CyberWire Daily - Safeguarding American data from foreign hands.
Episode Date: March 21, 2024The House Unanimously Passes a Bill to Halt Sale of American Data to Foreign Foes. The U.S. Sanctions Russian Individuals and Entities for a Global Disinformation Campaign. China warns of cyber threat...s from foreign hacking groups. A logistics firm isolates its Canadian division after a cyber attack. Ivanti warns of another critical vulnerability. Researchers find hundreds of vulnerable Firebase instances. Microsoft phases out weaker encryption. Formula One fans fight phishing in the fast lane. Glassdoor is accused of adding real names to profiles without user consent. Our guest is Adam Meyers, SVP of Counter Adversary Operations at CrowdStrike, discussing how adversaries are attacking cloud environments and why it’s an increasingly popular attack surface. And Pwn2Own winners take home their second Tesla. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Adam Meyers, SVP of Counter Adversary Operations at CrowdStrike, discussing how adversaries are attacking cloud environments and why it’s an increasingly popular attack surface – especially as more companies implement AI. For more information, check out CrowdStrike’s 2024 Global Threat Report. Selected Reading House unanimously passes bill to block data brokers from selling Americans’ info to foreign adversaries (The Record) Treasury Sanctions Actors Supporting Kremlin-Directed Malign Influence Efforts (US Treasury Department) China warns foreign hackers are infiltrating ‘hundreds’ of business and government networks (SCMP) International freight tech firm isolates Canada operations after cyberattack (The Record) Ivanti urges customers to fix critical RCE flaw in Standalone Sentry solution (Security Affairs) 19 million plaintext passwords exposed by incorrectly configured Firebase instances (Malwarebytes) Microsoft deprecates 1024-bit Windows RSA keys — now would be a good time to get machine identity management in order (ITPro) Users ditch Glassdoor, stunned by site adding real names without consent (Ars Technica) Famous Spa GP F1 race comms hijacked by phishing scammers (Cyber Daily) Security Researchers Win Second Tesla At Pwn2Own (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
The House unanimously passes a bill to halt sale of American data to foreign foes.
The U.S. sanctions Russian individuals and entities for a global disinformation campaign.
China warns of cyber threats from foreign hacking groups.
A logistics firm isolates its Canadian division after a cyber attack.
Avanti warns of another critical vulnerability.
Researchers find hundreds of vulnerable Firebase instances.
Microsoft phases out weaker encryption.
Formula One fans fight phishing in the fast lane.
Glassdoor is accused of adding real names to profiles without user consent.
Our guest is Adam Myers, Senior Vice President of Counter-Adversary Operations at CrowdStrike,
discussing how adversaries are attacking cloud environments
and why it's an increasingly popular attack surface.
And Pwn2Own winners take home their second Tesla.
It's Thursday, March 21st, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing.
Thank you for joining us here today.
It is always great to have you with us.
The U.S. House of Representatives unanimously passed a bill
to prevent data brokers from selling Americans' sensitive information
to foreign adversaries, including China.
This legislation, part of a broader focus on data privacy,
was expedited through the House,
demonstrating a strong bipartisan stance on protecting national security and privacy. The bill, seen as a step
toward addressing concerns over foreign exploitation and personal data, moves alongside
efforts to force TikTok to sever ties with its Chinese owners. Despite this progress, privacy
advocates call for the advancement of the
more comprehensive American Data Privacy and Protection Act, which remains stalled. The ADPA
aims to offer wider protections by reducing the overall amount of data available online,
rather than just limiting sales to specific entities. This legislative action aligns with a White House executive order
to block foreign adversaries from accessing large swaths of American personal data.
The focus now shifts to the Senate,
with an emphasis on the importance of comprehensive data privacy protections.
The U.S. Treasury's Office of Foreign Asset Controls sanctioned two individuals for their
roles in a Russian malign influence campaign aimed at impersonating media outlets to mislead
and undermine trust in democratic institutions globally, including U.S. elections. These actions,
directed by the Russian government, form part of a broader effort to destabilize democracy
using cyber activities and influence campaigns worldwide.
The sanctions block any U.S. assets of the designated and prohibit transactions with them,
reflecting OFAC's ongoing efforts to disrupt Russian disinformation tactics.
China's Ministry of State Security warns of significant cyber threats from
foreign hacking groups targeting businesses and government networks, emphasizing the rampant
nature of such attacks. The ministry detailed tactics like phishing and exploiting software
vulnerabilities, urging heightened cybersecurity vigilance and reporting of incidents.
Amidst increasing cyber espionage accusations between China and the U.S., China has bolstered its cybersecurity laws and measures
focusing on safeguarding national security and data integrity.
This includes expanding counter-espionage efforts
and forthcoming stricter penalties under the cybersecurity law,
highlighting a growing emphasis on combating cyber threats and espionage.
As we have highlighted here previously, it's worth noting that these sorts of warnings from China,
distributed through their own local media, tend to be comparatively short of specific details
when contrasted with reports from the U.S. and its
allies. International firm Radiant Logistics experienced a cybersecurity incident impacting
its Canadian operations on March 14th, leading to the isolation of those operations to prevent
further unauthorized activity. Despite service delays in Canada, the company, which specializes
in logistics services like warehouse and distribution, assured that the attack would
not significantly affect its financial condition. The U.S. and international operations remain
unaffected. The incident, which has not been claimed by any ransomware group, comes amid
increasing ransomware attacks
on the logistics sector, targeting essential services and causing significant disruptions.
Radiant Logistics, with about $1 billion in annual revenue, has engaged cybersecurity
professionals for assessment and remediation. This follows a pattern of cyberattacks on
critical infrastructure companies, including AmeriCold and Cisco,
highlighting the growing threat to the logistics and distribution industry.
Avanti has issued a warning to customers about a critical remote code execution vulnerability
with a CVSS score of 9.6 in its Standalone Century product.
score of 9.6 in its Standalone Century product. This flaw allows unauthenticated attackers to run arbitrary commands on the appliance's operating system if they are on the same network. The
vulnerability was reported by experts from the NATO Cybersecurity Center. Although there are no
known exploits in the wild at the time of disclosure, Avanti emphasizes that the vulnerability cannot be exploited via the Internet
without a valid TLS client certificate.
This announcement follows a joint advisory from the Five Eyes Alliance
about threat actors targeting known vulnerabilities in Avanti's products.
An independent group of security researchers scanning the internet for vulnerable
Firebase instances discovered significant security lapses, finding 916 sites with improperly set up
databases, exposing vast amounts of personal data. Owned by Google, Firebase is designed to aid app
development and hosting. Many of these instances had security rules disabled,
allowing unauthorized data modifications, including on a banking site.
Over 5 million domains were scanned,
revealing exposed details of millions,
including names, emails, phone numbers, and passwords,
20 million in plain text, and billing information.
Despite Firebase offering secure sign-in solutions, some administrators stored passwords
insecurely. After notifying the affected companies, only a small fraction responded,
but a quarter corrected the misconfigurations.
Microsoft is phasing out support
for Windows RSA encryption keys
under 2048 bits
to enhance cybersecurity,
aligning with Internet standards
that discourage the use
of weaker encryption.
This move, aimed at preventing
advanced cryptographic attacks,
necessitates organizations
to update their machine
identity management, especially for
server authentication via transport layer security, TLS. The change underlines the importance of
longer key lengths and shorter validity periods for reducing brute force attack risks. However,
this transition may challenge enterprises without a sophisticated approach to managing machine
identities, potentially leading to operational disruptions if deprecated identities aren't
replaced promptly. Microsoft has yet to announce the start date for this deprecation,
but anticipates a grace period similar to previous updates.
On March 17th of this year, hackers compromised the official email of Belgium's Circuit des Spas Franco-Champs,
sending phishing emails to Formula One fans with fake €50 vouchers for the Grand Prix.
The counterfeit site, designed to mirror the official Spa Grand Prix website,
solicited personal and banking information.
SPA Grand Prix website solicited personal and banking information. Identifying legitimate emails became challenging as the scammers utilized the event's official email. SPA GP
quickly alerted its customers to the scam and engaged its IT security subcontractor
to prevent future incidents. Prioritizing data confidentiality and integrity, SPA GP filed a complaint with
cybercrime authorities on March 18, initiating a criminal investigation to uncover the breach's
causes and prevent recurrence. Glassdoor, the popular online platform for anonymous employee
reviews, has initiated a controversial practice
of adding real names to user profiles
without their consent.
This development came to light
when a Glassdoor user named Monica,
a Midwest-based software professional,
discovered her real name added to her profile
following an interaction with Glassdoor's support team.
Monica had reached out for assistance in removing information from her account,
only to find her privacy compromised instead.
Monica's discovery sparked immediate concern,
leading her to caution the Glassdoor community through a blog post,
urging users to reconsider their membership on the platform.
The root of this issue lies in Glassdoor's acquisition of Fishbowl,
a professional networking app requiring users to verify their identities.
This acquisition, which led to an automatic sign-up of Glassdoor users to Fishbowl,
marked a significant shift in Glassdoor's operational policies,
including changes to its terms of service
that now require user verification. While Glassdoor insists that anonymity can still
be maintained, the integration with Fishbowl has introduced potential risks to user privacy.
The EFF, known for defending Glassdoor users against employer retaliation,
expressed concerns that Glassdoor's new policy
of storing real names increases the likelihood
of users being linked to their reviews
if the platform's data is ever subpoenaed or leaked.
This development is particularly troubling
for users who rely on Glassdoor
to speak candidly about their workplace experiences
without fear of backlash.
In response to the outcry, Glassdoor offered a statement emphasizing its commitment to user anonymity
and the option to remain anonymous while using its services, including Fishbowl.
However, Monica's experience and the ensuing public debate
raised questions about the practical implications of Glassdoor's policy changes and
their alignment with the company's long-standing principles. Glassdoor's recent actions serve as
a cautionary tale about the delicate balance between expanding services and safeguarding
the foundational values that attract and retain users. For many, the incident underscores the importance of vigilance and advocacy
in protecting digital privacy in an interconnected online ecosystem.
Coming up after the break, CrowdStrike's Adam Myers joins me to discuss how adversaries are attacking cloud environments.
Stay with us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to
vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off. And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
your executives and their families at home.
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
Adam Myers is Senior Vice President of Counter-Adversary Operations at CrowdStrike,
and I recently caught up with him to discuss how adversaries
are attacking cloud environments
and why it's an increasingly
popular attack surface.
So when, oh, this must be going back
10 years now, 2014, I think it was.
My wife actually works
at CrowdStrike as well,
and she is in the marketing org.
And way back when she said,
hey, would you guys do a yearly report
that we could publicly release?
And I said, no.
And then she said,
you're going to do a yearly report
that you're going to publicly release.
And I said, okay.
She said, yes, dear.
Yeah, exactly.
I didn't want to mess with that.
And that's, you know, we put it out.
And after we did it, I was like, wow, taking a look back, it's kind of interesting.
Like, there's a lot of interesting things that happened over the last year.
So then the next year came around and she said, so you're going to do it again?
And I said, yep.
And we've been doing it ever since.
That's interesting.
I mean, does the process of putting together something like this and on top of that, knowing that it's going to be for public consumption, does that change the way that you approach it?
That's a great question.
We actually do an internal version of it for customers and that comes out in early January.
And then we kind of do a more, you know, that's probably twice's probably twice as long and there's, there's probably twice as much information in it, but we try to kind of condense that down to kind of the
top themes or stories and make it more accessible to the general public, right? Because I think
we've done these before where we didn't do that. This is, this is recent years. We've been
offering this consolidated version.
And in the years before that, what I think would happen is a lot of people would download this massive 70-page, 80-page PDF onto their desktop with every intention of reading it. And then probably about six months later, they would come to the conclusion that they weren't going to read it, and then they delete it.
weren't going to read it, and then they delete it. So this was really meant to make it just easier for the corporate audience that doesn't have that level of time to go into every nuance of everything
and trend that we saw over the past year. So this is kind of the wave tops, just the thing that they
need to be aware of. Yeah. Well, let's dig in together here. I mean, what are some of the
things that really caught your attention? There was a few key themes that we talk about and some key stats.
So maybe starting with the key stats, we track over 230 threat actors that we designate as a named adversary.
And we added 34 in the last year.
And we added 34 in the last year. That's e-crime actors, China, nation state threat actors across the board, new nation state threat actors. We added Egypt as one that we were tracking this year. So the problem becomes more protracted, I think is probably the key takeaway from that stat, more threat actors who are engaging in offensive cyber operations.
The next stat that I would say is, you know, we saw a 75% increase in cloud intrusions this year over 2022.
And if you had asked me a year and a half ago, what are the cloud threats or what does the cloud risk environment look like?
It probably would have been coin mining.
But what we're seeing now is that there are more and more threat actors who are leveraging that cloud because so many prospective organizations
or targets for those threat actors have moved into the cloud
because it is much more efficient.
And by default, it is much more efficient and by default it is secure it's just when they
start to uh to manipulate it and to configure it that they open up a lot of the those vulnerabilities
so we've seen a massive uptick in cloud attacks over the last year i'll say also that on the e-crime
threat side this is one that's kind of interesting for a lot of folks because everybody
knows that ransomware is a problem. And right after the conflict in Ukraine started, there was
a lot of people saying, oh, that's going to impact ransomware. It's going to impact e-crime.
What we found was that in 2022, when the conflict started, there was a bit of an impact to that amount of e-crime activity we were seeing.
But they quickly kind of recovered towards the end of the year.
And what we saw in 2023 was just a massive uptick in new activity.
What's really interesting in the report is that the average ransom demand is down
27%. And you would think that would indicate that there's less of it happening, but it's quite the
opposite. What we're seeing now is more volume ransomware. And more and more threat actors are
including data extortion where they threaten to leak the information as well. We saw a 76% increase in the number of data leaks that were advertised over the last year.
We also saw a 6% increase in new vulnerabilities with a 9 or 10 CVSS3 score. And we saw the cost
of everything that makes up that e-crime ecosystem going up.
The cost for a loader to load malware was up 169%.
The cost of a cryptor to make it so that tools are not visible
or discoverable by security products went up 250%.
And info stealers, probably this is the most interesting.
We saw an explosion of identity-based attacks over the last year.
And the cost of an info stealer, which is kind of what fuels a lot of those identity attacks, was up 286%.
So the e-crime ecosystem is thriving with more volume, but probably less average ransom demand cost.
So on the average ransom demand cost, to what degree is there an element of the ransomware
operators increasing their own level of intelligence? In other words, coming at an
organization with a smart number in mind based on some sort of research they did ahead of time
rather than just dropping a big demand on somebody?
We find that they tend to use the average revenue of the target.
You can look that up on any number of sites.
And they typically go with somewhere around 5% of the average revenue of a company as the ransom demand.
And I think that they also understand that cyber insurance and how that whole process works.
So they kind of know where they're going to land.
With the cybercrime world booming here and their own prices and costs going up, where does that leave the defenders?
Are folks being effective here at protecting themselves? Or to what degree have the defenders
evolved their own techniques to be able to parry against this?
Well, the thing that's really interesting about that question is that the threat actors,
there's this quote that I like to
paraphrase from Bruce Lee, where he says, be like water. I take the path of least resistance,
the easiest way to get there. And what we've seen is that things like EDR, like CrowdStrike has
Falcon EDR, there's a number of other ones out there, have effectively made trying to use the old techniques that worked in 2022
pretty ineffective, right? It's become much more widespread. More and more organizations have
adopted modern endpoint detection and response tooling. And so the threat actors didn't try
harder. I kind of always liken this to airport security, right? If you try to go into the airport with a water bottle,
they're probably going to stop you.
But if you are a TSA agent,
there's probably less scrutiny.
So just steal a badge or make a fake one
and come in using that
and you get your water bottle in, right?
And that's effectively what we're seeing on the enterprise.
That EDR has made it difficult
to bring Microsoft Excel with macros
that downloads Cobalt Strike
and then the threat actor starts to bring in tools
like Mimikatz to dump credentials and move laterally.
And now what they're doing
is they're focusing on the identity aspect.
They know that if they come in as a legitimate user
and live off the land,
it's far more difficult to detect them.
They blend in.
So we're seeing more and more threat actors have adopted this identity approach.
There's a lot of social engineering attacks that kind of lead the way there.
And then once they get in with that legitimate credential, they're going to use tools that are less alerting.
credential, they're going to use tools that are less alerting. So they use remote monitoring and management tools like Fleet Deck or AnyDesk in order to establish and maintain access.
That cloud stat that I gave you earlier is a factor too, because 75% increase in those cloud
attacks, that doesn't necessarily mean that that's how they get in initially. It just means that we're
seeing an uptick in these cloud attacks. And what they're typically doing is they're compromising a
credential, getting into the cloud, using that for persistence, and using that to deploy tooling,
things like Azure Run commands can be very powerful for a threat actor. And so, you know,
they're really kind of staying out of the searchlight, you know, of the EDR. And more and more enterprises, to get back
to your question, and this is one of the powerful reasons we put this report out, is they need to
understand that they need to invest in identity protection. Multi-factor authentication is not
the silver bullet because it can be defeated. We see threat actors using SIM swapping or
multi-factor exhaustion attacks, things like that to get past it. So what you really need to do is
have this identity protection wrapped around the identity. And when you start to see users
engaging in anomalous behavior or coming in with anomalous devices that they don't typically use,
that should be used to kind of enhance the security
and contain that identity before it can access any data.
And that's really, I think, probably the number one takeaway
is that organizations have invested in endpoint protection and endpoint security,
but they haven't really done so in cloud security
and they haven't really done so in identity.
And you need to have cross-domain visibility. You need to be able to see into the identity stack,
into the enterprise stack, and into the cloud stack if you're going to actually stop these
threat actors. Where do we stand in terms of the spread between the haves and the have-nots?
I'm thinking of those small and medium-sized businesses who don't have access
to the tooling that an enterprise customer might have. Is there a sense that that spread is getting
wider? Well, I think the good news is that there is managed detection and response. So at CrowdStrike,
for example, we have something called Falcon Complete, where you can have Falcon CrowdStrike's tooling deployed. You can have the Overwatch team,
which is our threat hunters who are kind of keeping an eye on it and monitoring what's
happening. And then the Complete team can actually come in and do the cleanup and remediation for you.
So you don't have to... One of the things we talk about is breakout time. And in
2022, the breakout time was 84 minutes. That's how long it takes for a threat actor to get
from initial access to move laterally and escalate privilege. In 2023, it was 22 minutes faster,
meaning the average breakout time was 62 minutes. And the fastest breakout time in 2022
was seven minutes, some odd seconds.
And in 2023, it was two minutes, seven seconds.
Wow.
So think about what happens in two minutes and seven seconds
going to get a cup of coffee or use the restroom.
I was just saying, right.
That's getting yourself a breath of fresh air.
I mean, that's nothing.
Exactly.
So you can't be, if you can't even get up and use
the restroom, for example, then you're in a bad spot. So having that continuous monitoring and
visibility is absolutely essential. So the good news is that these types of things are within
reach for those less sophisticated organizations who kind of need to rely on a turnkey
solution? Absolutely. Yeah, there's a lot of options out there. And, you know, we're working
with a lot of our partners as well. We've announced a couple of really big partnerships in the last
year that let us kind of bring those things to those customers in a, you know, one through a channel
that they like to acquire things through and two, maybe through a provider that they like to work
with. So there's lots of ways to kind of not, you know, not throw your hands up in the air and just,
you know, resign yourself to getting hacked. Right. Well, I'm looking at the information
you all have gathered here. What are your recommendations for folks as we continue our way through 2024?
What are the tips that you're sharing with your customers?
Yeah, so, I mean, identity protection is the number one thing that we see day in and day out when we're doing incident response engagements and things like that is that the identity is constantly being compromised. And
here's why that's so important. If you look at the breakdown of one of those attacks,
I mentioned the 62-minute average and the two-minute was the fastest. But looking at Looking at one attack that I had was 53 minutes and 46 seconds.
39 minutes of that was password spraying.
So if you think about where the adversary needs to invest to get faster and better,
it's that initial access, that password spraying or brute forcing or however they're getting in.
And we're seeing lots of different techniques and different types of identity.
Even EPI keys and things like that can be very powerful. But the first 39 minutes of that attack was that password spraying. And then you start to see 31 seconds later, they drop a file.
Three minutes later, they drop discovery tools. Three minutes after that, they drop ransomware.
And then they try to run the discovery tool, it gets blocked by a falcon,
and then they spend five minutes trying to figure out what happened. They see falcons there and they go away. But it's important that if you can get in front of that identity step, that's where
threat actors are probably going to be investing in the next year in order to increase their speed
and effectiveness. The second recommendation is, you know, you have to have
effective cloud security.
Cloud security posture management
and things like that
are absolutely essential
if you're running in a cloud.
If you have Microsoft Azure
for your domain and email
and things like that, for example,
or you're using some other public cloud
for other purposes,
you need to have effective monitoring and visibility into that cloud
to see when you're introducing potential vulnerabilities.
Cross-domain visibility is what I mentioned earlier as well,
which is having the visibility into the identity,
having identity protection in place,
having visibility into the endpoint with an EDR tool,
and having that visibility into the cloud. And if you have IoT or OT, that also becomes
another domain. But having that cross-domain visibility, because these threat actors are
going to break something on the identity side in order to get someplace on the enterprise side and
maybe leverage the cloud for persistence after that. So if you have visibility into those three things
and you can see and correlate activity
between those three domains or four domains
or whatever it is,
then you're going to have a much better chance
at catching something.
The other thing I tell people is you have to practice
because you practice like you play.
And if you don't go through and do a tabletop exercise
and say, what would happen if we
got hit by ransomware?
What would happen if our cloud S3 bucket was left open?
Then you're going to fall on your face.
And you need to know, do you have outside counsel?
Who's managing corporate comms?
Who's managing PR?
Do you have to file something with the SEC?
So just by going through those tabletops, you build that muscle memory to be able to respond. And then finally, you have to know the adversary. You have
to understand these 230 plus threat actors that we track, who they are, what they're after, how
they operate, and then you can orchestrate your defenses effectively. That's Adam Myers,
Senior Vice President of Counter Adversary Operations at CrowdStrike.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatL are evolving every second, and staying ahead is more than just a challenge. It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com
today to see how a default deny approach can keep your company safe and compliant.
With TD Direct Investing, new and existing clients could get 1% cash back.
Great! That's 1% closer to being part of the 1%...
Maybe, but definitely 100% closer to getting 1% cash back with TD Direct Investing.
Conditions apply. Offer ends January 31, 2025. Visit td.com slash DI offer to learn more.
And finally, at Pwn2Own Vancouver 2024, French security researchers from Synactive won a Tesla Model 3 and $200,000 by exploiting a zero-day vulnerability in the
car's electronic control unit via an integer overflow flaw. The achievement placed them at
the top of the leaderboard on the first day of the competition organized by Trend Micro's
zero-day initiative. The competition's first day saw $732,500 awarded for 19 zero-day vulnerabilities across various products, aiming to enhance vendor security.
Other notable achievements included Manfred Paul's remote code execution on Apple Safari and South Korean team Theory's exploit on VMware Workstation, demonstrating a high level of skill and innovation
among participants. The event, which offers $1.3 million in cash and prizes, emphasizes the
critical role of ethical hacking in identifying and patching vulnerabilities. This is the second
time Synactive's team has won a Tesla at Pwn2Own,
which leaves us wondering if they'll need to use some of their prize money to build a bigger garage.
Our automotive desk tells us there's no truth to the rumor
that Tesla is considering offering a special Model 3 Synactive Edition.
Congratulations to all the winners. And that's the Cyber Wire. For links to all of
today's stories, check out our daily briefing at thecyberwire.com. We'd love to know what you
think of this podcast. You can email us at cyberwire at n2k.com. We're privileged that N2K and podcasts like the Cyber Wire
are part of the daily intelligence routine
of many of the most influential leaders and operators
in the public and private sector,
as well as the critical security teams
supporting the Fortune 500
and many of the world's preeminent intelligence
and law enforcement agencies.
N2K Strategic Workforce Intelligence
optimizes the value of your biggest investment,
your people.
We make you smarter about your team
while making your team smarter.
Learn more at n2k.com.
This episode was produced by Liz Stokes.
Our mixer is Trey Hester
with original music by Elliot Peltzman.
Our executive producers are Jennifer Iben
and Brandon Karp.
Our executive editor is Peter Kilby and Brandon Karp. Our executive editor
is Peter Kilby
and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Thank you. Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided
apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.