The CyberWire Daily Podcast 11.22.24
Ep 2196 | 11.22.24

A not so BASIC farewell.

Transcript

META details its efforts against pig butchering. The Salt Typhoon attack on major U.S. telecoms sparks interest from Congress. Microsoft dismantles 240 domains linked to the ONNX phishing-as-a-service platform. A major U.S. gambling and lottery provider suffers a cyberattack. Hackers exploit newly patched zero-days in Palo Alto Networks firewalls. Researchers say Fortinet VPN servers lack sufficient logging. A pilot program looks to improve security for small U.S. water utilities. Bitdefender warns of scammers using Black Friday-themed spam emails. Our guest is DataDome’s CEO and Co-founder, Benjamin Fabre, discussing how "Fake Accounts Threaten Black Friday Gaming Sales." A fond farewell for a true cyber innovator. 

Today is Friday November 22nd 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

META details its efforts against pig butchering. 

Pig butchering scams have escalated into a global crisis, with organized crime syndicates forcing trafficked individuals to run scams from compounds in Southeast Asia and the UAE. Meta, for the first time, has detailed its efforts to combat this activity. The company has worked with law enforcement and NGOs, taking down over 2 million accounts linked to scam operations this year. However, researchers criticize Meta for being slow to address its platforms’ role in enabling scams.

The term “pig butchering” refers to scammers grooming victims through social media, messaging apps, or dating platforms, persuading them to invest in fake opportunities. Victims have collectively lost around $75 billion. Meanwhile, trafficked individuals—many lured by fraudulent job ads—are held in compounds and forced to scam under threats of violence. Over 200,000 people from more than 60 countries have been subjected to this exploitation.

Meta acknowledges that pig butchering is an evolving, well-funded threat, with criminals leveraging tools like AI to evade detection. Scammers use AI to generate messages, create deepfakes, and translate scripts to target victims globally. In one case, OpenAI flagged accounts using ChatGPT for scam activities, leading Meta to shut them down.

While Meta has increased account takedowns and safety measures, the scale of scams persists. Researchers argue that tech companies must do more to proactively address scammers exploiting their platforms, as moderation often fails to catch deceptive content in time.

The Salt Typhoon attack on major U.S. telecoms sparks interest from Congress.  

Chinese hackers, identified as “Salt Typhoon,” executed a far-reaching breach of U.S. telecommunications systems, exposing vulnerabilities and accessing sensitive communications, including those of political figures. The breach, linked to Chinese intelligence, targeted systems used for lawful wiretapping and exploited outdated equipment across major carriers like AT&T, Verizon, and T-Mobile. Hackers could monitor calls, read unencrypted texts, and gather metadata, raising national security concerns. However, they couldn’t access encrypted communications like iMessage or Signal.

Senator Mark Warner described the breach as the most severe telecom hack in U.S. history, exceeding the scale of SolarWinds or Colonial Pipeline incidents. The breach’s full extent remains unclear, as investigators believe hackers may still be embedded in U.S. systems. Warner urged transparency and stronger cybersecurity standards to address critical vulnerabilities.

The hack has reignited calls for reforming the Communications Assistance for Law Enforcement Act (CALEA) to mandate robust cybersecurity requirements. While the FCC has authority to enforce such standards, action has been delayed. Intelligence agencies are investigating potential exposure of sensitive surveillance systems, with officials warning of the significant risks posed by the intrusion.

Microsoft dismantles 240 domains linked to the ONNX phishing-as-a-service platform. 

Microsoft has dismantled 240 domains linked to ONNX, a phishing-as-a-service platform targeting Microsoft 365 and other tech companies since 2017. Known for high-volume phishing campaigns, ONNX facilitated attacks using “do-it-yourself” kits sold on Telegram for $150 to $550 per month. The phishing kits included features like two-factor authentication (2FA) bypass and targeted tech firms such as Google, Dropbox, and Microsoft.

ONNX attackers also employed advanced tactics like QR code phishing (quishing), which exploited victims’ mobile devices and evaded traditional detection methods. These campaigns targeted financial sector employees and used encrypted JavaScript to evade anti-phishing scanners.

Operations ceased in June 2024 after researchers identified ONNX’s owner, Abanoub Nady. Through a court order, Microsoft redirected ONNX’s infrastructure, cutting off access and deterring future attacks. This follows similar actions by Microsoft against Russian hackers and other cybercrime operations in recent years.

A major U.S. gambling and lottery provider suffers a cyberattack. 

International Game Technology (IGT), a major U.S. gambling and lottery provider, suffered a cyberattack causing significant disruptions. The company took systems offline as a precaution and is investigating while working to restore operations. It has implemented workarounds to continue servicing customers but has not yet assessed financial impacts. IGT, with over 11,000 employees and $1.9 billion in 2023 revenue, provides lottery, gambling machine, and sports betting technology. While no group has claimed responsibility, ransomware has increasingly targeted casinos and lotteries.

Hackers exploit newly patched zero-days in Palo Alto Networks firewalls. 

Hackers have exploited two newly patched zero-day vulnerabilities in Palo Alto Networks firewalls, compromising approximately 2,000 devices globally. The flaws include an authentication bypass (CVE-2024-0012) and a privilege escalation (CVE-2024-9474), allowing attackers to gain administrator and root access. Palo Alto Networks has observed malware deployments and command execution via these exploits.

Though Palo Alto Networks acknowledges the flaw affecting a “limited number” of devices, Shadowserver has identified over 2,700 vulnerable systems. CISA added these flaws to its Known Exploited Vulnerabilities Catalog, requiring federal agencies to patch firewalls by December 9.

Researchers say Fortinet VPN servers lack sufficient logging. 

A design flaw in Fortinet VPN servers allows attackers to verify credentials during brute-force attacks without logging successful attempts, concealing compromised logins. Researchers from Pentera discovered that FortiClient VPN logs only failed login attempts during the authentication stage, while successful logins are recorded in the subsequent authorization phase. By halting the process after authentication, attackers can validate credentials without detection.

Though failed attempts alert admins to brute-force activity, the lack of logs for successful logins poses a significant risk, enabling attackers to exploit credentials later. Fortinet has not classified this issue as a vulnerability, leaving it unclear if a fix will be implemented.

A pilot program looks to improve security for small U.S. water utilities. 

The University of Chicago’s Cyber Policy Initiative (CPI), DEF CON, and the National Rural Water Association (NRWA) have launched a pilot program, DEF CON Franklin, to improve cybersecurity for small U.S. water utilities. Six utilities across Utah, Vermont, Indiana, and Oregon will partner with volunteer cybersecurity experts to assess and strengthen their defenses. This initiative addresses the vulnerabilities of 91% of U.S. community water systems, which serve fewer than 10,000 people and often lack resources for cybersecurity.

Cyberattacks on water infrastructure are escalating, with incidents linked to Chinese (Volt Typhoon), Iranian, and Russian actors compromising critical systems. DEF CON Franklin’s tailored, volunteer-driven approach aims to provide scalable, cost-effective solutions to safeguard the nation’s water sector. This effort follows EPA warnings that 70% of U.S. water systems fail to meet basic cybersecurity standards.

Bitdefender warns of scammers using Black Friday-themed spam emails. 

Bitdefender warns that 77% of Black Friday-themed spam emails in 2024 are scams, marking a 7% increase from 2023 and a 21% rise from 2022. These scams often aim to steal personal data, banking information, or money through phishing emails, fake purchases, or malware like banking trojans. The U.S. is the top target, receiving 38% of Black Friday spam, while Europe accounts for 44%, with Germany and France heavily affected.

Scammers have tailored their tactics to various demographics, using fake brand impersonations and region-specific offers. Examples include trojan-laden emails targeting Spanish tech enthusiasts, phishing campaigns advertising discounted Ray-Ban sunglasses, and survey scams impersonating UK retailers like Tesco and Costco.

To avoid scams, users should verify email sources, avoid clicking unsolicited links, use security tools, and approach surveys with caution.

As next week is Black Friday, we are joined by DataDome’s CEO and Co-founder, Benjamin Fabre sharing some things to keep in mind before the shopping frenzy begins. And, we pay tribute to the father of BASIC. We’ll be right back.

 

A fond farewell for a true cyber innovator. 

Thomas E. Kurtz, a visionary mathematician, transformed the world of computing with his invention of BASIC, the Beginner’s All-Purpose Symbolic Instruction Code. Dr. Kurtz, who recently passed away at 96, sought to make computers accessible to students beyond math and engineering, alongside colleague John Kemeny. In the early 1960s, when computers were vast and esoteric, they pioneered the Dartmouth Time-Sharing System, enabling multiple users to access a single machine simultaneously.

BASIC occupies a unique and often underappreciated place in the history of computing. While modern programmers may look down on it as simplistic or outdated, BASIC was revolutionary in its time, democratizing access to programming and sparking a passion for coding in countless beginners. Its straightforward commands—“RUN,” “PRINT,” “STOP”—invited curiosity and creativity, making the complex world of computing approachable for students, hobbyists, and future tech leaders like Bill Gates. BASIC’s simplicity was its strength; it removed barriers, proving that programming didn’t have to be intimidating. Though today’s sophisticated languages power cutting-edge applications, BASIC’s legacy is profound—it opened the door to personal computing and laid the foundation for generations of innovation, reminding us that accessibility often drives the greatest breakthroughs.

Dr. Kurtz’s vision extended beyond technology; he believed in empowering everyday individuals with tools for exploration and creativity. His legacy lives on in modern programming education and technologies like cloud computing. His contributions remain foundational, ensuring computing is not just for the few but for everyone.

For me personally, I can honestly say I would probably not be doing what I do today professionally were it not for having crossed paths with those early 8-bit computers and the creativity they sparked in me as a young teen. 

So thank you Dr. Kurtz, and warm condolences to all who knew and loved him. 

And that’s the CyberWire. 

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.