Week in Review: IRS PIN available, AI ransomware group, UK ransomware ban

Fri Jan 17 2025

Link to This week’s Cyber Security Headlines – Week in Review is hosted by with guest , head of security, Thanks to our show sponsor, Dropzone.ai What if your SOC could handle 10x the alerts without burning out your team? automates Tier 1...

Summary

Cyber Security Headlines: Week in Review Summary

Hosted by CISO Series
Release Date: January 17, 2025
Episode: Week in Review: IRS PIN available, AI ransomware group, UK ransomware ban

Overview

In this episode of Cyber Security Headlines, the host Rich and returning guest Phil Beyer, Head of Security at Flex, delve into the most pressing cybersecurity stories of the week. Covering topics from IRS security measures to the latest developments in ransomware tactics, the discussion provides in-depth analysis, expert opinions, and actionable insights for information security professionals.

Key Stories Discussed

1. IRS Identity Protection PIN Now Available

Summary:
The IRS has relaunched its Identity Protection Personal Identification Number (IP PIN) program for the current filing season. This six-digit number is assigned annually to individual taxpayers to prevent fraudulent tax filings using stolen Social Security numbers (SSNs).

Discussion Highlights:

Purpose & Importance:
Rich explains that the IP PIN is designed to combat the increased threat of scammers filing tax returns with stolen SSNs, especially in light of a massive data breach exposing over 100 million SSNs.
Rich: "With over 100 million people's Social Security numbers exposed... this program is even more critical this year."
Effectiveness & Concerns:
Phil acknowledges the program’s potential benefits but expresses uncertainty about its effectiveness in deterring opportunistic criminals. He emphasizes that while the IP PIN adds a layer of security, it may not be foolproof against determined attackers.
Phil (03:27): "I'm not sure that it's any worse as much as just we should again continue to try to help IT support all this..."
Community Feedback:
Michael Vindig from the chat raises a concern about the need for a stronger, more secure national ID system to reduce identity-based attacks, aligning with Phil's thoughts on the limitations of current protections.

2. UK Mulling Public Sector Ransomware Payment Ban

Summary:
The UK Home Office has launched a consultation proposing a ban on ransomware payments by public sector entities, including hospitals, schools, and railways. The goal is to make these critical services less attractive targets by eliminating the potential financial gains from ransomware attacks.

Discussion Highlights:

Intent & Implementation:
Rich outlines that the proposed ban aims to protect essential services by discouraging ransomware attacks through policy and guidance on alternative response strategies.
Rich: "The proposal would also offer guidance to ransomware victims on how to respond and would also help block payments to known criminal groups..."
Expert Opinion:
Phil is skeptical about the ban's effectiveness, questioning the practicality of blocking crypto payments and highlighting the challenges in enforcing such measures. He points out that criminals might still find ways to transact outside sanctioned channels.
Phil (06:35): "Cryptocurrency is the vast majority of ransomware style payments and we can't really block those now when we know things are happening now."
Broader Implications:
The discussion touches on the historical challenges of deterring ransom-based crimes and the potential for the UK ban to inadvertently harm the very public services it aims to protect.
Rich: "Good luck stopping nation states with a payment ban."

3. New Ransomware Group Leverages AI

Summary:
A new ransomware group named Funk SEC has claimed responsibility for over 80 attacks in December 2024, utilizing AI to enhance their ransomware operations. The group operates on a ransomware-as-a-service (RaaS) model, engaging in double extortion and selling stolen data.

Discussion Highlights:

AI Integration in Ransomware:
Rich highlights the innovative use of AI by Funk SEC to develop more sophisticated ransomware tools, including a DDoS utility and an AI chatbot for data leaks.
Rich: "Using a rust based ransomware likely created with AI by inexperienced threat actors."
Defensive Strategies:
Phil emphasizes the need for CISOs to adopt proactive measures, including leveraging AI for defense to match the attackers' technological advancements. He advocates for resilience and defense-in-depth strategies to counter evolving threats.
Phil (09:47): "We have to be able to defend against something that we don't know is out there."
Future Outlook:
The conversation anticipates an increase in AI-enabled ransomware groups, underscoring the importance of continuous adaptation in cybersecurity defenses.
Phil: "We've been seeing this kind of progression already and this now is just an indicator of their product or their service..."

4. Allstate Accused of Selling Consumer Driving Data

Summary:
Texas Attorney General Ken Paxton filed a lawsuit against Allstate and its subsidiary Arity, alleging the illegal collection, use, and sale of cell phone location data from over 45 million Americans. The data was used to create a driving behavior database to adjust insurance premiums without consumers' consent.

Discussion Highlights:

Legal Implications:
Rich outlines that this lawsuit is the first state-level enforcement of Texas's comprehensive Data Privacy and Security Act, with potential broader implications for other industries and states.
Rich: "This legal action marks the first state level enforcement of a comprehensive data privacy law..."
Privacy Concerns:
Phil criticizes Allstate for violating privacy policies by collecting data without transparency, emphasizing the need for unified data protection laws to prevent such abuses.
Phil (15:12): "The problem is when we don't know about it... ensuring that there's clarity between the consumer and the company is the important part."
Industry Impact:
The discussion explores how disparate state laws create challenges for companies operating nationally and the likelihood of increased litigation driving up costs for businesses.
Rich: "Might it simply motivate companies like Allstate to hike these rates to cover the inevitable litigation?"

5. Illinois to Get Mobile Driver's License in Apple Wallet

Summary:
Illinois plans to launch digital IDs compatible with Apple Wallet by the end of 2025, allowing residents to add their driver's licenses and state IDs to their iPhones and Apple Watches. Google Wallet support will follow, joining other states offering similar digital ID solutions.

Discussion Highlights:

Adoption & Convenience:
Rich discusses the growing trend of digital IDs, highlighting the convenience of real-time address updates and seamless integration with mobile devices.
Rich: "Allowing residents to add driver's licenses and state IDs to iPhones and Apple watches."
Privacy & Security Concerns:
Phil debates the potential privacy implications, questioning whether individuals will feel comfortable handing over their phones for routine verifications. He stresses the importance of robust security measures to prevent misuse.
Phil (18:52): "Is something that people worry about?... the benefits of digital IDs vastly outweigh the concerns."
Civil Rights Implications:
The conversation touches on the balance between technological advancements and civil liberties, emphasizing the need for safeguards to protect individuals from potential privacy infringements.
Rich: "There's a whole lot of civil rights implications for that."

6. Law Firm Discloses Data Breach from 2023

Summary:
Law firm Freeman and Hers disclosed a data breach that occurred on December 13, 2023, affecting approximately 3.4 million individuals. The breach exposed sensitive information, including SSNs and medical diagnoses. The firm delayed notifying affected parties due to digital forensic complications.

Discussion Highlights:

Incident Response Failures:
Rich criticizes the law firm's delayed disclosure, highlighting the importance of having a robust incident response strategy that includes timely communication with affected individuals.
Rich: "Forensic complications leading to a year long delay in disclosure here... shouldn't that be part of your incident response strategy?"
Legal and Ethical Considerations:
Phil reflects on the ethical obligations of firms to protect client data and the potential negligence displayed by the delayed response. He underscores the need for transparency and swift action in breach situations.
Phil (22:20): "A year later is way too much. I'm not really sure that there's anything I can think of."
Impact on Trust:
The discussion emphasizes how such breaches and poor handling can erode client trust and the broader implications for the legal industry's reputation regarding data security.
Phil: "We have to be able to react and respond faster and faster. And that's just a reality of this profession."

Insights and Opinions

Ransomware Incentives:
Both Rich and Phil express skepticism about the UK's proposed ransomware payment ban, suggesting it may not effectively deter attackers and could inadvertently harm public services.
AI as a Double-Edged Sword:
The integration of AI in both offensive (ransomware) and defensive (cybersecurity) strategies is seen as inevitable. Phil advocates for leveraging AI to enhance resilience and defense mechanisms.
Data Privacy Enforcement:
The lawsuit against Allstate highlights the growing enforcement of data privacy laws at the state level, signaling a shift towards greater accountability for companies handling consumer data.
Digital Transformation vs. Privacy:
The rollout of digital IDs raises important questions about privacy and security, balancing technological convenience with the need to protect individual rights.

Conclusion

This week's episode of Cyber Security Headlines provides a comprehensive overview of significant developments in the cybersecurity landscape. From governmental efforts to enhance taxpayer security and combat ransomware to corporate missteps in data privacy, the discussions underscore the evolving challenges and the imperative for robust, proactive security measures. Phil Beyer's expert insights offer valuable perspectives on navigating these complex issues, making the episode a must-listen for information security professionals seeking to stay informed and ahead of emerging threats.

Notable Quotes:

Phil Beyer (03:27): "I'm not sure that it's any worse as much as just we should again continue to try to help IT support all this..."
Phil Beyer (06:35): "Cryptocurrency is the vast majority of ransomware style payments and we can't really block those now when we know things are happening now."
Phil Beyer (09:47): "We have to be able to defend against something that we don't know is out there."
Phil Beyer (15:12): "Ensuring that there's clarity between the consumer and the company is the important part."
Phil Beyer (18:52): "Is something that people worry about?... the benefits of digital IDs vastly outweigh the concerns."
Phil Beyer (22:20): "A year later is way too much. I'm not really sure that there's anything I can think of."

For more detailed insights and daily updates, visit CISOseries.com and tune into Cyber Security Headlines every weekday.

Summary

Cyber Security Headlines: Week in Review Summary

Hosted by CISO Series
Release Date: January 17, 2025
Episode: Week in Review: IRS PIN available, AI ransomware group, UK ransomware ban

Overview

Key Stories Discussed

1. IRS Identity Protection PIN Now Available

Discussion Highlights:

Purpose & Importance:
Rich explains that the IP PIN is designed to combat the increased threat of scammers filing tax returns with stolen SSNs, especially in light of a massive data breach exposing over 100 million SSNs.
Rich: "With over 100 million people's Social Security numbers exposed... this program is even more critical this year."
Effectiveness & Concerns:
Phil acknowledges the program’s potential benefits but expresses uncertainty about its effectiveness in deterring opportunistic criminals. He emphasizes that while the IP PIN adds a layer of security, it may not be foolproof against determined attackers.
Phil (03:27): "I'm not sure that it's any worse as much as just we should again continue to try to help IT support all this..."
Community Feedback:
Michael Vindig from the chat raises a concern about the need for a stronger, more secure national ID system to reduce identity-based attacks, aligning with Phil's thoughts on the limitations of current protections.

2. UK Mulling Public Sector Ransomware Payment Ban

Discussion Highlights:

Intent & Implementation:
Rich outlines that the proposed ban aims to protect essential services by discouraging ransomware attacks through policy and guidance on alternative response strategies.
Rich: "The proposal would also offer guidance to ransomware victims on how to respond and would also help block payments to known criminal groups..."
Expert Opinion:
Phil is skeptical about the ban's effectiveness, questioning the practicality of blocking crypto payments and highlighting the challenges in enforcing such measures. He points out that criminals might still find ways to transact outside sanctioned channels.
Phil (06:35): "Cryptocurrency is the vast majority of ransomware style payments and we can't really block those now when we know things are happening now."
Broader Implications:
The discussion touches on the historical challenges of deterring ransom-based crimes and the potential for the UK ban to inadvertently harm the very public services it aims to protect.
Rich: "Good luck stopping nation states with a payment ban."

3. New Ransomware Group Leverages AI

Discussion Highlights:

AI Integration in Ransomware:
Rich highlights the innovative use of AI by Funk SEC to develop more sophisticated ransomware tools, including a DDoS utility and an AI chatbot for data leaks.
Rich: "Using a rust based ransomware likely created with AI by inexperienced threat actors."
Defensive Strategies:
Phil emphasizes the need for CISOs to adopt proactive measures, including leveraging AI for defense to match the attackers' technological advancements. He advocates for resilience and defense-in-depth strategies to counter evolving threats.
Phil (09:47): "We have to be able to defend against something that we don't know is out there."
Future Outlook:
The conversation anticipates an increase in AI-enabled ransomware groups, underscoring the importance of continuous adaptation in cybersecurity defenses.
Phil: "We've been seeing this kind of progression already and this now is just an indicator of their product or their service..."

4. Allstate Accused of Selling Consumer Driving Data

Discussion Highlights:

Legal Implications:
Rich outlines that this lawsuit is the first state-level enforcement of Texas's comprehensive Data Privacy and Security Act, with potential broader implications for other industries and states.
Rich: "This legal action marks the first state level enforcement of a comprehensive data privacy law..."
Privacy Concerns:
Phil criticizes Allstate for violating privacy policies by collecting data without transparency, emphasizing the need for unified data protection laws to prevent such abuses.
Phil (15:12): "The problem is when we don't know about it... ensuring that there's clarity between the consumer and the company is the important part."
Industry Impact:
The discussion explores how disparate state laws create challenges for companies operating nationally and the likelihood of increased litigation driving up costs for businesses.
Rich: "Might it simply motivate companies like Allstate to hike these rates to cover the inevitable litigation?"

5. Illinois to Get Mobile Driver's License in Apple Wallet

Discussion Highlights:

Adoption & Convenience:
Rich discusses the growing trend of digital IDs, highlighting the convenience of real-time address updates and seamless integration with mobile devices.
Rich: "Allowing residents to add driver's licenses and state IDs to iPhones and Apple watches."
Privacy & Security Concerns:
Phil debates the potential privacy implications, questioning whether individuals will feel comfortable handing over their phones for routine verifications. He stresses the importance of robust security measures to prevent misuse.
Phil (18:52): "Is something that people worry about?... the benefits of digital IDs vastly outweigh the concerns."
Civil Rights Implications:
The conversation touches on the balance between technological advancements and civil liberties, emphasizing the need for safeguards to protect individuals from potential privacy infringements.
Rich: "There's a whole lot of civil rights implications for that."

6. Law Firm Discloses Data Breach from 2023

Discussion Highlights:

Incident Response Failures:
Rich criticizes the law firm's delayed disclosure, highlighting the importance of having a robust incident response strategy that includes timely communication with affected individuals.
Rich: "Forensic complications leading to a year long delay in disclosure here... shouldn't that be part of your incident response strategy?"
Legal and Ethical Considerations:
Phil reflects on the ethical obligations of firms to protect client data and the potential negligence displayed by the delayed response. He underscores the need for transparency and swift action in breach situations.
Phil (22:20): "A year later is way too much. I'm not really sure that there's anything I can think of."
Impact on Trust:
The discussion emphasizes how such breaches and poor handling can erode client trust and the broader implications for the legal industry's reputation regarding data security.
Phil: "We have to be able to react and respond faster and faster. And that's just a reality of this profession."

Insights and Opinions

Ransomware Incentives:
Both Rich and Phil express skepticism about the UK's proposed ransomware payment ban, suggesting it may not effectively deter attackers and could inadvertently harm public services.
AI as a Double-Edged Sword:
The integration of AI in both offensive (ransomware) and defensive (cybersecurity) strategies is seen as inevitable. Phil advocates for leveraging AI to enhance resilience and defense mechanisms.
Data Privacy Enforcement:
The lawsuit against Allstate highlights the growing enforcement of data privacy laws at the state level, signaling a shift towards greater accountability for companies handling consumer data.
Digital Transformation vs. Privacy:
The rollout of digital IDs raises important questions about privacy and security, balancing technological convenience with the need to protect individual rights.

Conclusion

Notable Quotes:

Phil Beyer (03:27): "I'm not sure that it's any worse as much as just we should again continue to try to help IT support all this..."
Phil Beyer (06:35): "Cryptocurrency is the vast majority of ransomware style payments and we can't really block those now when we know things are happening now."
Phil Beyer (09:47): "We have to be able to defend against something that we don't know is out there."
Phil Beyer (15:12): "Ensuring that there's clarity between the consumer and the company is the important part."
Phil Beyer (18:52): "Is something that people worry about?... the benefits of digital IDs vastly outweigh the concerns."
Phil Beyer (22:20): "A year later is way too much. I'm not really sure that there's anything I can think of."

For more detailed insights and daily updates, visit CISOseries.com and tune into Cyber Security Headlines every weekday.

wavePod

Week in Review: IRS PIN available, AI ransomware group, UK ransomware ban

Powered by Wave AI

Summary

Overview

Key Stories Discussed

1. IRS Identity Protection PIN Now Available

2. UK Mulling Public Sector Ransomware Payment Ban

3. New Ransomware Group Leverages AI

4. Allstate Accused of Selling Consumer Driving Data

5. Illinois to Get Mobile Driver's License in Apple Wallet

6. Law Firm Discloses Data Breach from 2023

Insights and Opinions

Conclusion

Summary

Overview

Key Stories Discussed

1. IRS Identity Protection PIN Now Available

2. UK Mulling Public Sector Ransomware Payment Ban

3. New Ransomware Group Leverages AI

4. Allstate Accused of Selling Consumer Driving Data

5. Illinois to Get Mobile Driver's License in Apple Wallet

6. Law Firm Discloses Data Breach from 2023

Insights and Opinions

Conclusion