Risky Business News Summary: Microsoft’s Thanksgiving Treat - An FTC Investigation

Podcast Information:

• Title: Risky Business News
• Host/Author: risky.biz
• Description: Regular cybersecurity news updates from the Risky Business team.
• Episode: Risky Biz News: Microsoft’s Thanksgiving Treat: an FTC Investigation
• Release Date: November 29, 2024
• Prepared by: Catalyn Kimpanu
• Read by: Claire Aird

1. Federal Trade Commission Launches Antitrust Probe into Microsoft

In the episode's leading story, Claire Aird reports that the U.S. Federal Trade Commission (FTC) has initiated a comprehensive antitrust investigation into Microsoft's business practices. The investigation encompasses various facets of Microsoft's operations, including its software licensing, cloud computing, cybersecurity, and AI business units. This move comes amid allegations from customers who claim that Microsoft is engaging in "locking them in and preventing them from moving to competitors" (00:04).

Aird highlights that this scrutiny mirrors previous actions within the industry, noting that "in September, Google filed an official antitrust complaint against Microsoft's cloud business in the EU" (00:04). This suggests a growing concern among regulators about the dominance of major tech companies and their impact on market competition.

2. Tor Project Seeks Support to Bypass Russian Censorship

The podcast discusses the Tor Project's urgent request for 200 new bridges by the end of December to help Russian users maintain access to the Tor network (00:04). These bridges, specifically those running the Web Tunnel protocol, are essential as they disguise Tor traffic as regular web browsing, making it more resistant to detection and censorship. Currently, the project operates 143 servers, and the additional bridges are critical to ensuring reliable and secure access for users in regions with stringent internet controls.

3. UK's Commitment to Cybersecurity Assistance for Allies

Claire Aird reports that the UK Government has announced plans to offer incident response assistance to allied nations facing cyberattacks, particularly those targeting critical infrastructure (00:04). This initiative was unveiled at a recent NATO cyber conference, where UK Minister for Intergovernmental Relations Pat McFadden emphasized the strategic importance of supporting allies amidst escalating cyber threats. McFadden stated, "The assistance is aimed specifically at countries dealing with attacks on critical infrastructure" (00:04), highlighting the UK's proactive stance in global cybersecurity collaboration.

4. India Implements New Cybersecurity Regulations for Telecoms

The Indian government has enacted stringent new cybersecurity rules for the telecommunications sector, mandating that telecom operators report cybersecurity incidents within six hours of detection, with comprehensive reports due within 24 hours (00:04). Additionally, these regulations require telcos to log traffic data and provide authorities with access during emergencies. However, the lack of specificity regarding the types of data to be logged and oversight mechanisms has raised concerns. Legal experts warn, "The new regulations may be abused for surveillance and may incur huge costs to telcos" (00:04), pointing to potential privacy issues and financial burdens on service providers.

5. FBI Probes Exxon Mobil Consultant in Hack and Leak Scheme

A significant segment covers the FBI's investigation into an Exxon Mobil consultant implicated in a hack and leak operation targeting climate change activists. According to Reuters, the consultant allegedly hired hackers to infiltrate groups such as Greenpeace, the Union of Concerned Scientists, the Rockefeller Family Fund, and Tom Steyer, a prominent environmentalist. The stolen data was reportedly shared with Exxon before being leaked online, allowing the company to portray itself as a victim of political vendettas amid rising climate change litigation.

6. T-Mobile Identifies Origin of Recent Cyberattack

T-Mobile has disclosed that a recent attempted hack of its telecommunications infrastructure originated from another provider's network (00:04). The company swiftly severed connectivity with the implicated provider upon detecting suspicious reconnaissance activity. T-Mobile's Chief Security Officer, Jeff Simon, stated, "No sensitive customer data was exposed in the attack, but we believe the provider may still be compromised" (00:04). Simon further suggested that the attack was likely orchestrated by the Chinese espionage group Salt Typhoon, known for targeting multiple U.S. telco providers, including AT&T and Verizon.

7. Zello Advises Early Users to Change Passwords

Zello, a push-to-talk app with 140 million registered users, has recently advised customers who created an account before November 2 to change their passwords (00:04). While the company has not publicly confirmed any security breaches, this precautionary measure is typically a response to potential data breaches or credential stuffing attacks. Users are encouraged to update their credentials to safeguard their accounts against unauthorized access.

8. Ransomware Attack Forces Hoboken, NJ to Shut Down Government Operations

The city of Hoboken, New Jersey, has experienced a severe ransomware attack, leading to the shutdown of government offices, including City Hall, local courthouses, and public sanitation services (00:04). Currently, no ransomware gang has claimed responsibility for the attack. The incident underscores the increasing threat of ransomware to municipal operations and the critical need for robust cybersecurity defenses within local governments.

9. US Fifth Circuit Overturns Sanctions on TornadoCash

In a landmark decision, the US Fifth Circuit Court of Appeals has overturned the US Treasury Department's sanctions on the cryptocurrency mixing service TornadoCash (00:04). The court ruled that the Treasury had overstepped its authority by sanctioning software rather than property. This decision sided with six cryptocurrency users who contended that only tangible assets could be sanctioned. Aird notes, "The court ruled that the US treasury can only sanction property and not software" (00:04). TornadoCash has been associated with large-scale cryptocurrency money laundering operations, including activities by drug cartels and state-sponsored hacking groups.

10. European Authorities Crack Down on Pirated Sports Streaming Platform

European law enforcement has successfully dismantled a significant sports streaming platform accused of copyright infringement (00:04). Authorities detained 11 suspects and seized over 100 domains linked to the platform, which reportedly broadcasted pirated streams from over 2,500 channels. The operation had amassed 22 million registered users and generated revenues of 250 million euros per month, highlighting the lucrative nature of online piracy and the ongoing efforts to combat it.

11. ESET Discovers First UEFI Bootkit Targeting Linux Systems

ESET researchers have identified what appears to be the first UEFI bootkit specifically designed to target Linux operating systems, named Bootkitty (00:04). Tailored for Ubuntu distributions, Bootkitty represents a sophisticated threat vector, although ESET reports no evidence of its deployment in real-world attacks: "Based on current evidence, the bootkit appears to be just a proof of concept" (00:04). This discovery underscores the evolving landscape of malware targeting diverse operating systems.

12. Emergence of Godloader Malware Strain Using Godot Engine

A new malware strain known as Godloader has been detected, infecting at least 170,000 systems (00:04). Unique in its approach, Godloader leverages the Godot game engine to generate cross-platform payloads, enabling it to infect various devices before deploying additional malware on compromised hosts. While most infections currently affect Windows devices, the malware's versatile nature poses a potential threat across multiple operating systems, necessitating heightened cybersecurity vigilance.

13. Research Highlights Risks of Emergency Vehicle Lights on Autonomous Driving Systems

Academic research presented in the podcast reveals that the flashing lights of emergency vehicles can disorient automated driving systems, potentially leading to car crashes (00:04). The study found that this effect is particularly pronounced at night, where distance to emergency vehicles and the self-driving car's camera settings exacerbate the disorientation. This behavior impacts both commercial and open-source advanced driver assistance systems, emphasizing the need for improved sensor technology and algorithms to ensure the safety of autonomous vehicles in emergency scenarios.

Conclusion: The episode of Risky Business News delves into a spectrum of critical cybersecurity issues, from high-profile antitrust investigations and international cyber assistance to emerging malware threats and vulnerabilities in autonomous systems. Host Claire Aird provides insightful commentary, supported by expert quotes and timely updates, making the episode a comprehensive resource for understanding the current cybersecurity landscape.

This summary is based on the transcript provided and aims to encapsulate the key discussions and insights shared in the podcast episode. For detailed information, listening to the full episode is recommended.