CyberWire Daily - Ransomware strikes a nerve.
Episode Date: August 1, 2024The U.S. blood supply is under pressure from a ransomware attack. CrowdStrike shareholders sue the company. There’s a critical vulnerability in Bitdefender’s GravityZone Update Server. BingoMod RA...T targets Android users. Hackers use Google Ads to trick users into a fake Google Authenticator app. Western Sydney University confirms a major data breach. Marylands leads the way in gift card scam prevention. NSA is all-in on AI. My guest is David Moulton, host of Palo Alto Networks' podcast Threat Vector. Attention marketers: AI isn’t the buzzword you think it is. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest David Moulton, host of Palo Alto Networks' podcast Threat Vector and Director of Thought Leadership, discussing the evolution of his show and what we can expect to see coming next. You can catch the latest episode of Threat Vector where David welcomes Palo Alto Networks Founder and CTO Nir Zuk here. Selected Reading Ransomware attack on major US blood center prompts hundreds of hospitals to implement shortage protocols (The Record) CrowdStrike sued by shareholders over global outage (BBC) Bitdefender Flaw Let Attackers Trigger Server-Side Request Forgery Attacks (GB Hackers) BingoMod Android RAT Wipes Devices After Stealing Money (SecurityWeek) Google being impersonated on Google Ads by scammers peddling fake Authenticator (Cybernews) Western Sydney University reveals full scope of January data breach (Cyber Daily) Maryland becomes first state to pass law against gift card draining (CBS News) More than 7,000 NSA analysts are using generative AI tools, director says (Defense One) Study Finds Consumers Are Actively Turned Off by Products That Use AI (Futurism) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
The U.S. blood supply is under pressure from a ransomware attack.
CrowdStrike shareholders sue the company.
There's a critical vulnerability in Bitdefender's Gravity Zone update server.
Bingo mod rat targets Android users.
Hackers use Google Ads to trick users into a fake Google Authenticator app.
Western Sydney University confirms a major data breach.
Maryland leads the way in gift card scam prevention.
NSA is all in on AI. My guest is David Moulton, host of Palo Alto Network's podcast,
Threat Vector. And attention marketers, AI isn't the buzzword you think it is.
It's Thursday, August 1st, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing. Thanks for joining us here again. It is great to have you with us.
One of the largest blood centers in the U.S., OneBlood, is operating at reduced capacity due to a ransomware attack that's disrupted part of its systems. The nonprofit serving healthcare
facilities across the southeastern U.S.
announced that the attack has impacted
their ability to operate efficiently.
They've implemented manual processes
which take longer and affect inventory availability
and have urged hospitals
to activate critical blood shortage protocols.
Despite these challenges,
OneBlood continues to collect,
test, and distribute blood with assistance from cybersecurity experts and federal and state
officials. There is an urgent call for O-positive, O-negative, and platelet donations, although all
blood types are needed. The attack on OneBlood follows a similar incident in the UK, where the
Synovus Pathology Service provider was attacked by the Queelan ransomware gang, severely impacting the National Health Service and leading to the cancellation of critical surgeries and urgent calls for blood donations.
South Africa's National Lab Service was also recently attacked, affecting efforts to manage MPOC's HIV and tuberculosis.
attacked, affecting efforts to manage MPOC's HIV and tuberculosis.
CrowdStrike is facing a lawsuit from its shareholders following the disastrous software update that crashed over 8 million computers worldwide. The shareholders accused the
cybersecurity firm of making false and misleading statements about its software testing procedures.
The incident led to a 32% drop in CrowdStrike's share price,
wiping out $25 billion in market value over 12 days.
The company has denied the allegations
and plans to defend itself
in the proposed class action lawsuit.
The outage, which began on July 19th,
severely affected businesses,
including airlines, banks, and hospitals.
As of July 29th, CrowdStrike announced that the issues had been resolved.
The lawsuit, filed in federal court in Austin, Texas,
alleges that executives misled investors about the adequacy of software testing.
Delta Airlines reported a $500 million loss due to the disruption
and is considering seeking compensation
from CrowdStrike. The company blames the incident on a bug in the update process and promises better
testing and checks to prevent future problems. A critical vulnerability has been discovered in
Bitdefender's Gravity Zone update server, raising significant security concerns. The flaw allows server-side
request forgery attacks, potentially compromising sensitive data. With a CVSS score of 9.2,
the vulnerability is critical, being remotely accessible, requiring high attack complexity,
and not needing authentication or user interaction. The issue arises from a verbose error handling problem within the server's proxy service,
allowing attackers to manipulate server requests and possibly gain unauthorized access.
Security researcher Nicholas Verdier identified and reported this vulnerability.
Bitdefender has quickly released a fix, urging users to update immediately to prevent exploitation.
A newly identified remote-access trojan called BingoMod is targeting Android users to steal information and facilitate account takeover, according to Cleafy.
Unlike known malware families, BingoMod enables attackers to initiate unauthorized money transfers
by performing on-device fraud bypassing security measures.
The malware steals user information such as SMS messages and credentials,
performs overlay attacks, and offers remote access via VNC-like functionality.
Likely developed by Romanian speakers, it targets devices in English,
Romanian, and Italian. BingoMod is distributed through smishing, posing as a legitimate
antivirus application. Once installed, it requests accessibility services permissions,
locking users out while executing its payload. It logs keystrokes, intercepts SMS messages,
and allows approximately 40 remote operations.
Notably, it can send SMS messages from infected devices to spread further
and includes a device wiping feature after fraudulent transactions.
The malware is in active development,
experimenting with obfuscation techniques to evade detection.
Hackers are exploiting Google Ads by impersonating Google to trick users into downloading malware
disguised as Google Authenticator from GitHub. According to researchers from Malwarebytes Labs,
these malicious ads appear official and verified by Google, targeting users searching for Google Authenticator, a popular multi-factor authentication tool.
The ads redirect users to fake websites that offer a malicious Authenticator.exe file hosted on GitHub.
Once installed, the malware, known as DeerStealer, exfiltrates personal data. The fraudulent ads show the official Google website
but are linked to Larry Mar, a fake account verified by Google.
The scam involves multiple redirects through domains controlled by the attackers,
eventually leading to the fake authenticator's site.
Hosting the malware on GitHub allows the threat actors to leverage a trusted platform.
The report from Malwarebytes highlights the irony of users being compromised Posting the malware on GitHub allows the threat actors to leverage a trusted platform.
The report from Malwarebytes highlights the irony of users being compromised while trying to improve security and advises against downloading software via ads.
Australia's Western Sydney University has confirmed a significant data breach
with a hacker accessing its Microsoft Office 365 environment and Isilon
storage platform. The breach lasted from July 9, 2023 through March 16, 2024, during which 580
terabytes of data were exfiltrated from 83 directories. In January, the university discovered
the unauthorized access and notified 7,500 affected individuals.
Compromised data included student IDs, personal information, and sensitive workplace details.
While no evidence suggests the data has been published or threatened online, the university continues to monitor the dark web for signs of exposure.
to monitor the dark web for signs of exposure. In a July 31 update, WSU stated there is no indication the breach extends beyond its Office 365 and Isilon environments.
Maryland is the first state to pass a law targeting gift card scams with the Gift Card
Scams Prevention Act of 2024, signed by Governor Wes Moore.
The law requires gift cards sold in stores to be securely packaged to prevent thieves from accessing card numbers.
Merchants selling gift cards online must register with the Attorney General's Division of Consumer Protection
and train employees to detect fraud.
Gift card scams have caused significant losses, totaling $228 million
in 2023, as thieves drain card balances before returning them to stores. Without secure packaging,
gift card funds are vulnerable because thieves can easily access barcodes and pins.
The U.S. Department of Homeland Security has established a task force to combat this growing issue.
Over the past year, over 7,000 NSA analysts have started using generative AI tools for intelligence, cybersecurity, and business workflows, according to agency director General Timothy Hogg.
The NSA is focusing on a few promising AI projects while encouraging
experimentation with others. The agency's AI Security Center has been successful in identifying
vulnerabilities in large language models and aims to help smaller companies lacking infrastructure
protect their intellectual property. The NSA emphasizes the need for robust AI governance to ensure privacy and compliance.
The agency plans to host a conference on AI in national security,
stressing AI's impact on future warfare and the importance of protecting critical systems and infrastructure.
The NSA is also working with startups to raise awareness about intellectual property theft
and advocate for government-wide
AI adoption.
Coming up after the break, my conversation with David Moulton,
host of Palo Alto Network's podcast, RETVector. Stay with us. Do you know the status of your compliance controls right now?
Like right now. We know that real-time visibility
is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to
vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
And it is my pleasure to welcome to the show David Moulton. He is the host of Palo Alto Network's podcast, Threat Vector. He is also Director of Thought Leadership at Palo Alto Networks with
Unit 42.
Dave, it's great to have you here on the show.
Good to be back, Dave. Thanks for inviting me in.
So, ThreatVector has come a long way since your initial inception of it here.
Can we take a minute and sort of go back in time and talk about how Threat Vector came to be and that journey from where you originally thought it was going to be and to where it is now, which
is a weekly podcast all on its own? Sure. So if we go back, we realized that there was an opportunity
to talk to audiences about the interesting, unique work that Unit 42 was doing.
So whether that was threat research, getting into some of the matters that our incident
response team responded to, or even just talking about the threat landscape in general.
We wanted to make sure that there was, in fact, an appetite for those stories.
And that's where we partnered up with you.
And we're a segment on Cyber Wire Daily on Threat Vector Thursdays for about six months.
Got a really strong response from that.
And thought, well, let's take it into a larger 30-minute, give or take five minutes, type of
conversation, a deeper interview. And I'll tell you, it's tough to do an interview and get to
something of interest in five, six, seven minutes. You can do it. But I think Mark Twain said I would
have wrote a shorter letter if I had more time. And that's certainly how the segments fell at times.
So we gave ourselves a little bit more room to operate.
Now we're looking at Palo as a place that has interesting stories.
Moving beyond just the edges of Unit 42,
we'll certainly have our experts, those threat researchers,
those incident responders coming in.
But we wanted to tell some more stories.
In addition to that, we wanted to open up the platform to our customers, to SMEs that have interesting stories.
If you look at some of the recent things that we've done, they're not all folks that come in and work at Palo Alto Networks every day.
Some of them are using our technology, our services.
Others just have interesting security stories.
And I think that there's room for all of that within ThreatVector and for our audience.
Give me an idea of what happens internally at an organization the scale of Palo Alto Networks.
When you go and say, hey, I want to try this thing out.
And then I imagine you go back and you say, you know what, I think we're onto something here.
Where does it go from there?
So internally, we looked at our numbers.
We looked at listens, streams, those sorts of things, pickups on charts, and took those to our leadership.
things, pickups on charts, and took those to our leadership. Our CMO is somebody that has an incredible ability to take a look at data, but also has a strong gut. And with the analytics,
with the data, and then with the story, I think he could... Sometimes you work with somebody who
knows it when they see it.
And he said, let's bet large on this.
The challenge then came from our CEO.
Nikesh is never one to shy away from a challenge.
I believe he said, get 100 CISOs on the show before the end of the year.
I haven't.
That's mathematically impossible.
Right.
But, you know, if you're out there listening,
know that you could really help me out if you've got a CISO title and a great story to tell
to show up on Threat Factor.
And we'll get into it.
You know, this is a place where we'll talk about
industry trends, cybersecurity threats,
your strategies, impacts
from regulators, those sorts of things that are all part of the purview of security leadership.
So you're into this weekly cadence now, and you have a larger palette to tell your stories. You've
got more time. What are you looking forward to here as we go out through the rest of this year and beyond?
I'm looking forward to bringing some of these incredible stories of our customers
on to ThreatVector. I can't reveal the oil and gas company that I've been talking to
until it passes their legal team. It is inspiring and terrifying to sit down with an IR team
and to understand what they face,
but then to see the energy and the innovation
and the willingness to go beyond any level
I had any expectation to see
when I sat down with those customers.
And the same for the customers that
have already come on and talked about what they're doing. I think about Gregory Jones
and the work that he's doing to protect his university. And the man's creativity is boundless.
He's got street signs, road signs out there to educate college students on fishing and to protect them.
And I think that that gamut of stories and how it impacts our day-to-day lives is really important.
And then to mix that in with the SMEs who can bring a different perspective, a deep expert point of view to life.
a different perspective, a deep expert point of view to life.
The point of the show is to educate, to entertain, and to engage.
And that's the opportunity that we have in front of us as a podcast and one that gets me excited every time we light up the mics.
Yeah.
Well, David Moulton is Director of Thought Leadership at Palo Alto Networks
with their Unit 42 group,
but he is also the host of the Threat Vector podcast, which you can find right here on the N2K Cyber Wire network
and wherever you get your favorite podcasts.
David, thanks so much for joining us.
Thank you. ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
And finally, I'm not telling you anything you don't already know
when I say that suddenly it feels like the entire cybersecurity industry
has a bad case of AI fever. And it's not just cyber. Every gadget from your toaster to your
toothbrush is boasting about its artificial intelligence features. It sounds cutting edge,
but hold your enthusiasm, because a recent study suggests that consumers are actually getting pretty fed up with
this trend. According to research published in the Journal of Hospitality Marketing and Management,
mentioning AI in product marketing is becoming a major turnoff. A group of 1,000 respondents
showed that products described as using AI were consistently less popular. In fact, when AI was mentioned,
emotional trust plummeted, leading to decreased purchase intentions. Take, for example, a smart
TV. When described as having artificial intelligence, consumers reacted with a
resounding hard pass. But remove the AI buzzwords, and suddenly the same TV was a hot commodity.
Washington State University's Mesut Sissek summed it up, stating,
Including AI in descriptions? Bad move, especially for high-risk purchases like electronics or medical devices.
And it's not just limited to TVs. The effect was consistent across eight product categories.
Even the tech-savvy crowd seems to be rolling their eyes at AI hype. Limited to TVs, the effect was consistent across eight product categories.
Even the tech-savvy crowd seems to be rolling their eyes at AI hype.
The trend speaks to a broader phenomenon.
Gartner noted that the generative AI hype has surpassed its peak of inflated expectations,
leaving consumers wary of exaggerated promises and astronomical costs.
Despite companies cramming AI into every nook and cranny,
from dating apps to car salesmen, buyers are skeptical.
SISAC advises marketers to ditch the AI lingo and focus on actual product benefits.
Because let's face it, we're all a bit tired of every product pretending it's the next big AI innovation.
It's time to drop the buzzwords and keep it real.
And that's the CyberWire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead
in the rapidly changing world of cybersecurity.
If you like our show,
please share a rating and review in your podcast app.
Please also fill out the survey in the show notes
or send an email to cyberwire at n2k.com.
We're privileged that N2K Cyber Wire
is part of the daily routine of the most
influential leaders and operators in the public and private sector, from the Fortune 500 to many
of the world's preeminent intelligence and law enforcement agencies. N2K makes it easy for
companies to optimize your biggest investment, your people. We make you smarter about your teams
while making your teams smarter. Learn how at n2k.com.
This episode was produced by Liz Stokes. Our mixer is Trey Hester with original music and
sound design by Elliot Pelfsman. Our executive producer is Jennifer Iben. Our executive editor
is Brandon Karp. Simone Petrella is our president. Peter Kilby is our publisher.
And I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Thank you. and adaptable. That's where Domo's AI and data products platform comes in. With Domo,
you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents
connect, prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role. Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.