AT&T outage leaves major cities offline.

AT&T experiences a major outage. The LockBit takedown continues. An updated Doppelgänger is spreading misinformation. A roundup of critical infrastructure initiatives. Toshiba and Orange make a quantum leap. An eyecare provider hack comes into focus. A phony iphone repair scheme leads to convictions. In our Learning Layer segment, Sam Meisenberg shares the latest learning science research. And we are shocked - shocked! - to discover that phone chargers can be used to attack our devices.

Today is February 22nd, 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

AT&T experiences a major outage.

AT&T experienced a significant network outage affecting cellular and internet services nationwide. The outage impacted major cities including Houston, Chicago, Dallas, Los Angeles, and Atlanta. While Verizon and T-Mobile customers also faced issues, these were primarily when attempting to connect with AT&T users, with relatively minor outages reported for both. The cause of the disruption remains unknown. AT&T acknowledged the problem, advising customers to use Wi-Fi calling and working to restore service. Verizon clarified their network was not directly impacted, only when reaching out to AT&T. By mid-day Thursday most of the network seems to be back to normal. 

The LockBit takedown continues. 

The U.S. is offering up to $15 million in rewards for information on the LockBit ransomware operation's cybercriminals. This comes despite law enforcement, including the UK's National Crime Agency (NCA), already disrupting the group by seizing its domains and servers. LockBit’s seized domains now redirect to a site mimicking LockBit's, but display law enforcement messages, including details on the ransomware's activities, rewards, and sanctions against its affiliates. The NCA has listed nearly 200 LockBit affiliates' usernames, signaling a direct challenge to the group. Additionally, servers tied to LockBit's Stealbit data exfiltration tool have been destroyed, and over 14,000 accounts linked to the operation's infrastructure have been shut down. Authorities claim access to key infrastructure has been obtained, potentially aiding victim recovery, with 1,000 decryption keys already recovered. 

Trend Micro reports that before the takedown, LockBit was developing a new version of its malware, dubbed LockBit-NG-Dev, potentially marking a significant evolution in its capabilities.

Meanwhile, Ukrainian police arrested a father-son duo linked to the Lockbit cybercrime gang, implicated in a series of ransomware attacks targeting enterprises and institutions in France. 

Despite the crackdown, LockBit administrators remain defiant, denying the effectiveness of law enforcement actions and claiming wrongful arrests.

An updated Doppelgänger is spreading misinformation.

ClearSky Cyber Security and SentinelLabs have identified a resurgence of the Russian information warfare campaign, "Doppelgänger NG," linked to the cyber espionage group APT28 (Fancy Bear). Initially exposed by Meta and further analyzed by RecordedFuture, "Doppelgänger" involves disseminating false information through numerous fake websites and social media channels. The new wave, "Doppelgänger NG," utilizes updated infrastructure and expands its target list to include the US, Germany, Israel, and France, operating over 150 domains. This campaign demonstrates significant investment, suggesting state-level backing, and aims to influence international perceptions and political discourse, aligning with Russia's hybrid warfare strategy. The campaign's success relies on building credibility over time, making engineered messages more difficult to detect and influential on public actions and societal norms.

A roundup of critical infrastructure initiatives. 

In response to an Executive Order by President Joe Biden to combat maritime cyber threats, the U.S. Coast Guard (USCG) issued a directive targeting cyber risk management for ship-to-shore cranes, especially those from China. This directive, part of the Maritime Security (MARSEC) framework, aims to bolster cybersecurity across critical port infrastructures by mandating specific risk management steps for the operators of these cranes. Highlighting the predominant use of Chinese-manufactured STS cranes in U.S. ports, the directive underscores the potential for these cranes to be exploited, thereby jeopardizing critical maritime infrastructure. To address these risks, the directive advises immediate engagement with local Coast Guard authorities for guidance, reflecting a broader government strategy to enhance maritime cybersecurity resilience and protect the national transportation system from cyber threats.

CISA, the EPA and the FBI have released a collaborative fact sheet aimed at bolstering the cybersecurity of water and wastewater systems (WWS). This guidance addresses the increasing cyber threats to WWS, offering actionable steps to mitigate risks and enhance system security. Key recommendations include reducing public internet exposure of WWS infrastructure, conducting regular cybersecurity assessments, changing default passwords, cataloging OT/IT assets, developing cybersecurity incident response and recovery plans, implementing regular backups, mitigating known vulnerabilities, and conducting cybersecurity awareness training.

The Electricity Information Sharing and Analysis Center (E-ISAC) released its 2023 End-of-Year Report, reflecting on the Electric Reliability Organization's effective response to a year marked by unprecedented cyber vulnerabilities in the electricity sector. These included malware, ransomware, supply chain exploits, and more. The report showcases E-ISAC's achievements in enhancing information sharing among its U.S. and Canadian government partners and members, and outlines its strategic plans for 2024. It highlights the identification of malicious traffic, monitoring of extremist threats to electricity assets, and prioritization of critical threats for comprehensive analysis. The report emphasizes E-ISAC's commitment to improving physical and cyber security practices within the industry, including the introduction of new programs and workshops focused on real-world events and security best practices.

Toshiba and Orange make a quantum leap. 

Toshiba and digital service provider Orange have successfully conducted experiments on quantum-safe networking, showing that quantum key distribution (QKD) can coexist with conventional data signals over existing fiber optic networks. They demonstrated a 400Gbps quantum secure data transmission with QKD encryption over a 184km fiber link, indicating that current networks can be protected against quantum computer threats. The tests confirmed that QKD-secured signals can share the same fiber network with classical data transmissions, offering a cost-effective and rapid deployment method without needing dedicated fibers for QKD. Further evaluations emulated typical metro-based fiber network architectures, using Toshiba’s commercial QKD systems for quantum-secure encrypted data transmission. This collaboration marks a significant step towards integrating quantum key distribution into existing network infrastructures, enhancing security against potential quantum threats.

An eyecare provider hack comes into focus. 

American Vision Partners has notified nearly 2.4 million patients of a November hacking incident that compromised sensitive data. The firm provides administrative services to about a dozen ophthalmology practices in several states. The breach involved unauthorized server access, potentially exposing patient information, including names, contact details, birthdates, medical records, Social Security numbers, and insurance details. In response, the company has isolated the affected system, engaged cybersecurity firms, notified law enforcement, and taken steps to secure its IT infrastructure. Affected individuals are advised to monitor their credit reports and have been offered two years of free identity and credit monitoring. 

A phony iphone repair scheme leads to convictions. 

Two Chinese nationals, Haotian Sun and Pengfei Xue, were convicted of mail fraud and conspiracy for attempting to defraud Apple by sending thousands of counterfeit iPhones to the company for repair, aiming to receive genuine replacements. Operating between May 2017 and September 2019, they, along with accomplices, shipped fake iPhones from Hong Kong to the U.S., then submitted them for repairs or replacements under Apple’s warranty program. The scheme involved over 5,000 counterfeit devices, with genuine replacements sent back to Hong Kong for sale. The fraud was uncovered after Sun used his identification to open several mailboxes for receiving the counterfeit phones. They were arrested in December 2019. Sentencing will take place on June 21, with each facing a maximum penalty of 20 years.

Up next, we have our Learning Layer segment. Host Sam Meisenberg breaks down research about quizzes and their impact on learner motivation and long term retention.

 

We are shocked - shocked! - that phone chargers can be used to attack our devices. 

And finally, a recent study conducted by academic researchers at the University of Florida and blockchain security firm CertiK has identified a novel set of attacks, collectively termed 'VoltSchemer.' The exploits target the electromagnetic fields generated by wireless chargers to carry out a range of malicious activities. These activities include injecting unauthorized voice commands into smartphones' voice assistants, causing physical damage to the devices, and excessively heating nearby objects to temperatures exceeding 536°F (280°C). This groundbreaking research highlights significant security vulnerabilities within the prevalent technology of wireless charging.

Wireless charging systems typically function through electromagnetic induction, where an alternating current flowing through a transmitter coil in the charging station generates an oscillating magnetic field. The receiver coil in the smartphone captures this magnetic energy and converts it back into electrical energy to charge the device's battery. The researchers demonstrated that by introducing voltage manipulation through an interposing device, they could interfere with the data exchange between the charging station and the smartphone. This interference allows for the distortion of power signals and the corruption of transmitted data with high precision.

In the lab, the researchers conducted experiments on nine of the top-selling wireless chargers worldwide. In one case they managed to keep a smartphone charging beyond its capacity, leading to severe overheating. This was achieved by corrupting the communication signals between the phone and the charger, preventing the phone from signaling that it had reached full charge and needed to stop receiving power.

The researchers' findings not only expose the vulnerabilities in current wireless charging technology but also call for immediate action to enhance the security protocols governing these systems. The researchers have engaged with the vendors of the tested charging stations to discuss potential countermeasures that could mitigate the risks associated with VoltSchemer attacks. 

I gotta say I never imagined I'd have to worry about my phone charger being the entry point for destruction or cyber spies. You might even say the revelation is…shocking.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. You can email us at cyberwire@n2k.com—your feedback helps us ensure we’re delivering the information and insights that help keep you a step ahead in the rapidly changing world of cybersecurity.

We’re privileged that N2K and podcasts like the CyberWire are part of the daily intelligence routine of many of the most influential leaders and operators in the public and private sector, as well as the critical security teams supporting the Fortune 500 and many of the world’s preeminent intelligence and law enforcement agencies.

N2K strategic workforce intelligence optimizes the value of your biggest investment—people. We make you smarter about your team, while making your team smarter. Learn more at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music by Elliott Peltzman. Our executive producers are Jennifer Eiben and Brandon Karpf. Our executive editor is Peter Kilpe, and I’m Dave Bittner. Thanks for listening.