US Treasury targets darknet kingpin.

Maria Varmazis

You're listening to the Cyberwire Network powered by N2K.

Dave Bittner

We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed when it comes to hiring, Indeed is all you need. Stop struggling to get your job post noticed Indeed Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results so the right candidates see it first and it works. Sponsored Jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed plus with Sponsored Jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed according to Indeed Data Worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit. To get your jobs more visibility at indeed.com cyberwire just go to indee indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need.

Maria Varmazis

U.S. treasury Department sanctions Iranian national accused of running the Nemesis Criminal Marketplace Hunters International threatens to leak data stolen from Tata technologies Apple challenges UK's iCloud encryption backdoor order UK competition regulator says no investigation into Microsoft's OpenAI partnership Stealthy malware campaign targets the UAE's aviation and satellite industry. This week on our cert byte segment, N2K's Chris Hare is joined by Troy McMillan to break down a question targeting the Cisco Certified Network Associate Exam and Hacker hit the books Today is Wednesday, March 5, 2024. I'm Maria Varmazes, host of N2K's T Minus Space Daily podcast in for Dave Buettner and this is your Cyberwire Intel Briefing. Thanks for joining us today. Let's get into it. The U.S. treasury Department's Office of Foreign Assets Control has sanctioned the administrator of the Nemesis Darknet Marketplace, which was shuttered by law enforcement last year. Treasury says Iranian national Behruz Parsarad maintained full control of the marketplace and its illicit profits, pocketing millions of dollars while Nemesis was active. Acting Undersecretary for Terrorism and Financial Intelligence Bradley T. Smith said in a press release that as the administrator of the nemesis Darknet marketplace Parserad sought to build and continues to try to reestablish a safe haven to facilitate the production, sale and shipment of illegal narcotics like fentanyl and other synthetic opioids. Treasury, in partnership with US law enforcement, will use all available tools to dismantle these Darknet marketplaces and hold accountable the individuals who oversee them. The Hunters International ransomware gang has claimed responsibility for an attack against Tata Technologies, a product engineering subsidiary of Indian auto manufacturing giant Tata Motors. The company disclosed in January that it had sustained a ransomware attack that affected some of its IT systems. According to a report from Security Week, the Hunters gang is threatening to publish 1.4 terabytes of stolen data if a ransom isn't paid by next week. Hunters hasn't shared what the stolen data contains, and Tata hasn't commented on the gang's claims. Apple has filed a legal complaint with the UK's Investigatory Powers Tribunal to challenge a government order demanding the creation of a backdoor into its encrypted iCloud systems. This order, issued under the Investigatory powers Act of 2016, seeks access to data protected by Apple's ADP, or Advanced Data Protection Encryption. In response, Apple has withdrawn ADP from the uk, arguing that such measures compromise user privacy and security. The case raises significant concerns about the balance between national security and individual privacy rights, with potential implications for global data protection standards. In other UK regulatory and big tech news, the UK's Competition and Markets Authority, or CMA, has concluded its review of Microsoft's $13bn investment in OpenAI, determining that the partnership does not warrant a formal merger investigation. The CMA found no evidence of Microsoft exercising de Facto control over OpenAI, particularly in light of OpenAI's recent collaborations, such as the $100 billion AI infrastructure project Stargate with SoftBank, which reduces its reliance on Microsoft's computing infrastructure. This decision comes amid increased regulatory scrutiny of AI related partnerships with the cma, also examining collaborations between other tech giants and AI startups, such as Amazon's investment in Anthropic. Proofpoint has published a report on a highly targeted phishing campaign that targeted several aviation and satellite communications organizations in the United Arab Emirates, as well as critical transportation infrastructure and the threat actor, which proofpoint tracks as unk. Crafty Camel compromised an Indian electronics company that had a business relationship with the targets and used this access to send spearphishing emails tailored to each targeted entity. The emails were designed to deliver a custom go backdoor, which proofpoint has dubbed Sosano. The researchers note that the campaign used polyglot files to obfuscate payload content, which is a technique that is relatively uncommon for espionage motivated actors in proofpoint telemetry and speaks to the desire of the operator to remain undetected. Proofpoint doesn't attribute the campaign to any known threat actor, but notes that the ttps overlap with previous operations tied to Iran's Islamic Revolutionary Guard Corps. Scammers are imitating the Bien Lian ransomware gang and sending physical letters with fake ransom demands to C Suite employees in the United States, according to a report from Bleeping Computer. The letters inform the recipient that their organization's data has been stolen and will be published if a ransom isn't paid within 10 days. The letters and again these are physical letters, contain a QR code leading to a Bitcoin wallet address, and recipients are instructed to pay up to $350,000. GuidePoint Security, which is tracking the scam, assesses with a high level of confidence that the extortion demands are fake and not actually tied to the Bien Lian gang. The security firm hasn't observed any evidence of intrusions at the targeted organizations, and the information in the letters is copied from Bien Lian's public websites. According to the police in the uk, scammers are impersonating police officers in order to steal cryptocurrency from investors. Using personal information obtained from data leaks, the scammers create fake action fraud reports and then contact victims claiming to investigate alleged fraud. Victims are then instructed to expect a call from their cryptocurrency wallet provider. Subsequently, a scammer posing as a security officer requests sensitive information, including the seed phrase of the victim's cryptocurrency wallet, enabling the scammer to access and steal the funds. Kent Police report that nine individuals have collectively lost £1 million to this scheme. Authorities advise against sharing personal details over the phone and recommend verifying the identity of callers claiming to be from law enforcement or financial institutions. Recent research has uncovered further links between the Blk Bosta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post exploitation access to corporate networks. These shared tactics and tools suggest a potential overlap between the Black Bosta and Cactus ransomware groups, indicating that they may be collaborating or sharing resources. Coming up after our break, we've got our Certbyte segment. N2K's Chris Hare is joined by Troy McMillan to break down a question from N2K's Cisco Certified Network Associate Practice Test and after Certbyte hear how cybercriminals are studying port docs.

Dave Bittner

And now a message from Blackcloak did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home. Blackcloak's award winning digital executive protection platform secures their personal devices, home networks and connected lives. Because when executives are compromised at home, your company is at risk. In fact, over one third of new members discover they've already been breached. Protect your executives and their families 247365 with BlackCloak. Learn more at BlackCloakIO Cyber threats are more sophisticated than ever. Passwords. They're outdated and can be cracked in a minute. Cybercriminals are intercepting SMS codes and bypassing authentication apps. While businesses invest in network security, they often overlook the front door. The login Yubico believes the future is passwordless. Yubikeys offer unparalleled protection against phishing for individuals, SMBs and enterprises. They deliver a fast, frictionless experience that users love. Yubico is offering N2K followers a limited buy one, get one offer. Visit yubico.com N2K to unlock this deal. That's Yubico. Say no to modern cyber threats. Upgrade your security Today.

Maria Varmazis

We'Ve got our Certbyte segment coming up next. N2K's Chris Hare is joined by Troy McMillan to break down a question from N2K's Cisco Certified Network Associate Practice Test.

Chris Hare

Hi everyone, it's Chris. I'm content developer and Project Management specialist here at N2K Networks. I'm also your host for this week's edition of certbite, where I share a practice test question from our suite of industry leading content and a study tip to help you achieve the professional certifications you need to fast track your career growth in it, cybersecurity and project management. Today's question targets the Cisco Certified Network Associate CCNA Exam 201301 version 1.1, which was updated in April 2024. This exam tests skills related to network fundamentals along with new topics such as generative AI, cloud network management and machine learning. I've enlisted Troy as our new guest host today. He's a specialist in all things Cisco, ISACA and EC Council. Welcome Troy. How are you today?

Troy McMillan

I'm doing great, Chris. Thank you for having me.

Chris Hare

Absolutely. And before we get into it, be sure to stick around after our question for our special study bit for this test as well as for the latest News on upcoming N2K practice tests. Okay, so we are going to be turning the tables and Troy, you're going to be asking me today's question. Troy, I turn it over to you.

Troy McMillan

Okay, Chris, here's your question. You've discovered that hackers are gaining access to your WEP wireless network. After researching, you discovered that the hackers are using war driving methods. You need to protect against this type of attack. What should you do? And it tells us that there is more than one correct answer. Okay, your choices are change the default ssid, disable the SSID broadcast, configure the network to use authenticated access only, or configure the WEP protocol to use a 128 bit key.

Chris Hare

Okay, so before I answer, Troy, I understand this is under the network fundamentals objective and the describe wireless principles sub objective, correct?

Troy McMillan

That is correct.

Chris Hare

Okay. And I have more than one correct answer. So on the exam, should students expect select more than one correct answer or do they say select two, et cetera?

Troy McMillan

Well, it may even be more difficult than that, Chris. I hate to inform you that sometimes they may even say select all that apply.

Chris Hare

Oh, okay. Yeah, that makes it even tougher. So, to help me out, since this is way out of my wheelhouse, what does WEP stand for?

Troy McMillan

It stands for Wired Equivalent Privacy. The name attempting to imply that the security is as good as being on a wired network.

Chris Hare

All right, and for those who are not familiar with what a war driving method is, could you explain that a little bit?

Troy McMillan

War driving is when a hacker rides around in a car. That's where the driving comes from. And they use a high powered antenna attached to a laptop to see if they can discover what wireless networks are in the area. And sometimes they'll go a step further and they'll record information about the network, its security settings, whether it's an open network or not. And they sometimes share that information online with other hackers.

Chris Hare

Okay, wow. All right, so I'm going to assume there's never an option on this exam to select all answer choices. So I'm going to choose the following based on them sounding like a logical set of sequential steps. I'm going to select B, disable the SSID broadcast, and C, configure the network to use authenticated access only. Am I right?

Troy McMillan

Good try, Chris. You're partially correct. The answers are actually A, B and C. You had three choices here. Here's why. To protect against war driving, you need to change the default ssid, disable the SSID broadcast and configure the network to use authenticated access Only, you would change the default ssid, because if you don't change that default, hackers generally see that and assume that you haven't changed any of the other security settings, such as the administrator password. You would disable the SSID broadcast to prevent them from even seeing the network when they scan for networks. And then configuring the network to use authenticated access only would be a final step to ensure that even if somehow they do get access to the network, they can't log in. Now, you shouldn't configure the WEP protocol to use a 128 bit key, because in recent years, this particular encryption protocol has been proven to be ineffective. It's very easily cracked. In fact, it's so easily cracked that we have students doing it in classes now, so that would not be something you want to use.

Chris Hare

Wow. Okay, that's all great info. Now, we're going to get into your study bit in a moment, but how would you instruct students on how they can prepare for a question of this type?

Troy McMillan

Well, first of all, I would say don't jump for the first shiny object that you see. Oftentimes, when you're looking at a set of options to a question, one may jump right out at you as being correct. And in your excitement to know the right answer, you may not read the question as completely as you should. And there could be one small detail in the question that rules that particular option out. So carefully consider all the options before you jump for what you think may be the quickest answer.

Chris Hare

That is really great advice and that could probably apply across many different types of exams.

Dave Bittner

So.

Chris Hare

Great. And who would you say is the target audience for this exam?

Troy McMillan

Well, the CCNA exam is sort of the entry level exam to the Cisco ecosystem. So the target audience for this would be people that are just beginning to get into Cisco. On the other hand, I would say that anybody that wants to take this exam should have some background. They probably want to have already passed some other exams like the Network plus exam and the A exam. They probably want to have some background in networking before they do this exam.

Chris Hare

Great information and question, Troy. All right, so now it's time to discuss the study bit for this test. What do you have for us?

Troy McMillan

The study bit for this one is time management, because you're going to have, based on the number of items you're going to get and the amount of time you have, you're going to have 90 seconds per item to answer these questions. So you can't get stuck on one. If you come to a question and you don't know the answer you want to think about it, move on. Make sure you answer all the questions that you know first so that you don't leave any unanswered.

Chris Hare

Awesome tip. Thanks so much for being here with me today, Troy.

Troy McMillan

You're welcome.

Chris Hare

And as we wrap up today's episode, are there any upcoming practice tests you'd like to promote here?

Troy McMillan

Yes, we just released the Comptia Tech, the AWS Certified AI Practitioner, and Azure AI Engineer Associate Practice Test, and we'll also have more coming up for Comptia, Microsoft, and Oracle next month.

Chris Hare

Thanks so much Troy, and thank you for joining me for this week's Cert Bite. If you're actively studying for this certification and have any questions about study tips or even future certification questions you'd like to see, please feel free to email me at certbyte2k.com that's C-E-R-T V Y T E N number 2k.com if you'd like to learn more about N2K's practice tests, visit our website at n2k.com certify for sources and citations. For this question, please check out our Show Notes. Happy certifying.

Maria Varmazis

Be sure to visit our Show Notes for links to the practice test and other helpful resources that Chris and Troy talked about.

Chris Hare

About.

Dave Bittner

Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers, so I decided to try DeleteMe. I have to say, Delete me is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data Privacy is protected. DeleteMe's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your delete me plan when you go to JoinDeleteMe.com N2K and use promo code N2K at checkout. The only way to get 20% off is to go to JoinDeleteMe.comN2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K.

Maria Varmazis

And for our final story today, cybercriminals aren't just launching attacks, they're studying how law enforcement investigates them. A cybercrime investigator recently revealed that hackers use the US Courts system, called pacer, to analyze legal cases, learning investigative tactics and adapting to avoid prosecution. But PACER access is just one of law enforcement's challenges. A major hurdle is the lack of standardized naming for hacker groups. Different cybersecurity firms use different labels for the same threat actors, making it harder to track and dismantle cybercriminal operations. Jurisdictional red tape further complicates Cyber investigations. With 40 federal agencies handling cybercrime, overlapping cases create inefficiencies. Unlike Europol, which assigns dedicated personnel to cross border cases, US Agencies rely on detailees who remain tied to their home organizations, often competing rather than collaborating. The solution? Well, we've been saying it for a long time, standardized threat intelligence, better coordination between agencies, and more flexible jurisdictional policies. Cybercrime knows no borders and law enforcement must evolve to keep up. And that's the cyberwire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead and in the rapidly changing world of cybersecurity. If you like this show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com we're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, NTUK makes it easy for companies to optimize your biggest investment your people. We make you smarter about your teams while making your team smarter. Learn how@n2k.com N2K Senior Producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilby is our publisher and I'm Maria Varmazis in for Dave Bittner. Thanks for listening. We'll see you tomorrow.

Dave Bittner

Cyber threats are evolving every second, and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant.