CyberWire Daily - The fight against exploiting Americans.
Episode Date: January 24, 2024Biden prepares executive order on foreign access to data. Britain’s NCSC warns of a significant ransomware increase. Cisco Talos confirms ransomware surge. BuyGoods.com leaks PII and KYC data. Fortr...a faces scrutiny over slow disclosure. AI fights financial fraud. Intel471 highlights bulletproof hosting. NSO Group lobbies to revamp their image. Tussling in Missouri over election security. Integrating cyber education. Our guests are N2K President Simone Petrella and WiCyS Executive Director Lynn Dohm talking about a new partnership for a comprehensive Cyber Talent Study. And the moral panic of Furbies. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guests are N2K President Simone Petrella and WiCyS Executive Director Lynn Dohm talking with Dave Bittner about a new partnership for a comprehensive Cyber Talent Study to deepen the collective understanding of cybersecurity competencies within the industry. Selected Reading Biden Seeks to Stop Countries From Exploiting Americans’ Data for Espionage (Bloomberg) British intelligence warns AI will cause surge in ransomware volume and impact (The Record) Significant increase in ransomware activity found in Talos IR engagements, while education remains one of the most-targeted sectors (Talos) Global Retailer BuyGoods.com Leaks 198GB of Internal and User PII, KYC data (HACKREAD) Fortra blasted over slow response to critical GoAnywhere file transfer bug (SC Media) Gen AI Expected to Bring Big Changes to Banking Sector (GovInfo Security) Why Bulletproof Hosting is Key to Cybercrime-as-a-Service (Infosecurity Magazine) Notorious Spyware Maker NSO Group Is Quietly Plotting a Comeback (WIRED) Missouri secretary of state accused of withholding cybersecurity reviews of election authorities (StateScoop) Cybersecurity education from childhood is a vital tool: 72% of children worldwide have experienced at least one type of cyber threat (Check Point) These Are the Notorious NSA Furby Documents Showing Spy Agency Freaking Out About Embedded AI in Children's Toy (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Biden prepares an executive order on foreign access to data.
Britain's NCSC warns of a significant ransomware increase,
while Cisco Talos confirms a ransomware surge.
BuyGoods.com leaks PII and KYC data.
Portra faces scrutiny over slow disclosure.
AI fights financial fraud.
Intel 471 highlights bulletproof hosting.
NSO Group lobbies to revamp their image.
Tussling in Missouri over election security.
Integrating cyber education.
Our guests are N2K President Simone Petrella and WESIS Executive Director Lynn Dome,
talking about a new partnership for a comprehensive cyber talent study.
And the moral panic of Furbies.
It's Wednesday, January 24th, 2024. I'm Dave Bittner today. It is great to have you here.
We begin today with news from Bloomberg that the Biden administration is preparing an executive order to limit foreign
access to sensitive U.S. data. This move, directed by the president, will involve the U.S. Attorney
General and the Department of Homeland Security formulating new restrictions. The focus is on
preventing foreign adversaries from acquiring Americans' personal data, including genetic and location information.
This data is often accessed legally through intermediaries like data brokers,
third-party vendors, and through various agreements.
The draft order highlights concerns about the legal avenues foreign entities use to obtain sensitive data.
Observers note the Biden administration has not taken a strong stance
against the data broker industry which trades in such data and that the administration's primary
concern seems to be the potential misuse of this data by political adversaries, not necessarily
the privacy implications for American citizens. Some suggest that the pending measures may not be sufficient, since data brokers
often cannot guarantee that their data is restricted to U.S. citizens. The proposed
restrictions might not effectively prevent the flow of sensitive data. Perhaps a more effective
approach would be to limit the collection of data at the source, thereby reducing the amount of data available for trade.
The National Cybersecurity Center of Britain has issued a high-confidence warning that ransomware
attacks will significantly increase in both frequency and impact over the next two years,
driven by advancements in artificial intelligence. This assessment, combining classified intelligence, industry insights,
and academic research, highlights how AI technologies are enhancing cyber threats.
Currently, AI is being used for more effective reconnaissance and social engineering,
with future potential in malware development and vulnerability research.
However, these sophisticated AI applications in cybercrime are expected to be
accessible mainly to well-resourced threat actors, with full realization unlikely before 2025.
The effectiveness of AI in cyber operations heavily depends on access to high-quality
exploit data for training models. Presently, this advanced capability is considered within
reach primarily for highly capable states with extensive malware repositories. The report also
indicates a positive feedback loop in cyber threats. As successful data exfiltrations occur,
the quality of data available for AI training improves, leading to more efficient and precise cyber operations.
In 2023, the UK experienced a notable surge in ransomware attacks,
with 874 incidents in the first three quarters, surpassing the total for the entire previous year.
Speaking of ransomware, in their most recent quarterly incident response report, Cisco Talos says ransomware emerged as the primary threat in cybersecurity, representing 28% of incidents handled by Cisco Talos incident response.
This marks a significant 17% increase from the previous quarter.
increase from the previous quarter. TALO's incident response report highlights the first-time observation of specific ransomware variants like Play, Cactus, Blacksuit, and No Escape.
Other prevalent threats include insider attacks and sophisticated phishing campaigns,
one involving malicious QR codes. Notably, the education and manufacturing sectors were the most targeted, each comprising nearly half of all incident responses.
Educational institutions are particularly vulnerable due to limited cybersecurity resources, making them targets for ransomware and data theft, including sensitive personal information.
information. Cybersecurity researcher Jeremiah Fowler discovered a misconfigured cloud database belonging to BuyGoods.com, a global e-commerce platform based in Wilmington, Delaware,
which inadvertently exposed a wealth of sensitive customer data. The database, around 198 gigabytes
in size, was publicly accessible without security authentication. It contained
over 260,000 records, including details about affiliate payouts, refund transactions, invoices,
and accounting records. More alarmingly, the database exposed highly sensitive,
personally identifiable information and know-your-customer data of customers and affiliates.
This included personal identification documents like licenses, passports, and unredacted credit
card details. Fowler reported this security lapse to BuyGoods.com, and while the company
acknowledged and claimed to have secured the data, Fowler found that the server remained accessible for days following his
report. Fortra is facing scrutiny over the delay in publicly disclosing a critical vulnerability
in its GoAnywhere MFT software. The flaw, scoring 9.8 on the CVSS scale, allows remote creation of
a new admin user. This vulnerability became known 12 months
after the Klopp ransomware gang exploited a zero-day in Go Anywhere MFT, impacting over 130
organizations. Although Fortra informed its customers privately last month and released a
patch on December 7th of 2023, it did not issue a public advisory until January 22nd, over six weeks later.
Researchers at Horizon3.ai have closely monitored this vulnerability, even releasing a technical
analysis and a proof of concept. Fortra recommends that customers urgently update to the fixed
version and take measures to secure their administrative
portals. Generative AI is revolutionizing fraud detection and banking, as highlighted by a report
from the McKinsey Global Institute. The technology's advanced analytics capabilities are key to
identifying and mitigating fraudulent activities, a critical concern in the financial sector.
Banks are increasingly leveraging AI
to analyze patterns and predict potential fraud risks,
thereby enhancing the security and reliability
of financial transactions.
This adoption is part of a broader trend
in the banking industry,
where AI is expected to significantly impact
operational efficiency and customer
service. The technology's ability to process vast amounts of data quickly and accurately
is proving invaluable in safeguarding against financial crimes, marking a pivotal shift in
how banks manage risk and protect customer assets. The rise of ransomware as a service and bulletproof hosting, BPH,
has significantly lowered the barrier to entry into cybercrime. BPH is a hosting service,
often based in lenient jurisdictions, that facilitates various illegal online activities,
including malware distribution and phishing attacks. Cyber threat intelligence firm Intel 471 notes that bulletproof hosting providers use complex techniques to evade law enforcement,
such as fast-flux hosting and routing malicious traffic through shifting servers.
Three notable BPH suppliers identified by Intel 471 are Yalishanda, PQ Host, and CC Web. These providers support a
range of cybercriminal activities, from ransomware attacks to data extortion. For example, Yalishanda
is linked to several high-profile cyberattacks and malware distributions, while PQ Host has
hosted ransomware that impacted major companies like Colonial Pipeline.
An article in Wired explains notorious spyware vendor NSO Group's efforts
to revamp its image and address U.S. regulations harming its business.
NSO Group released a transparency report claiming they investigated 19 potential product misuses,
leading to six customer account suspensions or terminations. It includes a section on journalists acknowledging
they are among the many targeted by NSO's Pegasus spyware. NSO Group's image rehabilitation includes
a multi-million dollar lobbying campaign in Washington, aiming to position its spyware as
vital for global security. However, experts remain skeptical of the company's commitment
to human rights and ethical standards. As Wired notes, the report repackages NSO Group's defenses
rather than providing new transparency. Following significant challenges, including U.S. sanctions and financial struggles,
NSO Group has been actively lobbying to reverse the ban on its products.
Despite these efforts, changes in U.S. policy toward NSO Group remain unlikely.
The global spyware market, estimated at $12 billion, continues to thrive,
with firms like NSO Group seeking to maintain
their market presence despite increasing regulatory pressures. A recent audit report
from Missouri Auditor Scott Fitzpatrick accuses Missouri's Secretary of State Jay Ashcroft of
violating state law by refusing to share cybersecurity reviews of local election authorities.
State law mandates biennial cybersecurity reviews for local election authorities,
with reports submitted to the state auditor's office.
Ashcroft's office contested the audit's findings,
arguing that sharing the reviews could compromise confidential information.
Additionally, the audit criticized Ashcroft's decision to withdraw Missouri
from the Electronic Information Registration Information Center, ERIC,
without proper planning for an alternative,
potentially affecting the maintenance of accurate voter records.
Despite Ashcroft's office viewing the audit as opinion-based
and asserting no legal violation,
the audit rated the secretary's office as fair, raising concerns amidst Ashcroft's 2024 gubernatorial campaign.
No legal action is currently sought against Ashcroft or his office.
In an age where 90% of children over age 8 are online, the stark reality is that 72%
regularly face cyber threats, yet only 40% of their parents are aware. This is according to
Global Cybersecurity Forum's report, Why Children Are Unsafe in Cyberspace, which highlights this
gap and underscores the urgency of integrating
cybersecurity education into children's daily lives. The report envisions children learning
cybersecurity through interactive play, where games become a gateway to understanding digital
safety. Ethical education accompanies this learning, nurturing responsible tech-savvy
citizens. It's essential for children
to recognize the complexity of the cyber world, including the dual nature of hackers,
from the malicious to the ethical white hats. Schools are crucial in this narrative,
where cybersecurity education becomes as fundamental as any traditional subject.
This knowledge extends to parents,
ensuring a unified approach to digital safety at home.
Teaching children about secure networks,
the dangers of phishing,
and the importance of strong passwords
becomes a cornerstone of their digital interactions.
This isn't just about safeguarding children.
It's about empowering them to navigate and thrive
in the digital world responsibly.
Coming up after the break,
Simone Petrella speaks
with Wiese's executive director,
Lynn Dohm,
about a new partnership
for a comprehensive
cyber talent study.
Stay with us.
Do you know the status of your compliance controls right now? Like, right now. We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to
evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize key
workflows like policies, access reviews, and reporting, and helps you get security questionnaires
done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta
when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact,
over one-third of new members discover they've already been breached. Protect your executives
and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
It is my pleasure to welcome to the show our own President Simone Petrella,
also joined by the Executive Director of WSIS, Lynn Dome. Ladies, welcome, and thank you so much for taking the time for us today.
Thank you, Dave.
So we have an exciting announcement here,
and I'm going to let the two of you kind of duke it out
to see who wants to take the lead here in breaking the news.
But some interesting goings-on behind the scenes here
between the two organizations.
Yes.
So, Simone, would you like to share the partnership news with everyone?
Sure. Look at this. We're already so cordial in our partnership. No, so it's very exciting. N2K
will be working with WESIS to conduct a skills study of the WESIS professional membership in
the organization. And the goal of that study is to actually look at the quantifiable skills
across the WSIS professional membership and use that data along with anything we know about
their job roles, demographics, contextual information to really provide insight into
the state of cybersecurity talent within the WSIS population, which is obviously an area that we have an immense impetus
to focus on creating more opportunities for diversity
and women in particular in the field.
Lynn, is there anything I missed?
No, we're just really excited about this partnership
because it gives our WSIS members this opportunity
to deepen their understanding of their capabilities
within the
cybersecurity workforce in the roles that they currently have, identify any gaps, strengths,
or weaknesses, and then also how we could move them forward and build out programming efforts.
So as a nonprofit, we're looking at this as the member benefit, which is a significant impact,
and for us to have this assessment. But also as a nonprofit, what is our next step? Like,
what are the gaps here and what could we do as a programming effort to move it forward to build up
the skills in a higher capacity for our members that we serve? You know, Lynn, I've had the
pleasure of attending several of your events, your conferences over the years, but for folks who
aren't familiar with the organization, can you give us a little bit of rundown of what is the mission and what sort of
things do you provide to your members? Yeah, thanks, Dave. I'm so glad that you're able to
attend some of the WSYS events. So we're Women in Cybersecurity. We often go by our acronym W-I-C-Y-S
and we pronounce it WSYS like we sisters because we're a global cyber sisterhood.
So our mission is to recruit, retain, and advance women in cybersecurity. We started many, many
years ago in 2014 as a conference only because at that time there was a little known little data
point that came out that women represented 11% of the cybersecurity workforce. Well, our founder,
Dr. Amberine Suresaj, who was at Tennessee
Tech University at the time, she wasn't seeing even that 11 percent in any of her circles of
industry, academia, or government. And so her idea was, well, if women in cybersecurity exist,
let's bring them together to a technical conference where we could learn and grow together.
And so that was our very, very beginning 10 years ago. And each and every year,
that conference continued to grow. But in 2018, when the data didn't change, we were still 11%
of the workforce. We realized that there was so much more work that needed to be done.
And that's when we formed into a nonprofit organization. And now we offer so many different
program offerings and opportunities. But essentially, our mission is to recruit, retain, and advance women in cybersecurity.
And we create opportunities and provide accessibility to cybersecurity, many different career pathways, and many different offerings within the organization.
And so we have folks that are just ever so slightly interested.
Is cyber for them?
We're saying, yes, it is.
And we're creating pathways and accessibility for them to get in and advance through it. And then all the way to CISOs
and senior leaders within the profession as they're paying it forward and bringing forward
their knowledge and skillset for so many. So it's really incredible. We have over 9,500 members.
We have representation in 95 countries. We have
67 professional affiliates, which are extensions of the WSIS global organization. And we have over
250 student chapters. So that's just our community alone. We have lots going on and it's been a great,
great journey. Simone, can you give us some details here on the Cyber Talent Study itself?
I mean, can we start with a little bit of background?
How does this fit into the types of offerings that N2K provides?
Yeah, well, like Lynn said, you know, even when you look at the data that kind of drove
this identification back in 2014 of 11%, I think it kind of carries over in the theme
that we want to use data to help inform, you know, not only for individuals or in this case, WSIS members,
how can they actually look at their own skills and collect data through their own assessment of their skills as it pertains to the critical competencies that are required in cybersecurity job roles. But then how can WSIS as an organization, as a nonprofit, look at that
same data at an aggregate level and make some strategic decisions around what type of offerings
that they can provide to members moving forward in a more elevated and stalled and sustainable way.
And so it really, the study itself is a opportunity for anyone who is a WSIS member to log in and take a diagnostic
assessment on the technical skills of cybersecurity. And that covers everything that's in the NICE
cybersecurity workforce framework, all the specialty areas there. And we're using that
information compared to the job roles that those individuals are reporting that they're in,
and do a gap analysis on where are they in their roles and the level of the roles they're at,
and then where are they in their actual performance based on that assessment.
And that is meant to provide that overarching barometer to give people the guidance to inform
what kind of training they want to pursue if they're looking to level up in the field.
What other areas in cybersecurity are potentially of interest?
Even if it's not an area that they're necessarily working in today, it could be something they want to explore.
They want to move laterally.
So that's where we're going to use the data to kind of inform the individual.
That's where we're going to use the data to kind of inform the individual.
And like I said, that same information, when you look at it in totem, is really critical for any organization and WSIS as a nonprofit to say, well, where do we see sort of systematic
or commonalities with some of those gaps?
Should we actually invest in things that are for entry-level talent, or do we need to have
more offerings or more services for people who are career switching later on in their careers or people who are coming back into the
workforce? Because if I remember, Lynn, I know one big focus is a lot of people who are coming
back into the workforce after maybe being out of it for some time. So really the applications are
kind of twofold. And, you know, what we're doing is using one bit of data, along with the self-reported identification of where people are starting, to kind of collect that.
Lynn, what are you looking forward to in terms of the data that's going to be collected and how it's going to help the organization craft those things that you offer?
I'm looking forward to all of that and everything above that comes from it. I'm really looking
forward to creating this opportunity for our members, for them to have this information for
their own professional development. That is a tremendous value to everyone that takes part in
the assessment. But from the strategic side of the nonprofit is we have a development committee,
and we're going to be able to take a look at this and really look at what are we hearing from our community, their needs are, compare it to the data that we receive from this type of assessment, see where those gaps are, and really be intentional with our focus. many early in their career, non-traditional career changers, or executive cybersecurity
leadership series and summits and offerings in that capacity. But right now, we have to be
laser sharp and very focused on what's the next growth strategy of the organization,
and this assessment is going to help us put that programming in place.
Simone, help me understand a few details about the assessment here. I mean,
you spoke about how it will help someone determine where they stand in terms of their own skills.
Is there any opportunity for them to compare themselves against their peers? Is that part
of this or is that perhaps something for the next round? Well, we can talk about it from a data privacy standpoint, but we do have the ability
to show someone where they ranked among their peers who take it. So the opportunity exists for
us to explore it, but I think, you know, Lynn, we should probably kind of talk through whether
that's information we want to share with folks to sort of see where they are from a benchmark
perspective against the rest of the population that took it or whether we want to maybe, you know, do that for the later date.
Yeah, fair enough. So how do people get involved here? I mean, Lynn, obviously,
you've got your members there at WSIS. If folks want to take part of this, they should
find out how to join, yes? Yes, yes, please. If you go to WSIS.org under initiatives,
to join, yes? Yes, yes, please. If you go to WSIS.org under initiatives, the cyber talent study is the first dropdown under initiatives there. And so they'll receive all the information about
the assessment and how to sign up for that. And we'll take it from that point on.
I think it's worth mentioning that we are smack in the middle of the sign-up period for that assessment. So sign-ups run through February 1st,
and anyone who signs up will receive access to that assessment
between February 5th and the 18th.
And all the details are on the WESIS.org website,
but just so that everyone here has a sense of what they need to do
from a time commitment.
All right, excellent.
Well, Simone Petrella is N2K's president, Everyone here has a sense of what they need to do from a time commitment. All right. Excellent.
Well, Simone Petrella is N2K's president,
and Lynn Dome is the executive director of WESIS.
Thank you. worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization
runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep
your company safe and compliant. And finally, a story from 404 Media reminds us that in 1998 and 99,
the NSA faced a peculiar situation involving Furbies,
cute little interactive robotic toys.
Initially, the agency banned the Furby from its offices,
fearing it could be a potential spy device
due to its alleged ability to learn from surroundings
using an artificial intelligence chip on board.
This decision, however, led to unwanted media attention and internal debates among employees
about the toy's actual capabilities. The situation came to light when an NSA employee leaked the ban
to the Washington Post, sparking a discussion about the Furby's technological potential and security implications.
The NSA's internal communication, revealed through a recent Freedom of Information Act request,
shows employees questioning whether the Furby could record and store conversations.
Despite some believing that Furby's capabilities were overestimated due to its nature as a simple
toy, the discussions reflected genuine concern and confusion within the agency.
The released documents, now available on the Internet Archive,
include listserv threads, internal memos, and responses to media coverage,
offering a glimpse into the NSA's handling of what was dubbed Furbygate.
This episode not only highlighted the spy agency's
cautious approach to potential security threats, but also revealed the internal dynamics and
reactions to public scrutiny over their decisions. I remember the Furby fad, and I suppose one thing
they shared with an actual leaker is that once you got them talking, it was nearly impossible
to get them to shut up.
Whoa!
Come, Billy!
It's chilly!
And that's The Cyber Wire.
For links to all of today's stories,
check out our daily briefing
at thecyberwire.com.
We'd love to know what you think of this podcast.
You can email us at cyberwire at n2k.com.
We're privileged that N2K and podcasts like The Cyber Wire are part of the daily intelligence routine
of many of the most influential leaders and operators in the public and private sector,
as well as the critical security teams supporting the Fortune 500 and many of the world's preeminent intelligence and law enforcement agencies. Thank you. team smarter. Learn more at n2k.com. This episode was produced by Liz Stokes. Our mixer is Trey
Hester with original music by Elliot Peltzman. Our executive producers are Jennifer Iben and
Brandon Karp. Our executive editor is Peter Kilby, and I'm Dave Bittner. Thanks for listening.
We'll see you back here tomorrow. Your business needs Thank you. AI, and data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.