Podcasts
CyberWire Daily
Ep 2113
The CyberWire Daily Podcast 7.23.24
Ep 2113 | 7.23.24

Don't mess with the NCA.

Show Notes
Transcript

UK law enforcement relieves DigitalStress. Congress summons Crowdstrike’s CEO to testify. FrostyGoop malware turned off the heat in Ukraine. EvilVideo is a zero-day exploit for Telegram. Daggerfly targets Hong Kong pro-democracy activists. Google has abandoned its plan to eliminate third-party cookies. The FCC settles with Tracfone Wireless over privacy and cybersecurity lapses. Wiz says no to Google and heads toward an IPO. N2K’s Brandon Karpf speaks with guest Justin Fanelli, Acting CTO of the US Navy, about streamlining the fleet’s innovation process. Target’s in-store AI misses the mark.

Today is Tuesday July 23rd 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

UK law enforcement relieves DigitalStress. 

UK law enforcement agencies have taken down DigitallStress, a prominent underground marketplace for distributed denial of service (DDoS) services. The National Crime Agency (NCA) and the Police Service of Northern Ireland (PSNI) disabled the site on July 2 and replaced its domain with a warning page. This takedown followed the arrest of a suspected site controller, Skiop, in early July, in a joint operation with the FBI. DigitallStress allowed users to order DDoS attacks easily, contributing to tens of thousands of attacks weekly. The NCA infiltrated the site’s communication channels, leading to its shutdown. Deputy Director Paul Foster emphasized that the operation demonstrates that online criminals have no guarantee of anonymity. The NCA will now analyze collected user data and share information about international users with global law enforcement agencies.

Congress summons Crowdstrike’s CEO to testify. 

A Congressional committee has summoned CrowdStrike’s CEO to testify about last week’s tech outage caused by a faulty security update, which disrupted global operations. The update affected millions of Microsoft Windows devices, impacting airlines, hospitals, and logistics companies. Representatives Mark Green and Andrew Garbarino emphasized the need for transparency on the incident and mitigation steps.

The letter to CEO George Kurtz requested a response to schedule the hearing. CrowdStrike confirmed ongoing communication with congressional committees. While Kurtz emphasized that it was not a cyberattack, lawmakers stressed the importance of learning from this event to protect critical infrastructure from future threats.

FrostyGoop malware turned off the heat in Ukraine. 

Russia has used both digital and physical attacks against Ukraine, particularly targeting heating infrastructure during winter. In January, Russia-based hackers used a new malware, FrostyGoop, to disrupt a heating utility in Lviv, Ukraine, leaving 600 buildings without heat for 48 hours during freezing temperatures. Dragos, a cybersecurity firm, discovered this malware, which manipulates temperature readings to trick control systems. The attack highlights a new tactic of directly sabotaging utilities. FrostyGoop sends commands via the insecure Modbus protocol to industrial control systems. Although Dragos hasn’t linked this to a specific hacker group, the incident is part of Russia’s broader strategy to destabilize Ukraine. The attack underscores the vulnerability of industrial control systems and the psychological impact of such cyber warfare on civilian resilience.

EvilVideo is a zero-day exploit for Telegram. 

Researchers found a zero-day exploit for the Telegram app on Android, dubbed EvilVideo by ESET, which allowed attackers to send malicious payloads disguised as legitimate files. Telegram fixed this bug in versions 10.14.5 and above after ESET reported it. The exploit was potentially usable for about five weeks before the patch, though it’s unclear if it was used in the wild.

Discovered on an underground forum in early June, the exploit was sold by a user named “Ancryno,” who demonstrated it with screenshots and a video. The vulnerability exploited Telegram’s automatic media download setting, making malicious payloads appear as multimedia files. Even with auto-download disabled, users could still be tricked into downloading the malicious app disguised as an external video player.

The patched Telegram version now correctly identifies such malicious files as applications. It remains unknown which hacker groups showed interest or how effective the exploit was. The forum account also advertised undetectable Android cryptomining malware.

Daggerfly targets Hong Kong pro-democracy activists. 

Security researchers at Symantec have linked a series of 2021 backdoor attacks on Hong Kong pro-democracy activists to the Chinese cyberespionage group Daggerfly. This group, also known as Evasive Panda and Bronze Highland, has re-tooled its arsenal, including the Macma backdoor targeting iPhone and macOS devices. Macma was distributed via watering hole attacks on a Hong Kong media outlet and a pro-democracy group.

Despite police crackdowns, smaller-scale protests continued in 2021. Daggerfly’s new Macma iterations feature enhanced screen capture and file system listing capabilities. Symantec connected Macma to Daggerfly by identifying overlaps with the MgBot malware framework.

Daggerfly also attacked a telecommunications organization in Africa in 2023 and is deploying a new Windows backdoor.

Google has abandoned its plan to eliminate third-party cookies. 

Google has abandoned its plan to eliminate third-party cookies in Chrome and will instead offer users more control over these cookies. Third-party cookies, which track users across different sites, are seen as privacy risks. GDPR requires user consent for these cookies. Mozilla Firefox and Apple Safari have already blocked them by default, with Google initially planning to follow suit.

Google aimed to replace third-party cookies with Privacy Sandbox, a more anonymous tracking method. However, adoption has been slow, and many platforms remain in beta testing. Due to the significant impact on advertisers and publishers, Google will now introduce a Chrome feature allowing users to limit third-party cookies instead of phasing them out entirely.

Anthony Chavez, VP of Privacy Sandbox, announced that this new approach will let users make informed choices about third-party cookies. Privacy advocates, like the EFF, criticize Google for prioritizing profits over privacy. The EFF suggests using tools like Privacy Badger and uBlock Origin to block trackers.

The FCC settles with Tracfone Wireless over privacy and cybersecurity lapses. 

The Federal Communications Commission (FCC) has reached a $16 million settlement with Tracfone Wireless over privacy and cybersecurity lapses. This marks the first FCC settlement requiring specific conditions to secure application programming interfaces (APIs). The settlement stems from three data breaches exploiting API vulnerabilities between January 2021 and January 2023, exposing sensitive customer data. Tracfone is owned by Verizon. 

Loyaan A. Egal, chief of the FCC Enforcement Bureau, emphasized the importance of API security for carriers. Verizon-owned Tracfone did not comment on the settlement, which also mandates securing API vulnerabilities per industry standards, undergoing external security assessments, and personnel training on privacy and security.

The breaches involved unauthorized access to “customer proprietary network information” (CPNI), including call details. This settlement follows a $200 million fine against major carriers for illegal data sharing in April. The FCC stresses the need for carriers to protect customer information as per Section 222 of the Communications Act.

Wiz says no to Google and heads toward an IPO. 

Cybersecurity startup Wiz rejected a $23 billion takeover bid from Google’s parent company, Alphabet, opting instead for an initial public offering (IPO). Co-founder Assaf Rappaport stated in an internal memo that Wiz will focus on reaching $1 billion in annual recurring revenue and proceeding with the IPO. The proposed acquisition would have doubled Wiz’s $12 billion valuation from May after raising $1 billion in funding.

Wiz provides cloud-based security solutions for enterprises, making it a valuable asset for Google in competing with Microsoft and Amazon. Antitrust concerns and investor apprehensions contributed to Wiz’s decision to abandon the deal. The Justice Department has ongoing antitrust lawsuits against Google, which has previously acquired cybersecurity firms Siemplify and Mandiant for $500 million and $5.4 billion, respectively.

 

 

Coming up, we’ve got N2K’s Brandon Karpf speaking with Acting CTO of the US Navy Justin Fanell about the US Navy streamlining the innovation process.  We’ll be right back

Welcome back. You can get more info on the Navy’s innovation process in our show notes. 

Target’s in-store AI misses the mark. 

And finally, our retail desk alerts us to a story by Cyrus Farivar for Forbes. Employees at the retail giant Target are not thrilled with the company’s new AI chatbot, “Help AI,” designed to assist with store processes and to support new team members. Instead of being a helpful tool, employees find it frustrating and unhelpful. “We call it the ‘shitbot’ because it gives shit answers,” one employee told Forbes, reflecting widespread dissatisfaction.

Target introduced Help AI as part of its growth strategy to combat stagnant sales, with plans to roll it out to nearly 2,000 stores. Despite Target’s CIO Brett Craig touting its transformative potential, employees argue the chatbot is a waste of resources and provides incomplete, often ridiculous advice, such as suggesting confronting an active shooter with a baseball bat.

While Target insists it is committed to improving the tool based on feedback, employees feel the company should focus on more practical solutions, like improving checkout experiences and addressing workload issues. For now, as far as Target’s employees are concerned, Help AI is more hindrance than help.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

And that’s the CyberWire.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.