CyberWire Daily - U.S. and China dance the telecom tango.
Episode Date: June 25, 2024The US scrutinizes Chinese telecoms. Indonesia’s national datacenter is hit with ransomware. RedJulliett targets organizations in Taiwan. Researchers can tell where you are going by how fast you get... there. A previously dormant botnet targeting Redis servers becomes active. Thousands of customers may have had info compromised in an attack on Levi’s. A new industry alliance hopes to prevent memory-based cyberattacks. Guest Seeyew Mo, Assistant National Cyber Director, Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach with N2K President Simone Petrella. Assange agrees to a plea deal. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, guest Seeyew Mo, Assistant National Cyber Director, Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach (and how it's not only about hiring) with N2K President Simone Petrella. Seeyew shares a progress report on the National Cyber Workforce and Education Strategy nearly one year out. For more information, you can visit the press release: National Cyber Director Encourages Adoption of Skill-Based Hiring to Connect Americans to Good-Paying Cyber Jobs. The progress report Seeyew and Simone discuss can be found here: National Cyber Workforce and Education Strategy: Initial Stages of Implementation. Selected Reading Exclusive: US probing China Telecom, China Mobile over internet, cloud risks (Reuters) Indonesian government datacenter locked down in $8M ransomware rumble (The Register) Taiwanese tech firms, universities, religious groups among targets in cyber-espionage campaign (The Record) New security loophole allows spying on internet users' online activity (HelpNet Security) P2PInfect botnet targets REdis servers with new ransomware module (Bleeping Computer) Credential Stuffing Attack Hits 72,000 Levi’s Accounts (Infosecurity Magazine) CHERI Backers Form Alliance to Promote Memory Safety Chip (GovInfo Security) Julian Assange, WikiLeaks Founder, Agrees to Plead Guilty in Deal With U.S. (The New York Times) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K. The U.S. scrutinizes Chinese telecoms.
Indonesia's National Data Center is hit with ransomware.
Red Juliet targets organizations in Taiwan.
Researchers can tell where you're going by how fast you get there.
A previously dormant botnet targeting Redis servers becomes active. Thousands of customers may have had info
compromised in an attack on Levi's. A new industry alliance hopes to prevent memory-based cyber
attacks. Our guest, Siyu Mo, Assistant National Cyber Director in the Office of the National
Cyber Director at the White House, shares the nuances of the White House's skills-based approach with N2K president
Simone Petrella. And Assange agrees to a plea deal.
It's Tuesday, June 25th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing.
Thanks for joining us. It is great to have you with us.
In an exclusive, Reuters reports that the Biden administration is investigating China Mobile, China Telecom, and China Unicom over concerns they could share American data with Beijing through their U.S. cloud and Internet businesses.
Despite being barred from providing telephone and retail Internet service in the U.S. cloud and internet businesses. Despite being barred from providing telephone and retail
internet service in the U.S., these companies still have a small presence, including cloud
services and routing internet traffic, giving them access to American data. Neither the Chinese
firms nor their U.S. lawyers commented, and the Justice Department and Commerce Department declined to comment.
The Chinese embassy in Washington accused the U.S. of unjustly targeting Chinese companies.
Reuters found no evidence of the firm's intentionally sharing sensitive U.S. data with the Chinese government. However, the investigation is part of a broader U.S.
effort to prevent China from exploiting data access for national security
risks. Regulators have not decided on actions but might block transactions, limiting the firm's U.S.
operations. China Mobile, China Telecom, and China Unicom have faced U.S. scrutiny for years.
The FCC revoked their licenses due to national security concerns, citing instances
of misrouting internet traffic through China. The company's points of presence in the U.S.
internet infrastructure are also under scrutiny, as they could allow data manipulation.
The Commerce Department is also probing their U.S. cloud services, fearing access to personal information
and intellectual property could be compromised.
A particular focus is on a China mobile-owned data center
in Silicon Valley,
raising concerns about potential data mishandling.
Indonesia's National Data Center,
operated by the Ministry of Communication
and Information Technology,
was hit by ransomware on June 20th, disrupting several services. The attack impacted at least 210 institutions, including immigration services, which led to delays in processing visas,
passports, and residence permits. The data center, known as the National Data Center, was compromised by a ransomware variant called BrainCypher, identified as LockBit 3.0.
Local reports highlighted significant disruptions, including the shutdown of online student registration in some regions.
President Joko Widodo recently ordered a halt on developing new applications,
including the shutdown of online student registration in some regions.
Suspected Chinese state-sponsored hackers identified as Red Juliet have targeted numerous organizations in Taiwan, including universities, state agencies, and electronics manufacturers,
according to cybersecurity research by Recorded Futures' INSICT group.
Red Juliet, also known as Flax Typhoon, has been active since mid-2021
and was discovered by Microsoft last year.
The group focuses on Taiwan's economic policies and diplomatic relations,
targeting technology companies, aerospace firms,
and religious organizations. Red Juliet exploits internet-facing devices like firewalls and VPNs
for initial access. Operating from Fuzhou, China, the group is expected to continue high-tempo
cyber espionage activities focusing on Taiwanese technology and government sectors.
Researchers anticipate ongoing reconnaissance and exploitation of public-facing devices globally.
Researchers at Graz University of Technology in Austria discovered a vulnerability they've named
Snail Load, which allows spying on users' online activities by monitoring
fluctuations in their internet speed. This attack does not require malicious code or
intercepting data traffic, and potentially could affect all end devices and internet connections.
In a Snail Load attack, the victim's internet connection speed is monitored during interaction with a
server, revealing patterns unique to specific websites or videos. Researchers achieved a 98%
success rate in identifying online videos and 63% for basic websites, with higher success on
slower connections. Closing this loophole is challenging, as it would require
providers to randomly slow down internet connections, affecting time-critical applications.
P2P Infect, initially a dormant peer-to-peer malware botnet targeting Redis servers,
has become active, deploying ransomware and a crypto miner.
Cato Security, monitoring the botnet, suggests it may function as a botnet for hire.
First identified in July of 2023, P2P Infect exploits Redis vulnerabilities and spreads via a replication feature.
By late 2023, it had increased breach attempts but remained inactive. In May 2024,
a new variant began downloading ransomware, encrypting files, and deploying a Monero miner.
The ransomware targets various file types, while the miner uses all available processing power,
sometimes hindering the ransomware. P2P Infect also employs a user-mode rootkit to hide its activities.
Its precise operational structure remains unclear,
but it poses a significant threat to Redis servers.
Clothing brand Levi's has revealed that tens of thousands of customer accounts
may have been compromised in a credential stuffing attack.
On June 13th,
an unusual spike in website activity indicated that attackers were using credentials obtained
from other breaches to access Levi's accounts. The main office of the Attorney General reported that
just over 72,000 individuals were affected. Levi's forced a password reset for all impacted accounts the same day.
Although no fraudulent purchases were made, attackers could view personal information like
order history, names, emails, addresses, and partial payment details. Levi's advised users
to reset passwords and check personal information accuracy to prevent future attacks.
The CHERI Alliance has been formed to promote the adoption of Capability Hardware Enhanced
Risk Instructions, that's CHERI, a project designed to prevent memory-based cyber attacks.
The Alliance includes the University of Cambridge, Capabilities Limited, Chipmaker Codasip, the FreeBSD Foundation, LowRisk, and SCI Semiconductor.
Developed by researchers at the University of Cambridge with support from the UK and US governments,
CHERI provides fine-grained memory protection and scalable software compartmentalization.
and scalable software compartmentalization.
The alliance aims to overcome commercial adoption hurdles by developing standardization and compliance guidelines.
Despite the cost of porting operating systems being a significant challenge,
the alliance seeks to coordinate businesses and adopters to deliver market value.
ARM is conspicuously not part of the alliance,
although they have created demonstration motherboards using Cherry and say they may incorporate it into products if customers demand it.
Coming up after the break, our N2K president, Simone Petrella, speaks with C.U. Moe, assistant national cyber director at the White House.
Stay with us.
Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes!
Yes!
Yes!
With savings of up to 40% on Transat South packages,
it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply.
Air Transat. Travel moves us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our
GRC programs, we rely on point-in-time checks. But get this, more than 8,000 companies like
Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist,
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
CU Mo is Assistant National Cyber Director at the Office of the National Cyber Director at the White House.
Our own N2K President Simone Petrella recently caught up with CU Mo.
Here's their conversation.
I am so thrilled to have CU Mo from the White House here today. And for context for everyone listening, in July of 2023, so just about last year this time, ONCD, the Office of the
National Cyber Director, put out the National Cyber Workforce and Education Strategy. So CU,
to kick things off, we're about a year in. How are we doing on progress on the strategy?
I really appreciate the opportunity to kind of talk about what we're trying to do here at the White House on cyber workforce and education.
And you are right.
Time flies.
I mean, the strategy has been out for almost a year, not quite.
for almost a year, not quite.
And we are really excited to kind of give
like a progress report
about what we're doing,
how we're doing.
But I can't stress enough that,
you know, I say this all the time.
I want it to be repeating again,
is that the White House
Office of National Cyber Director,
ONCD, is not the first office
that is trying to solve
the cyber workforce and education issue.
A lot of people have been doing
a lot of good work throughout the years.
So, you know, I just want to stress that,
you know, we're not the only ones
and we're not doing this alone.
It's just always good to start off
by acknowledging all the good that's been done
and then talk about how we can collectively
move everything forward together. Yeah. I think one of the things that I'd love to sort of kick
off on is that there is a progress report that you are all looking to release here in the coming
days. Can you tell us a little bit about what we can expect to see as that report becomes public?
Yes. Yeah, for sure.
The report essentially reaffirms that the foundation of solving the national stable workforce and education issue is sort of like tips all of us.
You know, we are talking about what we are doing as part of the National Cyber World Force on Education strategy, which I will call, it's a mouthful, which I will call the
strategy from now on.
So what the strategy is prescribing is that, you know, there are three broad issues in
what we're facing today, right?
Non-American Americans are considering a career in cyber or cyber security
they either don't see someone like
them in the field or
they don't know anyone
who are in the field
or they always assume that it's a
narrow and technical
role like you know the old
cliche of like the guy in a hoodie
you know hacking and defending in the dark room
kind of thing right so that's one issue.
And the second issue is
training and education
opportunities have
not been able to keep up with the demand,
so that's the second issue. And the third
issue is the
idea that we don't have
enough locally driven collaboration
to connect people to jobs, connect
people to training, or provide wraparound services so that workers can get the support that they need to actually pursue a cyber career.
So what you will see in this report is sort of like a narrative on some of the progress that we have made on all of these three areas, right? I can go into more detail later on,
but just to sort of like frame the conversation here is that, you know, from the federal government
standpoint, ONCD is coordinating with 34 other federal agencies so that we are all doing this
collectively. And then we are also working with non-federal government organizations, right, like private sector employers, academia, state, local, and territorial governments to actually move the ball forward together.
And we have commitments from over 100 organizations.
So, you know, I can go into a little bit more detail, but what folks should expect to see is some progress on those three, there's been a lot of releases coming out of the
White House and then subsequent reporting on the emphasis on a skills-based approach for employers,
but also the federal government. I was hoping you could sort of provide a bit of explanation
and clarification on what does it mean to do a skills-based approach in cyber? And what does that mean from an ONCD perspective?
Sure. Yeah, I think many of us always relate skill based approach to only skills based hiring,
right? I think I want to kind of put a stop to this and say, hey, it's actually more than hiring,
but oftentimes the work starts at hiring, right? Because when we think about skill-based approaches, we have to think about the skills that are necessary to do a particular job, which lends itself to changes and updates in a job description.
The reality is a lot of Americans have certain skills, and they have acquired either from a job or from a training, but they might not have an official certification or degree.
So when you focus on skills, what we're doing is that we are making sure that we are removing and lowering the barriers without lowering the standards.
Right?
So that allows us to actually build the best team possible to achieve the mission that we want.
that allows us to actually build the best team possible to achieve the mission that we want.
And it makes a lot of sense because, you know, if you don't have that understanding of your requirements to begin with, how do you actually start the process, continue the process? Like,
you can't implement it for anyone without doing that sort of foundational workload.
That's right. So when we think about skills use approach, it has to start from the very top,
right? From a strategic level about what are the skills that we need to accomplish the mission.
So that, we believe, gives you a more flexible way of thinking about talent and the pipeline.
We're not going to get there right away, right? And I think, you know, and I totally understand it. As you're trying to promote skill-based approaches all across the country, we realize that the federal government has to lead by example.
And as you know, Simone, making changes in federal government is difficult.
But there are areas when we kind of get a lot of people together.
And that's why we worked with Office of Personal Management, OPM, and Office of Management and Budget, OMB, and our 34 other federal agencies, there's
a way for us to sort of get going, right?
Get as much of the processes converted to skill-based approach.
And that's what we announced in April of this year at the White House Convening for Good
Paying Meaningful Jobs in Cyber is let's take one occupation series in the federal government.
So this is like the broad categories of jobs that affects a lot of cyber workers.
And we found that about 60%, a little bit more than 60% of cyber workers in the federal government
is covered under the 2210 information technology and management series.
So what we have decided collectively is the administration will modernize the 2210 occupation
theory into skilled based approaches.
So that means we're going to try to go as far as we can, starting from minimum from minimum qualifications, right? Looking at roles
and all these different things.
I don't want to sort of prejudge
the actual outcome,
but to know that, you know,
it's more than just hiring,
it's the whole approach itself.
And the staffers are currently
like working really hard
because we have a deadline
of getting this done
by the summer of 2025.
I hope we return
to adopt a lot of best practices.
OPM is talking to the interagency.
We are talking to interagency
as we try to set this up.
Given the deadline that's coming up
for summer of 2025,
you know, just to maybe dispel any concerns
that anyone listening would have,
that obviously sounds like a big deadline.
But what's the volume of job descriptions
that we're talking about here?
Just because I want to kind of be able to make clear
to an audience that it might not necessarily
take you a year,
even though the federal government
for 100,000 docupation series positions.
One of the point out is
a lot of all this work are ongoing, right?
And this is just like the culmination of it.
When you're making policy changes like that, we have to remember this is, you know, people's likelihood.
We want to do it right.
We don't want to rush.
We don't want to rush it.
And we want to make sure that we follow the processes that we have in place.
The 2210 exists in a lot of different departments and agencies.
So, you know, we want to make sure that everyone's equity is represented here.
I think the signal that we're sending, right, like the takeaway here is,
if an organization as large as the federal government is willing to do this,
I think all of us organizations, big or small, all across the country,
not just in Washington, D.C.,
or the tech capitals around the country,
my hope is everyone kind of comes together
to really look at how they can take advantage
of the benefits of skill-based approaches
and provide, right?
Think about the business objectives that you have,
the mission that your organization is trying to deliver.
Think about the skills that you need
as you come up with a workforce strategy,
like a talent plan that you have.
And then, so think about how you can kind of
create a pipeline, set up,
throw like the workforce mixture that you need.
Like not everyone has, you know,
not everyone has to have, you know, not everyone has to be the most senior that you need. Like not everyone has to have,
not everyone has to be the most senior
or technical person.
It might be like a mix,
a combination of like some senior
and true level, right?
So I feel like when you start thinking about
skills in that sense,
that opens up how you think about
your workforce.
And then in turn,
change how you'll go about recruiting and retention,
re-skilling and up-skilling.
That's like the key thing here
that we're trying to push for is,
yeah, it's more than just about
removing a degree requirement.
I happen to believe that degrees are extremely helpful.
This is more about how can we take a more agile approach in thinking about skills and talent and
world sports and the benefit is it opens up pathways for more folks who might not have
the right technical degree you know like simone you and i you know we've seen some of these famous
or popular cyber people they're like philosophy majors or like physicians.
If you think about like, hey, we need CS degree only, then you kind of miss out on all this other
talent, right? I think that's what we're pushing for. Yeah. I mean, I just want to emphasize what
you said right at the beginning. I think the takeaway is if the federal government can embark
and sort of lead truly by example as the largest employer in the United States,
then we should be able to do it
in our own organizations too
and take that step and invest in it.
Well, Sue, thank you so much for sharing updates
on where things are with ONCD
and the progress of the strategy.
Exciting things to come.
That's C.U. Moe, Assistant National Cyber Director the progress of the strategy, exciting things to come.
That's C.U. Moe, Assistant National Cyber Director in the Office of the National Cyber Director at the White House, speaking with our N2K President, Simone Petrella.
Thank you. businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep
your company safe and compliant.
And finally, Julian Assange, founder of WikiLeaks,
agreed to plead guilty to one felony of illegally obtaining and disclosing
national security material,
securing his release from a British prison.
The plea, part of a deal, means Assange, now age 52,
will be sentenced to time served, about five years.
He will appear in a remote federal court in Saipan before returning to Australia.
Assange's extradition fight has been a saga,
with his supporters claiming his actions were in the public interest.
Meanwhile, U.S. officials argue he endangered lives and national security.
After years in Belmarsh prison,
his release will mark the end of this particular chapter.
And that's The Cyber Wire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
You can email us at cyberwire at n2k.com.
Your feedback helps us ensure we're delivering the information and insights
that help keep you a step ahead
in the rapidly changing world of cybersecurity. We're privileged that N2K and podcasts like
The Cyber Wire are part of the daily intelligence routine of many of the most influential leaders
and operators in the public and private sector, as well as the critical security teams supporting
the Fortune 500 and many of the world's preeminent intelligence and law enforcement agencies.
N2K's strategic workforce intelligence optimizes the value of your biggest investment, your people.
We make you smarter about your team while making your team smarter.
Learn more at n2k.com.
This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music by Elliot Peltzman.
Our executive producers are Jennifer Iben and Brandon Karp.
Our executive editor is Peter Kilby and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow. Thank you. deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your