The CyberWire Daily Podcast 11.5.24
Ep 2184 | 11.5.24

Confidence on election day.

Transcript

On election day U.S. officials express confidence. A Virginia company is charged with violating U.S. export restrictions on technology bound for Russia. Backing up your GMail. Google mandates MFA. Google claims an AI-powered vulnerability detection breakthrough. Schneider Electric investigates a cyberattack on its internal project tracking platform. A Canadian man suspected in the Snowflake-related data breaches has been arrested. On our Threat Vector segment, David Moulton sits down with Christopher Scott, from Unit 42 to explore the essentials of crisis leadership and management. I spy air fry?

Today is Tuesday November 5th 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

On election day U.S. officials express confidence. 

It is election day here in the U.S., officials from agencies like CISA, Cyber Command, and the FBI are tackling a surge in influence operations and disinformation campaigns from foreign adversaries, especially Russia and China. Former Cyber Command leader Paul Nakasone notes significant progress since 2016 in how the U.S. manages election security, citing a “series of safe and secure elections” enabled by a coordinated defense strategy. This year, officials like CISA Director Jen Easterly emphasize that while minor incidents like low-level DDoS attacks and ballot box vandalism have occurred, there’s no evidence of threats that could alter election outcomes.

Russia remains the most active threat, deploying false narratives and fabricated videos to sow distrust and potentially incite violence, particularly in swing states. China’s “Salt Typhoon” has also targeted U.S. telecommunications networks for intelligence collection, though officials believe this poses no immediate risk to election security. Meanwhile, CISA and the FBI have debunked misleading videos on social media, urging the public to rely on verified sources for election information.

The unified efforts across federal agencies, international partners, and AI-powered defenses are credited with enhancing election security. Nakasone sees the current transparency about disinformation campaigns as a success, reflecting a matured response framework. CISA plans to release a post-election assessment to confirm whether any foreign actors attempted to influence the outcome, marking a proactive approach in the face of evolving threats.

A Virginia company is charged with violating U.S. export restrictions on technology bound for Russia. 

In Virginia, two executives and their company are facing serious charges for allegedly violating U.S. export restrictions on technology bound for Russia. Eleview International, based in Virginia, and its top leaders, Oleg Nayandin and Vitaliy Borisenko, are accused of creating an elaborate scheme to sidestep U.S. export controls. According to federal prosecutors, after the Russian invasion of Ukraine, Eleview’s leaders funneled restricted U.S. goods through countries like Turkey, Finland, and Kazakhstan, disguising their true destination: Russian state-linked entities.

Let’s break down these three alleged schemes. In one case, Eleview routed $1.48 million worth of telecommunications gear through a fake Turkish entity, knowing it would end up supporting Russian government agencies, including the Federal Security Service, or FSB. In Finland, they allegedly used Russian postal tracking to sneak $3.45 million in goods – including high-priority components found in Russian “suicide” drones – right to Russian customers. And, through Kazakhstan, they moved an additional $1.47 million in dual-use items.

If found guilty, Nayandin and Borisenko could each face up to 20 years in prison. This case falls under the Department of Justice’s “Disruptive Technology Strike Force” and “Task Force KleptoCapture,” initiatives that work together to prevent unauthorized transfers of critical U.S. technology to hostile states. It’s a high-profile reminder that U.S. export laws are under close watch, especially with wartime restrictions in place.

Backing up your GMail.

With cyberattacks on Gmail accounts rising, Google has introduced advanced security measures to protect users. Yet, session cookie theft and two-factor authentication (2FA) bypasses remain threats for Gmail’s 2.5 billion active users. Security experts warn that, although 2FA is essential, attackers have become adept at circumventing it, using tools to steal session cookies and evade application-bound encryption.

An article in Forbes describes one proactive measure to mitigate the impact of an attack — opening a second Gmail account, and forwarding all messages from your primary account to it.  While this won’t prevent a hack, it offers a backup to store critical information, providing an accessible fallback if the primary account is compromised. Cybersecurity specialists recommend enabling all available protections, including secure passkey sign-ins and Chrome’s safe browsing features. A recent user experience shared on Reddit illustrates the value of such backup accounts, as recovering from a Gmail breach can be challenging. Ultimately, a second account offers a simple yet effective safety net for irreplaceable data.

Google mandates MFA. 

Google Cloud is strengthening security by making multi-factor authentication (MFA) mandatory for all users by the end of 2025. The phased rollout begins this month, initially encouraging MFA adoption through resources and reminders. By early 2025, MFA will be required for password-based logins on Google Cloud platforms, and by the end of the year, all federated users will need MFA, with options for integration with primary identity providers.

This transition builds on Google’s long history with MFA, starting with the 2011 launch of 2-Step Verification and the introduction of phishing-resistant Security Keys in 2014. Google’s decision is driven by data showing that MFA significantly reduces hacking risks, especially in cloud environments. With phishing and stolen credentials being major threats, this mandatory MFA aims to provide stronger protection for Google Cloud’s sensitive deployments.

Google claims an AI-powered vulnerability detection breakthrough. 

Google recently claimed a breakthrough in AI-powered cybersecurity with its tool, “Big Sleep,” marking the first time an AI has uncovered an exploitable memory safety vulnerability in live code—specifically, a stack buffer underflow in SQLite. Developed in collaboration between Google’s Project Zero and DeepMind, Big Sleep identified this flaw, allowing it to be fixed before the affected code’s official release.

The flaw, found in early October, involved an array index error that could lead to a crash or potential code execution. Traditional fuzzing techniques hadn’t detected the bug, but Google’s LLM managed to locate it by analyzing recent commits in SQLite’s repository.

While Big Sleep is still experimental, Google views it as a promising tool for uncovering elusive bugs missed by standard methods. This AI-driven discovery underscores the growing role of machine learning in finding complex, real-world vulnerabilities, complementing tools like Protect AI’s Vulnhuntr, which specializes in identifying zero-days in Python.

Schneider Electric investigates a cyberattack on its internal project tracking platform. 

Schneider Electric confirmed it is investigating a cyberattack on its internal project tracking platform, following a breach claim by the emerging HellCat ransomware group. Schneider, a global leader in energy management and automation, activated its incident response team after HellCat claimed access to the company’s Atlassian Jira system, allegedly stealing around 40GB of project and user data. The group is demanding a $125,000 ransom to avoid leaking the data.

This attack follows a ransomware incident in January that affected Schneider’s sustainability division systems. HellCat, which surfaced recently, has also claimed responsibility for an attack on Jordan’s Ministry of Education, though this is unverified. The FBI notes that increased ransomware disruptions this year have likely driven ransomware operators into smaller groups, possibly fueling attacks like this one. Schneider continues to investigate, prioritizing containment and security measures.

A Canadian man suspected in the Snowflake-related data breaches has been arrested.

A Canadian man suspected of leading this year’s wave of Snowflake-related data breaches, linked to over 165 instances, has been arrested. Known online as “Judische” and “Waifu,” the hacker is allegedly responsible for breaches impacting AT&T, Ticketmaster, and LendingTree, among others. The arrest follows a coordinated investigation involving cybersecurity researchers and international law enforcement, who had been gathering intelligence on the suspect for months.

Sources identified the hacker as Connor Moucka, also known as Alexander Moucka. The Canadian Department of Justice confirmed his arrest on October 30, 2024, at the request of the United States. Moucka reportedly communicated with 404 Media in mid-October, expressing fears of imminent arrest. He claimed to have destroyed evidence, suggesting his activities might be hard to prosecute fully. The hacking group he is associated with, known as “The Com,” is a collective of young hackers behind high-profile cybercrimes worldwide.

On our Threat Vector segment, we share an excerpt of David Moulton speaking with Palo Alto Networks’ Christopher Scott about the essentials of crisis leadership and management in cybersecurity. We’ll be right back.

Welcome back. You can find a link to the full discussion between David and Christopher in our show notes. Be sure to catch new episodes of Threat Vector every Thursday on your favorite podcast app. 

 

I spy air fry?

And finally, in today’s age of “smart” everything, even air fryers seem to have developed a taste for data. UK Consumer group Which? discovered that some smart air fryers are a little too curious. These fryers, by brands like Xiaomi, request microphone permissions through their apps, and Xiaomi’s fryer was found sharing personal data with Facebook, TikTok, and even servers in China (as disclosed in a privacy notice). The consumer group also flagged smart speakers loaded with trackers from Google, Facebook, and Urbanairship, along with watches asking for “risky” permissions like location and audio access.

The UK’s Information Commissioner’s Office (ICO) voiced concerns, stating that many devices flunk both data protection standards and consumer expectations. It’s crafting new guidance for spring 2025 to make smart tech makers step up their privacy game. Meanwhile, the device manufacturers assure us they’re all about privacy. So, before your air fryer becomes a spy, be careful you’re not cooking up some data leaks. 

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.