New cybersecurity bill aims to untangle federal regulations.

Draft legislation looks to streamline federal cybersecurity regulations. Clarity.fm exposed personal information of business leaders and celebrities. Researchers find european politicians’ personal info for sale on the dark web. The BBC’s pension scheme suffers a breach. OpenAI disrupts covert influence operations making use of their platform. Hackers brick over 600,000 routers. Cracked copies of Microsoft office deliver a malware mix. A senator calls for accountability in the Change Healthcare ransomware attack. On our Industry Voices segment, we hear from SpyCloud’s Chip Witt, on navigating the threat of digital identity exposure. Florida man becomes Moscow’s fake-news puppet.

Today is May 31st, 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Draft legislation looks to streamline federal cybersecurity regulations. 

Senator Gary Peters (D-MI) is proposing a bill to create an interagency committee to streamline federal cybersecurity regulations. The Office of the National Cyber Director (ONCD) would lead this effort, aiming to reduce compliance burdens for industries. This committee would identify and resolve conflicting cybersecurity requirements within a year and ensure regulatory updates are aligned.

The draft legislation mandates a pilot program for at least three regulatory agencies to work with the committee on harmonizing rules. The bill also grants ONCD more authority in setting and coordinating cybersecurity regulations, which has support from industry and some experts who see a need for centralized oversight.

The proposal follows recent cybersecurity regulations from the Cybersecurity and Infrastructure Security Agency (CISA) and the Securities and Exchange Commission (SEC), highlighting the need for regulatory harmonization.

Key challenges include managing jurisdictional conflicts among various congressional committees overseeing cybersecurity. However, Peters has a history of successfully passing cybersecurity legislation, and the bill has bipartisan appeal.

If passed, the legislation would bolster ONCD’s efforts to streamline cybersecurity rules, ensuring better coordination across federal agencies.

Clarity.fm exposed personal information of business leaders and celebrities to public access. 

A data leak at Clarity.fm exposed personal information of business leaders and celebrities to public access. The platform connects entrepreneurs with industry experts for on-demand consultations. Cybersecurity researcher Jeremiah Fowler found a non-password-protected database containing 155,531 records and 121,000 member accounts. The exposed data included full names, phone numbers, email addresses, consultation content, and payment records. This breach raises significant concerns about data security and the risks of targeted scams, phishing attacks, and blackmail. Fowler secured the database and notified Clarity.fm, but it remains unclear how long the data was exposed or if others accessed it. 

Researchers find european politicians’ personal info for sale on the dark web. 

An Intelligence study from security firm Proton in collaboration with Constella Intelligence found the email addresses of hundreds of British, French, and European Parliament politicians on dark web marketplaces. Out of nearly 2,300 official government email addresses searched, 918 were leaked. British MPs were the most impacted, with 68% of their addresses found on the dark web. EU Parliament members had a 44% exposure rate, while only 18% of French deputies and senators were affected. These addresses, used on various third-party services like Adobe, LinkedIn, and Dropbox, were hacked and included 697 plain-text passwords. This exposure risks not only the politicians but also the sensitive information they handle.

The BBC’s pension scheme suffers a breach. 

The BBC has confirmed a breach of its pension scheme, exposing personal data of over 25,000 current and former employees. Attackers copied files from a cloud storage device, revealing names, National Insurance numbers, dates of birth, and home addresses. The BBC assured that no phone numbers, email addresses, bank details, or passwords were compromised, and the pension scheme's website was not affected. No evidence of ransomware was found. The BBC is working with specialist teams to secure the source and monitor the situation. Impacted employees are advised to watch for unsolicited communications and monitor their bank accounts for unusual activity, as exposed data could lead to fraud or phishing attacks.

OpenAI disrupts covert influence operations making use of their platform. 

A report from OpenAI revealed that its generative AI tools were used by actors from China, Russia, Iran, and Israel to create and post propaganda on social media. Over the past three months, OpenAI disrupted five covert influence operations aiming to manipulate public opinion on various geopolitical and socio-economic issues. These campaigns produced fake comments, articles, and translated texts, but did not significantly increase audience engagement. Targets included issues like Russia’s invasion of Ukraine, Gaza conflicts, and US and European politics. OpenAI has enhanced its detection and analysis measures to prevent misuse of its tools and is sharing its findings to promote best practices among stakeholders.

Hackers brick over 600,000 routers. 

Last October, subscribers of the ISP Windstream, which serves residential customers in 18 states, reported that their ActionTec T3200 routers suddenly stopped working, showing a steady red light and not responding to resets. Users blamed Windstream for pushing updates that bricked the devices. The ISP sent new routers to affected customers. Black Lotus Labs later revealed that malware took out over 600,000 routers, including those from Windstream, using Chalubo malware to permanently overwrite firmware. This attack, named Pumpkin Eclipse, was deliberate and targeted a single ISP's autonomous system number. The incident raised concerns about the impact on rural communities and critical services. Researchers found no evidence of nation-state involvement and advised standard cybersecurity measures to prevent future attacks.

Researchers noted that the attack was deliberate, with the threat actor using common malware instead of custom-developed tools to cover their tracks. Despite extensive analysis, the initial infection method remains unclear, though weak credentials or exposed administrative panels are possible entry points.

Cracked copies of Microsoft office deliver a malware mix. 

Cybercriminals are distributing a mix of malware through cracked Microsoft Office versions promoted on torrent sites. This malware includes remote access trojans (RATs), cryptocurrency miners, downloaders, proxy tools, and anti-AV programs. AhnLab Security Intelligence Center (ASEC) identified the campaign, warning about the risks of pirated software. The attackers use lures like Microsoft Office and other popular programs. The cracked Office installer looks legitimate but launches obfuscated .NET malware, contacting Telegram or Mastodon to fetch additional components from Google Drive or GitHub. Malware strains installed include Orcus RAT, XMRig miner, 3Proxy, PureCrypter, and AntiAV, with an 'Updater' module ensuring persistence. Users should avoid pirated software to prevent such infections.

A senator calls for accountability in the Change Healthcare ransomware attack. 

Sen. Ron Wyden (D-OR) criticized UnitedHealth Group (UHG) in a letter to regulators, calling for accountability from the company’s leaders following a ransomware attack on Change Healthcare. Wyden compared the incident to the SolarWinds breach, blaming UHG's senior executives and board for poor decisions, including appointing an unqualified chief information security officer, Steven Martin, in June 2023. Wyden argued that the CEO and board should be responsible for cybersecurity failures, including the lack of multi-factor authentication on a remote access server. The attack severely impacted patients and providers, with many left without medication and some providers forced to close or take loans. Wyden urged the FTC and SEC to investigate UHG’s cybersecurity lapses and hold senior officials accountable, citing similar enforcement actions against other companies. The FTC acknowledged receiving the letter but declined to comment; the SEC did not respond.

 

Coming up on our Industry Voices segment, we welcome from SpyCloud's SVP of Product Management Chip Witt to discuss navigating the threat of digital identity exposure. 

We’ll be right back

Welcome back. We thank SpyCloud for sponsoring our Industry Voices segment. You can get more detail on what Chip discussed by checking out SpyCloud’s Annual Identity Exposure Report 2024. The link is in our show notes. 

 

Florida man becomes Moscow’s fake-news puppet. 

And finally, the New York Times shares the strange case of John Mark Dougan, a former deputy sheriff in Palm Beach County, Florida. About twelve years ago Dougan allegedly began a run of deceptive endeavors by emailing voters, posing as a county commissioner to oppose the sheriff’s reelection. He later posed online as a Russian tech worker to leak confidential information and created a fictional New York City heir named Jessica to trick an adviser into revealing improper conduct.

These early exploits set the stage for Dougan's current role in Russia’s disinformation campaigns. Now 51, Dougan resides in Moscow under political asylum, orchestrating a complex network of over 160 fake news websites. Using commercially available AI tools, he fills these sites with tens of thousands of articles, interspersed with bespoke fabrications attributed to Russian intelligence.

Despite Dougan's denials, digital trails and confirmations from a friend suggest he is behind these sites. This marks a significant escalation from his troubled life in the U.S., which included accusations of excessive force and sexual harassment, leading to costly lawsuits and his eventual flight from 21 felony charges.

Dougan’s activities include impersonating an FBI agent in a call to Steven Brill of NewsGuard, a company tracking his fake news sites. This led to an FBI investigation tracing the call to Russia. Researchers and officials believe Dougan’s disinformation network, largely focused on Russian narratives about the Ukraine war, is poised to interfere in upcoming elections worldwide, targeting diverse audiences to destabilize democratic systems.

John Mark Dougan’s evolution from local trickster to a key player in Kremlin-backed disinformation illustrates the escalating threat of fake news and cyber deception. His actions underscore the importance of robust cybersecurity measures and vigilance against disinformation.

It would seem that Dougan went from chasing crooks in Palm Beach to chasing clicks in Moscow.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.