Podcasts
CyberWire Daily
Ep 2025
The CyberWire Daily Podcast 3.15.24
Ep 2025 | 3.15.24

Flight fiasco: UK Defence Minister's jet faces GPS jamming.

Show Notes
Transcript

Russia’s accused of jamming a jet carrying the UK’s defense minister. Senators introduce a bipartisan Section 702 compromise bill. The Cybercrime Atlas initiative seeks to dismantle cybercrime. StopCrypt ransomware grows stealthier. A Scottish healthcare provider is under cyber attack. Workers in France are at risk of data exposure. CERT-BE warns of critical vulnerabilities in Arcserve UDP software. The FCC approves IoT device labeling. Researchers snoop on AI chat responses. A MITRE-Harris poll tracks citizens’ concern over critical infrastructure. On our Solution Spotlight, N2K President Simone Petrella discusses the shortage of ethical hackers against the rise of AI with IOActive's CTO Gunter Ollmann. The FTC fines notorious tech support scammers.

Today is March 15th, 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Russia’s accused of jamming a jet carrying the UK’s defense minister. 

During a flight from Poland to the UK, a jet carrying UK Defence Minister Grant Shapps experienced GPS jamming for about 30 minutes, suspected to be orchestrated by Russia. The interference occurred near Russia's Baltic exclave of Kaliningrad, disrupting internet on mobile phones and forcing the aircraft to employ alternate navigation methods. The Russian Defence Ministry has not commented on the incident. However, Prime Minister Rishi Sunak's spokesperson acknowledged the event, noting that GPS jamming in the vicinity of Kaliningrad is not uncommon and did not compromise the aircraft's safety. The incident took place as Shapps was returning from visiting British troops participating in Steadfast Defender 2024, NATO's largest military exercise since the Cold War. The exercise tests the alliance's readiness across multiple domains. The jamming incident, labeled as "wildly irresponsible" by a defence source, reflects the ongoing tensions and the risk of electronic warfare in Eastern Europe, particularly since the Russian invasion of Ukraine. British officials maintain that the plane's safety was not endangered, attributing the jamming to broad Russian interference with satellite communications, affecting not just military but also civilian aircraft.

Senators introduce a bipartisan Section 702 compromise bill. 

Senators Dick Durbin (D-IL) and Mike Lee (R-UT) introduced a bipartisan bill to reauthorize and reform Section 702 of the Foreign Intelligence Surveillance Act (FISA), addressing both national security needs and privacy concerns. The program, set to expire on April 19, has faced criticism for its incidental collection of U.S. citizens' communications and alleged FBI misuses. The proposed legislation seeks a balance by allowing intelligence searches of the database for Americans' communications with the stipulation of obtaining a warrant for accessing content, except in certain cases like digital attacks. It also restricts intelligence and law enforcement from purchasing Americans' data without a warrant. This move aims to break months of deadlock in Congress over the extension of this surveillance tool, proposing a compromise that upholds security while protecting citizens' rights.

The Cybercrime Atlas initiative seeks to dismantle cybercrime. 

The Cybercrime Atlas initiative, a groundbreaking effort aimed at dismantling the global cybercriminal ecosystem, has entered its operational phase. Launched in 2023 by the World Economic Forum, founding members include prominent entities like Banco Santander, Fortinet, Microsoft, and PayPal. This public-private partnership seeks to map and understand the connections between criminal groups, their infrastructures, and dependencies to disrupt their operations effectively. The initiative has garnered support from over 20 law enforcement agencies, private security firms, financial institutions, NGOs, and academic institutions. Through weekly intelligence meetings and collaborative efforts, the group focuses on profiling threat actors, seizing criminal infrastructures, making arrests, and attributing attacks to decrease the profitability and feasibility of cybercrime. 

StopCrypt ransomware grows stealthier. 

A newly discovered variant of StopCrypt (STOP) ransomware now employs a complex multi-stage execution process to evade detection. Unlike prominent ransomware that targets corporations, STOP mainly preys on consumers, aiming for numerous small ransoms ($400 to $1,000). It spreads through malvertising and deceptive sites offering free software or game cheats. This latest variant, identified by SonicWall, uses a deceptive initial load, API manipulation for memory allocation, process hollowing for discreet payload execution, and modifies system permissions to ensure persistence, including a task that re-executes the ransomware every five minutes. Despite not engaging in data theft and demanding relatively small ransoms, the widespread distribution and evolving sophistication of StopCrypt pose a significant risk to many individuals.

A Scottish healthcare provider is under cyber attack. 

NHS Dumfries and Galloway, a Scottish healthcare provider, is addressing a "focused and ongoing cyber attack". The specifics of the cyber incident remain undisclosed, but it's anticipated to cause service disruptions. The region, with a nearly 150,000 population, may face significant data breach risks, including patient and staff information. Authorities, including the Scottish Government, Police Scotland, and the National Cyber Security Centre, have been alerted and are collaborating to assess the data accessed.

Workers in France are at risk of data exposure. 

A cyberattack on two French employment agencies, France Travail and Cap Emploi, compromised the personal information of 43 million French workers, roughly two-thirds of the country's workforce. The breach, which went unclaimed, exposed sensitive data including names, social security numbers, and contact details, but crucially did not include login credentials, passwords, or bank details. Following the discovery, the agencies alerted the CNIL and initiated a police investigation. The breach, which spanned from February 6 to March 5, 2024, is under scrutiny for potential security lapses and delayed notification to authorities. The incident has sparked warnings about increased risks of identity theft, phishing, and financial fraud, prompting calls for affected individuals to monitor their financial activities and communications closely.

CERT-BE warns of critical vulnerabilities in Arcserve UDP software. 

The Centre for Cybersecurity Belgium warns that three critical vulnerabilities in Arcserve UDP Software pose significant security risks to backup and disaster recovery systems. One allows unauthorized users to bypass authentication, another enables the uploading of malicious files with SYSTEM privileges, and the third can lead to denial-of-service attacks. These flaws can result in data exfiltration, ransomware deployment, and disrupted recovery efforts. While there's no evidence of current exploitation, the release of a proof of concept increases the risk of future attacks. Affected versions are Arcserve UDP 9.2 and 8.1. The Centre for Cybersecurity Belgium urges immediate patching with patches available on Arcserve's support portal and recommends enhancing monitoring and detection efforts to safeguard against potential breaches.

The FCC approves IoT device labeling. 

The Federal Communications Commission (FCC) approved the U.S. Cyber Trust Mark, a voluntary label for Internet of Things (IoT) devices indicating compliance with baseline security standards. This initiative is part of a White House effort and developed with standards from the NIST. It aims to guide consumers towards more secure products, thereby reducing vulnerabilities in smart devices. The label will feature a QR code linking to detailed security information about the device. Companies seeking to use the label must meet certain requirements, including listing security configurations and expected software update information. The program, initially focused on consumer IoT devices, may expand in scope, with plans for international recognition and collaboration with other label programs. The initiative has been praised for addressing security concerns but noted for lacking requirements on encryption and privacy disclosure.

Researchers snoop on AI chat responses. 

Researchers at Ben-Gurion University in Israel have discovered a method to decrypt responses from AI assistants like ChatGPT with notable accuracy, exploiting a side channel in the token-sequence transmission process. This vulnerability allows a passive observer in a network to infer the content of encrypted chats, potentially exposing sensitive information. The technique relies on analyzing the encrypted token lengths transmitted by the AI, which correspond to the lengths of the actual words, and then using specially trained large language models to reconstruct the message. This attack can achieve perfect accuracy in deducing responses 29% of the time and can identify the specific topic of 55% of responses. The findings reveal a significant privacy risk in current AI chat services encryption methods, excluding Google Gemini, and highlight the need for improved security measures to protect confidential communications. The research suggests either delaying token transmission or applying packet padding to mitigate the side-channel vulnerability, both of which could impact user experience.

A MITRE-Harris poll tracks citizens’ concern over critical infrastructure. 

A MITRE-Harris poll reveals widespread concern among U.S. residents over the security of the nation's critical infrastructure, highlighting fears of cyberattacks, terrorism, and deterioration due to aging. Homeowners, urban dwellers, and individuals over 27 particularly express apprehension about potential threats to systems crucial for society's functioning, such as energy, water, communications, healthcare, and financial services. With recent upticks in infrastructure failures, 80% of respondents are worried, identifying energy, water, and communications as the top three sectors affecting daily life if compromised. The poll indicates a public call for both government and private sector involvement in bolstering infrastructure resilience, with 78% attributing responsibility to the federal government, either solely or in partnership with others. Despite this, there's divided opinion on the country's recovery capability post-attack, especially among older generations and rural residents. The survey underscores the urgency for proactive measures to secure essential services against increasing and sophisticated threats.

Coming up on our Solution Spotlight, N2K’s President Simone Petrella talks about the shortage of ethical hackers against the rise of AI with IOActive's CTO Gunter Ollmann.

 

The FTC fines notorious tech support scammers. 

And finally, the past few months have seen a noteworthy uptick in enforcement activity from the Federal Trade Commision. In their latest effort, the FTC is imposing a $26 million settlement on two notorious tech support scammers, Restoro and Reimage. These firms, operating out of Cyprus and previously the Isle of Man, played on consumers' fears with bogus Windows pop-ups, tricking them into thinking their computers were riddled with viruses. The scam didn't stop at selling useless software. Oh no, it dove deeper, with victims coerced into calling a hotline only to be further swindled by telemarketers peddling even costlier "technical support."

These scams brazenly target mainly older adults, milking tens of millions from those least capable of defending themselves against such high-tech deceit. The settlement includes a directive for Restoro and Reimage to cease their tactics, but one can't help but wonder about the lasting damage and the countless consumers who've fallen prey to their schemes. This payout is a step in the right direction, but the fight against such predatory practices is far from over.

A tip of the hat to the public servants at the FTC, fighting the good fight. 

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. You can email us at cyberwire@n2k.com—your feedback helps us ensure we’re delivering the information and insights that help keep you a step ahead in the rapidly changing world of cybersecurity.

We’re privileged that N2K and podcasts like the CyberWire are part of the daily intelligence routine of many of the most influential leaders and operators in the public and private sector, as well as the critical security teams supporting the Fortune 500 and many of the world’s preeminent intelligence and law enforcement agencies.

N2K strategic workforce intelligence optimizes the value of your biggest investment—people. We make you smarter about your team, while making your team smarter. Learn more at n2k.com.

A quick program note - we’ve got a special edition podcast dropping this Sunday that dives into the newly released NICE framework for cyber workforce development. It’s an interesting series of conversations, so be sure to check that out. 

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music by Elliott Peltzman. Our executive producers are Jennifer Eiben and Brandon Karpf. Our executive editor is Peter Kilpe, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.