FBI and DOJ thwart North Korean cyber scheme.

A North Korean hacker is indicted for major cyberattacks. CrowdStrike’s in recovery mode. Phishing thrives in the wake of BSOD chaos. Wiz spells out no to Alphabet's $23bn offer. France goes full clean-up. Israel's secret shield in spyware saga. KOSA and COPPA 2.0 promise safer surfing for kids. N2K’s CSO Rick Howard speaks with Steve Schmidt, CSO of Amazon, about the culture of security and what it means to the CSO role. And last but not least, hacking can happen to anyone.

Today is July 26th, 2024. I’m Maria Varmazis sitting in for the celebrating or napping Dave Bittner. Dave is celebrating his special day a bit early. This is your CyberWire Intel Briefing.

North Korean hacker indicted for major cyberattacks.

The U.S. has indicted Rim Jong Hyok, a North Korean military intelligence operative, for a series of cyberattacks targeting American healthcare providers, NASA, military bases, and other entities. The indictment alleges Rim and the Andariel Unit within North Korea’s intelligence agency accessed sensitive information and installed ransomware, causing significant disruption and financial loss. They allegedly laundered the ransom money through a Chinese bank to fund further cyber operations. Rim is charged with conspiracy to commit computer hacking and money laundering. The FBI and Justice Department managed to recover over $600,000 in cryptocurrency from the attacks. 

CrowdStrike is in recovery mode.

We’ve got some updates for you on several stories we’ve been tracking lately. 

CrowdStrike reported that over 97% of its Windows sensors have been restored following a global IT outage caused by a software update on July 19. This outage affected critical sectors, including airlines and financial services. CEO George Kurtz praised the collaborative recovery efforts and committed to preventing future incidents.

Phishing thrives in the wake of BSOD chaos.

In their Threat Signal Report, FortiGuard Labs shares analysis and insights into the latest cybersecurity threats and vulnerabilities. The latest report details campaigns used by threat actors to spread malware, using phishing and scams to take advantage of the recent widespread global IT outage affecting Microsoft Windows hosts. This outage is due to an issue with a recent CrowdStrike update that can cause a bug check or Blue Screen of Death (BSOD) on the affected Windows machines which may get stuck in a restarting state.

Wiz spells out no to Alphabet's $23bn offer.

The BBC reports that Israeli cybersecurity firm Wiz has rejected a $23bn takeover offer from Google parent company Alphabet, in what would have been its largest-ever acquisition. Reportedly in an internal memo seen by the BBC, Wiz founder and chief executive Assaf Rappaport said he was "flattered" by the offer. A source close to the deal told the BBC the offer was "very tempting", but Wiz believed it was big enough to go it alone.

ECB challenges banks to bounce back from cyber hits.

In other international news, 

The European Central Bank (ECB) has announced a cyber resilience stress test for 109 banks under its direct supervision in 2024. The exercise assessed how these banks would respond to and recover from a cyberattack, rather than just their ability to prevent it. The test scenarios simulated successful cyberattacks disrupting daily operations, forcing banks to activate emergency procedures and restore normal functions. The ECB's first ever cyber risk stress test was launched in response to a surge in attacks, some with possible geopolitical motives. The ECB will use the insights gained to improve the banks' cyber resilience frameworks and overall risk management practices.

France goes full clean-up.

French authorities have launched a major operation to remove malware from the country's computer systems ahead of the Olympics. This "disinfection operation" focuses on combating the PlugX malware, which has infected thousands of devices, primarily for espionage. The campaign, coordinated with other affected countries, aims to enhance cybersecurity in light of increased threats. 

Israel's secret shield in spyware saga.

Israel has intervened in the ongoing lawsuit between WhatsApp and NSO Group to prevent the disclosure of state secrets. WhatsApp alleges that NSO Group's Pegasus spyware targeted 1,400 users, including activists and journalists. NSO claims it acted on behalf of foreign governments, seeking immunity, but this defense has been rejected by U.S. courts. The U.S. Supreme Court recently allowed WhatsApp's lawsuit to proceed, marking a significant step towards accountability. Despite this, Israel's involvement aims to protect sensitive national security information from being exposed during the legal proceedings.

KOSA and COPPA 2.0 promise safer surfing for kids.

The Kids Online Safety Act (KOSA) and COPPA 2.0 are likely to pass the U.S. Senate, aiming to bolster children's online privacy and safety. KOSA requires platforms to implement features preventing harms like bullying and mandates the most protective settings by default for minors. COPPA 2.0 expands protections to those under 17, bans targeted advertising to children, and establishes a digital marketing bill of rights. The original COPPA Rule became effective in 2000.

 

Coming up for today’s guest conversation, N2K’s CSO Rick Howard speaks with Steve Schmidt, CSO of Amazon, about the culture of security and what it means to the CSO role. We’ll be right back

Welcome back, You can find links to the on demand content from AWS re:Inforce 2024 including Steve’s talk in our show notes. 

Hacking can happen to anyone.

Ladies and gentlemen, gather 'round for a tale that’s both cautionary and cunning. KnowBe4, a US-based security vendor, known for its robust security awareness training, recently found itself in the crosshairs of a North Korean hacker. 

So, picture this: KnowBe4, on the lookout for a software engineer for its AI team, hires someone who seemed to check all the boxes. Background checks? Passed. References? Verified. Photo ID? Flawless (albeit AI-enhanced). Despite thorough background checks and interviews, the hacker slipped through using sophisticated identity theft and AI enhancements. This candidate, unfortunately, was not just a tech enthusiast but a North Korean hacker using a stolen US identity. The plot thickens as KnowBe4’s new hire receives their shiny new Mac workstation and immediately tries to load malware onto the company’s network.

KnowBe4’s vigilant Security Operations Center (SOC) quickly caught onto this cyber shenanigan, neutralizing the threat before any damage could be done. No data was lost, no systems were compromised—just a near miss in the grand game of cyber cat-and-mouse.

CEO Stu Sjouwerman, ever the sage, shared this incident in a blog post, not as a breach notification (because there was no breach) but as a learning moment. His message was clear: "If it can happen to us, it can happen to almost anyone. Don't let it happen to you."

So, what’s the lesson here? Stay sharp, invest in continuous security training, and ensure your SOC is always one step ahead. Because in the world of cybersecurity, it’s not just about if you’ll face an attack, but when. Let’s keep those digital defenses strong, folks!

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

Be sure to tune into Research Saturday tomorrow, where Dave sits down with Dick O'Brien from the Symantec Threat Hunter team. They are discussing their work on their new findings, "Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day." Also they’re going to provide some background/history on Black Basta.That’s Research Saturday, check it out.

And that’s the CyberWire. Here’s wishing Dave Bittner a happy birthday this weekend from the team here at N2K! 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Maria Varmazis, sitting in for the one and only Dave Bittner. Thanks for listening.