The takedown of a ransomware ringleader.

International law enforcement put a leash on a LockBit leader. Updates from RSA Conference, including our Man on the Street Rob Boyce, Managing Director at Accenture. TikTok sues the U.S. government. The Commerce Department restricts chip sales to Huawei. A third-party breach exposes payroll records of Britain’s armed forces. BogusBazaar operates over 75,000 fake webshops. Android security updates address 26 vulnerabilities. A Philadelphia real estate investment trust gets hit with ransomware. BetterHelp will pay $7.8 million to settle FTC charges of health data misuse. On the Learning Layer, Sam and Joe dive into CISSP Domain 4, Communication and Network Security, and discuss networking, the OSI model, and firewalls. AI steals the Met Gala spotlight.

Today is May 8th, 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

International law enforcement put a leash on a LockBit leader. 

Britain, the United States, and Australia have taken significant legal action against Dmitry Khoroshev, identifying him as a senior leader of the notorious cybercrime organization LockBit. The coordinated sanctions involve asset freezes and travel bans, effectively isolating Khoroshev from global financial systems and restricting his international movement. LockBit, the ransomware group he leads, has been responsible for extorting over $1 billion from victims across the world through digital means.

LockBit's operations were notably disrupted in February by an unprecedented international law enforcement campaign. Agencies involved included the NCA, U.S. Department of Justice (DOJ), Federal Bureau of Investigation (FBI), and Europol. During this operation, LockBit's darkweb site was seized and used as a platform by police to leak sensitive information about the group and its members.

Furthermore, the U.S. has charged two Russian nationals linked to deploying LockBit ransomware against various targets globally, and these individuals were also sanctioned by the U.S. Treasury. Before law enforcement seized control, LockBit's website displayed a gallery of victim organizations, with digital timers indicating the deadline for ransom payments.

Most recently, international law enforcement has utilized the hijacked LockBit platform to further expose Khoroshev, including publishing a wanted poster and offering a $10 million reward for information leading to his capture. A 26-count indictment in the U.S., unsealed on Tuesday, revealed that Khoroshev personally received at least $100 million in Bitcoin payments related to LockBit’s criminal activities. 

Updates from RSA Conference. 

Returning to coverage of this week’s RSA conference in San Francisco, yesterday the U.S. State Department’s Chief Information Officer Kelly Fletcher revealed the department is diversifying its security vendors beyond Microsoft. This is in response to last year's China-linked hack compromising 60,000 emails, including those of Commerce Secretary Gina Raimondo. The incident sparked widespread criticism of Microsoft's transparency and security practices. Fletcher emphasized the need for secure vendor networks, not just secure software, and noted the State Department now relies on multiple vendors, including Palo Alto Networks, Zscaler, and Cisco, and has bolstered security with measures like multifactor authentication and wider data encryption. Microsoft's role remains crucial, but Fletcher insists on a secure corporate network across all vendors.

Elsewhere at the conference, Homeland Security Secretary Alejandro Mayorkas announced the first meeting of the Artificial Intelligence Safety and Security Board, a new initiative aimed at managing AI's deployment and safeguarding against its risks. During a keynote, he discussed the board's focus on AI's impact on critical infrastructure security and its civil rights implications, particularly the risk of perpetuating bias. The board, comprising AI leaders, government officials, and tech giants, will meet quarterly to address AI use within Homeland Security, which spans from managing disaster relief to training refugee case workers. The department is also enhancing its AI workforce, having received over 3,000 applications for AI-related roles, and is coordinating internationally on AI defense strategies.

We have more insights from RSA conference later in the show from our partner and Man on the Street Rob Boyce from Accenture. 

TikTok sues the U.S. government. 

TikTok is suing the U.S. government to block the enforcement of a recent bill that mandates the app's Chinese owner, ByteDance, either sell TikTok or face a ban. Filed in the D.C. Circuit Court of Appeals, the lawsuit argues that the "Protecting Americans from Foreign Adversary Controlled Applications Act" infringes on free speech rights under the First Amendment by unfairly targeting TikTok as a unique speech platform. TikTok contends that the law, which also allows for the potential ban of other platforms on national security grounds, is an unprecedented and discriminatory action lacking sufficient justification. The company emphasizes that the stipulated divestiture option within 270 days is not feasible, challenging the law's legitimacy and its alignment with constitutional rights.

The Commerce Department restricts chip sales to Huawei. 

The U.S. Commerce Department has tightened restrictions on Huawei Technologies, revoking previous allowances for U.S. chip sales to the Chinese tech giant. This decision, impacting companies like Intel and Qualcomm, prevents them from supplying chips for Huawei's smartphones and laptops. The new export curbs were triggered by Huawei's recent product announcements involving U.S. technology, intensifying scrutiny of the firm amid ongoing U.S.-China tensions. Concurrently, the U.S. is bolstering domestic and allied capabilities to compete with Huawei, with the NTIA announcing $420 million in grants for developing alternative network gear and the FCC preparing to vote on barring Huawei from certifying wireless equipment in the U.S. This shift continues policies aimed at curtailing Huawei, which has been a central figure in U.S. national security concerns due to fears of Chinese espionage, despite Huawei's denials of any espionage activities.

A third-party breach exposes payroll records of Britain’s armed forces. 

A security breach at a third-party contractor has exposed around 270,000 payroll records of nearly all members of Britain’s armed forces. The compromised data includes sensitive information like names and bank details. UK’s defense secretary indicated the breach might be the work of a state-backed actor, with suspicions pointing towards China, although this has not been conclusively proven. The situation has led to criticism of the government's strategy towards China and calls for a full review of the contractor, SSCL. No data theft has been confirmed, and measures are being taken to monitor for potential misuse of the exposed data.

BogusBazaar operates over 75,000 fake webshops. 

Security Research Labs have published a report describing a criminal network named BogusBazaar which operates over 75,000 fake webshops that have processed over a million orders totaling more than USD 50 million in the last three years. These shops, often leveraging expired domains with strong Google reputations, mainly target Western European and U.S. customers, offering counterfeit or non-existent products while harvesting credit card details. The network uses sophisticated infrastructure and a franchise model, with significant operations based in China but servers predominantly in the U.S. Some fraudulent shops have been taken down following the research exposure.

Android security updates address 26 vulnerabilities. 

Google has released a comprehensive Android security update to address 26 vulnerabilities, including a critical flaw in the System component (CVE-2024-23706) that allows local privilege escalation on Android 14 devices. The updates, split into two parts, fix issues across multiple components, including the Framework, System, kernel, and chipset-specific vulnerabilities from Arm, MediaTek, and Qualcomm. Additionally, Google updated Pixel devices and Wear OS, addressing further vulnerabilities, with no current evidence of these vulnerabilities being exploited in the wild.

A Philadelphia real estate investment trust gets hit with ransomware. 

Philadelphia-based Brandywine Realty Trust reported a ransomware attack on May 1, disrupting certain business applications including financial systems. The attack, detailed in an SEC filing, involved unauthorized access and encryption of files on the company’s corporate systems. Brandywine has contained the incident, started system restoration, and engaged with cybersecurity experts and law enforcement. Although some files were stolen, the real estate operations remain unaffected, and the company does not anticipate a significant financial impact.

BetterHelp will pay $7.8 million to settle FTC charges of health data misuse. 

BetterHelp will pay $7.8 million to settle FTC charges alleging misuse of consumer health data for advertising. The online therapy service shared sensitive data, including health questionnaire responses, with platforms like Facebook and Snapchat to target potential customers. This practice, conducted without user consent, reportedly boosted its client base and revenue significantly. Approximately 800,000 users who paid for services between August 2017 and December 2020 are eligible for refunds, with a June 10, 2024, deadline to select a payment method.

 

We’ve got some on the ground updates from the RSA Conference. Rob Boyce from Accenture joins us to share his insights into the happenings in and around the Moscone Center. 

On our Learning Layer segment, we continue Joe’s journey to prepare for his CISSP exam. This time, Sam and Joe dive into CISSP Domain 4, Communication and Network Security, and talk about networking, the OSI model, and firewalls. 

We’ll be right back

Welcome back

AI steals the Met Gala spotlight. 

And finally, our fashion and philanthropy desk tells us that at this year’s 2024 Met Gala, generative AI stole the spotlight without even setting foot on the red carpet. Although they did not attend the lavish event, online images of Katy Perry and Rihanna were virtually dressed up by AI, in gowns so convincing that even Katy Perry's mom was duped. Perry, known for her outlandish outfits, was "seen" in a cream-colored floral gown adorned with moss, perfectly in tune with the Gala's "Garden of Time" theme. The image was blurry enough to make even the paparazzi in the background look legit. Despite being flagged as fake, the AI-generated Perry caused quite a stir, especially at the Perry household.

Katy took to Instagram to share the AI fashion faux pas, alongside a screenshot of a text from her mom who was dazzled by the Rose Parade-worthy dress, exclaiming, "Didn’t know you went to the Met." Katy’s response? "lol mom the AI got you too, BEWARE!" This incident proves that while AI might not yet be invited to the Met Gala, it's certainly crashing the party, much to the amusement (and confusion) of celebrity moms everywhere.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.