Risky Bulletin: Japan passes active cyber defense law - Risky Bulletin

Summary7 min read

Risky Bulletin: Japan Passes Active Cyber Defense Law
Hosted by Patrick Gray on Risky Business
Release Date: May 19, 2025

Introduction

In the latest episode of Risky Bulletin, host Patrick Gray delivers a comprehensive update on significant developments in the cybersecurity landscape. Filling in for Claire Aird, Gray navigates through a myriad of critical topics, ranging from legislative changes in Japan and the Netherlands to high-profile cyber incidents involving major corporations and government entities.

Japan's New Active Cyber Defense Law

One of the episode's focal points is Japan's groundbreaking legislation in the realm of cyber defense. Japan has enacted a new law empowering authorities to proactively disrupt imminent cyber attacks. Patrick Gray highlights the key facets of this law:

Preemptive Measures: "Japan has passed a new active cyber defense law that allows authorities to preemptively disrupt imminent cyber attacks," Gray explains ([00:04]).
Role of Police and Self-Defense Forces: The law designates police cyber units to handle immediate threats, while the Self-Defense Forces are mobilized for more sophisticated attacks.
Mandatory Reporting and Monitoring: Critical sector operators are now required to report breaches to the government. Additionally, the law grants the government the authority to monitor and analyze internet traffic traversing Japan.

This legislative move signifies Japan's commitment to bolstering its cyber defense mechanisms in response to the escalating threat landscape.

Netherlands Criminalizes Cyber Espionage

Shifting focus to Europe, the Netherlands has introduced stringent measures against cyber espionage:

Legal Ramifications: Under the new law, individuals engaged in cyber espionage for foreign governments face up to 12 years in prison.
Scope of the Law: Effective from last week, the legislation applies to both Dutch citizens and foreign nationals residing within the country.

Gray underscores the significance of this development by stating, "The Netherlands has passed a law criminalizing cyber espionage, marking a pivotal step in international cybersecurity enforcement." ([00:04])

Pentagon's Brief Pause on Offensive Cyber Operations Against Russia

In U.S. cybersecurity news, there has been a contentious revelation regarding the Pentagon's stance on cyber operations targeting Russia:

Temporary Cessation: Defense Secretary Pete Hegseth reportedly ordered a halt to offensive cyber operations against Russia in February, shortly after his appointment.
Contradictory Statements: Republican Congressman Don Bacon, chair of the House Armed Services Cyber Subcommittee, claims the pause lasted only one day. However, this assertion conflicts with Pentagon sources, which have denied issuing such an order.

Gray notes the uncertainty surrounding this issue, highlighting the conflicting narratives between military officials and congressional representatives.

British Telco O2's Data Leak Due to 4G Network Misconfiguration

A critical vulnerability has been uncovered within the UK's O2 telecommunications network:

Data Exposure: A misconfiguration in O2’s 4G network allows individuals who call an O2 subscriber via voice over LTE to access raw data, including IMEI and IMSI codes, along with cell tower details.
Potential Exploits: Mobile app developer David Wheatley points out that this data can be exploited to fingerprint devices and geolocate users based on their phone numbers.
O2's Response: Despite Wheatley reporting the issue, O2 has yet to respond, raising concerns about the company's security protocols.

Gray emphasizes the risks associated with such vulnerabilities, stating, "The misconfiguration means attackers can potentially fingerprint devices and pinpoint user locations, posing significant privacy threats." ([00:04])

Procolored's UV Printers Compromised with Malware

Cybersecurity vigilance is underscored by a recent incident involving Procolored’s UV printers:

Malware Bundling: These printers were shipped with bundled software containing a Remote Access Trojan (RAT) and a cryptocurrency clipboard stealer.
Discovery and Mitigation: The malicious software was identified by YouTube's Serial Hobbyism channel and security firm GData, prompting Procolored to remove the compromised software from their website.
Unclear Origins: The source and duration of the malware’s presence in the software remain unknown, though GData reports that malicious activity ceased in March of the previous year.

Gray comments on the incident, noting, "It's unclear how the malware was introduced, highlighting the importance of rigorous software supply chain security." ([00:04])

Cyber Attack on a Russian Hospital by Pro-Ukrainian Hacktivists

International cyber conflicts continue to pose threats to critical infrastructure:

Attack Details: The Licado clinic in Shuvashir, Russia, was targeted by the hacktivist group 4B 1D, resulting in the encryption of over 100 workstations and databases.
Claim of Responsibility: In a Telegram post, 4B 1D claimed responsibility, stating, "We wiped five servers and encrypted more than 100 workstations and databases." ([00:04])
Official Response: Russian authorities are investigating the hospital for inadequate IT security and failure to disclose the breach promptly.

Gray reflects on the implications, remarking, "This attack underscores the vulnerability of healthcare institutions to politically motivated cyber assaults." ([00:04])

UK’s NHS Appeals for Enhanced Cybersecurity from Suppliers

In response to rising ransomware attacks, the UK's National Health Service (NHS) is taking proactive measures:

Open Letter to Contractors: The NHS has urged hospital suppliers to bolster their cybersecurity defenses by:
- Keeping systems updated
- Deploying regular backups
- Implementing multi-factor authentication
- Enhancing monitoring and logging protocols
Context: This appeal comes after several UK hospitals experienced ransomware breaches via compromised suppliers.

Gray highlights the importance of supply chain security, stating, "Ensuring that all partners adhere to stringent cybersecurity practices is vital for protecting the healthcare sector." ([00:04])

Global Considerations on Social Media Restrictions for Children

The conversation extends to the intersection of cybersecurity and social policy:

Proposed Age Restrictions: Greece, France, Ireland, and Spain are advocating for an EU-wide ban on social media usage by children under 15.
International Precedents: Australia has already implemented a ban for children under 16, with New Zealand contemplating similar measures.

Gray notes the growing concern over the impact of social media on youth, emphasizing the need for coordinated policy efforts across nations.

Notable Cybercrime Cases and Sentences

The episode also delves into several high-profile cybercrime cases:

Alabama Man Sentenced for SEC Twitter Hack
- Eric Council Jr. received 14 months in prison for hijacking the SEC’s Twitter account through SIM swapping.
- His false announcement regarding Bitcoin ETFs caused a temporary spike in Bitcoin prices before the scam was exposed.
Australian Hacker David Key Crees Sentenced in the US
- Known as Dr.32, Crees admitted to hacking seven American organizations between 2020 and 2021.
- He was sentenced to time served after cooperation with authorities.
Cryptocurrency Theft by a US Gang
- Twelve individuals have been charged in connection with the theft of over $260 million in cryptocurrency.
- The operation, led by Malone Lam, primarily targeted a single victim, with most suspects arrested in California and two still at large in Dubai.

Gray underscores the severity and international scope of these cybercrimes, highlighting the challenges in prosecuting and extraditing offenders.

Volkswagen Addresses Mobile App Vulnerabilities

Concluding with corporate cybersecurity measures, Volkswagen has rectified multiple vulnerabilities in its mobile application:

Previous Risks: The app previously exposed sensitive information, including car ownership details, service history, and user location.
Discovery and Resolution: Security researcher Vishal Bhaskar identified the flaws, collaborating with Volkswagen to implement necessary fixes.

Gray remarks on the importance of proactive security assessments, stating, "Volkswagen's swift action to patch these vulnerabilities ensures the protection of their users' personal data and maintains trust in their services." ([00:04])

Conclusion

Patrick Gray's Risky Bulletin episode provides a thorough overview of recent and impactful events in the cybersecurity domain. From legislative advancements and corporate vulnerabilities to high-stakes cybercrime cases, the episode encapsulates the dynamic and ever-evolving nature of cybersecurity threats and responses. For those seeking to stay informed on critical cybersecurity updates, this bulletin serves as an indispensable resource.

Notable Quotes

“Japan has passed a new active cyber defense law that allows authorities to preemptively disrupt imminent cyber attacks.” — Patrick Gray ([00:04])
“The misconfiguration means attackers can potentially fingerprint devices and pinpoint user locations, posing significant privacy threats.” — Patrick Gray ([00:04])
“It's unclear how the malware was introduced, highlighting the importance of rigorous software supply chain security.” — Patrick Gray ([00:04])
“This attack underscores the vulnerability of healthcare institutions to politically motivated cyber assaults.” — Patrick Gray ([00:04])
“Ensuring that all partners adhere to stringent cybersecurity practices is vital for protecting the healthcare sector.” — Patrick Gray ([00:04])
“Volkswagen's swift action to patch these vulnerabilities ensures the protection of their users' personal data and maintains trust in their services.” — Patrick Gray ([00:04])

Additional Information

For more detailed insights and updates, listeners are encouraged to subscribe to Risky Bulletin and follow the Risky Business team. Stay informed and stay secure.

Loading summary

Transcript1 lines

[00:04]
Patrick Gray
Japan passes a new active cyber defense law Printer software gets shipped with malware, a UK telco leaks user data and geolocation via its 4G network and Volkswagen patches major bugs in its mobile app. This is the risky bulletin prepared by Catalyn Kimpanu and read by me, Patrick Gray, filling in for Claire Aird, who is under the weather and get well soon. Today is May 19th and this podcast episode is brought to you by Spectrops, the experts in attack path management Japan has passed a new law that would allow authorities to pre emptively disrupt imminent cyber attacks. Police cyber units will take the lead on neutralising looming attacks, with the country's Self Defence Forces called in for more sophisticated threats. The active cyber defence law also requires critical sector operators to report breaches to the government. It also permits the government to monitor and analyse Internet traffic passing through Japan. The Netherlands has passed a law criminalising cyber espionage. People carrying out cyber espionage for foreign governments could face up to 12 years in a Dutch prison under the new law. The new law came into effect last week and applies to Dutch citizens as well as foreign nationals in the country. The Pentagon's pause on offensive cyber operations targeting Russia apparently only lasted a day. Defence Secretary Pete Hegseth ordered US Cyber Command to cease operations against Russia in February, shortly after taking office. Republican Congressman Don Bacon, the chair of the House Armed Services Cyber Subcommittee, said the pause only lasted one day, but declined to provide further details. Bacon's statement contradicts the Pentagon, which denied that a pause order was given in the first place. British telco O2 is leaking sensitive customer data due to a misconfiguration in its 4G network. The misconfiguration means anyone who calls an O2 subscriber via voiceover LTE can see raw data about the other party, such as their IMEI and IMSI codes, as well as cell tower details. According to mobile app developer David Wheatley, the data can be used to fingerprint devices and geolocate O2 users by calling their phone numbers. Wheatley has disclosed the issue to O2, but it hasn't responded. UV printers from a company named Procolored have shipped with bundled software that contains a Remote access Trojan and a cryptocurrency clipboard stealer. ProColored removed the malicious software from its website after being notified by YouTube review channel Serial Hobbyism and security firm GData. It's unclear how the malware got there or how long it was in the software. GData said activity from the malware appears to have stopped in March last year. A Russian hospital has been offline for days following an attack by pro Ukrainian hacktivists. A new group calling itself 4B 1D has claimed credit for the attack on the Licado clinic in the Russian republic of Shuvashir. In a telegram post, the group said it wiped five servers and encrypted more than 100 workstations and databases. Local Russian officials said they would investigate the hospital for failing to secure its IT systems and for not disclosing the hack. The UK's NHS has urged hospital suppliers to help protect the healthcare sector against ransomware attacks by boosting their cybersecurity practices. In an open letter, the NHS asked contractors to keep their systems updated, deploy backups and multi factor authentication, and implement monitoring and logging. Several UK hospitals have suffered ransomware attacks after hackers breached their suppliers. At least four countries in the EU are considering a social media ban for children under the age of 15. Greece, France, Ireland and Spain are seeking support from other nations for a larger EU agreement. Australia banned social media for children under 16 last year and New Zealand is also considering a similar restriction. An Alabama man has been sentenced to 14 months in prison for hacking the US securities and Exchange Commission's Twitter account. Eric Council Jr used SIM swapping to take control of the SEC account in January last year. Once he had control of the account, he posted an announcement falsely claiming the SEC had approved Bitcoin exchange traded funds. The announcement caused the price of bitcoin to spike, but it fell again when the tweet was revealed to be fake. He was arrested a few months later. An American court has sentenced Australian hacker David Key Crees to time served for hacking several companies. Krise, also known as Dr.32, pleaded guilty earlier this year to hacking seven American organisations in 2020 and 2021. He was arrested in 2022 after selling data to an undercover agent. Kreees spent two years in prison while awaiting extradition. Twelve people have been charged in the US over the theft of more than $260 million in cryptocurrency. Ten suspects were detained in California, but two are still at large and believed to be in Dubai. All 12 suspects are allegedly part of a gang that helped ringleader Malone Lam steal the funds last year. Most of the stolen money was from a single victim. Lam was arrested in 2024. And finally, Volkswagen has fixed multiple vulnerabilities in its mobile app that could have allowed attackers to hijack car owners accounts and retrieve their personal data. The app exposed details about car ownership, service history and location. Security researcher Vishal Bhaskar discovered the issue last year and worked with the company to have them fixed. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Spectrops. Find them at Spectrops. I've been Patrick Gray. Thanks for your company.