CyberWire Daily - Leading the charge in cybercrime take downs.
Episode Date: December 20, 2023Interpol leads cybercrime take downs. ALPHV/Blackcat is in a “tug of Tor” with the FBI. The Senate confirms a new leader for Cyber Command and NSA. Rite Aid is banned from using facial recogniti...on. CISA prepares a new approach to information sharing. Remote encryption of ransomware. CitrixBleed is exploited to access customer data. An update on the Kyivstar cyberattack. The Tallinn Mechanism solidifies Western support for Ukraine's cybersecurity. In today’s Learning Layer segment, host Sam Meisenberg talks with Shelby Ludtke about passing the new ISC2 Certified in Cybersecurity (CC) exam. And GCHQ introduces youngsters to code breaking. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In our Learning Layer segment today, host Sam Meisenberg talks with Shelby Ludtke about passing the new ISC2 Certified in Cybersecurity (CC) exam. For more information on practice tests, please visit N2K’s certification page. Learning Layer links Practice tests Selected Reading Interpol operation arrests 3,500 cybercriminals, seizes $300 million (Bleeping Computer) AlphV claims to have ‘unseized’ its darkweb domain from the FBI. What’s happening? (The Record) Senate confirms Biden’s pick for Cyber Command, NSA (The Record) Rite Aid Banned from Using AI Facial Recognition After FTC Says Retailer Deployed Technology without Reasonable Safeguards (Federal Trade Commission) Enabling Threat-Informed Cybersecurity: Evolving CISA’s Approach to Cyber Threat Information Sharing (CISA) CryptoGuard: An asymmetric approach to the ransomware battle (Sophos) Notice To Customers of Data Security Incident (Businesswire) Ukraine's Kyivstar says it is fully operational after cyber attack (Reuters) UK and partners form The Tallinn Mechanism for cyber security (Gov.UK) GCHQ Christmas challenge: Agency reveals 2023 codebreaker (BBC) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Interpol leads cybercrime takedowns.
Alfie Blackcat is in a tug-of-tour with the FBI.
The Senate confirms a new leader for Cyber Command and NSA.
Rite Aid is banned from using facial recognition.
CISA prepares a new approach to information sharing.
Remote encryption of ransomware.
Citrix Bleed is exploited to access customer data.
An update on the Kyivstar cyber attack, the
Talon mechanism solidifies Western support for Ukraine's cybersecurity.
In today's Learning Layers segment, host Sam Meisenberg talks with Shelby Lutke about
passing the new ISC Squared Certified in Cybersecurity exam, and GCHQ introduces youngsters to code
breaking.
It's Wednesday, December 20th, 2023.
I'm Dave Bittner, and this is your CyberWire Intel briefing. We begin today with news from Interpol that Operation Hachi 4, an international law enforcement effort, led to the arrest of 3,500 suspects in various cybercrimes and the seizure of $300 million in illicit proceeds.
The operation, spearheaded by South Korean authorities and involving agencies from 34 countries,
took place from July to December 2023.
It targeted voice phishing, romance scams, sextortion, investment fraud,
money laundering from online gambling, business email compromise, and e-commerce fraud.
Interpol's iGrip initiative helped flag and freeze over 82,000 bank accounts linked to these crimes.
Of the total seized, just under $200 million was in hard currency, and $100 million was in digital assets like NFTs
associated with cybercrime. The operation highlighted new trends in digital investment
frauds and rug pull scams involving NFT platforms. Additionally, AI and deepfake technologies are
emerging as tools for creating realistic synthetic content to deceive victims.
The UK authorities disrupted several AI-based impersonation, blackmail, and investment fraud
cases. While AI gives an advantage to cybercriminals, Interpol is adapting its
strategies to combat these evolving threats. Compared to the previous Hachi 3 operation, Hachi 4 saw a 260% increase in arrests,
marking a significant advancement in international efforts against transnational cybercrime.
After the ALF v. Black Cat ransomware gang's website was seized by the FBI,
a message purportedly from the criminals claimed they had regained control,
announcing a lift on their self-imposed ban on targeting certain institutions. a message purportedly from the criminals claimed they had regained control,
announcing a lift on their self-imposed ban on targeting certain institutions.
However, some visitors, including Recorded Futures' The Record,
still saw the FBI's splash page, leading to confusion about who actually controlled the site.
Experts explained that the site, an onion service on the Tor network,
operates differently from standard websites. Its address is a public key, and control is determined by who owns the corresponding private key. The FBI had seized numerous public-private
key pairs from Alfie Blackhat, leading to a potential tug-of-war for control. Both the FBI and the ransomware group
could be aggressively submitting entries to direct traffic to their version of the site.
Professor Stephen Murdoch from University College London mentioned the possibility of law enforcement
conducting a denial of service or man-in-the-middle attack using the private key. He advised against visiting the compromised site as it poses security risks.
This tug-of-war, as Recorded Future calls it,
reflects the ongoing battle between law enforcement and cyber criminals over domain control.
The U.S. Senate has confirmed Air Force Lieutenant General Timothy Hogg
as the new leader of U.S. Cyber Command and the National
Security Agency, concluding a year-long hold on military nominations by Senator Tommy Tuberville
over the Defense Department's abortion policy. Hogg, who previously held the second-in-command
position at Cyber Command and led the Air Force's Digital and Information Warfare Branch, replaces Army General Paul
Nakasone. His appointment followed scrutiny from Senator Ron Wyden regarding the NSA's
data purchasing practices. The Senate also confirmed Army Major General William Hartman
as HOG's deputy. These confirmations enable further leadership changes within Cyber Command and the NSA,
particularly in their Cybersecurity Directorate.
In other agency news, the NSA's 2023 Cybersecurity Year in Review details its key achievements in enhancing national security through cybersecurity initiatives.
Notable accomplishments include the inauguration of the AI Security Center
within the Cybersecurity Collaboration Center,
aimed at advancing secure AI integration within the national security systems and the defense industrial base.
The NSA also enhanced its global cybersecurity impact by countering threats like Russian cyber espionage and malicious cyber activities from China, in collaboration with U.S. and international partners.
Additionally, there was a 400% increase in enrollments for NSA's no-cost cybersecurity services
by Department of Defense contractors,
significantly strengthening the defense industrial base's infrastructure.
U.S. drugstore chain Rite Aid has settled Federal Trade Commission charges
by agreeing to a five-year ban on using facial recognition technology for surveillance
due to its misuse leading to consumer harm. The FTC's order requires Rite Aid to implement
comprehensive safeguards against such harms and discontinue the technology if risks to consumers are unmanageable.
The settlement follows Rite Aid's deployment of facial recognition from 2012 to 2020,
which resulted in consumers being wrongly accused due to false positive identifications.
The misuse disproportionately impacted people of color and violated a 2010 data security order.
Rite Aid is also required to delete collected images and related data,
notify consumers about biometric enrollments and actions against them,
and establish a robust data security program.
The order awaits approval from bankruptcy and federal district courts and modification by the FTC.
from bankruptcy in federal district courts and modification by the FTC.
The U.S. Cybersecurity and Infrastructure Security Agency has announced plans to revamp its automated indicator sharing program, focusing on three main areas.
First, simplification.
CISA will launch the Threat Intelligence Enterprise Services, TISE,
to unify and streamline cyber threat intelligence sharing.
TISE Exchange Platform will integrate information from partners and commercial sources,
offering a consolidated view for enhanced communication and engagement.
Next, Partner-Centered Design. The platform will be developed based on feedback from federal
agencies, critical infrastructure organizations,
and governments at various levels, focusing on adding value and ease of use. And last,
learning from experience. CISA aims to address past challenges with AIS, ensuring ease of sharing
and receiving information, providing context for prioritized action, and delivering value that
enhances existing cybersecurity capabilities. The focus will also be on maintaining privacy
and confidentiality. The new plans will go into effect in 2024. Researchers at Sophos have
identified a significant increase in remote encryption ransomware attacks, with a 62% rise since 2022.
Prominent ransomware groups like Akira, AlfV BlackCat, LockBit Royal, and BlackBasta
are employing this technique.
In these attacks, adversaries use a compromised endpoint, often with inadequate protection,
to encrypt data on other devices within the same network.
This approach bypasses modern security systems, as the malicious activities, including ingress,
payload execution, and encryption, occur on an unmanaged machine, with data transmission being
the only sign of compromise. Comcast's recent data breach affecting its Xfinity unit has been traced to attackers
exploiting a Citrix vulnerability known as Citrix Bleed. Discovered during a routine cybersecurity
check on October 25th, the breach occurred between October 16th and 19th after Cloud Software Group
had already issued a patch on October 10th. Despite promptly patching, Comcast didn't fully mitigate the risks,
as attackers had already hijacked authenticated sessions.
Mandiant's alert on October 17th emphasized the need to terminate all active sessions post-patching,
a step Comcast missed.
The widespread exploitation of Citrix Bleed continues, impacting various
organizations, including aerospace giant Boeing, with nearly 420 IP addresses recently detected
launching related attacks. According to Reuters, Ukrainian telecommunications provider Kivstar
has overcome difficulties as it continues to stabilize its networks.
Reports yesterday had claimed that Kivstar had restored most of its services
as it recovers from a Russian cyber attack it sustained late last week.
Reports from Ukraine, however, indicate that difficulties with voice communications persist in some areas.
Meanwhile, His Majesty's government this morning announced the establishment
of the Talon Mechanism to help build Ukraine's capacity for cyber defense. The announcement
states, the foreign ministries of Canada, Denmark, Estonia, France, Germany, the Netherlands, Poland,
Sweden, United Kingdom, and the United States have formalized the Talon Mechanism on the 20th
of December 2023. It aims to coordinate and facilitate civilian cyber capacity building
to help Ukraine uphold its fundamental right to self-defense in cyberspace and address longer-term
cyber resilience needs. The mechanism is expected to continue the public-private cooperation
that has figured so prominently in the war so far.
Coming up after the break.
In today's Learning Layer segment, host Sam Meisenberg talks with Shelby Lutke about passing the new ISC2 Certified in Cybersecurity exam.
Stick around.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
Welcome back to another episode of Learning Layer. Today on Learning Layer, I'm joined by a very special guest, my colleague, Shelby Lutke.
And she is here because she just passed the
Certified in Cybersecurity exam from IAC Squared. Before we get into all that, though, can you just
tell us a little bit about yourself and your background? Sure. Yeah. So I have a background
in something completely unrelated to cybersecurity, much like yourself. So yeah, my degree is actually
in history and history of arts. But I've been in the cybersecurity space in sales for the past five years with a variety of different
types of companies. So a managed network security provider, a ZTNA startup, and now I'm here at N2K.
So it sounds like in a weird way, you're kind of the perfect candidate for the certified in
cybersecurity. Because for those who don't know, it's supposed to be entry-level exam, in a weird way, you're kind of the perfect candidate for the certified in cybersecurity
because for those who don't know, it's supposed to be entry-level exam, help people learn the
lexicon of cybersecurity. So why did you want to challenge yourself and sit for this exam?
I think it's really important, especially in sales, to be able to speak with integrity and
understanding to your clients. So it was really important to me to
kind of understand their pain points, understand what their day-to-day looked like, you know,
and I've been sort of buzzing around the periphery in this space. And so I really just wanted to
challenge myself and understand, you know, what have I picked up by osmosis? Where can I dive
deeper? So you obviously picked up enough by osmosis and in your studies,
because like I said, you passed. So let's talk about that experience. Let's talk about exam day.
So tell me a little bit about exam day experience, what you were feeling,
what was going through your brain, and what happened during the test itself.
Yeah. So it was definitely a nerve-wracking experience, I won't lie. It's been a long time since I've had to, you know, put myself in a situation like that, where, you know, I walked in to a community college that is local to me, where the exam was being administered.
academia a little bit. And so it was definitely a hat that I haven't worn in a while.
Certainly a lot of protocols in place. So walking into the room, it's very strict about what you're allowed to bring in with you. A lot of scrutiny over my identification. I was very nervous about
making sure I had all my passport and my license and everything with me. But in terms of the actual, you know, the test itself,
which I think, you know, is the other big piece that you asked,
you know, the test itself was far more challenging
than I think I had expected it to be.
The way that the test is structured, there is no back button.
So it's a one time through and that's it.
So meaning, if we could just kind of elaborate on that a second, you select your answer choice, you click next, So it's a one time through and that's it.
So meaning we could just kind of elaborate on this.
You select your answer choice, you click next, and there's no going back to change your answer choices.
There's no going back.
So which was kind of a different experience.
I had done some practice tests and that was, you know, that was a feature that I had become accustomed to being able to kind of flag things for review later. So all I really had was a dry erase board that they provided and
a dry erase marker. And so I was able to kind of jot down a few notes and help myself kind of think
through things. I'm a really visual learner. So sometimes it's helpful for me to have that option.
learner. So sometimes it's helpful for me to have that option. But yeah, I think, you know,
the test itself, the other kind of big thing that stuck out to me is that there's often more than one answer that could be correct. And so you really have to rely on your instincts and,
you know, what you've, you know, gained during study to make the best choice possible.
So let's, we talked about exam day, let's back up.
How did you prepare?
How did you get yourself in a position to pass the test?
So you actually recommended to me
that I take the ISC squared course that had been offered.
You know, I love a deal.
So a free course is always a great option.
Sometimes you do get what you pay for, though.
So everybody is aware.
That's true.
But yeah, so the course itself, I spent a few weeks.
I really tried to make sure that I was giving myself time to absorb the material, not to cram everything in.
I am a busy working mom.
So it was definitely important to me that I,
you know, give myself digestible bits of information. But I will say, you know,
that the course itself, there's certainly a portion of it that is pretty common sense and felt really
redundant, but just familiar. I knew a lot of those kinds of, you know, the initial questions,
you know, a lot of like the physical controls types
of questions were really just common sense. But once we got into sort of the networking portion,
it definitely became more technical. So I really focused my time there. So from there,
I actually used N2K's QBank so that I could build myself practice exams that were sort of going to
replicate the time and length of the actual exam. And that I sort of worked through methodically.
So I certainly got very nervous that I wasn't going to be ready for exam day,
but kind of pushed through it. And by the time I was ready to go to the exam, I was
getting passing scores and felt like it was go time.
So Shelby, if you were talking to somebody who was gearing up for this exam, and they are just
a couple days away maybe from taking it, what would you say to them? What would be one piece
of advice that you would give them? I think, you know, for me, the tipping point was taking the first
practice exam that I had built because I realized, you know, while I was going through that, that it
was far more complicated than what had been provided through the ISC squared, you know,
portal. It just was a very different type of test. I felt, you know, quite a bit more pressure.
So I think I had gotten this like false sense of confidence after completing the prep course.
But certainly be ready for some tricky questions on the exam, regardless of how prepared you are.
So let's actually talk about that.
What happens when you get to a tricky question?
Like walk me through your process.
Yeah, I mean, I definitely encountered a few.
I think, you know encountered a few. I think
most of... Again, there's absolutely no resources in the room or there's nowhere to look or
nothing else but your own brain to solve that. And I think for most of us, that's a pretty
strange place to be. We're very used to hopping on your phone and just verifying something.
So I think the biggest thing is don't panic.
Trust yourself because oftentimes your first instinct is the right way to go. But definitely,
if you're a visual learner like me, feel free to make a few chicken scratch notes on your pad there.
Yeah. And I could also imagine too, knowing also when to bail on those type of questions is helpful because sure, you can write down whatever you want. You can do the chicken scratch on the
dry erase, but it might not trigger anything. And then you're sort of just spinning your wheels,
wasting time. So it also probably is a good idea to like know when to get out on a tough question
too, right? Absolutely. I think pacing yourself is also super important. I think, you know, I felt very comfortable with the time allotted. I ended up finishing early. But I think, you know, just the feeling of, you know, I could sit here and spin my wheels for an extra 10 minutes and I'm never going to know this answer. You know, you just have to trust yourself and push on because there's going to be plenty more questions that you can get right.
So, Shelby, I want to thank you again for joining me on Learning Layer.
So, what starts up next?
SecPlus.
SecPlus. All right, I'm going to have you back on when you pass SecPlus, okay?
Sounds great. Absolutely no pressure. I love it.
Thank you for tuning in to this segment of The Learning Layer.
If you're interested in pursuing the CC from ISC Squared or any other certification,
N2K has comprehensive practice tests to help you prepare for exam day. You get access to multiple learning tools, including custom quizzes,
flashcards, and simulated practice exams to help you walk
into test day prepared and confident. For a limited time, all N2K certification practice
tests are only $39. Visit n2k.com slash certified to find your cert. Happy studying. That's The Learning Layer with our host, Sam Meisenberg. Thank you. We're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
And finally, the UK's spy agency, GCHQ, launched its annual code-breaking challenge for schoolchildren aged 11 to 18,
aiming to keep young minds engaged during the winter break. Over 1,000 secondary schools have
enrolled in the 2023 event, which features some of the most challenging puzzles to date.
This third edition is centered around a Christmas card from Anne Keast Butler, GCHQ's director,
containing various puzzles that escalate in difficulty, testing code-breaking, math, and analytical skills.
One puzzle involves grouping nine gift tags into three sets based on a common link,
while another is a numerical brain teaser where each letter represents a different digit with solutions related to Christmas.
Besides these, the challenges include seven questions and a particularly tough maths-based bonus puzzle.
Participants are encouraged to work in teams utilizing diverse skills to solve puzzles.
The challenge also has a historical theme featuring Bletchley Park, the wartime
headquarters of GCHQ, where scientists broke the German Enigma code. A photograph from 1940 found
in codebreaker Joanne Wingfield's family album is highlighted, emphasizing GCHQ's roots in
cybersecurity and encryption and their relevance to the agency's current mission.
This year's challenge also celebrates Bletchley Park's role in hosting the AI Safety Summit.
GCHQ's Christmas challenge is like an advent calendar for the mind, but instead of chocolates,
each door opens to a puzzle that might just take until next Christmas to solve.
And that's The Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com. We'd love to know what you think of this podcast. You can email us at
cyberwire at n2k.com. We're privileged that N2K and podcasts
like the Cyber Wire are part of the daily intelligence routine of many of the most
influential leaders and operators in the public and private sector, as well as the critical
security teams supporting the Fortune 500 and many of the world's preeminent intelligence and
law enforcement agencies. N2K Strategic Workforce Intelligence
optimizes the value of your biggest investment, your people. We make you smarter about your team
while making your team smarter. Learn more at n2k.com. This episode was produced by Liz Ervin.
Our mixer is Trey Hester with original music by Elliot Peltzman. Our executive producers are
Jennifer Iben and Brandon Karp. Our executive producers are Jennifer Iben and
Brandon Carr. Our executive editor is Peter Kilby, and I'm Dave Bittner. Thanks for listening.
We'll see you back here tomorrow. Thank you. comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable
impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain
insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com.
That's ai.domo.com.