Podcasts
CyberWire Daily
Ep 2066
The CyberWire Daily Podcast 5.13.24
Ep 2066 | 5.13.24

A battle for digital sovereignty.

Show Notes
Transcript

IntelBroker claims to have breached a Europol online platform. The U.S. and China are set to discuss AI security. U.S. agencies warn against BlackBasta ransomware operators. A claimed Russian group attacks British local newspapers. Cinterion cellular modems are vulnerable to malicious SMS attacks. A UK IT contractor allegedly failed to report a major data breach for months. Generative AI is a double edged sword for CISOs. Reality Defender wins the RSA Conference's Innovation Sandbox competition. Our guest is Chris Betz, CISO of AWS, discussing how to build a strong culture of security. Solar storms delay the planting of corn.

Today is Monday May 13th 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

IntelBroker claims to have breached a Europol online platform. 

Europol is investigating a security breach of its Europol Platform for Experts (EPE). The breach was disclosed after a threat actor known as IntelBroker claimed to have stolen documents labeled For Official Use Only (FOUO) containing classified data. According to Europol, the breach affected a closed user group on the EPE, an online platform used by law enforcement to share knowledge and non-personal data about crime. Europol has assured that no core systems or operational data were compromised, and the EPE application does not process operational information.

IntelBroker, active since December and involved in various government data leaks, claims the stolen data includes sensitive information on thousands of alliance employees and cybercrime experts, and has breached other significant data platforms like EC3 SPACE and SIRIUS within Europol's networks. This actor is now offering the stolen data for sale on dark web forums.

The U.S. and China are set to discuss AI security. 

The United States and China are set to commence high-level discussions focused on the security and risks of advanced AI systems. Biden administration officials say these discussions will not aim at promoting technical cooperation but rather at addressing concerns related to AI's impact on national security and anti-democratic uses, particularly by China. Recent incidents, including AI-facilitated cyberattacks linked to China, highlight these issues. The dialogues, part of broader efforts to manage tensions and maintain open channels despite strained relations, will involve senior officials from both countries discussing the implications of AI in various sectors and governance. These talks follow direct discussions between Presidents Biden and Xi, who emphasized the need for ongoing dialogue despite not participating directly in the upcoming meetings.

U.S. agencies warn against BlackBasta ransomware operators. 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, HHS, and MS-ISAC, issued a Cybersecurity Advisory against the Black Basta hacker group. This ransomware-as-a-service has affected over 500 entities across critical infrastructure in North America, Europe, and Australia since April 2022. The advisory outlines tactics, techniques, procedures, and indicators of compromise used by Black Basta, such as phishing, exploiting vulnerabilities, and a double-extortion tactic involving data encryption and exfiltration. The advisory stresses the implementation of mitigations like updating systems, using multi-factor authentication, and training against phishing to reduce ransomware risks. Black Basta’s operations involve sophisticated tools for network scanning, lateral movement, privilege escalation, and data exfiltration, emphasizing the urgent need for comprehensive cybersecurity measures across critical infrastructure sectors.

A claimed Russian group attacks British local newspapers. 

A group claiming to be "first-class Russian hackers" defaced websites of British local and regional newspapers owned by Newsquest Media Group by posting a fake news story titled “PERVOKLASSNIY RUSSIAN HACKERS ATTACK.” The incident, affecting potentially hundreds of sites, suggested a breach in a central or shared content management system, though there's no proof the attackers were actually Russian. This breach highlights vulnerabilities in the cybersecurity of UK local media, particularly with an upcoming election. The style of the attack is reminiscent of tactics used by Eastern European groups like Ghostwriter, known for inflaming tensions through false stories and hacking, but no specific group has been confirmed responsible for this incident.

Cinterion cellular modems are vulnerable to malicious SMS attacks. 

Cinterion cellular modems, used extensively across various sectors like industrial, healthcare, and more, are vulnerable to attacks via malicious SMS messages. The U.S. National Vulnerability Database reports a severe flaw (rated 9.8/10) that allows remote, unauthenticated attackers to execute arbitrary code and potentially take full control of the modem. This vulnerability was part of a broader set identified by Kaspersky, including seven zero-day exploits found in February 2023. These vulnerabilities also affect the modem’s handling of Java-based applications (MIDlets), enabling unauthorized code execution and compromising network security. Kaspersky recommends disabling SMS capabilities and enforcing stringent digital signature verification for MIDlets as mitigation steps. Telit Cinterion, the manufacturer, has yet to comment on patching efforts or specific mitigation advice.

A UK IT contractor allegedly failed to report a major data breach for months. 

The Guardian reports in an exclusive that Shared Services Connected Ltd (SSCL), an IT contractor for the UK government, failed to report a significant breach for months after being hacked, potentially by a Chinese group. This breach compromised the payroll data of approximately 270,000 Ministry of Defence staff. Despite awareness of the breach in February, the incident was only recently disclosed to the MoD. The UK Defence Secretary, Grant Shapps, has criticized SSCL for its slow response and has initiated a full review of SSCL's government contracts, which include other undisclosed sensitive cybersecurity roles. This situation has raised concerns over a broader compromise of government systems. SSCL, now wholly owned by the French company Sopra Steria, was previously partly owned by the UK government until last October. The Chinese embassy has denied involvement in the hack.

Generative AI is a double edged sword for CISOs. 

Help Net Security looks at how the rise of Generative AI (GenAI) impacts the role of Chief Information Security Officers (CISOs), finding that it is increasing both opportunities and challenges in cybersecurity. Harold Rivas of Trellix emphasizes the critical importance of CISOs in navigating AI integration while ensuring cyber defense. The widespread accessibility of GenAI has made it a dual-edged sword, easily utilized by both cybersecurity professionals and malicious actors.

Key statistics from a survey show:

76% of CISOs have already implemented GenAI in their operations.

100% believe GenAI enhances cybersecurity processes.

90% of CISOs feel under increased pressure due to AI developments.

45% are establishing AI committees to oversee AI use and implement governance.

A concerning 99% have faced cyberattacks recently, with 82% noting an increase.

The growing reliance on AI has not only heightened the cybersecurity risks but also placed CISOs under greater scrutiny and liability. With 92% contemplating their future roles, there's a unanimous call for better regulation to manage AI's risks effectively. 

Reality Defender wins the RSA Conference's Innovation Sandbox competition.

For the second consecutive year, an AI-based security startup won the Most Innovative Startup award at the RSA Conference's Innovation Sandbox competition. This year, Reality Defender clinched the prize with its tool designed to identify deepfakes and artificial content, addressing a significant issue highlighted by the judges, especially relevant in an election year. Reality Defender's platform uses AI to detect fraudulent audio, video, images, and text in real-time, aiming to become the primary detection layer for all AI-generated fraud. This win reflects the increasing importance of tackling AI-driven security challenges in cybersecurity.

Up next we’ve got AWS’ CISO Chris Betz discussing how to build a strong culture of security. 

We’ll be right back

Welcome back. We have a link to Chris’s blog on the topic in our show notes. 

 

Solar storms delay the planting of corn. 

And finally, last Friday we noted that coming solar storms had the potential to disrupt electronics here on planet Earth, including the electrical grid and GPS satellite signals. 

Over the weekend, intense solar storms, the strongest since 2003, did indeed disrupt GPS systems crucial for self-driving tractors, causing some farmers in the Midwest to halt planting corn. This timing is critical as planting after May 15th can significantly reduce crop yields, according to the University of Nebraska-Lincoln. Farmer Tom Schwarz noted that the precision required for his organic farming is so high that only GPS can achieve the necessary accuracy. Additionally, farmers were warned that future tending to their crops based on GPS data gathered this past weekend would likely be inaccurate. The solar storms reached a G5 severity, indicating potential major impacts on power grids and communications, although significant disruptions were avoided.

We had clouds here in the Baltimore area, so no northern light show for us, but some of our colleagues from the Boston area shared pictures that were spectacular. 

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.