The CyberWire Daily Podcast 8.30.24
Ep 2141 | 8.30.24

High stakes for high tech: California's AI safety regulations take center stage.

Transcript

AI regulations move forward in California. DDoS attacks are on the rise. CISA releases a joint Cybersecurity Advisory on the RansomHub ransomware. A persistent malware campaign has been targeting Roblox developers. Two European men are indicted for orchestrating a widespread “swatting” campaign. Critical vulnerabilities in an enterprise network monitoring solution could lead to system compromise. An Ohio judge issues a restraining order against a cybersecurity expert following a ransomware attack. Our guest is Dr. Zulfikar Ramzan, Chief Scientist at Aura, sharing his take on AI's growing role with online criminals. Admiral Hopper's lost lecture is lost no more. 

Today is Friday August 30th 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

AI regulations move forward in California. 

California’s efforts to establish groundbreaking safety regulations for large-scale AI systems advanced this week, with a proposal passing a key vote in the Assembly. The bill, authored by Senator Scott Wiener, aims to mitigate risks associated with AI, such as the potential for catastrophic misuse, by requiring companies to test their models and disclose safety protocols. Despite fierce opposition from major tech firms like OpenAI, Google, and Meta, as well as some lawmakers, the measure narrowly passed and now awaits a final Senate vote before reaching Governor Gavin Newsom. The bill, which targets AI systems requiring over $100 million in data for training, represents a “light touch” approach, according to Wiener. Supporters argue it’s a necessary step to prevent AI-related disasters, while critics contend it is based on unrealistic fears and could stifle innovation. The outcome of this legislation could set a precedent for AI regulation in the U.S.

DDoD attacks are on the rise. 

A report by Radware highlights a significant rise in distributed denial of service (DDoS) attacks, with some lasting up to 100 hours over six days. Notably, a recent Web DDoS attack campaign involved 10 waves, each lasting 4 to 20 hours, peaking at 14.7 million requests per second (RPS). The first quarter of 2024 saw a 137% increase in DDoS attacks, with new methods like HTTP/2 Rapid Reset contributing to this surge. Attackers are increasingly using cloud infrastructure, such as Telegram, to launch attacks, avoiding reliance on compromised IoT devices. Most attacks targeted organizations in Europe, the Middle East, and Africa due to regional conflicts and events like the Paris 2024 Olympics. Additionally, malicious DNS queries and web application attacks have surged, while bad bot transactions rose by 61% year-over-year. 

CISA  releases a joint Cybersecurity Advisory on the RansomHub ransomware. 

CISA, in collaboration with the FBI, MS-ISAC, and HHS, has released a joint Cybersecurity Advisory on the RansomHub ransomware, formerly known as Cyclops and Knight. The advisory provides indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods related to RansomHub, identified through recent FBI investigations. RansomHub, a ransomware-as-a-service variant, has attracted affiliates from other major ransomware groups like LockBit and ALPHV. CISA urges network defenders to review the advisory and implement the recommended mitigations.

Additionally, CISA has launched the “CISA Services Portal,” a streamlined platform for reporting cyber incidents as it prepares for new mandatory reporting requirements under the upcoming Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). The portal offers enhanced features, including the ability to save, update, and share reports, and integrates with Login.gov credentials. While incident reporting is currently voluntary, CIRCIA will soon require organizations in critical infrastructure sectors to report major cyber incidents within 72 hours. CISA is upgrading its technology and expanding its workforce to handle the expected increase in incident reports, aiming to make the process as efficient and non-burdensome as possible for affected organizations.

A persistent malware campaign has been targeting Roblox developers. 

A persistent malware campaign has been targeting Roblox developers through malicious NPM packages, according to a report from Checkmarx. Since August 2023, attackers have been publishing packages that mimic the popular “noblox.js” library to steal sensitive data and compromise systems. Despite multiple takedowns, new malicious packages continue to appear. The attackers use techniques like brandjacking, combosquatting, and starjacking to create the illusion of legitimacy. The malware’s capabilities include Discord token theft, system persistence, and deploying additional payloads like Quasar RAT. The malicious code, hidden in the “postinstall.js” file, is heavily obfuscated and automatically executes when the package is installed. The malware manipulates the Windows registry to ensure it runs consistently and exfiltrates sensitive data to the attackers via a Discord webhook. Despite efforts to remove these packages, the attackers’ GitHub repository remains active, posing an ongoing threat. Developers are advised to verify package authenticity to avoid such attacks.

Two European men are indicted for orchestrating a widespread “swatting” campaign. 

Two European men, Tomasz Szabo from Romania and Nemanja Radovanovic from Serbia, were indicted for orchestrating a widespread “swatting” campaign that targeted around 100 people, including a former U.S. president, members of Congress, and other public officials. The campaign, which spanned from December 2020 to January 2024, involved making fake emergency calls to prompt aggressive police responses at the victims’ homes. The swatting calls included threats of mass shootings, bombings, and other violent acts. Szabo and Radovanovic used various techniques to appear legitimate and coordinated their attacks through online chat groups. They are charged with conspiracy and numerous counts of making threats. The FBI reported a surge in swatting calls, some linked to court cases against former President Donald Trump. U.S. officials are expected to seek the extradition of both men to face trial.

Critical vulnerabilities in an enterprise network monitoring solution could lead to system compromise. 

Critical vulnerabilities in Progress Software’s WhatsUp Gold, an enterprise network monitoring solution, could lead to system compromise. The software, essential for monitoring cloud and on-premises infrastructure, has over 1,200 instances accessible online, many potentially affected by a severe flaw, CVE-2024-4885, with a CVSS score of 9.8. This vulnerability allows remote code execution due to improper input validation in the GetFileWithoutZip method. Although a patch was released in May with version 23.1.3, and another in August with version 24.0.0, upgrading requires a manual process that may deter some administrators. The vulnerability has not been exploited yet, but the availability of proof-of-concept code makes it crucial for administrators to update to the latest version to avoid potential exploitation. Progress Software strongly advises upgrading to protect systems from unauthorized access and other risks.

An Ohio judge issues a restraining order against a cybersecurity expert following a ransomware attack. 

A judge in Franklin County, Ohio has issued a temporary restraining order against cybersecurity expert David L. Ross Jr., who has been revealing the impact of a ransomware attack on Columbus city government. Ross, also known as “Connor Goodwolf,” alerted the public that sensitive information, including Social Security numbers and details about crime victims and police officers, was stolen and posted online after the city refused to pay a ransom. The order prohibits Ross from accessing or sharing these files. Ross argues that the city is trying to deflect blame for its own mishandling of the breach, while the city claims the order is necessary to protect public safety. Despite the restraining order, Ross plans to pursue legal action, claiming his First Amendment rights are being infringed. The situation has led to multiple lawsuits against the city for failing to protect personal data.

 

Up next, we’ve got Aura’s Chief Scientist Dr. Zulfikar Ramzan sharing his take on the RockYou2024 breach and AI's growing role with online criminals. We’ll be right back.

Welcome back.

Admiral Hopper's lost lecture is lost no more. 

And finally, you may recall that about a month ago stories were circulating that the NSA had discovered archival video tapes of a presentation given by Admiral Grace Hopper in 1982, titled “Future Possibilities: Data, Hardware, Software, and People.” A true pioneer and trailblazer, Admiral Hopper was known for her dry wit and compelling story-telling abilities. 

NSA claimed they didn’t have the necessary equipment to transfer the old 1” reels of analog video tape, but countless video archivists offered up their services. In the end, it’s unclear who handled the transfer, but the good news is that the lecture is now available on YouTube, and needless to say it’s worth your time. 

We’ll have a link in the show notes. 

 

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.