The CyberWire Daily Podcast 9.12.24
Ep 2149 | 9.12.24

UK’s newest cybersecurity MVPs.

Transcript

The UK designates data centers as Critical National Infrastructure. Cisco releases patches for multiple vulnerabilities in its IOS XR network operating system. BYOD is a growing security risk. A Pennsylvania healthcare network has agreed to a $65 million settlement stemming from a 2023 data breach.Google Cloud introduces air-gapped backup vaults. TrickMo is a newly discovered Android banking malware. GitLab has released a critical security update. A $20 domain purchase highlights concerns over WHOIS trust and security. Our guest is Jon France, CISO at ISC2 [eye-ess-see-two] , with insights on Communicating Cyber Risk of New Technology to the Board. And, could Pikachu be a double-agent for Western intelligence agencies?

Today is Thursday September 12th 2024. I’m Tré Hester, filling in for Dave Bittner. And this is your CyberWire Intel Briefing.

The UK designates data centers as Critical National Infrastructure.

The UK has designated data centers as Critical National Infrastructure (CNI), placing them alongside energy and water systems. Announced by Technology Secretary Peter Kyle on September 12, the move aims to bolster cybersecurity and prevent IT disruptions. A dedicated government team will provide support, monitor threats, and coordinate with security agencies like the National Cyber Security Centre (NCSC) to protect data centers from attacks. This comes alongside a proposed £3.75bn investment in a new data center and an £8bn investment from Amazon Web Services. Industry leaders welcome the move, noting that many centers already meet CNI security standards. 

Cisco releases patches for multiple vulnerabilities in its IOS XR network operating system.

Cisco has released patches for eight vulnerabilities in its IOS XR network operating system, including six high-severity flaws. The most critical, with a CVSS score of 8.8, could allow attackers with low privileges to elevate their access to root by executing crafted commands. Another major issue affects the Mtrace2 feature and could be exploited remotely to trigger a denial-of-service (DoS) attack. Cisco also disclosed two high-severity command injection vulnerabilities in the Routed Passive Optical Network (PON) controller software. These and other flaws, including two medium-severity issues, have been patched. Cisco is unaware of any active exploitation of these vulnerabilities. 

BYOD is a growing security risk. 

Verizon’s 2024 Mobile Security Index highlights the growing security risks posed by employee mobile device use at work, known as Bring Your Own Device, or BYOD. The report reveals that 37% of employees use public Wi-Fi despite organizational bans, increasing vulnerability. Mobile device threats surged in 2023, with 85% of organizations seeing more risks, while 77% fear AI-driven attacks like deepfakes and SMS phishing. Critical infrastructure sectors, including energy and healthcare, are particularly at risk, with 86% reporting heightened mobile and IoT security issues. Verizon’s Mike Caralis stresses the importance of comprehensive security strategies, including mobile device management, network access controls, and employee training on phishing and AI-driven threats. He warns that unmonitored devices and insecure connections can lead to severe security breaches. Most organizations are boosting mobile security spending, but a united effort between public and private sectors is essential to counter evolving threats.

A Pennsylvania healthcare network has agreed to a $65 million settlement stemming from a 2023 data breach.

Lehigh Valley Health Network (LVHN) in Pennsylvania has agreed to a $65 million settlement in response to a class-action lawsuit stemming from a 2023 data breach. The breach, attributed to the Alphv/BlackCat [note: Alphv is pronounced Alpha] ransomware gang, began in January 2023 and impacted over 130,000 patients and employees. Stolen data included personal and medical information, Social Security numbers, and, in some cases, clinical images and nude photos. LVHN disclosed the attack in February and confirmed the involvement of the ransomware group in July. Affected individuals were offered two years of identity protection. The class-action suit, filed in March 2023, accused LVHN of failing to safeguard patient data. Settlement payments will range from $50 to $70,000, with the highest amounts awarded to those whose nude photos were leaked. A final approval hearing is scheduled for November 15.

Google Cloud introduces air-gapped backup vaults. 

Google Cloud has introduced air-gapped backup vaults as part of its enhanced Backup and Disaster Recovery (DR) service, now available in preview. These vaults provide robust protection against ransomware and unauthorized data manipulation by creating immutable and indelible backups, preventing modification or deletion until a set retention period elapses. Isolated from the customer’s Google Cloud project, these air-gapped vaults reduce the risk of direct attacks on backups. 

TrickMo is a newly discovered Android banking malware. 

TrickMo is a newly discovered Android banking malware, identified by Cleafy’s Threat Intelligence team, that targets financial institutions and customers. Derived from the TrickBot malware, TrickMo uses advanced evasion techniques like broken zip files and dropper apps to avoid detection. Disguised as “Google Chrome,” it exploits Android Accessibility Services to gain admin controls. Once installed, TrickMo can capture one-time passwords, record screens, log keystrokes, and remotely access infected devices. It also conducts HTML overlay attacks to steal credentials. The malware communicates with its Command and Control server, which stores exfiltrated data, including logs, credentials, and images, but lacks authentication, leaving victims vulnerable to multiple attackers. Initially discovered in 2019 by CERT-Bund, TrickMo primarily targets European banking apps, with a focus on German-language users. A recent leak exposed 12 GB of stolen data, raising concerns about further exploitation.

GitLab has released a critical security update. 

GitLab has released a critical security update addressing multiple vulnerabilities. The most severe flaw has a CVSS score of 9.6 and could allow attackers to trigger pipelines as other users. GitLab urges all users to upgrade to the latest patched versions immediately to prevent security risks, including unauthorized access, privilege escalation, and data compromise. GitLab.com has been patched, and no action is required for GitLab Dedicated customers.

A $20 domain purchase highlights concerns over WHOIS trust and security. 

Security researcher Benjamin Harris, CEO of watchTowr, exploited a $20 domain purchase to gain control of the previously authoritative WHOIS server for the .mobi domain, leading to significant security concerns. After discovering that the original domain, dotmobiregistry.net, had expired, Harris registered it and set up a rogue WHOIS server. Within days, his server received millions of queries from high-profile organizations, including governments, security tools, and certificate authorities. This allowed Harris to potentially issue counterfeit HTTPS certificates, track email activity, and execute malicious code on querying devices. The vulnerability exposed flaws in trust systems and outdated infrastructure, which could be exploited by attackers. Harris’s findings highlight the fragility of internet trust and security processes, and the incident led to discussions with security organizations to prevent further misuse of the domain. The issue underscores broader concerns about the recycling of infrastructure and expired domains.

 

Coming up is my conversation with guest Jon France. He is the CISO at ISC2. Jon shared his Black Hat USA 2024 session on "All on "Board" for AI – Communicating Cyber Risk of New Technology to the Board." 

We’ll be right back.

Welcome back. You can find out more about Jon and ISC2 including their upcoming Security Congress 2024 in the show notes. 

 

Is Pikachu a double-agent for Western intelligence agencies?

And finally, in a move that might leave Pikachu shocked, a Belarusian defense official, Alexander Ilanov, claimed Pokémon GO was a sneaky tool of Western intelligence agencies. Appearing on local TV, Ilanov said the game’s digital creatures conveniently popped up near military runways at the height of its popularity—because why wouldn’t a Squirtle be interested in defense secrets?

While Pokémon GO had its share of privacy concerns and scammers, the idea of it being an intelligence tool has been widely debunked. Russia once called it a CIA scheme, and countries like Indonesia, Egypt, and China weren’t fans either. Niantic, the game’s developer, insists it follows local laws and doesn’t spy on players—so no need to worry about Pikachu peeking into military bases. Still, military officials worldwide urge caution when sharing location data, whether you’re catching a Charmander or jogging near classified sites!

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.