The CyberWire Daily Podcast 11.6.24
Ep 2185 | 11.6.24

That’s a wrap on election day.

Transcript

Election day wrap-up. The FBI issues a warning about cybercriminals selling government email credentials. Google issues an emergency update for Chrome. An Interpol operation nets dozens of arrests and IP takedowns. Microchip Technology disclosed $21.4 million in expenses related to a cybersecurity breach. Ransomware makes a Georgia hospital revert to paper records. South Korea fines Meta $15 million over privacy violations. A cyberattack disables panic alarms on British prison vans. A small city in Kansas recovers from a devastating pig butchering scheme. Our guest today is Javed Hasan [JAH-ved hah-SAHN], CEO and Co-Founder of Lineaje [lineage], discussing the growing risks within open source ecosystems. Sending data down the compressed air superhighway.

Today is Wednesday November 6th 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Election day wrap-up. 

Donald Trump won the U.S. presidential election yesterday, and so will be headed back to the White House in January. In his previous term, Trump emphasized bolstering U.S. cyber defenses but took a somewhat fragmented approach, disbanding the White House Cybersecurity Coordinator role and leaving certain interagency efforts decentralized. Under the Biden administration, however, cybersecurity took on new urgency with major investments in critical infrastructure protections, zero-trust architecture, and public-private partnerships. With Trump back in office, we might expect a pivot, possibly rolling back some regulatory elements or shifting priorities toward a more streamlined, business-friendly cybersecurity policy. But as threats evolve — especially with increased ransomware incidents and foreign cyber influence campaigns — Trump’s administration will face new pressure to sustain the resilience and innovations introduced in recent years. Time will tell.

CISA reported no credible threats against U.S. voting infrastructure during Election Day, with only minor, anticipated disruptions observed. CISA Director Jen Easterly confirmed that no evidence indicated malicious interference with election security or integrity. Despite former President Trump’s claims of fraud in swing states like Michigan and Pennsylvania, Easterly and senior CISA advisor Cait Conley stated that no data supported these allegations.

The most significant disruption involved false bomb threats in multiple swing states, including nearly 40 in Georgia, which officials traced to Russian email domains. However, Easterly cautioned that the origin of these threats is still under investigation and that Russia’s involvement is not confirmed. Additionally, the FBI was targeted in disinformation campaigns, leading it to debunk false election-related claims involving its name. CISA anticipates issuing a statement soon on the resilience of U.S. election infrastructure as the certification process continues.

The FBI issues a warning about cybercriminals selling government email credentials. 

The FBI has issued a warning about a surge in cybercriminals selling high-quality government email credentials and related instructions on cybercrime forums. These credentials, often sold with stolen subpoena documents, enable attackers to pose as law enforcement and send fraudulent emergency data requests to bypass traditional security checks. These scams can facilitate espionage, data extortion, or ransomware attacks.

The FBI noted this trend began over a year ago, evolving from basic phishing scams to sophisticated credential sales across 25 countries. Recent incidents include attackers simulating urgent law enforcement requests, exploiting pressure tactics to elicit sensitive data quickly.

To mitigate these risks, the FBI advises organizations to enhance security protocols, such as monitoring third-party connections, enforcing two-factor authentication, and adopting critical thinking before responding to urgent data requests. Attackers often rely on rushed responses, so verifying request legitimacy can prevent falling victim to these scams.

Google issues an emergency update for Chrome. 

Google has issued an emergency update for Chrome, addressing two high-severity vulnerabilities—CVE-2024-10826 and CVE-2024-10827—related to use-after-free bugs in the Family Experiences and Serial components. These vulnerabilities could allow attackers to execute malicious code on affected systems, posing risks of unauthorized access or complete system compromise. The patch, which brings Chrome to version 130.0.6723.116 (or 130.0.6723.117), was released on November 5, 2024, for Windows, Mac, and Linux users. Google strongly advises users to update immediately to protect against these security threats.

An Interpol operation nets dozens of arrests and IP takedowns. 

Interpol’s Operation Synergia II, conducted from April to August 2024, resulted in 41 arrests and the dismantling of over 1,000 servers involved in cybercrime across 95 countries. With intelligence support from cybersecurity firms like Group-IB and Kaspersky, the operation identified over 30,000 suspicious IP addresses, with 76% of these taken offline. Authorities seized 59 servers and 43 electronic devices for further investigation, and another 65 individuals are under scrutiny for cyber-related activities.

Highlights include actions in Hong Kong, where 1,037 servers were taken down, and in Mongolia, where 21 house searches led to a server seizure. The operation targeted phishing, ransomware, and information-stealer malware, which are top threats. Interpol noted a rise in generative AI being used for phishing and that information stealers often serve as entry points for ransomware, which surged by 70% last year.

Microchip Technology disclosed $21.4 million in expenses related to a cybersecurity breach. 

Microchip Technology disclosed $21.4 million in expenses related to a cybersecurity breach in its latest financial report. The incident, discovered in August, disrupted some of Microchip’s manufacturing facilities. The Play ransomware group claimed responsibility, alleging they stole gigabytes of sensitive data, including client documents and employee information. Microchip did not pay a ransom, and the hackers have since leaked a 4 GB archive reportedly containing payroll, accounting, and contract information. By early September, Microchip had restored most operations and confirmed the data breach.

Ransomware makes a Georgia hospital revert to paper records. 

Memorial Hospital and Manor in Bainbridge, Georgia, was hit by a ransomware attack, disabling access to its Electronic Health Record system. Discovered early Saturday, the attack forced staff to revert to paper-based records but reportedly did not impact patient care. The Embargo ransomware group claimed responsibility, threatening to release 1.15 terabytes of stolen data unless a ransom is paid by November 8. Embargo, a new ransomware-as-a-service group, uses double extortion tactics, demanding ransom and threatening data leaks if unpaid.

South Korea fines Meta $15 million over privacy violations. 

South Korea’s privacy watchdog fined Meta $15 million for illegally collecting and sharing sensitive data, including political views, sexual orientation, and religious beliefs, from approximately 980,000 Facebook users. Meta reportedly shared this data with around 4,000 advertisers without obtaining explicit user consent, violating strict South Korean privacy laws. The investigation revealed that Meta used data on user activities to infer sensitive information, flagged as a serious breach. Alongside unauthorized data sharing, Meta’s inadequate security measures left accounts vulnerable to hacking, allowing attackers to exploit inactive pages for identity theft. This fine adds to Meta’s recent penalties worldwide for privacy violations, highlighting increasing regulatory scrutiny. Meta stated it would “carefully review” the decision but has not clarified if it will appeal. 

A cyberattack disables panic alarms on British prison vans. 

A recent cyberattack on telematics firm Microlise has temporarily disabled critical tracking and panic alarm systems on British prison vans operated by Serco for the Ministry of Justice. While there’s no evidence that anyone has tried to exploit the situation, the incident highlights the potential risks of supply chain vulnerabilities. Microlise informed the London Stock Exchange of the breach, later clarifying that while employee data may have been accessed, it’s confident customer systems remain secure. Recovery efforts are underway, with services expected to be back to normal by next week.

A small city in Kansas recovers from a devastating pig butchering scheme. 

The FBI has recovered $8 million from a $47 million cryptocurrency scam that severely impacted the small Kansas city of Elkhart. The scam, known as “pig butchering,” involved convincing Heartland Tri-State Bank CEO Shan Hanes to continually invest in a fake cryptocurrency, initially with his own money and later with embezzled funds from local entities, including the Elkhart Church of Christ. Hanes, using his trusted position, authorized massive wire transfers to the scammer. Despite staff concerns, he misled them about the transactions’ purpose. After a tip-off in July 2023, an investigation revealed losses exceeding the bank’s capitalization. Hanes was sentenced to over 24 years in prison. The recovered funds will be returned to local investors, offering some relief to the devastated community.

 

Up next, we’ve got CEO and Co-Founder of Lineaje (pronounced lineage) Javed Hasan (pronounced like it’s spelled jah-ved hassan) talking with me about the growing risks within open source ecosystems. We’ll be right back.

Welcome back.

Sending data down the compressed air superhighway. 

Remember pneumatic tubes? The 1850s invention propelled mail, packages, and even food through pipes using compressed air, and though it once seemed destined for futuristic transport (a la Futurama or Micronauts), it all but vanished in the 1900s with the rise of trucks and digital communication. But in an unexpected twist, pneumatic tubes are making a comeback, thanks to hospitals and even waste management. Hospitals now rely on advanced tube systems to zip around medical samples and medicines, leveraging automation and RFID tracking to boost efficiency. Meanwhile, Roosevelt Island in New York and even Walt Disney World have been using tubes to whisk away rubbish since the ‘70s — at an impressive 60mph! And the technology is expanding globally: Seoul, Barcelona, and Stockholm are using tubes for waste, reducing emissions by minimizing trash trucks. From farms to cannabis sorting, pneumatic tubes are quietly returning, proving that sometimes, old tech just needs a fresh twist to stay relevant.

Forget encrypted emails — if you really want privacy, maybe just blast your data through a pneumatic tube!

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.