CyberWire Daily - Scammers celebrate with a bang.
Episode Date: March 24, 2025Money laundering runs rampant in Cambodia. Privacy advocates question a new data sharing EO from the White House. An NYU website hack exposes the data of millions. A game demo gets pulled from Steam a...fter users report infostealing malware. The Cloak ransomware group claims a cyberattack on the Virginia Attorney General’s Office. 23andMe files for Chapter 11 bankruptcy. Medusa ransomware is using a malicious driver to disable security tools on infected systems. Clearview AI settles a class-action lawsuit over privacy violations. A look back at the CVE program. In today’s Industry Voices segment, we are joined by Joe Ryan, Head of Customer Enablement at Maltego Technologies, who is highlighting how to help analysts in resource-constrained environments overcome training gaps and use investigative tools more effectively. Luring AI bots into the digital labyrinth. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In today’s Industry Voices segment, we are joined by Joe Ryan, Head of Customer Enablement at Maltego Technologies, who is highlighting how to help analysts in resource-constrained environments overcome training gaps and use investigative tools more effectively. Selected Reading How Scammers Launder Money and Get Away With It (New York Times) Trump order on information sharing appears to have implications for DOGE and beyond (The Record) Over 3 million applicants’ data leaked on NYU’s website (Washington Square News) Steam pulls game demo infecting Windows with info-stealing malware (Bleeping Computer) Ransomware Group Claims Attack on Virginia Attorney General’s Office (SecurityWeek) 23andMe Files for Bankruptcy Amid Concerns About Security of Customers’ Genetic Data (New York Times) Medusa Ransomware Uses Malicious Driver to Disable Security Tools (SecurityWeek) Clearview AI settles class-action privacy lawsuit worth an estimated $50 million (The Record) Despite challenges, the CVE program is a public-private partnership that has shown resilience (CyberScoop) Trapping misbehaving bots in an AI Labyrinth (Cloudflare) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
Investigating is hard enough.
Your tools shouldn't make it harder.
Maltigo brings all your intelligence into one platform and gives you curated data, along
with a full suite of tools to handle any digital investigation.
Plus, with on-demand courses and live training, your team won't just install the platform.
They'll actually use it and connect the dots so fast cybercriminals won't realize they're
already in cuffs.
Maltigo is trusted by global law enforcement, financial institutions and security teams
worldwide.
See it in action now at Maltigo.com.
Money laundering runs rampant in Cambodia.
Privacy advocates question a new data- data sharing EO from the White House.
An NYU website hack exposes the data of millions.
A game demo gets pulled from Steam after users report info stealing malware.
The Cloak Ransomware Group claims a cyber attack on the Virginia Attorney General's office.
23andMe files for Chapter 11.
Medusa Ransomware is using a malicious driver to disable security tools.
Clearview AI settles a class action lawsuit over privacy violations.
A look back at the CVE program on today's industry voices segment,
we're joined by Joe Ryan, Head of Customer Enablement at Maltigo Technologies,
who's highlighting how to help analysts in resource-constrained
environments overcome training gaps and use investigative tools more effectively, and
luring AI bots into the digital lab-riff. It's Monday, March 24, 2025.
I'm Dave Bittner and this is your CyberWire Intel Briefing. Scammers in Cambodia celebrate their biggest online frauds with fireworks, often after
stealing victims' life savings through romance scams or fake crypto platforms.
According to the New York Times, these scams fuel a massive, fast-moving money laundering
network involving billions of dollars.
Authorities like the FBI and Interpol have tried to intervene, but the system is resilient
and global.
At the center is Huon Group, a Cambodian financial conglomerate with legitimate businesses and
illicit arms.
One Huon affiliate runs a telegram-based marketplace linking scammers with money launderers, a
hub responsible for at least $26.8 billion in crypto transactions.
Another affiliate, Huon International Pay Pay operates like a professional bank, managing
funds and coordinating with scammers.
The operation uses matchmakers, money mules and sophisticated infrastructure.
Some workers are trafficked victims forced into scams.
The proceeds fund luxury lifestyles and further criminal services, from fake investment sites
to stolen personal data.
And yes, part of the take pays for fireworks to celebrate another payday.
A new executive order from President Trump expands data sharing between federal and state
agencies, sparking concerns from privacy advocates. The order requires federal agencies to eliminate rules that limit the sharing of unclassified
data and mandates access to data from all state programs receiving federal funds, even
when stored with third parties.
Experts warn the move is designed to normalize the controversial practices of the Department of Government Efficiency, DOJ,
which has been accused of overreach and violating privacy laws.
Critics fear the order enables a centralized federal surveillance system
and bypasses legal safeguards like the System of Records notices.
DOJ has faced lawsuits for unauthorized data sharing, including a recent court order halting its access to social security data.
Experts warn the move is designed to normalize the controversial practices of the Department of Government Efficiency, DOGE, which has been accused of overreach and violating privacy laws. Critics fear the order enables a centralized federal surveillance system and bypasses legal
safeguards like system of records notices.
Doge has faced lawsuits for unauthorized data sharing, including a recent court order halting
its access to Social Security data.
Experts argue the EO could weaponize personal data and erode civil liberties under the guise
of efficiency and fraud prevention.
The White House has not commented.
A hacker breached NYU's website Saturday morning, exposing personal data from over
three million applicants dating back to 1989.
The leak included names, test scores, intended majors, zip codes, financial aid information,
and details on family members.
The site, hijacked for at least two hours, displayed charts claiming racial disparities
in NYU admissions, alleging lower average scores for Black and Hispanic students compared
to White and Asian applicants, despite the Supreme
Court's 2023 ban on affirmative action.
Four downloadable files revealed common application data, including rejected applicants and sibling
information.
NYU restored the site by noon and reported the breach to law enforcement.
The group behind the hack is tied to a 2023 University of Minnesota
breach involving 7 million social security numbers. NYU, which opposed the affirmative
action ruling, had seen a decline in minority admissions following the decision.
Valve has removed the game Sniper Phantomoms Resolution from Steam after users reported it contained
info-stealing malware. Though billed as a demo, the installer directed players to download
from an external GitHub repository. Reddit users found the file included tools for privilege
escalation, cookie theft, and persistence via startup scripts. The developers' GitHub and website were taken down,
and Valve acted following reports.
Users who installed the game are urged to scan their systems.
This follows a similar Steam malware case last month.
The ransomware group Cloak has claimed responsibility
for a cyberattack that disrupted nearly all systems
at the Virginia Attorney General's office in February.
Employees were forced to revert to paper filings as internal services, VPN, and the website
went offline.
On March 20, Cloak posted alleged stolen AGO data on its leak site, indicating a failed
extortion.
Active since 2022, Cloak uses ARC Cryptor ransomware and often targets small to mid-size
businesses, with this being its first confirmed US attack this year.
Genetic testing company 23andMe filed for Chapter 11 bankruptcy amid growing concerns
over its handling of sensitive customer data.
The company, which holds genetic profiles of over 15 million users, suffered a major
breach in 2023 that exposed personal information from nearly 7 million accounts, mainly targeting
Jewish and Chinese customers.
A class action lawsuit followed, accusing 23andMe of failing to notify affected users.
As trust eroded, sales declined, contributing to mounting losses.
The company says it will maintain current data protections during its sale process.
Medusa Ransomware is using a malicious driver to disable security tools on infected systems,
according to Elastic Security Labs.
Masquerading as a legitimate crowd strike driver, it's signed with a revoked certificate from a
Chinese company and protected by VM Protect. Elastic, which calls it Abyss Worker, found
samples dating from August 2024 through February of this year, mainly using stolen certificates.
The driver, previously used in other malware campaigns,
can manipulate processes, files, and system operations to disable defenses,
often by spoofing system time to bypass signature checks.
Clearview AI has settled a class-action lawsuit over privacy violations for an estimated $50
million approved by a federal judge.
The deal gives plaintiffs and their lawyers a stake in the company's future value rather
than a direct payout.
The lawsuit accused Clearview of scraping billions of facial images from the web without
consent, violating
Illinois' Biometric Privacy Act. Clearview denies wrongdoing. Critics, including 22 state
attorneys general, argue the settlement doesn't do enough to prevent future misuse of biometric
data. There's no small irony here, attaching the plaintiff's benefits to the success of Clearview.
A thoughtful piece by Cynthia Brumfield for Cyberscoop looks at the CVE, the Common
Vulnerabilities and Exposures Program. Launched in 1999 by MITRE researchers, it's become a
cornerstone in global cybersecurity, enabling consistent tracking and sharing of vulnerability data.
Now in its fifth iteration, it includes over 413 reporting
organizations across more than 40 countries
and had over 270,000 records by 2024.
Despite challenges like disputes over data quality,
concerns about vendors potentially
hiding vulnerabilities,
and funding issues at NIST, the system remains resilient.
Experts argue its federated structure, dispute resolution mechanisms, and community oversight
help maintain transparency.
The rise in CVEs, while sometimes criticized, reflects better visibility and reporting,
not necessarily increased risk.
Recent funding shortfalls under the Trump administration's DOJ initiative tested the
system's durability, but MITRE and others stepped up. Despite imperfections, cybersecurity leaders
agree the CVE system remains essential. It's a long-standing public-private partnership that
continues to evolve, and
a future without it would leave defenders far less equipped to handle digital threats.
Coming up after the break, my conversation with Joe Ryan, head of customer enablement
at Maltigo Technologies. We're talking about how to help analysts in resource-constrained environments
overcome training gaps and luring AI bots into the digital labyrinth.
Stay with us. Do you know the status of your compliance controls right now?
Like right now.
We know that real-time visibility is critical for security, but when it comes to our GRC
programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist, Vanta brings automation to evidence collection
across 30 frameworks like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you
get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber that's vanta.com slash cyber for a
thousand dollars off.
Looking for a career where innovation meets impact? Vanguard's technology team
is shaping the future of financial
services by solving complex challenges with cutting-edge solutions.
Whether you're passionate about AI, cybersecurity, or cloud computing, Vanguard offers a dynamic
and collaborative environment where your ideas drive change.
With career growth opportunities and a focus on work-life balance, you'll have the flexibility
to thrive both professionally and personally.
Explore open cybersecurity and technology roles today at Vanguardjobs.com. Joe Ryan is head of customer enablement at Maltigo Technologies, and in today's sponsored
industry voices segment, we discuss helping analysts in resource-constrained environments
overcome training gaps and use investigative tools more effectively.
It really depends on exactly what type of analysts you are and what sort of investigation
that you're working.
You know, from the professional world where I am, we tend to serve two distinct types
of analysts.
We have our more cybersecurity focused analysts that might be dealing a little bit more on
a network infrastructure level or dealing a little bit more with cyber
threat intelligence. And then we have on the other side, more of our investigative analysts
who might be dealing with the real world aspect of it in terms of actually looking into specific
individuals or organizations. And oftentimes, that kind of shapes the tasks
that they're given and even the tools
that they are provided and the working environment
in which they're kind of in as well.
So I think a lot of it kind of boils down
to exactly the job, but then what we really start to see is
the resource constraints play out across that.
Because if you're working in private industry,
often you might find yourself a little bit more resource.
You might have a few more tools at your disposal,
whether that's software or access to particular data.
But then oftentimes we find that maybe government agencies, for instance,
some of those, if they're not on a federal level or something,
may not be quite as well resourced.
And so they're given a little bit less to work with and have to either rely a little bit more on,
perhaps open source intelligence
or just being a bit more resourceful and flexible
in how they conduct those investigations.
Well, help me understand here, Joe.
I mean, to what degree does a typical analyst
have influence over the types of tools that they are able
to work with?
Yeah, so this is a great question.
And I come from a background working in law enforcement and government agencies.
And I can tell you in my experience, it does depend on the agency and it does depend on
the organization as a whole. I've seen investigators, particularly, for instance,
if they're working in something like digital forensics,
who say, look, I just cannot do my job unless I have
a Tool X or something equivalent.
If you can't provide me with Tool X,
then you really can't expect me to be able to
fulfill the responsibilities of this role.
And so I think sometimes the individual analyst or
the individual investigator really does have a lot of
say in what they can do and what they need.
But then you also have
environments when you're working in much larger organizations,
where you're probably just given a set of tools to work with,
and you really just have to make do with that set of tools.
But I would encourage all organizations
to always talk to those end users,
talk to the people who are doing those investigations,
because they're the ones that are hands-on with those tools day in and day out.
If they find that they're not able to do their job as
well as they might be able to with other tools,
especially with the rate that technology is evolving right now,
then you might find that the outcomes for the entire organization
are just not where they could be if those boots on the ground
might have a little bit more voice in that conversation.
Well, in your experience, sir, are there any common mismatches here
between what the analyst thinks are the most effective tools for them
versus what let's just call them the powers that be decide that they're going to fund?
So in general, I don't see much of a mismatch in terms of which products are needed and
which products are given.
What I tend to see in mismatch
and is actually the more of the change management
is in the implementation side of things.
So oftentimes, organizations do try to do
what's best for their outcomes
and what's best for their investigators or their analysts
by providing them with perhaps what they think is a better
tool, a newer tool, a faster tool.
But then maybe they do that without even talking to the individuals.
And those individuals are not solely reliant on one tool.
Oftentimes, they're using multiple tools and they've become very proficient at
using those tools together. They have certain workflows that they do
on a regular basis. They have certain integrations set up. Maybe they have
automations set up. Maybe they have resources in place for sharing
particular data from one tool to another. When that is disrupted to introduce a new tool into,
maybe their tech stack, if you will,
then that can cause a lot of problems.
It's not always just,
do you have the best,
shiniest tool for the job?
It's also how does that tool really fit into the everyday
works that you're doing,
both the workflows that you've established,
but then also how does it play with all of the other pieces
of technology and solutions that you already have implemented
within your day-to-day work?
What are the common elements here for folks
who are having success?
You know, obviously nobody has unlimited resources, so you have to dial it in. The
folks who are effective in doing that, are there common elements to their
approaches? I think so. I think that one of the big things that people, now this
can kind of come from two directions.
You have the organizational side.
You have the side of the organization that is
actually acquiring new pieces of technology and solutions,
and then you have the side of the vendors.
I think from the side of the vendors,
you really need to understand that you're not the only tool in the tool kit of the end user of your product.
Oftentimes, they are using two, five, maybe 10 other tools in combination with your product,
no matter how robust it might be. And so you really need to think about that as you work to enable those users to use your product.
You would never want to not give them solutions for how to then integrate your tool with another tool.
And so actually building your enablement material and
your enablement content with that in mind is incredibly important.
From an organizational side, I think, again,
this goes back to that change management aspect,
and really investing time and resources,
which I know for a lot of organizations is one of
the things that they're not always so happy to do,
but investing time and resources into really
intentionally incorporating these solutions
into everyday workflows.
Whether that means we've just acquired a solution, so we want to invest in training
for that solution. We want to take a week and have someone come in and train our entire
team on how to use that solution.
Or we want to be very encouraging of our analysts to take time out of their busy schedules to actually upskill
themselves on these tools.
So when we say, hey, I have a new tool that I'm implementing, maybe also kind of saying,
hey, I expect your day-to-day productivity to drop a little bit right now because I do
expect you to spend a couple hours a week really familiarizing
yourself with this tool going through whatever online training is provided, joining a couple
of webinars, taking some courses, even if it's just watching some YouTube videos, encouraging
that and not just expecting that to sort of happen organically, because I think that's
what we think will happen.
And nine times out of 10, people will completely ignore that, focus solely on getting their
work done.
And oftentimes that leads them to not even adopting the new tool if they can't help it,
because they would rather just do the work the way they've been doing it and stay productive,
then take time to learn this new tool,
which might make them more productive in the long run,
but it's going to take time away from their work right now.
That's a really powerful insight.
I mean, both from the point of view
of meeting people where they are,
meeting them in the middle, that human element.
But also, I think there's a tendency,
especially for folks who've been at this for a while,
to even use new tools in old ways.
This is the way I'm accustomed to using it.
But by giving them the freedom and encouraging them
to take the time to learn things,
it seems to me like in the long run,
that's going to be a positive outcome for all parties.
Absolutely. I mean, up-skilling is one of those things that,
again, is difficult.
Even as a person who struggles with it daily,
knowing that it would be good for me to put aside work for
an hour and take some time to upscale
myself on something that I know might make me
more proficient in the future,
I struggle with that as a professional all the time.
But it is something that I always encourage when I'm dealing,
particularly with users of our platform,
always encouraging them, take the course,
watch the video, join the webinar,
ask your questions because what we find is that when we
actually get on the call with people,
maybe they're struggling or maybe
their organization has set up some kind of training,
we finally get on the call with them
and we get hands-on with them inside the tool
and then they start to have those light bulb moments.
That's when they start to make those connections
and say, wow, this process that I have been doing manually,
that might've taken me a couple of hours, I'm
now able to do in a few minutes with this product I've never used before.
And so, you know, they maybe just can't fathom.
They maybe just can't understand how this new tool could speed things up.
And they just aren't quite willing to let themselves learn that.
And that's not anything against these individuals, right?
Because that's just the nature.
Like you said, it's just I want to just kind of keep doing the thing that I've been doing.
Maybe I'm using that old tool to solve a new problem.
But I encourage people, give those new tools a chance and and maybe this is a bit of a parallel
But we see that conversation happening a lot right now as it comes into you know AI and using these large language models
You know what they say is that you know AI will not replace you a
Person who isn't afraid to use AI
might be the thing that replaces you.
I say that that's the same thing here for these tools.
It's not that a tool or a solution is going to replace you,
it's that there might be a person who was willing to adopt
these new technologies more openly than you are,
and that person might be able
to then do the work faster, better, with better results
than you would be if you don't take that time
to really open up and learn from those new solutions.
And it's always so gratifying when you're working
with someone and you see that light bulb go on, right?
You know, they make that connection.
Yeah.
So, Joe, when we look at the spectrum of tools that are available, I think there's a wide
range between things that are kind of one-click and easy to use on the one hand, but on the
other side, things that require a bit more depth, training, and understanding.
How do you bridge the gap between those two?
This is a big question right now because we find
that pretty much both of these solutions in all industries have a place in the market.
One of my go-to examples is around the design industry.
And we talk about a tool like the Adobe suite of products.
And so you've got, for instance, Adobe Photoshop and Lightroom and all of these different tools
that are out there.
And if you've ever used any of these tools, you open them up for the first time, and there's
kind of 50 buttons across the left and the right and the top
and you just have this big blank canvas to work with and you really don't even know where to start
with a tool like that. But if you want to be a person that works in that industry, you just have
to learn it. And then on the other hand, you have these very lightweight tools.
You have a tool that might be a browser-based tool like Canva, again, in that industry,
that's very drag and drop, very user-friendly.
What's great is that you can accomplish a lot with these simple tools. Depending on the level of work that you're doing,
you're probably never gonna reach
that super, super high level of expertise.
You're probably never gonna reach being
the very, very top of the game,
depending on the work that you're doing.
If you're using these sort of lower barrier
to entry products, but if you're fine with that,
and I feel like for analysts,
oftentimes that's okay.
When you're looking at a product that might still give
you all of the data that you're looking for or allow you
to analyze that data in a quick way,
it doesn't really matter if you're using the sort
of, you know, big name that's been around in the industry for 10 or 20 years and
everyone just kind of quote-unquote believes that this is what you have to
use to be successful in this field and that's because it's super complicated
and only the best of the best know how to use it. It doesn't really matter. If
you can find some other tool that's faster,
that's more lightweight, then use that tool.
And so for me, I would say it's about focusing on doing exactly what it is that you need
to do. And if you find that you're able to accomplish your goals specific to your role
with these more lightweight tools, then do it.
I mean, there's nothing stopping you and there's no reason that you shouldn't do it.
And if you find that those results are only coming from these tools that kind of
take a long time to fully understand, then yeah, really invest the time in those.
Encourage your organization to invest the time in those, encourage your organization to invest the time in those,
look for the training that's out there because, going back to this example, you can find dozens
and hundreds of courses online for how to use Adobe products because everyone knows how powerful
they are and everyone knows how challenging they can be to use. So the resources are always out there. It's just a little bit up to the individual of how they
choose to invest their time in learning those. That's Joe Ryan, Head of Customer Enablement at Is your AppSec program actually reducing risk?
Developers and AppSec teams drown in critical alerts, yet 95% of fixes don't reduce real risk.
Why?
Traditional tools use generic prioritization and lack the ability to filter real threats
from noise.
High impact threats slip through and surface in production, costing 10 times more to fix.
OxSecurity helps you focus on the 5% of issues that truly matter before they reach the cloud.
Find out what risks deserve your attention in 2025.
Download the application security benchmark from OX Security.
And finally, Cloudflare just introduced a delightfully devious new tool, AI Labrith. Think of it as a digital hedge maze, only instead of confusing minotaurs, it's designed
to baffle AI crawlers that ignore no-crawl signs.
When these rude bots try to scrape your site, Cloudflare lures them into a labyrinth of
AI-generated webpages filled with convincingly real but utterly useless content.
While the bot burns CPU cycles navigating a maze of facts about soil types or lunar geology,
your real content stays untouched.
This strategy not only wastes the bot's time, but acts as a high-tech honeypot.
No human would click four links deep into nonsense, so if someone does, bingo, it's
a bot.
The maze helps Cloudflare identify and fingerprint bad actors without alerting them they've
been duped.
It's opt-in and even available on free plans. So yes, Cloudflare is fighting fire with fire,
or more accurately, AI with more AI. And that's the CyberWire. For links to all of today's stories, check out our daily briefing at the cyberwire.com.
Don't forget to check out the Grumpy Old Geeks podcast where I contribute to a regular segment
on Jason and Brian's show every week, you can find Grumpy Old Geeks where all the fine podcasts
are listed.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly
changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app Please also fill out the survey in the show notes or send an email to cyber wire at n2k dot com
N2k senior producer is Alice Carruth our cyber wire producer is Liz Stokes
We're mixed by Trey Hester with original music and sound design by Elliot Peltzman our executive producer is Jennifer
I've been Peter Kilpe is our publisher and I'm
Dave Bittner.
Thanks for listening, we'll see you back here, tomorrow. Hey everybody, Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by
data brokers. So I decided to try DeleteMe. I have to say DeleteMe is a game
changer. Within days of signing up, they started removing my personal information
from hundreds of data brokers. I finally have peace of mind knowing my data
privacy is protected. DeleteMe's team does all the work for you
with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for DeleteMe.
Now at a special discount for our listeners, today get 20% off your DeleteMe plan when
you go to joindeleteeme.com slash n2k and use promo code n2k at checkout.
The only way to get 20% off is to go to joindeleteeme.com slash n2k and enter code n2k at checkout.
That's joindeleteeme.com slash n2k code n2k.