UK Apple showdown gonna be public. - CyberWire Daily

Summary6 min read

CyberWire Daily

Host: N2K Networks
Episode Title: UK Apple Showdown Gonna Be Public
Release Date: April 7, 2025

I. Introduction

In the April 7, 2025, episode of CyberWire Daily, hosted by Maria Varmazes on behalf of Dave Bittner, listeners were presented with a comprehensive overview of the latest cybersecurity developments. The episode delved into significant breaches, legal battles, emerging malware threats, and innovative technological advancements shaping the cybersecurity landscape. A featured conversation with Rob Boyce from Accenture provided deep insights into the evolving nature of cyber threats posed by younger adversaries, aptly termed "Advanced Persistent Teenagers" (AP Teens).

II. Headlines Overview

Maria Varmazes kicked off the episode by summarizing key headlines:

UK Court Blocks Government’s Attempt to Seal Apple Encryption Case
- The UK Investigatory Powers Tribunal (IPT) ruled against the British government's efforts to keep its legal confrontation with Apple over encrypted iCloud services confidential. According to a Bloomberg report, the tribunal emphasized that "the government's efforts were a fundamental interference with the principle of open justice" (00:45).
- Notable Quote: “It would have been, quote, a truly extraordinary step to conduct a hearing entirely in secret,” the tribunal remarked, highlighting the importance of transparency in judicial proceedings.
Port of Seattle Ransomware Attack Impacts 90,000 Individuals
- The Port of Seattle disclosed a ransomware incident from August that compromised personal data of approximately 90,000 people, primarily Washington state residents. Data exposed included names, dates of birth, Social Security numbers, and some medical information. The Ryseider ransomware gang leaked the data after the port refused to pay the ransom (01:03).
Verizon Call Filter App Vulnerability Exposes Millions of Call Records
- A vulnerability in Verizon's call filter iOS app, discovered by cybersecurity researcher Evan Connolly, allowed unauthorized access to incoming call records by manipulating API requests. This flaw potentially affected millions of users before Verizon patched it in March 2025 (01:03).
Cyberattacks on Australian Pension Funds
- Recent cyberattacks targeted multiple Australian superannuation funds, with successful breaches leading to the theft of $500,000 from four member accounts. The Association of Superannuation Funds of Australia (ASFA) reported that while most attempts were thwarted, some breaches did occur. Prime Minister Anthony Albanese noted that cyberattacks in Australia happen “approximately every six minutes” (01:03).
Neptune RAT: A Sophisticated Remote Access Trojan Emerges
- Neptune RAT, a new remote access Trojan targeting Windows users globally, employs advanced stealth techniques using PowerShell commands to bypass traditional security measures. Capable of exfiltrating credentials, deploying ransomware, monitoring desktops, and disabling antivirus software, Neptune RAT poses a significant threat to both private and public sectors (01:03).
Deceptive CAPTCHA Attacks Distribute Legion Loader Malware
- Cybercriminals are exploiting fake CAPTCHA systems and Cloudflare Turnstile to distribute Legion loader malware. This campaign targets users searching for PDF documents, leading them through fraudulent steps that culminate in the installation of a malicious MSI installer. The resulting malware steals sensitive information, including cookies, browsing history, and Bitcoin activities across multiple browsers (01:03).
Meta Discontinues US Third-Party Fact-Checking Program
- As of April 7, 2025, Meta has ended its third-party fact-checking initiative in the United States, transitioning to a user-driven system called Community Notes. This change aims to promote free expression and reduce biases associated with traditional fact-checking. Meta CEO Mark Zuckerberg stated, “This shift is intended to promote free expression and reduce perceived biases associated with traditional fact checking methods” (01:03).
Florida Man Pleads Guilty in Scattered Spider Cybercriminal Group
- Noah Urban, a 20-year-old from Florida, pleaded guilty to participating in the Scattered Spider group, which conducted phishing and SIM swapping attacks resulting in the theft of millions in cryptocurrency. As part of his plea, Urban agreed to pay $13 million in restitution to 59 victims (01:03).

III. In-Depth Analysis: Advanced Persistent Teenagers (AP Teens)

A significant portion of the episode featured a compelling discussion between Dave Bittner and Rob Boyce, Global Lead for Cyber Resilience at Accenture, focusing on the emerging threat of Advanced Persistent Teenagers (AP Teens).

Rob Boyce introduced the concept by distinguishing AP Teens from traditional Advanced Persistent Threats (APTs), highlighting that these younger adversaries:

Age Demographics: Typically range between 17 and 25 years old.
Motivations: Emphasize notoriety and the desire to be infamous over purely financial gains. This pursuit of recognition makes them potentially more unpredictable and dangerous.
Tactics: Utilize readily available tools from dark web marketplaces, lowering the barrier to entry for engaging in cybercrimes such as ransomware attacks.

Notable Quote (10:27):
Rob Boyce: “What we're being told is real. You know, the picture that we're being painted versus what is really happening within our threat landscape.”

Key Insights Discussed:

Evolution of Threat Actors:
- Historically, cyber threats were often portrayed as highly sophisticated, well-funded entities. However, the rise of AP Teens represents a shift towards more opportunistic and less mature actors who exploit existing tools to conduct attacks.
Barriers to Entry:
- The availability of hacking tools and affiliate programs on the dark web has democratized cybercrime, allowing individuals with minimal technical expertise to participate in sophisticated attacks.
Geographical Spread:
- AP Teens are emerging from diverse regions, including areas like Jordan and Yemen, which were previously less associated with such activities.
Defensive Strategies:
- Foundational Security Measures: Emphasized the importance of mastering basic security practices—monitoring dark web presence for compromised credentials, understanding vulnerability landscapes, and effective identity management.
- Reducing Complexity: By ensuring robust identity management and minimizing attack surfaces, organizations can better defend against the lateral movements typical of AP Teens.

Notable Quote (16:27):
Rob Boyce: “If you can ensure that you had a good understanding of your company's presence on the dark web... you will really be able to have a much easier time limiting your risk to these types of threat actors.”

Conclusion of Discussion: Rob Boyce underscored that while nation-state actors remain a significant threat, the day-to-day risks posed by AP Teens are more immediate and pervasive for most organizations. Strengthening foundational security measures is crucial in mitigating these risks.

IV. Tech Spotlight: Google's Tidal X Underwater AI for Sustainable Fish Farming

In an intriguing segment blending cybersecurity with sustainability, Maria Varmazes highlighted Google's secretive X Lab unveiling of Tidal X, an underwater AI system designed to revolutionize fish farming:

Functionality: Utilizes smart cameras and machine learning to monitor farmed salmon in real time, tracking their movements, behavior, and individual health—analogous to facial recognition but for fish.
Benefits:
- Optimized Feeding: Prevents overfeeding, reducing waste and water pollution.
- Health Monitoring: Detects early signs of disease, safeguarding both fish and farmer livelihoods.
- Sustainability: Aims to make aquaculture more efficient, scalable, and environmentally responsible amidst rising global seafood demand.

Notable Quote (19:00):
Maria Varmazes: “After five years in stealth mode, the project is now swimming into the spotlight with the goal of making aquaculture more efficient, sustainable and scalable.”

V. Conclusion

The April 7th episode of CyberWire Daily provided listeners with a thorough examination of current cybersecurity challenges and innovations. From legal battles over encryption to the rise of younger cyber adversaries and groundbreaking technologies aimed at sustainability, the episode underscored the dynamic and multifaceted nature of today's cybersecurity landscape. The insightful dialogue with Rob Boyce emphasized the need for organizations to adapt foundational security practices to counter emerging threats effectively.

For a complete list of today's stories and additional insights, listeners are encouraged to visit CyberWire Daily Briefing and engage with the CyberWire community through ratings, reviews, and feedback.

Notable Timestamps:

[00:45] UK Court Blocks Apple Encryption Secrecy
[10:27] Introduction to Advanced Persistent Teenagers (AP Teens)
[16:27] Defensive Strategies Against AP Teens
[19:00] Introduction of Google's Tidal X

This summary encapsulates the essential discussions and developments covered in the episode, providing a comprehensive overview for those who may not have listened to the original podcast.

Loading summary

Transcript30 lines

[00:02]
Maria Varmazes
You're listening to the Cyberwire network, powered by N2K.
[00:14]
Dave Bittner
Secure access is crucial for US public sector missions, ensuring that only authorized users can access certain systems, networks or data. Are your defenses ready? Cisco's security service Edge delivers comprehensive protection for your network and users. Experience the power of zero trust and secure your workforce wherever they are. Elevate your security Strategy by visiting Cisco.com Go SSE that's Cisco.com Go SSE.
[01:04]
Maria Varmazes
UK court blocks government's attempt to keep Apple encryption case secret Port of Seattle says last year's breach affected 90,000 people Verizon call filter app flaw exposes millions of call records Hackers hit Australian pension funds A global threat hiding in plain sight Cybercriminals are yelling Captcha Meta retires US fact checking program Our guest today is Rob Boyce from Accenture, and he's discussing advanced persistent teenagers and Google's AI goes under the sea. Today is April 7th, 2025. I'm Maria Varmazes, host of T Minus Space Daily, in for Dave Bittner, and this is your Cyber Wire Intel Briefing. Happy Monday, everybody. Hope you're having a great one. Let's get into the headlines. According to a report from Bloomberg, the UK Investigatory Powers Tribunal has blocked the British government's effort to keep secret a case involving its request to circumvent Apple's encrypted icloud services. The court, which hears complaints related to government surveillance, ruled that the government's efforts were a fundamental interference with the principle of open justice. The tribunal's ruling, which also publicly confirmed the existence of the case for the first time, said it would have been, quote, a truly extraordinary step to conduct a hearing entirely in secret without any public revelation of the fact that a hearing was taking place. The Port of Seattle, the agency that oversees Seattle's Seaport and Airport, has disclosed that the ransomware attack that it sustained in August affected data belonging to approximately 90,000 people. According to a report from Bleeping Computer, around 71,000 of the victims are residents of Washington state. The port says the breached information included some combination of names, dates of birth, Social Security numbers or last four digits of Social Security numbers, driver's license or other government identification card numbers, and some medical information. The agency previously disclosed that the Ryseider ransomware gang posted the stolen data to its leak site after the port refused to pay the ransom. Cybersecurity researcher Evan Connolly discovered a vulnerability in Verizon's call filter iOS app that could have allowed unauthorized access to users incoming call records. The flaw involved API requests lacking proper verification, enabling attackers to retrieve call data by specifying arbitrary phone numbers. This exposed phone numbers and timestamps of incoming calls potentially affecting millions of users. Verizon, which has over 140 million subscribers, addressed the issue with a patch in mid March 2025 following responsible disclosure practices. Hackers have recently targeted multiple Australian superannuation funds, attempting to access and steal members retirement savings. The association of Superannuation Funds of Australia, or the asfa, reported that while most attempts were thwarted, some breaches did occur. Australian super, managing over 365 billion Australian dollars for more than three and a half million members, confirmed that stolen passwords were used to access 600 member accounts, resulting in four members losing a combined 500,000 Australian dollars. The company responded by locking the affected accounts and notifying the impacted members. Prime Minister Anthony Albanese acknowledged the incident, noting that cyberattacks occur in Australia approximately every six minutes. Neptune RAT is a sophisticated RAT or remote access Trojan, actively targeting Windows users worldwide. Distributed through platforms like GitHub, Telegram and YouTube, it is often marketed as the most advanced rat. The malware employs stealthy infection techniques using PowerShell commands to bypass traditional security measures. Once installed, Neptune RAT can exfiltrate credentials from over 270 applications, deploy ransomware, monitor desktops in real time and disable antivirus software. It establishes persistence via scheduled tasks and registry modifications. Cybercriminals are employing deceptive tactics involving fake captchas and cloudflare Turnstile to distribute Legion loader malware. This campaign targets users searching for PDF documents. Online victims encounter a fake captcha and upon interaction they are led through a series of steps including browser notification requests, culminating in the download of an MSI installer. Executing this installer initiates a complex infection chain, ultimately installing a malicious browser extension designed to steal sensitive information such as cookies, browsing history and Bitcoin activities. The malware affects multiple browsers including Chrome, Edge, Brave and Opera. Meta has officially ended its third party fact checking program in the United states as of April 7, 2025. This initiative, which previously involved external organizations to assess the accuracy of content on Facebook, Instagram and Threads, has been replaced by a user driven system called Community Notes. This model allows the users to collaboratively add context to posts, aiming to enhance information accuracy through collective input. Meta's CEO Mark Zuckerberg stated that this shift is intended to promote free expression and reduce perceived biases associated with traditional fact checking methods. The company plans to continue its third party fact checking efforts outside the United States and intends to expand the Community Notes system internationally in the future. Security Week is reporting that a 20 year old Florida man named Noah Urban has pleaded guilty to his involvement in the Scattered Spider cybercriminal group. Urban, who was arrested in January 2024, was accused of launching phishing and sim swapping attacks that led to the theft of millions of dollars worth of cryptocurrency. Urban pleaded guilty to conspiracy to commit wire fraud, wire fraud and aggravated identity theft. As part of the deal, he has agreed to pay $13 million in restitution to 59 victims. Stick around after the break to hear Dave Buettner's conversation with Rob Boyce, Global Lead for Cyber Resilience at Accenture, as they discuss Advanced Persistent Teenagers or AP teens and facial recognition could help save the planet.
[08:08]
Dave Bittner
Do you know the status of your compliance controls right now? Like right now? We know that real time visibility is critical for security, but when it comes to our GRC programs we rely on point in time checks. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off.
[09:18]
Rob Boyce
Are you frustrated with cyber risk scores backed by mysterious data, zero context and cloudy reasoning? Typical cyber ratings are ineffective and the true risk story is begging to be told. It's time to cut the bs. Black Kite believes in seeing the full picture with more than a score. One where companies have complete clarity in their third party cyber risk using reliable quantitative data. Make better decisions, reduce your uncertainty. Trust Black Kite.
[10:02]
Maria Varmazes
Advanced Persistent teenagers or AP teens have rapidly become a significant enterprise risk by demonstrating capabilities once limited to organize ransomware groups. Rob Boyce, Global Lead for Cyber Resilience at Accenture, joins Dave to discuss advanced persistent teenagers. Here's their conversation.
[10:20]
Dave Bittner
It is always my pleasure to welcome back to the show Rob Boyce. He is the global Lead for Cyber Resilience at Accenture. Rob, welcome back.
[10:28]
Rob Boyce
Thanks Dave. It's always a pleasure being here.
[10:30]
Dave Bittner
So I want to talk today about something that you've been tracking. These are apts, but the T's aren't what we think they are. What do the T's mean in this.
[10:41]
Rob Boyce
Particular case, it means teens stiff.
[10:45]
Dave Bittner
So we're talking about advanced, persistent teenagers.
[10:48]
Rob Boyce
Correct.
[10:48]
Dave Bittner
Now I'll just say at the outset that I have two of these, but I don't think it's the kind of apts that you're talking about. So fill us in, what do we mean when we're talking about AP teens?
[10:58]
Rob Boyce
Yeah, sure. Of course. I think what we continue to see in media and movies, et cetera, is this grandiose portrayal of these super sophisticated, well funded threat actors that are coming from nation states that are set on the downfall of our society, when in truth the average person that we're seeing plays an adversary in this space are really just normal people. And we've been doing a lot of research going really back to 2018 and this hypothesis of individuals getting into this ransomware game or as being a threat actor at large, becoming younger and younger. And we've started seeing now a trend of individuals who are really average age between 17 and 25, more focused within country, so targeting more domestically, not entirely domestically, but more domestically and attacking of course, both private and public sector. And so it's really become fascinating for us to see this bit of an evolution of what we, you know, what we're being told is real. You know, the picture that we're being painted versus what is really happening within our threat landscape.
[12:15]
Dave Bittner
Are there particular use the phrase gateway drugs for these teens getting into this? I mean, does this start with, you know, trying to get the high score on your favorite online game?
[12:26]
Rob Boyce
You know, it's, it's actually interesting because we're, we always categorize threat actors by different motivation types, right? We're seeing the ones who are financially motivated, politically motivated, et cetera. And what we're finding here is yes, there's always of course a financial motivation for these individuals, but what we see here is actually more ambition to be infamous, more around notoriety, more around I'm better than my peers and I'll be able to cause more of a disruption than somebody else. And in my opinion, this actually even makes them a little bit more dangerous because they don't necessarily have the same level of maturity as we've seen of someone who's been in this game for a while or maybe who has the, the nation state overlords that keeping track of what they're doing, there's a lot less maturity that we're seeing in this space as well. So it's really a fascinating group to continue to track as we can see them becoming more and more relevant in this space.
[13:22]
Dave Bittner
So really following along with this uptick in influencer culture, I guess it almost seems so.
[13:29]
Rob Boyce
Yeah, it almost seems so. And I think. I don't.
[13:32]
Dave Bittner
I think.
[13:32]
Rob Boyce
I'm sure you're familiar with some of the unmaskings we've seen recently. Whether it's scattered spiders or lapsis or black bastard. This is where it's really come, where we've really seen our hypothesis coming true, where they've, you know, been showcasing who these individuals are. And then of course, we find that a lot of them are within that age range that I mentioned. We also somewhat, in our spare time, I guess, really do some deep dives in some of the threat actors that we're seeing to try and expose them and, you know, provide packages to law enforcement and such. And we're seeing more and more again of these individuals in this space. And the thing is, because they're a little less mature, they're a little sloppy too. And so being able to uncover who they are is becoming a little bit easier for researchers like us to be able to identify them as well. And we've started identifying individuals from places where we've never really seen a lot of activity. Like Jordan and Yemen are a few places where we've seen a little bit more of this type of activity recently originating from, which is also another fascinating point to me, just the location of where these individuals are located.
[14:39]
Dave Bittner
It strikes me that it's also kind of, you know, what's old is new again. I mean, you know, think about the first generation of the old phone freakers and, you know, that sort of thing. I mean, there was definitely having come up in that time, there was a strong teen contingent back then. And I guess that, as you say, immaturity, that feeling of invincibility.
[15:01]
Rob Boyce
Yeah, I thought about this as well, and I thought, hey, I remember watching hackers where they were all high school students or reading 2600 magazine that seemed to be targeted towards the younger generation. And there's a huge distinction to me, though, between those individuals and these. And those individuals previously were ones who spent a lot of time being curious about technology, digging into it, really trying to understand the way it worked. And now I'm finding that these individuals have a slightly easier your path to become threat actors just with the tools that are available on the dark web. Being able to go into dark web marketplaces, buy initial access, buy the tools that you need, maybe even trade a little, or become an affiliate for a ransomware gang. Just think the barrier to entry seems a lot lower now for individuals to be able to become hackers or become threat actors in many cases. And so it is similar, but I find that the, you know, the philosophy behind it and also the work that's required to become an expert in this space is entirely different now.
[16:08]
Dave Bittner
So what are your recommendations for defenders? You know, if the, the ratio of true, you know, nation state actors versus teenagers who have a little too much time on their hands isn't what we thought it might have been, does that shift how they come out, that come at the defense of their organization?
[16:27]
Rob Boyce
Yeah, a little bit, actually. So this is what's interesting to me is I've had a lot of conversations recently with organizations and the first thing that they're always concerned about is these sophisticated nation state threat actors. And then of course, what I'm trying to redirect them towards is that is important. For sure, that is real and probably honestly more real than many people realize. But that is a small subset of the threat actors that are targeting you on a daily basis for most organizations and those individuals like the AP teens who are really focused more on lower barrier, at least theory of entry into an organization, the easiest way to be able to move laterally, the easiest way to gain access. It forces organizations to think about doubling down on getting the foundational strategies right. And what I mean by that is I think if you could ensure that you had a good understanding of your company's presence on the dark web, meaning do I have credentials that are being sold or stolen? Am I being targeted? Is there malware or similar being targeted towards me or that would impact my systems? Understanding your vulnerability landscape, and we have been struggling with scanning and patching for quite some time. And now the exposure landscape is much more than just vulnerabilities. So understanding the total exposures within your organization and having a good answer for identity management, especially around privileged access, I think if you can get those three things correct and have good programs around those three, you will really be able to have a much easier time limiting your risk to these types of threat actors, for sure.
[18:09]
Dave Bittner
All right, well, Rob Boyce is global lead for Cyber Resilience at Accenture. Rob, thanks so much for taking the time for us.
[18:16]
Rob Boyce
Anytime, Dave. Always a pleasure to be here. Thank you.
[18:19]
Maria Varmazes
That was Dave Buettner sitting down with Rob Boyce, global lead for Cyber Resilience at Accenture, to discuss advanced persistent teenagers or AP teens.
[18:42]
Dave Bittner
What's the common denominator in security incidents? Escalations and lateral movement. When a privileged account is compromised, attackers can seize control of critical assets with bad directory hygiene and years of technical debt. Identity Attack paths are easy targets for threat actors to exploit, but hard for defenders to detect. This poses risk in active directory, Entra ID and hybrid configurations. Identity leaders are reducing such risks with attack path management. You can learn how attack path management is connecting identity and security teams while reducing risk with Bloodhound Enterprise powered by Spectrops. Head to SpectorOps IO today to learn more. Spectrops see your attack paths the way adversaries do.
[19:44]
Maria Varmazes
In a move that's part sci fi, part seafood sustainability, Google's secretive X Lab has unveiled Tidal X, an underwater AI system designed to transform fish farming. Equipped with smart cameras and machine learning, Tidal X monitors farmed fish like salmon in real time, tracking their movements, behavior and even individual fish health. Think fishel recognition like, yeah, facial recognition for fish? Yeah. So why does this matter? Overfeeding in aquaculture wastes food and pollutes the water. While underfeeding or missing early signs of disease can hurt both fish and farmers, TitleX aims to strike a balance, offering farmers insights to feed just the right amount, reduce waste, and catch health issues early, all without disrupting the watery ecosystem. After five years in stealth mode, the project is now swimming into the spotlight with the goal of making aquaculture more efficient, sustainable and scalable. Global as global demand for seafood rises, tech like this could be the key to meeting it responsibly. So yes, the fish are getting their close ups and it might just help save the planet. And that's the Cyberwire. For a link to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com we're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K makes it easy for companies to optimize your biggest investment your people. We make you smarter about your teams while making your team smarter. Learn how@n2k.com N2K Senior Producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman Our Executive producer is Jennifer Ivan, Peter Kilpe is our publisher and I'm Maria Varmazes in for Dave Bittner. Thanks for listening. Foreign.
[22:42]
Dave Bittner
Looking for a career where innovation meets impact? Vanguard's technology team is shaping the future of financial services by solving complex challenges with cutting edge solutions. Whether you're passionate about AI, cybersecurity or cloud computing, Vanguard offers a dynamic and collaborative environment where your ideas drive change. With career growth opportunities and a focus on work life balance, you'll have the flexibility to thrive both professionally and personally. Explore open cybersecurity and technology roles today@vanguardjobs.com.