OCC breach jolts financial sector. - CyberWire Daily

Summary9 min read

CyberWire Daily: "OCC Breach Jolts Financial Sector" Summary

Release Date: April 15, 2025
Host/Author: N2K Networks

1. Major OCC Breach Impacts US Financial Sector

Overview:
A significant cyber breach at the Office of the Comptroller of the Currency (OCC) has caused major disruptions within the US financial sector. Leading institutions, including JP Morgan Chase and BNY Mellon, have temporarily halted electronic communications with the OCC following unauthorized access to the agency's email system.

Key Details:

Breach Impact: Hackers infiltrated over 100 OCC accounts for more than a year, raising alarms about potential exposure of sensitive information, including banks' cybersecurity reports and national security letters.
Response Efforts: The OCC is collaborating with cybersecurity firms Microsoft, CrowdStrike, and Mandiant to investigate the breach. On-site examiners retain access, but the compromised data heightens concerns about future cyber threats.
Consequences: The breach has prompted congressional scrutiny and intensified worries regarding the effectiveness of the OCC's cybersecurity measures. Experts highlight a significant erosion of trust between financial institutions and regulatory bodies.

Notable Quote:
Dave Buettner highlights the severity of the situation:
"This incident, now deemed a major breach, has triggered congressional scrutiny and raised concerns about the OCC's cybersecurity safeguards, with experts warning that trust between banks and regulators has been fundamentally shaken."
[Timestamp: 00:02]

2. CISA Faces Significant Staff Reductions

Overview:
The Cybersecurity and Infrastructure Security Agency (CISA) is undergoing substantial staffing cuts, with reports indicating a potential loss of up to 1,300 employees, roughly one-third of its workforce.

Key Details:

Reason for Cuts: Staff members are facing a deadline to either accept resignation or take payout offers as part of broader federal cyber staffing reductions.
Impact: The reduction threatens to weaken the nation's defenses against cyber threats targeting critical infrastructure sectors such as water, energy, and transportation.
Atmosphere: Current reports describe a chaotic environment within CISA, with many employees considering moves to the private sector.
CISA's Stance: Despite the cuts, CISA remains committed to supporting its employees and maintaining its core mission.

Notable Quote:
Dave Buettner underscores the gravity of the staffing situation:
"The scope of the reductions far exceeds previous cuts and threatens to cripple key divisions within the federal Cyber Defense Agency."
[Timestamp: 03:20]

3. China Accuses US Operatives of Cyberattacks During Asian Games

Overview:
China has formally accused three alleged US operatives of conducting cyber attacks during the February Asian Games held in Harbin.

Key Details:

Allegations: The individuals, purportedly linked to the NSA, targeted event management systems housing sensitive personal data, disrupting game operations and impacting critical infrastructure in Heilongjiang Province, including energy, telecom, and defense sectors, as well as tech giant Huawei.
China's Response: China claims the attacks caused significant national harm and has called on the US to halt its purported cyber operations, vowing to implement further cybersecurity protections.
US Position: The United States has not responded to these accusations. This incident exacerbates the ongoing cyber espionage tensions between the two nations.

Notable Quote:
Dave Buettner summarizes the diplomatic tension:
"Both countries routinely blame each other for cyber espionage, fueling ongoing tensions in cyberspace."
[Timestamp: 05:50]

4. Microsoft Teams File Sharing Disruptions

Overview:
Microsoft Teams experienced significant file sharing issues, affecting users' ability to access files, particularly through SharePoint.

Key Details:

Issue Reporting: Users reported widespread difficulties despite the Microsoft 365 Service Health page initially indicating no problems.
Current Status: Microsoft acknowledged the disruption via its Microsoft 365 Status account and is actively investigating the cause.
Recommendations: Until resolved, Microsoft advises users to utilize alternative platforms like OneDrive for file sharing.

Notable Quote:
Dave Buettner details the situation:
"Users reported widespread difficulties accessing files, particularly via SharePoint. Microsoft has not provided a fix timeline but recommends using alternatives like OneDrive for sharing."
[Timestamp: 07:15]

5. Fraudsters Exploit ChatGPT for Fake Passports

Overview:
Cybercriminals are leveraging OpenAI's ChatGPT image generator to create realistic fake passports swiftly, marking a new era in document forgery.

Key Details:

Methodology: By manipulating prompts, fraudsters bypass ChatGPT's safeguards, producing convincing passport images without requiring advanced technical skills or illicit tools.
Implications: This development facilitates various scams, including new account fraud, insurance fraud, and identity theft, undermining traditional ID verification methods.
Expert Recommendations: To counter these threats, experts advocate for enhanced defenses such as NFC-based document checks, liveness detection, and device-anchored identity verification.

Notable Quote:
Dave Buettner highlights the evolution in cybercrime tactics:
"This ease enables scams like new account fraud, insurance fraud, and identity theft. Traditional ID verification methods such as photo uploads are now vulnerable."
[Timestamp: 09:45]

6. Hertz Confirms Data Theft from Clio Ransomware Attack

Overview:
Car rental giant Hertz has confirmed that customer data was compromised during last year's Clio ransomware attacks, which exploited CLIO file transfer software.

Key Details:

Affected Entities: The breach impacted Hertz, Dollar, and Thrifty customers, exposing personal information including names, contact details, birth dates, credit card information, driver's licenses, Social Security numbers, and medical claim data.
Data Source: The stolen information originated from the Clio product used by Hertz.
Current Measures: While there is no evidence of data misuse, Hertz is offering two years of identity and dark web monitoring services to affected customers.

Notable Quote:
Dave Buettner explains the breach's scope:
"The breach affected Hertz Dollar and Thrifty customers, exposing personal details like names, contact info, birth dates, credit card and driver's license data and, in some cases, Social Security numbers and medical claim information."
[Timestamp: 11:30]

7. New Process Injection Method: Waiting Thread Hijacking

Overview:
Checkpoint Research has identified a novel process injection technique named "Waiting Thread Hijacking" (WTH), offering a more stealthy alternative to traditional thread hijacking methods.

Key Details:

Technique: Unlike conventional methods that modify active threads and are often detected by endpoint detection systems, WTH targets dormant threads within Windows thread pools.
Execution: WTH manipulates the return addresses of waiting threads to redirect execution to malicious code without triggering typical security alerts.
Advantages: This method avoids high-risk APIs, uses standard operations to evade detection, and can distribute its actions across multiple processes, making it harder for security tools to recognize behavioral anomalies.
Implications: WTH signifies the advancing sophistication of cyber threats, emphasizing the necessity for enhanced behavioral analysis in cybersecurity defenses.

Notable Quote:
Dave Buettner emphasizes the stealthiness of WTH:
"This approach avoids the use of high-risk APIs, instead utilizing standard operations to further evade detection."
[Timestamp: 12:20]

8. Rise of macOS Malware as a Service: Inari Loader

Overview:
A new macOS malware known as Inari Loader is being sold on underground forums, representing a significant escalation in targeted cyberattacks against Apple systems.

Key Details:

Features: Inari Loader offers a premium toolkit with remote desktop access, advanced data exfiltration, and password bypass capabilities, enabling attackers to harvest credentials without deploying fake prompts.
Deployment: The modular malware can be distributed via multiple vectors, including DMG files and malicious applications, and reportedly evades detection without additional obfuscation.
Cost: Priced between $5,000 and $10,000 per month, Inari Loader is more expensive than competitors like Atomic and Banshee, reflecting its enhanced features.
Trend: This malware adds to a growing array of macOS threats, such as Macstealer and Metastealer, signaling a broader exploitation of Apple systems.
Preventive Measures: Users are advised to remain vigilant by avoiding unverified downloads, enabling two-factor authentication (2FA), and keeping devices updated with the latest security patches.

Notable Quote:
Dave Buettner warns about the implications for macOS users:
"This development could lead to broader exploitation of macOS systems. Users should stay alert, avoid unverified downloads, enable 2FA, and keep their devices updated with the latest security patches."
[Timestamp: 14:10]

9. UK Man Sentenced for Phishing Platform 'Lab Host'

Overview:
Zach Coyne, a 23-year-old from Huddersfield, UK, has been sentenced to over eight years in prison for orchestrating Lab Host, one of the world's largest phishing-as-a-service platforms.

Key Details:

Operations: From 2021 to 2024, Lab Host facilitated over 2,000 fraudsters in creating fake websites that mimicked banks, healthcare providers, and postal services to steal personal and financial data.
Impact: The platform enabled global fraud operations, resulting in losses exceeding £100 million.
Modus Operandi: Coyne profited by charging membership fees for access to pre-made phishing templates or custom-built sites.
Dismantling Efforts: Lab Host was taken down in April 2024 following a significant international operation involving the Met Police, NCA, Microsoft, and Europol, resulting in 24 arrests and searches of over 70 locations.
Significance: This case underscores the increasing commitment of law enforcement agencies to dismantle cybercrime infrastructures and prosecute those facilitating large-scale fraud.

Notable Quote:
Dave Buettner highlights the prosecutorial achievement:
"This case highlights law enforcement's growing focus on dismantling cybercrime infrastructure and prosecuting those who enable mass fraud."
[Timestamp: 15:25]

10. Podcast Previews

a. CISO Perspectives Podcast with Kim Jones

Topic: Is the Cyber Talent Ecosystem Broken?

Overview:
Kim Jones previews the newly relaunched CISO Perspectives podcast, focusing on the enduring challenges within the cyber talent ecosystem.

Key Points:

Season Focus: The season will delve into the multifaceted issues CISOs face regarding cyber talent, exploring both the limitations of the current ecosystem and potential improvements.
Discussion Themes: Topics include creating comprehensive job descriptions, fostering non-traditional career pathways, and addressing the disconnect between emerging talent and organizational needs.
Objective: To provide listeners with strategic insights and actionable steps to bridge the gap in the cyber talent market, featuring expert guests to offer diverse perspectives.

Notable Quote:
Kim Jones expresses optimism about addressing the talent crisis:
"Any good cyber professional is always optimistic because you can't be a pessimist and do this work, plain and simple."
[Timestamp: 17:14]

b. Threat Vector Podcast with David Moulton and Rob Wright

Topic: Overlooked Threats and AI Security Risks

Overview:
David Moulton and Rob Wright discuss the cybersecurity stories that are often overshadowed by overhyped AI fears, emphasizing the real risks posed by certificate authorities and other critical issues.

Key Points:

Role of Journalists: Highlighting the importance of accurate and focused reporting in cybersecurity journalism to avoid AI-related hype that diverts attention from genuine threats.
AI Concerns: Addressing the challenges of verifying AI-related security claims and the potential for AI-generated misinformation.
Certification Risks: Exploring vulnerabilities within certificate authorities that pose significant threats to cybersecurity infrastructure.

Notable Quote:
Rob Wright advises caution in evaluating AI applications:
"If you can't get that right, if you can't get that right, stop, stop. And you know, I'm not saying throw the vendor out, but just reevaluate."
[Timestamp: 24:29]

Conclusion

The April 15, 2025 episode of CyberWire Daily provides an in-depth analysis of critical cybersecurity incidents impacting the financial sector, governmental agencies, and global infrastructure. From significant breaches and innovative cyberattack methods to the evolving challenges in the cyber talent ecosystem, the episode offers a comprehensive overview of the current cybersecurity landscape. Additionally, the previews of upcoming podcasts underscore the ongoing discourse around talent shortages and the nuanced threats posed by emerging technologies like AI.

Stay informed and ahead in the rapidly changing world of cybersecurity by tuning into CyberWire Daily and exploring the featured podcasts for expert insights and strategic perspectives.

Notable Contributors:

Dave Buettner: Host of CyberWire Daily
Kim Jones: Host of CISO Perspectives Podcast
David Moulton: Director of Thought Leadership at Unit 42, Host of Threat Vector Podcast
Rob Wright: Security News Director at Informa TechTarget

Produced by:
N2K Networks

This summary is intended to provide a comprehensive overview of the CyberWire Daily episode titled "OCC Breach Jolts Financial Sector." For detailed information and continuous updates, listeners are encouraged to subscribe to the CyberWire Daily podcast.

Loading summary

Transcript23 lines

[00:02]
Dave Buettner
You're listening to the CyberWire network, powered by N2K. Cyber threats are evolving every second, and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant. Some US Banks pause electronic communications with the OCC following a major breach of the agency's email system Uncertainty spreads at CISA China accuses three alleged US Operatives of conducting cyber attacks during February's Asian Games. Microsoft Teams suffers file sharing issues Fraudsters use ChatGPT to create fake passports Car rental giant Hertz confirms data stolen in last year's Clio breach. Researchers describe a novel process injection method called Waiting thread hijacking A new macOS malware as a service threat is being sold on underground forums. A UK man is sentenced to over eight years for masterminding the lab host phishing platform. Kim Jones joins us with a preview of the newly relaunched CISO Perspectives podcast. David Moulton from Unit 42 sits down with Rob Wright, security news director at Informa Tech Target for the latest threat vector and Fighting the flood of AI generated experts it's Tuesday, April 15, 2025. I'm Dave Buettner and this is your CyberWire Intel Brief. Foreign thanks for joining us here today. It's great to have you with us. Several major US Banks, including JP Morgan Chase and BNY Mellon, have paused electronic communications with the Office of the Comptroller of the Currency, the occ, following a major breach of the agency's email system, Bloomberg reports hackers accessed over 100 accounts for more than a year, prompting fears that sensitive data such as banks, cybersecurity reports and even national security letters may have been exposed. The OCC is working with Microsoft, CrowdStrike and Mandiant to investigate. Though on site examiners still have access, banks worry the compromised data could aid future cyber attacks. The incident, now deemed a major breach, has triggered congressional scrutiny and raised concerns about the OCC's cybersecurity safeguards, with experts warning that trust between banks and regulators has been fundamentally shaken. Uncertainty is spreading at the US Cybersecurity and Infrastructure Security Agency as staff face a deadline to accept resignation or payout offers from the Department of Homeland Security. But reports suggest CISA could lose up to 1300 employees, about a third of its workforce, amid broader federal cyber staffing cuts. The move has alarmed officials and experts who warn it could weaken the nation's defenses against cyber threats to critical infrastructure like water, energy and transportation. Staff describe the atmosphere as chaotic, with many eyeing exits to the private sector. CISA says it's committed to supporting employees while continuing its mission. However, the scope of the reductions far exceeds previous cuts and threatens to cripple key divisions within the federal Cyber Defense Agency. China has accused three alleged US operatives of conducting cyberattacks during February's Asian Games in Harbin. According to Chinese authorities, the individuals reportedly linked to the NSA targeted event management systems holding sensitive personal data. The cyber attacks allegedly disrupted games operations and extended to critical infrastructure in Heilongjiang Province, including energy, telecom and defense institutions, as well as tech giant Huawei. China claims the attacks caused serious national harm and and has urged the US to stop its alleged cyber operations. While offering no concrete evidence, China says it will take further steps to protect its cybersecurity. The US has not responded to the accusations. Both countries routinely blame each other for cyber espionage, fueling ongoing tensions in cyberspace. Earlier today, Microsoft Teams users experienced a major issue affecting file sharing, prompting an ongoing investigation by Microsoft. The company acknowledged the disruption via its Microsoft 365 Status account and is tracking the issue. Although the Microsoft 365 Service Health page initially showed no problems, users reported widespread difficulties accessing files, particularly via SharePoint. Microsoft has not provided a fix timeline, but recommends using alternatives like OneDrive for sharing. OpenAI's ChatGPT image generator has been exploited to create realistic fake passports in minutes, According to the 2025 Cato Control Threat Report. This marks a major shift in cybercrime where generative AI allows non experts termed zero knowledge threat actors to forge documents without coding skills or access to illicit tools. By tweaking prompts, users can bypass ChatGPT's safeguards, producing convincing passports for fraud. This ease enables scams like new account fraud, insurance fraud and identity theft. Traditional ID verification methods such as photo uploads are now vulnerable. Experts urge stronger defenses like NFC based document checks, liveness detection and and device anchored identity verification. Car rental giant Hertz has confirmed that customer data was stolen in last year's CLOP ransomware attacks exploiting CLIO file transfer software. The breach affected Hertz Dollar and thrifty customers, exposing personal details like names, contact info, birth dates, credit card and driver's license data and and in some cases Social Security numbers and medical claim information. The stolen files came from a Clio product used by Hertz. While there's no evidence of misuse, Hertz is offering two years of identity and dark Web monitoring. Checkpoint Research describes a novel process injection method called weighting thread hijacking, offering a stealthier alternative to traditional thread hijacking techniques. Unlike conventional methods that rely on suspending and modifying active threads, actions often detected by endpoint detection and response systems, WTH targets dormant threads within Windows thread pools by identifying threads in a waiting state. WTH manipulates their return addresses to redirect execution to malicious code without triggering common security alerts. This approach avoids the use of high risk APIs, instead utilizing standard operations to further evade detection. The technique can distribute its steps across multiple processes, obfuscating behavioral signatures typically monitored by security tools. WTH exemplifies the evolving tactics in cyber threats, emphasizing the need for advanced behavioral analysis in cybersecurity defenses. A new macOS malware as a service threat Inari Loader is being sold on underground forums, marking a serious escalation in Apple targeted cyberattacks. Unlike previous macOS stealers, Inari offers a premium toolkit with remote desktop access, advanced data exfiltration and password bypass capabilities, allowing attackers to harvest credentials without fake prompts. The malware is modular and can be deployed through multiple vectors like DMG files or malicious apps. It also reportedly evades detection without adding obfuscation. Offered at between $5,000 and $10,000 per month, it's priced well above competitors like Atomic and Banshee. Likely reflecting its powerful features, the loader adds to a growing wave of macOS threats seen in 2023 and 24, such as Macstealer and Metastealer. Researchers warn this development could lead to broader exploitation of macOS systems. Users should stay alert, avoid unverified downloads, enable 2fa and keep their devices updated with the latest security patches. Zach Coyne, age 23, from Huddersfield in the UK, has been sentenced to eight and a half years in prison for creating Lab Host, one of the world's largest phishing as a service platforms operating from 2021 to 2024, Labhost was used by over 2,000 fraudsters to build fake websites, imitating banks, healthcare providers and postal services to steal personal and financial data. The platform enabled global fraud, causing losses exceeding 100 million pounds, far more than initially estimated. Coyne profited by charging membership fees for access to pre made fishing templates or custom built sites. Labhost was dismantled in April 2024 following a major international takedown involving the Met Police, NCA, Microsoft and Europol authorities also arrested 24 suspects and searched over 70 locations. This case highlights law enforcement's growing focus on dismantling cybercrime infrastructure and prosecuting those who enable mass Frau Coming up after the break, Kim Jones joins us with a preview of the newly relaunched CISO Perspectives podcast. David Moulton sits down with Rob Wright from Inform A Tech Target for the latest threat vector and fighting the flood of AI generated experts. Foreign what's the common denominator in security incidents? Escalations and lateral movement? When a privileged account is compromised, attackers can seize control of critical assets with bad directory hygiene and years of technical debt. Identity attack paths are easy targets for threat actors to exploit, but hard for defenders to detect. This poses risk in active directory, entra ID and hybrid configurations. Identity leaders are reducing such risks with attack path management. You can learn how attack path management is connecting identity and security teams while reducing risk with Bloodhound Enterprise powered by Spectrops. Head to Spectrops IO today to learn more. Spectre Ops See your attack paths the way adversaries do it is my pleasure to welcome back to the show Kim Jones. He is the host of CISO Perspectives, our newly rebooted program that is part of Cyberwire Pro. Kim, welcome back.
[12:47]
Kim Jones
It's good to be back. Thanks Dave.
[12:50]
Dave Buettner
Well, let's talk about the episode that you're kicking off this season with and it's titled Is the Cyber Talent Ecosystem Broken? I have to say this is an intriguing title to me. I have my own thoughts, but I'm curious what led you to decide this was how you're gonna lead off the system and what went into creating this episode?
[13:10]
Kim Jones
Well, one of the approaches that I wanted to take this season was to focus on depth of issues. So there's a lot of big tractable things out there that CISOs face that either get passing consideration during a 30 minute podcast or usually a session at a conference and that we don't go into any depth in except maybe at the bar after the conference session. So what I wanted to do with this podcast is to take a multi episode arc regarding some of those more tractable problems that are out there and one of the ones that I hear about regularly and that we talk about regularly is the cyber talent ecosystem. So what we're going to do through the bulk of this season is talk about various aspects of the talent problem. So I wanted to start with an overview of what we are seeing out there within the market space and some of the challenges that we're facing via the various ways that people can come into cyber versus some of the complaints that we have as senior cyber leaders regarding what the ecosystem is or is not doing for us. And look at what not only the ecosystem could do better, but frankly what we could do better to make it, to make it work for us. Because I think that's a problem that we haven't addressed for, hell, decades now.
[14:44]
Dave Buettner
You know, I think it's fair to say that this is a hot button issue for a lot of people. This kind of disconnect between, you know, the one hand is saying we have all these missing, we don't have enough people to fill the positions in cyber, and then the other side are people who are newly have earned their credentials and they're saying, nobody will hire me. And there's a lot of sort of talking past each other and trying to get past this frustration. Is that a frustration you've seen and one you share?
[15:16]
Kim Jones
It's one that I have seen, absolutely. It's one that I share slightly. And I say slightly because one of the things I try and do is walk the talk, if you will, and normalize things in my environment and eat and breathe what I say that I want within the environment. And that includes doing things like creating a proper job descriptions, creating pathways that don't require everyone to go to college, hiring people from non traditional pathways, and doing the things that. So that we're consistently solving all pieces of that problem. What we're going to talk about, starting with this episode and throughout the season, is many cases what lots of people are doing are just tackling one piece of that and then still complaining as to why things aren't working well. You know, we complain that the individual who has come up through a training or career transition program doesn't have the skills that are needed yet when we sit down and I actually use this example in my first, you know, in this first episode, I've sat down with a handful of Fortune 500 CISOs and said, Tell me what you want. And then when you try to ask them to tell them what you want and you say, okay, so if I can build what you want, you'll hire these folks, right? And then everyone starts backpedaling. Then when you push them to say tell me what you want, you get a. I'm not avoiding the question, I'm not telling you because we're really not sure. And you know, if you don't know where you want to go, then any destination will get you there or no destination will get you there, as Lewis Carroll used to say. So, yeah, it's a frustration for me that after almost 40 years in this profession, we still can't figure out what we want to be when we grow up and help people get there. And that's wrong.
[17:04]
Dave Buettner
Yeah. Are you hopeful or optimistic that we're perhaps able to take a serious look at this and fix it?
[17:15]
Kim Jones
Any good cyber professional is always optimistic because you can't be a pessimist and do this work, plain and simple. What I am hoping to do through the course of the season is provide listeners all of the pieces and parts for them to put together. And then as we look at each episode, Here are some things that you can do to address this piece. Here are some things that you can do to address this piece so that they have a strategic viewpoint on this problem. And it's not just me. I'm inviting in subject matter experts and other guests, et cetera, to bring their perspective to the problem as well. So it isn't just me railing at the microphone every week. It's truly bringing people who say, okay, here's the starting point. I use the analogy what we're doing is we're setting the table. And that's just me talking about what I see in this beginning, in these pieces as we begin the episode. Then we invite experts to dine with us and then I bring somebody else in and we deep dive on that piece of it. And then we do that and just build, hopefully a look at all of the aspects of the challenge and give people a holistic. I won't call it a roadmap, but I'm not fully caffeinated, so I probably will. So a roadmap in terms of things to consider in terms of solving it. So I'm ever hopeful, man.
[18:40]
Dave Buettner
Yeah. Well, the show is CISO Perspectives. It is part of Cyberwire Pro right here on the N2K CyberWire network and Kim Jones is the host. Kim, thanks so much for joining us.
[18:52]
Kim Jones
Looking forward to it, man. And I'm looking forward to talking to you about our next episode.
[18:56]
Dave Buettner
Next week we'll do it.
[18:58]
Kim Jones
Thanks.
[19:06]
Dave Buettner
On this week's preview of the Threat Vector Podcast, David Moulton, director of thought leadership at unit 42, is joined by Rob Wright, Security News director at Informa TechTarget. They're discussing the stories the industry overlooks overhyped AI security fears and the real risks posed by certificate authorities.
[19:30]
David Moulton
Hi, I'm David Moulton, host of the Threat Vector Podcast, where we discuss pressing cybersecurity threats and resilience and uncover insights into the latest industry trends. In my latest episode of Threat vector I sat down with Rob Wright, security news director at Informa Tech Target, to ask a deceptively simple are we actually paying attention to the threats that matter? Rob's been covering cybersecurity for over a decade, and in this conversation he unpacks the stories the media often misses and the ones it may be getting wrong. We talk about the uncomfortable truth behind certificate authorities, why deepfakes might be getting too much credit, and how AI headlines can obscure more than they reveal. If you've ever wondered what goes on behind the scenes in cybersecurity journalism and what industry risks are flying just under the radar, you're going to want to hear this. Check out the episode wherever you listen to podcasts. Rob, this may be a loaded question given the current news media landscape, but how do you view your role as a cybersecurity journalist and what drives your approach to covering this industry?
[20:44]
Rob Wright
Yeah, I do consider myself a cybersecurity news reporter in terms of what drives my approach. It's changed a lot. The urgency around cybersecurity has increased what feels like, I don't know, at least tenfold over the last few years. So we try to, I try to cover the stuff that I think has the biggest impact on the masses. So not just enterprise security, but also, you know, government and citizens at large, I guess, because it really has gone from the beat's, gone from enterprise to just, I mean, this is something the whole world, I guess, has to deal with now.
[21:33]
David Moulton
So who do you see as your main audience?
[21:38]
Rob Wright
We try to deliver our news with a hypothetical reader in mind. And that hypothetical reader is a practitioner, a technology practitioner, somebody that works in IT or IT security within an enterprise organization or government organization. But yeah, we try to deliver our content to the folks that are actually working with this stuff. There's always room for some of the general consumer news out there and obviously some of the beginners that are just getting into this business. But by and large we try to focus on the people that are really into this stuff, that are really working with it every day and that need to know about the types of technologies, the types of threats, the types of goings on that that are important to their jobs.
[22:33]
David Moulton
So I kind of see using AI and how it works as in some ways like talking to another person. If I ask you describe your dinner from last night and then 10 minutes later ask you to describe it to me again, and if you use the exact same story to tell me about what you had, who was there, the overall vibe of dinner in a robotic Fashion in a classic compute model, I would be freaked out by you. But if a computer does that says the exact same thing over and over, I'm like, yeah, that's what I expect. It's a programming problem. I got some inputs, I get an output, it's always the same. And AI breaks that relationship with the machine in a way that causes us to step back and go, oh no. And sometimes you can't tell if it's just doing the analysis of what word next a little different or if it's just BSing you, right. And you don't know. Has it decided to hallucinate? That's a fun term. Or is it just telling you the story in a new way? And I think that's the part that causes me pause. In an industry like security, where you're going, is it telling me that this is a false positive and I move on? Is it telling me that this is an incident and I need to go after it and it doesn't really know it's mathematically assigned a rating and that can be, that's problematic. So solving for that is, I think that's going to be key.
[24:13]
Rob Wright
Great.
[24:14]
David Moulton
Rob, what strategies can cybersecurity professionals and journalists use to verify some of the claims about AI related security incidents to separate the hype that we're seeing from the reality, especially before reporting on them?
[24:29]
Rob Wright
This is hard because I think there's a lot of AI washing and I think there's a tendency for people to kind of get carried away with applications for AI that are really neat and interesting. But like, it's not a one to one, it's not. Just because you can do something over here doesn't mean you can take that same technology and apply it over there. So for example, just because Deep Blue can beat the world's chess chance and you can build an application that is very, very specifically tailored to do one thing really well. Same with Google and AlphaGo, the, the Chinese game Go. It created this game and oh my God. And it beats the world's best Go players. Just because that is out there and you know that that works, doesn't mean you can just take that technology and bolt it on to a cyber security application and have it do wondrous things. I think the thing that people should be aware of, the practitioners out there is that a lot of the stuff is kept in a black box. But if you can get to the vendors and the providers out there that are using this technology and really touting it, just run some simple tests, just run, run simple tests and just see, start small, start innocuous. Don't ask it to like run your sock. Don't ask it to run, you know, don't ask copilot or whatever to just do these complex things. Just start small. I start small with AI. I asked Google AI very simple questions. I asked it a couple weeks ago, what are the what are the best selling American rock bands in the history of modern music? And it comes back with the Rolling Stones, Pink Floyd, acdc, Led Zeppelin. If you can't get that right, if you can't get that right, stop, stop. And you know, I'm not saying throw the vendor out, but just reevaluate. Just say come back to us in a few months when you have that cleaned up and we'll take another look. So I would start small with tasks like, okay, is it picking up these, you know, these, these login attempts from this IP address or the where we've got 100 attempts on this account in this amount of time from this region is a flag unit. Simple, simple stuff. And if it can't get that right, then just move on.
[27:14]
David Moulton
If you like what you heard, catch the full episode now over in your Threat Vector podcast feed. It's called what Cybersecurity Blind Spots Could Lead to the Next major attack from April 10th.
[27:31]
Dave Buettner
Be sure to check out the Threat Vector podcast wherever you get your favorite podcasts. Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like Society and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off. And finally, here at the Cyberwire, we rely on credible experts to provide context and clarity on breaking cyber and tech news. So imagine our concern over reports of a growing number of seemingly authoritative sources, from senior analysts to psychologists that started sounding a little too slick replying to quote requests faster than you can say generative AI. According to Press Gazette, some of these experts flooding journalist inboxes aren't real people at all. They're the product of PR platforms and clever prompts offering ready made commentary attributed to fabricated identities. Like Rebecca, a supposed science educator who's also a budgeting guru and a music industry analyst, or Barbara, who's been quoted by nearly every outlet imaginable but whose main online presence is tied to an adult toy shop. The problem is these fake Personas are often indistinguishable from the real thing until you scratch beneath the surface. In a landscape where trust is everything, this AI enabled fakery is more than a curiosity, it's a credibility crisis. Stay vigilant, my friends. Stay vigilant. And that's the Cyber Wire four Links to all of Today's stories Check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Piffner. Thanks for listening. We'll see you back here tomorrow. Looking for a Career where innovation meets Impact Vanguard's technology team is shaping the future of financial services by solving complex challenges with cutting edge edge solutions. Whether you're passionate about AI, cybersecurity or cloud computing, Vanguard offers a dynamic and collaborative environment where your ideas drive change. With career growth opportunities and a focus on work life balance, you'll have the flexibility to thrive both professionally and personally. Explore open cybersecurity and technology roles today@vanguardjobs.com.