Cybersecurity leaders gear up for the ultimate test.

Black Hat kicks off with reassurances from global cyber allies. Researchers highlight vulnerabilities in car head units, AWS and 5G basebands. Alleged dark web forum leaders are charged in federal court. Tens of thousands of ICS devices are vulnerable to weak automation protocols. Kimsuky targets universities for espionage. Ransomware claims the life of a calf and its mother. A look at job risk in the face of AI. In our Threat Vector segment, host David Moulton speaks with Nir Zuk, Founder and CTO of Palo Alto Networks, about the future of cybersecurity. An alleged cybercrime rapper sees his Benjamins seized.

Today is Thursday August 8th 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Black Hat kicks off with reassurances from global cyber allies. Researchers highlight vulnerabilities in car head units, AWS and 5G basebands. 

The Black Hat conference is in full swing in Las Vegas, and during yesterday’s opening keynote US CISA Director Jen Easterly, UK NCSC CEO Felicity Oswald, and EU ENISA COO Hans de Vries emphasized that their respective nations’ election systems are more secure than ever. They attributed this resilience to a stronger election stakeholder community and rigorous preparations against cyber threats. Despite ongoing challenges from state actors like Russia and China, they reported successful defenses during recent elections. Easterly stressed that while the threat landscape remains complex, constant vigilance and collaboration among international cybersecurity agencies are crucial. The officials underscored the importance of data sharing, continuous testing, and maintaining clear paper trails to ensure election integrity. They called on citizens to resist foreign disinformation efforts aimed at undermining confidence in democracy.

Elsewhere at Black Hat, Cisco Talos researchers revealed that Android-based infotainment systems in vehicles from brands like Ford, GM, and Honda can be exploited to steal user data. Dan Mazzella demonstrated how an attacker could extract sensitive information, including GPS coordinates, from the head unit of his own car. These systems, running on Android Automotive OS, can be infected via social engineering, such as malicious USB sticks or a technique known as Bluesnarfing. Rental cars are particularly vulnerable, as attackers could backdoor head units to target subsequent users. To mitigate risks, users should avoid plugging untrusted devices into car systems.

AWS recently patched critical vulnerabilities that could have allowed account takeovers, revealed by Aqua Security at Black Hat. These flaws, affecting services like CloudFormation, Glue, EMR, SageMaker, ServiceCatalog, and CodeStar, could have led to arbitrary code execution and control over AWS accounts. Aqua Security’s researchers detailed how attackers could predict S3 bucket names and exploit them using a method called ‘Bucket Monopoly.’ AWS confirmed the issue is fixed and no customer action is needed. Aqua Security also released an open-source tool to check past vulnerabilities.

Rounding out our review of news from Black Hat, researchers from Pennsylvania State University have uncovered security flaws in 5G basebands used in phones by Google, OPPO, OnePlus, Motorola, and Samsung. Basebands are essentially the hardware processors used by cell phones to connect to mobile networks. These vulnerabilities, found in basebands by Samsung, MediaTek, and Qualcomm, could allow hackers to stealthily spy on victims. Using their custom tool, 5GBaseChecker, the researchers tricked phones into connecting to fake cell towers to exploit these flaws. Most vendors have since patched the vulnerabilities.

Alleged dark web forum leaders are charged in federal court. 

Pavel Kublitskii and Alexandr Khodyrev are the alleged leaders of the WWH Club—a darknet forum described as a cross between eBay and Reddit for criminals. In a federal court case, they were charged with conspiracy to traffic and possess unauthorized devices. The online forum facilitated the sale of stolen bank account numbers, hired hackers, and organized denial of service attacks for over 170,000 users.

The FBI uncovered the identities of WWH’s administrators by obtaining a search warrant for Digital Ocean, a US-based cloud company. This allowed agents to gain administrative access to the site, revealing tens of thousands of emails, passwords, and user activities. The site’s admin interface was in Russian, requiring translation for investigation.

Kublitskii, a Russian, and Khodyrev, from Kazakhstan, sought asylum in the US two years ago but now face federal charges. The site’s admins enforced rules barring crimes in Commonwealth of Independent States member countries, including Russia and Kazakhstan.

Kublitskii had bought a luxury condo in Florida, while Khodyrev purchased a 2023 Corvette with $110,000 in cash. Both men appeared unemployed. The Justice Department and Kublitskii’s lawyer declined to comment. The criminal complaint, initially sealed, was first reported by Court Watch.

Tens of thousands of ICS devices are vulnerable to weak automation protocols. 

Half of the 40,000 internet-connected industrial control systems (ICS) in the U.S. are vulnerable due to weak automation protocols. A report from security firm Censys revealed that over 80% of exposed human-machine interfaces (HMIs) are in wireless networks like Verizon and AT&T. Many HMIs, particularly those in Water and Wastewater Systems, can be accessed without authentication. The study also highlights risks from web admin interfaces with default credentials. Recent minor attacks by state-linked actors underscore the need for robust security measures, including VPNs, firewalls, and better training for device administrators to prevent unauthorized access and ensure system protection.

Kimsuky targets universities for espionage. 

Cybersecurity analysts have exposed critical details about the North Korean APT group Kimsuky, which targets universities for espionage. Active since 2012, Kimsuky primarily attacks South Korean entities but also extends to the US, UK, and Europe. They use sophisticated phishing tactics, posing as academics or journalists to steal sensitive information. Recent findings by Resilience revealed operational mistakes by Kimsuky, uncovering source code and login credentials. The group focuses on stealing valuable research and intelligence, aligning with North Korea’s Reconnaissance General Bureau objectives. Enhanced multifactor authentication and careful URL verification are recommended defenses.

Ransomware claims the life of a calf and its mother. 

A ransomware attack on a Swiss farmer’s computer systems had devastating consequences, disabling milking robots and preventing access to crucial cattle data. This led to the tragic deaths of a calf and its mother, after the farmer couldn’t monitor pregnant animals effectively. Despite a $10,000 ransom demand, the farmer chose not to pay. Although the milking robots operated without a network, the farmer incurred over $7,000 in veterinary and computer replacement costs. The cybercriminals ultimately gained nothing, but the emotional and financial toll on the farmer was significant.

A look at job risk in the face of AI. 

In an article at Lawfare, Kevin Frazier examines the ongoing debate over the future of AI regulation.  Three main camps have emerged: those prioritizing existential risks (x-risk), those focused on privacy concerns, and a third group emphasizing climate impacts. With U.S. politicians and agency officials hesitant to take a definitive stance, the National Institute of Standards and Technology (NIST) recently issued a profile addressing the risks associated with the research, development, deployment, and use of generative AI. This profile attempts to balance the concerns of all sides, covering 12 different risks, including chemical and biological threats, data privacy, and harmful bias. Notably absent, however, was job risk (j-risk).

AI-driven job displacement, or j-risk, is an immediate concern. Americans have already been displaced by AI, particularly in industries like video gaming. 

Kevin Frazier’s article underscores that AI will inevitably replace American workers; the uncertainty lies in the timing, method, and extent of this displacement. Policymakers must take proactive steps to mitigate the worst impacts of j-risk by implementing anticipatory governance strategies. These strategies include gathering more data on AI’s effects on labor and creating responsive economic security programs. By focusing on j-risks, lawmakers can reduce uncertainty and long-term harm.

Frazier highlights the importance of learning from past economic disruptions, such as those caused by globalization. The unchecked optimism about globalization’s benefits led to widespread job losses and economic instability in many American communities. Similarly, AI is poised to introduce significant economic turbulence, necessitating a proactive policy response.

Frazier’s article emphasizes that prioritizing j-risks does not mean neglecting other AI governance approaches. Efforts to address labor displacement can also aid in mitigating other AI risks. For instance, creating emergency relief programs could be beneficial in various AI-related crises.

In summary, Kevin Frazier argues that addressing j-risks is crucial for managing AI-induced economic instability. Policymakers must take proactive steps to support displaced workers and ensure a resilient labor market. By focusing on the immediate and tangible impacts of AI, lawmakers can develop comprehensive strategies to protect workers’ livelihoods and promote economic stability in the face of rapid technological advancement.

 

We’ve got Palo Alto Networks Founder and CTO Nir Zuk on the Threat Vector segment with David Moulton. They discuss the pressing challenges organizations face today and the pivotal shift from traditional defense strategies to a mindset that assumes breaches. 

We’ll be right back

Welcome back. You can find links to David and Nir’s full conversation in our show notes. Listen for new episodes each Thursday here on the N2K CyberWire network. 

An alleged cybercrime rapper sees his Benjamins seized. 

And finally, in January, KrebsOnSecurity spotlighted rapper Punchmade Dev, who glorifies cybercrime in his music and promotes stores selling stolen financial data. This 22-year-old Kentucky native, also known as Devon Turner, is now suing his bank after they froze his account amid a $75,000 wire transfer and an active law enforcement investigation.

With hits like “Internet Swiping” and “Million Dollar Criminal,” Punchmade Dev gained fame and sold tutorials on financial fraud. According to Krebs, his social media handles were linked to stores offering illicit goods, leading to his bank troubles.

Turner filed a lawsuit against PNC Bank, claiming discrimination and alleging the bank made disparaging comments about his financial status. The bank told Turner his account was flagged for law enforcement scrutiny. Despite promises to release his funds, PNC allegedly seized $500,000 from his account.

Ironically, Punchmade Dev, who teaches about maintaining “opsec” or operational security in cybercrime, couldn’t anonymize his own online activities. His lawsuit includes contact information tying him directly to his fraudulent operations. With a significant social media following, Punchmade Dev’s story highlights the bizarre intersection of internet fame and criminal activity.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.