Transcript
Maria Varmazis (0:02)
You're listening to the Cyberwire Network powered by N2K.
Dave Bittner (0:14)
We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed when it comes to hiring, Indeed is all you need. Stop struggling to get your job post noticed Indeed Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results so the right candidates see it first and it works. Sponsored Jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed plus with Sponsored Jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed according to Indeed Data Worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit. To get your jobs more visibility at indeed.com cyberwire just go to indee indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need.
Maria Varmazis (2:01)
U.S. treasury Department sanctions Iranian national accused of running the Nemesis Criminal Marketplace Hunters International threatens to leak data stolen from Tata technologies Apple challenges UK's iCloud encryption backdoor order UK competition regulator says no investigation into Microsoft's OpenAI partnership Stealthy malware campaign targets the UAE's aviation and satellite industry. This week on our cert byte segment, N2K's Chris Hare is joined by Troy McMillan to break down a question targeting the Cisco Certified Network Associate Exam and Hacker hit the books Today is Wednesday, March 5, 2024. I'm Maria Varmazes, host of N2K's T Minus Space Daily podcast in for Dave Buettner and this is your Cyberwire Intel Briefing. Thanks for joining us today. Let's get into it. The U.S. treasury Department's Office of Foreign Assets Control has sanctioned the administrator of the Nemesis Darknet Marketplace, which was shuttered by law enforcement last year. Treasury says Iranian national Behruz Parsarad maintained full control of the marketplace and its illicit profits, pocketing millions of dollars while Nemesis was active. Acting Undersecretary for Terrorism and Financial Intelligence Bradley T. Smith said in a press release that as the administrator of the nemesis Darknet marketplace Parserad sought to build and continues to try to reestablish a safe haven to facilitate the production, sale and shipment of illegal narcotics like fentanyl and other synthetic opioids. Treasury, in partnership with US law enforcement, will use all available tools to dismantle these Darknet marketplaces and hold accountable the individuals who oversee them. The Hunters International ransomware gang has claimed responsibility for an attack against Tata Technologies, a product engineering subsidiary of Indian auto manufacturing giant Tata Motors. The company disclosed in January that it had sustained a ransomware attack that affected some of its IT systems. According to a report from Security Week, the Hunters gang is threatening to publish 1.4 terabytes of stolen data if a ransom isn't paid by next week. Hunters hasn't shared what the stolen data contains, and Tata hasn't commented on the gang's claims. Apple has filed a legal complaint with the UK's Investigatory Powers Tribunal to challenge a government order demanding the creation of a backdoor into its encrypted iCloud systems. This order, issued under the Investigatory powers Act of 2016, seeks access to data protected by Apple's ADP, or Advanced Data Protection Encryption. In response, Apple has withdrawn ADP from the uk, arguing that such measures compromise user privacy and security. The case raises significant concerns about the balance between national security and individual privacy rights, with potential implications for global data protection standards. In other UK regulatory and big tech news, the UK's Competition and Markets Authority, or CMA, has concluded its review of Microsoft's $13bn investment in OpenAI, determining that the partnership does not warrant a formal merger investigation. The CMA found no evidence of Microsoft exercising de Facto control over OpenAI, particularly in light of OpenAI's recent collaborations, such as the $100 billion AI infrastructure project Stargate with SoftBank, which reduces its reliance on Microsoft's computing infrastructure. This decision comes amid increased regulatory scrutiny of AI related partnerships with the cma, also examining collaborations between other tech giants and AI startups, such as Amazon's investment in Anthropic. Proofpoint has published a report on a highly targeted phishing campaign that targeted several aviation and satellite communications organizations in the United Arab Emirates, as well as critical transportation infrastructure and the threat actor, which proofpoint tracks as unk. Crafty Camel compromised an Indian electronics company that had a business relationship with the targets and used this access to send spearphishing emails tailored to each targeted entity. The emails were designed to deliver a custom go backdoor, which proofpoint has dubbed Sosano. The researchers note that the campaign used polyglot files to obfuscate payload content, which is a technique that is relatively uncommon for espionage motivated actors in proofpoint telemetry and speaks to the desire of the operator to remain undetected. Proofpoint doesn't attribute the campaign to any known threat actor, but notes that the ttps overlap with previous operations tied to Iran's Islamic Revolutionary Guard Corps. Scammers are imitating the Bien Lian ransomware gang and sending physical letters with fake ransom demands to C Suite employees in the United States, according to a report from Bleeping Computer. The letters inform the recipient that their organization's data has been stolen and will be published if a ransom isn't paid within 10 days. The letters and again these are physical letters, contain a QR code leading to a Bitcoin wallet address, and recipients are instructed to pay up to $350,000. GuidePoint Security, which is tracking the scam, assesses with a high level of confidence that the extortion demands are fake and not actually tied to the Bien Lian gang. The security firm hasn't observed any evidence of intrusions at the targeted organizations, and the information in the letters is copied from Bien Lian's public websites. According to the police in the uk, scammers are impersonating police officers in order to steal cryptocurrency from investors. Using personal information obtained from data leaks, the scammers create fake action fraud reports and then contact victims claiming to investigate alleged fraud. Victims are then instructed to expect a call from their cryptocurrency wallet provider. Subsequently, a scammer posing as a security officer requests sensitive information, including the seed phrase of the victim's cryptocurrency wallet, enabling the scammer to access and steal the funds. Kent Police report that nine individuals have collectively lost £1 million to this scheme. Authorities advise against sharing personal details over the phone and recommend verifying the identity of callers claiming to be from law enforcement or financial institutions. Recent research has uncovered further links between the Blk Bosta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post exploitation access to corporate networks. These shared tactics and tools suggest a potential overlap between the Black Bosta and Cactus ransomware groups, indicating that they may be collaborating or sharing resources. Coming up after our break, we've got our Certbyte segment. N2K's Chris Hare is joined by Troy McMillan to break down a question from N2K's Cisco Certified Network Associate Practice Test and after Certbyte hear how cybercriminals are studying port docs.