Risky Bulletin: Cl0p Returns - Episode Summary

Release Date: December 18, 2024

Introduction

In the latest episode of Risky Bulletin, hosted by risky.biz and presented by Catalyn Kimpanu, Claire Aird delivers an in-depth update on the state of cybersecurity as of December 18, 2024. This episode, titled "Cl0p Returns," covers a wide array of topics, including ransomware attacks, corporate cybersecurity maneuvers, legal actions, government investigations, and emerging threat landscapes. Below is a comprehensive summary capturing all the critical discussions, insights, and conclusions from the episode.

1. Ransomware Resurgence: The Return of Cl0p

At the outset [00:04], Claire Aird reports that the notorious Cl0p ransomware gang has resurfaced, taking credit for recent attacks on the Clio file transfer service. Initially, another group named Termite was suspected, but Cl0p has since claimed responsibility. Aird notes, “The Klopp ransomware gang has taken credit for the attacks against Clio file transfer service,” highlighting their tactic of deleting older victim data to accommodate new stolen information.

2. CISA’s Pre-Ransomware Notification Initiative

A significant portion of the episode delves into CISA’s Pre-Ransomware Notification Initiative. Claire states, “CISA has sent over 2,000 pre ransomware attack alerts this year,” emphasizing the agency's proactive approach in alerting U.S. organizations about potential ransomware threats. Launched in March 2023, the program leverages tips from the private sector to detect early ransomware activities, allowing victims to take preventive measures before data is compromised or encrypted. Nearly two-thirds of these notifications were issued within the current year, underscoring the increasing prevalence of ransomware threats.

3. Corporate Moves in the Cybersecurity Arena

a. Acquisition of Paragon Solutions by AE Industrial Partners

Claire highlights a major acquisition: “US private investment company AE Industrial Partners will acquire Israeli spyware maker Paragon Solutions for $900 million,” with half paid in cash and the remainder contingent on future profitability milestones. Paragon Solutions is recognized for its Graphite mobile spyware tool, indicating a strategic move to bolster AE Industrial Partners' portfolio in the spyware market.

b. BlackBerry’s Sale of Cylance to Arctic Wolf

In another significant corporate shift, BlackBerry has sold its Cylance security division to Arctic Wolf for $160 million in cash. Claire remarks, “BlackBerry has sold its Cylance security division... when it was trying to pivot from smartphones into cybersecurity,” highlighting the drastic decrease from the $1.4 billion acquisition cost in 2018. This sale reflects BlackBerry's strategic repositioning within the cybersecurity sector.

4. Legal Actions and Law Enforcement Efforts

a. Sentencing of Florent Curtail in France

Claire reports, “A French court has sentenced cybersecurity professional Florent Curtail to a two-year suspended prison sentence,” for his role as a negotiator for the Everest ransomware gang. Additionally, Curtail was fined €13,000 and barred from cybersecurity roles for five years. Notably, the court's decision was lenient compared to the five-year prison term prosecutors had initially sought.

b. Massive Arrests in Nigeria’s Cyber Scam Crackdown

In international law enforcement news, “Nigerian authorities arrested 792 suspects last week” during a raid on a seven-story cyber scam compound in Lagos. Among those detained were 148 Chinese nationals and 40 Filipinos. These suspects were identified as low-level operatives involved in romantic scams, where they engaged victims in fake relationships before defrauding them through fake investments in cryptocurrencies and other schemes.

5. Government Investigations and Policy Developments

a. EU’s Investigation into TikTok’s Election Interference

A pivotal segment covers the European Commission’s investigation into TikTok concerning election interference. Claire explains, “EU officials say the Chinese company failed to detect a foreign interference campaign that targeted Romania's presidential election last month.” This interference led Romania’s Supreme Court to annul the election round results, marking a first in EU history. The investigation will scrutinize TikTok's recommendation algorithms and its management of political advertisements. Simultaneously, TikTok is combating an anti-EU disinformation campaign attributing election cancellations to EU officials like Ursula von der Leyen.

b. US Commerce Department Targets China Telecom

In U.S. policy news, Claire states, “The US Commerce Department has issued a preliminary ruling that China Telecom's American division is a threat to national security.” This ruling is a precursor to a potential ban of the company’s operations in the U.S., as part of a broader response to the widespread compromise of American telco networks by Chinese hackers. China Telecom has been given 30 days to respond to this preliminary ruling.

6. Security Breaches and Data Exposure

a. Telekom Namibia Breached by Hunters International

Claire reports that “A ransomware gang has breached the network of Telekom Namibia, the country's largest telecommunications provider.” The group, identifying themselves as Hunters International, has threatened to publish nearly half a million stolen files, escalating the impact of the breach on Namibia’s largest telecom operator.

b. Meta Faces Multi-Jurisdictional Fines

The episode covers significant fines imposed on Meta for past security breaches. Claire details, “US social media company Meta has been fined twice for security breaches,” with specific penalties including a €251 million fine in Ireland for the 2018 Facebook "View As" feature bug exposing 29 million users’ data, and a $50 million fine in Australia related to its failure to detect the Cambridge Analytica scandal. These fines underscore the ongoing regulatory pressures on major tech firms regarding data protection.

7. Spyware Deployment and Surveillance Tactics

a. Serbian Security Service’s Use of Android Spyware

A concerning development involves the Serbian security service, with Claire noting, “The Serbian security service has allegedly deployed a novel piece of Android spyware to phones belonging to local journalists and dissidents.” According to Amnesty International, this spyware, NovaSpy, was installed using Cellebrite hacking tools, potentially exploiting a zero-day vulnerability in Qualcomm drivers. In response, Serbia’s BIA security service has dismissed Amnesty’s report as meaningless.

8. Emerging Threat Actor Campaigns

a. Malware Campaigns Targeting YouTube Creators

Claire highlights a sophisticated threat actor campaign targeting YouTube channel owners: “A threat actor is targeting popular YouTube channel owners with fake brand collaborations and sponsorships to infect them with malware.” This campaign aims to hijack YouTube channels and siphon off their profits, affecting over 200,000 content creators since July.

b. Hiatus RAT Botnet Exploits Vulnerabilities in Security Devices

The Hiatus RAT botnet continues its operations by exploiting outdated vulnerabilities in security cameras and video recording systems, particularly in Five Eyes countries. Claire mentions, “The Hiatus RAT botnet was discovered in 2022 and is believed to be a Chinese reconnaissance operation against Western networks,” targeting devices from brands like Dahua, Chiang Mai, and Hikvision since March.

9. Terminology in Cybersecurity Scams

a. Interpol’s Call to Change Scam Terminology

In closing, Claire relays Interpol’s recommendation to eliminate the term “peg butchering” when referring to online scams and their victims. She states, “Interpol wants people to stop using the term peg butchering to refer to online scams and their victims,” explaining that the term is stigmatising and dehumanising. Instead, Interpol suggests using “romance baiting” as a more respectful and accurate descriptor of such scams.

Conclusion

This episode of Risky Bulletin provides a thorough exploration of the current cybersecurity landscape, highlighting the persistent threats posed by ransomware gangs like Cl0p, the proactive measures by agencies like CISA, significant corporate movements within the cybersecurity market, and the ongoing legal and policy challenges faced globally. From large-scale breaches and sophisticated spyware deployments to regulatory fines and nuanced discussions on scam terminology, Claire Aird ensures that listeners are well-informed about the complexities and evolving nature of cybersecurity threats and defenses.

For those who missed the episode, this summary encapsulates the critical points and provides valuable insights into the multifaceted world of cybersecurity as of late 2024.