CyberWire Daily: "A not so BASIC Farewell" – Episode Summary

Release Date: November 22, 2024
Host: Dave Buettner
Guest: Benjamin Fabretto, CEO and Co-Founder of Datadome

1. Pig Butchering Scams: Meta's Countermeasures and Criticisms

The episode delves into the escalating crisis of pig butchering scams, where organized crime syndicates coerce trafficked individuals into running extensive scam operations from Southeast Asia and the UAE. These scams involve grooming victims through social media and messaging platforms to invest in fraudulent opportunities, resulting in collective losses of approximately $75 billion globally.

Meta's Response: Meta has publicly detailed its efforts to combat these scams, collaborating with law enforcement and NGOs to dismantle over 2 million accounts linked to such operations this year. Despite these efforts, researchers criticize Meta for the slow pace in addressing the platform’s role in enabling these scams.

“Pig butchering is an evolving, well-funded threat, with criminals leveraging tools like AI to evade detection.” (00:54)

Operational Tactics: Criminals employ AI to generate convincing messages, create deepfakes, and translate scripts, targeting victims worldwide. An instance highlighted Meta’s intervention when OpenAI flagged accounts using ChatGPT for scam activities, leading to their shutdown.

Researcher's Perspective: Researchers argue that proactive measures by tech companies are insufficient, as moderation often fails to intercept deceptive content promptly.

2. Salt Typhoon's Breach of US Telecommunications

Chinese hacker group Salt Typhoon orchestrated a significant breach targeting major US telecommunications systems, including giants like AT&T, Verizon, and T-Mobile. This intrusion exposed vulnerabilities, allowing hackers to access sensitive communications of political figures and exploit outdated equipment.

Impact and Concerns: The breach enabled monitoring of calls, reading unencrypted texts, and gathering metadata, though encrypted communications via platforms like iMessage and Signal remained secure. Senator Mark Warner labeled this incident as "the most severe telecom hack in US History," surpassing previous breaches like SolarWinds and Colonial Pipeline.

“Senator Mark Warner described the breach as the most severe telecom hack in US History, exceeding the scale of solar winds or colonial pipeline incidents.” (04:12)

National Security Implications: The infiltration raises significant national security concerns, with ongoing investigations suggesting that the hackers may still have access to US systems. Warner called for increased transparency and strengthened cybersecurity standards to mitigate such vulnerabilities.

3. Microsoft Dismantles Onyx Phishing-as-a-Service Platform

Microsoft successfully took down 240 domains associated with Onyx, a phishing-as-a-service platform known for high-volume phishing campaigns targeting companies like Microsoft 365, Google, and Dropbox since 2017. Onyx provided DIY phishing kits sold on Telegram, facilitating sophisticated attacks with features like two-factor authentication bypass and QR code phishing.

Operational Disruption: The shutdown followed the identification of Onyx’s owner, Abhinab Naidi, culminating in a court order that redirected Onyx’s infrastructure, effectively halting its operations. This move aligns with Microsoft's ongoing efforts to combat cybercrime, including previous actions against Russian hackers.

“By dismantling Onyx, Microsoft has cut off access and deterred future attacks.” (05:30)

4. Cyberattack on International Game Technology (IGT)

International Game Technology, a prominent US gambling and lottery provider, experienced a cyberattack that disrupted its systems. IGT promptly took their systems offline as a precautionary measure and is currently investigating the incident while working to restore operations. The financial impact remains unassessed, but the disruption underscores the vulnerability of the gambling and lottery sector to ransomware attacks.

“IGT has over 11,000 employees and $1.9 billion in 2023 revenue, and they provide lottery, gambling, machine and sports betting technology.” (06:15)

5. Exploitation of Zero-Day Vulnerabilities in Palo Alto Networks' Firewalls

Hackers exploited two newly patched zero-day vulnerabilities in Palo Alto Networks' firewalls, affecting approximately 2,000 devices globally. These flaws allowed attackers to perform authentication bypasses and privilege escalations, granting them administrator and root access.

Response and Mitigation: Palo Alto Networks acknowledged the limited scope of the affected devices and observed malware deployments exploiting these vulnerabilities. The Cybersecurity and Infrastructure Security Agency (CISA) has included these flaws in its Known Exploited Vulnerabilities catalog, mandating federal agencies to apply patches by December 9th.

6. Fortinet VPN Servers' Logging Deficiency

Researchers from Pantera identified a design flaw in Fortinet VPN servers that permits attackers to verify credentials during brute force attacks without logging successful attempts. While failed logins trigger alerts, successful authentications remain undocumented, allowing attackers to exploit compromised credentials undetected.

“Concealing compromised logins poses a significant risk, enabling attackers to exploit credentials later.” (07:40)

Fortinet has not classified this issue as a vulnerability, leaving the timeline for a potential fix uncertain.

7. DEFCON Franklin Pilot Program Enhances Security for US Water Utilities

A collaborative pilot program named DEFCON Franklin, initiated by the University of Chicago's Cyber Policy Initiative, DEFCON, and the National Rural Water Association, aims to bolster cybersecurity for small US water utilities. Covering six utilities across Utah, Vermont, Indiana, and Oregon, the program pairs these entities with volunteer cybersecurity experts to evaluate and strengthen their defenses.

Addressing Vulnerabilities: The initiative targets the 91% of US community water systems serving fewer than 10,000 people, which often lack adequate cybersecurity resources. With rising cyberattacks on water infrastructure from Chinese, Iranian, and Russian actors, DEFCON Franklin offers scalable, cost-effective solutions to protect the nation's critical water sector.

8. Bitdefender Alerts on Rising Black Friday Spam Scams

Bitdefender has issued warnings about a surge in Black Friday-themed spam emails, with 77% of such emails in 2024 identified as scams—a 7% increase from 2023 and a 21% rise from 2022. These scams aim to steal personal data, banking information, or finances through phishing emails, fake purchases, and malware.

Geographical Impact: The United States remains the top target, accounting for 38% of Black Friday spam, while Europe comprises 44%, with Germany and France being significantly affected. Scammers employ tactics like fake brand impersonations and region-specific offers, enhancing their deceptive strategies.

“77% of Black Friday themed spam emails in 2024 are scams, marking a 7% increase from 2023.” (08:55)

Prevention Tips: Bitdefender advises consumers to verify email sources, avoid clicking unsolicited links, utilize security tools, and approach surveys with caution to mitigate the risk of falling victim to these scams.

9. Interview with Benjamin Fabretto: Fake Accounts Threaten Black Friday Gaming Sales

Overview of the Issue: Benjamin Fabretto discusses the impact of fake accounts on Black Friday gaming sales, emphasizing how increased traffic during this period attracts bots and attackers. Datadome's threat research team tested large retailers across the US, UK, and Europe to assess their protection against evolving bot attacks.

“This year we decided to have our threat research team to have a look and test the security of those large retailers...” (16:08)

Key Findings:

• Account Creation Vulnerabilities:

  • 30% of tested websites lacked protection in the account creation phase, allowing basic bots to generate thousands of fake accounts effortlessly.

  “30% of those websites have almost zero protection on the account creation section of the website.” (16:51)

• Sophisticated Bot Threats:

  • 75% of websites did not defend against advanced bots capable of solving CAPTCHAs or bypassing multi-factor authentication.

  “3/4 of those websites are not protected against the sophisticated threats like bots that can solve captcha...” (17:00)

• Login and Credential Stuffing:

  • 60% of websites lacked CAPTCHA or more sophisticated bot protections in the login sections, facilitating credential stuffing and account takeover attacks.

  “60% of those websites have even no captcha in place.” (18:14)

• Checkout Process Weaknesses:

  • 65% of websites did not implement adequate security measures to prevent scalpers from abusing limited-supply products during checkout.
  • Only 3 out of 14 large retailers had robust security protocols during the payment stage to block payment fraud effectively.

“Only three had a very strong security in place at the very late stage of the checkout.” (19:39)

Consumer Protection Tips: Fabretto advises consumers to use unique passwords for each website, enable multi-factor authentication, and choose retailers that offer these security measures to safeguard their accounts.

“Consumers can make sure that they are using unique password for every single website... and use multifactor authentication.” (23:05)

Balancing Security and User Experience: Fabretto highlights the challenge retailers face in balancing security measures with user experience, noting that overly intrusive security can drive customers away, leading to inadequate protection implementations.

“The friction that some of the security solution can provide... can generate some friction for the user experience.” (21:19)

10. Tribute to Thomas E. Kurtz: Co-Inventor of BASIC

The episode concludes with an homage to Thomas E. Kurtz, a visionary mathematician who, along with John Kemeny, co-invented the BASIC programming language. Kurtz's contributions democratized access to computing, making it accessible to students beyond the realms of math and engineering.

Legacy and Impact: BASIC's simplicity facilitated the spread of personal computing and ignited a passion for coding among countless individuals, including future tech leaders like Bill Gates. Kurtz's vision extended beyond technology, emphasizing empowerment and creativity for everyday individuals. His legacy persists in modern programming, education, and technologies such as cloud computing.

“Basic's simplicity was its strength. It removed barriers, proving that programming didn't have to be intimidating.” (24:12)

Kurtz’s passing at the age of 96 marks the end of an era, but his foundational contributions continue to influence the computing landscape, ensuring that technology remains accessible and inclusive.

Conclusion

In "A not so BASIC farewell," CyberWire Daily explores a spectrum of critical cybersecurity issues, from sophisticated scams and nation-state attacks to vulnerabilities in essential infrastructure and the ever-evolving tactics of cybercriminals. The episode underscores the importance of proactive security measures, collaboration between industry leaders and researchers, and the enduring legacy of pioneers like Thomas E. Kurtz in shaping a more secure and inclusive digital future.