CyberWire Daily – Episode: "Buckets of Trouble"
Release Date: December 10, 2024
Host: Dave Buettner
Produced by: N2K Networks

Introduction

In the December 10, 2024 episode of CyberWire Daily, host Dave Buettner delves into a spectrum of pressing cybersecurity issues, from large-scale hacking operations and critical vulnerabilities to significant ransomware attacks and groundbreaking advancements in quantum computing. The episode also features an insightful interview with Jason Lamar, Senior Vice President of Product at Cobalt, who discusses the evolving landscape of offensive security. This comprehensive summary captures the key discussions, expert insights, and notable conclusions presented throughout the episode.

Major Cybersecurity Breaches and Vulnerabilities

Shiny Hunters and Nemesis Tied to Large-Scale Hacking Operation

Cybersecurity researchers Noam Rotem and Ran Lokar uncovered a sophisticated hacking operation linked to the notorious Shiny Hunters and Nemesis groups. This operation exploited vulnerabilities and misconfigurations to access sensitive data, including AWS keys, source code, and cryptocurrency wallets.

• Notable Insights:

  • Automation Tools: The attackers utilized tools like ff, httpx, and Shodan to automate exploits across millions of websites and endpoints globally.
  • Data Sales: Stolen data was sold on Telegram by French-speaking individuals, generating revenue in the hundreds of euros.
  • Operational Exposure: An open AWS S3 bucket inadvertently exposed the attackers' tools, techniques, and some identities, including links to Sezyu Kaizen, a convicted member of Shiny Hunters.

• Mitigation Efforts: Collaborating with AWS, researchers mitigated the breach's impact and notified affected parties, highlighting the persistent threat posed by these sophisticated syndicates.

Dell Power Manager Vulnerability

A critical flaw in Dell Power Manager, a tool for managing power settings on Dell systems, was discovered, allowing attackers with local access to execute malicious code and escalate privileges.

• Details:

  • Vulnerability Score: The flaw carries a CVSS score of 7.8.
  • Exploitation: Requires local access but is low in complexity and does not need user interaction.

• Response: Dell promptly released version 3.17 to address the issue, urging immediate updates due to the absence of workarounds, thereby emphasizing the importance of timely patching and robust endpoint security.

TikTok's Efforts to Delay U.S. Ban

TikTok sought a federal court injunction to postpone a U.S. ban slated for January 19th, challenging the D.C. Circuit Court's mandate to sever ties with its Chinese parent company, ByteDance.

• Legal Arguments:

  • National Security: TikTok contends that the ban poses no immediate national security risk.

• Current Status: The injunction request is pending, which could allow the incoming administration to reassess the case, potentially averting the ban and avoiding Supreme Court involvement.

Radiant Capital's $50 Million Cryptocurrency Heist

Radiant Capital reported a significant cryptocurrency theft of $50 million, attributing the attack to North Korean state-affiliated hackers known as Citrine Sleet (UNC4736 or Apple Juice).

• Attack Mechanism:

  • Advanced Exploitation: Bypassed security measures like hardware wallets and multi-signature verification using malware delivered via spoofed Telegram messages.
  • Targeted Networks: Compromised developer devices to authorize transactions on Arbitrum and Binance smart chain networks.

• Response: Radiant is collaborating with U.S. law enforcement and recovery firms to reclaim stolen funds while advocating for enhanced device-level security to prevent future breaches.

Ransomware Attacks on Japanese Firms

Japanese companies, including Kurita Water Industries and Ito N, reported ransomware attacks affecting their U.S. subsidiaries.

• Impact:

  • Kurita Water Industries: Attack on Qurita America resulted in encrypted servers and potential data leaks, though core systems remained operational.
  • Ito N North America: Ransomware impacted servers in Texas, with operations being restored using backup data.

• Trend: These incidents signal a surge in ransomware targeting Japanese firms in 2024, with other major companies like Fujitsu and Game Freak also affected.

WhatsApp's "View Once" Feature Under Scrutiny

Meta’s WhatsApp faced criticism after vulnerabilities in its "View Once" feature allowed attackers to bypass privacy protections using modified web clients.

• Exploitation: Browser extensions ignored content restrictions, enabling recipients to save or share media intended for single views.

• Response: Meta implemented a robust server-side fix in November to block "View Once" media access on web clients, though concerns about metadata exposure and vulnerabilities in mobile clients persist.

• Expert Recommendations: Enhanced device integrity checks and Digital Rights Management (DRM) are suggested to bolster protection.

Spy Loan Malware Targeting Android Users

A surge in malicious loan apps posing as legitimate financial tools has been observed, particularly targeting Android users.

• Threat Details:

  • Prevalence: Over 8 million downloads globally, affecting users in India, Southeast Asia, Africa, and Latin America.
  • Malicious Activities: Theft of financial information, contacts, and location details, leading to financial exploitation, blackmail, and harassment.

• Mitigation: Authorities are intensifying efforts to combat these threats, emphasizing the need for stronger security measures and heightened user vigilance.

Romanian Electricity Distributor Ransomware Attack

Electrica Group, a major Romanian electricity distributor, is investigating an ongoing ransomware attack that has not yet impacted its critical SCADA systems.

• Impact: Temporary disruptions are in place to safeguard infrastructure and data, serving over 3.8 million customers.

• Context: This incident follows a report of over 85,000 cyberattacks targeting Romania's election infrastructure, underscoring the nation’s escalating cybersecurity challenges.

Industry Voices: Offensive Security with Jason Lamar of Cobalt

In the Industry Voices segment, Jason Lamar, Senior Vice President of Product at Cobalt, shares his expertise on the importance and evolution of offensive security.

The Crucial Role of Offensive Security

Jason Lamar emphasizes, “[16:47] Red teaming is crucial because it helps organizations understand their high-risk scenarios and assess how their defenses perform against simulated attacks.”

• Proactive Measures: Offensive security involves being proactive to safeguard businesses against evolving cyber threats through methods like penetration testing and red teaming.

Penetration Testing as a Service (PTaaS)

Lamar discusses the landscape of PTaaS, highlighting both its benefits and challenges.

• Types of Offerings: He notes, “[17:38] There’s a lot of snake oil in the market, with many providers offering automated scans masquerading as pen tests. It's essential to evaluate providers based on their methodology and experience."

• Provider Selection: Lamar recommends using resources like GigaOM’s Radar to assess providers' capabilities, scalability, and integration strengths.

Setting Testing Cadence

Establishing an appropriate testing frequency is vital for maintaining security integrity.

• Customization: “[20:49] Setting a cadence for penetration testing depends on your application’s maturity, change frequency, and the specific risks you aim to mitigate.” Regular assessments can range from annual tests to agile testing aligned with development cycles.

Advantages of External Providers

Engaging external offensive security providers offers several benefits over in-house testing.

• Expertise and Flexibility: “[23:18] External providers bring specialized expertise and flexible resources, allowing organizations to scale their testing efforts without the overhead of maintaining an in-house team.” This is particularly beneficial for handling surge capacities and diverse testing needs.

• Building Relationships: Establishing relationships with trusted providers ensures a deeper understanding of the organization’s unique security landscape, facilitating more effective and tailored security assessments.

Addressing Intimidation in Testing

Lamar reassures organizations that engaging with offensive security experts need not be intimidating.

• Collaborative Approach: “[26:08] Trusted providers, who conduct thousands of tests annually, are adept at easing client concerns and tailoring their approach to meet specific needs.” Open dialogue and mutual understanding are key to successful engagements.

Groundbreaking Advances in Quantum Computing

The episode concludes with a discussion on Google's latest quantum computing achievement – the Willow chip.

Google's Willow Chip Milestone

Hartmut Nevin, Head of Google Quantum AI, announced that the Willow chip successfully addresses error correction challenges in scaling quantum computers.

• Innovation: Unlike traditional approaches where adding more qubits increases errors, Willow reduces errors as more qubits are integrated, marking a historic advancement since Peter Shor's introduction of quantum error correction in 1995.

• Significance: Nevin stated, “[27:02] We’ve built the first convincing prototype for a scalable logical qubit, bringing us closer to functional large-scale quantum computers.”

Industry Perspective

While Willow represents a significant leap, experts caution that practical quantum computing remains in its experimental phase.

• Competitive Landscape: Google’s progress is juxtaposed with IBM’s ongoing efforts, including a $100 million initiative with U.S. and Japanese universities to develop quantum-centric supercomputers.

• Collaborative Necessity: Quantum industry veteran Bob Sutor highlighted, “[27:45] Progress in quantum computing requires collaboration across regions and alliances, beyond mere financial investment.”

• Future Outlook: Despite Willow’s success, the path to practical quantum computing is fraught with challenges, debates, and intense competition, underscoring the need for continued innovation and cooperation within the industry.

Conclusion

The "Buckets of Trouble" episode of CyberWire Daily provides a thorough examination of recent cybersecurity threats, vulnerabilities, and advancements. From uncovering sophisticated hacking operations and addressing critical software vulnerabilities to exploring the future of quantum computing and the nuances of offensive security, the episode delivers valuable insights for cybersecurity professionals and enthusiasts alike. The expert commentary by Jason Lamar enriches the discussion, offering practical advice on enhancing organizational security through proactive measures. As the cybersecurity landscape continues to evolve, staying informed and adaptable remains paramount.

[Listen to the full episode and access detailed show notes at thecyberwire.com.](https://thecyberwire.com)