The CyberWire Daily Podcast 11.14.24
Ep 2190 | 11.14.24

Eavesdropping on America’s eyes and ears.

Transcript

The Feds confirm Chinese penetration of U.S. telecom wiretap systems. Anne Neuberger outlines top cybersecurity challenges facing the upcoming Trump administration. Former Air National Guardsman Jack Teixeira gets a 15-year prison sentence for leaking classified U.S. military documents. A Chinese national faces up to 20 years in prison after pleading guilty to money laundering for “pig-butchering” scams. Researchers say a popular pregnancy app has serious, unaddressed security vulnerabilities. NIST misses its deadline for clearing the NVD backlog. A B2B demand generation company confirms a leak affecting 122 million people. HHS warns healthcare organizations to be on the lookout for Godzilla. Moody’s designates the industries at highest risk of cyber attack. Guest Sarah Hutchins, Partner at Parker Poe, discusses the growing number of state data privacy laws. An AI grandma keeps scammers on the line.

Today is Thursday November 14th 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

The Feds confirm Chinese penetration of U.S. telecom wiretap systems. 

The U.S. government has confirmed a Chinese-linked hacking campaign breached several major U.S. telecom providers, giving hackers access to wiretap systems used by law enforcement. In a joint statement, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI called this breach “broad and significant.” Hackers reportedly accessed networks for months, collecting internet traffic and intercepting call records of targeted individuals, many of whom were involved in government or politics. According to reports, affected providers include AT&T, Lumen, and Verizon, though the agencies did not confirm specific names. The group, known as “Salt Typhoon,” allegedly copied data subject to U.S. court orders for wiretaps. While CISA and the FBI continue to provide technical support to affected organizations, they urge any companies that might suspect similar breaches to contact local FBI or CISA offices to help prevent further compromise and bolster cyber defenses.

Anne Neuberger outlines top cybersecurity challenges facing the upcoming Trump administration. 

Yesterday, Anne Neuberger, White House cyber adviser, outlined top cybersecurity challenges facing the upcoming Trump administration, focusing on China, ransomware, and cryptocurrency. At Columbia University, Neuberger emphasized the escalation of China’s cyber activities, including “pre-positioning” in critical U.S. infrastructure—potentially setting up future disruptions. She also addressed ransomware gangs, noting their significant disruption and reliance on cryptocurrencies, which facilitate ransom payments and fuel global cybercrime.

Neuberger praised the Biden administration’s cybersecurity strategy, including minimum cyber standards across industries like pipelines, railways, and aviation, achieved through collaboration with industry leaders. Now, 100% of critical pipelines meet TSA cybersecurity requirements.

Cryptocurrency remains a contentious issue, funding rogue governments and ransomware attacks. Neuberger warned that the Trump administration must tackle crypto regulation, given its role in global cyber threats. She also noted the Supreme Court’s Chevron decision could impact future cyber regulations. Despite political divides, cybersecurity remains largely bipartisan, allowing for a smoother policy transition.

Former Air National Guardsman Jack Teixeira gets a 15-year prison sentence for leaking classified U.S. military documents. 

Jack Teixeira, a former Air National Guardsman, received a 15-year prison sentence for leaking classified U.S. military documents online. As an IT specialist at a Massachusetts base, Teixeira shared sensitive information on a Discord server focused on gaming and guns. The leaked documents, which eventually spread online, revealed U.S. and allied military activities, strategies in Ukraine, Middle East operations, and intelligence-gathering methods. Teixeira initially memorized details, then escalated to printing classified documents to impress online friends. His actions, driven by ego rather than espionage, went undetected despite red flags until Discord provided his information to investigators. Following his arrest, the incident prompted disciplinary actions against 15 Air National Guard leaders and led the U.S. Air Force to tighten classified data access protocols. FBI Director Christopher Wray emphasized this case as a warning to those handling national defense information.

A Chinese national faces up to 20 years in prison after pleading guilty to money laundering for “pig-butchering” scams.

Chinese national Daren Li faces up to 20 years in prison after pleading guilty to laundering over $73 million from “pig-butchering” scams, a fraud involving relationship-based cryptocurrency schemes. Li, 41, led a money-laundering network, creating 74 shell companies to funnel victims’ funds, converting them into Tether (USDT) for redistribution. Arrested in April, Li’s case is part of a broader investigation into organized Southeast Asian criminal groups linked to rising U.S. crypto fraud, which totaled nearly $4 billion in 2023.

Researchers say a popular pregnancy app has serious, unaddressed security vulnerabilities. 

Reportedly, popular pregnancy app What to Expect has serious, unaddressed security vulnerabilities that could lead to full account takeovers, exposing sensitive reproductive health information. Security researcher Ovi Liber revealed that an exposed API endpoint without authentication or rate limiting allows for easy brute-force attacks on account password resets. The app also exposes email addresses of community forum administrators, increasing users’ risk of targeted harassment. Despite efforts to notify What to Expect since October, Liber received no response, raising ethical concerns about the company’s commitment to user security. Liber stresses that when app owners ignore responsible disclosure, researchers may need to alert users and the security community to ensure their protection. This follows Liber’s earlier report of a similar vulnerability in the fertility app Glow, which was later addressed. What to Expect has not commented.

NIST misses its deadline for clearing the NVD backlog. 

NIST announced it’s working through a large backlog of over 18,000 vulnerabilities in the National Vulnerability Database (NVD) but missed its original goal of clearing it by September 30. Despite hiring more analysts and addressing all Known Exploited Vulnerabilities (KEV), NIST struggled due to incompatible data formats from Authorized Data Providers (ADPs). NIST is developing new systems to streamline data processing and pledged to provide updates on further progress, though it hasn’t set a new deadline for clearing the entire backlog.

A B2B demand generation company confirms a leak affecting 122 million people. 

A massive leak of business contact information for 122 million people was confirmed to have originated from DemandScience, a B2B demand generation company. This data includes names, email addresses, phone numbers, job titles, and social media links, aggregated from public sources and third parties. The dataset was first sold by the hacker “KryptonZambie” in February 2024, who later made it available for free on a hacking forum. DemandScience initially denied any breach but later acknowledged that the data came from a decommissioned system. Security researcher Troy Hunt verified the data’s authenticity and added all affected email addresses to Have I Been Pwned, allowing impacted individuals to receive notifications. DemandScience maintains that none of its current systems were compromised but continues monitoring the situation.

HHS warns healthcare organizations to be on the lookout for Godzilla. 

The U.S. Department of Health and Human Services (HHS) has issued an urgent warning to healthcare organizations about the Godzilla webshell, a Chinese-backed cyber tool that enables attackers to manipulate files, execute commands, and evade detection using advanced encryption. Publicly available on GitHub and actively maintained, Godzilla is a significant risk to healthcare systems, potentially leading to ransomware attacks that could compromise sensitive health data and disrupt hospital operations. The American Hospital Association (AHA) emphasized the threat’s severity, noting the high frequency of cyberattacks in the healthcare sector. HHS advises healthcare entities to adopt a multi-layered defense strategy, apply software updates—especially to systems like Zoho’s ADSelfService Plus—and review Cybersecurity Performance Goals to bolster defenses. Although no direct cases have been reported yet, security officials stress that vigilance and proactive measures are essential.

Moody’s designates the industries at highest risk of cyber attack. 

Moody’s has assigned a “very high” cyber risk rating to the telecommunications, airline, and power generation sectors due to increasing digitization and weak cybersecurity practices. These industries collectively face $7.1 trillion in debt. Telecommunications, notably vulnerable, has seen major breaches, including attacks on AT&T, Lumen, and Verizon by China’s Salt Typhoon group. Airlines’ cyber risk rose after a CrowdStrike software update failure exposed their reliance on tech. Other sectors, including automotive, education, manufacturing, energy, and ports, also saw risk levels increase to “high.”

Today’s guest Sarah Hutchins, Partner at Parker Poe, is an excerpt from our latest Caveat episode. Sarah and I discuss the growing number of state data privacy laws. We’ll be right back

Welcome back. You can listen to Sarah’s full conversation including her highlights of litigation trends related to targeted advertising and wiretapping, and key takeaways for companies on cybersecurity practices and risk reporting on today’s Caveat episode. The link is in our show notes. 

An AI grandma keeps scammers on the line. 

UK telecommunications provider Virgin O2’s has a new anti-fraud team member. “Daisy,” is a clever AI with the personality of a chatty grandma, designed to keep scammers busy with rambling conversations to waste their time. Officially dubbed “Head of Scammer Relations,” Daisy keeps fraudsters on the line with tales of family drama and knitting tips, all while helping real customers avoid being scammed. 

Let’s have a listen…

Developed with help from YouTube’s scambaiter Jim Browning, Daisy is part of O2’s “Swerve the Scammers” initiative aimed at fighting the UK’s fraud epidemic.

While Daisy keeps scammers occupied, O2 is urging the public to report suspicious calls and texts to 7726, helping them block and track fraudsters. Reality star Amy Hart, a scam survivor, has joined the campaign to raise awareness. O2 is also calling for the government to tackle fraud more aggressively by appointing a fraud minister and creating a national body to combat scams.

Scammers beware: Daisy’s got all the time in the world, and she’s more than willing to discuss her favorite fictional grandkids.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.