The CyberWire Daily Podcast 11.27.24
Ep 2199 | 11.27.24

Grappling with a ransomware attack.

Transcript

Blue Yonder continues to grapple with ransomware attack. AI-powered scams surge this shopping season. Gaming engine exploited to deliver malware. Chinese hackers ride the router wave. TikTok’s beauty filter ban. Redefining cybersecurity education for the future. On our Industry Voices segment, Dave sits down with Damon Fleury, SpyCloud’s Chief Product Officer to discuss defending against what criminals know about you and the role of holistic digital identity in cyber defense. And when do cyber criminals start their holiday scheming?

Today is November 27th, 2024 I’m Maria Varmazis, host of the T-Minus Space Daily podcast, in for Dave Bittner. And this is your CyberWire Intel Briefing.

Quick programming note: our team is taking the next two days off to stuff ourselves with turkey, cranberry sauce, and pumpkin pie and then recover and eat more of the same as leftovers, and do a bit of shopping. We will be back in your inboxes and on your favorite podcast apps on Monday, December 2nd. Cheers!

Blue Yonder continues to grapple with ransomware attack.

Following up on a story we’ve been monitoring, as we noted yesterday, Starbucks is among the companies disrupted by a ransomware attack on supply chain management software provider Blue Yonder. The coffee chain is using manual processes for employee payments.

Security researcher Kevin Beaumont (@GossiTheDog) said in a post on Mastodon that the attackers "got into [Blue Yonder's] Private Cloud environment at hypervisor level, deleted the DR and backup storage, then encrypted all 5 datacenters." The company hasn't confirmed these details.

Blue Yonder says it's "continuing to work around the clock, together with our external cybersecurity firms, to safely restore systems, resulting in steady progress," but the company does "not have a timeline for restoration." 

Advanced Cyberthreats Targeting Holiday Shoppers (FortiGuard Labs) 

Black Friday Gets a Fakeover: Fake Stores Spike 110% by Using LLMs this Holiday Shopping Season (Netcraft)

AI-powered scams surge this shopping season.

As we are in the midst of peak holiday shopping time aka Cyber Week, cybercriminals are intensifying their efforts to exploit online consumers through advanced tactics. Fortinet's FortiGuard Labs reports a surge in AI-driven phishing schemes, where attackers utilize generative AI models like ChatGPT to craft convincing emails and clone legitimate websites, aiming to steal sensitive information. Additionally, there's an increase in holiday-themed domains mimicking trusted retailers, luring shoppers with fraudulent offers.

Netcraft highlights a 110% rise in fake online stores between August and October 2024, with many employing Large Language Models (LLMs) to generate authentic-looking product descriptions. These fake stores often use platforms like SHOPYY to create convincing storefronts, targeting U.S. shoppers with counterfeit or non-existent products.

To mitigate these threats, consumers should verify website URLs, use secure payment methods, and avoid deals that seem too good to be true. Be vigilant and use proactive security practices as you navigate the heightened cyber risks during this peak shopping period. Buyer beware! 

Gaming engine exploited to deliver malware.

Researchers at Check Point have published a report on a new malware delivery technique exploiting the open-source game engine Godot Engine. The researchers explain, "Godot Engine provides an execution environment for GDScript, enabling game developers to create game-play logic, control scenes, and interact with game objects. GDScript includes most modern language features, including object support and multi-threading. Threat actors take advantage of Godot engine and GDScript, which use this new technique to execute malicious code, download malware, and deploy it while remaining undetected. As GDScript is a fully functional language, it offers threat actors many functionalities, from Anti-Sandbox and Anti-VM to executing remote payloads. Threat actors maliciously craft GDScript code and then load it with a loader utilizing the Godot Engine."

The threat actor behind the GodLoader malware loader has used this technique to infect more than 17,000 machines since June 29th, 2024. The technique is currently undetected by almost all antivirus engines in VirusTotal, and can be used to target Windows, macOS, Linux, Android, and iOS.

Brandon’s joke: Turns out Godot did arrive—just as malware. Beckett will be facepalming right about now. Godot was supposed to bring salvation, not ransomware.” 

T-Mobile Engineers Spotted Hackers Running Commands on Routers (Bloomberg Law)  

Chinese hackers ride the router wave.

T-Mobile engineers recently detected unauthorized activity on their network routers, identifying hackers executing commands within the system. This breach is part of a broader cyber-espionage campaign, dubbed Salt Typhoon, attributed to Chinese state-sponsored actors. The attackers exploited vulnerabilities in Cisco Systems routers, enabling them to access sensitive communication records, including call logs and unencrypted texts of high-profile targets. T-Mobile has stated that their systems and customer data do not appear to have been significantly impacted. 

TikTok will block beauty filters for teens over mental health concerns (The Verge)

Australia passes bill banning social media for children under 16 (The Washington Post)

TikTok’s beauty filter ban.

TikTok is implementing age restrictions on certain beauty filters to address mental health concerns among teenage users. Filters that significantly alter appearance, such as those that smooth skin or slim faces, will be restricted for users under 18. The company will also expand filter descriptions to clarify the changes they make. However, filters that are clearly humorous, like adding animal ears, are excluded from these restrictions. This move responds to findings by Internet Matters, which highlighted the negative impact of beauty filters on teens, who often feel pressured to conform to unrealistic beauty standards. Additionally, TikTok will roll out new resources in 13 European countries to connect users reporting harmful content with local helplines. TikTok emphasized its commitment to user safety and announced efforts to improve detection of underage accounts using advanced machine learning technologies. 

Going hand in hand with that, Australia is advancing a bill to ban children under 16 from using social media platforms, requiring age verification and imposing hefty fines on companies for non-compliance, amidst mixed reactions from parents, tech companies, and youth advocates.

CISA debuts new cybersecurity training platform (Federal News Network) 

Redefining cybersecurity education for the future.

The Cybersecurity and Infrastructure Security Agency (CISA) has launched "CISA Learning," a modernized training platform designed to enhance cybersecurity education for both its internal staff and external partners. This platform replaces the previous Federal Virtual Training Environment (FedVTE), offering a unified system that provides courses on topics such as cloud security, ethical hacking, risk management, and malware analysis. CISA Learning aims to serve as a comprehensive resource for the broader federal workforce, veterans, and other stakeholders, reflecting CISA's commitment to sharing its expertise and resources to bolster national cybersecurity capabilities.

African cybercrime crackdown culminates in 1,006 captured and cuffed (The Record)

A cybercrime safari nets over 1,000 arrests.

In a significant crackdown on cybercrime, Interpol and Afripol's Operation Serengeti led to the arrest of 1,006 suspects across 19 African countries between September and October 2024. The operation targeted various cyber offenses, including ransomware, business email compromise, and online scams, uncovering losses exceeding $190 million and identifying over 35,000 victims. Notable cases include the dismantling of a $6 million Ponzi scheme in Senegal and the apprehension of individuals in Kenya linked to an $8.6 million banking fraud. This initiative underscores the growing sophistication of cyber threats and highlights the importance of international collaboration in combating cybercrime.

Coming up on our Industry Voices segment,SpyCloud’s Chief Product Officer Damon Fleury  joins Dave to discuss defending against what criminals know about you and the role of holistic digital identity in cyber defense. We’ll be right back.

Today, on our Industry Voices segment, we are joined by SpyCloud’s Chief Product Officer Damon Fleury, who sits down with Dave to discuss defending against what criminals know about you and the role of holistic digital identity in cyber defense.

We hope you enjoyed our latest Industry Voices segment featuring Damon Fleury and Dave Bittner, diving into how criminals exploit what they know about you and exploring the vital role of holistic digital identity in strengthening cyber defenses.

Our very own Liz Stokes wraps up today's show with a fan-favorite segment: Fun Fact Fridays! Every Friday, Liz dives into fascinating and fun tidbits about cybersecurity (and space) that are sure to inform and entertain. This week, we’re getting a jump on the holiday season as Liz uncovers how cybercriminals start plotting their holiday schemes a little earlier than you might think.

If you enjoyed this week’s fun fact, there’s plenty more where that came from! Head over to our YouTube page to explore Liz's library of entertaining and insightful videos. Don’t miss out—check it out

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.