Black Hat kicks off with reassurances from global cyber allies. Researchers highlight vulnerabilities in car head units, AWS and 5G basebands. Alleged dark web forum leaders are charged in federal court. Tens of thousands of ICS devices are vulnerable to weak automation protocols. Kimsuky targets universities for espionage. Ransomware claims the life of a calf and its mother. A look at job risk in the face of AI. In our Threat Vector segment, host David Moulton speaks with Nir Zuk, Founder and CTO of Palo Alto Networks, about the future of cybersecurity. An alleged cybercrime rapper sees his Benjamins seized.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
Threat Vector Segment
In this Threat Vector segment, host David Moulton, Unit 42 Director of Thought Leadership, converses with Nir Zuk, Founder and CTO of Palo Alto Networks, about the future of cybersecurity. They discuss the pressing challenges organizations face today and the pivotal shift from traditional defense strategies to a mindset that assumes breaches. To listen to their full conversation, check out the episode here. You can catch new episodes of Threat Vector every Thursday on the N2K CyberWire network.
Selected Reading
US elections have never been more secure, says CISA chief (The Register)
Black Hat USA 2024: vehicle head unit can spy on you, researchers reveal (Cybernews)
AWS Patches Vulnerabilities Potentially Allowing Account Takeovers (SecurityWeek)
Hackers could spy on cell phone users by abusing 5G baseband flaws, researchers say (TechCrunch)
Exclusive: Massive Criminal Online Platform Disrupted (Court Watch)
Web-Connected Industrial Control Systems Vulnerable to Attack (Security Boulevard)
North Korea Kimsuky Launch Phishing Attacks on Universities (Infosecurity Magazine)
Swiss cow and calf dead after ransomware attack on milking robot (Cybernews)
AI Will Displace American Workers—When, How, and To What Extent Is Less Certain (Lawfare)
Cybercrime Rapper Sues Bank over Fraud Investigation (Krebs on Security)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices
You're listening to the Cyberwire Network, powered by N2K. Ryan Reynolds here from Mint Mobile. With the price of just about everything going up during inflation, we thought we'd bring our prices down. So to help us, we brought in a reverse auctioneer, which is apparently a thing. Mint Mobile unlimited, premium wireless! Have it to get 30, 30, but to get 20, 20, 20, but to get 20, 20, but to get 15, 15, 15, 15, just 15 bucks a month, so... Give it a try at mintmobile.com/switch. $45 up front for three months plus taxes and fees, promote for new customers for limited time, unlimited more than 40 gigabytes per month. Close, full turns at Mint Mobile.com. Identity architects and engineers simplify your identity management with Strata. Securely integrate non-standard apps with any IDP, apply modern MFA, and ensure seamless failover during outages. Strata helps you avoid app refactoring and reduces legacy tech debt, making your identity systems more robust and efficient. Strata does it better and at a better price. Experience stress-free identity management and join industry leaders in transforming their identity architecture with Strata. Visit strata.io/cyberwire, share your identity challenge, and get a free set of AirPods Pro. Revolutionize your identity infrastructure now. Visit strata.io/cyberwire. And our thanks to Strata for being a longtime friend and supporter of this podcast. Black Hat kicks off with reassurances from global cyber allies. Researchers highlight vulnerabilities in car head units, AWS, and 5G basebands. Alleged dark web forum leaders are charged in federal court. Tens of thousands of ICS devices are vulnerable to weak automation protocols. Kim Suki targets universities for espionage. Ransomware claims the life of a calf and its mother. A look at job risk in the face of AI. In our threat vector segment, David Molten speaks with near-zook, founder and CTO of Palo Alto Networks about the future of cybersecurity. And an alleged cybercrime rapper sees his Benjamins seized. See what I did there. It's Thursday, August 8th, 2024. I'm Dave Vittner, and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It is great to have you with us. The Black Hat Conference is in full swing in Las Vegas, and during yesterday's opening keynote, U.S. CISA director, Jenny Stearley, UK NCSC CEO Felicity Oswald, and EU ANISA COO Hans de Vries emphasize that their respective nation's election systems are more secure than ever. They attributed this resilience to a stronger election stakeholder community and rigorous preparations against cyber threats. Despite ongoing challenges from state actors like Russia and China, they reported successful defenses during recent elections. Easterly stressed that while the threat landscape remains complex, constant vigilance and collaboration among international cybersecurity agencies are crucial. The officials underscored the importance of data sharing, continuous testing, and maintaining clear paper trails to ensure election integrity. They called on citizens to resist foreign disinformation efforts aimed at undermining confidence in democracy. Elsewhere at Black Hat, Cisco Talos researchers revealed that Android-based infotainment systems and vehicles from brands like Ford, GM, and Honda can be exploited to steal user data. Dan Mazzella demonstrated how an attacker could extract sensitive information, including GPS coordinates from the head unit of his own car. These systems running on Android automotive OS can be infected via social engineering, such as malicious USB sticks or a technique known as blue snarfing. Rental cars are particularly vulnerable as attackers could back door head units to target subsequent users. To mitigate risks, users should avoid plugging untrusted devices into car systems. AWS recently patched critical vulnerabilities that could have allowed account takeovers revealed by Aqua security at Black Hat. These flaws affecting services like cloud formation, glue, EMR, SageMaker, service catalog, and code star could have led to arbitrary execution and control over AWS accounts. Aqua security's researchers detailed how attackers could predict S3 bucket names and exploit them using a method called bucket monopoly. AWS confirmed the issue is fixed and no customer action is needed. Aqua security also released an open source tool to check past vulnerabilities. Rounding out our review of news from Black Hat, researchers from Pennsylvania State University have uncovered security flaws in 5G basebands used in phones by Google, Oppo, Oneplus, Motorola, and Samsung. Basebands are essentially the hardware processors used by cell phones to connect to mobile networks. These vulnerabilities found in basebands by Samsung, MediaTek, and Qualcomm could allow hackers to stealthily spy on victims. Using their custom tool 5G base checker, the researchers tricked phones into connecting to fake cell towers to exploit these flaws. Most vendors have since patched the vulnerabilities. Pavel Kublitsky and Alexander Khodriev are the alleged leaders of the WWH Club, a darknet forum described as a cross between eBay and Reddit for criminals. In a federal court case, they were charged with conspiracy to traffic and possess unauthorized devices. The online forum facilitated the sale of stolen bank account numbers, hired hackers, and organized denial of service attacks for over 170,000 users. The FBI uncovered the identities of WWH's administrators by obtaining a search warrant for Digital Ocean, a US-based cloud company. This allowed agents to gain administrative access to the site, revealing tens of thousands of emails, passwords, and user activities. The site's admin interface was in Russian, requiring translation for investigation. Kublitsky, a Russian and Khodriev from Kazakhstan, sought asylum in the US two years ago, but now faced federal charges. The site's admins enforced rules barring crimes in Commonwealth of Independent States member countries, including Russia and Kazakhstan. Kublitsky had bought a luxury condo in Florida while Khodriev purchased a 2023 Corvette with $110,000 in cash. Both men appeared unemployed. The Justice Department and Kublitsky's lawyer have declined to comment. The criminal complaint, initially sealed, was first reported by CourtWatch. Half of the 40,000 internet-connected industrial control systems in the US are vulnerable due to weak automation protocols. A report from Security Firm Census revealed that over 80 percent of exposed human-machine interfaces are in wireless networks like Verizon and AT&T. Many HMIs, particularly those in water and wastewater systems, can be accessed without authentication. The study also highlights risks from web admin interfaces with default credentials. Recent minor attacks by state-linked actors underscore the need for robust security measures, including VPNs, firewalls, and better training for device administrators to prevent unauthorized access and ensure system protection. Cybersecurity analysts have exposed critical details about the North Korean APT group Kimsuki, which targets universities for espionage. Active since 2012, Kimsuki primarily attacks South Korean entities but also extends to the US, UK, and Europe. They use sophisticated phishing tactics, posing as academics or journalists to steal sensitive information. Recent findings by resilience revealed operational mistakes by Kimsuki uncovering source code and login credentials. The group focuses on stealing valuable research and intelligence aligning with North Korea's reconnaissance general bureau objectives. Enhanced multi-factor authentication and careful URL verification are recommended defenses. A ransomware attack on a Swiss farmer's computer systems had devastating consequences, disabling milking robots and preventing access to crucial cattle data. This led to the tragic deaths of a calf and its mother after the farmer couldn't monitor pregnant animals effectively. Despite a $10,000 ransom demand, the farmer chose not to pay. Although the milking robots operated without a network, the farmer incurred over $7,000 in veterinary and computer replacement costs. The cyber criminals ultimately gained nothing but the emotional and financial toll on the farmer was significant. In an article at Law Fair, Kevin Frazier examines the ongoing debate over the future of AI regulation. Three main camps have emerged, those prioritizing existential risks, those focused on privacy concerns, and a third group emphasizing climate impacts. With US politicians and agency officials hesitant to take a definitive stance, NIST recently issued a profile addressing the risks associated with the research development, deployment, and use of generative AI. This profile attempts to balance the concerns of all sides, covering 12 different risks, including chemical and biological threats, data privacy, and harmful bias. Notably, absent, however, was job risk, also known as J-risk. AI-driven job displacement, or J-risk, is an immediate concern. Americans have already been displaced by AI, particularly in industries like video gaming. Kevin Frazier's article underscores that AI will inevitably replace American workers. The uncertainty lies in the timing, method, and extent of this displacement. Policymakers must take proactive steps to mitigate the worst impacts of J-risk by implementing anticipatory governance strategies. These strategies include gathering more data on AI's effects on labor and creating responsive economic security programs by focusing on J-risk's lawmakers can reduce uncertainty and long-term harm. Frazier highlights the importance of learning from past economic disruptions, such as those caused by globalization. The unchecked optimism about globalization's benefits led to widespread job losses and economic instability in many American communities. Similarly, AI is poised to introduce significant economic turbulence, necessitating a proactive policy response. Frazier's article emphasizes that prioritizing J-risk's does not mean neglecting other AI governance approaches. Efforts to address labor displacement can also aid in mitigating other AI risks. For instance, creating emergency relief programs could be beneficial in various AI-related crises. In summary, Kevin Frazier argues that addressing J-risk's is crucial for managing AI-induced economic instability. Policymakers must take proactive steps to support displaced workers and ensure a resilient labor market. By focusing on the immediate and tangible impacts of AI, lawmakers can develop comprehensive strategies to protect workers' livelihoods and promote economic stability in the face of rapid technological advancement. Coming up after the break on our threat vector segment, host David Moulton speaks with near Zook, founder and CTO of Palo Alto Networks. Stay with us. Enterprises today are using hundreds of SaaS apps. Are you reaping their productivity and innovation benefits, or are you lost in the sprawl? Enter Savvy Security. They help you surface every SaaS app, identity, and risk, so you can shine a light on shadow IT and risky identities. Savvy monitors your entire SaaS attack surface to help you efficiently eliminate toxic risk combinations and prevent attacks. So go on, get Savvy about SaaS and harness the productivity benefits, fuel innovation, while closing security gaps. Visit savvy.security to learn more. The IT world used to be simpler. You only had to secure and manage environments that you controlled. Then came new technologies and new ways to work. Now employees, apps, and networks are everywhere. This means poor visibility, security gaps, and added risk. That's why CloudFlare created the first-ever connectivity cloud. Visit cloudflare.com to protect your business everywhere you do business. David Molten is host of the Threat Vector podcast right here on the N2K Cyberwire podcast network. In his most recent episode, he spoke with founder and CTO of Palo Alto Networks near Zuck. Here's a segment from their conversation. Machines will do what humans do, just they're going to do it much faster and in a much more scalable way. So that's the idea behind using AI in the Salk to detect attacks and stop them. Welcome to Threat Vector, the Palo Alto Networks podcast where we discuss pressing cybersecurity threats and resilience and uncover insights into the latest industry trends. I'm your host, David Molten, Director of Thought Leadership. Today I sit down for a conversation with near Zuck, founder and CTO for Palo Alto Networks. Here's our conversation. So you've seen a huge number of changes in the cybersecurity industry, next-generation firewalls, XDR. How do you see AI falling in with those? I think that AI is something that's required to do what I'm talking about. Meaning, look, today at the Salk, at the Security Operations Center, you have usually hunters which look at data and hunt for attacks. They look at data that's collected into the same, it's not really data. We're talking about logs mostly, and they're not doing a very good job every now and then they find an attack. It takes them forever, meaning if you look at the mean time to detect that the time the attack is found, it's very high, it can be measured in days and weeks, and it takes them forever to respond to the attacks. Nevertheless, we don't have a better way of doing it in the sense that machines are not going to do something that humans cannot do. You can't expect machines to detect attacks doing things in different ways than humans do it. Machines will do what humans do, just they're going to do it much faster and in a much more scalable way. That's the idea behind using AI in the Salk to detect attacks and stop them. It's like what the humans are doing and just make it into a machine learning-based. Massively speed it up. Massively speed it up. Massively make it more scalable, meaning you're able to look at more data and process that data much, much quicker. If we move to a moment where AI has this ability to speed up the things that we're good at but slow, that AI is fully integrated into security operations, what would the human tasks be? Is there oversight or are there new jobs? Talk to me about that. I think the role of the humans is to do what the machines cannot do. I don't think machines can replace people. Certainly not anytime soon. The autonomous car advocates have been talking about how autonomous cars are going to be out there next year. There's this famous, I don't know if you saw it on YouTube, Elon Musk video, someone cuts every year he said that next year there will be autonomous driving. Of course, it's not there and it's going to be a while until we see it. The reason for that is that machines are still not as good as people and I think it's the day where they are if the day ever comes is very, very far away. That's good news. That's really good news for the people in the SOC. The people in the SOC, the analysts, the engineers, the hunters, they all need to know that with the use of AI or machine learning, the way engineers call it, in this case, because it's machine learning based AI, they're going to be left with the things that machines cannot do, which is the more interesting, high-end work. Do you worry, though, with an AI-driven, scaled environment that we might become over-reliant on artificial intelligence? No. No, I think that if you build the processes right, both we as a vendor for our customers and our customers and you make sure that humans are part of the process, then I'm not worried about it. I think the bigger challenge we have then worrying about relying on AI is that it's very difficult to understand why AI is doing what it's doing. Talk to me a little bit more about that. So, when AI makes a decision that something is bad, usually that decision is based on millions, billions, sometimes more than that data points. So, for a human to go in and look at those billion data points and say, "Oh, I understand now why the UI made the decision that it made," is very, very difficult. So, a human can't disentangle a billion data points that are coming in and a similar looking set was fine, but this one isn't. That becomes a bit of a mystery or a black box. Correct. And that means that humans need to start relying on AI without understanding why AI did what it did. And that stuff, it's stuff for humans in general to do it, especially security conscience humans, such as those that you find in the security operations center and generally an infosec. And also, it can lead to trouble if the AI is wrong, of course. So, certainly, there needs to be more work done around being able to explain to humans why AI did what it did. And I think we're not there yet. And also, we need to do more work at making people comfortable with AI. Is this discomfort with AI giving you a decision, you're not understanding it more acute in security? I would see it being one that no matter where that decision was made, AI in financial markets or in medicine, I don't understand the decision. How do we move to a point where we have acceptance and a culture that has trust? So, like I said, we need to educate people, convince them that they can trust AI. We need to show them that they can trust AI. And we need to do a better job at having AI explain why it did what it did. Here's a thanks for coming on threat vector today. It's been a fascinating conversation. Appreciate your time. Thank you for having me. Thanks for joining today. Stay tuned for more episodes of threat vector. If you like what you've heard, please subscribe wherever you listen and leave us a review on Apple podcast or Spotify. Your reviews and feedback really do help us understand what you want to hear about. I want to thank our executive producer, Michael Heller. I edit threat vector and Elliot Peltzman mixes the audio. We'll be back next week. Until then, stay secure, stay vigilant. Goodbye for now. Be sure to check out the complete threat vector podcast, wherever you get your favorite podcasts. Do your end users always work on company-owned devices and IT-approved apps? If the answer is no, then my next question is, how do you keep company data safe on all those unmanaged apps and devices? One password has an answer to this question, extended access management. One password, extended access management helps you secure every sign-in for every app on every device because it solves the problem traditional IAM and MDM can't touch. Check it out at 1password.com/xam. That's 1Password.com/xam. This episode is brought to you by Experian. Are you paying for subscriptions you don't use but can't find the time or energy to cancel them? Experian could cancel unwanted subscriptions for you, saving you an average of $270 per year and plenty of time. Download the Experian app. Results will vary. Not all subscriptions are eligible. Savings are not guaranteed. Paid membership with connected payment account required. And finally, in January, Krebsong security, spotlighted rapper Kunchmade Dev, who glorifies cybercrime in his music and promotes stores selling stolen financial data. This 22-year-old Kentucky native, also known as Devon Turner, is now suing his bank after they froze his account amid a $75,000 wire transfer and an active law enforcement investigation. With hits like internet swiping and $1,000,000 criminal, Kunchmade Dev gained fame and sold tutorials on financial fraud. According to Krebs, his social media handles were linked to stores offering illicit goods leading to his bank troubles. Turner filed a lawsuit against PNC Bank, claiming discrimination and alleging the bank made disparaging comments about his financial status. The bank told Turner his account was flagged for law enforcement scrutiny. Despite promises to release his funds, PNC allegedly seized half a million dollars from his account. Ironically, Kunchmade Dev, who teaches about maintaining upset or operational security and cybercrime, couldn't anonymize his own online activities. His lawsuit includes contact information tying him directly to his fraudulent operations. With a significant social media following, Kunchmade Dev's story highlights the bizarre intersection of internet fame and criminal activity. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing at TheCyberwire.com. We'd love to know if you think of this podcast, your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com. We're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams while making your teams smarter. Learn how at N2K.com. This episode was produced by Liz Stokes, our mixer is Trey Hester, with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ivan. Our executive editor is Brandon Park. Simone Petrela is our president, Peter Kilby is our publisher, and I'm Dave Bitner. Thanks for listening. We'll see you back here tomorrow. [Music] [BLANK_AUDIO]
