The CyberWire Daily Podcast 2.9.24
Ep 2001 | 2.9.24

Imitation game: LastPass vs LassPass.

Transcript

A LastPass imitator sneaks its way past Apple’s app store review. Bitdefender identifies a new macOS backdoor. The Air Force and Space Force collaborate for stronger cyber defense. CISA offers an election security advisory program. The FCC bans AI robocalls. The Feds put a bounty on the Hive ransomware group. Senators introduce a bipartisan drone security act. Cisco Talos IDs a new cyber espionage campaign. Fighting the good fight against software bloat. On our Solution Spotlight, N2K President Simone Petrella talks with Amy Kardel, Senior Vice President for Strategic Workforce Relationships at CompTIA about the cyber talent gap. And sports fans check your passwords.

Today is February 9th, 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

A LastPass imitator sneaks its way past Apple’s app store review. 

LastPass is alerting its users about a fraudulent app named "LassPass Password Manager" on Apple's App Store, which closely imitates the genuine LastPass app in name and icon design, potentially confusing customers. Despite the clear resemblance, it's uncertain if the impostor app aims to steal user data such as passwords, email accounts, and financial information, or merely seeks to profit from subscription fees, offering a "PRO" upgrade for up to $49.99 for a lifetime subscription. The presence of such a clone app, especially one that could access sensitive user information, raises concerns about the App Store's review process and Apple's security assurances, particularly as the company promotes the App Store's safety while preparing for the introduction of alternate app marketplaces in the European Union. 

Mac journalist John Gruber was able to download and try the app before it was removed, and in his estimation it was not trying to steal legitimate LastPass credentials, but rather was likely trying to piggyback off the password manager’s brand recognition for financial gain. 

The app has been removed from the app store. 

Bitdefender identifies a new macOS backdoor. 

Staying in the Apple ecosystem for a moment, Bitdefender has identified a new macOS backdoor named Trojan.MAC.RustDoor, active since November 2023. This malware, written in Rust, mimics a Visual Studio update and targets both Intel x86_64 and ARM architectures to steal and upload files to a command and control (C2) server. Its association with known ransomware groups like BlackBasta and ALPHV/BlackCat is suggested but not confirmed. The backdoor has several variants with functionalities for persistence and data exfiltration, utilizing a range of commands for controlling infected devices. Despite its sophisticated design, making detection challenging, its communication with C2 servers currently returns "Not found." 

The Air Force and Space Force collaborate for stronger cyber defense. 

The Department of the Air Force is enhancing its collaboration with the Space Force, aiming to strengthen cyber defense capabilities and operational outcomes. My N2K Cyberwire colleague Maria Varmazis filed this report for the T-Minus daily space news podcast.

Be sure to check out T-Minus wherever you get your podcasts.

CISA offers an election security advisory program. 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has initiated an election security adviser program to enhance election security nationwide, aiming to support state and local officials and assure voters of the integrity of the upcoming presidential elections. The program addresses growing security concerns such as cyberattacks by foreign entities, ransomware, and election misinformation. The initiative features 10 new hires with significant election experience, complementing existing staff providing cyber and physical security assessments upon request. State election officials have expressed appreciation for the program, highlighting its role in strengthening cybersecurity infrastructure against malicious activities.

The FCC bans AI robocalls. 

The FCC has banned scam robocalls using AI-generated "deepfake" voices, expanding anti-robocall regulations to include these artificially created calls. This unanimous vote enhances the legal arsenal for state attorneys general to combat fraud and misinformation, specifically targeting AI voice manipulations for scams, voter misinformation, and impersonations. This interpretation of the 1991 Telephone Consumer Protection Act (TCPA) demands prior consent for robocalls with AI-generated voices, aligning penalties for these calls with those for traditional illegal robocalls. Recent legislation proposals aim to double TCPA penalties for AI-involved violations. Despite these measures, experts like Andrew Schwartzman of the Benton Institute for Broadband & Society recognize the limitations in completely halting malicious actors but acknowledge the FCC's efforts as a significant deterrent.

The Feds put a bounty on the Hive ransomware group. 

The U.S. State Department is offering rewards of up to $10 million for information leading to the identification, location, or arrest of key members of the Hive ransomware gang. Hive is responsible for extorting about $100 million from over 1,300 companies in more than 80 countries from June 2021 to November 2022. An additional reward of up to $5 million is available for information resulting in the arrest and/or conviction of anyone attempting to participate in Hive ransomware activities. This initiative is part of the Transnational Organized Crime Rewards Program (TOCRP), which has paid over $135 million for actionable tips since 1986. The announcement follows a successful law enforcement operation that infiltrated Hive's network, providing victims with decryption keys and preventing $130 million in ransom payments. Hive, known for its indiscriminate targeting, operates a ransomware-as-a-service model, breaching organizations through phishing, exploiting vulnerabilities, and using purchased credentials.

Senators introduce a bipartisan drone security act.

Senators Mark Warner (D-Va.) and John Thune (R-S.D.) introduced the Drone Evaluation to Eliminate Cyber Threats (DETECT) Act, aimed at enhancing drone cybersecurity within the federal government. The bill mandates that NIST develop cybersecurity guidance for government-used drones, potentially leading to binding regulations. It includes provisions for testing the guidelines with a federal agency, implementing reporting protocols for drone security vulnerabilities, and prohibits federal agencies from purchasing drones that do not comply with these guidelines, except with a waiver.  Warner and Thune have previously proposed legislation to improve the Federal Aviation Administration's handling of drone technology, advocating for a more transparent and efficient process.

Cisco Talos IDs a new cyber espionage campaign. 

Cisco Talos uncovered a sophisticated espionage campaign named “Zardoor.”, active since at least March 2021, targeting an Islamic non-profit organization. This campaign, executed by an advanced threat actor, utilized a custom backdoor, modified reverse proxy tools, and living-off-the-land binaries (LoLBins) to evade detection, establish command and control (C2), and ensure persistence. Despite only one compromised target being identified, the actor's prolonged undetected network access hints at the possibility of additional victims. The campaign's techniques bear some resemblance to tactics used by threat groups from China, though the association with these groups is considered with low confidence due to the non-exclusive use of the tools and the unique choice of target not aligning with known objectives of Chinese-origin threat actors.

Fighting the good fight against software bloat. 

An editorial in IEEE Spectrum written by Bert Hubert makes the case that software bloat represents a serious security threat. 

According to Hubert, the cybersecurity landscape is in a dire state, with rampant use of excessive code and dependencies in software development leading to significant security vulnerabilities. He highlights the absurdity of current software practices, including the use of millions of lines of code for simple tasks and the integration of numerous external libraries of dubious origin. The situation is further exacerbated by the industry's reluctance to prioritize security due to economic incentives and the rapid pace of development. Notably, legislation in the European Union aims to address these issues by mandating improved software security. Hubert shares a personal project, Trifecta, as an example of minimalistic yet modern and secure software, demonstrating the feasibility of creating efficient and reliable applications with a lean approach to coding and dependencies. The article is a thoughtful call to action for a return to simpler, more secure coding practices.

Ah, the good old days, when 'cloud computing' meant daydreaming about shapes in the sky while your program compiled.

Next up, Simone Petrella is joined by CompTIA’s Amy Kardel on our Solution Spotlight to discuss their perspectives and initiatives in response to the cyber talent gap.

 

 

Sports fans check your passwords. 

And finally, our sportsball desk tells us that this Sunday is Super Bowl 58. I’m told that’s the game with the pointy ball, featuring the Kansas City Chiefs vs. the San Francisco 49ers. 

With professional sports-related passwords being common, security firm Enzoic analyzed a commonly used breach database and found that 'sf49ers' and 'kcchiefs' are among the most exposed team-related passwords, with over 119,000 and nearly 50,000 instances respectively. Their analysis of the top ten passwords for each team showcases the simplicity and predictability of these passwords, making them vulnerable to cyberattacks.

And yes, we know what you’re thinking - what about Taylor Swift? Not to worry, Swifties, Enzoic did an analysis of Taylor Swift derived passwords as well. We’ll have a link in the show notes. 

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. You can email us at cyberwire@n2k.com—your feedback helps us ensure we’re delivering the information and insights that help keep you a step ahead in the rapidly changing world of cybersecurity.

We’re privileged that N2K and podcasts like the CyberWire are part of the daily intelligence routine of many of the most influential leaders and operators in the public and private sector, as well as the critical security teams supporting the Fortune 500 and many of the world’s preeminent intelligence and law enforcement agencies.

N2K strategic workforce intelligence optimizes the value of your biggest investment—people. We make you smarter about your team, while making your team smarter. Learn more at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music by Elliott Peltzman. Our executive producers are Jennifer Eiben and Brandon Karpf. Our executive editor is Peter Kilpe, and I’m Dave Bittner. Thanks for listening.