Summary7 min read

Summary of "Cybersecurity Today" Podcast Episode: Google’s New Free Cybersecurity Certificate

Podcast Information:

Title: Cybersecurity Today
Host: Jim Love
Description: Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.
Episode Title: Google’s New Free Cybersecurity Certificate: Cyber Security Today for Monday, November 25, 2024
Release Date: November 25, 2024

1. Massive Breach of Palo Alto Networks Firewalls

The episode opens with a critical update on a significant security incident affecting Palo Alto Networks firewalls. Jim Love reports that over 2,000 firewalls were compromised by exploiting two recently patched zero-day vulnerabilities: CVE2024-0012 and CVE2024-9474.

Vulnerability Details:
- CVE2024-0012: Allows attackers to bypass authentication in the Pan OS Management Web interface, granting administrative access.
- CVE2024-9474: A privilege escalation flaw enabling attackers to execute commands with root privileges.

Jim emphasizes the severity:

"Hackers have exploited two recently patched zero day vulnerabilities to compromise over 2,000 Palo Alto network firewalls."
[00:01]

Palo Alto Networks disclosed that a coordinated attack chaining these vulnerabilities resulted in malware deployment and unauthorized command execution on compromised devices. The attacks primarily originated from IP addresses linked to anonymous VPN services. The company's Unit 42 team indicated a high confidence that a functional exploit chain is publicly available, posing a risk for further attacks.

Mitigation Strategies: Palo Alto Networks advises restricting access to firewall management interfaces solely to trusted internal IP addresses, aligning with best practice deployment guidelines. Jim highlights:

"Risk of these issues are greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses."
[00:04]

Despite Palo Alto Networks' low estimate of affected devices, Shadow Server tracked over 2,700 vulnerable firewalls, with approximately 2,000 confirmed as compromised. The US Cybersecurity and Infrastructure Security Agency (CISA) has added these vulnerabilities to its Known Exploited Vulnerabilities catalog, mandating federal agencies to apply patches by December 9th.

2. APT28’s Innovative Nearest Neighbor Attack on US Firms

Jim shifts focus to a novel cyberattack executed by Russian state-sponsored hackers, APT28 (Fancy Bear). This attack, termed the Nearest Neighbor Attack, targeted US firms involved in Ukraine-related projects by exploiting WiFi networks from a considerable distance.

Attack Breakdown:

Initial Compromise: Using password spraying, attackers obtained credentials for the target company's WiFi network.

"Using a technique called password spraying, they gained access to credentials to a target company's Wi fi network."
[05:30]
Bypassing MFA: Despite multifactor authentication (MFA) blocking internet-based access, the WiFi network lacked MFA requirements.

"While multifactor authentication blocked them from using those credentials over the Internet, the target's WiFi didn't require MFA for access."
[05:45]
Leveraging Nearby Networks: Attackers accessed a nearby company's WiFi, compromising a device with both wired and wireless connections to bridge into the target's network.

"They found a nearby company within WI fi range of the ultimate target, hacked into their network, and found a device that had both wired and wireless connections."
[06:10]
Exfiltration of Data: Utilizing Remote Desktop Protocol (RDP), hackers controlled the bridge device to infiltrate the target network, maintaining stealth by using native Windows tools to exfiltrate sensitive data related to Ukraine projects.

Jim remarks on the ingenuity of the attack:

"What makes this attack remarkable is its ingenuity. By chaining together multiple compromises and leveraging devices within WI fi range, the hackers circumvented MFA without physical proximity to the target."
[07:00]

Exploited Vulnerabilities: The attack also exploited the Windows Print Spooler vulnerability (CVE-2020-238028) to escalate privileges and deploy malicious payloads. This vulnerability, identified in April 2024, was pivotal in linking the attack to APT28.

Lessons Learned: Jim underscores the necessity of treating WiFi networks with the same security rigor as internet-facing systems:

"Wi fi networks need the same level of protection as Internet facing systems. MFA device restrictions and continuous monitoring are essential to closing gaps."
[07:30]

3. Meta’s Crackdown on Pig Butchering and Other Scams

Referencing insights from the weekend show hosted by David Shipley, Jim discusses Meta's recent efforts to eliminate fraudulent activities on its platforms. Over 2 million accounts tied to pig butchering scams and other deceptive schemes were removed.

Scam Mechanics:

Pig Butchering: Extended financial investment scams where victims are manipulated into depositing funds into fake platforms with promises of high returns.

"The term pig butchering refers to financial investment scams that involve prolonged deception, where victims are manipulated into depositing money into fraudulent platforms promising fake returns."
[10:15]
Geographical Origins: Most scam accounts originated from Southeast Asian countries (Myanmar, Laos, Cambodia, Philippines) and the United Arab Emirates. These regions often serve as criminal hubs, enticing job seekers with fake offers and coercing them into online scam operations under threat of physical abuse.
Tactics Used:
- Spray and Pray: Sending generic messages to a large number of users in hopes of finding victims.
- Fake Investment Platforms: Creating plausible-looking platforms that deceive victims into investing and believing in fabricated returns and withdrawals.

The FBI's 2023 Internet Crime Report highlights the gravity, noting a 38% rise in investment fraud losses, reaching $4.5 billion in 2023.

Protective Measures: Jim relays Meta's advice for users:

Vigilance: Stay alert to fraudulent activities.
Two-Factor Authentication (2FA): Adds an extra layer of security.
Selfie Verification: Secures accounts against theft.
Cautiousness with Unsolicited Communications: Avoid engaging with unknown sources.

He also points out the broader impact on corporations:

"Any employee who's compromised and in financial distress due to a fraud is an issue that affects us corporately as well."
[11:30]

4. Google’s Free Cybersecurity Professional Certificate Program

Concluding the episode, Jim introduces Google's Free Cybersecurity Professional Certificate, a strategic initiative to equip individuals with the skills needed for entry-level cybersecurity roles within six months. Offered through Coursera, the program is accessible to those with or without a formal degree.

Program Highlights:

Curriculum:
- Eight Courses: Covering identifying and mitigating cyber risks, utilizing security information and event management (SIEM) tools, and protecting networks and data.
- Technical Skills: Hands-on experience with Python, Linux, SQL, and six additional videos on applying Artificial Intelligence (AI) in cybersecurity, including vulnerability detection and alert prioritization.
Accessibility:
- Free Enrollment: Students can access the course materials for free.
- Certification Cost: To obtain the certificate, participants can subscribe at $49 per month after a seven-day free trial, totaling approximately $300 USD for completion.

Jim elaborates:

"Students can take the course for free, but if they want a certificate, they can get the course for $49 a month after a seven day free trial at an estimated completion time of six months."
[12:45]

Career Opportunities: Upon earning the certificate, graduates can:

Enhance Resumes: Add credentials to LinkedIn profiles and resumes.
Access Employer Networks: US-based students gain connections to over 150 employers, including American Express, Walmart, and Google, who are committed to considering certificate holders for open positions.

Job Roles Prepared For: According to Casera, the program prepares students for roles such as:

Cybersecurity Analyst
Security Operations Center (SOC) Analyst

Jim also mentions additional resources:

"There's a link in the show Notes to the free course and to the Coursera program which charges a fee and a link to Open Culture, which is where I found this initially and where if you look you can find a number of other free courses on security, computing and even AI."
[13:30]

Conclusion

In this episode of "Cybersecurity Today," host Jim Love delivers a comprehensive overview of pressing cybersecurity issues, including:

Significant breaches affecting Palo Alto Networks firewalls through zero-day vulnerabilities.
The innovative Nearest Neighbor Attack executed by Russian hackers, highlighting vulnerabilities in WiFi network security.
Meta's proactive stance against large-scale financial scams like pig butchering, emphasizing the importance of user vigilance and corporate awareness.
Google's educational initiative, providing accessible pathways for individuals to enter the cybersecurity field through a free certification program.

By addressing these key topics, the podcast serves as an essential resource for professionals seeking to stay informed and enhance their cybersecurity strategies in an evolving digital landscape.

For more detailed reports and information, listeners are directed to the show notes at technewsday.com. Feedback and comments are welcomed at editorial@technewsday.ca.

Disclaimer: This summary is based on the transcript provided and aims to capture all key points, discussions, insights, and conclusions from the "Cybersecurity Today" podcast episode released on November 25, 2024.

Loading summary

Transcript1 lines

[00:01]
Jim Love
Over 2,000 Palo Alto firewalls were hacked exploiting patched zero day vulnerabilities. Hackers breached US firms using WiFi in a novel nearest neighbor attack. Meta removes over 2 million accounts linked to pig butchering scams, and Google's new free cybersecurity certificate prepares students for jobs in just six months. This is Cybersecurity today. I'm your host Jim Love. Hackers have exploited two recently patched zero day vulnerabilities to compromise over 2,000 Palo Alto network firewalls, according to reports from Shadow Server and Palo Alto Networks. The first vulnerability, CVE2024 0012, allows attackers to bypass authentication in the Pan OS Management Web interface granting administrative access. The second CVE2024 9474, is a privilege escalation flaw that enables attackers to execute commands with root privileges. Palo Alto Networks disclosed the potential for remote code execution linked to these flaws earlier this month. A coordinated attack chaining these vulnerabilities has been observed with attackers dropping malware and running unauthorized commands on compromised devices. According to Palo Alto Networks. Many of the attacks originated from IP addresses associated with anonymous VPN services. The company's Unit 42 team believes with high confidence that a functional exploit chain is publicly available, potentially enabling further attacks. Earlier this year, the company had also issued a patch for another maximum severity and actively exploited Panos firewall vulnerability CVE 20243400 that impacted over 82,000 devices. Palo Alto Networks advises customers to secure firewall management interfaces by restricting access to trusted internal IP addresses, aligning with its best practice deployment guidelines. Risk of these issues are greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses, was what the company said in their post. While Palo Alto Networks estimates a very small number of devices are affected, Shadow Server has tracked over 2,700 vulnerable firewalls, with approximately 2,000 confirmed as compromised. The US Cybersecurity and Infrastructure Security Agency CISA has added these vulnerabilities to its known Exploited Vulnerabilities catalog, requiring federal agencies to patch their firewalls by December 9th. Russian state sponsored hackers known as APT28 or Fancy Bear pulled off a highly creative cyberattack exploiting WI FI networks from thousands of miles away. This new tactic, dubbed the Nearest Neighbor Attack, combined cunning strategy with technical precision to breach a US Firm involved in Ukraine related work. Here's how it unfolded. Using a technique called password spraying, they gained access to credentials to a target company's WI fi network. But there was a catch. While multifactor authentication blocked them from using those credentials over the Internet, the target's WiFi didn't require MFA for access. And thousands of miles away, this could have been a dead end. But the attackers got innovative. They found a nearby company within WI fi range of the ultimate target, hacked into their network, and found a device that had both wired and wireless connections. This device became their bridge. The hackers used RDP to control that nearby device, and it logged into the target's WI fi. Once inside the target's network, the hackers were able to maintain a low profile by relying on native Windows tools, and they were able to successfully exfiltrate data they were looking for, in this case information about projects related to Ukraine. According to cybersecurity firm Velexity, which uncovered the breach, APT28 also exploited a Windows Print Spooler vulnerability, CVE 2020 238028, to escalate privileges and run their payloads. This vulnerability was identified in April 2024 in a Microsoft report which helped connect the dots to the Russian threat group. What makes this attack remarkable is its ingenuity. By chaining together multiple compromises and leveraging devices within WI fi range, the hackers circumvented MFA without physical proximity to the target. This tactic not only highlights vulnerabilities in corporate WI fi networks, but it also challenges assumptions about how far attackers will go to gain closed access. The lesson? WI fi networks need the same level of protection as Internet facing systems. MFA device restrictions and continuous monitoring are essential to closing gaps, but sophisticated attackers will inevitably exploit them. On our weekend show, David Shipley pointed out that although a lot of our attention goes deservedly to things like ransomware and other technical compromises, fraud is still one of the biggest issues for individuals and companies, and an indication of how big that problem is. Meta removed more than 2 million accounts tied to pig butchering and other scams from its platforms this year, targeting operations that exploit vulnerable users with deceptive schemes. Many of these accounts originate from Southeast Asian countries, including Myanmar, Laos, Cambodia and the Philippines, as well as from the United Arab Emirates. These scams often stem from criminal hubs that lure job seekers with fake job offers. And once they're recruited, individuals are coerced into working as online scammers, often under the threat of physical abuse. The term pig butchering refers to financial investment scams that involve prolonged deception, where victims are manipulated into depositing money into fraudulent platforms promising fake returns. The FBI's 2023 Internet Crime Report highlights the scale of the problem, noting a 38% rise in investment fraud losses reaching $4.5 billion in 2023. These scams use tactics like Spray and Pray, where scammers send generic messages to large number of users in hopes of finding victims. Those who respond are drawn into a web of deceit involving fake investment platforms, and falsified returns and withdrawals of course are nearly impossible. Meta advises users to stay vigilant, use two factor authentication, selfie verification to secure stolen accounts, and of course, treating unsolicited communications with caution. And while many of these companies rob individuals and not companies, we need to remember that any employee who's compromised and in financial distress due to a fraud is an issue that affects us corporately as well. And of course, some of these frauds directly attack companies. And finally, for those who want to expand their skill sets but don't have extra money or want a risk free way of seeing if they're suitable, Google has introduced a free Cybersecurity Professional Certificate. It's designed to prepare students for entry level roles in cybersecurity with or without a degree. It's offered through Coursera and the program features eight courses that can be completed in six months. The certificate program teaches key skills including identifying and mitigating cyber risks, using security information and event management tools, and protecting networks and data. Students also gain hands on experience with Python, Linux and SQL. A new addition to the program includes six videos on applying artificial intelligence in cybersecurity, covering topics such as detecting vulnerabilities and prioritizing alerts. Students can take the course for free, but if they want a certificate, they can get the course for $49 a month after a seven day free trial at an estimated completion time of six months. That's going to be about $300 US to complete the course. Upon earning their credentials, graduates can add it to their LinkedIn profiles and resumes and US based students can gain access to a network of over 150 employers including American Express, Walmart and Google, committed to considering certificate holders for open positions. According to Casera, the certificate equips students for roles like Cybersecurity Analyst and Security Operations center or SOC Analyst. There's a link in the show Notes to the free course and to the Coursera program which charges a fee and a link to Open Culture, which is where I found this initially and where if you look you can find a number of other free courses on security, computing and and even AI. And that's our show for today. You can find links to reports and other details on our show notes@technewsday.com we welcome your comments, tips and the occasional bit of constructive criticism at editorialechnewsday ca. I'm your host, Jim Love. Thanks for listening.