CyberWire Daily: Episode Summary – "Scammers Celebrate with a Bang"

Release Date: March 24, 2025
Host: Dave Bittner | Produced by N2K Networks

1. Scammers in Cambodia Celebrate Massive Online Frauds

The episode opens with a deep dive into the rampant online fraud orchestrated by Cambodian scammers. Celebrating their illicit successes with fireworks, these fraudsters engage in romance scams and operate fake cryptocurrency platforms, siphoning victims' life savings. According to a report by The New York Times, these scams are integral to a sprawling money laundering network handling billions of dollars.

Key Points:

• Huon Group's Central Role: At the heart of this network is the Huon Group, a Cambodian financial conglomerate that seamlessly blends legitimate businesses with illicit activities.
• Sophisticated Operations: Huon's affiliates run Telegram-based marketplaces connecting scammers with money launderers, managing at least $26.8 billion in cryptocurrency transactions.
• Exploitation of Victims: The operation employs matchmakers and money mules, with some workers being trafficked victims coerced into participation.

Notable Quote:
Dave Bittner [00:55]: "These scams fuel a massive, fast-moving money laundering network involving billions of dollars."

2. Expansion of Data Sharing Under New Executive Order Raises Privacy Concerns

A recent executive order from President Trump has expanded data sharing between federal and state agencies, sparking significant concern among privacy advocates. The order mandates the removal of restrictions on sharing unclassified data and grants access to data from all state programs receiving federal funds, even if stored by third parties.

Key Points:

• Department of Government Efficiency Doge (Doge): The order is seen as a move to normalize the controversial practices of Doge, which has faced accusations of overreach and multiple lawsuits for unauthorized data sharing.
• Privacy Implications: Critics argue that the EO could lead to a centralized federal surveillance system, undermining legal safeguards like system of records notices.
• Lack of Transparency: The White House has yet to comment on the executive order, leaving ambiguity around its long-term implications.

Notable Quote:
Dave Bittner [03:10]: "Experts argue the EO could weaponize personal data and erode civil liberties under the guise of efficiency and fraud prevention."

3. NYU Website Breach Exposes Millions of Applicant Data

NYU experienced a significant data breach on Saturday morning, compromising the personal information of over 3 million applicants dating back to 1989. The breach included sensitive details such as names, test scores, intended majors, and financial aid information.

Key Points:

• Method of Attack: Hackers hijacked the NYU website for at least two hours, displaying misleading information about racial disparities in admissions.
• Connection to Previous Breaches: The group responsible is linked to a 2023 breach at the University of Minnesota, which exposed 7 million Social Security numbers.
• Response and Recovery: NYU restored the site by noon and reported the incident to law enforcement authorities.

Notable Quote:
Dave Bittner [05:25]: "The site, hijacked for at least two hours, displayed charts claiming racial disparities in NYU admissions, alleging lower average scores for black and Hispanic students compared to white and Asian applicants."

4. Malware in Steam: Valve Removes 'Sniper Phantom' Game Demo

Valve has taken decisive action by removing the game demo "Sniper Phantom's Resolution" from its Steam platform following user reports of information-stealing malware embedded within the installer.

Key Points:

• Nature of the Malware: The malicious installer redirected users to an external GitHub repository, containing tools for privilege escalation, cookie theft, and persistence via startup scripts.
• Developer Response: Both the game's GitHub repository and official website were taken down to prevent further infections.
• Advisory to Users: Valve urges users who installed the game to scan their systems for potential malware, highlighting the ongoing risks of similar incidents.

Notable Quote:
Dave Bittner [07:20]: "Users who installed the game are urged to scan their systems."

5. Cloak Ransomware Group Targets Virginia Attorney General’s Office

The Cloak ransomware group has claimed responsibility for a cyber attack that significantly disrupted the Virginia Attorney General's office, forcing a temporary shift back to paper filings and disabling critical internal services.

Key Points:

• Attack Details: Nearly all systems at the office were incapacitated, including VPN and the official website, compelling employees to revert to manual processes.
• Ransom Demands: On March 20, Cloak published alleged stolen data on its leak site, indicating a failed extortion attempt.
• Operational Insights: Active since 2022, Cloak employs the Ark cryptor ransomware and primarily targets small to midsize businesses, marking this as their first confirmed U.S. attack in the year.

Notable Quote:
Dave Bittner [09:35]: "Employees were forced to revert to paper filings as internal services VPN and the website went offline."

6. 23andMe Files for Chapter 11 Amid Data Breaches and Lawsuits

Genetic testing giant 23andMe has filed for Chapter 11 bankruptcy following severe data breaches and ensuing legal challenges. The company maintains genetic profiles of over 15 million users but faced a major breach in 2023 exposing personal information from nearly 7 million accounts.

Key Points:

• Targeted Breach: The 2023 breach predominantly affected Jewish and Chinese customers, exacerbating trust issues.
• Legal Repercussions: A class action lawsuit accused 23andMe of failing to notify affected users promptly, leading to declining sales and mounting financial losses.
• Corporate Response: Despite filing for bankruptcy, 23andMe claims to maintain current data protections throughout its sale process.

Notable Quote:
Dave Bittner [11:15]: "As trust eroded, sales declined, contributing to mounting losses."

7. Medusa Ransomware's New Tactics to Disable Security Tools

Medusa Ransomware has been identified utilizing a malicious driver to disable security measures on infected systems. Known as "Abyss" by Elastic Security Labs, this driver masquerades as a legitimate CrowdStrike driver and is signed with a revoked certificate from a Chinese company.

Key Points:

• Method of Operation: The driver manipulates processes, files, and system operations, often spoofing system time to bypass signature checks.
• Historical Usage: Samples of Abyss have been traced from August 2024 through February 2025, primarily leveraging stolen certificates.
• Impact on Systems: By disabling security defenses, Medusa facilitates more effective ransomware deployments.

Notable Quote:
Dave Bittner [13:00]: "The driver can manipulate processes, files, and system operations to disable defenses."

8. Clearview AI Settles Class Action Privacy Lawsuit

Clearview AI has agreed to a $50 million settlement to resolve a class action lawsuit over alleged privacy violations. Approved by a federal judge, the settlement grants plaintiffs and their lawyers a stake in the company's future value instead of a direct financial payout.

Key Points:

• Nature of the Lawsuit: Plaintiffs accused Clearview AI of scraping billions of facial images from the web without consent, infringing Illinois's Biometric Privacy Act.
• Company's Stance: Clearview AI denies any wrongdoing, maintaining that its data practices are within legal boundaries.
• Criticism of Settlement: Critics, including 22 state attorneys general, argue that the settlement insufficiently addresses future misuse of biometric data, highlighting the conflicted nature of plaintiffs' benefits being tied to the company's success.

Notable Quote:
Dave Bittner [14:25]: "There's no small irony here attaching the plaintiff's benefits to the success of Clearview."

9. Retroactive Look: The Evolution and Importance of the CVE Program

Cynthia Brumfield of CyberScoop provides an insightful retrospective on the Common Vulnerabilities and Exposures (CVE) program, underscoring its pivotal role in global cybersecurity.

Key Points:

• Establishment and Growth: Launched in 1999 by MITRE researchers, the CVE program has become a fundamental tool for consistent tracking and sharing of vulnerability data, now encompassing over 270,000 records across more than 40 countries.
• Challenges Faced: Issues such as data quality disputes, potential vendor concealment of vulnerabilities, and funding shortages, especially under the Trump administration's DOGE initiative, have tested the program's resilience.
• Sustaining Success: The program's federated structure, robust dispute resolution mechanisms, and community oversight have been critical in maintaining its transparency and effectiveness.
• Future Outlook: Despite imperfections, the CVE system remains essential, with cybersecurity leaders affirming its indispensable role in defending against digital threats.

Notable Quote:
Dave Bittner [15:50]: "It's a long-standing public-private partnership that continues to evolve, and a future without it would leave defenders far less equipped to handle digital threats."

10. Industry Voices: Joe Ryan on Empowering Analysts in Resource-Constrained Environments

In the episode's "Industry Voices" segment, Joe Ryan, Head of Customer Enablement at Maltego Technologies, shares strategies to assist analysts operating in environments with limited resources. His discussion emphasizes overcoming training gaps and effectively utilizing investigative tools.

Key Points:

• Diverse Analyst Roles: Ryan distinguishes between cybersecurity-focused analysts dealing with network infrastructure and investigative analysts probing specific individuals or organizations.
• Resource Constraints: He highlights the disparity between private industry analysts with ample tools and government agency analysts who may rely more on open-source intelligence due to limited resources.
• Tool Utilization and Integration: Ryan advocates for continuous dialogue between tool providers and end-users to ensure the tools align with analysts' workflows and integrate seamlessly with existing technologies.
• Change Management: Successful organizations invest in training and encourage analysts to allocate time for upskilling, recognizing the long-term benefits over short-term productivity drops.

Notable Quotes:
Joe Ryan [14:30]: "Oftentimes that kind of shapes the tasks that they're given and even the tools that they are provided and the working environment in which they're kind of in as well."
Joe Ryan [16:34]: "I think that sometimes the individual analyst or the individual investigator really does have a lot of say in what they can do and what they need."
Joe Ryan [18:43]: "It's super complicated and only the best of the best know how to use. Doesn't really matter if you can find some other tool that's faster, that's more lightweight, then use that tool."

Insights Shared:

• Adaptability in Tool Selection: Analysts should focus on tools that meet their specific needs, whether they are heavyweight solutions like Adobe's suite or lightweight alternatives like Canva.
• Encouraging Upskilling: Organizations should prioritize training and provide resources to help analysts integrate new tools into their workflows effectively.
• Vendor Collaboration: Tool providers must recognize that their products are part of a larger toolkit and facilitate integration with other tools to enhance user experience.

Notable Quote:
Joe Ryan [24:12]: "It's not that a tool or a solution is going to replace you. It's that there might be a person who was willing to adopt these new technologies more openly than you are."

11. Additional Cybersecurity Tools and Innovations

The episode concludes with brief mentions of emerging cybersecurity tools:

• Ox Security: Highlights its application in AppSec programs to prioritize real threats and reduce noise from false positives.
• Cloudflare's AI Labyrinth: Introduces a novel tool designed to confuse malicious AI crawlers by redirecting them into a maze of AI-generated, irrelevant web pages, effectively acting as a high-tech honeypot to identify and fingerprint bad actors.

12. Conclusion

Dave Bittner wraps up the episode by encouraging listeners to engage with the content, provide feedback, and stay informed through daily briefings. Acknowledgments are given to the production team, and listeners are reminded to participate in surveys and share reviews to help improve the podcast.

Notable Ending Quote:
Dave Bittner [33:10]: "It's a long-standing public-private partnership that continues to evolve, and a future without it would leave defenders far less equipped to handle digital threats."

Final Thoughts:

This episode of CyberWire Daily provides a comprehensive overview of significant cybersecurity incidents, legislative changes impacting data privacy, and advancements in cybersecurity tools. The in-depth analysis, coupled with expert insights from Joe Ryan, offers valuable perspectives for professionals seeking to navigate the complex landscape of cybersecurity threats and defenses.