A conclusion on the xDedic Marketplace investigation.
The DOJ concludes its xDedic Marketplace investigation. A cyberattack shuts down a major mortgage lender. The Swiss Air Force suffers third party breach. An update on SilverRAT. The Space Force emphasizes collaboration for effective cyber growth. The DOE announces cyber resilience funding. Merck reaches a settlement on NotPetya. NIST warns of AI threats. Our guest is Dragos CEO Robert M. Lee, with a look at intellectual property theft in manufacturing. And Chump Change fines for big tech.
Today is January 8th, 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.
DOJ concludes xDedic Marketplace investigation.
United States Attorney Roger B. Handberg announced the conclusion of an investigation into xDedic Marketplace, a dark web site selling illegal access to servers and personal data globally, including over 150,000 in the U.S. The site facilitated tax fraud, ransomware, and other crimes, operating through a complex international network and using cryptocurrency to maintain anonymity. In January 2019, U.S. authorities, in collaboration with international law enforcement, seized xDedic’s domain and dismantled its infrastructure. Post takedown, the U.S. Attorney’s Office charged individuals at all operational levels of xDedic, including administrators, sellers and buyers. Seventeen defendants have been charged or extradited to the U.S., with many being foreign nationals from non-extraditing countries, which of course complicates the legal process. The investigation was a combined effort of various U.S. and international agencies.
Cyberattack shuts down mortgage lender.
loanDepot, a major U.S. mortgage lender, was hit by a cyberattack, leading to the shutdown of its IT systems and disruption of online payments and customer services. The company, servicing loans worth over $140 billion, responded to customer queries on X about the outage, confirming the incident and their efforts to restore operations with the help of law enforcement and forensic experts. While the exact nature of the attack remains unclear, the potential for ransomware suggests risks of stolen corporate and customer data. Following a previous data breach in August 2022, loanDepot customers are reminded to be vigilant for phishing and identity theft.
Swiss Air Force suffers third party breach.
The Swiss Air Force suffered a significant data breach after US-based Ultra Intelligence & Communications was compromised. The ALPHV hacker group claimed responsibility, leaking 30 gigabytes of sensitive data, including Swiss military and intelligence documents, after a failed ransom demand. The leak, now on the darknet, reveals encrypted communication technologies and deals, notably with the Swiss Department of Defence and RUAG. Although the Swiss Federal Department of Defence assured that operational systems remain secure, the full impact of the breach, affecting organizations including the FBI and NATO, is yet to be determined, raising concerns about the exploitation of disclosed vulnerabilities.
Continuing with supply chain news, a researcher from security firm Praetorian has identified a significant vulnerability in public GitHub repositories using self-hosted GitHub Actions runners, which can be exploited for high-impact supply chain attacks. Researcher Adnan Khan says attackers can inject malicious code into these repositories via fork pull requests, potentially gaining persistent access and compromising sensitive processes. This vulnerability was demonstrated when a researcher gained access to GitHub's own runner-images repository, highlighting the risks. Tens of thousands of repositories, including those of major tech companies, are vulnerable. While researchers have reported this issue and GitHub has begun mitigation, organizations are urged to require approval for all outside contributions to safeguard against these attacks.
An update on SilverRAT.
Dark Reading reports on SilverRAT, a remote access Trojan with links to Turkey and Syria, which enables control over compromised Windows systems and reportedly plans an update for Android devices. Developed by a group known as Anonymous Arabic, it is sophisticated malware used for keylogging, ransomware attacks, and can delete system restore points. SilverRAT's first version, leaked in October, features customizable command and control options, antivirus bypasses, and delayed payload execution. The developers, operating under aliases "Dangerous silver" and "Monstermc," engage in malware-as-a-service and cybercrime activities on platforms like Telegram and online forums. Middle Eastern cybercrime markets, traditionally led by state-backed groups, now see a rise in homegrown entities like Anonymous Arabic. Cyber threat analysts note varying technical sophistication among Middle Eastern hacking groups and a trend of young hackers transitioning from game hacks to more serious cybercrimes, highlighting the need for programs to redirect youth from cybercriminal activities.
Space Force collaborates through cyber growth phase.
The US Space Force continues to grow their in-house cyber capabilities, but in the meantime plan to continue their collaborative partnership with US Cyber Command. For more on this story, here’s Maria Varmazis, host of our T-Minus daily space podcast.
That’s T-Minus host Maria Varmazis. Be sure to subscribe to the T-Minus space daily wherever you get your favorite podcasts.
DOE announces cyber resilience funding.
Turning toward critical infrastructure, the Department of Energy (DOE) is dedicating $70 million to research and development of technologies to protect delivery infrastructure from cyber threats and physical hazards. Managed by the Office of Cybersecurity, Energy Security and Emergency Response (CESER), the All-Hazards Energy Resilience initiative seeks proposals, particularly for operational technology (OT), focusing on creating a zero-trust architecture in electrical, oil, and natural gas environments. With the complexity of networks increasing, the DOE aims to modernize security to defend against emerging threats. Awards up to $5 million will be granted to universities, tribal nations, and companies for solutions to secure critical energy infrastructure. The initiative recognizes the growing vulnerability of energy systems to cyberattacks, emphasizing the need to maintain operational capability even when compromised. The research is informed by current threats, considering various potential entry vectors into the sector.
Merck reaches NotPetya settlement.
Pharmaceutical giant Merck has settled with insurers over a disputed $700 million claim following the NotPetya cyberattack in 2017. Initially denied coverage due to an "acts of war" clause, Merck's legal battle highlighted the challenge of defining such acts in the realm of cyber warfare. A New Jersey court ruled in favor of Merck, noting the unchanged language in policies despite the evolving cyber threat landscape. The settlement was reached just before the case escalated to the New Jersey Supreme Court. This case and others like it have prompted the insurance industry, including Lloyd’s of London, to clarify exclusions for state-backed cyberattacks in their policies.
NIST warns of AI threats.
The U.S. National Institute of Standards and Technology (NIST) have released a publication highlighting the privacy and security risks associated with the growing use of AI systems like ChatGPT. These systems are vulnerable to adversarial manipulation of training data, model vulnerabilities, and malicious interactions that can lead to sensitive data exfiltration. AI technologies face threats like corrupted training data, software security flaws, data model poisoning, supply chain weaknesses, and prompt injection attacks. NIST classifies the attacks as evasion, poisoning, privacy, and abuse attacks, which can significantly impact the system's integrity and privacy. The agency emphasizes the current lack of robust defenses and urges the tech community to develop better mitigation strategies, warning against oversimplified solutions for these complex security challenges.
Our guest today is Robert M. Lee, founder and CEO of Dragos, talking about intellectual property theft in manufacturing.
Chump Change fines for big tech.
Richie Koch on the Proton Blog points out that In 2023, Big Tech companies like Alphabet, Amazon, Apple, Meta, and Microsoft were fined just over three billion dollars for legal violations. However, their immense revenues allowed them to earn enough within a week of 2024 to cover these fines, demonstrating how minor such penalties are for these tech giants. Despite consecutive years of multi-billion dollar fines, these companies often delay payments, viewing fines merely as a cost of doing business. The current punitive measures fail to deter their rule-bending behavior, underscoring the need for more impactful regulatory actions to address privacy breaches and antitrust issues in the rapidly evolving digital landscape. The fines are so insignificant compared to their earnings that they hardly affect the companies' operations or prompt significant changes in their corporate governance.
As my CyberWire colleague Rick Howard likes to point out, if we want tech companies to take these sorts of fines seriously, we need to hit them in a way that goes farther than simply making them dig through the couch cushions for loose change.
And that’s the CyberWire.
For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.
We’d love to know what you think of this podcast. You can email us at email@example.com—your feedback helps us ensure we’re delivering the information and insights that help keep you a step ahead in the rapidly changing world of cybersecurity.
We’re privileged that N2K and podcasts like the CyberWire are part of the daily intelligence routine of many of the most influential leaders and operators in the public and private sector, as well as the critical security teams supporting the Fortune 500 and many of the world’s preeminent intelligence and law enforcement agencies.
N2K strategic workforce intelligence optimizes the value of your biggest investment—people. We make you smarter about your team, while making your team smarter. Learn more at n2k.com.
This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music by Elliott Peltzman. Our executive producers are Jennifer Eiben and Brandon Karpf. Our executive editor is Peter Kilpe, and I’m Dave Bittner. Thanks for listening.