CyberWire Daily - Router security in jeopardy.
Episode Date: December 9, 2024A critical zero-day is confirmed by a Japanese router maker. Romania annuls the first round of its 2024 presidential election over concerns of Russian interference. A sophisticated malware campaign ta...rgets macOS users. Mandiant uncovers a method to bypass browser isolation using QR codes. Belgian and Dutch authorities arrest eight individuals linked to online fraud schemes. A medical device company discloses a ransomware attack. A community hospital in Massachusetts confirms a ransomware attack affecting over three hundred thousand. The Termite ransomware gang claims responsibility for the attack on Blue Yonder. Synology patches multiple vulnerabilities in its Router Manager (SRM) software. The head of U.S. Cyber Command outlines the challenges of keeping decision makers up to date. Our guest is Anna Pobletts, Head of Passwordless at 1Password, discussing the state of passkeys and what she sees on the road to a truly passwordless future. Robot rats join the mischief. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Anna Pobletts, Head of Passwordless at 1Password, discussing the state of passkeys and what she sees on the road to a truly passwordless future. Selected Reading I-O Data Confirms Zero-Day Attacks on Routers, Full Patches Pending (SecurityWeek) Romania’s top court annuls presidential election result (CNN) MacOS Passwords Alert—New Malware Targets Keychain, Chrome, Brave, Opera (Forbes) QR codes bypass browser isolation for malicious C2 communication (Bleeping Computer) Eight Suspected Phishers Arrested in Belgium, Netherlands (SecurityWeek) Medical Device Maker Artivion Scrambling to Restore Systems After Ransomware Attack (SecurityWeek) Anna Jaques Hospital ransomware breach exposed data of 300K patients (Bleeping Computer) Blue Yonder SaaS giant breached by Termite ransomware gang (Bleeping Computer) Synology Router Vulnerabilities Let Attackers Inject Arbitrary Web Script (Cyber Security News) Cyber Command Chief Discusses Challenges of Getting Intel to Users (Defense.gov) Robot Rodents: How AI Learned To Squeak And Play (Hackaday) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
A critical zero day is confirmed by a Japanese router maker.
Romania annuls the first round of its 2024 presidential election over concerns of Russian interference.
A sophisticated malware campaign targets macOS users.
Mandiant uncovers a method to bypass browser isolation using QR codes.
Belgian and Dutch authorities arrest eight individuals linked to online fraud schemes.
A medical device company discloses a ransomware attack.
A community hospital in Massachusetts
confirms a ransomware attack affecting over 300,000.
The termite ransomware gang claims responsibility
for the attack on Blue Yonder.
Synology patches multiple vulnerabilities
in its router manager software.
The head of U.S. Cyber Command outlines the challenges of keeping decision makers up to date.
Our guest is Anna Poblitz, head of passwordless at 1Password, discussing the state of passkeys.
And robot rats join the mischief. It's Monday, December 9th, 2024. I'm Dave Bittner, and this is for joining us once again. It is great, as always,
to have you here with us. Japanese device maker. data confirmed the exploitation of critical zero-day vulnerabilities in its routers,
with full patches delayed until mid-December.
The flaws include risks of disabling firewalls, executing arbitrary commands, and exposing sensitive information.
The three vulnerabilities allow attackers to steal authentication data,
execute commands as an admin, or modify device settings
remotely. While a firmware update addresses one of the issues, fixes for the other flaws are pending.
The zero days reported by Japanese researchers and coordinated through a national cybersecurity
partnership remain under wraps. IO data urged caution, highlighting ongoing exploitation
of these vulnerabilities in the wild.
Users are advised to apply
available updates promptly.
Romania's constitutional court
annulled the first round
of its 2024 presidential election,
narrowly won by far-right candidate
Colin Giudescu,
citing concerns over Russian interference and election irregularities.
This unprecedented decision cancels a scheduled runoff
and mandates restarting the election process
to ensure legality and fairness under their constitution.
Giudescu, boosted by alleged TikTok manipulation
and cyberattacks traced to a state-level actor,
led with 22.9% of the vote, ahead of centrist Elena Lascone's 19.2%.
The campaign faced over 85,000 cyberattacks on election systems,
prompting warnings from the U.S. about Romania's pro-Western stability.
prompting warnings from the U.S. about Romania's pro-Western stability.
Public protests erupted in Bucharest,
with large pro-Europe demonstrations opposing Giudescu's ultra-nationalist stance.
Giudescu's rise, fueled by economic frustrations and anti-Ukraine rhetoric,
contrasts with Lascone's pro-Western agenda,
deepening tensions in this contentious election.
Researchers at Cato Security Labs have uncovered a sophisticated malware campaign targeting macOS users, active for over four months.
Disguised as a video meeting app, the malware steals sensitive data from macOS keychain,
Chromium-based browsers, Telegram, and cryptocurrency
wallets. Hackers use AI-generated websites, fake social media accounts, and cloned Telegram
contacts to build trust and lure victims. Victims report phishing attempts linked to
blockchain and cryptocurrency work. The malware also exploits browser session cookies,
bypassing two-factor authentication.
Despite offering cross-platform downloads,
the campaign only delivers macOS malware,
prompting users for passwords under false error messages.
Experts say users should stay vigilant
against unsolicited business offers,
especially on Telegram.
Mandiant uncovered a method to bypass browser isolation using QR codes for command and control operations.
Browser isolation safeguards local systems by executing web scripts remotely and streaming only visuals back to users.
only visuals back to users. Mandiant's technique embeds commands in QR codes displayed on webpages,
which isolation mechanisms do not filter. Infected devices decode these commands for malicious use.
Though limited by low data transfer rates and latency, the method demonstrates vulnerabilities in current defenses, emphasizing the need for layered
security strategies. Belgian and Dutch authorities arrested eight individuals linked to a fraud
scheme involving phishing, online scams, and money laundering. The operation, active since 2022,
used phishing emails, texts, and in-person impersonations to steal banking credentials,
targeting older victims across 10 European countries.
Law enforcement conducted 17 searches, seizing luxury goods, cash, and a firearm.
The suspects operated call centers in high-end locations
and spent the stolen millions on lavish lifestyles.
Arrests included four in Belgium and four in the Netherlands, with investigations ongoing. Medical device company Artivion
disclosed a ransomware attack that disrupted order and shipping processes by forcing some
systems offline. The Atlanta-based firm, which markets cardiac and vascular products to
over 100 countries, identified the attack on November 21. Files were encrypted and exfiltrated,
prompting containment and remediation efforts. While Arteveon continues operations with
mitigated disruptions, it expects some uninsured expenses. The company stated the attack hasn't
materially impacted finances, but acknowledged potential risks if restoration delays persist.
No threat actor has claimed responsibility. Anna Jakes Hospital, a community hospital in
Massachusetts, confirmed a ransomware attack on December 5th of 2023, exposing sensitive data for
over 310,000 patients. Threat actors from the Money Message Group leaked stolen data, including
personal, medical, and financial information, after failed extortion attempts. The hospital's
lengthy forensic investigation concluded on November 5th of this year.
While no fraud has been detected, impacted individuals are being offered identity protection and credit monitoring. The termite ransomware gang has claimed responsibility for the November attack
on software-as-a-service provider Blue Yonder, disrupting services subsidiary specializing in supply chain software, serves over 3,000
customers worldwide, including Microsoft, DHL, and Procter & Gamble. The attack caused outages
across Blue Yonder's managed services, impacting Starbucks scheduling systems and causing shipping delays for companies like BIC.
Termite claims to have stolen 680 gigabytes of data, including databases, emails, documents, and reports.
The gang uses a Babook-based encryptor and has listed Blue Yonder and other victims on its dark web portal.
BlueYonder has restored services for some customers and is working with cybersecurity
experts to help mitigate the breach, but it has not confirmed the extent of the data compromise.
Synology has patched multiple moderate severity vulnerabilities in its router manager software. The flaws involve cross-site
scripting vulnerabilities across features like file station, Wi-Fi connect, and DDNS record.
Exploitation requires authenticated, often administrator-level access and could allow
attackers to inject malicious web scripts, steal data, or manipulate sessions. Synology urges users
to update to the latest version to mitigate risks. Air Force General Timothy D. Hogg,
commander of U.S. Cyber Command and director of the NSA, emphasized the need to enhance
intelligence distribution. Speaking at the Reagan Defense Forum yesterday, General Hogg said the U.S.
excels at collecting and analyzing intelligence, but timely and effective delivery to decision
makers remains a challenge. He highlighted the Chinese-led salt typhoon hack, which targeted
companies and political figures, as part of China's broader cyber strategy. He stressed the importance
of educating allies and strengthening partnerships with industry to protect critical infrastructure.
Hogg noted progress in cooperation between the NSA, CISA, FBI, and private sector partners,
but called for faster, more effective collaboration. Initiatives like the Enduring
Security Framework
aim to bolster telecommunications infrastructure defenses.
As a combat support agency,
the NSA ensures military commanders,
particularly those in active threat zones like the Red Sea,
receive actionable intelligence.
Additionally, the NSA supports U.S.-European command
in delivering unified
signals intelligence for military and policy decisions.
Coming up after the break, Anna Poblitz from 1Password joins me to discuss the state of pass
keys and robot rats join the mischief. Anna Poblitz from 1Password joins me to discuss the state of passkeys.
And robot rats join the mischief.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks. But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
Anna Publitz is head of passwordless at 1Password.
I recently caught up with her to discuss the state of passkeys
and what she sees on the applications that is fully passwordless.
So, there are no passwords in the mix.
And the goal here is really, from my perspective, to remove the human error from logging into apps and websites
by giving you a really easy, frictionless login experience where all of the security is just built
straight into the technology. The goal is to solve what I think is the biggest problem with passwords,
which is that they put all of the burden on users to be secure, right? You have to think up a password,
remember it, not type it into a phishing site, all of these things. users to be secure, right? You have to think up a password, remember it,
not type it into a phishing site, all of these things. Whereas with PassKeys, that's automatic.
So from a user perspective, it really just looks and feels like you're unlocking your device,
something like Face ID, Touch ID, Windows Hello, and you're getting all of these really great
security benefits behind the scenes. So obviously a big step up from passwords, right?
That's kind of the goal here.
Yeah, absolutely.
And I think it succeeds in those sorts of things that it's set out to do.
What are you all tracking in terms of an adoption rate?
Yeah, just the last year, like 2024, has been really huge for Passkey adoption.
There's been a lot of momentum.
We have... One of the things we track is sites that have implemented Passkeys. So we have a site
called Passkey.directory. It has actually more than doubled in size this year. We're at over
200 websites that support Passkeys, which is incredible. And a lot of them are really big
consumer brands. Things like Amazon, Discord, Target, Walmart, Canva.
These brands reach millions and millions of people every single day, which is so cool.
And I think what's most exciting to me when I look at the data that we've collected and the data from other folks is that it's not just that these websites are adding support for passkeys and then maybe shoving that functionality in a corner somewhere
for just the really techie people to find.
People are actually choosing passkeys over passwords.
So Amazon reported that over 175 million people have enabled passkeys.
And then at 1Password, we're tracking over 2.1 million
passkey authentications per month.
And I think this is really showing that
when the technology is available to them,
people are using it and they like the experience
and they're actively choosing it over passwords.
That's the thing that I think
I'm most excited to see in this past year.
What are some of the lingering barriers,
if you will, when it comes to people
adopting PassKeys? Yeah, I think if you had asked me a few years ago, I probably would say that
there's a lot. There's a lot of education to do, a lot of exposure, and I think there still is that
for sure, and we need to continue to do it. I probably also would have said there's a lot of
technical barriers, like not every platform supports Pass Passkeys yet. But I think at this point, that's not really the case anymore. And it's really about continuing
the education and exposure that we're already working on and continuing the technical improvements
that we're working on to make it more accessible and easier. But it's a lot of continuing the same
things we've been doing. So if you think about like education side of things, passwords are really ingrained in our online experiences. And we need to get people a little
more comfortable and confident using a new technology. So educating them on the benefits
is really huge. And I found that once people use a passkey for the first time, they really love it.
But there are still a lot of people who just haven't had that experience
and haven't had that aha moment. And so it's about getting them to that. And then on the technical
side, you know, PASCIs are supported on every modern platform now, which is amazing. And so
it's really about small tweaks that we're making to the technical specifications to make it more user-friendly,
to make it easier for developers and businesses to implement Passkeys in their websites,
and just things that will continue to evolve over time as we learn from the companies that
are adopting. One thing that I've been thinking about is, how can we really make the rate of
adoption faster? Like maybe
even exponential, right? Like if we're kind of doing these things that are getting us
a lot of progress right now, could we speed it up? And so one thing I've been thinking about is
how can we maybe push adoption as far down the tech stack as possible? Like the platforms or
the infrastructure and the auth libraries and frameworks that people are using, those support PassKeys by default instead of passwords and password hashing.
That could go a really long way for every new app just out of the box uses PassKeys.
You know, my own experience with PassKeys, I admit, has been a little mixed. I was enthusiastic at the start, you know,
to see this new way of approaching security
and, you know, read up on the stuff going on behind the scenes
and how it worked.
And I'm all in on the notion that this is a better way for most people.
I do use a passkey on one of my major accounts, but that's it. And I have to say,
I'm left scratching my head a little bit as to why haven't I adopted it in more places?
I think maybe because it does require some effort and checking in with the things that I
And kind of checking in with the things that I use day to day to see if they are Passkey capable.
Is the story I'm telling one that you've heard before?
Am I in a common situation?
Yeah, I think that's a totally natural way to feel, right? Like if a website supports Passkeys, but they're not making that functionality available to you in a way that fits with the workflow that you're trying to accomplish when you go to that website,
it's going to be really hard for you to make the effort to go sign into a website just to go to
your profile page and add a passkey, right? That's a pretty strong choice that you're making to go do
that. And so a lot of the research that's been done by the Fido Alliance and other companies as well is around when and how do we prompt users to upgrade to passkeys?
Or there's even some work coming probably next year around how can websites
automatically make passkeys for users and upgrade them automatically?
And so I think there's a lot of things like that, both on the UX research side
and on the technical
improvements that can help take the user out of that process a little bit or make it really
seamless.
So an obvious example is password reset.
If you just forgot your password and you had to go do a reset, that is a perfect time to
say would you like to upgrade to a passkey, right?
Because you just had to deal with the pain.
Right?
Yeah.
And so that makes sense.
But if you're in the middle of trying to purchase something on a website,
you're probably like, why are you asking me to do this, right?
And so the timing, I think, really, really matters.
And it's really important.
Now, as someone who works at an organization that provides a password manager,
does this put the company's future in peril?
Yeah, we get that question a lot.
And I actually think it's the opposite.
Because one of the challenges with passkeys
is that they are typically, at least in the past,
pre iCloud and 1Password and things like that,
they were bound to a specific device.
And that was a big part of what passkeys were.
But with, you know, whether
it's your iCloud or your 1Password, the whole point of 1Password is that you can sync all of
your credentials, whether that's passwords, Passkeys, credit card information, documents,
OTP codes, you can sync that really seamlessly across any platform, anywhere you need access to
those credentials. And that's really hard with Passkey.
So I actually think there's an even better case for using something like a password manager
or a credential manager in this type of world where you have all different types of credentials
you need to manage.
It actually becomes more necessary and more beneficial in that case.
All right.
Well, before we wrap up here, I mean, what is your advice for those who
are Passkey curious, you know, maybe have, similar to me, dipped their toes in a little while back,
but haven't revisited it in a while? Is this a good time to re-explore where we stand?
Yeah, I think so much has changed in the last year. I think passkeys for me are really about giving people confidence and peace of mind and their
security online.
And I think they are the future.
I think they're a huge win over passwords from both a security and a usability perspective.
And I would really encourage anyone if you either haven't signed up with a passkey on
a website, or you have, but it's been a really long time to go give it a shot.
Whether you're a one password user or not,
your passkeys are so much better.
And I really think once you have that experience,
you won't want to go back.
And if you work for a business,
if you're a developer or something like that,
you should really be thinking about
how can passkeys be a differentiator for my business?
How can they be better for my users,
better security for my business,
all that kind of thing.
I think there's really something there
and I would encourage people to spend some time with it.
I think a lot has changed in the last year.
That's Anna Pobletz,
head of passwordless at 1Password. Thank you. That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
And finally, in a plot twist straight out of Ratatouille, the robot edition,
A plot twist straight out of Ratatouille, the robot edition.
Researchers from the Beijing Institute of Technology and the Technical University of Munich have crafted a robot rat so socially savvy,
it's fooling actual rats into thinking it's one of them.
Published in Nature Machine Intelligence,
the team used AI and reinforcement learning to teach the robo-rodent the fine art
of rat communication, whether that's friendly nuzzling or laying down the law in a cage scuffle.
The robot doesn't look entirely rat-like, it's more a rat on wheels, but evidently it's got the
moves. With a flexible spine, nimble head, and functioning forelimbs, it mimics rat behavior
well enough to trigger emotional responses from its furry peers. Fear during anger or playful
wrestling during happier times. Scientists envision these rodent doppelgangers as tools
to study social behavior and emotional states in real rats.
The robot rat fools real rats into trusting it.
Meanwhile, AI fools humans into thinking their chat history is private. And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. Thank you. It's a privilege that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people.
We make you smarter about your teams while making your teams smarter.
Learn how at N2K.com.
This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music and sound design
by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Carr.
Simone Petrella is our president.
Peter Kilpie is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.