CyberWire Daily - Patient portals down, ransomware up.
Episode Date: October 11, 2024A Colorado health system’s patient portal has been compromised. Malicious uploads to open-source repositories surge over the past year. Octo2 malware targets Android devices. A critical vulnerabilit...y in Veeam Backup & Replication software is being exploited. The U.S. and U.K. team up for kids online safety. The European Council adopts the Cyber Resilience Act. New York State adopts new cyber regulations for hospitals. The FBI created its own cryptocurrency to help thwart fraudsters. Our guest Dr. Bilyana Lilly joins us to talk about her new novel "Digital Mindhunters." Getting dumped via AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest Dr. Bilyana Lilly joins us to talk about her new novel "Digital Mindhunters." Selected Reading Cyberattack targets healthcare nonprofit overseeing 13 Colorado facilities (The Record) Malicious packages in open-source repositories are surging (CyberScoop) Octo2 Malware Uses Fake NordVPN, Chrome Apps to Infect Android Devices (HackRead) Hackers Exploiting Veeam RCE Vulnerability to Deploy Ransomware (Cybersecuritynews) Britain, US set up working group to improve children’s online safety (Reuters) European Council Adopts Cyber Resilience Act (BankInfoSecurity) New York State Enacts New Cyber Requirements for Hospitals (BankInfoSecurity) FBI created a crypto token so it could watch it being abused (The Register) Man learns he’s being dumped via “dystopian” AI summary of texts (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
A Colorado health system's patient portal has been compromised.
Malicious uploads to open source repositories surge over the past year.
Octo2 malware targets Android devices.
A critical vulnerability in Veeam backup and replication software is being actively exploited.
The U.S. and U.K. team up for kids' online safety.
The European Council adopts the Cyber Resilience Act.
New York State adopts new cyber regulations for hospitals.
The FBI created its own cryptocurrency to help thwart fraudsters.
Our guest, Dr. Biliana Lilly, joins us to talk about her new novel, Digital Mindhunters.
And getting dumped via AI.
It's Friday, October 11th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing. briefing. Happy Friday and thanks for joining us here today. It is great to have you with us.
A recent cyber attack on Colorado's Axis Health System has compromised the patient portal used for communication with health care providers. The nonprofit, which runs 13 facilities across
southwest and western Colorado, confirmed the breach but provided limited details.
Officials stated they are still investigating and will notify patients if their data is affected.
Currently, the patient portal remains offline,
with patients urged to contact clinics directly. The Ryceda ransomware gang has claimed responsibility,
demanding over $1.5 million. This group is notorious for targeting hospitals and government
entities with previous attacks on prospect medical hospitals and the governments of Columbus, Ohio
and Seattle, Washington. On the same day, security firm Census released a report warning about the
dangers healthcare organizations face from internet-exposed devices. Census identified
over 14,000 IP addresses tied to healthcare systems, potentially exposing sensitive medical data.
Nearly half of these devices are based in the U.S., with India also heavily affected.
The report highlighted the risks posed by exposing systems like servers handling medical images
and electronic health record systems. Census warned that health care providers, particularly radiology and
pathology services, often prioritize accessibility over security, making them vulnerable. The firm
urged organizations to implement stricter security measures, including multi-factor
authentication and proper access controls, to reduce risks of unauthorized access.
access controls to reduce risks of unauthorized access.
A new report from Sonotype reveals a 150% surge in malicious packages uploaded to open-source repositories over the past year. Open-source software, a foundation of modern digital
technologies, allows nearly anyone to contribute to its code. Sonotype analyzed over 7 million open-source projects
and found more than half a million contained malicious packages.
The report highlights the growing vulnerabilities within the open-source ecosystem
worsened by developers prioritizing rapid feature releases over security.
Fixing critical vulnerabilities now takes up to 500 days
compared to 200 to 250 days in the past. Even major bugs like Log4Shell continue to be downloaded,
with 13% of Log4J downloads still using vulnerable versions. Sonotype warns that
the open-source supply chain is struggling to keep up with the increasing number of security issues.
Octo2, a new variant of the Octo malware family, is targeting Android devices by posing as popular apps like NordVPN and Google Chrome.
Researchers at Domain Tools report that Octo2 uses advanced techniques to evade detection,
steal credentials, and enable remote access to infected devices. It features improved remote access capabilities and advanced anti-analysis and anti-detection techniques,
making it harder to detect and neutralize.
Octo2 also uses a domain generation algorithm to create dynamic command
and control server addresses, increasing its resilience against security takedowns.
Early samples have been found in Europe, but global spread is expected. The malware spreads
via a dropper called Zombinder, which disguises malicious payloads as legitimate apps. Domain Tools urges
caution when downloading apps and emphasizes the importance of threat intelligence and security
monitoring. A critical vulnerability in Veeam backup and replication software is being exploited
by hackers to deploy ransomware, including Fog and Akira variants. The flaw
allows unauthenticated remote code execution, enabling attackers to create unauthorized
accounts and gain privileged access. Attackers initially gained access through compromised VPN
gateways without multi-factor authentication. Sophos reported several attacks over the past month, highlighting the need for
patching, updating outdated VPNs, and implementing strong security measures. Veeam has released a
patch, and administrators are urged to apply it immediately. The U.S. and Britain have launched
a joint working group to improve children's online safety.
U.S. Commerce Secretary Gina Raimondo and British Science and Technology Minister Peter Kyle urged tech platforms like Instagram and Snapchat to enhance protections for children.
Social media's impact on youth, especially related to body image and mental health,
has raised significant concerns.
Studies show platforms like Snapchat and Meta's services are frequently used in child abuse crimes.
The group aims to increase scrutiny and strengthen regulations,
aligning with ongoing efforts in both countries. In the U.S., two key bills, COPPA 2.0 and COSA, await approval,
U.S., two key bills, COPPA 2.0 and COSA, await approval, while Britain's Online Safety Act,
set for 2024, will impose strict rules on content access for minors and enforce penalties for non-compliance. The European Council has adopted the Cyber Resilience Act, mandating security by
design measures for connected devices in the EU.
Manufacturers must now meet essential cybersecurity requirements, including conducting risk
assessments, ensuring data protection, and swiftly patching vulnerabilities. The regulation requires
vendors to notify the EU of actively exploited vulnerabilities within 24 hours. Products that comply will bear a
CE marking, while non-compliance could result in fines of up to 15 million euros or 2.5% of global
turnover. Despite criticism from security experts and industry stakeholders who argue the act may
aid hackers or disrupt supply chains, EU regulators believe
it will simplify compliance and streamline product distribution across the bloc. The
legislation will take effect after a 36-month transition period. New York State now requires
general hospitals to report material cybersecurity incidents, such as ransomware attacks, to the
state's health department within 72 hours under new regulations effective as of October 2nd.
Hospitals must also comply with additional mandates by October 2025, including appointing
a chief information security officer, conducting annual security risk assessments, implementing
multi-factor authentication, and establishing a comprehensive cybersecurity program. The
regulations aim to enhance patient care continuity and protect hospital operations from cyber attacks.
Non-compliance may result in penalties, though the focus is on providing resources to protect against cyber threats.
New York has allocated $500 million to assist hospitals in meeting the requirements.
The regulations come as the healthcare sector faces an increasing number of cyber attacks,
with hospitals bearing the brunt of these incidents, affecting patient data and hospital
functions. Federal regulators are also working on updates to the HIPAA security rule.
The FBI created its own cryptocurrency, NextFundAI,
to monitor suspected fraudsters in a cryptocurrency market manipulation scheme.
This Ethereum-based token allowed the FBI to observe fraudulent activities,
leading to arrests in the UK, Portugal, and Texas. The Department of Justice charged 18
individuals with fraud and manipulation, particularly for using wash trades to
falsely inflate trade volumes, a tactic commonly used in pump-and-dump schemes.
One organization involved misled investors about its token's market stability and regulatory
approval while secretly profiting from manipulation.
The FBI's cryptocurrency operation helped expose these fraudulent activities.
The SEC has also filed charges against five promoters,
warning investors of the ongoing risks in crypto markets.
Four defendants have already pled guilty, with one more intending to do so.
Before we head into our break, I want to share a programming note.
Our team will not be publishing on Monday, October 14th, in observance of the U.S. holiday Indigenous Peoples Day.
We will offer a special edition Solution Spotlight episode of N2K's Simone Petrella speaking with ISC2's Andy Woolnow
with a detailed look at ISC2's 2024 Cybersecurity
Workforce Study. The CyberWire Daily podcast will return on Tuesday. Coming up next, my conversation
with Dr. Biliana Lilly about her new novel, Digital Mindhunters. We'll be right back. Do you know the status of your compliance controls right now? Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, Thank you. Security questionnaires done five times faster with AI. Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact, over one
third of new members discover they've already been breached. Protect your executives and their
families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
Dr. Biliana Lili is a CEO and well-respected cybersecurity advisor.
She is also author of the new novel,
Digital Mindhunters.
I sat down with Dr. Biliana Lili
to discuss the new book.
I've written quite a few articles, blog posts, and I have two academic books already.
And the process of writing them and the publication and then discussion about them,
they have been very rewarding. And it's great to discuss with colleagues information that I have found and arguments around the evidence. But those books were very fact-based and the process is very
constraining. And for a good reason. We're analyzing policy, we're analyzing threats,
we have to be precise, we have to be accurate. But I wanted to try to write something where
I have more power over my creative control. And I wanted to try to write something where I have more power over my creative control.
And I wanted to write something that's wild and fun and entertaining.
And I wanted to educate but also entertain.
Well, describe the book for us.
What's the story?
So the story, oh, there's so many.
And I don't really want to give all of it away.
But the plot is about a strong, very defiant female protagonist who is also an immigrant and a researcher in cybersecurity and defense.
Sounds familiar.
Yes.
It does.
Well, we write about what we know, right?
And our own experiences.
So, yes, she is partially based on me
and so are a lot of her stories.
But there are also fictional parts.
And through her experiences,
I wanted to show the main aspects of cyber warfare.
Because we talk about them
and we talk about trends and number of attacks
and the cost that those attacks have caused
and disinformation and deepfakes.
But stories are so much more impactful than statistics. So I took the story of that female character alongside with a great hacker sidekick and sinister villains and their explosions
and poisoning attempts and a lot of other fun stuff in the book or exciting stuff in the book.
But I also wanted to base that in accurate trends
and use the book to portray and bring hopefully the message a little more in a more powerful way
that we are in a time of very serious cyber threats and we're facing a lot of challenges
in cyberspace. And a lot of us who are not only cyber experts,
but a lot of us could be targets
of certain cyber operations and disinformation campaigns.
And we can also be tools in someone else's cyber warfare
without even knowing it.
Is there an educational component here?
Is this a book that I could give to my friends
to give them some insights on this world of cyber warfare?
Absolutely. The types of cyber operations in the book are pretty realistic. Even in the
acknowledgments, I thank a few of my friends who helped me through some of the story to bring
the technical details. The types of operations, the types of behavior of different agencies,
The types of operations, the types of behavior of different agencies, specifically Russian and Chinese, are also grounded in Russian and Chinese doctrine.
So those operations, although some of them haven't happened, are very close to reality. So, yes, the book can definitely serve as a great gift for any employer during Cybersecurity Awareness Month or Christmas.
or any employer during Cybersecurity Awareness Month or Christmas,
if you would like to entertain and educate,
I think that hopefully, and I hope the community will respond positively to it,
but this was the goal of the book.
Tell us about your journey as an author here.
I mean, to take your area of expertise, but then to turn it into a compelling and entertaining story.
Was there ever a time when you thought, oh my goodness, what have I gotten myself into? Or
was it pretty smooth sailing along the way? Oh, it was terrible.
Not at all smooth, very stormy. But I would say it was the stormiest for my friends who had to suffer through the first draft of this book
including brandon who read one of the the i i really want to give him a shout out and thank
him and also matt swish daryl blocker and a few others who read through the entire book when it
wasn't yet in its in its in its final shape and brand for example, suffered through a lot of chapters with very
technical lectures about Chinese information warfare and their cognitive doctrine, which
afterwards, when I spoke with my editor, he said, Biljana, no one cares. This is too boring and too
educational. Cut it off. So I cut it off. Is that a textbook?
Exactly. So like, Biljana, leave that for the next book, academic book, but write this in a more action-packed way, focus on the character.
So you still have the realistic stories and how the actors will behave.
But what I learned from my editor, and I love this, he said, don't tell them, show them.
Give us some insights on your own background that informed the writing of the book here.
I mean, you have quite an extensive background when it comes to cyber warfare.
Thank you, Dave.
Yeah, the story of the character is very unusual and so is mine.
Like a lot of members of our community, I almost stumbled upon the field.
I didn't wake up one day when I was in high school saying, oh, I want to be a cybersecurity expert.
I initially worked for the Red Cross. I was in high school saying, oh, I want to be a cybersecurity expert. I initially worked for the
Red Cross. I was a painter. I was into martial arts and I thought I wanted to be an architect.
But then I ended up one summer in Kosovo for a summer school and I saw the devastating impact
of a war on a country. And I thought there was nothing more important to me than preserving peace. So I went into conflict
resolution. I worked at the United Nations for a while. I wrote my first publication on nuclear
terrorism originating from Russia and the likelihood of that. And from there, I worked on
missile defense. And that brought me to Oxford. I got a scholarship. I did my master's there.
And then I came to the U.S.
And I initially thought I'm going to continue down that path. I'm going to work on
hardcore security issues, traditional security issues. But then I saw in 2016 how the U.S.
responded to Russia's interference in our election process. And I realized that the new type of warfare that powerful countries like the U.S.,
powerful democracies are going to face is not necessarily the traditional types of war. It is
the warfare in cyberspace that could be fought during what was still called
peacetime. That's why I decided to write it. So what's next here? Should we wait for the movie version?
Is this going to be a Netflix special?
Or do you have another book in mind?
I would love to see this in some sort of movie or series.
Yes, I hope that that happens.
I look forward to seeing how the community will receive the book.
that that happens. I look forward to seeing how the community will receive the book. I just had the first 250 copies distributed to the participants of Nexus last week. So it's still very new.
Yeah, I'd love to see this in an HBO series or Netflix series. I think there is a lot of
material for that. And with regards to next steps, I'm not sure. Oh, one thing I know for sure, I'm starting a little writing group around Washington, D.C., and we have even some of your wonderful colleagues are joining us, especially.
Yes, a small group of individuals who are in cybersecurity or the intelligence community or former members of the intelligence community who can write creative narratives.
So I'll try to hopefully have a second book in the next year or two.
You mentioned at the core of this story is a strong female protagonist. How important was it for you to be able to
show that side of things, to have that be a role model for young women coming up in the industry?
Yeah, thank you for asking. That's exactly why I made Riley the protagonist. We are in a male
dominated field. That's very clear. And although I can't really complain, I've had amazing mentors.
I have been very lucky. I think I have proven myself as an expert in my field.
But I know that there's still stigma that exists and there is still this discomfort with,
are females equally capable? And yes, they are. And I want to show through this book that that's the
case. So one of the things that struck me as I was reading the book is that the writing expands
beyond just the effects of cybersecurity itself. It shows how these things can expand into the
real world, how some of our adversaries are using these playbooks to try to
make those sorts of things happen. Absolutely, Dave, you're 100% correct. And there are various
ways through which specific risks in cyberspace or operations in cyberspace can have physical
and even at times lethal effects. For example, for disruptive cyber operations on a critical infrastructure facility,
or even we just discussed how Israel has conducted certain operations that have led to
exploding pagers. So that's a very good recent example. But also other examples that we've had
in recent years is of disinformation narratives that have radicalized individuals
and prompted them to violence against, for example, 5G towers in Canada and the UK.
Maybe you even remember the Pizzagate conspiracy where an individual from North Carolina actually
walked into a pizzeria in Washington, D.C. with a rifle, pointed the rifle at one of the workers
and actually fired. So we have those examples. And I think it's very important to remember that
threats in our digital space can have physical effects because our adversaries are actively
exploiting those opportunities and those vulnerabilities. All right. Well, the book is titled Digital Mind Hunters, and Dr. Biliana Lili is the author.
Thank you so much for joining us.
Thank you for having me, Dave.
Our thanks to Dr. Biliana Lili for joining us.
You can find a link to Biliana's book, Digital Mind Hunters, in our show notes. Cyber threats are evolving every second and staying ahead is more
than just a challenge. It's a necessity. That's why we're thrilled to partner with ThreatLocker,
the cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions
designed to give you total control,
stopping unauthorized applications,
securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today
to see how a default deny approach
can keep your company safe and compliant.
And finally, our Lonely Hearts desk
shares the story of New York-based software developer Nick Spreen received a message summary from the Apple Intelligence feature
that distilled several breakup texts from his girlfriend into a blunt AI-penned notification.
No longer in a relationship. Wants belongings from the apartment.
Ouch. Spreen shared the AI-generated breakup cliff notes in a viral tweet on ex-Twitter,
humorously captioning it for anyone curious about how an AI summarizes a breakup text.
Yes, it happened on his birthday, and yes, the summary was eerily accurate, as Spreen confirmed.
While the AI's unemotional delivery might sound dystopian,
Spreen admitted it softened the blow a bit,
making the moment feel surreal,
like a personal assistant delivering bad news
while keeping things professional.
Who knew AI could be so emotionally detached,
yet helpful.
And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
Be sure to check out this weekend's Research Saturday and my conversation with Trevor Hillegoss,
Vice President of SpyCloud Labs.
We're discussing the growing threat of ransomware and the pivotal role
of InfoStealer malware in enabling these attacks. That's Research Saturday. Check it out.
We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that
keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show,
please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
We're privileged that N2K Cyber Wire is part of the daily routine of the most influential leaders and operators in the public and private sector,
from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people. We make you
smarter about your teams while making your team smarter. Learn how at n2k.com. This episode was
produced by Liz Stokes. Our mixer is Trey Hester with original music and sound design by Elliot
Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karp.
Simone Petrella is our president.
Peter Kilby is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here next week. Thank you. into innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.