarter.
Learn how at N2k.com.
This episode was produced by Liz Stokes.
Our mixer is Trey Hester,
with original music and sound design by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karp.
Simone Petrella is our president.
Peter Kilby is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Thank you. Domo's AI and data products platform comes in. With Domo, you can channel AI and data into
innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate
your data workflows, helping you gain insights, receive alerts, and act with ease through guided
apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.