CyberWire Daily - Rhode Island cyberattack exposes sensitive data.

Starting point is 00:00:00 You're listening to the Cyber Wire Network, powered by N2K. Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions. This coffee is so good. How do they make it so rich and tasty? Those paintings we saw today weren't prints. They were the actual paintings. I have never seen tomatoes like this. How are they so red? With flight deals starting at just $589, it's time for you to see what Europe has to offer.

Starting point is 00:00:31 Don't worry. You can handle it. Visit airtransat.com for details. Conditions apply. AirTransat. Travel moves us. Hey, everybody. Dave here.

Starting point is 00:00:44 Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me. I have to say, Delete.me is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected. Delete.me's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Delete.me.

Starting point is 00:01:22 Now at a special discount for our listeners. private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code n2k at checkout. That's joindeleteme.com slash N2K, code N2K. A cyber attack in Rhode Island targets those who applied for government assistant programs. U.S. senators propose a $3 billion budget item to rip and replace Chinese telecom equipment. The Klopp ransomware gang confirms exploiting vulnerabilities in Clio's managed file transfer platforms. A major Southern California health care provider suffers a ransomware attack.

Starting point is 00:02:24 A leading U.S. auto parts provider discloses a cyber attack on its Canadian business unit. SRP Federal Credit Union notifies over 240,000 individuals of a cyber attack. A sophisticated phishing campaign targets YouTube creators. Researchers identify a high-severity vulnerability in Molvad VPN. A horrific dark web forum moderator gets 30 years in prison. Our guests are Perry Carpenter and Mason Amadeus, hosts of the new Fake Files podcast and jailbreaking your license plate. It's Monday, December 16th, 2024. I'm Dave Bittner, and this is your CyberWire Intel Briefing. Thanks for joining us here today. It is great to have you with us.

Starting point is 00:03:46 A cyber attack on Rhode Island's RI Bridges system has potentially exposed sensitive personal information of hundreds of thousands of people who applied for government assistance programs since 2016, including SNAP, Medicaid, and other social services. Hackers, part of an international cybercrime group, threatened to release the data unless paid, though this was classified as extortion rather than ransomware. Highly sensitive details like social security and bank account numbers may have been stolen. The breach was confirmed on December 10 after hackers provided evidence to Deloitte, the system's vendor. Malicious code was found, prompting officials to shut down the system to mitigate further risk. State officials along with Deloitte and law enforcement are investigating. Impacted individuals will receive

Starting point is 00:04:25 free credit monitoring and access to support. Benefits for December were distributed, but new applications must be filed on paper for now. Open enrollment for health insurance continues, with enrollment unaffected so far. The $3 billion added to the 2025 National Defense Authorization Act for removing Chinese-made telecom equipment is being framed as a critical step in preventing breaches like the Salt Typhoon cyber espionage campaign. Salt Typhoon, linked to Chinese government hackers, has highlighted vulnerabilities in U.S. networks, especially those relying on Huawei and ZTE equipment. The FCC previously identified a $3 billion funding gap in its Rip and Replace program, which aims to remove such technology from 126 carriers' systems. Without full funding,

Starting point is 00:05:22 rural carriers remain exposed, lacking resources to upgrade or replace compromised equipment. Salt Typhoon's success against major operators underscores the risks for smaller networks with fewer defenses. Senators from both parties stressed the urgency of securing networks, while some criticized expanding FCC regulations. Others highlighted the need for swift action to eliminate known vulnerabilities. The salt typhoon attacks serve as a stark warning. Securing telecom infrastructure is a matter of national security. The CLOP ransomware gang has confirmed to Bleeping Computer their involvement in exploiting vulnerabilities in Clio's managed file transfer platforms, including Harmony, VL Trader, and Lexicom.

Starting point is 00:06:12 The attacks utilized a zero-day vulnerability that Clio initially patched in October. However, cybersecurity firm Huntress discovered last week that the patch was incomplete, allowing attackers to bypass it, upload back doors, and steal data. While Clio did not publicly disclose prior exploits, bleeping computer reports, Klopp admitted responsibility, linking the attacks to their previous methods, including similar exploits in the MoveIt breaches. A ransomware attack on PIH Health, a Southern California healthcare provider serving over 3 million residents, has disrupted IT systems, impacting hospitals, urgent care centers, pharmacies, and more. Cybercriminals claim to have stolen 17

Starting point is 00:07:00 million patient records and threatened to publish 2 terabytes of sensitive data unless a deal is made. PIH Health confirmed it's working with forensic specialists and law enforcement, but has not acknowledged the hacker's claims publicly. The attack has forced PIH to rely on downtime procedures, delaying test results, surgeries, and prescription refills. Online services, including appointment scheduling, are unavailable. The breach could become one of the largest healthcare data breaches this year if the hackers' claims are verified. Cybersecurity experts warn that such attacks will persist without stronger federal intervention, including measures like pre-authorized traffic filtering and comprehensive

Starting point is 00:07:45 national privacy laws. PIH also faced a phishing breach in 2020, leading to lawsuits. Meanwhile, ConnectOnCall.com, a Freesia subsidiary offering communications tools for healthcare providers, experienced a data breach affecting 914,000 individuals. The breach, lasting from February 16th through May 12th of this year, exposed sensitive data including patient names, phone numbers, medical record numbers, health conditions, and prescription details. Social security numbers of some individuals were also compromised. The platform was taken offline immediately, investigated by third-party cybersecurity experts, and later relaunched with enhanced security. Affected individuals received notifications with credit monitoring offered to those whose social security numbers were exposed.

Starting point is 00:08:48 were exposed. LKQ Corporation, a leading U.S. auto parts provider, disclosed a cyber attack on its Canadian business unit, causing weeks of disruption starting November 13th. LKQ, which operates in 24 countries with 45,000 employees, reported the incident in an SEC filing, stating the unit is now near full capacity and the threat has been contained. The company does not expect significant financial impact and plans to seek reimbursement through cybersecurity insurance. No threat actors have claimed responsibility. SRP Federal Credit Union is notifying over 240,000 individuals about a cyber attack that exposed sensitive personal information, including names, social security numbers, driver's license details, and financial data. The breach occurred between September 5th and November 4th of this year

Starting point is 00:09:38 and was discovered after the credit union secured its systems and reviewed compromised files. the credit union secured its systems and reviewed compromised files while srp has no evidence of misuse it is offering one year of free identity protection services to affected individuals the ransomware group nitrogen active since september 2024 has claimed responsibility alleging it stole 650 gigabytes of data and is selling it online. SRP has not confirmed the nature of the attack, but reported the incident to law enforcement and attorneys general in Texas and Maine. Founded in 1960, SRP serves over 200,000 members across Georgia and South Carolina with a workforce of 400 employees. CloudSec has uncovered a sophisticated phishing campaign targeting YouTube creators,

Starting point is 00:10:29 leveraging fake brand collaboration emails to steal accounts and spread scams. Scammers use specialized tools to scrape email addresses from YouTube channels and send bulk phishing emails via browser automation. These emails, posing as lucrative collaboration offers, include attachments disguised as contracts or promotional materials posted on platforms like OneDrive, protected by passwords to appear legitimate. The malicious attachments often contain malware hidden within files. Once downloaded, the malware can steal login credentials,

Starting point is 00:11:06 financial data, intellectual property, or grant remote access to attackers. Over 200,000 creators have been targeted, with attackers using hundreds of SMTP servers to execute the campaign globally. YouTube creators are advised to verify unsolicited collaboration offers, avoid downloading suspicious attachments, and confirm the sender's legitimacy directly with the brand. Security researchers at X41DSEC have identified high-severity vulnerabilities in Molvad VPN, including race conditions and temporal safety violations in its signal handler code. These flaws could lead to memory corruption and potential code execution if an attacker triggers a signal at the right moment, though exploitation is complex. Additionally, a DLL sideloading vulnerability in Molvad's Windows installer could allow attackers to execute malicious code during

Starting point is 00:12:05 installation. Mulvad users are urged to update their software to mitigate the risks. The depths of human depravity are truly staggering sometimes. Robert Schuss, a 37-year-old Texan, has been sentenced to 30 years in prison for his heinous crimes against children. This monster ran a dark web forum where pedophiles could exchange and discuss child sex abuse material, CSAM, including videos and images of babies and toddlers. He personally abused one child for six years, creating hundreds of instances of CSAM with the boy, and even bribed the child's family with gifts and money. But that's not all.

Starting point is 00:12:52 Schuss also secretly recorded two other minors and asked two others to send him naked pictures of themselves. The FBI found over 117,000 CSAM images and 1,100 videos on his seized computers and storage drives. This is a man who has no regard for human life or dignity and has spent years preying on the most vulnerable members of society. The U.S. attorney aptly described Schuss as the embodiment of evil, and it's hard to disagree with that assessment. His crimes are a stark reminder of the importance of holding perpetrators accountable for their actions

Starting point is 00:13:32 and the need for law enforcement to remain vigilant in protecting our children from these monsters. In addition to the 30 years in the slammer, Schuss will now face 10 years of supervised release, pay $153,000 in restitution to his victims, and be registered as a sex offender for life. But even this may not be enough to bring justice to those he has harmed. Coming up after the break, my conversation with Perry Carpenter and Mason Amadeus about their new podcast right here on the N2K Cyber Wire Network,

Starting point is 00:14:17 the Fake Files podcast. And we'll talk about digital license plates. Because sometimes even your car wants to go incognito. We'll be right back. Do you know the status of your compliance controls right now? Like, right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks. have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.

Starting point is 00:15:13 They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off. And now, a message from Black Cloak. Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home? Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.

Starting point is 00:16:07 Because when executives are compromised at home, your company is at risk. In fact, over one-third of new members discover they've already been breached. Protect your executives and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io Perry Carpenter and Mason Amadeus are co-hosts of the new Fake Files podcast right here on the

Starting point is 00:16:43 N2K CyberWire network. I recently caught up with them for a preview of the new Fake Files podcast right here on the N2K CyberWire network. I recently caught up with them for a preview of the show. All right. Well, gentlemen, we are here to talk about your new endeavor. This is the Fake Files podcast. Why don't we start off with some high-level stuff here? Perry, I'm going to give you the honors. Can you tell us what prompted you

Starting point is 00:17:06 to take on this new podcast? Oh, nice. I don't know if that was an intentional pun, but she used the word prompt, which has to do with large language models, which has to do with AI, which has to do with the podcast. I only wish I were that clever. Well, you should still claim credit so we can cut that part out. Sure. What, I mean, the thing that prompted it was I was in this mindset of trying to figure out like how to use my time, like we do when we hit this age. And I just released a book called Fake, F-A-I-K, which is all about deepfakes, disinformation, and AI-generated deceptions. And was trying to figure out like, how do I continue my focus going down the AI road, which naturally converges with my focus around deception

Starting point is 00:18:02 and social engineering and cybersecurity. And I was also trying to figure out, like, what do I do with this other podcast that I have, Eighth Layer Insights, which is all about the intersection of humanity and security or technology or whatever spin you want to put on that, but it's the human condition as it tries to deal with the fact that technology is rapidly advancing and that creates a lot of interesting strain. And as I was trying to figure that out, everything really started to come together because Mason, who is the co-host on another podcast that we have called Digital Folklore. And it was actually the creator of the name fake for the book. He came up with that idea because we're talking about deep fakes and cheap fakes. But, you know, with this, there's AI in the middle. And so as I was trying to think about, like, how do I combine all these interests and make a sustainable thing that is going to be fun for me,

Starting point is 00:19:06 interesting for other people to listen to. Everything came together in the idea of the Fake Files podcast, which is actually an offshoot not only of the book, but an audio miniseries, a 10-part audio miniseries that Mason and I did to follow along with the chapter structure of the book and to dramatize some of the stories. And it just seemed like by the time we got to the end of that, it's like, oh, this is a chemistry that we have and a way of doing things that could become very self-sustaining, even at a pace much faster than I was able to produce Aethelir Insights episodes.

Starting point is 00:19:42 Well, Mason, for our listeners, can you give us a little taste of what we can expect here from the show? Yeah, absolutely. We're kind of exploring anywhere that AI intersects with humanity. So it's a very broad thing. I think the best way to describe it would be the vibe of it

Starting point is 00:20:00 is kind of like a morning radio show with Perry and me as your hosts, breaking down either the latest news topics or doing some demonstrations of different AI tools with a focus on making it accessible for a wider audience. Because for me, my background in sort of creative media, a lot of digital artists right now are pretty contentious. Like a lot of the opinions around AI are very contentious in the art community as generative AI came on the scene. Like a lot of the opinions around AI are very contentious in the ARK community as generative AI came on the scene.

Starting point is 00:20:27 But a lot of people are just really scared to engage with the technology. And like a lot of my friends and colleagues just haven't even like used ChatGPT. And so I think just bridging the gap between what feels like something that's inaccessible, which I know is a little bit ironic because like working in natural language

Starting point is 00:20:43 with computers for the first time is the most intuitive and easy thing but uh people are still sort of hesitant to engage with ai and so making that a space for everyone to be a part of and learn and also i'm wrestling with my own uh complicated feelings about ai as someone in the creative space being able to type a couple words and have a really good looking picture or, or at this point, even music and sound effects be generated, is a big deal. It kind of reminds me of that old saying, I think it's attributed to Arthur C. Clarke, about how a high enough level of technology is indistinguishable from magic. Yeah, yeah.

Starting point is 00:21:21 It feels like that. And actually, when we were talking to people in the specializes in folklore and urban legends, they were saying that there's something in the, you know, the idea of prompting that is almost like a summoning ritual. see like the way that technology is budding up against humanity in really interesting ways when people are making those kind of comparisons it's like oh now i can invoke something from the machine and even out of that spin tons of interesting conspiracy theories that um you know when you think about conspiracy theories of course course, those are adjacent to social engineering and disinformation and everything else. So all this becomes this interesting little hodgepodge of very adjacent ideas to, I don't know. I don't even know how to describe it. I don't even know how to describe it.

Starting point is 00:22:30 It is like this boiling mess of us as a species trying to figure out, like, what is it even to be human anymore? Because we used to think that one of the defining traits of humanity was this innate creativity. And it turns out that AI models are pretty good at creativity. And large language models especially are really bad at math and reasoning. And so what does that mean? I'm pretty good at creativity and I'm really bad at math. So I don't know. It's a whole new way of interacting with machines that didn't exist before. And it touches on so many different aspects of life. Because I mean, especially at this point in time, people are trying to use large language models for literally everything. And there's a lot that they can do.

Starting point is 00:23:06 And the implications of this are huge. Just not like vertically in every sector and across everything else horizontally. Mason, I'm curious. I mean, do you understand people's hesitation here for folks who don't even want to lay hands on the technology? Yeah, I mean, I think a large part of it's a social force, right? That like on Reddit, people are just writing polemics against each other, either pro or AI for reasons of like, oh, it's the death of creativity and job loss. And I can't help but think back to, I'm not sure if this is true,

Starting point is 00:23:43 but a common example of like when motion pictures first came out and people ran from the theater screaming because it seems so real. It's weird to live through a moment that feels relatable to that. And to have those feelings myself, I was hesitant to engage with AI tools at first. And I think it just comes from a fear

Starting point is 00:24:04 because it's really most of the problems with it come down to capitalism and corporate greed and things like that. Like the job loss that might come from creative professionals working in spaces that are, they're no longer needed to do, I don't know, marketing or just simple graphic design or commissioned portraits and stuff. So there's like the fear of job loss. There's also just this questioning of, is every hour, every day, every year of my life that I've spent honing a skill just invalidated now because a computer can do it.

Starting point is 00:24:35 And I personally, I've been doing nothing but sort of cook on this for a while. And what I've come back to and why I'm trying to embrace AI is that it's here. It's not going to go away. There's nothing you can do to stop that. And also human creativity is innate and limitless. And the joy of creating something is not going to be taken away by the fact that you can generate something. That just becomes, it makes it more accessible for anybody to make a thing, but people will always value something that you spent

Starting point is 00:25:06 time hand-making. I don't think it actually takes away from creativity. But I am afraid of... I'm a little hesitant with this show to receive some backlash from my peers in the creative space because it's just so contentious. A lot of people... There are like Mastodon instances.

Starting point is 00:25:22 The Mastodon art instance disallows AI completely. You'll just get banned. A lot of artist communities, people just suspect everything of AI and point fingers and say, you're not a real artist. You're just filling the internet with slop

Starting point is 00:25:34 or you're burning down rainforests or whatever if you use AI. And it's all just that, a lot of it's that sensationalist stuff, but there's also real reasons to distrust giant companies wielding this kind of power. And then there's also the ethical dilemmas with training data and consent

Starting point is 00:25:50 and all of that. I'm incredibly empathetic to it, but where I'm coming from now is that as an individual, the amount of control I have over that is minimal. So all I can do is try and engage and learn and stick around with it. And I've come around to really enjoying it.

Starting point is 00:26:07 All of the imaging and sound design, all the transitions and the fake files are either 100% AI generated or hand fully recorded by me. I thought that'd be like a little fun project to do to play with generative AI as a source of sound effects. Yeah, and that's one of the defining things in the show is that we're leaning into the AI-ness because we feel like in these areas where things are blended

Starting point is 00:26:35 is where people, I think, get really, they feel like you're pulling the wool over their eyes if you use AI art or music or something like that. But in a show about AI, one of the things that we have to do is really understand the technology, keep up with the technology and engage with it, I think, in a dualistic fashion. One is to say, if I'm a good person that wants to be creative with it, how do I do that and how do I have fun? And so we give ourselves permission to have fun with it and to play with it and to make it part of the show

Starting point is 00:27:07 and integral to the show. And then the other thing that we have to do is think about this from a security perspective and put on that hat and say, now, if I was a bad person and I wanted to be really creative with it, what could I do? And I think asking and playing in both of those areas is a really interesting place to be really creative with it. What could I do? And I think asking and playing in both of those areas

Starting point is 00:27:26 is a really interesting place to be because not a lot of people are giving themselves permission to go really far down both of those roads at the same time. No, that's an interesting take. And I think the creative part can be kind of the spoonful of sugar

Starting point is 00:27:43 that makes the security medicine go down. Exactly. I forget who it was. Someone, when we launched Digital Folklore, accused us of trying to hide vitamins inside of candy, I think. That was Peter. Oh, that was Peter. Yeah. He was like, yeah, I thought that I was going to get this nice candy bar.

Starting point is 00:28:01 And then all of a sudden, he slipped vitamins in it. So we're doing that again. Yeah. All right. So we're doing that again. Yeah. All right. So your audience is warned. If you're not careful, you may learn something. You may get a green bean in there somewhere, too. You never know.

Starting point is 00:28:14 That's Perry Carpenter and Mason Amadeus. The new show is called the Fake Files Podcast. You can find it wherever you get your favorite podcasts and right here on the N2K Cyber Wire Network. Cyber threats are evolving every second and staying ahead is more than just a challenge. It's a necessity. That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control,

Starting point is 00:28:58 stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant. Breaking news happens anywhere, anytime. Police have warned the protesters repeatedly, get back. CBC News brings the story to you live. Hundreds of wildfires are burning. Be the first to know what's going on and what that means for you and for Canada. This situation has changed very quickly.

Starting point is 00:29:41 Helping make sense of the world when it matters most. Stay in the know. Download the free CBC News app or visit cbcnews.ca. And finally, digital license plates, the high-tech replacements for boring metal ones, offer features like theft alerts and custom messages.

Starting point is 00:30:08 But security researcher Josep Rodriguez has revealed a darker side. They can be hacked. With a few tools and a little ingenuity, Rodriguez demonstrated how to jailbreak the plates, allowing users to change plate numbers at will, perfect for dodging tickets or pinning them on someone else. Think James Bond or Kit from Knight Rider, but more petty criminal than Secret Agent or Supercar. By tweaking the plate's firmware, Rodriguez could swap out its display with just a smartphone app. Worse, a hacker could track a driver

Starting point is 00:30:46 or wreak havoc by selling pre-jailbroken plates online. The company providing the digital plates insists it's a highly unlikely scenario, but Rodriguez disagrees, calling it relatively simple. So, while digital plates might sound futuristic, they also come with risks, like suddenly being blamed for someone else's speeding tickets. Drive safe, and maybe stick to old-school metal for now. And that's The Cyber Wire.

Starting point is 00:31:32 For links to all of today's stories, check out our daily briefing at thecyberwire.com. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com. We're privileged that N2K Cyber Wire is part of the daily routine of the most influential leaders and operators in the public and private sector. is part of the daily routine of the most influential leaders and operators in the public and private sector,

Starting point is 00:32:05 from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams while making your team smarter.

Starting point is 00:32:19 Learn how at n2k.com. This episode was produced by Liz Stokes. Our mixer is Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Iben. Our executive editor is Brandon Carr. Simone Petrella is our president. Peter Kilpie is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.

CyberWire Daily - Rhode Island cyberattack exposes sensitive data.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.