U.S. sanctions spark cyber showdown with China. - CyberWire Daily

Summary6 min read

CyberWire Daily: U.S. Sanctions Spark Cyber Showdown with China
Hosted by N2K Networks
Release Date: January 7, 2025

1. U.S. Sanctions and Chinese Backlash

The episode opens with a significant focus on the escalating tensions between the United States and China in the cybersecurity arena. The U.S. Treasury imposed sanctions on Beijing-based Integrity Technology Group, accusing it of involvement in the Flax Typhoon cyber campaign targeting U.S. critical infrastructure.

Dave Bittner highlights the controversy:
“China has criticized US Sanctions imposed on Beijing-based Integrity Technology Group accused of involvement in hacking US Critical infrastructure” [02:15].

In response, Integrity Technology and China's Foreign Ministry vehemently denied the allegations. Spokesperson Gao Zhaikun stated, “Washington is using cybersecurity as a tool to smear China” [03:10]. This retaliation underscores the deepening cyber conflict, with China's National Cybersecurity Information Center reporting foreign cyberattacks, including those allegedly originating from the U.S. and the Netherlands, involving Trojan programs and intellectual property theft.

The sanctions specifically freeze Integrity Technology's U.S. assets and limit its business interactions with American entities. This move is part of broader U.S. concerns over persistent Chinese cyber espionage campaigns that have compromised telecommunications and private data across multiple countries.

Additionally, the U.S. Department of Defense has placed Tencent, a major Chinese tech giant, on its Chinese military company list. This inclusion, under the Military Civil Fusion strategy, restricts Pentagon collaborations with Tencent, potentially affecting its subsidiaries like WeChat and popular gaming platforms such as PUBG and Fortnite. Tencent has denied these claims and intends to appeal the decision. The move reflects growing apprehensions about Chinese tech firms' roles in intelligence and potential supply chain disruptions.

2. Cyberattacks on Educational Institutions

The episode sheds light on cyber threats targeting school districts, particularly during the holiday season when IT staffing is minimal.

Dave Bittner reports:
“Two US school districts face cyberattacks over the holiday season, highlighting a persistent trend of targeting educational institutions during low IT staffing periods” [05:00].

In Maine, South Portland Public Schools detected a weekend attack through their network detection system, leading to swift actions such as disconnecting compromised firewalls and restoring systems without compromising student or staff data. Conversely, Rutherford County Schools in Tennessee experienced a prolonged disruption following a Thanksgiving cyberattack, which exposed some employee and student information. These incidents mirror a broader increase in ransomware attacks on educational entities, causing significant recovery challenges and financial strains.

Federal initiatives are underway to enhance digital defenses in K-12 schools through increased cybersecurity funding, training, and robust digital security measures.

3. UN's ICAO Data Breach Investigation

A concerning development involves the United Nations' International Civil Aviation Organization (ICAO), which is currently investigating a potential data breach.

Dave Bittner states:
“The UN's International Civil Aviation Organization is investigating a potential data breach after the hacking” [07:00].

The hacking group NATOHub claims responsibility for compromising 42,000 documents, including personal data of UN delegates. The breach exposed sensitive information such as names, birth dates, and contact details. ICAO has responded by implementing stringent security measures and conducting a thorough investigation, emphasizing the gravity of the incident and its implications for international organizations.

4. Eager B Malware Targets in the Middle East

The episode discusses the emergence of new variants of the Uyghur B malware framework, which are targeting government organizations and Internet Service Providers (ISPs) in the Middle East.

Dave Bittner explains:
“New variants of the Uyghur B malware framework are targeting government organizations and ISPs in the Middle East” [08:30].

According to Kaspersky, Eager B exploits vulnerabilities in Microsoft Exchange proxy logins to achieve initial access, employing DLL hijacking to install backdoors for persistent operations. Enhanced with plugins like File Process, Service, Network, and Remote Access Managers, Eager B facilitates stealthy and persistent cyberattacks. Kaspersky warns of similar threats observed in Japan, urging organizations to patch Exchange servers and monitor for signs of compromise.

5. Data Breaches in Healthcare and Aviation Sectors

Richmond University Medical Center in Staten Island notified 674,000 individuals of a data breach resulting from a ransomware attack in May 2023. The breach disrupted IT systems for nearly a month, leading to the theft of sensitive information such as Social Security numbers and medical details. Concerns arise over delayed incident response, as notifications occurred 18 months post-breach, violating HIPAA regulations. Experts attribute these delays to inadequate cybersecurity resources within healthcare organizations.

In Argentina, hackers infiltrated the Airport Security Police's payroll system, compromising salary records and making unauthorized deductions. Investigations link the breach to Banco Nacion, which processes payroll, suggesting possible foreign server involvement. The PSA has since tightened cybersecurity measures, although criticism remains regarding past data security failures.

6. Critical Vulnerabilities in Moxa Industrial Networking Firm

Industrial networking firm Moxa identified two critical vulnerabilities in its cellular routers and secure network appliances.

Dave Bittner reports:
“Moxa has identified two critical vulnerabilities in its cellular routers, secure routers and network security appliances” [12:00].

The first vulnerability involves hard-coded credentials enabling root access, affecting ten products. The second allows OS command injection via input bypass, impacting seven products and permitting remote exploitation without authentication. With CVSS scores of 8.6 and 9.8, these flaws pose significant security risks. Moxa has released patches and advises minimizing network exposure, restricting SSH access, and employing intrusion detection systems for devices lacking patches.

7. Surge in Phishing Click Rates Among Enterprises

New research from Netskope reveals a 190% increase in phishing click rates among enterprise users in 2024, with over 8 in 1,000 users clicking phishing links monthly.

Dave Bittner summarizes:
“Phishing click rates among enterprise users surged by 190% in 2024” [14:00].

The rise is attributed to more frequent phishing attempts and increasingly sophisticated lures targeting cloud applications, particularly Microsoft services. Attackers exploit compromised accounts for data theft and business email compromise, often using search engines and malicious ads instead of traditional email phishing. This shift necessitates enhanced vigilance and adaptive security measures within organizations to counter evolving phishing strategies.

8. Legal Actions Against Banks for Enabling Cryptocurrency Scams

A California man, Ken Liam, is suing three banks—Chonhing Bank, Fubon Bank, and DBS Bank—for allegedly facilitating a cryptocurrency investment scam that resulted in nearly $1 million in losses.

Dave Bittner explains:
“A California man is suing three banks for allegedly enabling criminals to steal nearly $1 million from him” [15:30].

Liam accuses the banks of neglecting anti-money laundering (AML) protocols under the Bank Secrecy Act, allowing scammers to open fraudulent accounts and execute the scam over six months. This case underscores the growing prevalence of romance baiting and pig butchering scams, where victims are defrauded through manipulated relationships and deceptive investment schemes. The lawsuit highlights the critical need for financial institutions to enforce stringent verification and monitoring to prevent such frauds.

9. Microsoft Bing Mimics Google’s Interface

In a surprising move, Microsoft’s Bing has adopted a strategy to imitate Google’s homepage to attract users.

Dave Bittner reports:
“Microsoft's Bing and Google is heating up again, with the former resorting to some pretty clever or sneaky tactics to try to win over users” [20:30].

Users searching Google on Bing without signing into a Microsoft account encounter a page resembling Google's interface, complete with a similar search bar and a Google-like doodle. Despite the facade, actual search results retain Bing’s branding. This tactic aims to confuse or entice users to switch to Bing, reflecting Microsoft's aggressive efforts to compete with Google's dominance in the search engine market. Google's Parisa Tabriz criticized the move on Twitter, citing it as another instance where imitation serves as a form of competition.

Conclusion

This episode of CyberWire Daily provides a comprehensive overview of the heightened cyber tensions between the U.S. and China, recent data breaches across various sectors, emerging malware threats, and evolving phishing tactics. Additionally, it highlights legal challenges faced by financial institutions in preventing crypto-related scams and Microsoft's strategic maneuvers in the search engine market. These discussions underscore the dynamic and ever-evolving landscape of cybersecurity, emphasizing the need for robust defenses and proactive measures across all sectors.

For more detailed insights and continuous updates on cybersecurity threats and developments, subscribe to CyberWire Daily by N2K Networks.

Loading summary

Transcript17 lines

[00:02]
Dave Bittner
You're listening to the CyberWire network. Powered by N2K ransomware, supply chain attacks and zero day exploits can strike without warning, leaving your business's sensitive data and digital assets vulnerable. But imagine a world where your cybersecurity strategy could Prevent these threats. That's the power of the ThreatLocker Zero Trust Endpoint Protection platform. Robust cybersecurity is a non negotiable to safeguard organizations from cyberattacks. ThreatLocker implements a proactive, deny by default approach to cybersecurity, blocking every action process end user unless specifically authorized by your team. This least privilege methodology mitigates the exploitation of trusted applications and ensures protection for your organization. 2473655 IT professionals are empowered by Threat Locker Application allow listing, ring fencing, network control and EDR solutions, enhancing their cybersecurity posture and streamlining internal IT and security operations. To learn more about how ThreatLocker can help mitigate unknown threats in your digital environment and align your organization with respected compliance frameworks, visit threatlocker.com China criticizes US sanctions School districts face cyber attacks over the holiday season. The UN's International Civil Aviation Organization is investigating a potential data breach. Eager B malware targets government organizations and ISPs in the middle East. A major New York Medical center notifies 674,000 individuals of a data breach. Hackers infiltrate Argentina's Airport Security Police payroll system. An industrial networking firm identifies critical vulnerabilities in its cellular routers, secure routers and network security appliances. Phishing click rates among enterprise users surged in 2024. A California man is suing three banks for allegedly enabling criminals to steal nearly $1 million from him. On our Threat Vector segment, we preview this week's episode where host David speaks with Margaret Kelly about the evolving landscape of cloud breaches and Microsoft's Bing demonstrates imitation is the sincerest form of flattery. It's Tuesday, January 7th, 2025. I'm Dave Buettner and this is your Cyberwire Intel Brief. Foreign thanks for joining us here today. It is great to have you with us. China has criticized US Sanctions imposed on Beijing based Integrity Technology Group accused of involvement in hacking US Critical infrastructure. The US Treasury's move targets the company for alleged ties to Flax Typhoon, a Chinese state sponsored cyber campaign. Integrity Technology and China's Foreign Ministry rejected the claims, with spokesperson Gao Zhaikun accusing Washington of using cybersecurity as a tool to smear China. Meanwhile, China's National Cybersecurity Information center reported foreign cyber attacks on Chinese networks including from the us, Netherlands, and other nations involving Trojan programs, botnets and intellectual property theft. The sanctions freeze the company's US assets and restrict business with Americans. The decision follows broader concerns over Chinese cyber espionage campaigns like Salt typhoon, which compromise U.S. telecommunications and private data. U.S. officials recently revealed Salt Typhoon's impact on eight telecom providers and numerous countries, escalating tensions in CyberSecurity. Meanwhile, the U.S. department of Defense has added Tencent, a Chinese messaging and gaming giant, to its Chinese military company list under the Military Civil Fusion strategy, which aids the Chinese military's modernization efforts. While inclusion doesn't equate to a ban, it prevents the Pentagon from working with listed companies and could trigger supply chain issues or further restrictions. Tencent, which owns WeChat, Voov and Gaming assets like PUBG and Fortnite, denies the claims and plans to appeal. Critics argue WeChat aids Beijing's intelligence efforts with nations like Canada banning it from government devices. Battery maker Catl, a Tesla supplier, was also added to the list, raising concerns about potential impacts on global partnerships. Tencent's addition reflects growing tensions between US authorities and Chinese tech companies. Two US school districts face cyberattacks over the holiday season, highlighting a persistent trend of targeting educational institutions during low IT staffing periods. South Portland Public Schools in Maine discovered a weekend attack through a network detection system identifying compromised firewalls linked to an IP address from Bulgaria. The district acted swiftly, disconnecting equipment and restoring systems before classes resumed. Officials believe no student or staff data was compromised but remain vigilant with continued network monitoring. In Tennessee, Rutherford county schools serving over 51,000 students experienced a prolonged disruption from a Thanksgiving cyber attack that exposed some employee and student data. Third party investigators are reviewing the breach, and affected individuals will be notified. These incidents echo a broader rise in ransomware attacks on schools, with recovery times ranging from months to significant financial and educational losses. Federal initiatives including cybersecurity, training and funding aim to bolster digital defenses across K12 schools. The UN's International Civil Aviation Organization, or ICAO, is investigating a potential data breach after the hacking. Group NATOHub claims to have compromised 42,000 documents, including personal data, on breach forums, two allegedly targeting international organizations. NATO hub stated the breach includes names, birth dates, contact details, and employment histories. The group recently claimed another breach involving 14,000 UN delegates. ICAO has implemented security measures and is conducting a thorough investigation emphasizing the seriousness of the incident. New variants of the Uyghur B malware framework are targeting government organizations and ISPs in the middle east, with possible links to the Chinese state backed group coughing down According to Kaspersky, Eager B exploits Microsoft Exchange proxy login vulnerabilities to gain initial access, though the attack vector in recent cases remains unclear. The malware uses DLL hijacking to load a backdoor into memory, enabling 24. 7 operations. Eager Bs capabilities are enhanced by plugins including File Process, Service, Network and Remote Access Managers. These tools allow for file manipulation, RDP sessions and command shell injection, making the malware both stealthy and persistent. Kaspersky warns that similar attacks have been observed in Japan, indicating a global threat. Organizations are urged to patch Exchange servers and monitor for indicators of compromise to mitigate risks. Richmond University Medical center in Staten island is notifying 674,000 individuals of a data breach from a ransomware attack in May 2023. The incident disrupted the hospital's IT systems for nearly a month and led to the theft of files containing sensitive information such as Social Security numbers, medical details and financial data. While the electronic health record system was reportedly unaffected, manual review revealed compromised files. The notification comes 18 months after the breach, raising concerns about delays in incident response and compliance with HIPAA's 60 day breach notification rule. Experts attribute such delays to insufficient cybersecurity skills, budgets and tools in healthcare organizations. The medical center faces class action lawsuits alleging negligence in safeguarding data. Experts recommend healthcare providers minimize stored data, isolate sensitive information and secure identity systems to mitigate future breaches and accelerate response times. Hackers infiltrated Argentina's Airport Security Police payroll system, exposing vulnerabilities in data management and causing financial losses for personnel. Attackers accessed salary records, tampered with pay slips and made unauthorized deductions of between two and five thousand pesos under misleading labels. Investigators link the breach to Banco Nacion, responsible for processing payroll, and suggest foreign servers were used, though domestic involvement isn't ruled out. The PSA has tightened cybersecurity measures and launched awareness campaigns, but criticism persists over past failures to secure sensitive data. Industrial networking firm Moxa has identified two critical vulnerabilities in its cellular routers, secure routers and network security appliances. The first flaw exploits hard coded credentials to gain root access, affecting 10 products. The second enables OS command injection via input bypass, affecting seven products and allowing remote exploitation by unauthenticated users. Rated 8.6 and 9.8 on CVSS, the vulnerabilities pose significant risks. Moxa has released patches for many devices and advises minimizing network exposure, limiting SSH access and using intrusion detection systems for unpatched products. New research from Netscope says that phishing click rates among enterprise users surged by 190% in 2024, with over 8 in 1,000 users clicking phishing links monthly. The rise stems from increased phishing attempts and more sophisticated lures. Cloud applications were the top targets at 27%, with Microsoft accounting for 42% of clicks. Attackers typically exploit compromised accounts for data theft or business email compromise. Banking and telco providers were also frequently targeted. Phishing clicks increasingly came from search engines via malicious ads and SEO poisoning rather than emails. Other sources included shopping and technology sites Ken Liam, a California man, is suing three banks for allegedly enabling criminals to steal nearly $1 million from him through a cryptocurrency investment scam. The lawsuit accuses Chonhing Bank, Fubon bank and DBS bank of failing to conduct proper anti money laundering checks under the Bank Secrecy act, allowing scammers to open fraudulent accounts over six months. In 2023, Liam transferred $986,000 to these accounts, believing he was investing in crypto. He realized the scam when his investments were frozen for alleged money laundering, followed by a demand for a fake IRS tax payment. Liam alleges the banks ignored know your customer protocols, failing to verify account owner identities or investigate suspicious transactions. This case highlights a growing trend of romance baiting or pig butchering scams where victims are defrauded of billions globally. Similar lawsuits and regulatory efforts worldwide aim to clarify financial institutions responsibility in preventing such fraud. Coming up after the break on our Threat Vector segment, we preview this week's episode with David Moulton speaking with Margaret Kelly about the evolving landscape of cloud breaches and Microsoft's Bing demonstrates imitation is the sincerest form of flattery. Stay with us. And now a word from our sponsor, KnowBe4. It's all connected and we're not talking conspiracy theories. When it comes to infosec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. KnowBeFor, provider of the world's largest library of security awareness training, provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. KnowBeFor's security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike and Cisco 35 vendor integrations and Counting Security Coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real time coaching campaigns targeting risky users based on those events from your network, endpoint identity or web security vendors. Then coach your users at the moment the risky behavior occurs, with contextual security tips delivered via Microsoft Teams, Slack, or email. Learn more@knowbe4.com SecurityCoach that's knowbe4.com SecurityCoach and we thank knowbe4 for sponsoring our show. Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off it's time for our weekly Threat Vector Preview segment. This time, host David Moulton speaks with Margaret Kelly about the evolving landscape of cloud breaches and how organizations can defend against sophisticated attacks.
[17:02]
David Moulton
Here's a quick preview of this week's Threat Vector. Tune into the full show on Thursday and don't forget to subscribe so you never miss a single episode. Let's get into it. Margaret. Last time we tried this I had issues with neighbors building. Incredible bits and pieces of landscaping. I wanted to open today though, with a quick question. Do you now have a cybersecurity joke that you want to tell our listening audience?
[17:31]
Margaret Kelly
Absolutely. How did the hacker get away from the authorities?
[17:36]
David Moulton
I don't know.
[17:37]
Margaret Kelly
You Ransomware.
[17:47]
David Moulton
Margaret, given your extensive experience in cybersecurity, how have you seen the landscape of cloud security breaches evolve over the years?
[17:57]
Margaret Kelly
So when organizations were first moving to the cloud and migrating their workloads, what we saw was a lot of basic misconfigurations that led to really large data breaches. So I still remember reading article after article about the latest organization that had exposed all of their data to the Internet because they had made their object level storage publicly accessible. Well, luckily now that is not the headline that we are seeing constantly anymore. But now we are seeing these cloud security breaches where the threat actors are really advanced with their cloud knowledge and that they are using cloud native attack techniques to exfiltrate data as opposed to just taking basic data that's publicly accessible.
[18:50]
David Moulton
Are there any patterns or recurring vulnerabilities that have persisted despite the advancements in cloud technologies.
[18:59]
Margaret Kelly
Yeah. So what we're seeing is each of the cloud service providers are continuously improving their default security measures, which is something that is always great to see. But what we are seeing time and time again is kind of the old story of, you know, these organizations not patching their virtual machines and leaving them publicly accessible. And it's a lot of work to make a virtual machine publicly accessible in a cloud environment. You got to click a lot of buttons to say, you know, yes, I want this thing to be public. But we are still seeing time and time again, really unpatched old hosts with all these vulnerabilities on them that are public to the Internet. And this is something that we continue to see within our investigations.
[19:48]
David Moulton
Margaret, do you have a hypothesis on why that's true? Is it playbooks that deploy automatically and they haven't been updated? Is it they've forgotten about those machines and they just persist at scale with those mistakes in them? Is it something else?
[20:06]
Margaret Kelly
So a lot of times these virtual machines are made publicly accessible because the people creating them don't have enough cloud knowledge as well as basic networking experience and knowledge. So someone said to a random engineer, hey, we need someone to spin up our cloud environment. Will you do it? And one or two people end up spinning the corporate cloud environment. But then those people don't have the proper security background. They are not network engineers. And the easiest way for them to set up the environment is just make these hosts publicly accessible. So then when they're working in the traditional on prem environment, they can access these cloud hosts and they don't have to worry about actually engineering complex networks. You can just kind of set it up and they think it's good enough. But in reality, you have these public, vulnerable hosts then on the Internet.
[21:09]
David Moulton
Looking ahead to the future, what emerging trends or threats in cloud security do you believe will demand the most attention from organizations?
[21:21]
Margaret Kelly
So when it comes to emerging cloud threats, we are continuing to see threat actors broaden their cloud attacks. This is really including automation and scripting. So we are seeing threat actors deploy resources in the cloud via a script. And so the time that it takes a threat actor to gain initial access, spin up resources, and exfiltrate data keeps getting shorter and shorter. David, earlier you asked me about how the evolution of AI can it has impacts on these cloud attacks. And what we are seeing is that attackers now don't have to write their own scripts by hand. It makes it a lot easier for them to say that they want a script to do XYZ in the cloud and that can be written very quickly for them. And so this also shortens the length of the attack because they don't have to do any of the scripting by hand anymore.
[22:21]
David Moulton
So it sounds like once again, speed is the ultimate feature, either for an attacker or a defender who can go faster wins the day.
[22:31]
Margaret Kelly
Yep, exactly. And these attacks, sometimes they take a couple months to take place, but a lot of times these attacks are done within a span of two or three days, and terabytes of data have gone out the door just in the span of a couple hours of that attack Timeline.
[22:54]
David Moulton
Thanks for listening to this segment of the Threat Vector podcast. If you want to hear the whole conversation, you can find the show in your podcast player. Just search for Threat Vector by Palo Alto Networks each week I interview leaders from across our industry and from Palo Alto Networks to get their insights on cybersecurity, the threat landscape, and the constant changes we face. See you there.
[23:22]
Dave Bittner
Be sure to check out new episodes of Threat Vector every Thursday on your favorite podcast app. And finally, the age old rivalry between Microsoft's Bing and Google is heating up again, with the former resorting to some pretty clever or sneaky tactics to try to win over users. If you search Google on Bing right now without signing into a Microsoft account, you'll be greeted with a page that looks an awful lot like, well, Google. Yeah, the Bing interface has been modified to mimic the look and feel of its rival's homepage. And it's not just a simple skin deep change either. This mock Google page includes all the trimmings from a search bar to an image that resembles a Google doodle. But here's the thing. Underneath this fancy ui, your standard Bing search results still appear. It's a clever trick, and one that might just confuse or delight users who are new to the world of PC searching. And it's not like Microsoft is trying to hide its hand. As soon as you click on any of those search results, the Bing branding rears its head. But why would Microsoft go to such lengths to create a fake Google interface? Well, it seems that this is just one more tactic in the company's ongoing efforts to get people to use Bing instead of switching to Google. Google's Chrome boss, Parisa Tabriz, has made her feelings about Microsoft's behavior clear in a recent post on X Twitter, stating imitation is the sincerest form of flattery. But Microsoft spoofing the Google homepage is another tactic in its long history of tricks to confuse users and limit choice. So there's some serious shade. At any rate, it's clear that the battle between Bing and Google is far from over. At any rate, it's clear that the battle between Bing and Google is far from over. And we'll be keeping a close eye on how things develop. After all, when it comes to competing for users attention, Microsoft is pulling out all the stops. And who knows, maybe one day we'll even see a fake Google interface on Bing's homepage that doubles as a doodle itself. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k. We're privileged that N2k cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. This episode was produced by Liz Stokes. Our mixer is Trey Hester, with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Our executive editor is Brandon Park, Simone Petrella is our president, Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.