Summary of "Cybersecurity Today" Podcast Episode: Google’s New Free Cybersecurity Certificate

Podcast Information:

• Title: Cybersecurity Today
• Host: Jim Love
• Description: Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.
• Episode Title: Google’s New Free Cybersecurity Certificate: Cyber Security Today for Monday, November 25, 2024
• Release Date: November 25, 2024

1. Massive Breach of Palo Alto Networks Firewalls

The episode opens with a critical update on a significant security incident affecting Palo Alto Networks firewalls. Jim Love reports that over 2,000 firewalls were compromised by exploiting two recently patched zero-day vulnerabilities: CVE2024-0012 and CVE2024-9474.

• Vulnerability Details:
  • CVE2024-0012: Allows attackers to bypass authentication in the Pan OS Management Web interface, granting administrative access.
  • CVE2024-9474: A privilege escalation flaw enabling attackers to execute commands with root privileges.

Jim emphasizes the severity:

"Hackers have exploited two recently patched zero day vulnerabilities to compromise over 2,000 Palo Alto network firewalls."
[00:01]

Palo Alto Networks disclosed that a coordinated attack chaining these vulnerabilities resulted in malware deployment and unauthorized command execution on compromised devices. The attacks primarily originated from IP addresses linked to anonymous VPN services. The company's Unit 42 team indicated a high confidence that a functional exploit chain is publicly available, posing a risk for further attacks.

Mitigation Strategies: Palo Alto Networks advises restricting access to firewall management interfaces solely to trusted internal IP addresses, aligning with best practice deployment guidelines. Jim highlights:

"Risk of these issues are greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses."
[00:04]

Despite Palo Alto Networks' low estimate of affected devices, Shadow Server tracked over 2,700 vulnerable firewalls, with approximately 2,000 confirmed as compromised. The US Cybersecurity and Infrastructure Security Agency (CISA) has added these vulnerabilities to its Known Exploited Vulnerabilities catalog, mandating federal agencies to apply patches by December 9th.

2. APT28’s Innovative Nearest Neighbor Attack on US Firms

Jim shifts focus to a novel cyberattack executed by Russian state-sponsored hackers, APT28 (Fancy Bear). This attack, termed the Nearest Neighbor Attack, targeted US firms involved in Ukraine-related projects by exploiting WiFi networks from a considerable distance.

Attack Breakdown:

1. Initial Compromise: Using password spraying, attackers obtained credentials for the target company's WiFi network.

   "Using a technique called password spraying, they gained access to credentials to a target company's Wi fi network."
   [05:30]

2. Bypassing MFA: Despite multifactor authentication (MFA) blocking internet-based access, the WiFi network lacked MFA requirements.

   "While multifactor authentication blocked them from using those credentials over the Internet, the target's WiFi didn't require MFA for access."
   [05:45]

3. Leveraging Nearby Networks: Attackers accessed a nearby company's WiFi, compromising a device with both wired and wireless connections to bridge into the target's network.

   "They found a nearby company within WI fi range of the ultimate target, hacked into their network, and found a device that had both wired and wireless connections."
   [06:10]

4. Exfiltration of Data: Utilizing Remote Desktop Protocol (RDP), hackers controlled the bridge device to infiltrate the target network, maintaining stealth by using native Windows tools to exfiltrate sensitive data related to Ukraine projects.

Jim remarks on the ingenuity of the attack:

"What makes this attack remarkable is its ingenuity. By chaining together multiple compromises and leveraging devices within WI fi range, the hackers circumvented MFA without physical proximity to the target."
[07:00]

Exploited Vulnerabilities: The attack also exploited the Windows Print Spooler vulnerability (CVE-2020-238028) to escalate privileges and deploy malicious payloads. This vulnerability, identified in April 2024, was pivotal in linking the attack to APT28.

Lessons Learned: Jim underscores the necessity of treating WiFi networks with the same security rigor as internet-facing systems:

"Wi fi networks need the same level of protection as Internet facing systems. MFA device restrictions and continuous monitoring are essential to closing gaps."
[07:30]

3. Meta’s Crackdown on Pig Butchering and Other Scams

Referencing insights from the weekend show hosted by David Shipley, Jim discusses Meta's recent efforts to eliminate fraudulent activities on its platforms. Over 2 million accounts tied to pig butchering scams and other deceptive schemes were removed.

Scam Mechanics:

• Pig Butchering: Extended financial investment scams where victims are manipulated into depositing funds into fake platforms with promises of high returns.

  "The term pig butchering refers to financial investment scams that involve prolonged deception, where victims are manipulated into depositing money into fraudulent platforms promising fake returns."
  [10:15]

• Geographical Origins: Most scam accounts originated from Southeast Asian countries (Myanmar, Laos, Cambodia, Philippines) and the United Arab Emirates. These regions often serve as criminal hubs, enticing job seekers with fake offers and coercing them into online scam operations under threat of physical abuse.

• Tactics Used:

  • Spray and Pray: Sending generic messages to a large number of users in hopes of finding victims.
  • Fake Investment Platforms: Creating plausible-looking platforms that deceive victims into investing and believing in fabricated returns and withdrawals.

The FBI's 2023 Internet Crime Report highlights the gravity, noting a 38% rise in investment fraud losses, reaching $4.5 billion in 2023.

Protective Measures: Jim relays Meta's advice for users:

• Vigilance: Stay alert to fraudulent activities.
• Two-Factor Authentication (2FA): Adds an extra layer of security.
• Selfie Verification: Secures accounts against theft.
• Cautiousness with Unsolicited Communications: Avoid engaging with unknown sources.

He also points out the broader impact on corporations:

"Any employee who's compromised and in financial distress due to a fraud is an issue that affects us corporately as well."
[11:30]

4. Google’s Free Cybersecurity Professional Certificate Program

Concluding the episode, Jim introduces Google's Free Cybersecurity Professional Certificate, a strategic initiative to equip individuals with the skills needed for entry-level cybersecurity roles within six months. Offered through Coursera, the program is accessible to those with or without a formal degree.

Program Highlights:

• Curriculum:

  • Eight Courses: Covering identifying and mitigating cyber risks, utilizing security information and event management (SIEM) tools, and protecting networks and data.
  • Technical Skills: Hands-on experience with Python, Linux, SQL, and six additional videos on applying Artificial Intelligence (AI) in cybersecurity, including vulnerability detection and alert prioritization.

• Accessibility:

  • Free Enrollment: Students can access the course materials for free.
  • Certification Cost: To obtain the certificate, participants can subscribe at $49 per month after a seven-day free trial, totaling approximately $300 USD for completion.

Jim elaborates:

"Students can take the course for free, but if they want a certificate, they can get the course for $49 a month after a seven day free trial at an estimated completion time of six months."
[12:45]

Career Opportunities: Upon earning the certificate, graduates can:

• Enhance Resumes: Add credentials to LinkedIn profiles and resumes.
• Access Employer Networks: US-based students gain connections to over 150 employers, including American Express, Walmart, and Google, who are committed to considering certificate holders for open positions.

Job Roles Prepared For: According to Casera, the program prepares students for roles such as:

• Cybersecurity Analyst
• Security Operations Center (SOC) Analyst

Jim also mentions additional resources:

"There's a link in the show Notes to the free course and to the Coursera program which charges a fee and a link to Open Culture, which is where I found this initially and where if you look you can find a number of other free courses on security, computing and even AI."
[13:30]

Conclusion

In this episode of "Cybersecurity Today," host Jim Love delivers a comprehensive overview of pressing cybersecurity issues, including:

• Significant breaches affecting Palo Alto Networks firewalls through zero-day vulnerabilities.
• The innovative Nearest Neighbor Attack executed by Russian hackers, highlighting vulnerabilities in WiFi network security.
• Meta's proactive stance against large-scale financial scams like pig butchering, emphasizing the importance of user vigilance and corporate awareness.
• Google's educational initiative, providing accessible pathways for individuals to enter the cybersecurity field through a free certification program.

By addressing these key topics, the podcast serves as an essential resource for professionals seeking to stay informed and enhance their cybersecurity strategies in an evolving digital landscape.

For more detailed reports and information, listeners are directed to the show notes at technewsday.com. Feedback and comments are welcomed at editorial@technewsday.ca.

Disclaimer: This summary is based on the transcript provided and aims to capture all key points, discussions, insights, and conclusions from the "Cybersecurity Today" podcast episode released on November 25, 2024.