CyberWire Daily - U.S. rains on Russia’s fake news parade.
Episode Date: September 5, 2024The DOJ disrupts Russia’s Doppelganger. NSA boasts over 1,000 public and private partners. The FBI warns of North Korean operatives launching “complex and elaborate” social engineering attacks. ...Iran pays the ransom to sure up their banking system. Cisco has disclosed two critical vulnerabilities in its Smart Licensing Utility. A Nigerian man gets five years in prison for Business Email Compromise schemes. Planned Parenthood confirms a cyberattack. Our guests are Sara Siegle and Cam Potts from NSA, Co-Hosts of the new show, No Such Podcast. OnlyFans hackers get more than they bargained for. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guests are Sara Siegle, Chief, Strategic Communications and Cam Potts, Co-Host, from NSA sharing their new podcast, No Such Podcast. The NSA launched the first two episodes of their new weekly podcast today. You can catch their trailer here. Visit their show on Libsyn. Selected Reading US Targets Russian Media and Hackers Over Election Meddling (BankInfoSecurity) NSA Eyes Global Partnerships to Combat Chinese Cyberthreats (BankInfoSecurity) North Korean scammers prep stealth attacks on crypto outfits (The Register) Iran pays millions in ransom to end massive cyberattack on banks, officials say (Politico) DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign (SecurityWeek) Critical Cisco Smart Licensing Vulnerabilities Let Attackers Take Over System (Cyber Security News) Nigerian man sentenced to 5 years for role in BEC operation (CyberScoop) Planned Parenthood confirms cyberattack as RansomHub claims breach (Bleeping Computer) Fake OnlyFans cybercrime tool infects hackers with malware (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's Joinelganger.
NSA boasts over 1,000 public and private partners.
The FBI warns of North Korean operatives launching complex and elaborate social engineering attacks.
Iran pays the ransom to sure up their banking system. Thank you. are Sarah Siegel and Cam Potts from NSA, co-hosts of the new show No Such Podcast.
And OnlyFans hackers get more than they bargained for.
It's Thursday, September 5th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing.
Thanks for joining us here today. It is great to have you with us.
The U.S. government disrupted a significant Russian influence campaign dubbed Doppelganger,
aimed at spreading misinformation to influence the 2024 U.S. presidential election.
The campaign used cyber-squatted domains, AI-generated content, influencers, and social media to push false
narratives. Investigators seized 32 domains designed to mimic legitimate news outlets like
The Washington Post, tricking users into viewing pro-Russian propaganda. The fake sites displayed
fabricated stories, and users were directed to them via social media posts and ads.
Two Russian nationals who worked for Russian state media RT were charged with money laundering and other crimes.
They funneled millions into U.S. social media campaigns to stoke domestic divisions.
In response, the U.S. imposed sanctions on individuals involved and issued visa restrictions.
The State Department also offered a reward for information on the hacker group Rodit, linked to the Russian government.
At the Billington Cybersecurity Summit in Washington, D.C.,
the U.S. National Security Agency highlighted its partnership with over 1,000 public and private
organizations to counter emerging cybersecurity threats, especially from China. Officials warned
that Beijing is increasingly using artificial intelligence to spread disinformation globally.
The NSA's Cybersecurity Collaboration Center, established in 2020, helps improve threat detection and incident
response through public-private cooperation. Jamie Wise, deputy chief of the NSA's China
Strategy Center, highlighted efforts to mitigate major threats, including vulnerabilities in
industrial control systems. The NSA has also collaborated with international partners,
such as the Australian Signals Directorate to expose Chinese cyber tactics.
In 2023, the NSA launched an AI Security Center to secure AI development and counter China's use of AI in influence operations, such as during Taiwan's 2023 elections.
such as during Taiwan's 2023 elections.
These efforts aim to set secure AI standards with industry, academia, and government partners.
The FBI has issued a warning about North Korean operatives launching complex and elaborate social engineering attacks on employees of decentralized finance organizations
aiming to steal cryptocurrency.
centralized finance organizations aiming to steal cryptocurrency.
North Korean state-sponsored groups are conducting reconnaissance and targeting individuals linked to cryptocurrency exchange-traded funds.
The attackers use sophisticated tactics,
often posing as job recruiters or professional connections on platforms like LinkedIn.
They trick victims into downloading malware,
sometimes over a prolonged
engagement to build trust. North Korea has long targeted cryptocurrency to bypass international
sanctions and fund its weapons programs. The FBI highlighted indicators of potential scams,
such as unexpected job offers, requests to run scripts or download software,
and unsolicited contacts with suspicious links.
The agency urges companies and individuals to isolate compromised devices
and report incidents to law enforcement immediately.
A major cyber attack last month targeted Iran's banking system,
forcing the regime to agree to a $3 million ransom
to prevent the release of sensitive data from 20 domestic banks.
The group responsible, IR Leaks,
threatened to sell millions of Iranians' account and credit card details on the dark web unless paid.
Originally demanding $10 million, they settled for less, likely due to Iran's
urgent need to protect its unstable financial system, already strained by international
sanctions. The attack, which forced banks to shut down ATMs across the country, was never publicly
acknowledged by the regime. Iran's supreme leader cryptically blamed the U.S. and Israel for psychological
warfare without addressing the bank breach. IR leaks previously attacked other Iranian firms,
but this banking hack is considered their most significant breach, gaining access through a
company called Tosan, which services Iran's financial sector. A pair of old vulnerabilities in Draytek's
Vigor Connect software have been exploited by multiple threat groups worldwide, despite being
patched in October 2021. These path traversal flaws allow attackers to download files with
root privileges. CISA recently added these vulnerabilities
to its known exploited vulnerabilities catalog.
Fortinet reported a spike in exploitation attempts
in late August 2023,
with attackers targeting various industries around the world.
Cisco has disclosed two critical vulnerabilities
in its smart licensing utility
with severity scores of 9.8.
These flaws allow remote attackers to gain administrative access or collect sensitive information.
One of the vulnerabilities involves static admin credentials,
while the other exposes sensitive data via debug log files.
The vulnerabilities affect several versions versions but are only exploitable
when the utility is actively running. Cisco has released updates for affected versions
and urges immediate upgrades as there are no workarounds.
Franklin Okwana, a 34-year-old Nigerian man, was sentenced to five years in prison and ordered to pay nearly
$5 million in restitution for his role in business email compromise schemes.
Okwana, along with co-defendant Ibuku Umedi, who received a 10-year sentence,
participated in schemes that caused over $5 million in losses between 2016 and 2021.
They used phishing emails to compromise computer
systems and induce wire transfers. Okwana expressed remorse, citing personal financial
struggles as his motive. Family members and a local orphanage requested leniency,
highlighting his support for the community. BEC attacks, which involve fraudulent fund transfers,
have resulted in $50 billion in global losses
from nearly 278,000 incidents between 2013 and 2022,
according to the FBI.
Planned Parenthood confirmed a cyber attack in late August 2024,
affecting its IT systems and prompting portions
of the network to be taken offline. The non-profit, which provides reproductive health services,
is investigating the extent of the breach. CEO Martha Fuller praised the swift response of their
IT team and ongoing restoration efforts. The ransomware group RansomHub claimed responsibility, threatening to leak 93 gigabytes of allegedly
stolen data and publishing some documents as proof.
Planned Parenthood has reported the incident to federal authorities, including the FBI.
The breach raises privacy concerns given the organization's sensitive services, though
it has yet to be confirmed whether any data was stolen.
This is not the first ransomware attack on Planned Parenthood.
A 2021 breach exposed private records of 400,000 patients.
Coming up after the break, Sarah Siegel and Cam Potts from NSA join us to discuss their new show, No Such Podcast.
Stay with us.
Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes!
Yes!
Yes!
With savings of up to 40% on Transat South packages, it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply.
Air Transat. Travel moves us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for
security, but when it comes to our GRC programs, we rely on point-in-time checks. But get this,
more than 8,000 companies like Atlassian and Quora have continuous visibility into their
controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30
frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to
vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk. In fact, over one-third of new members
discover they've already been breached. Protect your executives and their families 24-7, 365
with Black Cloak. Learn more at blackcloak.io.
Sarah Siegel and Cam Potts are both from NSA,
and they're co-hosts of the new podcast, No Such Podcast.
Well, let's start off with some high-level stuff here.
Why has NSA decided at this point to launch a podcast?
I know.
I think it comes to a shock, probably to many, that NSA is getting into podcasting.
It's definitely a new medium for us.
We can't talk about parts of what we do, as you know, but it's time to start telling more stories we can talk about while also highlighting our incredible workforce.
And that's the best and the brightest code makers
and code breakers out there.
Cam, from your perspective,
why is this a good time?
I think it's a good time
because for a while we were known as no such agency,
but now we're the agency to know.
And so we're in a new era,
a new time
where all agencies across the entire intelligence community
are starting to tell more of their stories.
So we're falling right in alignment with that.
So I think it's been long overdue.
So now we get a greater opportunity
to just share that story
and decode more of what we have here.
You know, I grew up not far from NSA. And
when I was a kid, I would have friends whose parents you'd ask what they do for a living,
and they just say, I work for the government. That was the era of no such agency. But I think
the fact that you are naming this podcast, No Such Podcast, while being funny and humorous and ear-catching, I think it also speaks to a
real shift in the agency of one of more collaboration and of openness. Sarah, do you
think that's an accurate description? Absolutely. As Cam said, I do believe we're becoming more
public-facing while protecting our national security work. And I think your words couldn't be more true.
Cam, describe to us what we can expect from this new show.
Okay, well, the first two episodes are out now.
So wherever you listen to your podcast, go over and subscribe and listen in.
Or if you're visual like me, you can tune in on YouTube.
But the very first two episodes highlight the bread and butter of the NSA, that's cybersecurity and foreign signals intelligence.
With the foreign signals intelligence episode, which is entitled How We Found Osama Bin Laden, the basics of foreign signals intelligence, we're sharing more of our story of how we were involved in the whole of government effort to find bin Laden. And then within telling that story, we're getting into the standard foreign signals
intelligence cycle from targeting to decrypting to reporting.
And I think it's also a timely conversation because the podcast launches a week before
9-11.
And so this gives the public an opportunity to hear more about how the NSA was involved in
serving the country post 9-11 during that 10-year period that it took to find him.
And then the cybersecurity episode, which is entitled Cybersecurity is National Security.
We're getting into that conversation. Our director of cybersecurity, Mr. Dave Luber,
We're getting into that conversation. Our Director of Cybersecurity, Mr. Dave Luber, will talk about cybersecurity, what it means to national security, and how the NSA is involved in that space.
Then we'll get into some hot topics of the day, zero-trust models, cybersecurity in space, which is a topic that Mr. Luber has a lot of expertise in. And then a topic that might I say is in the news cycle just about every week,
Bolt Typhoon and the government's efforts to combat PRC intrusions into U.S. networks.
So those are our first two episodes.
Sarah, can you give us a little teaser of what we might expect for the rest of the season?
Well, I can neither confirm nor deny if there will be a next season, but I can promise if you stay tuned, you'll find out what happens next. I think one of the challenges
that the agency faces is that in such a rich cybersecurity ecosystem, it's tough to get people to stay with the agency.
Perhaps I'm overstating it.
I think there's a lot of competition for folks from all sorts of organizations, private sector
places, and also with other agencies in the government.
It strikes me that this is a real way to show people what it's like to be an active member
of this organization, to really
give them some insights into the types of things they can expect day to day as a member of your
team. Absolutely. This podcast provides not only a connection to our listeners, but also showcasing
what we're doing and why we're doing it and showcasing our unique mission.
Yeah. I'll also add one of the things I love about this podcast
is that we bring a diverse group of people to the table.
Those who just got here to the agency,
all the way up to senior leadership,
all with diverse backgrounds, talents, and skills.
So being able to highlight the dedicated workforce
and the people behind the mission
is one of the earmarks of why we're doing this.
Can you give us a little peek behind the scenes? I mean, is it a challenge to get your topics
approved? Are there multiple levels of review before you get to publish?
Well, I'll say yes, there are definitely several levels of approval, as you can imagine, that goes into how we're able to
properly tell the story. But that's all to, of course, protect our sources and methods. And
just for any other thing that we may share with the public, such as our cybersecurity advisories,
which are those advisories and guidance that we share with the public, those also go through
levels of approval and any other type of declassified or
unclassified product. So we do that just to protect our sources and methods. But yes.
Cam, can you give us some more insights as to what folks might expect when they tune in?
Of course. Beyond that, you'll just have to subscribe to No Such Podcast,
but I will give a preview. So one of the many things I love about
the podcast is it brings a diverse group of people to the table. Those from new hires all the way up
to senior leadership, all with diverse levels of background skills and talent. Another aspect of
the podcast that I love is we're telling stories that we have not told before. So how the agency has, is, and will always
be involved in the conversation surrounding artificial intelligence. Also how we were
involved in a hostage recovery. And here at NSA, we provide expertise that really you cannot find
anywhere else. So how we have shared that the NSA is home to the world's greatest code makers and code breakers.
We're decoding more of that story and what code making and code breaking means to our world's
history, but also what it means to NSA's history. And last but certainly not least, our cutting edge
research. So our research department here at the agency is the largest research organization
within the entire intelligence community.
So being able to have those conversations with the scientists that are researching the latest and greatest technology, everyone is surely in for some amazing conversations.
Well, I wish you both the best.
As I say, I'm excited on your behalf.
The podcast is No Such Podcast.
You can find it wherever you get your favorite shows.
Cam and Sarah, thank you so much for joining us.
That's Sarah Siegel and Cam Potts from NSA.
The No Such Podcast show is launching today.
You can find it wherever you get your favorite podcasts. Thank you. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
And finally, in a classic case of cybercriminals turning on each other,
in a classic case of cyber criminals turning on each other,
hackers are being tricked by a fake OnlyFans tool that promises to help them steal accounts,
but instead infects them with the Luma information-stealing malware.
Discovered by Verity Research,
this scam is a reminder that even in the world of cybercrime,
no one is safe from betrayal.
The fake tool disguised as an OnlyFans
checker that claims to validate stolen login credentials, actually delivers the Luma malware.
The sneaky malware has been stealing passwords, two-factor authentication codes, and cryptocurrency
wallets since 2022. The hackers who fell for this trick learned the hard way that trusting other cyber
criminals isn't always the smartest move. From Disney Plus to Instagram, the same tactic has
been used to target would-be hackers across various platforms, proving that in the world
of cyber criminals, there's no honor among thieves.
no honor among thieves. And that's The Cyber Wire. For links to all of today's stories,
check out our daily briefing at thecyberwire.com. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing
world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
We're privileged that N2K Cyber Wire is part of the daily routine of the most influential
leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people.
We make you smarter about your teams while making your teams smarter.
Learn how at n2k.com.
This episode was produced by Liz Stokes.
Our mixer is Trey Hester, with
original music and sound design by
Elliot Peltzman. Our executive producer
is Jennifer Iben. Our executive
editor is Brandon Karp.
Simone Petrella is our president. Peter Kilby
is our publisher. And I'm Dave Bittner.
Thanks for listening. We'll see
you back here tomorrow. Thank you. AI and data into innovative uses that deliver measurable impact. Secure AI agents connect,
prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role. Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.