CyberWire Daily: “Trump’s Opening Moves” – January 21, 2025
Host/Author: N2K Networks
Introduction
In the January 21, 2025 episode of CyberWire Daily, hosted by Dave Buettner and powered by N2K Networks, listeners are provided with an in-depth analysis of President Donald Trump's initial actions upon assuming the 47th presidency of the United States. The episode meticulously covers a range of cybersecurity topics, executive orders, and significant vulnerabilities affecting various sectors. Additionally, insightful interviews with industry experts shed light on the evolving landscape of cybersecurity and the integration of artificial intelligence (AI) with the Internet of Things (IoT).
Executive Orders: Rolling Back AI Regulations
President Trump's Revocation of Biden’s AI Order
Upon his inauguration, President Trump swiftly enacted several executive orders, marking his administration's stance on cybersecurity and AI regulation:
-
Revocation of Biden’s 2023 Executive Order:
- Details: Trump revoked the previous executive order aimed at mitigating AI-related risks to consumers, workers, and national security.
- Former Order Requirements: Mandated AI developers to conduct safety tests, share results with the government, and establish testing standards under the Defense Production Act.
- Criticism: The order was criticized by Republicans for allegedly stifling innovation.
- Quote: “President Trump revoked a 2023 executive order by former President Biden aimed at reducing AI related risks,” [02:50].
-
Retention of AI Data Centers Support Order:
- While the primary AI safety measures were overturned, Trump maintained Biden’s separate order that supported the energy needs of AI data centers.
- Quote: “Biden issued a separate order to support AI data centers energy needs, which Trump left intact, at least for now,” [03:10].
TikTok’s Resumption in the U.S.
- Extension of Deadline for U.S. Acquisition:
- Trump extended TikTok’s 90-day deadline to secure a U.S. buyer following a Supreme Court ruling that allowed a potential ban to proceed.
- Future Plans: Plans to formalize this extension via an executive order, although TikTok still needs to secure a buyer to prevent another ban.
- Accessibility: Existing users can access the app, but it remains unavailable for new downloads on Google and Apple stores.
- Potential Ownership Change: Trump hinted at partial U.S. ownership of TikTok.
- Quote: “Trump plans to issue an executive order to formalize the extension, but TikTok must still find a buyer to avoid another ban,” [04:15].
Cybersecurity Threats and Vulnerabilities
Cyber Campaigns Targeting Ukraine’s CERT UA
- Impersonation of CERT UA Tech Support:
- Ukrainian researchers identified cyber attackers posing as Ukraine's CERT UA tech support to gain unauthorized access using AnyDesk, a legitimate remote desktop tool.
- Attack Method: Hackers claimed to conduct security audits, exploiting trust and authority.
- Affiliations: Likely linked to Russian actors, such as Sandworm.
- Impact: Over 4,300 incidents detected in the past year, a 70% increase, primarily involving malware, phishing, and compromised accounts.
- Quote: “Ukraine faces a surge in cyber attacks, with Cert ua detecting over 4,300 incidents in the past year, a 70% increase,” [05:30].
Critical Vulnerability in the Brave Browser
- Nature of the Flaw:
- A vulnerability allows malicious sites to masquerade as trusted domains in file selection dialogs, misleading users during file uploads or downloads.
- Potential Exploits: Combined with an open redirect vulnerability, it facilitates phishing and malware distribution.
- Discovered By: Bug hunter Sarif Mohammad Sajad.
- Quote: “A critical vulnerability in the Brave browser allows malicious sites to impersonate trusted domains in File select dialogs,” [06:10].
Abuse of Microsoft 365 Services
- Sophos Observations:
- Two hacking groups, Stack5143 and Stack5777, exploited Microsoft 365 services, particularly default Microsoft Teams settings, to target organizations.
- Attack Techniques: Initiating chats and calls posing as tech support, deploying PowerShell commands, and installing malicious payloads.
- Intent: Ransomware deployment and data theft, with Stack5777 attempting to deploy Black Basta ransomware.
- Recommendation: Enhance employee awareness regarding advanced social engineering tactics.
- Quote: “Sophos emphasizes raising employee awareness of such advanced social engineering tactics,” [07:45].
Vulnerabilities in Tunneling Protocols
- Discovery and Impact:
- SETT researchers uncovered critical flaws in tunneling protocols affecting millions of devices, including home routers, VPN servers, and CDNs.
- Exploitation Risks: Enables attackers to hijack hosts for anonymous attacks, network access, and denial of service via ping pong amplification.
- Scope: Approximately 4.2 million devices affected, including infrastructure from Facebook and Tencent.
- Mitigation: Implement enhanced security measures, regular updates, and increased awareness.
- Quote: “Critical flaws in tunneling protocols have left millions of devices vulnerable to exploitation,” [08:30].
Data Breaches and Vulnerability Patches
PowerSchool Data Breach
- Incident Details:
- In December 2024, PowerSchool experienced a data breach via the Power Source Support Portal.
- Compromised Data: Personal information of students and educators, including names, contact details, Social Security numbers, and medical records.
- Scope: Affected over 14,000 individuals in locations like Virginia’s Charlottesville and Richmond, California’s Menlo Park, and Canadian schools such as the Toronto District School Board.
- Response: PowerSchool provided two years of free credit monitoring to impacted individuals and claimed the stolen data was deleted post-breach.
- Quote: “PowerSchool, serving over 18,000 schools in 90 countries, disclosed the incident in early January,” [09:15].
Oracle’s Security Patches
- Update Release:
- Oracle released patches for 320 security vulnerabilities across more than 90 products and 27 categories, including critical areas like Agile Engineering and Data Management.
- Severity: Some vulnerabilities have CVSS scores as high as 9.9.
- Urgency: Immediate application of patches is urged to mitigate potential attack risks.
- Quote: “Oracle plans to release patches for 320 security vulnerabilities across over 90 products today,” [10:05].
Mercedes Benz’s MBUX Infotainment System Vulnerabilities
- Discovered Flaws:
- Kaspersky identified over a dozen vulnerabilities in Mercedes Benz’s first-generation MBUX infotainment system.
- Potential Exploits: Denial of service attacks, data extraction, command injection, privilege escalation, and disabling anti-theft protections.
- Access Requirements: Physical access to the vehicle’s interior and removal of the head unit using USB or custom UPC connections.
- Response: Mercedes Benz has patched these vulnerabilities and highlighted their commitment to security.
- Quote: “Mercedes Benz confirmed it was aware of the issues since 2022 and has since patched the vulnerabilities,” [10:50].
Expert Interviews
1. Tim Starks from CyberScoop on Executive Orders and CISA
Discussion Overview:
Dave Buettner engages with Tim Starks, Senior Reporter at CyberScoop, to dissect the comprehensive cybersecurity executive orders signed by the Biden administration and the implications of their rollback under President Trump.
Key Points:
-
Comprehensive Nature of Biden’s Executive Order:
- Spanning cybercrime, AI, quantum computing, contractor security, and federal communication security.
- Length and Detail: A 40-50 page document aiming to address multifaceted cybersecurity challenges.
-
Timing and Process:
- The executive order was finalized just before Trump’s inauguration, reflecting the complexities of interagency processes.
- Quote: “It was a 40, 50 page document that covers cybercrime, it covers artificial intelligence, it covers quantum computing,” [22:56].
-
Bipartisan Perspectives:
- Initially perceived as a nonpartisan initiative, the order’s reception has become polarized along party lines.
- Impact of Regulations: Biden’s push for more regulations has created divisions, with Republicans advocating for fewer regulations to foster innovation.
- Quote: “The Biden administration's push for more regulations has created more division than there was,” [32:13].
-
Leadership Changes at CISA:
- Departure of key figures like Director Jack Cable amidst administration transitions.
- Future Direction: Incoming leadership under Christine Oem emphasizes making CISA smaller and more agile.
- Quote: “Christine Oem...talked a lot about CISA needing to be smaller, more nimble,” [30:39].
Conclusions:
Tim Starks highlights the evolving dynamics of cybersecurity policy in the wake of administrative changes, emphasizing the balance between regulation and innovation, and the ongoing challenges faced by agencies like CISA in maintaining cybersecurity standards amidst political shifts.
2. Dr. May Wang from Palo Alto Networks on AI Transforming IoT Security
Discussion Overview:
In a segment of the Threat Vector podcast, Dave Moulton converses with Dr. May Wang, CTO of IoT Security at Palo Alto Networks, about the intersection of AI and IoT and its implications for cybersecurity.
Key Points:
-
Growth of IoT Devices:
- Statistics: Approximately 20 billion IoT devices currently, with projections reaching 75 billion in the next five years.
- Industry Adoption: Significant deployment in manufacturing, healthcare, enterprise sectors, and critical infrastructures like energy and water plants.
- Quote: “We're all talking about tens of billions of IoT devices being deployed,” [16:23].
-
Impact of 5G on IoT Security:
- Increased Scale and Connectivity: 5G enables a larger number of devices, exacerbating visibility and management challenges.
- Security Planes Affected: Management, signaling, and data planes all face heightened cybersecurity threats.
- Device Identification: Transitioning from traditional identifiers (MAC and IP addresses) to cellular-based identifiers like IMEI for better device tracking.
- Quote: “Visibility. It's going to actually bring more challenges in visibility,” [18:45].
-
AI’s Role in Enhancing IoT Security:
- Traffic Analysis: Leveraging AI to analyze vast amounts of data for real-time visibility and threat detection.
- Integration with Firewalls: Palo Alto Networks has integrated advanced AI capabilities into their firewalls to protect 5G IoT devices effectively.
- Quote: “Ai is transforming the way we secure these connected devices,” [14:09].
-
Future Prospects:
- Collaboration Across Sectors: Emphasizes the need for coordinated efforts to ensure the benefits of IoT and AI outweigh the risks.
- Proactive Security Measures: Implementing AI-driven solutions for predictive threat management and automated responses.
- Quote: “We need to work together across the board to make sure that IoT and AI are bringing us more benefits than harm,” [14:09].
Conclusions:
Dr. May Wang articulates a promising yet challenging future for IoT security, underscored by the transformative power of AI. The integration of AI in IoT security frameworks is pivotal in managing the escalating volume and complexity of connected devices, particularly in a 5G-enhanced environment.
Notable Cyber Incidents and Responses
-
Jack Raquan’s Fraud Scheme:
- Incident: Marco Raquan, ironically surnamed Honesty, orchestrated a $600,000 fraud spree through various deceptive means, including COVID relief fraud and SMS phishing.
- Impact: Caused over $622,000 in actual losses and faced sentencing for 22 years in prison.
- Quote: “Marco Raquan honesty...has admitted to a fraud spree causing over $600,000 in losses,” [35:21].
-
CISA’s Secure by Design Initiative:
- Objective: A voluntary campaign encouraging private sector entities to incorporate security measures during the software design phase.
- Progress Monitoring: CISA publishes updates on participating companies and their adherence to the initiative.
- Reception: Generally positive, with private sector support recognizing the initiative’s potential.
- Quote: “CISA has been publishing...here is the progress report on what they've actually done,” [29:52].
Conclusion
The episode “Trump’s Opening Moves” of CyberWire Daily provides a comprehensive overview of the shifting cybersecurity policies under the new administration, highlighting the rollback of AI regulations, mitigation of TikTok’s presence in the U.S., and various cybersecurity threats and vulnerabilities plaguing different sectors. Through expert interviews and detailed analysis, the podcast underscores the dynamic and often contentious nature of cybersecurity policy-making in a politically polarized environment. As the landscape evolves with advancements in AI and IoT, the need for robust, adaptive security measures becomes increasingly critical.
Notable Quotes:
- “Visibility. It's going to actually bring more challenges in visibility,” – Dr. May Wang [18:45]
- “We need to work together across the board to make sure that IoT and AI are bringing us more benefits than harm,” – Dr. May Wang [14:09]
- “Ukraine faces a surge in cyber attacks, with Cert ua detecting over 4,300 incidents in the past year, a 70% increase,” – Dave Buettner [05:30]
- “The Biden administration's push for more regulations has created more division than there was,” – Tim Starks [32:13]
- “CISA has been publishing...here is the progress report on what they've actually done,” – Tim Starks [29:52]
For More Information:
For detailed links to all the stories discussed in this episode, visit the daily briefing at thecyberwire.com. To stay updated, subscribe to the CyberWire Daily podcast and explore the Grumpy Old Geeks podcast series for additional insights.
This summary was produced by [Your Name], adhering to the guidelines provided by N2K Networks to ensure a comprehensive and engaging overview of the CyberWire Daily episode.