The US scrutinizes Chinese telecoms. Indonesia’s national datacenter is hit with ransomware. RedJulliett targets organizations in Taiwan. Researchers can tell where you are going by how fast you get there. A previously dormant botnet targeting Redis servers becomes active. Thousands of customers may have had info compromised in an attack on Levi’s. A new industry alliance hopes to prevent memory-based cyberattacks. Guest Seeyew Mo, Assistant National Cyber Director, Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach with N2K President Simone Petrella. Assange agrees to a plea deal.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
On our Solution Spotlight, guest Seeyew Mo, Assistant National Cyber Director, Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach (and how it's not only about hiring) with N2K President Simone Petrella. Seeyew shares a progress report on the National Cyber Workforce and Education Strategy nearly one year out. For more information, you can visit the press release: National Cyber Director Encourages Adoption of Skill-Based Hiring to Connect Americans to Good-Paying Cyber Jobs. The progress report Seeyew and Simone discuss can be found here: National Cyber Workforce and Education Strategy: Initial Stages of Implementation.
Selected Reading
Exclusive: US probing China Telecom, China Mobile over internet, cloud risks (Reuters)
Indonesian government datacenter locked down in $8M ransomware rumble (The Register)
Taiwanese tech firms, universities, religious groups among targets in cyber-espionage campaign (The Record)
New security loophole allows spying on internet users' online activity (HelpNet Security)
P2PInfect botnet targets REdis servers with new ransomware module (Bleeping Computer)
Credential Stuffing Attack Hits 72,000 Levi’s Accounts (Infosecurity Magazine)
CHERI Backers Form Alliance to Promote Memory Safety Chip (GovInfo Security)
Julian Assange, WikiLeaks Founder, Agrees to Plead Guilty in Deal With U.S. (The New York Times)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices
(music) You're listening to the Cyberwire Network, powered by N2K. (music) (music) Identity architects and engineers simplify your identity management with Strata. Securely integrate non-standard apps with any IDP, apply modern MFA, and ensure seamless failover during outages. Strata helps you avoid app refactoring and reduces legacy tech debt, making your identity systems more robust and efficient. Strata does it better and at a better price. Experience stress-free identity management and join industry leaders in transforming their identity architecture with Strata. Visit strata.io/cyberwire, share your identity challenge, and get a free set of AirPods Pro. Revolutionize your identity infrastructure now. Visit strata.io/cyberwire and our thanks to Strata for being a longtime friend and supporter of this podcast. (music) (music) (music) (music) (music) The U.S. scrutinizes Chinese telecoms, Indonesia's National Data Center is hit with ransomware, red Juliet targets organizations in Taiwan. Researchers can tell where you're going by how fast you get there. A previously dormant botnet targeting reticent servers becomes active. Thousands of customers may have had info compromised in an attack on Levi's. A new industry alliance hopes to prevent memory-based cyber attacks. Our guests, CUMO, Assistant National Cyber Director and the Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach with N2K President Simone Petrela, and Assange agrees to a plea deal. (music) (music) (music) It's Tuesday, June 25, 2024. I'm Dave Vittner, and this is your CyberWire Intel Briefing. (music) (music) Thanks for joining us. It is great to have you with us. In an exclusive, Reuters reports that the Biden administration is investigating China Mobile, China Telecom, and China Unicom over concerns they could share American data with Beijing through their U.S. cloud and internet businesses. Despite being barred from providing telephone and retail internet service in the U.S., these companies still have a small presence, including cloud services and routing internet traffic, giving them access to American data. Neither the Chinese firms nor their U.S. lawyers commented, and the Justice Department and Commerce Department declined to comment, the Chinese embassy in Washington accused the U.S. of unjustly targeting Chinese companies. Reuters found no evidence of the firm's intentionally sharing sensitive U.S. data with the Chinese government. However, the investigation is part of a broader U.S. effort to prevent China from exploiting data access for national security risks. Regulators have not decided on actions, but might block transactions, limiting the firm's U.S. operations. China Mobile, China Telecom, and China Unicom have faced U.S. scrutiny for years. The FCC revoked their licenses due to national security concerns, citing instances of misrouting internet traffic through China. The company's points of presence in the U.S. internet infrastructure are also under scrutiny, as they could allow data manipulation. The Commerce Department is also probing their U.S. cloud services, fearing access to personal information and intellectual property could be compromised. A particular focus is on a China mobile-owned data center in Silicon Valley, raising concerns about potential data mishandling. Indonesia's National Data Center, operated by the Ministry of Communication and Information Technology, was hit by ransomware on June 20, disrupting several services. The attack impacted at least 210 institutions, including immigration services, which led to delays in processing visas, passports, and residence permits. The data center, known as the National Data Center, was compromised by a ransomware variant called Brain Cipher, identified as Lockbit 3.0. Local reports highlighted significant disruptions, including the shutdown of online student registration in some regions. President Zhoko Uidodo recently ordered a halt on developing new applications, including the shutdown of online student registration in some regions. Suspected Chinese state-sponsored hackers, identified as red juliet, have targeted numerous organizations in Taiwan, including universities, state agencies, and electronics manufacturers, according to cybersecurity research by recorded futures insect group. Red juliet, also known as flax typhoon, has been active since mid-2021 and was discovered by Microsoft last year. The group focuses on Taiwan's economic policies and diplomatic relations, targeting technology companies, aerospace firms, and religious organizations. Red juliet exploits internet-facing devices like firewalls and VPNs for initial access. Operating from Fuzhou, China, the group is expected to continue high-tempo cyber espionage activities focusing on Taiwanese technology and government sectors. Researchers anticipate ongoing reconnaissance and exploitation of public facing devices globally. Researchers at Gras University of Technology in Austria discovered a vulnerability they've named Snail Load, which allows spying on users' online activities by monitoring fluctuations in their internet speed. This attack does not require malicious code or intercepting data traffic and potentially could affect all end devices and internet connections. In a Snail Load attack, the victim's internet connection speed is monitored during interaction with a server, revealing patterns unique to specific websites or videos. Researchers achieved a 98% success rate in identifying online videos and 63% for basic websites, with higher success on slower connections. Closing this loophole is challenging, as it would require providers to randomly slow down internet connections, affecting time-critical applications. P2P, in fact, initially a dormant peer-to-peer malware botnet targeting Redis servers has become active, deploying ransomware and a crypto miner. Cato's security, monitoring the botnet, suggests it may function as a botnet for hire, first identified in July of 2023. P2P, in fact, exploits Redis vulnerabilities and spreads via a replication feature. By late 2023, it had increased breach attempts but remained inactive. In May 2024, a new variant began downloading ransomware, encrypting files and deploying a Monero miner. The ransomware targets various file types, while the miner uses all available processing power, sometimes hindering the ransomware. P2P, in fact, also employs a user mode rootkit to hide its activities. Its precise operational structure remains unclear, but it poses a significant threat to Redis servers. Clothing brand Levi's has revealed that tens of thousands of customer accounts may have been compromised in a credential stuffing attack. June 13, an unusual spike in website activity indicated that attackers were using credentials obtained from other breaches to access Levi's accounts. The main office of the Attorney General reported that just over 72,000 individuals were affected, Levi's forced a password reset for all impacted accounts the same day. Although no fraudulent purchases were made, attackers could view personal information like order history, names, emails, addresses, and partial payment details. Levi's advised users to reset passwords and check personal information accuracy to prevent future attacks. The Cherry Alliance has been formed to promote the adoption of capability hardware-enhanced risk instructions. That's Cherry, a project designed to prevent memory-based cyber attacks. The Alliance includes the University of Cambridge, capabilities limited, chipmaker Kodasip, the Free BSD Foundation, low-risk, and SCI semiconductor. Developed by researchers at the University of Cambridge with support from the UK and US governments, Cherry provides fine-grained memory protection and scalable software compartmentalization. The Alliance aims to overcome commercial adoption hurdles by developing standardization and compliance guidelines. Despite the cost of porting operating systems being a significant challenge, the Alliance seeks to coordinate businesses and adopters to deliver market value. Arm is conspicuously not part of the Alliance, although they have created demonstration motherboards using Cherry and say they may incorporate it into products if customers demand it. [music] Coming up after the break, our N2K President Simone Petrella speaks with C.U. Mo, Assistant National Cyber Director at the White House. Stay with us. [music] [music] Enterprises today are using hundreds of SaaS apps. Are you reaping their productivity and innovation benefits? Or are you lost in the sprawl? Enter SAVI Security. They help you surface every SaaS app, identity, and risk, so you can shine a light on shadow IT and risky identities. SAVI monitors your entire SaaS attack surface to help you efficiently eliminate toxic risk combinations and prevent attacks. So go on. Get SAVI about SaaS and harness the productivity benefits. Fuel innovation while closing security gaps. Visit SAVI.Security to learn more. [music] This episode is brought to you by Shopify. Forget the frustration of picking commerce platforms when you switch your business to Shopify. The global commerce platform that supercharges your selling, wherever you sell. With Shopify, you'll harness the same intuitive features, trusted apps, and powerful analytics used by the world's leading brands. Sign up today for your $1 per month trial period at Shopify.com/tech. I'll lowercase. That's Shopify.com/tech. [music] CUMO is Assistant National Cyber Director at the Office of the National Cyber Director at the White House. Our own N2K President Simone Petrella recently caught up with CUMO. Here's their conversation. I am so thrilled to have CUMO from the White House here today. And for context for everyone listening in July of 2023, so just about last year this time, ONCD, the Office of the National Cyber Director, put out the National Cyber Workforce and Education Strategy. So, CUMO to kick things off, we're about a year in. How are we doing on progress on the strategy? I really appreciate the Office of the Unity to kind of talk about what we're trying to do here at the White House and several workforce in education. And you are right. Time flies. I mean, the strategy has been out for almost a year, not quite. And we are really excited to kind of give like a progress report about what we're doing, how we're doing. But I can't stress enough that, you know, I say this all the time. I want it to be a repeating again is that the White House Office of National Cyber Director ONCD is not the first office that is trying to solve the cyber work for the education issue. A lot of people have been doing a lot of good work throughout the years. So, you know, I just want to suggest that, you know, we're not the only ones and we're not doing this alone. It's just always good to start on by acknowledging all the good things done and then talk about how we can collectively move everything forward together. Yeah, I think one of the things that I love to sort of kick off on is that there is, you know, a progress report that you are all looking to release here in the coming days. Can you tell us a little bit about what we can expect to see as that report becomes public? Yes, yeah, for sure. The report essentially reaffirms that the foundation of solving the national cyber workforce and education issue is sort of like all of us. You know, we are talking about what we are doing as part of the national cyber workforce and education strategy, which I will call the mouthful, which I will call the strategy from now on. So, what the strategy is prescribing is that, you know, there are three broad issues in what we're facing today, right? None of Americans are considering a career in cyber or cyber security. They either don't see someone like them in the field, or they don't know anyone who are in the field, or they always assume that it's a narrow and technical role, like, you know, there's the old cliché of like the guy in the hoodie, you know, having a defending in the dark room kind of thing, right. So that's one issue. And the second issue is training and education opportunities have not been able to keep up with the demand, right, so the second issue. And the third issue is the idea that we don't have enough locally driven collaboration to connect people to jobs, connect people to training, or provide around wrap around services so that the workers can get the support that they need to actually pursue a cyber career. So what you will see in this report is feel like a narrative on some of the progress that we have made on all these three areas, right. I can go into the more detail later on, but just to sort of like frame the conversation here is that, you know, from the federal government standpoint. ONCD is coordinating with 34 other federal agencies so that we are all doing this collectively. And then we are also working with non federal government organizations right like kind of sector employers, academia, state, local, and territorial governments to actually, you know, move the ball for together. And we have commitments from over 100 organizations. So, you know, I can go to a little bit more detail, but what books should I like to see is some progress on those three areas. And then a narrative on what are some of the priorities that we have in the future in regarding to those three areas. Yeah. One of the things and see, you know, you know, this is very near and dear to my heart, but from the spring, there's been a lot of releases coming out of the White House and then subsequent reporting on the emphasis on a skills based approach for employers, but also the federal government. I was hoping, you know, you could sort of provide a bit of explanation and clarification on what does it mean to do a skills based approach in cyber. And what does that mean from an ONCD perspective. Sure. Yeah, I think many of us always relate skill based approach to only skills based hiring. Right. I think I want to kind of call the staff to this and say, hey, it's actually more than hiring, but oftentimes the work starts at hiring. Right, because when we think about skill based approaches, we have to think about the skills that necessarily do a particular job which allows itself to changes and updates in a job description. The reality is a lot of Americans have certain skills and they have acquired either from a job or from a training, but it might not have an official certification or degree. So when you focus on skills, what we're doing is that we are making sure that we are not, we are removing and lowering the barriers. Right. And so that allows us to actually build the best team possible to achieve the mission that we want. And it makes a lot of sense because, you know, if you don't have that understanding of your requirements to begin with, how do you actually start the process, continue the process like you can't implement it for anyone without doing that sort of foundational workload. That's right. So when we think about skills in the approach, it has to stop on very top right from a strategic level about what are the skills that we need to accomplish the mission. So that we believe gives you a more flexible way of thinking about talent and the pipeline. We're not going to get there right away. Right. And I think, you know, and I totally understand it as you're trying to promote skill based approaches all across the country. I guess that the federal government has to lead by example. And if you know tomorrow, like making changes in federal government is difficult, but there are areas when we kind of get a lot of people together and that's why we, you know, worked with Office of Personnel Management and Office of Management and Budget OMB and our 34 other federal agencies, there's a way for us to sort of get going right, get as much of the processes converted to skill based approach. And that's what we are now in April of this year at the White House convening for good pain. Meaningful jobs in cyber is, let's take one occupation series in the federal government. So this is like the broad categories of jobs that affects a lot of cyber workers. And we found that about 60% all of the more than 60% of cyber workers in the federal government is covered under the 22 10 information technology management series. So what we have decided collectively is the administration will modernize right the 22 10 occupation theories into skill based approaches right. So that means, you know, we're going to try to go as far as we can, right, starting from minimum qualifications right looking at roles and all these different things. I don't want to sort of prejudge the actual outcome, but to know that, you know, it's more and the hiring is the whole approach itself and the staffers are currently working really hard because you have a deadline to getting this done by the summer of 2025. I hope we return on that a lot of best practices. Okay, I'm just talking to the interagency. We are talking to interagency agencies are to try to set us up. Given the deadline that's coming up for summer of 2025, you know, just to maybe dispel any concerns that anyone listening would have that obviously sounds like a big deadline. But like what's the volume of job descriptions that we're talking about here just because I want to kind of be able to make clear to an audience that it might not necessarily take you a year, even though the federal government for, you know, 100,000 occupation series, you know, position. What I will point out is a lot of this work ongoing. Right. And this is just like the culmination of it. When you're making policy changes like that, we have to remember this is, you know, people's likelihood. We want to do it right. We don't want to rush. We don't want to rush it. And I want to make sure that we follow the processes that we have in place. The 22 10 exists in a lot of different departments and agencies. So, you know, we want to make sure that everyone's equity is represented here. I think the signal that we're sending right like a takeaway here is, if an organization as large as the federal government is willing to do this. I think you like all of us organizations pick a small all across the country not just in Washington DC or the tech capital around the country. My hope is everyone that comes together to really look at how they can take advantage of the benefits of skill based approaches can provide right think about the business objectives that you have the mission the organization is trying to deliver. Think about the skills that you need as you come up with a workforce strategy like a talent plan to have. And then, so I think about how you can kind of create a pipeline set up. So like the, the workforce mixture that you need like not everyone has, you know, not everyone has to have, you know, not everyone has to be the most senior or technical person. They might be like, you know, a mix of combination of like some senior and two level right so I feel like when you start thinking about skills in that sense, that opens up how you think about your workforce. And then in turn change how you'll go about recruiting and retention, reskilling and upskilling that's like the key thing here that we're trying to push for it. Yes, it's more than just about removing a degree requirement. I happen to believe that. Extremely helpful. This is more about how can we take a more agile approach in thinking about skills and talent and a workforce. And if the benefit is it opens up pathways for more folks who might not have the right technical degree, you know, like, small, you and I, you know, with seeing some of these famous or popular cyber people. They are like philosophy majors or like, if you think about like, hey, we need, you know, he has to agree only, then you kind of miss out on all these other talent right. I think that's, that's what we're pushing for. Yeah, I mean, I just want to like emphasize what you said right at the beginning. I think the takeaway is if the federal government can embark and sort of lead truly by example as the largest employer in the United States, then we should be able to do it in our own organizations to. And, and take that step and invest in it. Well, see, thank you so much for sharing updates on where things are with ONCD and the progress of the strategy, exciting things to come. That's CUMO assistant national cyber director in the office of the national cyber director at the White House, speaking with our N2K president Simone Petrella. Quick question, do your end users always work on company-owned devices and IT-approved apps? If the answer is no, then my next question is, how do you keep company data safe on all those unmanaged apps and devices? One password has an answer to this question, extended access management. One password, extended access management helps you secure every sign-in for every app on every device because it solves the problem traditional IAM and MDM can't touch. Check it out at 1password.com/xam. That's 1password.com/xam. This episode is brought to you by Experian. Are you paying for subscriptions you don't use but can't find the time or energy to cancel them? Experian could cancel unwanted subscriptions for you, saving you an average of $270 per year. And plenty of time. Download the Experian app. Results will vary, not all subscriptions are eligible, savings are not guaranteed, paid membership with connected payment account required. And finally, Julian Assange, founder of WikiLeaks, agreed to plead guilty to one felony of illegally obtaining and disclosing national security material, securing his release from a British prison. But plea part of a deal means Assange, now age 52, will be sentenced to time served about five years. He will appear in a remote federal court in Saipan before returning to Australia. Assange's extradition fight has been a saga with his supporters claiming his actions were in the public interest. Meanwhile, US officials argue he endangered lives and national security. After years in Belmarsh Prison, his release will mark the end of this particular chapter. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing at thecyberwire.com. We'd love to know what you think of this podcast. You can email us at cyberwire@n2k.com. Your feedback helps us ensure we're delivering the information and insights that help keep you a step ahead in the rapidly changing world of cyber security. We're privileged that N2K and podcasts like the Cyberwire are part of the daily intelligence routine of many of the most influential leaders and operators in the public and private sector, as well as the critical security team supporting the Fortune 500 and many of the world's preeminent intelligence and law enforcement agencies. N2K's strategic workforce intelligence optimizes the value of your biggest investment, your people. We make you smarter about your team while making your team smarter. Learn more at N2K.com. This episode was produced by Liz Stokes, our mixer is trained Hester with original music by Elliott Peltzman. Our executive producers are Jennifer Ivan and Brandon Karp. Our executive editor is Peter Kilpey and I'm Dave Bittner. Thanks for listening. We'll see you back here, tomorrow. [Music] [Music] (gentle music)
