CyberWire Daily: Episode Summary – "When AI Goes Offline"

Release Date: December 12, 2024
Host/Author: N2K Networks

The December 12, 2024, episode of CyberWire Daily, hosted by Dave Buettner and produced by N2K Networks, delves into a spectrum of pressing cybersecurity issues, from significant AI outages to emerging malware threats and critical vulnerabilities across major software platforms. The episode features insightful discussions, expert interviews, and timely analyses essential for cybersecurity professionals and enthusiasts alike.

1. AI Service Outages: The Fragility of Dependence

The episode opens with a discussion on the recent global outages affecting two of the tech giants in AI services: OpenAI's ChatGPT and Meta's suite of applications.

OpenAI's ChatGPT Outage: On Thursday morning, OpenAI's ChatGPT experienced a significant outage lasting nearly three hours, disrupting millions of users and businesses. This downtime impacted not only ChatGPT but also OpenAI's API and Sora platforms. The host notes the immediate user frustration, citing over 28,000 reports on Down Detector and widespread complaints on social media. OpenAI acknowledged the issue swiftly on X Twitter, restoring full functionality by mid-morning.

Quote:
Dave Buettner [00:02]:
"The outage highlighted growing reliance on AI tools and the operational challenges posed by such disruptions."

Meta's Similar Disruption: Just a day prior, Meta faced widespread outages affecting Facebook, Instagram, WhatsApp, and Threads for several hours. These incidents collectively underscore the vulnerabilities inherent in digital infrastructure and the cascading impacts on global user bases.

Insights:

• Reliance on AI and Digital Platforms: The outages illuminate how deeply integrated AI and digital services have become in daily operations for businesses and individuals.
• Need for Robust Reliability: The swift response by OpenAI was appreciated but also emphasized the necessity for enhanced reliability measures to mitigate future disruptions.

2. Government Cybersecurity Leadership: Potential Split of NSA and Cyber Command

Advisers to President-elect Donald Trump are reconsidering the structural relationship between the U.S. Cyber Command (Cybercom) and the National Security Agency (NSA). Currently, both entities share leadership under a dual-hatted structure established in 2010.

Quote:
Dave Buettner [12:34]:
"Advisers to President-elect Donald Trump are revisiting plans to separate U.S. Cyber Command and the National Security Agency, currently led under a dual hat structure."

Key Points:

• Proponents' View: Arguing the dual roles are too expansive for a single leader, advocating for specialized focus on each entity.
• Critics' Concerns: Highlighting potential operational inefficiencies and risks to NSA's intelligence functions if split.
• Historical Context: President Biden's 2022 review favored maintaining the dual structure, reflecting ongoing debates across administrations.
• Legal and Operational Hurdles: While executive actions might bypass congressional approval, significant restructuring questions and effectiveness dilution remain.

Conclusion:
As of now, the dual-hatted leadership structure remains unchanged, with ongoing discussions reflecting the complexities of cybersecurity governance.

3. Critical Software Vulnerabilities and Malware Threats

The episode delves into several high-severity vulnerabilities affecting widely used software and the emergence of sophisticated malware.

Apache Struts 2 Vulnerability: A critical vulnerability with near-maximum severity has been disclosed in Apache Struts 2, enabling remote code execution via malicious file uploads. The flaw lacks a workaround, necessitating immediate patching to the latest version.

Quote:
Dave Buettner [14:21]:
"This vulnerability underscores risks, recalling Strut's role in the 2017 Equifax breach."

Microsoft Authquake Vulnerability: Oasis Security revealed "Authquake," a critical flaw in Microsoft's multifactor authentication (MFA) system, allowing attackers to bypass MFA protections. Exploiting this flaw required only the target's username and password, facilitating access to sensitive services like Outlook and Azure.

Quote:
Dave Buettner [17:27]:
"Oasis highlighted the severity given Microsoft's 400 plus million Office 365 seats."

Nova Keylogger Malware: Security researchers identified "Nova," a sophisticated variant of the Snake keylogger malware. Built in VB.net, Nova employs advanced data-stealing and evasion techniques, including process hollowing and heavily obfuscated code, to capture credentials, screenshots, and more.

Adobe's Critical Vulnerabilities: Adobe released updates addressing critical vulnerabilities across its product line, including Acrobat, Photoshop, Illustrator, and Substance 3D. These flaws, with CVSS scores up to 9.3, could enable remote code execution or privilege escalation, urging users to update immediately as no workarounds are available.

4. Espionage and Surveillance: Chinese Law Enforcement's Spyware Use

A report from cybersecurity firm Lookout exposes that Chinese law enforcement has been utilizing spyware, specifically "Eagle Message Spy," to collect extensive data from Android devices since 2017. Developed by Wuhan Chinasoft Token Information Technology, the spyware requires physical access to install and captures SMS, app communications, call logs, contacts, GPS data, as well as screen recordings and audio.

Quote:
Dave Buettner [19:04]:
"Eagle Message Spy's source code suggests a potential connection to surveillance tools like carbon steel, previously used to monitor minorities such as Uighurs and Tibetans."

Key Findings:

• Data Collection Methods: The spyware collects a wide array of personal data, stored in encrypted directories and transmitted to command and control servers.
• Operational Connections: Linked to local Chinese policy bureaus, indicating state-supported surveillance efforts.
• Limitations: No iOS version has been identified, limiting the scope to Android devices.

5. Hardware and Firmware Security Gaps

A new report by HP Wolff, titled "Securing the Device Lifestyle from Factory to Fingertips," reveals significant gaps in hardware and firmware security management within global organizations. Surveying 6,000 workers and 800 IT/security decision-makers, the report highlights:

Quote:
Dave Buettner [20:34]:
"The report underscores the need for prioritizing hardware and firmware security to enhance resilience, sustainability and cost efficiency."

Key Issues Identified:

• Procurement and Security: Over half of organizations report limited collaboration between procurement and IT security teams, leading to inadequate verification of supplier security claims.
• Knowledge Gaps: More than 79% acknowledge substantial gaps in hardware and firmware knowledge, increasing vulnerability throughout device lifecycles.
• Operational Challenges: Weak BIOS password practices, delays in firmware updates, and insufficient hardware threat detection mechanisms.
• Endpoint Risks: Issues persist at device retirement, with 70% of employees retaining old devices, risking data leaks.

Recommendations:

• Enhance collaboration between procurement and IT security.
• Improve hardware and firmware knowledge and practices.
• Prioritize security measures across the entire device lifecycle.

6. Krispy Kreme’s Online Cyberattack

Krispy Kreme encountered a cyberattack on November 29, disrupting its U.S. online ordering system while leaving in-person orders and deliveries unaffected. The attack significantly impacted digital sales, which constitute over 15% of the company's revenue, leading to a 2% drop in stock value following the incident.

Quote:
Dave Buettner [21:14]:
"Even donuts can't escape these sticky fingers of cybercriminals."

Impact and Response:

• Operational Disruption: While physical operations remained stable, the online segment faced notable revenue losses.
• Mitigation Efforts: Krispy Kreme engaged cybersecurity experts to contain and investigate the breach, though the full scope remains unclear.
• Uncertainty: The nature of the attack, including potential ransomware involvement, has not been confirmed, and no threat groups have claimed responsibility.
• Ongoing Recovery: Efforts to restore operations continue without a specified resolution timeline.

7. Expert Insight: Cryptographic Agility in the Financial Sector

A significant portion of the episode features an interview with Mike Silverman, Chief Strategy and Information Officer at the FS ISAC, discussing the recently published report on cryptographic agility within the financial sector.

Understanding Cryptographic Agility: Cryptographic agility refers to the ability to swiftly and seamlessly replace cryptographic algorithms and components in response to vulnerabilities or advancements in cryptanalysis. It's both a capability and a design principle aimed at minimizing disruption during transitions.

Quote:
Mike Silverman [15:49]:
"Cryptographic agility is a design principle... to build the capability so that when you switch these cryptographic algorithms and infrastructure, you do so with no or very minimal disruption to the business."

Key Challenges:

• Technical Complexity: Rewriting application code, managing key rotations, handling certificate storage, and ensuring compatibility across diverse hardware endpoints.
• Holistic Approach: Addressing every facet of the cryptographic infrastructure, from endpoints like point-of-sale devices to large-scale servers.
• Evolving Threats: Preparing for advancements such as quantum computing, which pose significant risks to current cryptographic standards.

Importance for Financial Services: FS ISAC emphasizes that preserving trust within the financial ecosystem necessitates robust cryptographic practices. With quantum computing on the horizon, the financial sector must adopt cryptographic agility to safeguard sensitive transactions and maintain operational integrity.

Quote:
Mike Silverman [19:17]:
"If quantum computers become sufficiently advanced, they could compromise the foundational cryptographic protocols like RSA, undermining the entire trust infrastructure of financial services."

Conclusion: The report advocates for financial institutions to integrate cryptographic agility into their security frameworks proactively, ensuring they are prepared for inevitable cryptographic transitions without compromising business continuity.

8. The Demise of "Do Not Track" and the Evolution of Privacy Tools

In a bittersweet development, Firefox has officially retired its "Do Not Track" (DNT) feature with its latest browser version, marking the end of a decade-long privacy initiative.

Quote:
Dave Buettner [22:59]:
"The dream of Do Not Track may be dead, but the fight for privacy continues, just with sharper tools."

Background and Failure:

• Original Intent: DNT was designed to provide users with a straightforward method to signal their preference against being tracked by advertisers.
• Lack of Compliance: Advertisers largely ignored or failed to honor DNT requests, rendering the feature ineffective.
• Industry Shift: Other browsers like Chrome and Edge maintain the setting in a symbolic gesture, while Apple abandoned DNT years earlier, citing its ineffectiveness against advanced tracking methods like fingerprinting.

Emerging Alternatives:

• Global Privacy Control (GPC): A newer technology offering more robust privacy protection compared to DNT.
• User Strategies: Increased reliance on VPNs and cookie blockers to navigate and mitigate tracking pervasive in the digital landscape.

Implications: Mozilla's decision to retire DNT reflects a pragmatic acceptance of its limitations and a pivot towards more effective privacy measures. It underscores the necessity for enforceable privacy standards rather than voluntary compliance from advertisers.

Conclusion

The episode of CyberWire Daily offers a comprehensive overview of the current cybersecurity landscape, highlighting the intricate challenges and evolving threats that organizations and individuals face. From the vulnerabilities in leading software platforms and the sophistication of emerging malware to the critical need for cryptographic agility in the financial sector and the shifting paradigms in privacy protection, the discussions provide valuable insights into safeguarding digital assets in an increasingly interconnected world.

For those seeking to stay informed and ahead in the realm of cybersecurity, this episode serves as an essential briefing on the latest developments and strategic considerations shaping the industry.

For more detailed information on the topics discussed, listeners are encouraged to visit CyberWire Daily and access the full transcripts and reports referenced in this summary.