CyberWire Daily: "FCC around and find out." – Episode Summary

Release Date: February 6, 2025
Host: Dave Bittner
Guest: Cliff Crossland, CEO and Co-Founder of Scanner.dev

1. Major Cybersecurity News

a. Elon Musk’s DOGE Accesses U.S. Government Records

Elon Musk's Department of Government Efficiency (DOGE) has reportedly gained unauthorized access to sensitive U.S. government records. This breach includes data on millions of federal employees across departments such as the Treasury and State Department.

Dave Bittner [04:30]: "DOGE's involvement raises concerns about potential misuse of personnel data amid threats of retaliation against federal workers by Trump administration officials."

Officials are alarmed by the potential for misuse, given DOGE agents' administrative access, which allows them to install software, alter records, and transfer data externally. The Office of Personnel Management (OPM) is particularly vulnerable, as DOGE's presence has led to mass staff reductions and halted IT upgrades, reminiscent of past breaches like China's 2014 theft of U.S. security clearance records.

The Senate Intelligence Committee has demanded transparency regarding DOGE's vetting processes and system access. Concurrently, a lawsuit challenges OPM’s privacy policies, highlighting risks associated with unencrypted government-wide email deployments.

b. Arrest of Spanish Hacker Targeting NATO, UN, and U.S. Army

Spanish authorities have apprehended an 18-year-old suspect accused of orchestrating cyber attacks against over 40 organizations, including NATO, the United Nations, and the U.S. Army.

Dave Bittner [07:15]: "The suspect allegedly leaked stolen data and managed over 50 cryptocurrency accounts, using multiple online aliases like NATOHub."

Between June 2024 and January 2025, the hacker publicly announced data breaches on various forums, sometimes selling or sharing the stolen information. Authorities seized multiple electronic devices during the arrest, aiming to dismantle his operations.

c. F&B Hiring Platform Exposes Millions of Resumes

A significant data breach has occurred at Fo&Bo, a U.S.-based hiring platform utilized by major brands such as KFC, Taco Bell, and Nordstrom. An unsecured AWS bucket led to the exposure of millions of job applicants' resumes.

Dave Bittner [09:45]: "The leaked data included full names, contact details, birth information, employment history, education, and social media links, heightening the risk of identity theft and targeted phishing scams."

Cybersecurity experts warn that the breach could facilitate the creation of fraudulent accounts and enable attackers to impersonate past employers, thereby tricking victims into divulging financial information or installing malware.

d. Cyber Attacks on British Engineering Firms

British engineering giant IMI has disclosed a cybersecurity incident shortly after a similar attack on its rival, Smith's Group. IMI, known for designing industrial automation and transport products, confirmed unauthorized access to its systems through a London Stock Exchange filing.

Dave Bittner [11:20]: "IMI has engaged cybersecurity experts to investigate and contain the breach, though they have not disclosed details regarding data exfiltration."

Both companies are currently assessing the extent of the attacks, with no recovery timelines provided at this stage.

e. Cisco Addresses Multiple Vulnerabilities

Cisco has released patches for several vulnerabilities, including two critical flaws in its Identity Services Engine. These vulnerabilities could allow authenticated attackers to execute arbitrary commands and manipulate device configurations.

Dave Bittner [13:00]: "Cisco advises that there are no workarounds for these critical vulnerabilities and urges immediate patching."

Additionally, Cisco has identified high-severity SNMP vulnerabilities in iOS, iOS XE, and iOS XR, which could facilitate denial-of-service attacks. Patch releases for these vulnerabilities are anticipated by March.

f. SVG File Exploitation in Phishing Attacks

Sophos researchers have discovered that cybercriminals are increasingly exploiting Scalable Vector Graphics (SVG) files in phishing attacks to bypass email security filters.

Dave Bittner [14:35]: "Attackers disguise SVG files as legitimate documents, redirecting users to fraudulent login pages that steal credentials or deliver malware."

Recommendations to combat these attacks include setting SVG files to open in text editors like Notepad and updating email security solutions to detect malicious SVG attachments.

g. Sparkcat SDK Targets Cryptocurrency Users

A malicious Software Development Kit (SDK) named Sparkcat has been found embedded in Android and iOS apps, aimed at stealing cryptocurrency wallet recovery phrases through optical character recognition.

Dave Bittner [16:00]: "The malware, hidden in SDKs such as Spark, GZIP, Google App SDK, and stat, has been downloaded over 242,000 times, with some infected apps still available on Google Play and the App Store."

Users are advised to uninstall affected apps immediately, scan devices with antivirus software, and avoid storing recovery phrases in screenshots.

h. CISA Mandates Patching of Linux Kernel Flaw

The Cybersecurity and Infrastructure Security Agency (CISA) has directed U.S. federal agencies to patch a high-severity flaw in the Linux kernel’s USB video class driver within three weeks due to active exploitation.

Dave Bittner [17:50]: "This vulnerability allows privilege escalation on unpatched devices, and forensic tools may currently be exploiting it."

CISA also highlighted critical vulnerabilities in Microsoft .NET and Apache Biz, urging manufacturers to enhance network forensic visibility.

i. Thailand’s Crackdown on Online Scamming Syndicates

Thailand has taken decisive action against online scamming hubs in Myanmar by cutting off electricity, fuel, and internet access to these operations.

Dave Bittner [19:30]: "These enclaves, run by organized crime groups, have become centers for cyber fraud targeting victims worldwide, with an estimated daily impact of $2 million on Thailand's economy."

This move follows pressure from China’s Assistant Minister of Public Security, Lui Zhang Ji, and aligns with stronger law enforcement cooperation between Thailand and China to combat cross-border cybercrime.

j. Positive Trends in the Fight Against Ransomware

The landscape of ransomware attacks has seen a notable decline in 2024, with payments dropping by 35% compared to the previous year according to Chainalysis.

Dave Bittner [20:50]: "For the first time in years, ransomware payments have significantly decreased, marking a positive trend in cybersecurity defenses."

This decline is attributed to increased resilience among victims, reduced reliance on cryptocurrency mixers due to sanctions, and the downfall of major ransomware groups like Lockbit and Black Cat. However, new groups such as Akira and Fog have emerged, specializing in exploiting VPN vulnerabilities, indicating that ransomware remains a persistent threat.

2. Expert Interview: Cliff Crossland on Security Data Lakes and the "Bring Your Own Model" Approach

Guest: Cliff Crossland, CEO and Co-Founder of Scanner.dev

a. Evolution of Security Data Lakes

Cliff Crossland elaborates on the concept of data lakes as an evolution beyond traditional data warehouses. Unlike data warehouses that require strict data structuring, data lakes accommodate diverse and unstructured data formats, making them highly scalable and cost-effective for security operations.

Cliff Crossland [17:14]: "Data lakes are starting to become more and more popular, especially in security, because there's just so many different kinds of data to collect."

Data lakes allow organizations to ingest vast amounts of data from various sources into cloud storage solutions like Amazon S3, Azure Blob Storage, or GCP Storage. The primary challenge lies in extracting meaningful insights from this "messy" data, a task that modern tools are increasingly equipped to handle.

b. "Bring Your Own Model" for Security Tools

The “Bring Your Own Model” (BYOM) approach revolutionizes how security tools are deployed by allowing organizations to maintain full data custody while integrating multiple vendor tools.

Cliff Crossland [19:50]: "You keep full data custody. You can get perfect visibility into what's going on and how much compute you're using, how much storage you're using."

This method reduces vendor lock-in by enabling the use of various tools to analyze the same centralized data lake without the need to duplicate data across different platforms. It fosters flexibility, allowing organizations to switch vendors without being tied to a single ecosystem.

c. Scalability and Cost Efficiency

Data lakes offer unparalleled scalability, making it feasible to retain historical data without exorbitant costs.

Cliff Crossland [22:19]: "The beauty of data lakes is that cloud storage is very cheap and can scale forever... you can really drive down costs and make it possible for you to have a lot of visibility into historical data."

With traditional tools limiting log retention to weeks or months, data lakes enable long-term storage and analysis, providing deeper insights and supporting compliance requirements cost-effectively.

d. Data Lake Tools and Future Innovations

Cliff emphasized the advancements in data lake technologies, such as Apache Iceberg and Amazon’s S3 tables, which facilitate easier schema evolution and data management.

Cliff Crossland [27:10]: "Generative AI can do a really good job at helping you figure out what the schema should be and just taking on the annoying transformation work every time you add a new data source."

He envisions a future where data lake tools seamlessly handle diverse data formats, leveraging AI to automate data structuring and enhance usability.

e. Recommendations for Organizations

Cliff advises organizations interested in adopting data lakes to start with their chosen cloud provider’s data lake tools, such as Amazon Athena, Google BigQuery, or Azure Data Lake. He also recommends exploring Apache Iceberg and experimenting with various data sources to determine the best fit for specific use cases.

Cliff Crossland [32:18]: "Start with the different cloud providers' data lake specific tools... play with the different data lake tools that exist out there to see what suits your use case as well."

3. FCC Update: Scam Operations and Regulatory Actions

The episode concludes with a segment on the Federal Communications Commission (FCC) proposing a $4.5 million fine against Voice over IP provider Telnyx. Telnyx allegedly allowed scammers to impersonate a fictitious FCC fraud prevention team, conducting nearly 1,800 fake calls within two days.

Dave Bittner [34:00]: "Scammers will scam, the FCC will fine, and nobody should ever pay government fees in gift cards."

The FCC accuses Telnyx of inadequate customer verification processes, while Telnyx rebuts, claiming compliance with all regulations. The incident serves as a reminder to the public to remain vigilant against scams demanding payments in unconventional forms like Google gift cards.

Conclusion

This episode of CyberWire Daily provided a comprehensive overview of significant cybersecurity incidents, regulatory challenges, and emerging trends in data management and ransomware defense. The in-depth interview with Cliff Crossland offered valuable insights into the future of security data lakes and the benefits of the "Bring Your Own Model" approach, emphasizing scalability, cost-efficiency, and flexibility in modern cybersecurity strategies.

For more detailed information on security data lakes, refer to Scanner.dev's blog linked in the show notes.

Produced by Alice Carruth with contributions from Liz Stokes, mixed by Trey Hester, and featuring original music by Elliot Peltzman. Executive produced by Jennifer Ibin. Publisher: Peter Kilpe.