CyberWire Daily - Unraveling a healthcare ransomware web.
Episode Date: April 9, 2024Change Healthcare gets hit with another ransom demand. A French football team warns fans of a cyberattack. The Home Depot breach is chalked up to a misconfigured SaaS application. The FCC looks to sur...e up car connectivity security to protect survivors of domestic violence. Targus reports a disruptive cyberattack. A massive doxxing event hits El Salvador. India's top audio and wearables brand investigates a customer data breach. The Israeli military jams GPS. Microsoft Security’s Ann Johnson, host of Afternoon Cyber Tea podcast, shares a segment of her latest episode featuring Jason Healey, founding scholar and director for cyber efforts at Columbia's School of International and Public Affairs. They discuss nurturing trust in cybersecurity. And, I’ll have a burger with a side of surveillance. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Microsoft Security’s Ann Johnson, host of Afternoon Cyber Tea podcast, shares a segment of her latest episode featuring Jason Healey, founding scholar and director for cyber efforts at Columbia's School of International and Public Affairs. They discuss nurturing trust in cybersecurity. You can listen to the full episode here. Selected Reading Change Healthcare breach data may be in hands of new ransomware group (SC Media) French football club PSG says ticketing system targeted by cyberattack (The Record) Misconfigured SaaS applications led to the Home Depot data breach, and experts say it’s no surprise (ITPro) FCC opens rulemaking to probe connected car stalking (The Record) Targus discloses cyberattack after hackers detected on file servers (Bleeping Computer) Hacker doxxes nearly every adult in El Salvador (Protos) Hit with massive data breach, boAt loses data of 7.5 million customers (Forbes) Israel’s Scrambled GPS Signals Turn Life Upside Down in Tel Aviv (Bloomberg) How fast food is becoming a new surveillance ground (Fast Company) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K. Change Healthcare gets hit with another ransom demand.
A French football team warns fans of a cyber attack.
The Home Depot breach is chalked up to a misconfigured SaaS application.
The FCC looks to shore up car
connectivity security to protect survivors
of domestic violence.
Targus reports a disruptive cyber attack.
A massive doxing event
hits El Salvador. India's
top audio and wearables brand
investigates a customer data breach.
The Israeli military jams
GPS. Microsoft Security's
Ann Johnson,
host of the afternoon Cyber Tea podcast,
shares a segment from her latest episode featuring Jason Healy,
founding scholar and director for cyber efforts
at Columbia's School of International and Public Affairs.
They're discussing nurturing trust in cybersecurity.
And I'll have a burger with a side of surveillance. It's Tuesday, April 9th, 2024. I'm
Dave Bittner, and this is your CyberWire Intel briefing. Thanks for joining us here today. It is great to have you with us.
The change healthcare data breach saga has intensified with a newly emerged ransomware
group called RansomHub
claiming to possess 4 terabytes of data stolen from the healthcare tech company in February.
Originally linked to the AlfV BlackCat ransomware group,
this breach led to significant operational disruptions and threats of sensitive data exposure.
Despite an alleged $22 million ransom payment by UnitedHealth Group's subsidiary
Optum to Alfie Blackhat, the funds were reportedly stolen by the group in an exit scam,
leaving the original perpetrators without payment. RansomHub is now demanding a ransom from UnitedHealth,
threatening to sell the stolen data, which includes sensitive medical and personal information,
to the highest bidder if payment is not made.
This incident highlights the complexities and dangers of ransom payments,
with experts cautioning against such actions due to the risk of becoming repeated targets for extortion.
The involvement of multiple ransomware groups and affiliates in the
cybercriminal ecosystem adds layers of complexity to resolving these sorts of breaches.
Paris Saint-Germain, the Qatari-owned French football team, alerted fans to a cyberattack
on its online ticketing service detected on April 3rd. The incident was reported as PSG prepares for a
Champions League quarterfinal match against Barcelona. Despite no evidence of data extraction,
the club, facing potential fines under EU data protection laws, informed France's data protection
regulator and took immediate steps to enhance security. The cyber attack underscores the
vulnerability of major football clubs to cyber criminal activities, as seen with Manchester
United in 2020 and the Royal Dutch Football Association in 2023. PSG has assured that a
vulnerability was quickly fixed and has advised fans of the potential compromise of personal information.
The recent Home Depot data breach, which compromised information of over 10,000 employees,
was attributed to a misconfigured software-as-a-service application, highlighting a widespread issue across enterprises.
Information leaked on a hacking forum included employee names,
work emails, and user IDs, raising concerns about potential social engineering attacks.
The breach, which was confirmed by Home Depot on April 7th, was due to a third-party vendor's
error. Security experts emphasize the need for enterprises to address SaaS misconfigurations to prevent these sorts of incidents.
They advocate for better visibility into SaaS risks, monitoring of user behaviors,
and connected applications to secure sensitive data and strengthen defenses against similar vulnerabilities.
vulnerabilities. The FCC is initiating a process to explore methods for preventing the misuse of car connectivity tools by abusers against domestic violence survivors. This move, announced on Monday,
involves a proposed rulemaking to assess how automakers and wireless providers can support
abuse survivors, stemming from the enforcement of the 2022 Safe Connections Act, aimed at enhancing access
to communication services for domestic abuse survivors, the FCC's action seeks to address
the potential risks connected car services pose.
The proposal includes considering classifying connected cars as mobile virtual network operators,
which would significantly increase regulatory oversight, including prohibiting the sale of
geolocation data and improving transparency around data practices. The FCC aims to ensure
that connected car technologies align with the Safe Connection Act's objectives, enhancing safety and security for domestic violence survivors using these services.
Laptop and tablet accessories maker Targus reports experiencing a cyberattack disrupting its operations
after an unauthorized access to its file servers was detected on April 5, 2024.
The attack led Targus to implement its incident response and business continuity measures to investigate, contain, and remediate the disruption,
as disclosed in a Form 8K filing by its parent company, B. Riley Financial.
Although the attack caused temporary business interruptions,
Targus has since contained the incident
and is in the process of recovering its systems
with the assistance of external cybersecurity experts.
The details regarding potential data exfiltration have not been disclosed,
but regulatory authorities and law enforcement have been notified.
There's been no claim of responsibility for the attack
by any
ransomware gangs or threat actors. A hacker has released the personal information of over 5
million Salvadorans, marking the largest data breach in El Salvador's history. Detailed data,
including full names, birthdays, phone numbers, addresses, email addresses, and
Social Security-equivalent DUI numbers, along with high-definition headshot photos,
have been leaked on the dark web. This breach impacts the majority of Salvadoran adults,
with the country's total population around 6.6 million, including a significant diaspora.
around 6.6 million, including a significant diaspora. Initially offered for a $250 fee since August, the data was released for free after a failed ransom demand by the hacker.
The incident was confirmed by La Prensa Grafica, a major Salvadoran newspaper.
BOAT, India's top audio and wearables brand, is probing a potential data breach following
online advertisements of a supposed customer data cache.
The leaked information, verified by TechCrunch against exposed phone numbers, includes full
names, phone numbers, email addresses, mailing addresses, and order numbers indicating authenticity.
The breach reportedly occurred in March, affecting over 7.5 million customers.
Boat confirmed the investigation into the alleged leak,
emphasizing customer data protection as a paramount concern.
The data breach involved credentials reportedly stolen from Boat's systems,
with references to Shopify
in the leaked data. Boat holds a significant market share in India's wireless earbuds and
wearables sectors, and it postponed its IPO plans amid market slowdowns despite being valued at
$300 million in a 2021 funding round.
The Israeli military has been jamming GPS in Tel Aviv as a defensive measure against the threat of Iranian reprisal.
This has significantly disrupted daily life,
affecting everything from navigation apps like Waze and Google Maps
to public transportation payments and even matchmaking on dating apps.
Initially targeting Tel Aviv to protect against potential Iranian attacks, the GPS disruptions
are a response to a strike on Iran's diplomatic compound in Damascus, attributed to Israel,
which killed senior military officials. Iran vowed to retaliate, leading to widespread operational changes in Israel,
where residents have adapted to GPS scrambling by the military for the past six months.
The situation highlights the broader implications of modern warfare tactics on civilian life and technology,
emphasizing the reliance on GPS for various aspects of daily activities
and the challenges of maintaining normalcy
amidst security threats.
Coming up after the break,
Microsoft Securities' Anne Johnson,
host of the Afternoon Cyber Tea podcast, shares a segment of her latest episode featuring Jason Healy, founding scholar and director for cyber efforts at Columbia's School of International and Public Affairs.
Stay with us.
Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes!
Yes!
Yes!
With savings of up to 40% on Transat South packages, it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply.
Air Transat. Travel moves us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks. But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk. In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
Anne Johnson is host of Microsoft Security's Afternoon Cyber Tea podcast. In a recent episode,
she spoke with Jason Healy, founding scholar and director for cyber efforts at Columbia's School of International and Public Affairs. Here's their conversation.
Today, I am joined by Jason Healy, who is a senior research scholar at Columbia University's School for International and Public Affairs, specializing in cyber conflict, competition, and cooperation.
competition, and cooperation. Prior to this, Jason was the founding director of the Cyber Statecraft Initiative of the Atlantic Council, where he remains a senior fellow.
Jason was the editor of the first history of conflict in cyberspace, called A Fierce Domain,
Cyber Conflict 1986 to 2012. He also co-authored the book, Cybersecurity Policy Guidebook by Wiley.
Welcome to Afternoon Cyber Tea, Jason.
Wonderful. Thank you so much for having me.
So you literally wrote the book on cyber conflict and you've examined regulatory policy on cyber.
You've looked back over the past 25 years or more. Can you give the audience a brief history lesson?
I'd love it also.
And comment on what stands out to you.
Are there trends that came to the surface
way back in the late 90s
that you believe still exist today?
There certainly are.
You know, I'll start on cyber threat intelligence.
One of the first lessons that we had to learn in the 1990s
in the military that was at the unit I was at, the Joint Task Force Computer
Network Defense, with people like Bob Gorley and myself at Defense Intelligence Agency,
with people like Mike Tangi. In the private sector, companies like iDefense, which started
the private sector cyber threat intelligence, with people like Matt DeVoe. And one of the early
rules was physical conflict begets cyber conflict. So we would say,
all right, hey, we're seeing a Taiwanese election. We're seeing that there's going to be a World
Economic Forum meeting. And as we were seeing these physical events, we got trained very quickly
to be looking for the cyber echoes of that, of that spillover that would reflect that
physical conflict. And maybe sometimes you even predict it might be a precursor to.
Last year, you wrote on this concept that I found interesting because I'd never thought about it
before. And it was fascinating to me. And I'm always, I pride myself on trying to be a lifelong
learner. But you talked about soft cyber power. Can you explain
what soft power is and how you've seen it play out, particularly in context to the cyber industry?
Yes, soft power comes from the international relations community. And it was written about
by one of the real leaders in the field of thinking about political science and international relations, Joe Nye of Harvard University.
And around the time of the end of the Soviet Union, 1990,
Joe looked at power and said,
boy, too much of our thinking about power,
and power generally meaning trying to get someone,
trying to influence others so that the outcomes are in line with what
you want, with your preferences.
And he said, too much of the writing and thinking about power in international affairs was about
force, right?
It was about militaries and diplomacy, and it was about twisting the other guy's arm
to influence him so that he would do what the United States wanted
or whatever country that they were with.
And he said, that's obviously not quite right.
It's not the whole story.
So of course you have that hard power.
Sanctions or diplomatic bullying or military force
at the very highest ends, nuclear threats.
But a lot of it is soft power, right?
This convincing the other person to act in line with your preferences,
and maybe even a way they don't even know that they're acting in line with your preferences.
And a lot of the early work was looking at, boy, just the way that the United States over the Cold War was able to influence people with our culture.
And, you know, with jazz and Coca-Cola and blue jeans. that were a beacon to the rest of the world and helped lead to the end the fall of the berlin wall
and the ultimate end of the soviet union because people were enticed by the idea
of the west and the united states and so what you can do by by convincing
um and again in many ways that people don't even know they're acting in line with your preferences.
And this really struck me, especially when I was writing that history book, A Fierce Domain,
because the attack on Estonia by Russian hacktivists in 2007,
it always struck me that we never got that story quite right.
Because the way that we would tell the story
was that, well, Estonians got wiped off the network
and they really got defeated
and so we should learn lessons from that.
And neither one of those is really true.
They unplugged themselves from their internet exchange point
from external traffic.
So they didn't get wiped off the network.
They took themselves off the network. They took
themselves off the network. So that way they could continue to have internal communications,
even if they couldn't communicate externally to the country. And also Estonia won, right?
The Russian hacktivists were doing this to try and coerce Estonia into not moving a statue of a
Red Army soldier, and they still moved it. So the Russian
hacktivists didn't meet their ends. And in the end, Estonia was able to get substantial help
to mitigate the event. And a NATO cyber center was ultimately hosted in Estonia.
And it led me to look and say, wait a minute, Estonia succeeded because they had friends and allies.
That's Jason Healy from Columbia's School of International and Public Affairs,
speaking with Microsoft Securities' Anne Johnson, host of the Afternoon Cyber Tea podcast. Thank you. a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
And finally, Forbes looks at the infiltration of surveillance technology into the fast food and vending machine sectors. Leading tech corporations have paved the way for consumer surveillance,
establishing a model that fast food chains and vending machine companies are now emulating.
In a notable case at the University of Waterloo, Canada, students accidentally uncovered that
vending machines on campus, supplied by Switzerland-based InVenda, were utilizing
facial recognition technology to track users' age and gender without their consent. InVenda, were utilizing facial recognition technology to track users'
age and gender without their consent. InVenda's ambitions to expand into the U.S. market
following a $19 million seed funding round further highlight the potential scale of this issue.
This shift is particularly concerning in public and semi-public spaces,
such as hospitals and government buildings, where confidentiality is paramount.
Moreover, the fast food industry's adoption of similar surveillance tactics, employing systems to monitor and analyze employee-customer interactions, illustrates a growing trend toward the automation and control of service processes.
illustrates a growing trend toward the automation and control of service processes.
These practices, while aimed at optimizing efficiency and service quality,
come at the cost of personal privacy and autonomy,
with little regulatory oversight to safeguard consumer rights.
This evolving landscape raises pressing questions about the balance between technological innovation and privacy protection.
As companies increasingly prioritize data collection and analysis over traditional customer service values,
the need for comprehensive privacy legislation and ethical guidelines becomes ever more critical.
The challenge lies in ensuring that technological advancements serve to enhance,
rather than undermine, consumer rights and freedoms. In this new era of automated surveillance,
some wonder if the fast food experience has lost its flavor, replaced by the bitter taste of lost And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
You can email us at cyberwire at n2k.com.
N2K Strategic Workforce Intelligence optimizes the value of your biggest investment,
your people. We make you smarter about your team while making your team smarter.
Learn more at N2K.com. This episode was produced by Liz Stokes. Our mixer is Trey Hester with
original music by Elliot Peltzman. Our executive producers are Jennifer Ivan and Brandon Karp.
Elliot Peltzman. Our executive producers are Jennifer Ivan and Brandon Karp. Our executive editor is Peter Kilpie, and I'm Dave Bittner. Thanks for listening. We'll see you back here
tomorrow.
Thank you. can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.