PIVOTT Act drafts the next wave of digital defenders.

The House Homeland Security Chair introduces a major cyber workforce bill. Google rolls out new Gmail security tools. Telegram makes a big shift in its privacy policy. Microsoft doubles down on cybersecurity. A Kansas water treatment facility suffers a suspected cyberattack. MoneyGram reports network outages. Kaspersky antivirus users get an automatic upgrade, maybe. North Korean IT workers infiltrate Fortune 100 companies. Gartner analysts urge cybersecurity leaders to focus on prevention, response, and recovery. In this week’s Threat Vector, host David Moulton is joined by Daniel Kendzior, Global Data & AI Security Practice Lead at Accenture, to explore the seismic shifts in cybersecurity brought about by AI technologies.  A lavish lifestyle exposes the duo behind a $230M crypto scam.

Today is Tuesday September 24th 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

The House Homeland Security Chair introduces a major cyber workforce bill. 

In an exclusive for Cyber Scoop, Tim Starks reports that House Homeland Security Chairman Mark Green is introducing the PIVOTT Act of 2024, aimed at addressing the U.S. cybersecurity workforce gap by creating an ROTC-like program within the Cybersecurity and Infrastructure Security Agency (CISA). The program will offer scholarships to students at community colleges and technical schools in exchange for two years of public service in federal, state, or local government cyber roles.

The bill targets individuals who may not fit traditional four-year college paths or those seeking career changes, aiming to involve 250 students in its first year and eventually expanding to 10,000. Participants would engage in skills-based tasks like hackathons and benefit from early initiation of the security clearance process.

This initiative seeks to close the cybersecurity job gap, currently estimated at nearly 500,000 unfilled positions. Green stresses the need for fresh approaches to attract and train talent, particularly amid rising cyber threats from countries like China, Iran, and Russia.

The bill is seen as complementary to existing programs like Cyber Corps and other legislative efforts aimed at bolstering the federal cybersecurity workforce. If passed, it will leverage CISA’s industry partnerships to expand cybersecurity training outside of traditional degree programs.

While there’s no funding attached yet, Green’s team emphasizes the importance of investing in cybersecurity talent as a critical line of defense. Co-sponsors of the bill include Reps. Carlos Gimenez and Mike Ezell, with a committee markup scheduled for Wednesday.

Google rolls out new Gmail security tools. 

Google is rolling out key Gmail security improvements, powered by their Gemini AI, for organizations of all sizes. The new Security Advisor tool will provide enterprise-grade protection to smaller businesses. It offers tailored intelligence to defend against evolving cyber threats and delivers actionable guidance directly to IT admins’ inboxes.

Security Advisor includes a security sandbox for scanning email attachments and enhanced safe browsing to detect malicious content before it reaches users. The AI model, trained on the worst email threats, has improved Gmail’s spam detection and response capabilities significantly.

Additionally, Security Advisor extends protections beyond Gmail to other Google Workspace apps, including Chrome and Drive, offering enhanced safe browsing, data protection, and app access management to safeguard sensitive information and prevent security risks across the platform.

Telegram makes a big shift in its privacy policy. 

Telegram’s made a big shift in its privacy policy. The messaging app has announced it will now share users’ IP addresses and phone numbers with authorities—if they’ve got a valid search warrant. CEO Pavel Durov says this move is meant to “discourage criminals” from using the platform, pointing out that while the vast majority of Telegram users are law-abiding, it’s the small fraction of bad actors giving the app a bad name.

This comes on the heels of Durov himself being arrested in France, charged with enabling criminal activity on the platform. Telegram’s been under fire for hosting all kinds of unsavory content, from misinformation to child abuse materials. And some critics are worried this new policy could open the door for Telegram to cooperate with authoritarian regimes, especially in places where dissidents rely on the app.

Telegram says it’s beefing up content moderation with AI, but experts are already questioning whether this will satisfy European regulators. Durov’s announcement has left many wondering how far Telegram is willing to go—and if it’s still a safe space for free speech.

Microsoft doubles down on cybersecurity. 

Microsoft’s doubling down on cybersecurity, after some recent high-profile hacks shook things up. They’ve brought in new leadership with some serious credentials, like Timothy Langan, a 26-year FBI veteran, and Shawn Bowen, who used to head up cybersecurity for the Marine Corps. And they’re not stopping there—internal leaders like Azure’s CTO, Mark Russinovich, are stepping into new deputy CISO roles as part of a 13-member team.

Microsoft now has 34,000 engineers working full-time on security, all part of their Secure Future Initiative, the biggest revamp of their security practices in over 20 years. CEO Satya Nadella? He’s making sure security comes first, even before new product features. He’s set up weekly meetings with his top brass to tackle the tough issues head-on. His message is clear: fix the problems, don’t just tell me how great things are.

One challenge is balancing security with the constant pressure to innovate—especially in AI. Recently, their AI team rolled out a new feature called Recall, which had to be pulled back after raising red flags with security experts. But Microsoft says they are learning from these stumbles, tightening up their processes so teams can launch features securely.

The bottom line? Nadella wants Microsoft focused on solutions, not excuses. It’s a serious shift for the company, and they’re all in on making sure they’re ready to defend against the next big cyber threat. 

A Kansas water treatment facility suffers a suspected cyberattack. 

Arkansas City, Kansas, switched its water treatment facility to manual operations after a suspected cyberattack on September 22. The incident did not affect the water supply or disrupt services, and the city manager reassured residents that the water remains safe. Authorities were notified, and cybersecurity experts are working to resolve the issue and restore normal operations. While details are limited, the facility may have been targeted by a ransomware attack, prompting precautionary shutdowns to protect the system. Enhanced security measures are in place.

MoneyGram reports network outages. 

MoneyGram, the digital payment giant, is experiencing network outages following a cybersecurity incident. Users began reporting service disruptions on Friday, and by Monday, the company confirmed a security issue had led to systems being taken offline for investigation. MoneyGram is working with external cybersecurity experts and law enforcement to address the problem, though it hasn’t confirmed if a ransomware attack is involved.

The company’s services remain offline, including its website, affecting customers globally, particularly in the Caribbean and Mexico. The Bank of Jamaica reported that remittance services using MoneyGram in Jamaica are also down. MoneyGram, which handles over $200 billion in transactions across 200 countries annually, is working to restore operations.

Ransomware attacks on financial services have surged recently, targeting firms to pressure quick payouts due to customer reliance. MoneyGram was acquired by Madison Dearborn Partners in 2023.

Kaspersky antivirus users get an automatic upgrade, maybe. 

Users of Kaspersky antivirus in the U.S. woke up to find their software swapped out for something new—UltraAV. This change comes after the U.S. Department of Commerce banned Kaspersky’s products over national security concerns.

Kaspersky partnered with UltraAV to make sure there’s no gap in protection, and the switch happened automatically through a software update on September 19. UltraAV brings similar features like antivirus, VPN, password manager, and identity theft protection.

However, many users were caught off guard, with some voicing concerns online about the lack of notification and the fact that UltraAV is relatively unknown. There’s been chatter about the new product’s limited track record, and users are understandably hesitant.

Kaspersky assures customers that their subscriptions are still valid and that UltraAV will keep their systems secure. But the sudden shift has definitely raised eyebrows, with about 1 million U.S. users affected by the transition.

North Korean IT workers infiltrate Fortune 100 companies. 

A recent report from Google’s Mandiant unit reveals that dozens of Fortune 100 companies have unknowingly hired North Korean IT workers using fake identities. These workers, part of a scheme known as UNC5267, are sent by the North Korean government to earn multiple salaries while gaining access to U.S. tech firms. This access could be exploited for cyberattacks or inserting malicious code.

The scheme involves U.S.-based “laptop farms,” where remote technology enables workers to operate from China or Russia. Some American operators have been charged for facilitating this scam, which generated millions for North Korea.

Mandiant urges companies to implement stricter hiring protocols, such as verifying worker identities and laptop locations. The North Korean IT workers are thought to funnel their earnings to the regime’s weapons programs. The U.S. has responded by seizing assets, shutting down domains, and issuing sanctions on entities tied to the scheme.

Gartner analysts urge cybersecurity leaders to focus on  prevention, response, and recovery. 

At the Gartner Risk and Security Summit, analysts Akif Khan and Christopher Mixter urged cybersecurity leaders to move beyond a “zero tolerance for failure” approach and embrace a balanced focus on prevention, response, and recovery. While prevention remains essential, they argued that organizations have underinvested in response and recovery, leaving them vulnerable. Cyber-attacks are inevitable, and prioritizing response and recovery is crucial for long-term success.

The analysts outlined three key areas for development:

1. Shifting away from a zero-failure mindset.

2. Implementing a “minimum effective toolset” to streamline cybersecurity tools.

3. Building a resilient workforce with strong self-care and mental health support.

They stress that as AI technology evolves, preventing every attack is impossible, making adaptation critical. Gartner also emphasized the importance of managing third-party vendor risk, suggesting formal contingency plans for vendor incidents. Lastly, they encouraged organizations to value failure as a learning tool, promoting resilience as a key competency in cybersecurity.

 

Next on our Threat Vector, host Palo Alto’s David Moulton talks with Accenture’s Daniel Kendzior about the seismic shifts in cybersecurity brought about by AI technologies. 

We’ll be right back

Welcome back. Join us each Thursday for a new episode of Threat Vector on the N2K CyberWire network. You can find a link in our show notes to hear David and Daniel’s full discussion. 

 

A lavish lifestyle exposes the duo behind a $230M crypto scam.

And finally, two young men, Malone Lam (aka “Anne Hathaway” and “$$$”) and Jeandiel Serrano (aka “VersaceGod” and “@SkidStar”), were arrested by the FBI for allegedly pulling off a cryptocurrency heist worth a staggering $230 million. The dynamic duo, aged 20 and 21, are accused of stealing 3,100 Bitcoin from a Washington D.C. victim back in August 2024.

Their scam? Posing as Google Support with a spoofed phone number, tricking their victim into sharing their screen, and snagging the private keys to their cryptocurrency wallet. They even managed to convince the victim to reset their two-factor authentication, giving them full control of the wallet.

But their plot to launder the funds via VPNs, peel chains, and pass-through wallets didn’t go as smoothly as planned. Their “operational security” was… let’s say, less Ocean’s Eleven and more amateur hour. Cryptocurrency investigator ZachXBT revealed their sloppy behavior, including allegedly recording themselves on a group chat during the heist. Oops!

The pair didn’t exactly lay low either. They lived lavishly, throwing down half a million dollars on nights out, gifting random ladies designer handbags, and handing out pink Lamborghinis like party favors. Apparently, though, splurging on Birkin bags and endless champagne didn’t help Mr. Lam’s love life.

Despite their extravagant spending and efforts to hide their tracks, the FBI was quick to catch up with them. It turns out, stealing a quarter of a billion dollars isn’t as easy as it looks.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.