CyberWire Daily - UK calls out Russia’s playbook.
Episode Date: July 18, 2025The UK sanctions Russian military intelligence officers tied to GRU cyber units. An AI-powered malware called LameHug targets Windows systems. Google files a lawsuit against the operators of the Badbo...x 2.0 botnet. A pair of healthcare data breaches impact over 3 million individuals. Researchers report a phishing attack that bypasses FIDO authentication by exploiting QR codes. A critical flaw in Nvidia’s Container Toolkit threatens managed AI cloud services. A secure messaging app is found exposing sensitive data due to outdated configurations. Meta investors settle their $8 billion lawsuit. Our guest is Will Markow, CEO of FourOne Insights and N2K CyberWire Senior Workforce Analyst, with a data-driven look at how AI is affecting jobs. Belgian police provide timely cyber tips, baked right in. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we have Will Markow, CEO of FourOne Insights and N2K CyberWire Senior Workforce Analyst, discussing how AI is affecting jobs. Got cybersecurity, IT, or project management certification goals? For the past 25 years, N2K's practice tests have helped more than half a million professionals reach certification success. Grow your career and reach your goals faster with N2K’s full exam prep of practice tests, labs, and training courses for Microsoft, CompTIA, PMI, Amazon, and more at n2k.com/certify. Selected Reading Breaking: UK sanctions Russian cyber spies accused of facilitating murders (The Record) Russia Linked to New Malware Targeting Email Accounts for Espionage (Infosecurity Magazine) New “LameHug” Malware Deploys AI-Generated Commands (Infosecurity Magazine) Google Sues Operators of 10-Million-Device Badbox 2.0 Botnet (SecurityWeek) 1.4 Million Affected by Data Breach at Virginia Radiology Practice (SecurityWeek) Anne Arundel Dermatology Data Breach Impacts 1.9 Million People (SecurityWeek) Phishing attack abuses QR codes to bypass FIDO keys (SC Media) Critical Nvidia Toolkit Flaw Exposes AI Cloud Services to Hacking (SecurityWeek) New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers (Hackread) Meta investors, Zuckerberg settle $8 billion privacy lawsuit tied to Cambridge Analytica scandal (The Record) Loaf and order: Belgian police launch bread-based cybersecurity campaign (Graham Cluley) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
We've all been there.
You realize your business needs to hire someone yesterday.
How can you find amazing candidates fast?
Well, it's easy.
Just use indeed.
When it comes to hiring, Indeed is all you need.
Stop struggling to get your job post noticed.
Indeed's Sponsored Jobs helps you stand out and hire fast.
Your post jumps to the top of search results, so the right candidates see it first.
And it works.
Sponsored jobs on Indeed get 45% more applications than non-sponsored ones.
One of the things I love about Indeed is how fast it makes hiring.
And yes, we do actually use Indeed for hiring here at N2K Cyberwire.
Many of my colleagues here came to us through Indeed.
Plus, with sponsored jobs there are no subscriptions, no long-term contracts.
You only pay for results.
How fast is Indeed?
Oh, in the minute or so that I've been talking to you, 23 hires were made on Indeed, according
to Indeed data worldwide.
There's no need to wait any longer.
Speed up your hiring right now with Indeed.
And listeners to this show will get a $75 sponsored job credit to get
your jobs more visibility at indeed.com slash cyber wire. Just go to indeed.com slash cyber
wire right now and support our show by saying you heard about indeed on this podcast. Indeed.com
slash cyber wire. Terms and conditions apply. H hiring indeed is all you need.
The UK sanctions Russian military intelligence officers tied to GRU cyber units.
An AI-powered malware called Lame Hug targets Windows systems.
Google files a lawsuit against the operators of the Badbox 2.0 botnet.
A pair of healthcare data breaches impact over 3 million individuals.
Researchers report a phishing attack that bypasses FIDO authentication by exploiting QR codes. A critical flaw in NVIDIA's container toolkit threatens
managed AI cloud services. A secure messaging app is found exposing
sensitive data due to outdated configurations. Meta investors settle
their $8 billion lawsuit. Our guest is Will Marco, CEO of 4.1 Insights and
N2K Cyberwire senior workforce
analyst with a data-driven look at how AI is affecting jobs. And Belgian police provide
timely cyber tips baked right in. It's Friday, July 18th, 2025.
I'm Dave Bittner and this is your CyberWire Intel Briefing. Thanks for joining us here today.
Happy Friday.
It is great to have you with us.
The UK has sanctioned 18 Russian military intelligence officers tied to GRU cyber units
accused of targeting civilians in Ukraine, including attacks like the Mariupol theater strike.
The sanctions also cite earlier hacks,
such as that of Yulia Skripal's phone
and broader cyber campaigns to destabilize Europe
and threaten UK security.
Key GRU units like Fancy Bear and Sandworm were implicated
along with malware operations
like Authentic Antics.
Many of those sanctioned are already indicted in the US, though a few names are newly identified.
The UK also targeted a Russian-backed content operation in Africa pushing disinformation.
Foreign Secretary David Lammy warned that Russia's hybrid threats won't go unchecked
and the UK's commitment to defending Ukraine and European security is ironclad.
Ukrainian cybersecurity officials have uncovered a new malware called Lame Hug, which uses an AI
powered large language model to generate commands on compromised Windows
systems.
Cert.ua linked the malware to the Russian-backed APT-28 hacking group known for targeting Ukraine's
defense sector.
The malware was spread via fake ministry emails containing a malicious.pif file built with
Python and using Alibaba's LLM through hugging face, lamehug adapts in
real time, making it harder to detect.
IBM X-Force called this tactic novel for its dynamic execution.
APT-28, active since 2004, has a long history of attacks against Ukraine, including attempts
at critical infrastructure and Western
firms aiding Ukraine.
Google has filed a lawsuit against the operators of Badbox 2.0, a massive botnet infecting
over 10 million Android-based devices lacking Google's security protections.
The malware was pre-installed on devices or spread via malicious apps, creating back doors
for fraud and illicit schemes.
Badbox 2.0 is the largest known botnet targeting smart TVs and connected devices, with potential
for more dangerous attacks like ransomware or DDoS.
Operators sold access to infected devices as residential proxies and used them for ad
fraud. Google's lawsuit seeks to disrupt the botnet's infrastructure, citing links to
multiple cybercrime groups in China. These groups collaborated through shared command
and control systems, each handling different roles, from malware development to infrastructure and monetization.
This follows the takedown of the original bad box in 2023.
Two major healthcare data breaches have been disclosed, impacting over 3 million individuals.
Radiology Associates of Richmond, Virginia reported a breach from April 2024 affecting 1.4 million people.
Hackers accessed systems for several days, but the breach wasn't confirmed until more
than a year later.
Exposed data included personal and health information, including some social security
numbers.
In Maryland, Anne Arundel Dermatology revealed a separate breach affecting 1.9 million individuals.
Hackers had access to their systems for nearly three months in early 2025.
While neither breach shows confirmed misuse or involvement by known ransomware groups,
both firms are offering identity protection services.
These incidents add to a growing list of large-scale healthcare breaches in recent months, as tracked by the U.S.
Department of Health and Human Services.
Researchers at security firm Expel report a phishing attack
that bypasses FIDO authentication by exploiting QR
codes used in cross-device sign-ins. FIDO keys, which are
device-bound and offer strong
MFA, are typically secure, but this attack tricks users into scanning a
malicious QR code. The attacker created a fake Okta login page that mimicked the
legitimate portal and relayed login credentials in real time. Once users
scanned the QR code, thinking it was part of the legitimate login, the attacker
gained access.
Expel suspects ties to the Poison Seed campaign, which has targeted crypto wallets.
While no malicious actions were seen after login in this case, Expel warns that attackers
have also enrolled their own FIDO keys to lock victims out.
To defend against this, experts recommend requiring Bluetooth for cross-device logins,
monitoring authentication logs for unusual activity, and watching for unexpected FIDO
key registrations.
Terminating active sessions quickly is also advised if compromise is suspected.
Researchers at WIS discovered a critical flaw in NVIDIA's container toolkit
dubbed NVIDIAscape, which threatens managed AI cloud services.
The vulnerability, shown at Pwn2Own Berlin with a CVSS score of 9.0, allows privilege escalation, data theft,
tampering, and denial of service attacks.
It stems from a misconfigured
open container initiative hook.
A malicious container can gain root access
on shared GPU hosts, risking sensitive data and AI models.
WIS warns that containers alone aren't secure
and recommends stronger isolation like virtualization.
TeleMessage Signal, a secure messaging app
used by US agencies and businesses,
was found exposing sensitive data
due to outdated configurations in Spring Boot,
leaving the heap dump endpoint open.
This flaw allows attackers to extract memory dumps containing credentials and session data.
Despite newer Spring Boot versions disabling this by default, vulnerable instances persisted
as of May of this year.
CISA added the issue to its known exploited vulnerabilities list, warning of active attacks.
TeleMessage previously suffered a major breach in May, exposing 410 gigabytes of sensitive
data.
Meta investors have settled a lawsuit accusing CEO Mark Zuckerberg and other executives of
mishandling the Cambridge Analytica data privacy scandal.
The case, which sought $8 billion in damages, alleged leaders ignored red flags about the
firm's misuse of Facebook user data.
It also focused on Meta's $5 billion FTC fine in 2019, claiming it was inflated to
protect Zuckerberg from personal liability. Settlement terms remain undisclosed.
Meta and plaintiff representatives have not commented on the outcome.
Coming up after the break, my conversation with Will Marco,
CEO of 4.1 Insights and N N2K CyberWire senior workforce analyst.
We're taking a data-driven look at how AI is affecting jobs, and Belgian police provide timely cyber tips baked right in.
Stick around. Hey everybody, Dave here.
I've talked about DeleteMe before, and I'm still using it because it still works.
It's been a few months now, and I'm just as impressed today as I was when I signed
up.
DeleteMe keeps finding and removing my personal information from data broker sites and they
keep me updated with detailed reports so I know exactly what's been taken down.
I'm genuinely relieved knowing my privacy isn't something I have to worry about every
day.
The DeleteMe team handles everything.
It's the set it and forget it piece of mind.
And it's not just for individuals.
Delete Me also offers solutions for businesses, helping companies protect their employees'
personal information and reduce exposure to social engineering and phishing threats.
And right now, our listeners get a special deal, 20% off your DeleteMe plan.
Just go to JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K. Did you know Active Directory is targeted in 9 out of 10 cyber attacks? Once attackers
get in, they can take control of your entire network. That's why Semperis created Purple
Knight, the free security assessment tool that scans your Active Directory for hundreds
of vulnerabilities
and shows you how to fix them.
Join thousands of IT pros using PurpleKnight to stay ahead of threats.
Download it now at sempris.com slash purple-knight.
That's sempris.com slash purple-knight. It is always my pleasure to welcome back to the show Will Marco.
He is the CEO of 4.1 Insights and an N2K CyberWire Senior Workforce Analyst.
Will, welcome back.
Great to be here, Dave.
Thank you for having me back. Great to be here, Dave. Thank you for having me back. So we are seeing a lot of anxiety, I think it's fair to say, about artificial intelligence,
specifically these large language models, and the degree to which these are taking away
jobs.
Can we get a little reality check from you, Will?
What's your take on this?
Yeah, so I think a reality check is definitely needed.
If you've listened to CEOs, pundits,
every talking head you can hear right now,
they're going to make you think the sky is falling
when it comes to AI.
You hear CEOs tell us that they're getting rid of jobs,
you hear people saying that we're about to face
this AI apocalypse, and at 401 Insights,
we said, well, hold on a second.
We want to actually cut through some of the hype
and look at some hard data to see what's actually
happening here.
And what we find is that it's, as is usually the case,
a bit of a nuanced picture.
The first thing you can ask is, well,
are we actually already losing jobs to AI,
as some people are starting to pause it.
And if you actually look at employment numbers, jobs are going up, not down,
since generative AI came on the scene in 2022.
And that's true for almost every job family you look at,
even those that are most exposed to AI.
So if you're just looking at employment numbers,
most jobs are not going to show you any kind of a decline,
but there is one caveat to that.
If you look at some of the more clerical
and administrative roles,
those are starting to decline a bit.
However, they've been declining for a long time.
That didn't start in 2022.
Most of those roles had been on a downward trajectory
for a good number of years.
And so it's hard to say that all of that decline is being caused by AI. Now, of course, we don't
just want to look at employment data. We also want to look at some more forward leaning indicators
that tell us whether or not jobs are likely to decline in the future. And so one thing we can
turn to is online job posting data,
which often is a bellwether for where the job market
is going to be headed in the future.
And if we look at that, we do see that since 2022,
there has been a decline in job postings
in many different roles across the economy.
However, it's also difficult to attribute that just to AI
because the peak for job postings that we saw
was in March 2022.
You know what else happened around March 2022?
Interest rates started rising.
And the most precipitous decline that we have seen
in job demand over the past few years
occurred between March 2022 and the following year.
So most of the decline we've seen actually wasn't
even happening when CHAT GPT had entered
our collective consciousness yet.
And so I think it's much easier to attribute
most of those declines to things like rising interest rates
and geopolitical uncertainty and other factors that led to
economic destabilization and uncertainty long before Chad GPT ever burst on the scene.
So have there been some declines due to AI?
Probably somewhere, but it's hard to say that the majority of any kind of labor market effects
over the past few years have been caused by AI?
Well, let's dig into cybersecurity specifically.
I mean, I think folks, look, correlation is not causation,
but I think it's natural for folks
to connect some of the dots.
And we see rounds of layoffs at places like Microsoft,
and that leaves people scratching their heads as to, you know,
is automation leaving to people being redundant?
And that is a completely fair anxiety to have when you hear all of the
headlines, all the CEOs telling us that they're not going to hire anybody unless
they can prove that AI can't do the job that a human could do.
And that causes a significant amount of concern for many of us in the workforce.
And it's a very logical connection to make.
The reality is that if you actually look at the data to see where companies are investing
in more AI skills and more AI skilled workers, you would expect that if AI is actually taking
people's jobs, then you would see a decline in all of the non-AI jobs within companies.
But when we looked at the data, we unpacked hiring activity at all the Fortune 100 companies.
And the companies that increased their demand for AI skills and AI workers usually also
saw an increase in demand
for all of the non-AI workers, too.
And so we just don't see strong evidence in the data
that when most companies are investing in AI,
they're not also investing in the rest
of their workforce as well.
And you say, well, okay, that flies in the face
of what you hear from a lot of these CEOs,
what's actually going on.
And it could be a few things.
One, there could be a few isolated incidents
where organizations are, in fact,
replacing certain corners of their workforce,
maybe due to AI, maybe due to other things.
Could also be that AI is a convenient scapegoat
for some of these organizations.
And rather than tell their investors and tell the public
that they have to reduce headcount
because they didn't hit their targets,
they'd much rather tell a story that says,
oh, we're investing in the latest and greatest technology.
That's why we have to replace our workforce
because we are good stewards of the organization,
not because we didn't hit our numbers.
So what is your advice for the people
who are concerned about this?
I mean, is this a case of embracing the change that maybe upping your skill level when it
comes to some of these AI tools may make you a more attractive person to keep on the payroll?
Or is there anything to that?
I think that's exactly right. So although I'm saying to people,
don't be quite as concerned,
you should also not be complacent.
The reality is these are transformative technologies,
generative AI, large language models.
They are here, they are here to stay,
and they're having an impact in the workforce.
It's just that the disruption that we're seeing
isn't necessarily in terms
of headcount, it is in terms of the underlying skill sets that people need to have and the
tasks that they're going to be performing, leveraging these new tools in conjunction
with other tools that they're already using.
And it is definitely showing up in the data that these tools are having an impact when
it comes to the underlying skills and responsibilities
that people have, especially in cyber as well as other IT fields. Often what we're finding is that
these new tools are spreading like wildfire, skill sets related to generative AI, prompt engineering,
large language models. They're growing faster than any other skill we are tracking across the entirety
of the market. And so what a lot of people are saying is it's not that people are going to get
replaced by AI, it's that people who use AI are going to replace the people who
don't use AI. And that is the reality that we see in the data as well.
All right, well Will Marco is CEO of 4.1 Insights and also an N2K CyberWire
Senior Workforce Analyst. Will, thanks so much for taking the time for us. Marco is CEO of 4.1 Insights and also an N2K CyberWire senior workforce analyst.
Will, thanks so much for taking the time for us.
It's my pleasure.
Thank you, Dave, for having me.
You hear from us here at the CyberWire Daily every single day.
Now we'd love to hear from us here at the CyberWire Daily every single day. Now we'd love to hear from you. Your voice can help shape the future of N2K
networks.
Tell us what matters most to you by completing our annual audience survey.
Your insights help us grow to better meet your needs.
There's a link to the survey in our show notes. We're collecting your comments
through August 31st.
Thanks.
We've all been there. You realize your business needs to hire someone yesterday.
How can you find amazing candidates fast?
Well, it's easy.
Just use Indeed.
When it comes to hiring, Indeed is all you need. Stop struggling to
get your job post noticed. Indeed's Sponsored Jobs helps you stand out and
hire fast. Your post jumps to the top of search results so the right candidates
see it first. And it works. Sponsored jobs on Indeed get 45% more applications
than non-sponsored ones. One of the things I love about Indeed
is how fast it makes hiring.
And yes, we do actually use Indeed for hiring
here at N2K Cyberwire.
Many of my colleagues here came to us through Indeed.
Plus, with sponsored jobs, there are no subscriptions,
no long-term contracts, you only pay for results.
How fast is Indeed?
Oh, in the minute or so that I've been talking to you, 23 hires were made on Indeed, according
to Indeed data worldwide.
There's no need to wait any longer.
Speed up your hiring right now with Indeed.
And listeners to this show will get a $75 sponsored job credit to get your job's more
visibility at Indeed.com slash cyberwire.
Just go to indeed.com slash cyberwire right now and support our show by saying you heard
about indeed on this podcast.
Indeed.com slash cyberwire.
Terms and conditions apply.
Hiring indeed is all you need.
Krogel is AI built for the enterprise SOC.
Fully private, schema free, and capable of running in sensitive air-gapped environments,
Krogel autonomously investigates thousands of alerts weekly, correlating insights across your tools without data leaving your perimeter.
Designed for high availability across geographies, it delivers context-aware, auditable decisions aligned to your workflows.
Krogel empowers analysts to act faster and focus on critical threats, replacing repetitive triage with intelligent automation to help
your sock operate at scale with precision and control.
Learn more at Krogl.com.
That's C-R-O-G-L dot com. And finally, in Belgium, cybercrime awareness has gone gluten-full.
Police are now printing cybersecurity tips on bakery bags, because nothing says beware
of fishing like a fresh baguette.
The idea is delightfully simple.
Reach people who aren't glued to their screens with messages wrapped around their daily bread.
It's a low-cost way to warn about scams, one crusty croissant at a time.
Let's be honest, your gran might skip the cybersecurity blog, but she'll read whatever's
on her lunch bag.
It's a wry reminder that in the fight against digital threats, sometimes the most effective
tech isn't high tech at all.
Sometimes it's just a well-placed warning on your sandwich wrapper.
Bon Appetit and don't click suspicious links. And that's the CyberWire.
For links to all of today's stories, check out our daily briefing at the cyberwire.com.
We'd love to hear from you.
We're conducting our annual audience
survey to learn more about our listeners. We're collecting your insights through the
end of August. There is a link in the show notes. Please take a minute and check it out.
Be sure to check out this weekend's Research Saturday and my conversation with George
Glass, Associate Managing Director of Kroll's Cyber Risk Business. We're discussing their
research on scattered spider and targeting of insurance companies.
That's Research Saturday, check it out.
N2K's senior producer is Alice Carruth.
Our Cyberwire producer is Liz Stokes.
We're mixed by Trey Hester with original music by Elliot Heltsman.
Our executive producer is Jennifer Iben.
Peter Kielpe is our publisher and I'm Dave Bittner.
Thanks for listening.
We'll see you back here next week. Hi, Kim Jones here.
On CISO Perspectives, we get candid with the thinkers, doers, and trailblazers shaping
cybersecurity leadership.
No scripts, no sales pitches.
Just real stories and hard-earned lessons from folks who've been there.
If you're looking to grow as a leader, or just want to hear how others are navigating
this ever-evolving field, listen to CISO Perspectives.
It's your seat at the table. will. In this episode, Cloudrange co-founder and CEO Debbie Gordon shares how real-world simulations
are transforming readiness in 2025. Because your last line of defense isn't software,
it's your team. Tune in now. Your stack depends on it.