CyberWire Daily - PIVOTT Act drafts the next wave of digital defenders.
Episode Date: September 24, 2024The House Homeland Security Chair introduces a major cyber workforce bill. Google rolls out new Gmail security tools. Telegram makes a big shift in its privacy policy. Microsoft doubles down on cybers...ecurity. A Kansas water treatment facility suffers a suspected cyberattack. MoneyGram reports network outages. Kaspersky antivirus users get an automatic upgrade, maybe. North Korean IT workers infiltrate Fortune 100 companies. Gartner analysts urge cybersecurity leaders to focus on prevention, response, and recovery. In this week’s Threat Vector, host David Moulton is joined by Daniel Kendzior, Global Data & AI Security Practice Lead at Accenture, to explore the seismic shifts in cybersecurity brought about by AI technologies. A lavish lifestyle exposes the duo behind a $230M crypto scam. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of Threat Vector, host David Moulton, Director of Thought Leadership at Palo Alto Networks Unit 42, and Daniel Kendzior, Global Data & AI Security Practice Lead at Accenture, explore the seismic shifts in cybersecurity brought about by AI technologies. Join us each Thursday for a new episode of Threat Vector on the N2K CyberWire network. To hear David and Daniel’s full discussion, check it out here. Selected Reading Exclusive: House Homeland Security chair releases, pushes forth cyber workforce bill (CyberScoop) Google Announces New Gmail Security Move For Millions (Forbes) Telegram will now provide some user data to authorities (BBC) Microsoft CEO to Cyber Team: Don’t Tell Me How Great Everything Is (Bloomberg) Kansas Water Facility Switches to Manual Operations Following Cyberattack (SecurityWeek) MoneyGram says cyber incident causing network outages (The Record) Kaspersky Users in US Find Antivirus Software Automatically Replaced (Cyber Security News) Dozens of Fortune 100 companies have unwittingly hired North Korean IT workers, according to report (The Record) Zero Failure Tolerance, A Cybersecurity Myth Holding Back Organization (Infosecurity Magazine) Two men arrested one month after $230 million of cryptocurrency stolen from a single victim (Bitdefender) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
The House Homeland Security Chair introduces a major cyber workforce bill.
Google rolls out new Gmail security tools.
Telegram makes a big shift in its privacy policy.
Microsoft doubles down on cybersecurity.
A Kansas water treatment facility suffers a suspected cyber attack.
MoneyGram reports network outages.
Kaspersky antivirus users get an automatic upgrade, sort of. North Korean IT
workers infiltrate Fortune 100 companies. Gartner analysts urge cybersecurity leaders to focus on
prevention, response, and recovery. In this week's Threat Vector, host David Moulton is joined by
Daniel Kenzor, global data and AI security practice lead at Accenture. They explore the seismic shifts in cybersecurity brought about by AI technologies.
And a lavish lifestyle exposes the duo behind a $230 million crypto scam.
It's Tuesday, September 24th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing. Thanks for joining us here today. It is great to have you with us. In an exclusive for CyberScoop, Tim Starks reports that House Homeland Security Chairman Mark Green is introducing the Pivot Act of 2024,
introducing the Pivot Act of 2024, aimed at addressing the U.S. cybersecurity workforce gap by creating an ROTC-like program within the Cybersecurity and Infrastructure Security Agency.
The program will offer scholarships to students at community colleges and technical schools
in exchange for two years of public service in federal, state, or local government cyber roles.
for two years of public service in federal, state, or local government cyber roles.
The bill targets individuals who may not fit traditional four-year college paths or those seeking career changes, aiming to involve 250 students in its first year
and eventually expanding to 10,000.
Participants would engage in skills-based tasks like hackathons
and benefit from early initiation of the security clearance process.
This initiative seeks to close the cybersecurity job gap,
currently estimated at nearly half a million unfilled positions.
Green stresses the need for fresh approaches to attract and train cyber talent,
particularly amid rising cyber threats
from countries like China, Iran, and Russia.
The bill is seen as complementary
to existing programs like CyberCore
and other legislative efforts
aimed at bolstering
the federal cybersecurity workforce.
If passed, it will leverage
CISA's industry partnerships
to expand cybersecurity training
outside of traditional
degree programs. While there's no funding attached yet, Green's team emphasizes the
importance of investing in cybersecurity talent as a critical line of defense.
Co-sponsors of the bill include representatives Carlos Jimenez and Mike Ezell, with a committee
markup scheduled for Wednesday.
Google is rolling out key Gmail security improvements, powered by their Gemini AI,
for organizations of all sizes. The new Security Advisor tool will provide enterprise-grade protection to smaller businesses. It offers tailored intelligence to defend against
evolving cyber threats and delivers actionable guidance directly to IT admins' inboxes.
Security Advisor includes a security sandbox for scanning email attachments and enhanced safe browsing to detect malicious content before it reaches users.
The AI model, trained on the worst email threats, has improved Gmail's spam detection and response capabilities significantly.
Additionally, Security Advisor extends protections beyond Gmail to other Google Workspace apps,
including Chrome and Drive, offering enhanced safe browsing, data protection, and app access management
to safeguard sensitive information and prevent security risks across the platform.
Telegram has made a big shift in its privacy policy.
The messaging app has announced it will now share users' IP addresses and phone numbers with authorities if they've got a valid search warrant.
CEO Pavel Durov says this move is meant to discourage criminals from using the platform,
pointing out that while the vast majority of Telegram users are law-abiding,
it's the small fraction of bad actors giving the app a bad name.
This comes on the heels of Durov himself being arrested in France,
charged with enabling criminal activity on the platform.
Telegram's been under fire for hosting all kinds of unsavory content, from misinformation to child
abuse materials. And some critics are worried this new policy could open the door for Telegram to
cooperate with authoritarian regimes, especially in places where dissidents rely on the app. Telegram says it's
beefing up content moderation with AI, but experts are already questioning whether this will satisfy
European regulators. Durov's announcement has left many wondering how far Telegram is willing to go
and if it's still a safe space for free speech. Microsoft says they're doubling down on cybersecurity
after some recent high-profile hacks shook things up.
They've brought in new leadership with some serious credentials
like Timothy Langen, a 26-year FBI veteran,
and Sean Bowen, who used to head up cybersecurity for the Marine Corps.
And they're not stopping there.
Internal leaders like Azure's CTO Mark Racinovich
are stepping into new deputy CISO roles as part of a 13-member team.
Microsoft now has 34,000 engineers working full-time on security,
all part of their Secure Future initiative,
the biggest revamp of their security practices in over 20 years.
And CEO Satya Nadella?
He's making sure security comes first, even before new product features.
He's set up weekly meetings with his top brass to tackle the tough issues head-on.
His message is clear.
Fix the problems, don't just tell me how great things are.
One challenge is balancing security with the constant pressure to innovate, especially in AI.
Recently, Microsoft's AI team rolled out a new feature called Recall,
which had to be pulled back after raising red flags with security experts.
But Microsoft says they're learning from these stumbles,
tightening up their processes so
teams can launch features securely. The bottom line? Nadella wants Microsoft focused on solutions,
not excuses. It's a serious shift for the company, and it seems they're all in on making sure they're
ready to defend against the next big cyber threat. Arkansas City in Kansas switched its water treatment facility
to manual operations after a suspected cyber attack on September 22nd. The incident did not
affect the water supply or disrupt services, and the city manager reassured residents that the
water remained safe. Authorities were notified and cybersecurity experts are
working to resolve the issue and restore normal operations. Details are limited, but the facility
may have been targeted by a ransomware attack, prompting precautionary shutdowns to protect the
systems. Enhanced security measures have been put in place. MoneyGram, the digital payment giant, is experiencing network
outages following a cybersecurity incident. Users began reporting service disruptions on Friday,
and by Monday, the company confirmed a security issue had led to systems being taken offline for
investigation. MoneyGram is working with external cybersecurity experts and law enforcement
to address the problem, though it hasn't confirmed if a ransomware attack is involved.
The company's services remain offline, including its website, affecting customers globally,
particularly in the Caribbean and Mexico. The Bank of Jamaica reported that remittance services using MoneyGram in Jamaica are also down.
MoneyGram, which handles over $200 billion in transactions across 200 countries annually, say they're working to restore operations.
Ransomware attacks on financial services have surged recently, targeting firms to pressure quick payouts due to customer reliance.
MoneyGram was acquired by Madison Dearborn Partners in 2023.
Users of Kaspersky antivirus in the U.S. woke up to find their software swapped out for something new, Ultra AV.
This change comes after the U.S. Department of Commerce banned Kaspersky's products over national security concerns.
Kaspersky partnered with Ultra AV to make sure there's no gap in protection,
and the switch happened automatically through a software update on September 19th.
Ultra AV brings similar features like antivirus, VPN, password manager, and identity theft protection. However, many users
were caught off guard, with some voicing concerns online about the lack of notification and the fact
that Ultra AV is relatively unknown. There's been chatter about the new product's limited track
record, and users are understandably hesitant. Kaspersky assures customers that their subscriptions
are still valid and that Ultra AV will keep their system secure. But the sudden shift has
definitely raised eyebrows, with about 1 million U.S. users affected by the transition.
A recent report from Google's Mandiant unit reveals that dozens of Fortune 100 companies
have unknowingly hired North Korean IT workers using fake identities.
These workers, part of a scheme known as UNC-5267,
are sent by the North Korean government to earn multiple salaries while gaining access to U.S. tech firms.
This access could be exploited for cyberattacks
or inserting malicious code. The scheme involves U.S.-based laptop farms, where remote technology
enables workers to operate from China or Russia. Some American operators have been charged for
facilitating the scam, which generated millions for North Korea. Mandian urges companies
to implement stricter hiring protocols, such as verifying worker identities and laptop locations.
The North Korean IT workers are thought to funnel their earnings to the regime's weapons programs.
The U.S. has responded by seizing assets, shutting down domains, and issuing sanctions on entities tied
to the scheme. At the recent Gartner Risk and Security Summit, analysts Akif Khan and Christopher
Mixter urged cybersecurity leaders to move beyond a zero-tolerance-for-failure approach
and embrace a balanced focus on prevention, response, and recovery.
While prevention remains essential, they argued that organizations have underinvested in response
and recovery, leaving them vulnerable. Cyber attacks are inevitable, and prioritizing response
and recovery is crucial for long-term success. The analysts outlined three key areas for development,
shifting away from a zero-failure mindset,
implementing a minimum effective toolset
to streamline cybersecurity tools,
and building a resilient workforce
with strong self-care and mental health support.
They stress that as AI technology evolves,
preventing every attack is impossible, making adaptation critical.
Gartner also emphasized the importance of managing third-party vendor risk, suggesting formal contingency plans for vendor incidents.
Lastly, they encouraged organizations to value failure as a learning tool, promoting resilience as a key competency in cybersecurity.
Coming up after the break on this week's Threat Vector,
David Moulton speaks with Daniel Kenzor,
Global Data and AI Security Practice Lead at Accenture.
Stay with us.
Do you know the status of your compliance controls right now?
Like, right now?
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to
evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize key
workflows like policies, access reviews, and reporting, and helps you get security questionnaires
done five times faster with AI. Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact, over one
third of new members discover they've already been breached. Protect your executives and their
families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
On this week's Threat Vector podcast,
host David Moulton is joined by Daniel Kenzor,
Global Data and AI Security Practice Lead at Accenture. They explore the seismic shifts in cybersecurity
brought about by AI technologies. I think they should take away that, again,
security orgs really can and should lead and innovate in this space. We should identify
areas where you can help drive better risk reduction but enablement of your business
and do so defining what those guardrails should look like,
so the rest of the business can then follow in your footsteps in a very secure and responsible manner.
Let's lead for the front and really help our businesses adopt wherever we can.
Welcome to ThreatFactor, the Palo Alto Network's podcast where we discuss pressing cybersecurity threats and resilience and uncover insights into the latest industry trends.
I'm your host, David Moulton, Director of Thought Leadership.
Today, I'm thrilled to be joined by Daniel Kinzar, the Global Data and AI Security Practice Lead at Accenture and a Managing Director.
Daniel brings an impressive wealth of experience in cybersecurity strategy and architecture, particularly in orchestrating large-scale information security transformations across global organizations.
Today's topic is incredibly timely and significant, securing the Gen AI transformation journey.
Here's our conversation.
Daniel Kinjar, welcome to ThreatVector.
I've been looking forward to recording this episode with you.
Likewise, David, Happy to be here.
We've been well over 18 months into the broad and rapid proliferation of AI technologies across the industry, as well as cases.
How is the cybersecurity space impacted by AI?
It's been tremendous. I mean, if I just look at since Chetch EPT kind of entered the public domain, we're really seeing kind of two or three very large transitions occur, right?
end of 2022, which is very significant, right?
And it's hard to tie that all specifically to AI or things like that.
But along the same timeline with all this going on from a security perspective, very impactful.
The rise of phishing attacks, we're seeing almost a 1300% increase since ChatGP3 launched.
And in that same time, cyber defenders are really trying to figure out how do we take all these really
exciting LLMs and exciting plugins and all this AI technology that's hitting the market
and figure out how do we leverage it for improving cybersecurity operations, right?
So making our jobs faster, a little bit easier, allowing us to really spend time on the things
that are as exciting and is adding to risk reduction for the organization.
And so that's kind of the backdrop. And then on top of that, you obviously have a very evolving
regulatory landscape, right? And so all businesses are really trying to understand, you know, what
things like the EUI Act are really going to mean for them, you know, try and follow along these
different other federal, state, local government
draft regulations that are going on and trying to figure out, you know, how do we stitch
all these three things together?
So, you know, if you're a chief information security officer or chief digital officer
or things like that, it's a lot to juggle all at once, but just a super exciting time
for the industry from my perspective.
So as organizations embark on their AI transformation
journeys, what should they consider to maintain trust, security, and resilience?
I think it's such an interesting time for security to really lead, right? And let me explain that in
a little bit more detail. You know, when we look at the journey to cloud, it wasn't necessarily the
best day for the security industry as a whole.
By and large, security kind of struggled to keep pace with the aspiration of some of our technology counterparts, some of our business counterparts for sure.
And so from a chief information security officer's seat, right, or security operations teams, location, etc.
This is a great time to really say, hey, we're going to take this new technology
and we're going to be a first adopter.
And in doing so, we're going to identify areas
where we're going to add value to our own operations.
But we're going to do that by adding the security guardrails
in real time.
At the end of a couple sprints of innovation
or experimentation or whatever it is,
we not only have shown the business
how we can be more effective, more efficient, etc.,
but we've also paved the way for the guardrails
that the rest of the organization should be leveraging.
So things like AI firewalls,
things like being able to do proper assessments
of the use cases that you're conducting with AI
and creating those initial inventories
and the frameworks and everything
that the rest of the organization
can really kind of draft after.
And so when you kind of start with, how do we do innovation at pace?
How do we put the guardrails in place?
And then how do we start to also leverage all these other components about AI that are
super important from a governance perspective?
So things like responsible AI, right?
So how do we make sure that we're being very thoughtful,
limiting, let's say, toxic behavior, toxic speech,
bias, inserting trust into these different workloads.
Those are all things that security can demonstrate
to the rest of the organization.
And rather than let them start to kind of go down a path
and then say, okay, great,
this is what you really need to think about.
This is a great opportunity just to lead from the front and really make it baked in from day one.
And in that way, I think security will really be an enabler on these AI transformations.
Thanks for listening to this segment of the Threat Vector podcast.
If you want to hear the whole conversation, you can find the show in your podcast player.
Just search for Threat Vector by Palo Alto Networks.
Each week, I interview leaders from across our industry and from Palo Alto Networks to get their insights on cybersecurity, the threat landscape, and the constant changes we face.
See you there.
Be sure to check out the Complete Threat Vector podcast
wherever you get your favorite podcasts
and right here on the N2K Cyber Wire podcast network.
Thank you. worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep
your company safe and compliant.
And finally, two young men, Malone Lamb, also known online as Anne Hathaway, and Jean-Diel Serrano, also known as Versace God and Skid Star,
were arrested by the FBI for allegedly pulling off a cryptocurrency heist worth a staggering $230 million.
The dynamic duo, aged 20 and 21, are accused of stealing 3,100 Bitcoin from a Washington, D.C. victim back in August.
stealing 3,100 Bitcoin from a Washington, D.C. victim back in August.
Their scam?
Posing as Google support with a spoofed phone number,
tricking their victim into sharing their screen and snagging the private keys to their cryptocurrency wallet.
They even managed to convince the victim to reset their two-factor authentication,
giving them full control of the wallet.
But their plot to launder the funds
via VPNs, peel chains, and pass-through wallets didn't go as smoothly as planned.
Their operational security was, well, let's say less Ocean's Eleven and more amateur hour.
Cryptocurrency investigator ZachXBT revealed their sloppy behavior,
including allegedly recording themselves on a group chat during the heist.
The pair didn't exactly lay low, either.
They lived lavishly, throwing down half a million dollars on nights out,
gifting random ladies designer handbags, and handing out pink Lamborghinis like party favors.
Apparently, though, splurging on Birkin bags and endless champagne didn't help Mr. Lamb's love life.
Despite their extravagant spending and efforts to hide their tracks,
the FBI was quick to catch up with them.
It turns out stealing a quarter of a billion dollars isn't as easy as it looks.
And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing
at thecyberwire.com. We'd love to know what you think of this podcast. Your feedback ensures we
deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
We're privileged that N2K CyberWire is part of the daily routine of the most influential leaders
and operators in the public and private sector
from the Fortune 500 to
many of the world's preeminent intelligence
and law enforcement agencies.
N2K makes it easy for companies
to optimize your biggest investment,
your people. We make you smarter
about your teams while making your teams
smarter. Learn how at
N2K dotcom. This episode was
produced by Liz Stokes. Our mixer is Trey Hester with original music and sound design by Elliot
Peltzman. Our executive producer is Jennifer Iben. Our executive editor is Brandon Karp. Simone
Petrella is our president. Peter Kilby is our publisher. And I'm Dave Bittner. Thanks for
listening. We'll see you back here tomorrow. Thank you. AI and data products platform comes in. With Domo, you can channel AI and data
into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare,
and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps
tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.