Open-source, open season. - CyberWire Daily

Summary9 min read

Podcast Summary: CyberWire Daily – "Open-source, Open Season"

Episode Information:

Title: Open-source, Open Season
Release Date: June 25, 2025
Host: Dave Bittner, CyberWire Network, Powered by N2K Networks

1. Overview

In the June 25, 2025 episode of CyberWire Daily, host Dave Bittner delivers an in-depth analysis of recent cybersecurity threats, vulnerabilities, and industry developments. The episode covers a broad spectrum of topics, including cybercriminal activities targeting African financial institutions, exploitation of legitimate software for malicious purposes, emerging security vulnerabilities in everyday devices, and significant industry reports highlighting trends in cyber insurance and identity fraud. Additionally, the episode features an interview with Tim Starks from Cyberscoop, discussing regulatory changes and proposals for federal cyber insurance backstops.

2. Key Cyber Threats and Incidents

a. Cyberattacks Targeting African Financial Institutions

Timestamp: [02:33]
Details: Research from Palo Alto Networks Unit 42 uncovers that cybercriminals, identified as CLCRI 1014, are systematically targeting financial institutions across Africa. These actors utilize open-source tools such as Posh C2, Chisel, and Classroom Spy, originally designed for penetration testing and remote administration, repurposing them to facilitate lateral movement, maintain persistence, and exfiltrate sensitive data.
Quote: "The attackers disguise these tools using forged signatures and names resembling legitimate software." – Dave Bittner [02:33]

b. Abuse of ConnectWise Remote Access Software

Timestamp: [05:00]
Details: Threat actors are exploiting ConnectWise’s remote access software through a technique known as Authenticode Stuffing. By injecting malicious code into the software's certificate table without disrupting its digital signature, attackers create seemingly legitimate applications that bypass security checks. This method is employed in the campaign dubbed "Evil Conwe," where modified ConnectWise clients masquerade as utilities like AI image converters, thereby stealing user credentials.
Quote: "The attackers altered two files in the installer to bypass certificate validation and enable data exfiltration." – Dave Bittner [05:00]

c. Fake SonicWall’s NetXtender VPN App Campaign

Timestamp: [08:15]
Details: SonicWall and Microsoft have identified a widespread campaign involving fake versions of SonicWall’s NetXtender VPN application. These counterfeit installers, signed with fraudulent certificates and distributed via spoofed download sites, capture VPN credentials, usernames, and passwords, sending them to remote servers. The malware’s stealth tactics include bypassing certificate validations and hiding installation indicators.
Quote: "Users are advised to download software only from trusted sources like official vendor websites to avoid falling victim to similar credential-stealing campaigns." – Dave Bittner [08:15]

d. CISA and NSA’s Guide on Memory Safe Languages

Timestamp: [10:00]
Details: The Cybersecurity and Infrastructure Security Agency (CISA) alongside the National Security Agency (NSA) have released a comprehensive guide advocating for the adoption of memory safe languages (MSLs) such as Rust, Java, Go, and Python. These languages incorporate built-in protections like bounds checking and automated memory management, significantly reducing vulnerabilities like buffer overflows and use-after-free errors, which constitute up to 75% of Common Vulnerabilities and Exposures (CVEs) in major platforms.
Quote: "The guide recommends starting with memory safe languages in new projects and high-risk components rather than rewriting all existing code." – Dave Bittner [10:00]

e. Security Vulnerabilities in Printing Devices

Timestamp: [12:45]
Details: Rapid7 researchers have identified eight critical security vulnerabilities affecting nearly 700 models of Brother printers, scanners, and label makers, as well as devices from Fujifilm, Ricoh, Konica, Minolta, and Toshiba. The most severe flaw allows attackers to bypass authentication by generating default admin passwords based on device serial numbers, facilitating unauthorized access and potential denial of service attacks. While Brother has patched most vulnerabilities, one flaw in existing firmware remains unaddressed, with workarounds provided.
Quote: "Six of the vulnerabilities can be exploited without authentication and could lead to denial of service attacks, unauthorized configuration changes, or data exposure." – Dave Bittner [12:45]

f. AI-themed Malware Distribution via Fake Websites

Timestamp: [14:50]
Details: Zscaler Threat Labs has uncovered a malware distribution campaign exploiting the surge in interest around AI tools like ChatGPT and Luma AI. Attackers employ black hat SEO strategies to position malicious websites at the top of search engine results. These sites deploy JavaScript to collect browser data, perform fingerprinting, and redirect users through multiple layers to deliver malware payloads such as Vidar Stealer, LumaStealer, and Legion Loader. The malware often resides within deceptive installer files, evading detection through antivirus checks and process hollowing techniques.
Quote: "These payloads are often hidden in large, deceptive installer files and use tricks like antivirus checks, DLL sideloading, and process hollowing to evade detection." – Dave Bittner [14:50]

g. Surge in Signup Fraud Driven by Bots

Timestamp: [17:30]
Details: According to Okta’s 2025 Customer Identity Trends report, bots accounted for 46% of customer registration attempts in 2024, indicating a significant rise in signup fraud. Attackers leverage AI-driven workflows to exploit signup processes for purposes such as claiming rewards, locating existing accounts, and executing resource-draining attacks. The retail and e-commerce sectors are particularly affected, followed by financial services and utilities.
Quote: "Retail and e-commerce sectors were most affected, followed by financial services and utilities." – Dave Bittner [17:30]

h. Launch of the Common Good Cyber Fund

Timestamp: [19:10]
Details: A new initiative, the Common Good Cyber Fund, has been established to support nonprofits delivering essential cybersecurity services for public benefit. Backed by the UK and Canadian governments and endorsed by all G7 leaders, the fund aims to enhance the resilience and sustainability of civil society organizations combating threats like transnational repression. Led by Common Good Cyber, a coalition including the Global Cyber Alliance and CyberPeace Institute, the fund will provide tools, training, and rapid response services to protect vulnerable communities.
Quote: "The Fund will assist organizations that secure core digital infrastructure and provide cybersecurity aid to high-risk communities." – Dave Bittner [19:10]

3. Interview with Tim Starks (Cyberscoop)

In the latter half of the episode, Dave Bittner interviews Tim Starks, a senior reporter at Cyberscoop, delving into recent regulatory changes and proposals impacting the cybersecurity landscape.

a. SEC Withdraws Cyber Regulations for Investment Companies

Timestamp: [14:30]
Discussion:
- Context: The Securities and Exchange Commission (SEC) has retracted certain cybersecurity regulations previously imposed on investment advisors and companies.
- Details: These regulations required entities to notify the SEC of major cyber incidents within specified timeframes, publicly disclose such incidents after a set period, and develop written cybersecurity procedures and risk assessments.
- Reasoning: The withdrawal is part of a broader rollback of regulations instituted during the Biden administration, aligning with former President Trump's agenda to reduce regulatory burdens.
- Quote: "Investment advisors... were required to notify of major incidents within a certain time to the SEC, to publicly disclose them after a certain period of time..." – Tim Starks [14:30]
Insights:
- The rollback was facilitated by the fact that these rules had not yet been fully implemented.
- Speculation exists that internal doubts about the efficacy and construction of these regulations influenced the SEC's decision to revoke them before they could become more entrenched.

b. Proposal for a Federal Cyber Insurance Backstop

Timestamp: [15:30]
Discussion:
- Context: The Defense of Democracies foundation, through Nick Thee, has proposed a federal backstop for cyber insurance, intending to stabilize and enhance the cyber insurance market.
- Details:
  - The proposal suggests linking the federal backstop to the expiring Terrorism Risk Insurance Act (TRIA) set for renewal in 2027.
  - Aimed at mitigating "tail risks" associated with catastrophic cyber events, the backstop could encourage competition, lower premiums, and expand coverage options in the cyber insurance sector.
  - The initiative includes recommendations for capping total liability and improving data sharing between third parties and insurers.
- Challenges:
  - The cyber insurance market is currently stagnant, with numerous policy exclusions, particularly concerning acts of war by foreign governments.
  - Implementing such a backstop is theoretical, with uncertainties about its practical effectiveness and the mechanisms for data sharing and risk assessment.
  - The timing is critical, given the legislative calendar and upcoming elections in 2026.
- Quote: "The idea is to attach it to the Terrorism Risk Insurance Act, which is expiring in 2027... this is an opportunity." – Tim Starks [16:45]
Insights:
- Comparing cyber insurance to flood insurance raises concerns about the sustainability and efficacy of private cyber insurance markets without federal intervention.
- There's an ongoing debate about whether cyber insurance contributes to the rise in ransomware attacks by providing assurance of payout to victims, potentially making them more attractive targets.

c. Additional Considerations and Implications

Timestamp: [20:06]
Discussion:
- The proposal includes mechanisms for handling multi-factor authentication effectiveness and incentivizing data sharing to better assess and mitigate cyber risks.
- The potential impact on ransomware demands if a federal backstop establishes a baseline coverage amount, possibly influencing attackers' strategies regarding ransom expectations.
- The necessity for comprehensive legislation and bipartisan support to advance the proposal within the constrained legislative timeframe.
- Quote: "There might have been some internal doubt about whether these were wise or whether they were wisely constructed." – Tim Starks [15:19]
Insights:
- The lack of detailed data on cyberattack prevention measures hampers the ability to create effective insurance frameworks.
- The proposal seeks to create a more dynamic and resilient cyber insurance market, but its success hinges on legislative action and industry cooperation.

Conclusion of the Interview:

Timestamp: [23:22]
Summary: Tim Starks emphasizes the necessity for timely action to implement the federal cyber insurance backstop and the complexities involved in reshaping the cyber insurance landscape. The discussion concludes with mutual appreciation for the insights shared.
Quote: "It's a good thing we have folks like you to help us understand them." – Dave Bittner [22:23]

4. Notable Conclusions and Insights

Evolving Threat Landscape: The episode highlights the adaptive tactics of cybercriminals, leveraging legitimate tools and exploiting software trust mechanisms to perpetrate sophisticated attacks across various sectors, including finance and technology.
Regulatory Shifts: The SEC’s withdrawal of cybersecurity regulations underscores the fluctuating regulatory environment, influenced by political agendas and industry pressures. This volatility poses challenges for organizations striving to maintain robust cybersecurity postures.
Cyber Insurance Dynamics: The stagnant cyber insurance market, burdened by exclusions and growing risks, may benefit from federal intervention. However, the proposal for a federal backstop introduces uncertainties regarding implementation and market impacts, particularly concerning ransomware incentives.
Vulnerability Proliferation: The discovery of numerous vulnerabilities in widespread devices like printers and the rise of malware through AI-themed websites emphasize the pervasiveness of cyber threats and the critical need for proactive security measures.
Support for Nonprofits: The establishment of the Common Good Cyber Fund signifies a collaborative effort to bolster cybersecurity defenses within civil society, highlighting the importance of supporting organizations that protect vulnerable communities from cyber threats.
International Cyber Operations: The episode concludes with a reflection on international cybercrime dynamics, illustrated by the case of Russian court sentencing and the subsequent outsourcing of cyber operations, pointing to the complex interplay between state actions and cybercriminal activities.

5. Final Thoughts

The June 25, 2025 episode of CyberWire Daily offers a comprehensive overview of the current cybersecurity landscape, marked by innovative attacks, regulatory changes, and evolving defense strategies. Through detailed analysis and expert interviews, the podcast provides valuable insights for industry leaders, cybersecurity professionals, and organizations seeking to navigate the complexities of digital security in an increasingly interconnected world.

For more detailed information and access to daily briefings, listeners are encouraged to visit thecyberwire.com and participate in their annual audience survey to contribute to future content development.

Loading summary

Transcript23 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network, powered by N2K. Hey everybody, Dave here. I've talked about Deleteme before and I'm still using it because it still works. It's been a few months now and I'm just as impressed today as I was when I signed up. Deleteme keeps finding and removing my personal information from data broker sites and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Deleteme team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals. Deleteme also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now our listeners get a special 20% off your delete me plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K. Cybercriminals target financial institutions across Africa using open source tools. Threat actors are using a technique called authenticode stuffing to abuse ConnectWise remote access software. A fake version of Sonicwall's Net Extender VPN app steals users credentials. CISA and the NSA publish a guide urging the adoption of memory safe languages. Researchers identify multiple security vulnerabilities affecting brother printers. Fake AI themed websites spread malware. Researchers track a sharp rise in signup fraud. A new Common Good Cyber Fund has been launched to support nonprofits that provide essential cybersecurity services. Tim Starks from cyberscoop joins us to discuss calls for a federal cyber insurance backstop and a Moscow court says nyet to more jail time for Cyber Crooks.
[02:29]
Tim Starks
Foreign.
[02:34]
Dave Bittner
June 25, 2025 I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great as always to have you with us. Research from Palo Alto Networks Unit 42 reveals that cybercriminals tracked as CLCRI 1014 are targeting financial institutions across Africa using open source tools in a consistent attack playbook. These actors likely act as initial access brokers selling access on the dark web. Tools like Posh C2 Chisel and Classroom Spy, normally used for penetration testing and remote administration, are are repurposed to move laterally, maintain persistence and exfiltrate data. The attackers disguise these tools using forged signatures and names resembling legitimate software. Notably, they've shifted from using mesh agent to Classroom Spy, which enables full remote control and monitoring. They also employ tunneling via chisel and tailor implants to each environment. The attackers use PowerShell scripts, stolen credentials and proxy setups to evade detection and maintain access. This campaign highlights growing threats to Africa's financial sector from actors leveraging free tools with professional level precision. Threat actors are abusing ConnectWise remote access software by injecting malicious code using a technique called Authenticode Stuffing. According to GData, this method hides malware inside the software certificate table without breaking its digital signature, allowing the altered application to pass security checks. The attackers exploit a ConnectWise workaround that stores config data in the certificate table intended for customizing installers by stuffing it with malicious payloads instead. In a campaign dubbed Evil Conwe, a modified ConnectWise clients are disguised as tools like AI image converters. These versions even fake Windows updates and hide installation indicators to avoid detection. Since March of this year, GDATA has seen a spike in such attacks. ConnectWise revoked the compromised signatures after being alerted, but the issue raises concerns about exploitable trust in signed software. Threat actors are distributing a fake version of SonicWall's NetXtender VPN app to steal users credentials. SonicWall and Microsoft discovered that attackers were using a modified. NET Extender installer signed with a fake certificate and hosted on spoofed download sites. Users who downloaded the fake app unknowingly installed malware that captured VPN credentials, usernames, passwords and domain info and sent them to a remote server. The attackers altered two files in the installer to bypass certificate validation and enable data exfiltration while the malicious sites and certificate were taken down. The ease of setting up new domains poses an ongoing risk. Users are advised to download software only from trusted sources like official vendor websites to avoid falling victim to similar credential stealing campaigns. CISA and the NSA have released a guide urging the adoption of memory safe languages to reduce software vulnerabilities. Memory related bugs such as buffer overflows and use after free errors account for up to 75% of CVEs in major platforms. The report highlights high profile cases like Heartbleed and Bad Alec to stress the risks these flaws pose. Memory safe languages such as Rust, Java Go and Python offer built in protections like bounds checking and automated memory management, helping prevent entire classes of security issues. The guide recommends starting with memory safe languages in new projects and high risk components rather than rewriting all existing code. It also addresses transition challenges such as such as performance, trade offs and training needs. Overall, the report promotes MSL adoption as a critical step toward more secure software development practices. Researchers at Rapid7 have identified eight security vulnerabilities affecting 689 brother, printer, scanner and label maker models, as well as devices from Fujifilm, Ricoh, Konica, Minolta and Toshiba, millions of home and enterprise printers are potentially exposed. The most critical flaw lets attackers bypass authentication by generating a default admin password using the device's serial number. This can be combined with another flaw to extract that serial number. Six of the vulnerabilities can be exploited without authentication and could lead to denial of service attacks, unauthorized configuration changes, or data exposure. Brother patched most flaws but cannot fully fix one that's in existing firmware. A workaround is available and future devices will be manufactured differently. Other vendors have also issued advisories addressing the risks. Zscaler Threat Labs Researchers have uncovered a malware campaign using fake AI themed websites. Attackers are exploiting interest in tools like ChatGPT and Luma AI, but by using black hat SEO to push malicious sites to the top of search engine results. These sites deploy JavaScript to collect browser data, perform fingerprinting, and redirect users through several layers to deliver malware. The malware includes Vidar Stealer, lumastealer and Legion Loader. These payloads are often hidden in large, deceptive installer files and use tricks like antivirus checks, DLL sideloading, and process hollowing to evade detection. The infrastructure is hosted through trusted platforms like AWS Cloudfront, making the campaign harder to detect. Users are urged to download AI tools only from verified vendor websites to avoid infection. Okta's 2025 Customer Identity Trends report reveals bots were behind 46% of customer registration attempts in 2024, marking a sharp rise in signup fraud. Okta attributes this increase to AI driven attack workflows, which are reshaping trust in digital identities. Retail and e commerce sectors were most affected, followed by financial services and utilities. Attackers exploit signup processes to claim rewards, locate existing accounts and execute resource draining attacks. While users care about identity protection, many abandon signups due to complex forms. Okta recommends defense strategies such as DDoS mitigation, bot filtering, CAPTCHA escalation, IP blocking and web application firewall rules. The company also advocates for passkey adoption to reduce friction while maintaining security. A new Common Good Cyber Fund has been launched to support nonprofits that provide essential cybersecurity services for public benefit. Backed by the UK and Canadian governments and endorsed by all G7 leaders, the fund aims to strengthen the resilience and sustainability of civil society groups working to counter threats like transnational repression managed by the Internet Society. With strategic input from an expert advisory board, the Fund will assist organizations that secure core digital infrastructure and provide cybersecurity aid to high risk communities. This includes tools, training and rapid response services. The initiative is led by Common Good Cyber, a coalition of seven nonprofit groups including the Global Cyber alliance and Cyberpeace Institute. These organizations emphasize the importance of protecting journalists, human rights groups and other vulnerable communities from cyber enabled threats. Application and funding details will be announced soon, marking a significant step in securing the broader digital ecosystem. Coming up after the break, Tim Starks from cyberscoop joins us to discuss calls for a federal cyber insurance backstop and a Moscow court says NYET to more jail time for cyber crooks. Stick around. And now a word from our sponsor, Threat Locker Keeping your system secure shouldn't mean constantly reacting to threats. ThreatLocker helps you take a different approach by giving you full control over what software can run in your environment. If it's not approved, it doesn't run. Simple as that. It's a way to stop ransomware and other attacks before they start without adding extra complexity to your day. See how ThreatLocker can help you lock down your environment at www.threatlocker.com Foreign regulations, third party risk, and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you've ever found yourself drowning in spreadsheets, chasing down screenshots or wrangling manual processes just to keep your GRC program on track, you're not alone. But let's be clear, there is a better way. Banta's Trust Management platform takes the headache out of governance, risk and compliance. It automates the essentials from internal and third party risk to consumer trust, making your security posture stronger, yes, even helping to drive revenue. And this isn't just nice to have. According to a recent analysis from IDC, teams using Vanta saw a 129% boost in productivity. That's not a typo, that's real impact. So if you're ready to trade in chaos for clarity, check out Vanta and bring some serious efficiency to your GRC game. Vanta GRC how much easier trust can be? Get started@vanta.com Cyber it is always my pleasure to welcome back to the show Tim Starks. He is a senior reporter at Cyber cyberscoop. Tim, welcome back. How do you Dave I'm doing well, thanks. A couple of your recent articles that I want to touch on here today while we're together. The first One you recently published, this is about the SEC withdrawing some cyber rules for investment companies. Can you unpack this one for us?
[14:31]
Tim Starks
Yeah. So the SEC has been a little bit of a hub of controversial regulatory activity on the cybersecurity front. This is not the most controversial thing they've done, but it is something that industry did not love. Essentially, investment advisors, investment companies that are in that advice business. They, they were required to have notify of major incidents within a certain time to the sec, to publicly disclose them after a certain period of time, and also to develop some written rules for their, their security procedures and their risks. So this was in a slate of things that the SEC revoked on one day. They got rid of a lot of regulations that were from the Biden administration. This was one of them.
[15:19]
Dave Bittner
Well, and I suppose not terribly surprising given President Trump's desire to roll back regulations and I suppose, indeed anything from his predecessor to boot.
[15:30]
Tim Starks
Yeah, no, yeah. It's got both strikes against it for Trump. Right, right. I think. I think certainly industry. Industry demand mattered. I think the fact that these rules had not yet gone into place yet was, Was something that made it easy to do this. These rules have actually been promo promulgating since 2022 to 2022. That's. That's the word to use for it. They've actually been around for a while, and I think, you know, there have been some people who have, subsequent to the article that I wrote, been kind of speculating that, look, maybe the SEC itself wasn't even sure about these rules because they had chances to enact it. And if you're the Biden administration or someone who is an SEC commissioner who is aligned with Democrats, you might think we better get this out before the next election. That way we can make sure that it's harder to roll back. In this case, they did not do that. So there might have been some internal doubt about whether these were wise or whether they were wisely constructed.
[16:28]
Dave Bittner
Yeah. That's interesting. So the other of your articles I want to talk about here, this one is about federal CY insurance being a backstop, and some folks are saying it should be tied to an expiring terrorism insurance law. What's going on here, Tim?
[16:45]
Tim Starks
Yeah. So the foundation for the Defense of Democracies published a proposal on this, essentially from Nick Thee. If your listeners don't know who that is, he's a longtime Hill aide working on cyber. He was at the office of the National Cyber Director. He put together a very comprehensive policy proposal for the idea of having a federal backstop for Cyber insurance, cybersecurity insurance. The idea is to. First off, there's a lot, there's a lot of pieces. It's a 26 page memo. But one of the key things is they says we need to maybe act on this soon if we're going to have a chance to do it at all. And the thing to do is to attach it to the Terrorism Risk Insurance act, which is expiring in 2027. But because of the way insurance contracts are written, they probably will, Congress will probably act on it, if they do at all, by the end of 2026. So this is an opportunity. It's a fairly. It's not entirely identical to how terrorism American insurance works, but it's similar in the sort of reinsurance mechanism that it has.
[17:43]
Dave Bittner
I can, I have feelings about this, Tim.
[17:47]
Tim Starks
Let me show why.
[17:50]
Dave Bittner
For years now, our listeners will know. For years now I have asked experts the question when it comes to cyber insurance, will cyber insurance go the way of flood insurance? Right. Which is that flood insurance is so risky that it doesn't. It makes no sense for private organizations to offer it. So you can only get flood insurance from the federal government. It is not terribly good insurance. It is expensive, but it's all that there is. And I have wondered for years if cyber was going to go that way because of the potential for these huge liabilities. I read your article here and I wonder, is that what we're seeing play out here is, is a federal backstop for cyber analogous to the type of thing we saw with flood insurance, where for private organizations this kind of insurance is kind of a sucker bet?
[18:45]
Tim Starks
Yeah, it's an interesting question. I think, you know, we've had a little more time to deal with floods in this world than we have with cyber. So I think the cyber insurance market is interesting in the sense that it was growing rather rapidly. It is not growing that rapidly right now compared to the past. And there have been a lot of exclusions written into policies. The big one, of course, is that a foreign government sort of act of war kind of attack and some of these attacks would fall under that aren't covered by most of these policies or any of them that I know of, actually. So the market is maybe stagnant is the right word to use for it. The idea that Nick had for this is that the federal backstop would make it less stagnant. There's a sort of a rolling mechanism about how this works, that if there is a federal backstop that reduces what's called tail risks, the sort of like events that you can anticipate that will lead to some competition in the insurance industry, that will lead to lower premiums, and that will lead to more things being covered than normal because people can offer more products because they're less worried about the risk. So, you know, insurance is such a fascinating concept about the way it supposedly redistributes risk. The idea is that this would help with that even if the backstop is never invoked. That's the idea. Whether it works that way or not, I cannot answer yet.
[20:06]
Dave Bittner
Well, and these are pie in the sky ideas, right? I mean this is. Yeah, yeah. One thing that caught my eye here was the recommendation to have a cap on total liability. That's significant.
[20:19]
Tim Starks
It is, yeah. There's. I mean, there's also, you know, the idea that one of the things that I found fascinating about this was, and I kind of just talked about it a little bit when I was talking to Nick, I was like, you only want it to cover things that are already covered. If exclusions are a problem, doesn't that hurt? And it goes back to that point of like, well, if, if risk is reduced, then insurance become cheaper, they offer more quality. So at this point it's pretty theoretical about how this would work. I mean, one of the other things that's fascinating about this is that we just don't have the data like we do about what kinds of things stop cyber attacks. And it's one of those like, oh, if you have multi factor authentication, do you know that you stopped an attack? Can you make that directive a link in the way that you can with other kinds of things in the entrance world where you know that X will lead to better protection for. Yeah. So one of the things this proposal helps to do is to come up with a way to have third parties or even the government accept anonymized data. The idea being, okay, nobody wants to share this stuff publicly. Will they share it with their insurer if it's required as part of participation of their box up? That's another kind of like, you know, it's in that pie in the sky world. Right. But would that work? It's just hard to really tell what the way cyber works because we just don't. In order to have the data, we need to pass something like this maybe.
[21:35]
Dave Bittner
Right.
[21:36]
Tim Starks
Know whether that will ever, ever can be something that we can do.
[21:39]
Dave Bittner
It also makes me wonder, you know, living in a world where the adversaries do their homework and often know how much cyber insurance an organization has to inform their ask for a ransomware Demand, you know, what happens if everybody has X number of dollars in federal backup? How does that change the marketplace?
[22:02]
Tim Starks
Yeah, I mean, there's always been that ongoing question of, you know, is in a roundabout way cyber insurance responsible for, or has it contributed to the rise in ransomware attacks? Because if you know that the company will pay because it has insurance, why not attack them? These mysteries are confounding, Dave. They're confounding.
[22:23]
Dave Bittner
Well, it's a good thing we have folks like you to help us understand them. So you said 2027 is when this, this terrorism legislation is up for renewal, so that perhaps this could be attached on that sort of a timeline.
[22:38]
Tim Starks
Yeah, and I think, you know, it's hard to. With the way Congress works these days, it's hard to imagine anything like this getting a standalone attention. So that's, that's part of the reason why the idea of attaching it to something else is out there. Sense for nick is that 2025 is a, is the year to start doing this, to start having hearings on it, to start writing legislation. The foundation for the FDD is going to produce draft legislation on the style of the Cyber Salan Commission. You'll recall they did that, and that helps get things through. So the idea is if you can present something to lawmakers like here's something tangible, we've done some of the work for you that would be a way to get this kickstarted, because we also know that 2026 is an election year, so that makes it harder to get stuff done too.
[23:22]
Dave Bittner
Yeah, absolutely. All right, well, Tim Starks is senior reporter at cyberscoop. Tim, thanks so much for taking the time for us.
[23:30]
Tim Starks
Thank you, Dave.
[23:45]
Dave Bittner
Today's cyber attacks move fast. Your team needs to move faster. That's why Cloud Range is redefining cyber readiness with real world AI driven cyber range simulations. Join CEO Debbie Gordon as she shares how organizations are replacing outdated tabletop exercises with live fire training that builds confidence and sharpens response in real time. It's not just training, it's transformation. Listen now and make sure your team is prepared for the threats ahead. And finally, in a move that might make Kafka do a double take, a Russian court handed four REvil gang members five year sentences for trafficking stolen credit card data, then promptly let them walk free. The reason? They had already served their time in pre trial limbo. The convicted cyber crooks avoided additional jail time, but did part ways with a pair of luxury cars and nearly $1.2 million in seized assets. Their crimes weren't tied to REvil's infamous ransomware rampage, but rather old school carding fraud, mostly targeting Americans. The arrests came in 2022, shortly after a Biden Putin chat where the US president gently suggested Russia do something about its thriving hacker scene. The crackdown didn't last long, soon overshadowed by tanks rolling into Ukraine and whispers that Russia might be outsourcing cyberops to the very crooks it briefly jailed. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through August 31st of this year. There's a link in the show Notes. Please do check it out. N2K's senior producer is Alice Carruth. Our Cyber Wire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Foreign did you know Active Directory is targeted in 9 out of 10 cyber attacks? Once attackers get in, they can take control of your entire network. That's why Sempras created Purple Night, the free security assessment tool that scans your active directory for hundreds of vulnerabilities and shows you how to fix them. Join thousands of IT pros using Purple Knight to stay ahead of threats. Download it now at sempris. Com Purple Night that's sempras. Com Purple Night.