Kathleen Peters

You're listening to the Cyberwire network. Powered by N2K.

Dave Bittner

The DMV has established itself as a top tier player in the global cyber industry. DMV Rising is the premier event for cyber leaders and innovators to engage in meaningful discussions and celebrate the innovation happening in and around the Washington, D.C. area. Join us on Thursday, September 18th to connect with the leading minds shaping our field and experience firsthand why the Washington D.C. region is the beating heart of cyber innovation. Visit DMVRising.com to secure your spot. Risk and compliance shouldn't slow your business down. Hyperproof helps you automate controls, integrate real time risk workflows and build a centralized system of trust so your teams can focus on growth, not spreadsheets. From faster audits to stronger stakeholder confidence, Hyperproof gives you the business advantage of Smarter compliance. Visit www.hyperproofio to see how leading teams are transforming their GRC programs. A suspected ransomware attack disrupts hundreds of Swedish municipalities Google warns Gmail users of emerging cyber attacks tied to the Shiny Hunters group. A malicious supply chain attack hits the MPM registry. Senators press AFLAC for answers. Following a data breach, law enforcement takedowns splinter the ransomware ecosystem. The FBI and Dutch police take down a major online fake ID marketplace. Florida proposes requiring healthcare providers to strengthen data breach preparedness and reporting. Our guest is Kathleen Peters, Chief Innovation Officer at Experian North America, explaining why AI is both accelerating and mitigating fraud and an affiliate army pushes fake casinos worldwide. Foreign August 29, 2025 I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. Happy Friday. It's great to have you with us. A suspected ransomware attack on Swedish IT supplier Meliodata has disrupted Systems across nearly 200 municipalities and regions. Miljo Datta provides HR software used for sick leave, medical certificates and workplace injury reports. The attack detected on Saturday is now under police investigation, with extortion attempts reported. Civil Defense Minister Carl Oskar Bohlin confirmed the government is closely monitoring the situation, though the full impact remains unclear. CERT SE and the National Cybersecurity center are assisting both Meliodata and affected municipalities. Meliodata's CEO Eric Hollen said external experts are working to restore functionality and assess damage. With 290 municipalities in Sweden, the scale of the disruption is significant. Bohlin emphasized the need for stronger national cybersecurity, noting a forthcoming bill that would impose stricter security requirements. Google has issued an emergency warning to Gmail users after cyberattacks tied to the Shiny Hunters group emerged following a Salesforce data breach. While Google's own systems remain secure, hackers are exploiting stolen business data through social engineering, particularly by impersonating IT staff in phone based vishing attacks. Google's Threat Analysis Group detected the activity in June, confirming several successful intrusions by August through compromised passwords. Shiny hunters, active since 2020 have a track record of high profile breaches at companies like Microsoft, AT&T and Ticketmaster, often leaking or selling stolen records. Impacted users were notified on August 8. With Gmail serving over 2.5 billion people, Google urges all users to strengthen defenses by updating passwords and enabling two factor authentication. TransUnion is notifying over 4.4 million people of a July 28 data breach exposing names, Social Security numbers and birth dates. The compromised data came from a third party application used for US Customer support, though not from core credit files. Victims are being offered two years of free credit monitoring and fraud assistance. Hackers linked to Shiny Hunters, reportedly tied to the broader Salesforce breach campaign claim additional data like addresses and emails were stolen. The incident follows similar Salesforce related breaches at major global firms. A malicious supply chain attack hit the NPM registry on Aug. 26 when attackers published compromised versions of NX, a popular open source build platform. NPM is a massive public database of JavaScript software packages. Eight versions contained malware that stole developer secrets, SSH keys, GitHub and NPM tokens, and even cryptocurrency wallets. The malware abused AI CLI tools like Claude Gemini and Amazon Q to scan systems, then exfiltrated data to GitHub by creating repositories under victims own accounts. Within just five hours, thousands may have been exposed. Step Security later confirmed a second wave. Attackers weaponized stolen GitHub CLI OAuth tokens, converting private repos into public ones and forking them for persistence. Researchers call this the first known supply chain attack that hijacked AI developer tools for data theft, urging urgent credential resets and repo audits. The US Senate Health, Education, labor and Pensions Committee is pressing insurance giant AFLAC for answers after a recent cyber attack exposed personal and health Data. In an Aug. 22 letter, Senators Bill Cassidy, Republican from Louisiana, and Maggie Hassan, a Democrat from New Hampshire, asked CEO Daniel Amos to detail the company's security protocols, how protected health information was safeguarded and what measures are planned going forward. AFLAC first disclosed the breach to the SEC on June 20, calling it part of a cybercrime campaign targeting insurers. Regulators later confirmed that HIPAA protected data for at least 500 individuals was compromised. Lawmakers compared the incident to last year's Change Healthcare breach and warned of rising cyber risks in healthcare, which cost organizations nearly $10 million per incident and disrupt patient care. The ransomware ecosystem is splintering as law enforcement takedowns scatter affiliates and force criminal rebrands. Malwarebytes reports that between July 2024 and June of this year, 41 new groups emerged, pushing the total over 60 active gangs for the first time. This doubling over three years has fueled a surge in attacks aided by leaked ransomware code, commoditized tools and even AI, which lowers barriers to entry. Large ransomware as a service groups like Lockbit, Hive and Alpha have been disrupted, but affiliates often rebrand or form new crews. Researchers note that trust within the cybercriminal underground is eroding, leading to infighting exit scams and stolen data being sold across multiple leak sites. With dominance, more fleeting small groups now drive attacks, fragmenting the ecosystem further. The FBI and Dutch police have shut down Veriftools, a major online marketplace selling fake IDs for as little as nine. The site offered counterfeit driver's licenses, passports and other documents from all 50 US states and several countries. Criminals used the IDs for fraud, IT job scams and bank help desk cons while teens exploited them to buy alcohol. On August 27, Dutch police seized Verif tool servers in Amsterdam while the FBI took its domains offline. Investigators linked the Marketplace to about $6.4 million in illicit proceeds. Undercover agents even purchased fake New Mexico licenses using cryptocurrency during the probe, which began in 2022, authorities said. The takedown marks a major step against fraud and identity theft, though users and admins remain under investigation. Florida's Agency for Healthcare Administration has proposed a new rule for requiring healthcare providers to strengthen data breach preparedness and reporting. Providers would need a written contingency plan to ensure critical operations and patient care continue during IT incidents, including secure redundant data backups within the US and verified restorability. The rule defines incidents broadly, covering cyber attacks and insider misuse. Providers would have to report incidents to the administration within 24 hours. These requirements would supplement existing HIPAA rules. A workshop is scheduled for September 17th. Coming up after the break, Kathleen Peters from Experian North America explains why AI is both experience accelerating and mitigating fraud and an affiliate army pushes fake casinos worldwide Stay with US Compliance regulations, Third party risk and customer security demands are all growing and changing fast. Is your manual GRC program actually Slowing you down. If you're thinking there has to be something more efficient than spreadsheets, screenshots and all those manual processes, you're right. GRC can be so much easier and it can strengthen your security posture while actually driving revenue for your business. You know, one of the things I really like about Vanta is how it takes the heavy lifting out of your GRC program. Their trust management platform automates those key areas. Compliance, internal and third party risk, and even customer trust so you're not buried under spreadsheets and endless manual tasks. Vanta really streamlines the way you gather and manage information across your entire business. And this isn't just theoretical. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. That's a pretty impressive number. So what does it mean for you? It means you get back more time and energy to focus on what actually matters, like strengthening your security posture and scaling your business. Vanta GRC Just imagine how much easier trust can be. Visit vanta.com cyber to sign up today for a free demo. That's V a n t a dot com cyber@new balance, we believe if you.

New Balance Announcer

Run, you're a runner, however you choose to do it. Because when you're not worried about doing things the right way, you're free to discover your way.

Kathleen Peters

And.

New Balance Announcer

And that's what running is all about. Run your way@newbalance.com Running.

Dave Bittner

Kathleen Peters is Chief Innovation Officer at Experian North America. I recently caught up with her for explanations on why AI is both accelerating.

Kathleen Peters

And mitigating fraud in the context of fraud. And as we're thinking about it, it's interesting here at Experian 10 years now, we've done an annual study and survey talking to consumers and businesses about fraud, about identity, privacy, understanding what consumer sentiments are and where business spend is. And over all of those years, one of the conclusions that we've come to as we've put the study together is that fraud is on the rise. It's a sad state of affairs, but that's the world that we live in. And this year we found the same same conclusion. Fraud is on the rise. However, this year it truly is different. What I'm seeing is that this year, AI in fact, really the generative AI capabilities that are publicly available are changing the fraud landscape. And so what's happened is artificial intelligence AI itself has been around for over a decade and it has traditionally been the realm of data scientists, engineers who were able to manipulate the power of AI and generative AI, because even generative AI existed quite some time ago, but you needed experts and you needed compute horsepower, and those things didn't exist in the same way as they have now over the last 18 to 24 months. So when OpenAI put ChatGPT in the marketplace, it suddenly really democratized that power and that capability of AI. Suddenly people are able to use natural language to harness that power. And we also have the compute behind that that's available from new chipsets as well as through cloud capabilities. And so that has really, as you can imagine, empowered fraudsters to be more creative and more efficient than ever before. It's also empowering businesses to be able to fight fraud. But what's really changed in that fraud landscape is how these publicly available tools have made committing fraud easier and more scalable than ever before.

Dave Bittner

Well, as you mentioned, you and your colleagues at Experian have been tracking this for some time now. Is it fair to say that this explosion of AI accessibility really is a demarcation point when it comes to how we think about dealing with fraud?

Kathleen Peters

It really is. What we found is that businesses are going to need to assess how they're fighting fraud today, looking at the tools that they have. We'll still need a layered approach. We'll still need to use various tactics to stop the fraudsters. However, people need to look at what's different now. In fact, in our survey, we found that 72% of business leaders are expecting there to be major challenges in 2026 around the fraud landscape. And the overwhelming majority are prepared to invest more in their fraud solution in the 12 to 18 months.

Dave Bittner

Can you help put that in perspective for us? I mean, are there categories of fraud that businesses need to be most concerned with?

Kathleen Peters

Certainly. I would say that one of the fastest growing areas is in the area of scams. So we've seen this brewing for a while now where fraudsters are growing more sophisticated in finding ways to, to reach out to individuals, to consumers, or to employees, even at businesses that they are trying to scam. And they are using various types of phishing or smishing, whether they're sending SMS's, emails to get folks to click on things. But more often too, they're engaging in conversations to build trust with an individual and then through that trust, in convincing the individual to send them money or to reveal passwords or other personally identifiable information so that the fraudsters can then harvest that information and commit the fraud themselves. We see this social engineering, these phishing scams happening. The victims are often groomed over time, and that's just leading to a new degree of, of scam capabilities by fraudsters that is really starting to scale.

Dave Bittner

Well, let's look at the other side of it then. On the defensive side. How does accessibility to AI tools benefit organizations?

Kathleen Peters

Yes, and so this is an area that I'm very excited about. So for Experian and other providers of fraud tools, as well as businesses with fraud teams themselves, we're really able to harness the new power that AI is bringing these days. So, for example, AI is particularly strong at data processing. Using AI and the newest forms like agentic AI, businesses can analyze a lot of information from multiple sources at very high speed. So that's a big advantage. Being able to assess as much data as possible in the moment will help us get a better idea of how risky a transaction is. AI is also really good at pattern recognition. This has been a hallmark of strong fraud solutions historically in terms of machine learning. And that is certainly carried forward with the capabilities in AI and agentic AI today. Being able to do these things and detect fraud in real time so that we can enable that immediate response to something that we feel is high risk is a great capability that AI is bringing that fraud fighters will continue to use as a really good tool in the toolbox.

Dave Bittner

Are there any elements of AI that are weaker than others, in other words, you know, if I'm looking to enable this to help me with my defenses, any particular areas I should maybe steer away from for the time being?

Kathleen Peters

I would say that great AI solutions really depend on their training. So you want to use as much data as possible to train the solutions and the models that you're going to apply to a particular fraud problem. So it's not about maybe using AI to move away from certain tasks. It's thinking about how you use AI very wisely.

Dave Bittner

And what are your recommendations then for organizations exploring this? What's the best way to go down this path?

Kathleen Peters

The best thing to do is to start trying these solutions and get familiar with them. Even as generative AI and the public models were coming online, I encouraged audiences that I spoke to get your fraud teams using these tools and understanding the threat better. And then as you do that, work with a trusted partner, work with Experian, work with your partners in this space to assess your overall fraud fighting estate. How long has it been since your models have been tuned and updated? What other types of capabilities can you add that will help fight and hold off this next generation of scams? They're really getting sophisticated. This is a great time to review what you're doing so that you can match the fight and fight AI with AI.

Dave Bittner

That's Kathleen Peters, Chief Innovation Officer at Experian North America Foreign US here at the Cyberwire Daily every single day now. We'd love to hear from you. Your voice can help shape the future of N2K networks. Tell us what matters most to you by completing our annual audience survey. Your insights help us grow to better meet your needs. There's a link to the survey in our show notes. We're collecting your comments through August 31st. Thanks.

Shopify Announcer

Running a business comes with a lot of what ifs, but luckily there's a simple answer to Shopify. It's the commerce platform behind millions of businesses, including Thrive Cosmetics and Momofuku, and it'll help you with everything you need, from website design and marketing to boosting sales and expanding operations. Shopify can get the job done and make your dream a reality. Turn those what ifs into Sign up for your $1 per month trial at shopify.com specialoffer.

New Balance Announcer

Ford BlueCruise Hands Free highway driving takes the work out of being behind the wheel, allowing you to relax and reconnect while also staying in control. Enjoy the drive in blue cruise enabled vehicles like the F150 Explorer and Mustang Mach E Available feature on equipped vehicles. Terms apply. Does not replace safe driving. See Ford.com BlueCruise for more details.

Dave Bittner

And finally, according to Krebs on security, it turns out that the flood of shiny new online gambling sites wasn't the work of entrepreneurial Vegas hopefuls, but of a Russian affiliate program called Gambler Panel, a soulless project made for profit. In its own words, the scam is polished. Ads promise $2,500 in credits. Players register, win fake jackpots, then hit a wall when trying to cash out, then follows the verification deposit request in crypto money that, of course, never comes back. The scheme is disturbingly professional, complete with fake casino software, chat support scripts and a wiki that could pass for startup documentation if you ignore the part about fleecing victims, affiliates some 20,000 strong are promised up to 70% of profits, complete with telegram brag posts of sports cars and models. As one teen researcher dryly noted, it's basically fraud as a service, franchising the casino dream but with none of the winnings. And that's the cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com a quick program note we will not be publishing our regular update this coming Monday. There will be some special editions in your Cyberwire feed, so be sure to check those out. We'll see you back here on Tuesday. We would love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the end of August, so just a couple more days. There's a link in the show notes. Please take a moment and check it out. Be sure to check out this weekend's edition of Research Saturday and my conversation with Jamie Levy, director of adversary tactics at Huntress. We're discussing their work on active exploitation of Sonic Wall VPNs. That's Research Saturday. Check it out. N2K senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here next week. Sam.