[Music] you're listening to the cyberwire network powered by n2k [Music] for identity Architects and Engineers modernize your identity systems with strata integrate Legacy apps with any IDP ensure seamless identity failover and apply MFA without touching app code strata offers robust efficient identity management reducing Tech debt and enhancing security gain peace of mind and operational efficiency with strata's Comprehensive Solutions visit strat. i/ cyberwire share your biggest identity Challenge and enjoy free airpods Pro optimize your identity Solutions today visit strat. cyberwire and our thanks to strata for being a longtime friend and supporter of this podcast [Music] mitigation continues on the global crowd strike outage UK police arrest a suspected member of scattered spider a scathing report from DHS says sisa ignored a directive to cut ties with a faulty contractor Huntress finds sock golish Distributing async rat ransomware takes down the largest trial court in the us a US regulator finds many major Banks inadequately manage cyber risk sisa adds three critical vulnerabilities to its known exploited vulnerabilities catalog Australian police forces combat SMS fishing attacks Our Guest is Chris Grove director of cyber security strategy at nazomi networks with a look at the challenges of protecting the upcoming Summer Olympics Rick Howard looks at Cyber threat intelligence and appreciating the value of internships [Music] it's Monday July 22nd 2024 I'm Dave Bitner and this is your cyberwire Intel briefing [Music] happy Monday and thank you for joining us it is great to have you here with us the crowd strike it outage has had significant Global repercussions impacting approximately 8.5 million devices and causing widespread operational disruptions in the US the airline industry has been particularly affected with more than 1,500 flights cancelled for the third consecutive day Delta Airlines based in Atlanta has struggled the most with Delta chief executive Ed Bastian reporting that the airline canel over 3,500 flights Bastion attributed the cancellations to the failure of a crew tracking tool unable to process the high volume of changes triggered by the system outage Delta has been offering waivers to affected customers in an effort to manage the Fallout crowd strike CEO George CTS issued an apology for the outage knowledging the gravity and impact of the situation he explained that the problem originated from a sensor configuration update released on July 19th which triggered a logic error leading to system crashes and blue screens of death on impacted devices the specific update involved Channel file 291 which controls how Falcon evaluates named pipe execution on Windows systems named pipes are used for interprocess or inter system some Communication in Windows the update intended to Target malicious named pipes used in cyber attacks inadvertently caused the operating system crash crowd strike quickly identified and corrected the logic error updating the content in Channel file 291 and halting further changes despite this some experts criticized crowd strike for not following industry standard testing procedures suggesting that the faulty update may have bypassed normal vetting processes to assist affected customers crowd strike has published a remediation and guidance Hub with detailed information on the faulty update and Recovery steps Microsoft also played a crucial role in addressing the issue developing a custom win PE recovery tool to automate the removal of the faulty update the tool is available for download and requires specific technical configurations for use the incident has sparked a wave of malicious activities with Bad actors exploiting the turmoil to conduct fishing scams and other cyber attacks sisa and the UK's ncsc have issued warnings about increased fishing activities related to the crowd strike outage Australia's home affairs minister Clare O'Neal also cautioned small businesses to be wary of scam attempts disguised as Communications from crowd strike or Microsoft the broader implications of the outage have raised concerns about the fragility of the modern digital ecosystem and the concentration of power among key technology firms Anne newberger the deputy National Security adviser for cyber and emerging Technologies emphasize the need for resilience in a globally interconnected economy sir Jeremy Fleming the recently retired head of gchq echoed these sentiments highlighting the accelerated risks due to technological interconnectivity regulators and lawmakers are calling for greater scrutiny of major Tech firms particularly Microsoft which has a near Monopoly on office productivity systems lawmakers from the house oversight house Homeland Security and house Energy and Commerce committees have requested briefings from Microsoft and crowd strike to understand the causes and impacts of the outage a recurring theme in the coverage of the incident particularly in the broader Tech press is that many people had not heard of crowd strike before this event it's a useful reminder of how cyber security firms often operate behind the scenes until a significant disruption brings them to public attention law enforcement in the UK arrested a 17-year-old from walel suspected of being part of the scattered spider cyber crime group also known as UNC 3944 or octopus this arrest followed a joint operation by the UK National Crime agency and the US FBI the teenager is accused of targeting large organizations with ransomware and accessing their networks he was arrested on suspicion of blackmail and computer misuse act offenses then released on bail evidence including digital devices was recovered for forensic examination this arrest is part of a global investigation into the cyber crime Group which has targeted major companies like MGM Resorts scattered spider has hacked numerous organizations including twilio last pass and door Dash often using social engineering tactics the Department of Homeland securi Inspector General released a scathing report on Wednesday criticizing the cyber security and infrastructure Security Agency and the federal law enforcement training centers fletzy for failing to protect sensitive data both agencies ignored a direct order from DHS leadership to cease working with a high-risk contractor the inspector General's audit revealed urgent cyber security issues at sisa and fletzy despite a directive to stop using the contractor due to poor cyber security practices both agencies continued their engagement without mitigating the risks the contractor was not named in the report but dhs's internal investigation highlighted significant security deficiencies in its operations the report stated that by not mitigating the control deficiencies sisa and fletzy potentially exposed sensitive personally identifiable information and Law Enforcement Training data to compromise this included the names Social Security numbers dates of birth genders ranks and titles of just under 38,000 DHS and federal law enforcement officers Additionally the contractor software contained training materials on disarming active Shooters and countering seport terrorism researchers at Huntress have observed the JavaScript downloader malware sock golish also known as fake updates being used to deliver the remote access Trojan async rat and the legitimate open source project boink that's Berkeley open infrastructure network computing client boink is a volunteer Computing platform maintained by the University of California for large-scale distributed computing the sck goolish attack chain involves a malicious Javascript file that downloads further stages ultimately deploying a fileless async rat variant and a malicious boink installation the compromised boink install station connects to fake servers to collect data and execute tasks acting as a command and control server Huntress reported the misuse to boink administrators who have been aware of the issue since June of this year the report includes indicators of compromise and Yara and sigma rules a ransomware attack has shut down the computer system of the superior court of Los Angeles County the largest trial court in the US the the attack began early Friday and is unrelated to the recent crowd strike software update issue the court disabled its computer network and kept it down through the weekend preliminary investigations show no evidence of compromised user data the court serves 10 million residents with 1.2 million cases filed and 2,200 jury trials conducted in 2022 a US regulator the office of the controller of the current has found that half of the major Banks it oversees are inadequately managing risks such as cyber attacks and employee errors Bloomberg reported that 11 of the 22 large Banks under OCC supervision have insufficient or weak operational risk management about one-third of these Banks received poor ratings for overall management this comes amid Rising concerns Following last year's bank failures and major Global Computing systems outage the occ's operational risk assessments contribute to camels ratings which influence regulatory scrutiny and capital requirements acting controller Michael Sue Has emphasized the need for Effective risk management in May 2023 Sue testified before Congress about the importance of proactive supervisory actions and risk mitigation from thirdparty vendors using new technology sisa has identified and added three critical vulnerabilities to its known exploited vulnerabilities catalog first there's a severe vulnerability with a CVSs score of 9.8 affecting Adobe Commerce and Magento open source this flaw involves an improper restriction of XML external entity reference which can lead to arbitrary code execution next is a high severity directory traversal vulnerability in solar winds serve you scoring 7.5 on the CVSs scale discovered by Hussein Dar this vulnerability allows attackers to read sensitive files on the host machine following the disclosure and the publication of proof of concept exploit code threat intelligence firm grey noise observed active exploitation attempts and finally there's an information disclosure vulnerability in VMware V Center server with a CVSs score of 6.5 this issue arises from improper file permissions enabling malicious actors with non-administrative access to obtain sensitive information sisa has ordered federal agencies to remediate these vulnerabilities by August 7th to protect their networks Australian police forces have seized 29 Sim boxes and thousands of SIM cards in raids across several states to combat SMS fishing attacks in New South Wales 26 Sim boxes capable of sending large volumes of text messages were found having sent over 318 million messages in recent months scamming victims out of millions in Victoria three Sim boxes were seized potentially capable of sending hundreds of thousands of malicious messages daily six arrests were made with charges [Music] laid coming up after the break Chris Grove director of cyber security strategy at Naomi networks shares insights on the challenges of protecting the upcoming Summer Olympics and Rick Howard looks at Cyber threat intelligence stay with us [Music] and now a word from our sponsor no before it's all connected and we're not talking conspiracy theories when it comes to infosec tools effective Integrations can make or break your security stack the same should be true for security awareness training no before provider of the world's largest library of security awareness training provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture no's security coach uses standard apis to quickly and easily integrate with your existing security products from vendors like Microsoft crowd strike and Cisco 35 vendor Integrations and Counting security coach analyzes your security stack alerts to identify events related to any risky security behavior from your users use this information to set up realtime coach in campaigns targeting risky users based on those events from your network endpoint Identity or web security vendors then Coach your users at the moment the risky Behavior occurs with contextual security tips delivered via Microsoft teams slack or email learn more at no.com security coach that's no.com security coach and we thank no for sponsoring our show [Music] when it comes to ensuring your company has top-notch security practices things can get complicated fast vanta automates compliance for sock 2 ISO 271 Hippa and more saving you time and money with vanta you can streamline Security reviews by automating questionnaires and demonstrating your security posture with a customer-facing trust Center over 7,000 global companies like atlassian Flo health and quora use vanta to manage risk and prove Security in real time our listeners can claim a special offer of $1,000 off vanta atv.com cyber that's vana.com cyber for $1,000 off vanta [Music] Chris Grove is director of cyber security strategy at Nomi networks I recently caught up with him for insights on the challenges of protecting the upcoming Summer Olympics to talk about the Olympics this is very exciting year Um this can be a very big game um so 13 million tickets sold and somewhere between 11 and 15 million visitors and um 181,000 people working these are varying numbers out there uh showing up for a temporary event is very complex and very challenging from a cyber security perspective and um that's I guess what we're going to talk about today are some of these challenges and how the critical infrastructure comes into play and how we can manage that security for such a large amount of people and volume in a short period of time and that is where the challenge starts yeah I I mean I guess there are obvious things that that folks think about things like the tickets and um protecting people's credit cards you know all that consumer facing kind of stuff but we're talking about a lot of infrastructure as well yeah if you think about it in order to run these Olympics it's literally like building a smart city in a very short period of time they have uh water Wastewater power distribution camera systems locks heating air conditioning all kinds of other building automation stuff public transportation systems and digital signage and the amount and the vast array of equipment needed is just um not typical for uh something that most people would build in their day-to-day life for sure it's very complex and very fast moving and very large scale can you give us an idea of how City will go about something like this I mean how much of this is is integrated how much of it is siloed is is there sort of a best practice to approaching something like this uh that's a a depends question every time they host the Olympics in a different place there will be different daners I believe but they do start many years in advance and a lot of what they do is probably 80% is done before the actual Olympics happen in the last 15 to 20% of everything from you know the labor involved is during the games itself so they do spend a lot of time it's not just pouring concrete it's acquiring land and coming out working with city planners to develop and ensure that the infrastructure is able to handle the demand um not just from a electricity perspective but water Wastewater like I said and being able to handle people in emergencies um there's other dimensions involved from hotel rooms how do you does your airport uh is it able to handle this volume so they really start many years in advance they work across sectors and try to ensure that all the pieces of the puzzle are basically in place to to make sure that the games can be smooth what about the Integrity of the games themselves I mean I'm thinking about things like like timers like scoreboards you know all of those things that are part of the actual athletic competition there's a cyber security element to that as well yes absolutely um the same problems that we face in regular Enterprise like somebody tweaked a switch somewhere and resulted in a web page changing color or a light going on and off or a a water system changing some consistency of a chemical whatever it may be could very well happen an event like the Olympics it's uh not unfathomable to think that somebody would try to do something like that based on some of the things that we've seen in the past happen uh at the Olympics from a cyber perspective what about misinformation and disinformation you know that sort of that public facing uh information stream I suppose kind of to your point there are folks out there who uh would love to see things go wrong would love to see perhaps some chaos injected into this mean that that's a I guess it's a combination of a human factor and technical element as well right and even a nation state element there's in some cases for example some of the U disinformation that we're seeing happening around these games in 2024 have to do with Russia being banned from these games and competing under a neutral flag so it's not really in their best interest that these games are the best ones that have ever existed so they have a nation state reason for some disinformation uh we also saw in 2020 um disinformation campaigns around the discrediting of a bunch of the non-russian athletes um there were other disinformation campaigns going many years back and if you think even around 2008 when we first started to see some of the ticket scams um some of those were borderline disinformation in a way they were advertising you know special sections that didn't exist or um trying to sell things that just simply weren't true Bitcoin pieces and things like that so um yes it's definitely gotten more than it was in the past and um it's one of the several threats that are faced being faced then there's also the physical uh aspect of that if somebody were to not just use disinformation to influence someone's opinion but to cause a panic and a public safety Factor um could come into play at that point can we touch on Public Safety I mean that it just seems like a that that is a huge responsibility for the folks who are running these games here they've got all these people from all around the world both the a athletes The Spectators the the judges and referees the media um and you have to provide for the safety of all those people yeah that's definitely it's a one of the biggest challenges of events like this is the public safety component of course we like to think about interrupting the game shutting the lights off or whatever um that's got a financial implication to it but the public safety implication is really first and foremost the main priority of all the planning if everyone needs to come and go home safe and alive and without injury uh secondary is making sure that they're entertained with the games when a city goes through something like this you know all of the the construction the planning installing infrastructure for an event as big as the Olympics when the games are over and everybody goes home does does the city end up with a lot of things having been upgraded is this a a nice impetus for those sorts of things to happen in some cases yes in some cases no it depends uh on the country and everything there are instances where there are stadiums lying dormant and costing that particular host country uh a lot of money and this doesn't this is not specific to the Olympics this has to do with anything of this magn ude like World Cup Etc um not every city needs something of that nature or that large and if they don't find a way to support it from an economic standpoint it does become a burden but in other cases it's a great way to test and bring in Cutting Edge Technologies um sometimes it may be so um high capacity internet backbones that weren't there before that now they've laid in and things like that are definitely going to be used in in the future but some of the physical infrastructure many times they will either tear it down and convert it back to its original use or donate it and use it for something moving forward but it's it's a mixed bag I think for the host cities after the infrastructure has been used has there been any sense you know for for folks like yourself who keep an eye on these things who this is you know the the line of work that you're in any sense for how Paris is is doing are they are they going to come in ready to go when it's time for the games to begin I cannot speak to um anything to do specifically with their um security posture or how they feel or what they're ready for um but I can speak to some of the things that I've seen publicly yeah um that there that is out there and um a lot of the partners that have been involved with the security preparations are looking at things that have happened in the past as a way to start prepare for what they expect this time around so we are the the world is expecting everything that we've seen in the past and then some new angles um probably and some amplification of the volume perhaps some of the attacks that came in in past Olympics where at the time they broke like DDOS records for the most amount of traffic we'll probably see things like that um new records broken in certain areas not just on the field but you know on the net as well well um there's probably going to be a few things that maybe we haven't seen in the past um but I do think that everyone is prepared for that and a lot of the leading brands are involved in um you know making sure that they are safe for people and that they are successful that's Chris Grove director of cyber security strategy at nazomi Networks [Music] it is always my pleasure to welcome back to the show the cyberwire chief security officer and chief analyst Rick Howard Rick welcome back hey Dave you know Rick there's that old joke old old old joke about how well that's totally appropriate for you and me sir okay I didn't say you're an old joke or I'm an old joke although the truth hurts sometimes we talk about that later there's that old joke about how Military Intelligence is an oxymoron right and as an old army guy I bet you've gotten more than your share laughs about that phrase it's so true it's so true but where are we with cyber intelligence I know that's something that you're looking to cover here on your upcoming CSO perspectives podcast yeah we're taking a look at the current state of cyber threat intelligence because you know most people forget you know we do this stuff every day that you kind of assume that that kind of thing's been around for a long time but really for the commercial World cyber threat intelligence wasn't a thing until mandiant released their very famous AP1 paper back in 2013 something like that you know because you know the military had been doing cyber threat intelligence for about 10 years before that uh they very famously chronicled the Chinese efforts at ESP they had cool code names for all that like Titan rain but it didn't really catch on with the commercial World until a Man released that paper and then all of a sudden everybody went oh my goodness this is a thing we should all be doing and so I thought it was time it's now 15 years past that paper 14 years that we should take a look at how far we've come and I ran into an old buddy of mine John hulquist he is the uh Chief intelligence guy at Google mandum all right and he and I competed back in the today I ran a commercial cyber intelligence group he ran one and so we compared notes about where it all started and uh where it is today yeah it's interesting to me that you know it how quickly it it spun up to become something that uh was productized and and sold and now folks can't do without it yeah and another little phase of that too is how every security vendor has their own cyber intelligence team as a marketing arm you know they use it as an excuse to say you know if we found the you know Wicked spider operating over here and all the customers that use our product stopped them you know they use it for that kind of thing so it's a really interesting way to use cyber threat intelligence yeah that is interesting all right well it is the CSO perspectives podcast and the host is Rick Howard Rick thanks so much for joining us thank you sir [Music] [Music] Enterprises today are using hundreds of SAS apps are you reaping their productivity and Innovation benefits or are you lost in the sprawl enter Savvy security they help you surface every SAS app identity and risk so you can shine a light on Shadow it and risky identities Savvy monitors your entire sass attack surface to help you efficiently eliminate toxic risk combin ations and prevent attacks so go on get Savvy about SAS and harness the productivity benefits fuel Innovation while closing security gaps visit [Music] savvy.com Western off once a physiotherapist and pie maker who embarked on a cyber internship in 2016 while still an intern he discovered a critical vulnerability in solar panel technology which had the potential of compromising the Netherlands entire power grit this breakthrough not only transformed his life propelling him into Global headlines and speaking at conferences but also secured him a full-time role at it secc where he had had interned westerhoff's story exemplifies the transformative potential of internships according to ISC 2's 2023 cyber security Workforce report 24% of new Cyber professionals started as interns Matthew Prager from sisa emphasizes internships as essential for expanding the talent pool and providing valuable work experience that education alone cannot offer John Anthony Smith of conversant group highlights the importance of mentoring interns to mold them into skilled professionals while Alexandria kaisan from the information and Communications Technology Council stresses the need for internships to teach both Technical and soft skills companies offering meaningful project-based internships tend to secure more full-time hires with paid internships attracting higher quality candidates William Wester Hoff's Journey from a diverse work background to a celebrated cyber security expert underscores the immense value of internships for interns these opportunities provide practical experience essential skills and a direct pathway into full-time employment as seen with westerhoff's seamless transition to ITC for employers internships are a Strategic investment offering access to Fresh Talent Innovative perspectives and the chance to cultivate and retain skilled professionals tailored to their specific needs by fostering an environment where interns are mentored and engaged in meaningful projects organizations not only enhance their Workforce but also contribute to closing the cyber security skills Gap ensuring a robust and secure digital [Music] future and that's the cyberwire for links to all of today's stories check out our daily briefing at the Cyber wire.com we'd love to know what you think of this podcast your feedback ens Shores we deliver the insights that keep you a step ahead in the rapidly changing world of cyber security if you like our show please share a rating and review in your favorite podcast app please also fill out the survey in the show notes or send an email to cyberwire at nk.com we're privileged that n2k cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector from The Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies n2k makes it easy for companies to optimize your biggest investment your people we make you smarter about your teams while making your teams smarter learn how at n2k tocom this episode was produced by Liz Stokes our mixer is Trey Hester with original music and sound design by Elliot peltzman our executive producer is Jennifer iban our executive editor is Brandon karp Simone Petrella is our president Peter kpy is our publisher and I'm Dave Bitner thanks for listening we'll see you back here tomorrow [Music] most of our listeners who deal with Legacy privileged access management products know they tend to be expensive difficult to deploy and hard to use keeper security is the answer keeper zero trust solution delivers password secrets and connection Management in one easyto use platform it's fast to deploy a agentless clientless and has no implementation fees plus keeper is fed ramp authorized that's why we trust keeper to prevent breaches and gain full control over privileged users visit keeper. cyberwire to schedule a quick demo that's keeper. cyberwire and thanks to keeper security for supporting our podcast