TeamViewer tackles APT29 intrusion. Microsoft widens email breach alerts. Uncovering a malware epidemic. Google's distrust on Entrust. Safeguarding critical systems. FTC vs. MGM. Don’t forget to backup your data. Polyfill's accidental exposé. Our guest is Caitlyn Shim, Director of AWS Cloud Governance, and she recently joined N2K’s Rick Howard at AWS re:Inforce event. They're discussing cloud governance, the growth and development of AWS, and diversity. And a telecom titan becomes telecom terror.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Guest Caitlyn Shim, Director of AWS Cloud Governance, joined N2K’s Rick Howard at AWS re:Inforce event recently in Philadelphia, PA. They spoke about cloud governance, the growth and development of AWS, and diversity. Caitlyn was part of the Women of Amazon Security Panel at the event. You can read more about Caitlyn and her colleagues as they discuss their diverse paths into security and offer advice for those looking to enter the field here.
Selected Reading
TeamViewer investigating intrusion of corporate IT environment (The Record)
Microsoft reveals further emails compromised by Russian hack (Engadget)
Chicago Children's Hospital Says 791,000 Impacted by Ransomware Attack (SecurityWeek)
Unfurling Hemlock: New threat group uses cluster bomb campaign to distribute malware (Outpost 24)
Google to block sites using Entrust certificates in bombshell move (The Stack)
US House Subcommittee examines critical infrastructure vulnerabilities, role of cyber insurance in resilience efforts (Industrial Cyber)
FTC Defends Investigation Into Cyberattack on MGM as Casino Giant Seeks to Block Probe (The National Law Journal)
This is why you need backups: A cyber attack on an Indonesian data center caused havoc for public services – and its forcing a national rethink on data security (ITPro)
Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator (Bleeping Computer)
ISP Sends Malware to Thousands of Customers to Stop Using File-Sharing Services (Cybersecurity News)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices
[MUSIC] >> You're listening to the CyberWire Network, powered by N2K. [MUSIC] >> Quick question. Do your end users always work on company-owned devices and IT-approved apps? If the answer is no, then my next question is, how do you keep company data safe on all those unmanaged apps and devices? >> One password has an answer to this question, extended access management. One password, extended access management, helps you secure every sign-in for every app on every device, because it solves the problem traditional IAM and MDM can't touch. Check it out at onepassword.com/xam. That's onepassword.com/xam. [MUSIC] >> Team Viewer tackles APT-29 intrusion, Microsoft whitens e-mail breach alerts, uncovering a malware epidemic, Google's distrust on end trust, safeguarding critical systems, FTC versus MGM. Don't forget to back up your data. Polyfeels accidental expose. Our guest is Caitlin Schim, director of AWS Cloud Governance, and she joins Rick Howard at the AWS Reinforce Event. They're discussing Cloud Governance, the growth and development of AWS and diversity, and a telecom titan becomes a telecom terror. [MUSIC] >> Today is Friday, June 28th, 2024. This is not Dave Bittner, but Trey Hester filling in for Dave Bittner, and this is your cyberwire Intel briefing. [MUSIC] Remote Access Software Provider Team Viewer is investigating a breach of its internal corporate IT environment, the record reports. The company said in an update this morning quote, "Current findings of the investigation point to an attack on Wednesday, June 26, tied to credentials of a standard employee account within our corporate IT environment. Based on continuous security monitoring, our teams identified suspicious behavior of this account and immediately put incident response measures into action. Together with our internal incident response support, we currently attribute this activity to a threat actor known as APT-29, also known as Midnight Blizzard. Based on current findings of the investigation, the attack was contained within the corporate IT environment, and there is no evidence that the threat actor gained access to our product environment or customer data." The Health Information Sharing and Analysis Center issued a threat bulletin yesterday alerting the health sector to active cyber threats exploiting Team Viewer. The record also notes that cybersecurity firm NCC Group notified its customers that it has been made aware of significant compromise of its Team Viewer Remote access and support platform by an APT group. Microsoft is notifying additional customers whose email correspondence with Microsoft was accessed by the Russian threat actor Midnight Blizzard according to Engadget. The number of those affected was not disclosed. Microsoft stated quote, "This week we are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor and we are providing the customers the email correspondence that was accessed by this actor. This has increased detail for customers who have already been notified and also includes new notifications." End quote. In a follow-up to a story we've followed over the past few months, Security Week reports that the Anne and Robert H. Lurie Children's Hospital of Chicago is notifying 791,000 people that their personal and medical information was accessed during a January ransomware attack. The hospital said in a breach notification that it refused to pay the ransom and the RICEDA ransomware group subsequently marked the stolen data dump as sold on its website. Security Week says the breached information includes names, addresses, dates of birth, dates of service, driver's license numbers, social security numbers, email addresses, phone numbers, health claims information, medical condition or diagnosis, medical record number, medical treatment, and prescription information. Outpost24 has published a report on a malware distribution campaign that's spreading hundreds of thousands of malware samples, infecting each victim with up to 10 of them at the same time. The campaign is run by a suspected criminal group based in Eastern Europe, which is likely providing the distribution operation as a service for numerous malware operators. The researchers believe the threat actor is paid per infection and is attempting to spread as much malware as possible to as many victims as possible. The malware is distributed via phishing emails and malware loaders. Once the file is executed on the machine, it unfurls by installing up to 10 strains of information stealing malware. Google has announced that Chrome will no longer trust digital certificates issued by Intrust, a major certificate authority. The decision follows multiple compliance violations by Intrust, which have eroded confidence in its competence and reliability. The move will impact numerous organizations, including major banks and corporations, starting November 1, 2024. Google recommends affected entities transition to a new CA. Despite Intrust's recent efforts to address these issues, the response has been deemed insufficient. The company has urged to demonstrate significant improvements to regain trust. The US Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection held a hearing to address vulnerabilities in critical infrastructure and the role of cyberinsurance in enhancing resilience. Key witnesses emphasize the importance of cyberinsurance in recovery and risk mitigation, highlighting its potential to support both private and federal responses to cyber threats. The discussion underscored the necessity of proactive planning, clearer coverage standards, and enhanced public-private collaboration to protect critical infrastructure from evolving cyber threats. The Federal Trade Commission is pushing back against MGM Resorts International's efforts to block its investigation into a significant cyber attack that occurred last September. The breach compromised the personal information of 1.5 million guests and disrupted MGM's operations for over a week. MGM has been resisting the FTC's investigative demands, leading the FTC to seek a court order to enforce compliance. The FTC's stance underscores the importance of regulatory oversight in addressing cybersecurity breaches and ensuring accountability to protect consumer data. A recent cyber attack on an Indonesian data center severely disrupted public services, including airport, immigration systems, and exposed significant shortcomings in data backup practices. With 98% of the government's data not backed up, the incident has prompted a national audit to improve cyber resilience and data security. Officials blame poor governance and budget constraints for the lack of backups. The breach highlights the critical need for robust backup strategies and proactive data protection to prevent similar disruptions in the future. Come on, people. Back up the data. Continuing our coverage of a story we are following this week, a large-scale supply chain attack on multiple content delivery networks, including polyfill.io, boot CDN, boot CSS, and static file has been traced to a single operator. Researchers discovered exposed cloud flare keys in a public GitHub repository, which linked the attack to a common entity. The breach affected tens of millions of websites, highlighting severe vulnerabilities in the supply chain. The attack is likely to have been ongoing since June of 2023. Coming up after the break, we've got N2K's Rick Howard, talking with guest Caitlyn Schum, AWS's Director of AWS Cloud Governance. Rick recently caught up with her at AWS's Reinforce Event. They spoke about cloud governance, the growth and development of AWS, and diversity. Stay with us. [MUSIC] Enterprises today are using hundreds of SaaS apps. Are you reaping their productivity and innovation benefits? Or are you lost in the sprawl? Enter savvy security. They help you surface every SaaS app, identity, and risk, so you can shine a light on shadow IT and risky identities. Savvy monitors your entire SaaS attack surface to help you efficiently eliminate toxic risk combinations and prevent attacks. So go on. Get savvy about SaaS and harness the productivity benefits. Fuel innovation while closing security gaps. Visit savvy.security to learn more. [MUSIC] [MUSIC] The IT world used to be simpler. You only had to secure and manage environments that you controlled. Then came new technologies and new ways to work. Now, employees, apps, and networks are everywhere. This means poor visibility, security gaps, and added risk. That's why CloudFlare created the first-ever connectivity cloud. Visit cloudflare.com to protect your business everywhere you do business. [MUSIC] AWS is a media partner here in IntuK Cyberwire. In June of 2024, Brandon Karp, our VP of Programming, Jen Ivan, our Executive Producer, and I traveled to the great city of Philadelphia to attend the 2024 AWS Reinforced Security Conference. And I got to sit down with Katelyn Shim, the GM of AWS Cloud Governance. Of course, one of the conference themes is trying to understand the impact of machine learning and generative AI in the cloud security space. Katelyn was quick to point out that just because a new technology comes down to road and it appears all shiny and new, it doesn't mean that infosec leaders need to change their strategies, their first principles. She calls it your strong security governance foundation. I think over the course of my career, I've been honored to see a whole bunch of new technologies come up. Yeah. And so one thing we've learned from that experience is that it's really, really important to have a strong security and governance foundation. And if you have that foundation, it helps protect you for whatever may happen. Gen AI is the one that we're very excited about and you're hearing a lot about this week, but there'll be something else tomorrow. Gen AI will be old hat and we'll be really excited about something else next. And that's really where you really want to make sure you have that fence and that perimeter around your environment to make sure that it's set up correct. In some ways, like AI and ML for Amazon is well hat. We've been working in this for over 25 years. So I think it's what people forget, machine learning algorithms have been around for a long time. Yes, exactly. It's just got popular in the last couple years. Exactly. And so learning how to be secure and well governed with all of that is we have a lot of experience to bring to the table with that. So I just find out that you were one of the almost one of the original employees around AWS in 2006, right? When it all started, right? That's when we launched AWS as a product, right? So you were there at the ground floor? I was on the team that launched AWS CloudWatch, which was my memory, certainly right. Something like the fifth AWS service that launched. So I won't call myself one of the originals. I won't compete with pure DeSantis on launching EC2 or anything like that. I would totally claim that. Okay. So yeah, it's been fun watching AWS grow up with years. So tell me about that. What's the difference between young AWS and modern AWS these days? And some ways a lot of things aren't different, right? Security has been critical to Amazon since before AWS. Security is how we keep our customer trust. It's how we keep customers being loaned. We give us our credit card for Amazon.com. AWS came from a lot of those lessons that we've learned as a company even before AWS existed. I think the big thing has been scale, right, more and more customers have chosen AWS. They've moved our workloads to AWS and they pick us because we offer a wide variety of services and we're the most secure cloud provider. So your experience and you're passionate about diversity in the workplace. You're a successful woman at AWS in a world dominated by mostly white guys, right? So you've seen it from the beginning. Can you give us a sense of what it's like these days, working as a woman in a male dominated world? I can say that I've seen a number of women come up right now and I'm in the cloud governance and identity team. And I have two other female peers at my level, which is amazing. And I think in the world where we see the importance of diversity of thought. AWS and Amazon are very encouraging of making sure that we do think they bring in many different perspectives. Women, many different things that we look for, not just gender. And I lost your chance on your question. Sorry. Let me rephrase it then, right? We've known about diversity inclusion issues in the cyber security space for a decade, let's say. We all, all of us tried to do things to make it better, right? And it has gotten a little bit better, but it hasn't been a resounding success in any way. I don't think, right? Do you agree with that or? I've seen it get better for sure. Yeah. But I, there's still work to do for sure. Is there anything you can point to that here's things that works and here's things that don't work. It's a good question, making sure that diverse perspectives are brought in is, is always super important. For our success of our products, it means that the people working on them need to reflect our customers. And every customer needs to be secure, not just people who look like one particular profile. And I think this also the Amazon, there's a lot of systems at Amazon that I think really do help with that as well. Our whole working backwards process means that we are, start with the customer, what they need, write down the data for what they need and make decisions, not based on a PowerPoint presentation, but based on what we think is truly the best customer experience. Personally for me, I found that being super helpful to make sure my voice is heard. I can put the data down, we read it, we evaluate it, and we have a discussion about what's right for the customer, not just the loudest person in the room. When I first started thinking about diversity inclusion issues, there was really two pieces, right? It was an awareness piece where we did a lot of, you guys should know that there's a problem that we need to try to fix. And then there was a second piece where we actually tried to do stuff to make it better. I know in the early days, we did a lot of awareness things and didn't do a lot of fixing kinds of things. Is that still the current situation? I think it's a balance. It's a balance. I mean, awareness alone, and there have been some studies recently, that awareness alone can sometimes hurt, not help. So you need those mechanisms in place. You need to check, you need to think about how are we making sure that we're not just catering our business environment, our meetings, our processes around one type of personality? If someone's quieter, how do we make sure that their voice is recognized? If someone doesn't speak very loudly, how do we make sure that we're seeing their opinion, things like that? Well, I've always said this is not a woman's problem. It's a men's problem, right? Men have to do what you're describing, right? They have to see that there's this talented person in the corner who's kind of quiet and bring them out. You know, they have to do that, right, or we're never going to get there. Yeah, it's everyone, right? And I've been honored to work for a number of leaders who have been very, very explicit about recognizing when they're someone who has good ideas that may not be highlighted, and they explicitly call them out. And certainly when I was junior in my career, I had a boss who'd either slack me or explicitly call me out like, "Katelyn, what do you think here?" Yeah, exactly. That's what we need, right? Yeah. At the conference, at the AWS Reinforce Conference, you're on a panel that discussed women's issues. Is there a main theme from that that you're going to tell everybody? I think that biggest theme is encouraging women to focus on security. It is one of the industries, or one of the ends of computer science we don't see as many women. And security touches every possible industry. There's not much you can do where you don't care about security and tech. And so it's really talking about how, first of all, encouraging women to focus on security, think about security. And what I really want the audience to take away is that it's a really advantage to you to focus on that and learn it because it's a transferable skill. If you're in healthcare, if you're in cloud providing, if you end up working on devices, everyone needs to care about security. So it's not just a thing you could do. It's a thing that might sustain you forever or anywhere you might go. All right, so don't be afraid of it. Exactly. That's excellent. I think that's a great place to lead this. Well, thank you for coming in and tell us about this. We really appreciate it. Thank you. Yeah. That was Caitlin Schim, the GM of AWS Cloud Governance. [MUSIC] And now a message from Black Cloak. What's the easiest way for threat actors to bypass your company's cyber defenses? Targeting your executives at home. That's because 87% of executives use personal devices to conduct business, often with zero security measures in place. Once execs leave your organization's secure network, they become easy targets for hijacking, credential theft, and reputational harm. Close the at-home security gap with Black Cloak Concierge Cybersecurity and Privacy, award-winning 24/7 365 protection for executives and their families. Learn more at blackcloak.io. [MUSIC] Ryan Reynolds here for, I guess, my hundredth mint commercial. No, no, no, no, no, no, no, no, no, no, no, no, no, no. Honestly, when I started this, I thought only I had to do like four of these. I mean, it's unlimited premium wireless for $15 a month. How are there still people paying two or three times that much? I'm sorry, I shouldn't be victim blaming here. Give it a try at midmobile.com/save, whenever you're ready. $45 up from payment equivalent to $15 per month. New customers on first three-month plan only. Taxes and fees extra. Speed slower above 40 gigabytes of city details. [MUSIC] And finally, we dive into a cyber scandal straight out of a dystopian thriller, but with a distinctly real-world twist. JTBC, a leading Korean news outlet, has blown the whistle on PT Corporation, one of South Korea's largest telecom providers for deliberately infecting over 600,000 users with malware to deter them from using torrent services. In May of 2020, Webhard, a Korean cloud service reliant on BitTorrent, started drowning in user complaints about bizarre system errors. As it turned out, KT Corporation had decided to moonlight as a digital vigilante. Their malware operation, straight from their data center south of Seoul, wreaked havoc. Users saw strange folders appearing, files vanishing, and in severe cases, entire PCs rendered useless. The police traced the malware back to KT's data center and have charged 13 individuals, including KT employees and subcontractors, with violating South Korea's Protection of Communications Secrets Act and the Information and Communications Network Act. The investigation is ongoing, and more heads might roll as authorities dig deeper. So next time your computer acts up, remember, it might not be a bug. It may just be your friendly neighborhood telecom company trying to teach you a lesson. And that's The Cyberwire. For links to all today's stories, check out our daily briefing at TheCyberwire.com. Be sure to check out Research Saturday tomorrow, where Dave sits down with Ismail Valenzuela, Vice President of Threat Research and Intelligence, from the Blackberry Threat Research and Intelligence team to discuss their work on transparent tribe targeting the Indian government, defense, and aerospace sectors and leveraging cross-platform programming languages. That's Research Saturday, check it out. We'd love to note you think of this podcast. Your feedback ensures that we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes, or send an email to cyberwire@n2k.com. Our privilege at N2K Cyberwire is part of a daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent agencies. N2K makes it easy for companies to optimize your biggest investment for people. We make you smarter about your team while making your team smarter. Learn how at N2K.com. This episode was produced by Liz Stokes, our mixer is me, with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ivan. Our executive editor is Braden Karp. Simone Petrella is our president, Peter Kilpe as our publisher, and I'm Trey Hester, filling in for Dave Bittner. Thanks for listening. We'll see you back here next week. [Music] Identity architects and engineers simplify your identity management with Strata. Securely integrate non-standard apps with any IDP, apply modern MFA and ensure seamless failover during outages. Strata helps you avoid app refactoring and reduces legacy tech debt, making your identity systems more robust and efficient. Strata does it better and at a better price. Experience stress-free identity management and join industry leaders in transforming their identity architecture with Strata. Visit strata.io/cyberwire, share your identity challenge and get a free set of AirPods Pro. Revolutionize your identity infrastructure now. Visit strata.io/cyberwire and our thanks to Strata for being a longtime friend and supporter of this podcast. [Music] (gentle music)
