CyberWire Daily - Trump’s opening moves.
Episode Date: January 21, 2025President Trump rolls back AI regulations and throws TikTok a lifeline. Attackers pose as Ukraine’s CERT-UA tech support. A critical vulnerability is found in the Brave browser. Sophos observes hack...ing groups abusing Microsoft 365 services and exploiting default Microsoft Teams settings. Researchers uncover critical flaws in tunneling protocols. A breach exposes personal information of thousands of students and educators. Oracle patches 320 security vulnerabilities. Kaspersky reveals over a dozen vulnerabilities in a Mercedes-Benz infotainment system. Tim Starks from CyberScoop discusses executive orders on cybersecurity and the future of CISA. We preview coming episodes of Threat Vector. Honesty isn’t always the best policy. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment On our Threat Vector podcast preview today: IoT devices are everywhere, with billions deployed globally in industries like healthcare, manufacturing, and critical infrastructure. But this explosion of connectivity brings unprecedented security challenges. Host David Moulton speaks with Dr. May Wang, CTO of IoT Security at Palo Alto Networks, about how AI is transforming IoT security. Stay tuned for the full conversation this Thursday. CyberWire Guest Our guest is Tim Starks from CyberScoop discussing executive orders on cybersecurity and the future of CISA. You can read Tim’s article on the recent Biden EO here. Selected Reading Trump revokes Biden executive order on addressing AI risks (Reuters) TikTok is back up in the US after Trump says he will extend deadline (Bleeping Computer) Hackers impersonate Ukraine’s CERT to trick people into allowing computer access (The Record) Brave Browser Vulnerability Let Malicious Website Mimic as Legitimate One (Cyber Security News) Ransomware Groups Abuse Microsoft Services for Initial Access (SecurityWeek) Tunneling Flaws Put VPNs, CDNs and Routers at Risk Globally (Hackread) Students, Educators Impacted by PowerSchool Data Breach (SecurityWeek) Oracle To Address 320 Vulnerabilities in January Patch Update (Infosecurity Magazine) Details Disclosed for Mercedes-Benz Infotainment Vulnerabilities (SecurityWeek) Washington Man Admits to Role in Multiple Cybercrime, Fraud Schemes (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network powered by N2K.
Hey everybody, Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try
DeleteMe. I have to say, DeleteMe is a game changer. Within days of signing up, they started
removing my personal information from hundreds of data brokers. I finally have peace of mind,
knowing my data privacy is protected. DeleteMe's team does all the work for you, with detailed
reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for DeleteMe.
Now at a special discount for our listeners, today get 20% off your DeleteMe plan when you go to JoinDeleteMe.com delete me dot com slash n2k and use promo code n2k at checkout.
The only way to get 20 percent off is to go to join delete me dot com slash n2k and enter
code n2k at checkout.
That's join delete me dot com slash n2k code n2k. President
Trump rolls back AI regulations and throws TikTok a lifeline.
Attackers pose as Ukraine's cert UA tech support.
A critical vulnerability is found in the Brave browser.
Sophos observes hacking groups abusing Microsoft 365 services
and exploiting default Microsoft Teams settings.
Researchers uncover critical flaws in tunneling protocols.
A breach exposes personal information of thousands of students and educators.
Oracle patches 320 security vulnerabilities.
Kaspersky reveals over a dozen vulnerabilities
in a Mercedes-Benz infotainment system.
Tim Starks from CyberScoop discusses executive orders
on cybersecurity and the future of CISA.
On today's Threat Vector, David Moulton
speaks with Dr. Mei Wang, CTO of IoT Security
at Palo Alto Networks, about AI and how it's
transforming IoT security.
And honesty is not always the best policy.
It's Tuesday, January 21, 2025.
I'm Dave Bittner and this is your CyberWire Intel Briefing.
Hello and thank you for joining us here today.
It is great to have you with us.
Donald Trump was sworn in as the 47th President of the United States yesterday.
Amongst a flurry of executive orders signed during the first few hours of his second term,
President Trump revoked a 2023 executive order by former President Biden aimed at reducing AI-related
risks to consumers, workers, and national security.
Biden's order required AI developers to conduct safety tests, share results with the government,
and establish testing standards under the Defense Production Act.
Critics, including Republicans, claimed it stifled innovation. Meanwhile, Biden issued
a separate order to support AI data center's energy needs, which Trump left intact, at
least for now.
TikTok resumed service in the U.S. after President Trump announced an extension of the 90-day
deadline for the company to secure a U.S. buyer. The app had been shut down following a Supreme Court decision allowing a potential ban.
Trump plans to issue an executive order to formalize the extension, but TikTok must still
find a buyer to avoid another ban.
While accessible to existing users, the app remains unavailable for download on Google
and Apple stores.
Trump also suggested partial US ownership of TikTok.
Ukrainian researchers uncovered a cyber campaign where attackers posed as
Ukraine's cert UA tech support to gain access to devices via any desk, a
legitimate remote desktop tool. The hackers falsely claim to conduct security audits,
exploiting trust and authority.
Cert UA clarified it only uses such tools
with prior agreement and secure channels.
The attackers, likely affiliated with Russia,
often impersonate state agencies and apps.
Ukraine faces a surge in cyber attacks, with
Cert. UA detecting over 4,300 incidents in the past year, a 70% increase.
These attacks primarily involve malware, phishing, and compromised accounts.
Recent campaigns include phishing targeting military enterprises and
fraudulent websites mimicking official platforms. Russian-linked actors like Sandworm continue to exploit vulnerabilities escalating cybersecurity
challenges for Ukraine.
A critical vulnerability in the Brave browser allows malicious sites to impersonate trusted
domains in file selector dialogs. The flaw misrepresents a site's origin during
file uploads or downloads, enabling attackers to exploit user trust. When combined with
an open redirect vulnerability on trusted sites, this issue can facilitate phishing
and malware distribution. It was disclosed by bug hunter Sairif Mohammed Sajjad.
Sophos has observed two hacking groups, Stack 5143 and Stack 5777, abusing Microsoft 365
services and exploiting default Microsoft Teams settings to target organizations.
These attackers, likely aiming for ransomware deployment and
data theft, initiated chats and calls with internal users, posing as tech support. Using
legitimate Microsoft tools like Quick Assist and Teams, they gained remote access to victim
devices, deployed malware, and performed reconnaissance. Stack 5143, first seen in November of last year, used spam messages followed by Teams
calls from accounts like HelpDeskManager.
Attackers ran PowerShell commands, dropped malicious payloads, and installed backdoors.
Techniques resemble those of FIN7 but with distinct methods. Stack 5777 employed similar tactics but focused more on manual actions, lateral movement,
and credential theft, even attempting to deploy black-basta ransomware.
Sophos emphasizes raising employee awareness of such advanced social engineering tactics. Critical flaws in tunneling protocols
have left millions of devices, including home routers,
VPN servers, and CDNs vulnerable to exploitation.
Discovered by top 10 VPN and researcher, Matthew Vanhoff,
these vulnerabilities allow attackers to hijack hosts
for anonymous attacks, network access,
and powerful denial-of-service techniques like ping-pong amplification.
A scan revealed 4.2 million affected devices, including infrastructure from major players
like Facebook and Tencent.
Vulnerable systems accepted unauthenticated tunneling traffic, enabling attackers to act
as proxies or access private networks.
Countries most affected are China, the U.S., France, Japan, and Brazil.
The vulnerabilities impact consumer VPNs, routers, and business networks.
Enhanced security measures, regular updates, and increased awareness are essential to protect
against these threats.
Education tech company PowerSchool suffered a data breach in December of last year, exposing
personal information of students and educators from its student information system.
The breach accessed through the PowerSource support portal, compromised data such as names, contact details,
social security numbers, and medical records,
though no financial data was affected.
Impacted individuals will receive two years of free credit monitoring.
Power Schools serving over 18,000 schools in 90 countries
disclosed the incident in early January.
Affected districts include Virginia's Charlottesville, Richmond, and others, as well as California's
Menlo Park, where 14,000 individuals were impacted.
Canadian schools, including Toronto District School Board, were also affected.
Authorities suggest the breach may involve ransomware as credentials
were used to export data which Power School claims was later deleted.
Oracle plans to release patches for 320 security vulnerabilities across over 90
products in 27 categories today including communications, construction,
e-business suite, and middleware. Some flaws are critical, with CVSS scores up to 9.9, notably affecting Oracle Agile Engineering
data management and Agile PLM framework. Five other vulnerabilities have CVSS scores of 9.8.
The finalized January 2025 critical patch update urges immediate application to mitigate risks from potential attacks.
Kaspersky revealed over a dozen vulnerabilities in Mercedes-Benz's first-generation MBUX infotainment system.
These flaws could enable denial-of-service attacks, data extraction, command injection, privilege escalation, and
disabling anti-theft protections. Exploitation requires physical access to the vehicle's interior
and removal of the head unit using USB or custom UPC connections. Mercedes-Benz confirmed it was
aware of the issues since 2022 and has since patched the vulnerabilities.
Newer MBUX versions are unaffected. The company emphasized its commitment to security, encouraging
researchers to report issues via its vulnerability disclosure program. Coming up after the break, Tim Starks from CyberScoop discusses executive orders on cybersecurity
and the future of CISA.
On our Threat Vector segment, David Moulton speaks with Dr. Mei Wang about how AI is transforming
IoT security.
And honesty isn't always the best policy.
Stay with us. Cyber threats are evolving every second, and staying ahead is more than just a challenge,
it's a necessity.
That's why we're thrilled to partner with ThreatLocker,
the cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions
designed to give you total control,
stopping unauthorized applications,
securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit threatlocker.com today to see how
a default deny approach can keep your company safe and compliant.
Do you know the status of your compliance controls right now? Like right
now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you
get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. On today's preview of this week's Threat Vector podcast, David Moulton speaks with Dr. Mei
Wang, CTO of IoT Security at Palo Alto Networks.
They're discussing how AI is transforming IoT security.
I see bright future for both IoT and AI. At the same time, they bring us new challenges.
We need to work together across the board
to make sure that IoT and AI are bringing us more benefits than harm.
more benefits than harm.
Here's a quick preview of this week's Threat Vector. Tune into the full show on Thursday,
and don't forget to subscribe
so you never miss a single episode.
Let's get into it.
Mei, welcome to Threat Vector. We're really excited to have you with us today.
Thank you. To start us off, can you tell me a little bit about your journey and what led
you to focus on IoT security and artificial intelligence?
Sure. I have always been a nerd. I'm very passionate about data ever since day one of my career. And 10 years ago, I co-founded a company called Zingbox,
and we focused on leveraging AI for IoT security,
doing traffic analysis, analyzing huge amount of data
to provide visibility and detection for IoT devices.
And five years ago, our startup Zingbox was acquired by
Palo Alto Networks.
And I have been at Palo Alto Networks for the past five
years, leveraging AI for better detection and protection.
That's really fascinating.
And as somebody who's a fellow nerd, I'm with you.
It's always interesting to see what gets other people excited.
And I don't know about you, but I've decided that the definition of nerd that I like the
most is somebody who's deeply into something, but also willing to share that passion and
those ideas with others.
And that's certainly what we're going to do on today's episode, talking about IoT cybersecurity
and how AI is transforming the way we secure these connected devices.
Mei, can you help frame the current scope of the IoT
landscape for us?
How many devices are we talking about globally?
And maybe what are some of the main industries leveraging IoT
right now?
Yeah, sure, David.
We're definitely seeing increasing amounts of IoT devices being deployed around the globe.
If you look at the numbers, the statistics can be different, but we're all talking about
tens of billions of IoT devices being deployed.
Some data shows about 20 billion nowadays. It has improved tremendously
from 2019, about 10 billion. So some predictions show in the next five years, we're going to
double that. And some says next year, we're going to have 75 billion. Regardless all these large numbers,
that might sound so far away from us,
but if you look at each individual,
you can see just around us,
not only we're having more IoT devices in enterprises,
in manufacturing, in hospital, in schools,
but we actually can also see that on each person,
we're seeing increasing amount of IOT devices,
all these wearable devices that measure our heart rate
and measure our glucose level, et cetera.
Actually, just this over weekend,
over this weekend, I was at an event
and a speaker on the stage, I counted,
he had five big rings on his fingers,
and all of those were IoT devices
measuring all kinds of things to help us better understand ourselves.
So we definitely see huge increase in terms of deployment of IoT devices,
and the industries we're seeing most are definitely manufacturing.
We call them operational technology, OT, healthcare, enterprises, and in many critical infrastructures
such as energy plants and water plant, et cetera.
So one of the things I keep hearing about is 5G plus IoT.
And this new marriage or this new combination
certainly changes the IoT landscape.
But I got to think that it changes the IoT security
landscape.
Do you see new threats, or do you anticipate different
challenges from this combination of technologies?
Actually, almost all customers we talk to
are very interested in 5G technologies
and because it's going to enable us
to have even a lot more devices all over the place.
So the scale is going to be even larger
when all these devices are deployed.
And again, the key thing is visibility.
It's going to actually bring more challenges in visibility.
And also usually when we talk about 5G, 5G security,
mainly people are talking about the management plane,
the signaling plane.
But also we see lots of challenges on data plane.
So from Palo Alto Networks, we are actually trying to address cyber
security issues on both management plane, signaling plane, and data plane.
And another challenge is, as we mentioned,
the device certification visibility are always the key and foundation. And there are different parameters to identify these devices in the IT world or the traditional
IoT world.
We mainly look into MAC address plus IP address to identify these devices in addition to
Gazillion's other parameters.
While for the 5G world, there are other ways to identify these devices.
For example, IMEI, International Mobile Equipment Identity.
So we need to figure out a way to identify these devices
using their specific cellular-based identifiers.
And at Palo Alto Networks, we have already integrated into our firewall already.
So we can provide the same kind of cybersecurity protection to 5G IoT devices.
May, thanks so much for such a great conversation today.
I really appreciate you sharing your insights on IoT, on AI,
and a little bit on your background.
Thank you so much, David, for having me.
And this is definitely a very exciting topic about IoT and AI.
I'm so glad you are hosting a session on this. I really
enjoyed our conversation.
Thanks for listening to this segment of the Threat Vector podcast. If you want to hear
the whole conversation, you can find the show in your podcast player. Just search for Threat Vector by Palo Alto Networks.
Each week I interview leaders from across our industry and from Palo Alto Networks to
get their insights on cybersecurity, the threat landscape, and the constant changes we face.
See you there.
Be sure to check out the Threat Vector podcast wherever you get your favorite podcasts. Just a quick program note, the following segment with me and Tim Starks from Cyberscoop was
recorded last Friday before the presidential inauguration.
Tim Starks is a senior reporter with Cyberscoop and it is always my pleasure to welcome him
back to the show.
Tim, how are you, sir?
I am good.
It is also always my pleasure to be here.
Well, the feeling is, sir? I am good. It is also always my pleasure to be here.
Well, the feeling is mutual then, I suppose.
You have been doing a lot of reporting here lately.
And of course, not the least of which has been
about the executive order that President Biden
seemingly dropped on his way out the door.
Right?
Yes.
There's no minute like the last minute.
And there's a lot in here.
So unpack what's going on here for us, Tim.
Golly, there is a lot in here.
And unpacking the whole thing, I can't do it.
Not on cyber wire and the time required.
But it's a 40, 50 page document that covers cyber crime,
it covers artificial intelligence,
it covers quantum computing,
it covers contractor security,
it covers federal government communication security.
I mean, it's a big, big final stab by this administration
to do something on cyber before they leave. And it's comprehensive,
to say the least.
Why the last minute, do you suppose?
Yeah, so I think there's a long process for getting these things through. If you guys,
if you're listeners and everyone else go back to September, I wrote a story about this and what was going to be in it.
I said something that was like 95%,
according to one of my sources, 95% done.
That was in September.
And it had been worked on for a good long time before that.
It was a couple months of me hearing about it
being discussed publicly before it even was,
you know, it had been being worked on by the time I heard about it. was, you know, it had been being worked on
by the time I heard about it.
And, you know, from September to January,
that's 5%, you know?
It's like when you're looking at your computer
and you're thinking, oh, I've downloaded it,
and then it just keeps, like, the last second,
it just slows down, you're like, what's going on here?
Right.
That's the situation.
I'm getting things across the finish line is very difficult,
and there's an interagency process for doing these things.
I can't speak to them waiting until the Thursday before they leave.
I mean, it's two days from the work weekdays from the start of the second Trump administration.
I can't speak to why they waited until that period of time, but they had targeted December
for this originally when I was in my September story.
So it was always going to be, it felt like a little bit of a push from, okay, in our
first year we did an executive order on cyber.
It did this, it did that, it did this.
What's changed?
What do we need to address that we didn't address then?
And what kind of things do we need to update from that 2021 order that we did?
So it makes sense if you think of it like as a bookend of the administration beginning
and ending, but the timing does probably make it more difficult for this to become more
of a reality.
Is there anything in here that was particularly surprising or struck you as being bold in
its inclusion?
It's going to sound like I'm dissing it, but no.
Yeah.
I mean, I think what's most interesting about it is it's a breadth.
I mean, that feels like I'm dodging the answer, but the fact of the matter is there's so much
in here.
There was some stuff on there about CISA having a little bit more leeway to do threat hunting
in federal agency systems in terms
of what kind of data they provided access to.
That was controversial with some federal officials, but that was in the process of it being drafted.
I didn't hear anybody complain about it after.
So it seems like the majority of this is stuff that isn't controversial.
It's stuff that is far more technical in nature. It's not
about partisan things that people have, that they fought about like misinformation, disinformation efforts versus free speech. It's not like that. It's highly technical stuff
that a lot of people think would have bipartisan support. I think the one area that even kind of
gave a little bit of a nod to the incoming Trump administration,
although admittedly the Biden administration has been talking about harmonization of regulations,
is a provision saying, hey, NIST, look at all these minimum cybersecurity standards that are out there.
There are a lot of them that are in conflict.
And make some recommendations about what the minimum across sectors should be.
So it's, the areas of controversy or surprising or boldness
or even limited then it's really just more that there's so much.
Well and you've done some asking around with some legislators and their takes
are they coming down as expected on the two sides of the aisle?
Yeah so far I mean not a lot of them have weighed in it's mainly been a
handful of lawmakers who are really focused on this issue. You know, the Trump administration, you know,
I tried to reach out to them and the Trump transition team did not respond to my messages.
That's not unusual. So that's not me complaining or dissing anybody. That's just me saying,
we don't know exactly what the Trump administration thinks, but we do know that there's one very prominent
and influential Homeland Security lawmaker,
the actual Homeland Security chairman on the House side,
Mark Green, who said, this is bad,
this is them getting in the way
of what the Trump administration wants to do.
That they need to, when Trump comes in,
he needs to overturn all the stuff that we don't like,
that the Biden administration did,
regulatory stuff.
And it was much more limited than a consensus yet.
I think it'll be really interesting to see what Trump does.
One of the things people speculated in my story was,
they're probably gonna take a close look at this and say,
hey, do we like some of this?
The risk might be, of course, that they just decide,
no, we're gonna get rid of the whole thing
and just start over.
That's something that could happen.
Yeah.
Well, speaking of folks moving on and transitions happening,
another one of your stories recently
involved someone who was moving on from CISA,
who had quite a few years there.
Tell us about that one.
Yeah, this is, you know, Jack Cable is his name, which is, by the way, the best cybersecurity
name to have for someone who works in cybersecurity.
Jack is a bit of a prodigy on cyber.
He is still just 24, but when he was going to college, he was working on cybersecurity issues in the federal government.
So he's an interesting figure to talk to.
He's a big thinker about things like this,
and he, like a lot of other people,
are looking at the change of administration and departing.
Not that he said that's why I'm departing,
but that's just the kind of thing that happens
when there's a change in administration.
We talked a lot about a couple of different issues he worked on,
but I really focused on in my story on what I think is
one of the more interesting ideas to come out of this administration,
which is their Secure by Design initiative.
It's voluntary, it's mainly a pressure campaign to a certain extent.
Not even that the pressure might even be too harsh a word,
but it's an attempt to get people in the private sector to enlist and say,
hey, when we are designing our software, when we're making it,
we're going to incorporate security in it at the outset,
as opposed to just adding a bunch of security updates later,
maybe making it so you have to purchase additional services.
And Jack was one of the couple few people
who was really leading that effort within CISA.
Has it generally been considered to be a success?
Yes, I think so.
First, it can be hard to measure something like this
when it's voluntary.
And to Jack's credit,
he pointed out that CISA has been publishing,
okay, these are the companies making pledges.
Here is a progress report on what they've actually done.
And that's an interesting way to approach something that's voluntary and see if you
can actually net something out of it, instead of it just being, oh, we signed onto the pledge,
we're one of the good guys and they never do anything about it.
And there's still a chance that that could happen.
But even the private sector kind of thinks that this is basically a good idea and it's
basically been helpful. And of course, Director Easterly is moving on as well.
Any thoughts for the organization? At the very least, it'll be changing leadership, right?
It will. And there's some scuttlebutt about who that might be. I don't want to say anything yet.
There's been some of that's been published. I think it's mostly accurate.
But today, you know, today being Friday, the Senator, the Senators on the
Homeland Security Committee heard from Kristi Noem, who is going to be leading
DHS as a whole, and she talked a lot about CISA needing to be smaller, more nimble. She
talked about it staying away from anything disinformation or misinformation related.
It has largely abandoned all of that already, but it starts to give you a sense of even
without having a new CISA leader, there's going to be some commandments from the top
of what they want to do. And I think CISA is in for leaner times. It's a question of how lean.
How do you feel the wind is blowing right now? I mean, for many years, we, I think,
were in agreement that cybersecurity was an area that for the most part was above the fray when it
came to, you know, partisanship.
I think a lot of that changed with the disinformation
and misinformation fights after the election
when President Biden beat then President Trump.
Where are we right now?
How do you measure the degree to which cyber is still considered to be essential from both
sides?
I think there's a difference between considered and is.
I think, you know, I have for years been kind of pushing back on the notion in talks like
this with you and talks on other, uh, in other places that,
that cyber is, it has maintained its nonpartisan status.
And I think, I think some of that goes back to what you said.
Um, you know, some of it goes, I think some of it goes all the way back to Obama, to be
honest.
I mean, it's not all of it, but some of it.
Um, you know, there's been a lot of talk from, uh, criticism from Republicans about what they Republicans about the way the Obama administration handled
cyber.
If you go back that far, if you go to the Trump administration criticizing cyber-related
initiatives from within, you mentioned the election security issue.
I think the Biden administration's push for more regulations has created more division than there was. That's not me blaming
anybody. That's just me saying, you know, this is an introduction of an element and
one side likes it and the other side doesn't. And that wasn't the case before. It used to
be for the longest time, both sides said, we don't need any regulation. It would only
harm cybersecurity. This administration says, this administration said, no, that's not worked.
Look at the pace of cyber attacks.
It hasn't changed.
The market's not doing it.
So they tried to make some changes to that.
Republicans, being a small government on economic issues,
primarily, didn't like some of this, maybe all of it.
I think there's some potential bleeding of accepting
minimum standards.
I've talked about this before with the Republican National Platform saying we need minimum standards
in critical infrastructure.
How those are enforced is different.
Maybe they want to roll back all of the regulations.
Maybe they want to roll back some of them.
But some of the principles are still bipartisan for sure.
I just think that we can't blanket say it's nonpartisan or bipartisan the way we used to be able to.
Yeah, yeah. I think you're right. Those days are gone.
Alright, well, Tim Starks is Senior Reporter at Cyberscoop. Tim, thanks so much for joining us.
Yeah, it was great to end on an optimistic note.
There you go. Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue
to rise by an 18% year-over-year increase in ransomware attacks and a $75 million record
payout in 2024.
These traditional security tools expand your attack surface with public-facing IPs that
are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security.
Zscaler Zero Trust plus AI stops attackers by hiding your attack surface, making apps
and IPs invisible, eliminating lateral movement, connecting users only to specific apps, not
the entire network, continuously verifying every request based on identity and context, simplifying
security management with AI-powered automation, and detecting threats using AI to analyze
over 500 billion daily transactions.
Hackers can't attack what they can't see.
Protect your organization with Zscaler Zero Trust and AI.
Learn more at zscaler.com slash security.
Hit pause on whatever you're listening to
and hit play on your next adventure.
Stay two nights and get a $50 Best Western gift card.
Life's the trip.
Make the most of it at Best Western.
Visit bestwestern.com for complete terms and conditions. And finally, it seems one Marco Raquan Honesty, a Washington man with perhaps the least fitting
surname ever, has admitted to a fraud spree causing over $600,000 in losses, and
it's no laughing matter except for the irony of his name.
From 2021 through 2022, Honesty ran the scam Olympics, COVID relief fraud, smishing, bank
account takeovers, forged money orders, and even selling stolen data on Telegram.
Using SMS phishing, Honesty duped victims into handing over bank credentials, then drained
their accounts via Zelle and other transfers.
He even scored fake PPP loans for friends, family, and in a wild twist, his grandmother. Authorities found his fraud factory in 2023,
complete with 24 phones, card embossers, and blank IDs.
The damage?
$622,000 in actual losses,
though his ambitions stretched beyond $850,000.
Honesty now faces 22 years in prison, plenty of time to ponder his ironic branding.
Sentencing is set for May 23rd. And that's the CyberWire.
For links to all of today's stories, check out our daily briefing at the cyberwire.com.
Don't forget to check out the Grumpy Old Geeks podcast where I contribute to a regular segment
on Jason and Brian's show every week.
You can find Grumpy Old Geeks where all the fine podcasts are listed.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly
changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music and sound design by Elliot Heltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karp.
Simone Petrella is our president.
Peter Kielpe is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.