The CyberWire Daily Podcast 9.9.24
Ep 2146 | 9.9.24

A ticking clock to exploitation.

Transcript

Patch Now alerts come from Progress Software and Veeam Backup & Restoration. Car rental giant Avis notifies nearly 300,000 customers of a data breach. The UK’s National Crime Agency struggles to retain top cyber talent. Two Nigerian brothers get prison time for their roles in a deadly sextortion scheme. SpyAgent malware uses OCR to steal cryptocurrency. A Seattle area school district suffers a cybercrime snow day. Our guest is Amer Deeba, CEO of Normalyze, discussing data’s version of hide and go seek - the emergence of shadow data. A crypto leader resigns after being held at gunpoint. 

Today is Monday September 9th 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Patch Now alerts come from Progress Software and Veeam Backup & Restoration. 

Progress Software has released an emergency patch for a critical vulnerability (CVE-2024-7591) in its LoadMaster and LoadMaster Multi-Tenant Hypervisor products. The flaw, rated 10/10 in severity, allows unauthenticated attackers to remotely execute arbitrary system commands via a crafted HTTP request. This vulnerability stems from improper input validation in LoadMaster’s management interface, enabling remote code execution. Progress has provided an add-on package to fix the issue for vulnerable versions, excluding the free version of LoadMaster. No active exploits have been reported, but users are urged to apply the patch and follow recommended security measures to protect their systems.

A critical vulnerability (CVE-2024-40711) in Veeam Backup & Replication software allows attackers to gain full control of systems without authentication. It’s classified as a Remote Code Execution (RCE) flaw, and if exploited attackers could run arbitrary code, potentially leading to data breaches or ransomware deployment. Cybersecurity firm Censys identified 2,833 Veeam servers exposed online, mainly in Germany and France. This vulnerability follows a similar flaw exploited by ransomware groups earlier in 2023. Veeam has released a patch (version 12.2.0.334) addressing this and five other issues. Users are strongly urged to update their systems and review network security to prevent exposure to the internet and monitor for unauthorized activity.

Car rental giant Avis notifies nearly 300,000 customers of a data breach. 

Car rental giant Avis is notifying nearly 300,000 customers that their personal information was stolen in an August 2024 cyberattack. The breach exposed sensitive data, including names, mailing and email addresses, phone numbers, birth dates, credit card details, and driver’s license numbers. The attack began on August 3, but was discovered two days later. Avis has not disclosed how the breach occurred, and further details remain unclear. So far, the largest number of affected individuals are from Texas, with 34,592 residents impacted. Additional breach notifications are expected. Avis, which owns Budget and Zipcar, operates in over 180 countries and earned $12 billion in revenue in 2023. The company has not commented on who is responsible for its cybersecurity efforts.

The UK’s National Crime Agency struggles to retain top cyber talent. 

The UK’s National Crime Agency (NCA), commonly viewed as an elite force capable of tackling serious organized crime, including cybercrime, is struggling to maintain its operations, according to a recent report by Spotlight on Corruption, a nonprofit  civil society group.  The report warns that the agency is “on its knees,” citing a severe “braindrain” caused by a broken pay system, which is driving away senior staff and cyber experts. Notably, the NCA loses nearly 20% of its cyber capacity each year, a significant blow as cybercrime continues to rise globally. This staffing crisis has forced the NCA to depend heavily on costly temporary labor and consultants, who now account for more than 10% of the agency’s budget.

The report calls on the UK government to take immediate action, emphasizing that the NCA is at a critical juncture. Without urgent reforms and proper funding, the agency will struggle to fulfill its mission to protect the country from growing threats like fraud, organized crime, and cyberattacks. Britain’s new Labour government, which campaigned on rebuilding the public sector after years of austerity and budget cuts, faces a crucial decision. “The question for the new government is not whether it can afford to invest in pay reform at the NCA, but whether it can afford not to,” the report argues.

The report highlights that NCA officers, like other public sector workers, have faced stagnant pay for over a decade, exacerbated by high inflation since 2022. This has made NCA positions less attractive compared to private sector jobs or international counterparts, like the FBI. While the NCA is often likened to the FBI, Spotlight on Corruption points out stark differences between the two agencies. The FBI boasts a much lower turnover rate of 1.7%. FBI agents also enjoy better pay, benefits, and professional growth opportunities, making the NCA less competitive in attracting talent. In contrast, serving British police officers would have to take a pay cut to join the NCA, which lacks similar performance-based pay increases.

A government spokesperson acknowledged the vital role the NCA plays in combating organized crime and reiterated its commitment to investing in the agency and its staff to ensure it has the necessary capacity and capabilities. However, with cybercrime and fraud continuing to rise and key staff leaving at an alarming rate, it remains to be seen whether these promises will translate into the significant reforms and investments the NCA urgently needs.

Two Nigerian brothers get prison time for their roles in a deadly sextortion scheme.  

Two Nigerian brothers, Samuel and Samson Ogoshi, have been sentenced to 17.5 years in prison for their roles in a social media sextortion scheme that claimed over 100 victims, including at least 11 minors. The brothers, who posed as young women on Instagram and other platforms, extorted money from their victims by threatening to share nude photos with family and friends if they didn't pay up. One of the victims was Jordan DeMay, a 17-year-old high school student who killed himself in 2022 after being threatened by the brothers. The sentencing is seen as a significant step in cracking down on sextortion schemes, which have claimed thousands of victims in recent years. The US Attorney for the Western District of Michigan said that the sentences send a "thundering message" to scammers that they will be held accountable, regardless of where they are located.

SpyAgent malware uses OCR to steal cryptocurrency. 

A new Android malware called SpyAgent uses optical character recognition (OCR) technology to steal cryptocurrency wallet recovery phrases from screenshots stored on mobile devices. Recovery phrases, or seed phrases, are crucial for accessing cryptocurrency wallets. If stolen, attackers can use these phrases to take control of the wallet and its funds. SpyAgent is distributed through at least 280 malicious APKs outside of Google Play, often spread via SMS or social media. Once installed, it scans device images for recovery phrases and sends sensitive data to its command and control server. The malware primarily targets South Korea but is expanding to the UK, with potential plans for an iOS variant. To mitigate risks, users should avoid installing apps outside of Google Play and monitor for suspicious permissions.

A Seattle area school district suffers a cybercrime snow day. 

The Highline Public School district in Washington State announced the closure of all schools on Monday due to a breach in its technology systems. The district detected unauthorized activity and immediately isolated critical systems, working with third-party and government partners to restore and test their network. The closure affects athletics, school activities, and the vaccine clinic, with central offices remaining open. The breach delays the first day of kindergarten, and families will be updated by Monday afternoon regarding Tuesday’s schedule. The district, which serves over 17,000 students across 35 schools south of Seattle, has not detected any personal data theft. The breach impacts essential operations, such as school transportation and attendance tracking, making it difficult to operate classes safely at the start of the school year.

 

Coming up, we’ve got the CEO of Normalyze Amer Deeba talking about what they are calling data’s version of hide and go seek, or the emergence of shadow data. We’ll be right back.

Welcome back

A crypto leader resigns after being held at gunpoint. 

Nick Drakon, CEO of Revelo Intel, a crypto research and education platform, has stepped down after a traumatic robbery where he was held at gunpoint and forced to transfer cryptocurrency. The attackers, described as a sophisticated group, stole personal funds, company capital, and investor assets, threatening Drakon, his wife, and their eight-month-old son. The criminals had detailed knowledge of Revelo’s crypto deposit addresses, raising suspicions of insider involvement. Drakon has since forfeited his ownership stake in Revelo, which pledged 30% of future profits to affected members. Vu Benson, former COO, has taken over as CEO. Drakon apologized for errors that may have made him a target and is cooperating with authorities to recover the stolen funds. 

This incident serves as a sobering reminder of the personal risks that come with managing digital assets and the importance of prioritizing safety, not just for ourselves but for our loved ones.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.