The CyberWire Daily Podcast 12.17.24
Ep 2211 | 12.17.24

The cost of peeking at U.S. traffic.

Transcript

The Biden administration takes its first step to retaliate against China for the Salt Typhoon cyberattack. The Feds release a draft National Cyber Incident Response Plan. Telecom Namibia suffers a cyberattack. The Australian Information Commissioner has reached a $50 million settlement with Meta over the Cambridge Analytica scandal. CISA releases its 2024 year in review. LastPass hackers nab an additional five millions dollars. Texas Tech University notifies over 1.4 million individuals of a ransomware attack. Researchers discover a new DarkGate RAT attack vector using vishing. A fraudster gets 69 months in prison. On our Threat Vector segment, David Moulton speaks with Nir Zuk, Founder and CTO of Palo Alto Networks about predictions for 2025. Surveillance tweaks our brains in unexpected ways.

Today is Tuesday December 17th 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

The Biden administration takes its first step to retaliate against China for the Salt Typhoon cyberattack. 

The Biden administration has taken its first step to retaliate against China for the Salt Typhoon cyberattack by banning China Telecom’s remaining U.S. operations, citing national security risks. This follows a broader Chinese hack that infiltrated U.S. telecommunications networks, compromising sensitive data and exposing U.S. surveillance targets.

While largely symbolic, the Commerce Department’s move addresses China Telecom’s ability to “peer in” on traffic, an issue left unresolved since the FCC revoked its phone licenses in 2021. However, officials admit the action may not deter China’s advanced cyberoperations, such as Volt Typhoon, which planted malicious code in critical infrastructure.

Incoming Trump officials, including Mike Waltz, advocate for offensive cyber responses to impose higher costs on China and prevent further escalation. Meanwhile, China’s penetration remains unresolved, with hackers gaining access to wiretap targets and potentially voice calls.

The Biden administration created a task force to tackle the breach, meeting daily with telecom executives, but its delayed public response reflects concerns over embarrassment and exposing ongoing investigations. Biden reportedly addressed the issue with President Xi Jinping in November, though specifics remain unclear.

The Feds release a draft National Cyber Incident Response Plan. 

The U.S. government has released a draft National Cyber Incident Response Plan (NCIRP), updating the 2016 version to address evolving cyber threats, policies, and capabilities. The Cybersecurity and Infrastructure Security Agency (CISA) is soliciting public feedback until January 15, 2025.

The NCIRP outlines a flexible framework for federal, state, and local government coordination with private sector organizations during significant cyber incidents, categorized as Level 2 or higher in severity. It focuses on four key areas of response:

1. Asset Response: Led by CISA, providing technical assistance to mitigate vulnerabilities and reduce cascading effects.

2. Threat Response: Managed by DOJ and FBI, focusing on investigations, evidence collection, and threat disruption.

3. Intelligence Response: Led by the Office of the Director of National Intelligence to build awareness and share threat intelligence.

4. Affected Entity Response: Ensuring operational continuity, with the federal government playing a limited role for private entities.

CISA emphasizes the plan is not a step-by-step guide but a flexible structure for collaboration. Additional planning documents and regular updates will be developed to address emerging needs.

Telecom Namibia suffers a cyberattack. 

Telecom Namibia suffered a cyberattack on December 11, 2024, resulting in the leak of over 400,000 customer files. The ransomware group Hunters International exfiltrated 626.3GB of data, including personal identification, addresses, and banking details, later leaking the information when ransom demands were unmet. Telecom Namibia’s CEO, Stanley Shanapinda, assured the public of efforts to contain the breach and strengthen cybersecurity. The Communications Regulatory Authority of Namibia (Cran) and NAM-CSIRT are assisting in mitigating the attack’s impact. 

The Australian Information Commissioner has reached a $50 million settlement with Meta over the Cambridge Analytica scandal. 

The Australian Information Commissioner has reached a $50 million settlement with Meta Platforms, Inc. over privacy breaches related to the Cambridge Analytica scandal. The settlement follows court-ordered mediation stemming from civil penalty proceedings that began in 2020.

The scheme will offer two tiers of compensation: a base payment for general concerns and a higher tier for individuals who prove specific loss or damage. An independent third-party administrator will oversee the program, expected to begin in Q2 2025.

CISA releases its 2024 year in review. 

CISA has issued a warning about CVE-2024-35250, an actively exploited Windows Kernel-Mode Driver vulnerability that enables privilege escalation to SYSTEM level. Initially disclosed by Microsoft in June 2024 with a CVSS score of 7.8, the flaw requires low privileges and no user interaction, making it highly exploitable. CISA has mandated remediation for federal agencies by January 6, 2025, under BOD 22-01.

Organizations are urged to apply Microsoft’s June patch or use mitigations like system isolation, firewalls, endpoint detection tools, and enforcing least privilege to reduce risk.

Additionally, The Cybersecurity and Infrastructure Security Agency (CISA) released its 2024 Year in Review, highlighting key accomplishments in advancing cybersecurity, protecting critical infrastructure, and addressing emerging threats. Throughout the year, CISA focused on building resilience through partnerships, innovation, and proactive measures. Areas of specific interest include:

Election Security

Cyber Threat Mitigation

Global Partnerships

Workforce Development

Emergency Communications

CISA underscored its commitment to collaboration, innovation, and accountability, positioning itself as a leader in securing critical systems that underpin the nation’s economy and daily life. The 2024 report reflects CISA’s ongoing mission to safeguard the United States against evolving cyber and infrastructure threats.

LastPass hackers nab an additional five millions dollars. 

Hackers linked to the 2022 LastPass breach have stolen an additional $5.36 million from 40 victims, pushing total crypto losses to $45 million. The attackers accessed users’ encrypted vault backups, exploiting private keys and seed phrases stored before 2023. Blockchain sleuth ZachXBT traced the stolen funds, swapped for Ether and sent to exchanges.

Security experts urge affected users to transfer assets immediately. The theft comes amid a spike in scams during the holiday season, dubbed “hacker season,” with warnings to avoid free Wi-Fi, sharing 2FA codes, and festive scams. Non-crypto funds have also been targeted, with $250 million stolen in May. Cybersecurity advocates stress vigilance as hackers aim to exploit the seasonal uptick in online activity and spending.

Texas Tech University notifies over 1.4 million individuals of a ransomware attack. 

Texas Tech University is notifying over 1.4 million individuals of a ransomware attack that targeted its Health Sciences Center and Health Sciences Center El Paso. The attackers accessed the network from September 17 to 29, 2024, exfiltrating personal and sensitive data, including names, Social Security numbers, driver’s license details, health insurance, medical records (diagnoses and treatment), and financial account information.

The Interlock ransomware group claimed responsibility, alleging theft of 2.5 terabytes of data, including medical research and SQL databases. Texas Tech also reported prior threats: in July, the Meow ransomware group offered SQL databases and website vulnerabilities for sale.

The university has filed breach reports with the U.S. Department of Health and Human Services and is offering free credit monitoring to affected individuals. 

Researchers discover a new DarkGate RAT attack vector using vishing. 

Researchers at Trend Micro discovered a new DarkGate RAT attack vector using vishing (voice phishing) via Microsoft Teams calls to gain remote access to a victim’s device. Initially, the attacker attempted to install Microsoft Remote Support, but when that failed, they manipulated the victim into downloading AnyDesk. Once connected, the attacker loaded suspicious files, including DarkGate, which enabled remote control, executed commands, and established a connection to a C2 server.

The multistage attack began with phishing emails, followed by a fake Teams call posing as external tech support. DarkGate, a sophisticated malware active since 2017, allows remote access, keylogging, cryptocurrency mining, and system data theft.

To mitigate such attacks, organizations should train employees on social engineering tactics, verify third-party support claims, whitelist approved remote tools, enable MFA, and block unvetted applications.

A fraudster gets 69 months in prison. 

The U.S. Justice Department sentenced Vitalii Antonenko, 32, to 69 months in prison for hacking, credit card theft, and money laundering. Arrested in 2019 at JFK Airport returning from Ukraine, Antonenko was found with hundreds of thousands of stolen payment card numbers. He belonged to a cybercrime group that exploited SQL injection vulnerabilities to steal data from organizations like a hospitality business and a research institution. The stolen data was sold on cybercrime marketplaces, and proceeds were laundered through cryptocurrency and cash transactions.

Next up we’ve got our biweekly Threat Vector segment giving you a preview of this week’s episode. Host David Moulton talks with Palo Alto Networks Founder and CTO Nir Zuk (Near Zook) about Palo Alto Networks' predictions for 2025, especially the shift to unified data security platforms and the growing importance of AI in cybersecurity. And, hear about turning paranoia into a full-time hobby.

 

Welcome back. You can catch new episodes of Threat Vector every Thursday on our website and on your favorite podcast app. You can find a link in our show notes. 

 

Surveillance tweaks our brains in unexpected ways. 

A new study shows that being watched—even by lifeless CCTV cameras—turns us into hyper-vigilant gaze detectors, as if we’re all starring in our own episode of Big Brother. Conducted by researchers at the University of Technology Sydney and published in Neuroscience of Consciousness, the study found that surveillance tweaks our brains in unexpected ways.

Participants under watchful eyes detected faces almost a second faster than their unobserved peers, suggesting an involuntary boost to our built-in threat-detection system. Lead researcher Associate Professor Kiley Seymour explains this heightened face-spotting ability evolved for survival—but surveillance may crank it up without us realizing.

While participants shrugged off concerns about being monitored, their brains had other plans. This hypersensitivity mimics patterns seen in social anxiety and psychosis, raising questions about the mental health impact of our surveillance-heavy society. So, the next time you catch yourself scanning for faces on a crowded street, blame Big Brother, not paranoia.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.