High-stakes sabotage.

Exploding pagers in Lebanon are not a cyberattack. Europol leads an international effort to shut down the encrypted communications app Ghost. Microsoft IDs Russian propaganda groups’ disinformation campaigns. California’s Governor signs bills regulating AI in political ads. A multi-step zero-click macOS Calendar vulnerability is documented. A new phishing campaign targets Apple ID credentials.The US Cyber Ambassador emphasizes deterrence. Our guest is Linda Betz, Executive Vice President of Global Community Engagement at the FS-ISAC, sharing their work on maintaining security support at all levels of cyber maturity. AI tries to out-Buffett Warren Buffett.

Today is Wednesday September 18th 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Exploding pagers in Lebanon are not a cyberattack.

The recent explosions in Lebanon, which killed 12 people and injured nearly 2,800, were not the result of a cyberattack but rather a coordinated physical operation. According to Lebanese state media and Hezbollah, the devices affected were pagers used by members of the group. U.S. and other officials confirmed that Israel had likely planted small explosives in these pagers, which were remotely detonated. This sabotage disrupted Hezbollah’s communication infrastructure, which had relied on pagers due to concerns about the security of mobile networks.

The pagers, sourced from a Taiwanese company, were tampered with before reaching Hezbollah. Israel has not officially commented on the attack, but it aligns with their broader covert efforts against Hezbollah and Iran. Despite the technological sophistication of the operation, the blasts were not the result of a cyber breach but rather a physical modification of the communication devices.

Hospitals in Beirut were overwhelmed with casualties, and the explosions have heightened tensions in the ongoing conflict between Israel and Hezbollah, which has been further complicated by the Gaza war. While Hezbollah has vowed retaliation, this incident underscores the intensifying covert conflict between Israel and its regional adversaries  .

Axios reports that a second wave of attacks occurred today, blowing up thousands of Hezbollah walkie-talkies. Axios says the devices were similarly booby-trapped by Israeli intelligence before they were delivered to Hezbollah.

Europol leads an international effort to shut down the encrypted communications app Ghost.

Authorities from nine countries, in collaboration with Europol, dismantled the encrypted communications app Ghost, which had been a key tool for organized crime. The app facilitated illegal activities such as drug trafficking, money laundering, and violent crimes. Criminals favored Ghost because it allowed them to evade law enforcement through robust encryption and message self-destruction features. Servers were located in France and Iceland, while its creators resided in Australia.

The international operation resulted in 51 arrests, including the app’s mastermind, Jay Je Yoon Jung. Several threats to life were thwarted, and a drug lab was uncovered in Australia. Europol highlighted the collaborative effort, stating that even highly encrypted networks cannot evade law enforcement  .

Microsoft IDs Russian propaganda groups’ disinformation campaigns. 

Russian propaganda groups have escalated a disinformation campaign targeting Vice President Kamala Harris’s presidential run through fake videos, Microsoft researchers revealed. These videos, shared widely on social media, falsely accuse Harris of crimes like a fabricated hit-and-run incident and a staged assault at a Donald Trump rally. One viral video, accusing Harris of paralyzing a girl, reached 7 million views on X (formerly Twitter). Another video depicted a fake New York billboard with offensive messages about Harris.

Microsoft identified three Russian government-backed groups involved in these smear campaigns, with one group particularly focused on creating attention-grabbing, scandalous content. This activity persists despite previous exposure of these tactics, with Russia continuing efforts to undermine the U.S. election. Microsoft also noted six Russian hacktivist groups working in coordination with Russian intelligence services. Alongside Russia, a Chinese influence group has also been active, seeking to amplify divisions within the U.S. rather than promoting a specific candidate.

California’s Governor signs bills regulating AI in political ads. 

California Governor Gavin Newsom signed three bills to regulate the use of artificial intelligence (AI) in political ads ahead of the 2024 election. One new law, effective immediately, prohibits the creation and distribution of AI-generated deepfakes related to elections starting 120 days before and 60 days after Election Day. Courts can now block such materials and impose civil penalties. Additionally, large social media platforms must remove deceptive AI content under a separate law, while political campaigns must disclose if their ads use AI-altered material.

California was the first state to ban election-related deepfakes in 2019, and these measures further strengthen its proactive stance.

A multi-step zero-click macOS Calendar vulnerability is documented. 

A zero-click vulnerability in macOS Calendar was discovered by researcher Mikko Kenttälä [KENT-uh-luh], allowing attackers to write or delete files within the Calendar sandbox. This flaw, identified as CVE-2022-46723, could lead to malicious code execution and unauthorized access to sensitive iCloud Photos data. By exploiting the vulnerability, attackers could send malicious calendar invites that bypassed filename sanitization, facilitating directory traversal. The attack chain involved multiple phases, including injecting malicious files to execute remote code during a macOS upgrade and gaining access to iCloud Photos by altering the Photos app’s configuration.

Apple patched these vulnerabilities in a series of updates between October 2022 and September 2023. The exploit was detailed in a Disobey 2024 presentation, demonstrating how attackers could compromise user data without interaction.

A new phishing campaign targets Apple ID credentials.

Action Fraud, the U.K.‘s national fraud and cyber reporting center, has issued a warning to iPhone users about a phishing campaign targeting Apple ID credentials. The scam involves emails that falsely claim the recipient’s iCloud storage is nearing capacity, prompting them to upgrade or update payment information. These emails appear to come from Apple but direct users to malicious sites designed to steal Apple ID login details, payment card information, and personal data. Over 1,800 reports of this phishing attack have been filed in just two weeks.

To avoid falling victim, Action Fraud advises users to never click on links in suspicious emails and instead check their iCloud storage directly through their iPhone or Apple device settings. If unsure, users should contact Apple through official channels  .

The US Cyber Ambassador emphasizes deterrence. 

Nate Fick, the U.S. cyber ambassador, argues that deterrence is crucial in cyberspace, contrary to some views within the security community. In an interview with CyberScoop’s Tim Starks, Fick emphasizes that cyber deterrence is increasingly urgent due to the rise of hybrid threats—blending cyberattacks with foreign influence and physical warfare—seen in countries like Estonia, Poland, and Ukraine. He stresses the need to enforce norms and prevent adversaries, like China and Russia, from expanding their influence through digital means. Fick also highlights the importance of public education to combat disinformation, comparing it to successful campaigns for public health issues like smoking. His bureau focuses on expanding cyber capabilities, including foreign aid to bolster allied nations’ defenses. Specific near-term priorities include Costa Rica and Moldova, both facing significant cyber challenges. Fick believes strategic resource allocation is key, with the U.S. cyber policy delivering strong returns on investment in global security.

 

Our guest today is the FS-ISAC’s Linda Betz sharing their work on maintaining security support at all levels of cyber maturity. 

We’ll be right back

Welcome back

AI tries to out-Buffett Warren Buffett.

And finally, fintech startup Intelligent Alpha is launching an exchange-traded fund powered by AI chatbots modeled after legendary investors like Warren Buffett and Stanley Druckenmiller. The “Intelligent Livermore ETF,” trading under the ticker LIVR, uses ChatGPT, Gemini, and Claude as its “investment committee.” These chatbots mimic the strategies of iconic money managers to curate a global portfolio across various sectors like healthcare and renewables.

CEO Doug Clinton likens this AI-driven approach to hedge fund “pods,” each focusing on specialized areas of expertise. While it’s an audacious attempt to “weaponize AI for riches,” the strategy remains experimental, with little evidence proving AI’s investment edge over traditional methods. Still, the ETF includes human oversight to prevent any “hallucinations” from the AI—like accidentally investing in fraudulent companies.

Despite the hype, AI-powered ETFs have mostly struggled to outperform traditional funds, but Intelligent Alpha hopes to change that by adding more products in the future.

What could possibly go wrong…

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.