CyberWire Daily Podcast Summary: "It was DDoS, not us." Release Date: January 28, 2025 | Host: Dave Buettner | Produced by N2K Networks

1. Episode Overview

In the January 28, 2025 episode of CyberWire Daily titled "It was DDoS, not us," host Dave Buettner delves into a series of significant cybersecurity events shaping the industry. The episode features an in-depth interview with Bogdan Bodizatu, Director of Threat Research and Reporting at Bitdefender, who explores the intricate world of dark markets and their implications for global cybersecurity.

2. Top Cybersecurity News Highlights

The episode kicks off with a rapid-fire news segment covering critical incidents and developments:

• Deepseek DDoS Attack: Chinese AI firm Deepseek attributes a recent registration outage to a Distributed Denial of Service (DDoS) attack. This disruption temporarily halted new user registrations, although existing users remained unaffected. The incident coincides with rising scrutiny over Deepseek’s security vulnerabilities in its open-source R1AI model, which rivals offerings from OpenAI and Google.

• AT&T Data Breach: Hackers responsible for last year's AT&T data breach have targeted sensitive phone records linked to high-profile individuals, including members of the Trump family, Kamala Harris, and Marco Rubio’s wife. The breach, occurring between May and October 2022, exposed call and text metadata for nearly all AT&T customers. Experts warn of significant national security risks stemming from this extensive data compromise.

• EU Sanctions on Russian Cyber Actors: In response to the 2020 cyberattacks against Estonia, the European Union has sanctioned three Russian GRU officers linked to Unit 29155. These officers are accused of orchestrating sophisticated attacks aimed at undermining Estonia's security and espionage efforts across multiple EU states and Ukraine.

• NGlobal Ransomware Attack: NGlobal Corporation, a key player in the energy sector, disclosed that personal information was compromised during a November 2024 ransomware attack. Over 70,000 individuals have been affected, with sensitive medical and personal data, including Social Security numbers, being exposed.

• SonicWall Vulnerability: The Cybersecurity and Infrastructure Security Agency (CISA) issued a critical warning concerning a severe vulnerability in SonicWall SMA1000 appliances (CVSS score: 9.8). This flaw permits remote command execution without authentication, urging organizations to apply immediate patches or restrict access to trusted IPs.

• Large-Scale Phishing Campaign: A sophisticated phishing operation exploits users' trust in PDF files and the US Postal Service by sending deceptive SMS messages containing malicious PDFs. These files redirect victims to counterfeit USPS websites designed to steal personal and payment information.

• Apple Zero-Day Patch: Apple addressed a zero-day vulnerability affecting multiple devices, including iPhones, iPads, and Macs. This "use after free" flaw allows unauthorized privilege escalation, and the company has released updates to mitigate the risk.

• Ohio-Based Ransomware Impact: A ransomware attack on HCF Management, an operator of skilled nursing and rehabilitation facilities, resulted in unauthorized access to personal and medical data of over 70,000 individuals. The Russian-affiliated Ransom Hub gang claimed responsibility, threatening to release 250 gigabytes of stolen data.

3. In-Depth Interview: Bogdan Bodizatu on Dark Markets

Guest: Bogdan Bodizatu, Director of Threat Research and Reporting at Bitdefender
Topic: Exploring the dark market subculture and its cybersecurity implications

a. Understanding Dark Markets

Bogdan Bodizatu provides a comprehensive overview of dark markets, highlighting their role as clandestine platforms for illicit trade:

[15:38] Bogdan Bodizatu: "A dark market is a closed marketplace that's usually anonymized on what we call the dark web... these markets are like online stores but for crime."

b. Types of Dark Markets

Bogdan differentiates between highly restrictive and more permissive dark markets:

[16:17] Bogdan Bodizatu: "There are two different types of dark markets. Restricted ones require vetting or formal introductions and sell high-end illicit goods, while less restrictive markets allow easier access, catering to mass-market illicit items like recreational drugs and stolen data."

c. Law Enforcement Engagement

The discussion shifts to the interaction between dark markets and law enforcement:

[19:02] Bogdan Bodizatu: "These dark markets pose a real threat... police will normally lurk on these dark markets, but they don't have the necessary amount of skill and free time to go after each and every one."

d. Implications for CISOs

Bogdan offers strategic advice for Chief Information Security Officers (CISOs) on monitoring and mitigating risks associated with dark markets:

[23:56] Bogdan Bodizatu: "CISOs should monitor any activity involving the Tor browser and the Darknet... Blocking access at the gateway level is essential unless it's necessary for specific organizational roles like journalism or law enforcement."

4. AI and Ethical Data Handling with Software Heritage

Beyond the interview, the episode touches on the efforts of Software Heritage, a nonprofit dedicated to cleaning up the AI industry's data practices:

• Mission and Initiatives: Software Heritage has amassed over 22 billion source files from platforms like GitHub to create the world's largest repository of ethically sourced code. Their initiative, Code Commons, seeks to ensure AI training datasets are transparent, reproducible, and accountable.

• Challenges: The organization faces significant hurdles, including unifying messy metadata, developing opt-out tools for developers, and aligning training data with open-source licenses. Their ambitious goal includes creating tools to detect when AI-generated outputs resemble existing code, promoting responsible AI development.

[25:23] Dave Buettner: "AI coding assistants are revolutionizing programming, but their mystery box training data raises ethical questions. Enter Software Heritage, a nonprofit on a mission to clean up the AI industry's mess."

5. Key Takeaways and Conclusions

• Evolving Threat Landscape: The cybersecurity landscape continues to evolve with sophisticated attacks targeting both corporate and individual data across various sectors.

• Dark Markets as Persistent Threats: Dark markets represent a significant and ongoing threat, facilitating the trade of illicit goods and services while posing challenges for law enforcement and organizational security.

• Importance of Proactive Defense: CISOs and security professionals must adopt proactive measures, including monitoring for dark web activities and patching vulnerabilities promptly, to safeguard their organizations.

• Ethical AI Development: Initiatives like those undertaken by Software Heritage are crucial in ensuring that AI development progresses responsibly, with transparent and ethically sourced data.

6. Additional Resources

• Deep SEQ Analysis by Ben Thompson: An insightful explainer on Deepseek and its significance, available through the podcast's show notes.

• Links to All Stories: Access comprehensive coverage of today's stories and additional insights by visiting daily briefing@thecyberwire.com.

7. Feedback and Engagement

Listeners are encouraged to share their thoughts and feedback to help the CyberWire team deliver pertinent and timely cybersecurity insights. Rating and reviewing the podcast on your preferred platform, filling out the survey in the show notes, or emailing cyberwire2k.com are excellent ways to contribute.

Produced by: Liz Stokes
Mixer: Trey Hester
Music and Sound Design: Elliot Peltzman
Executive Editor: Jennifer Ibin
Executive Producer: Brandon Karp
President: Simone Petrella
Publisher: Peter Kilpe
Host: Dave Buettner

Stay informed and secure with CyberWire Daily, your source for the latest in cybersecurity news and analysis.