The Cyberwire.com/newsletters/daily briefing.
"U.S. Senator says NSA's purchasing of Americans' data is unlawful."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 28 January 2024, 1444 UTC.
Content and Source: https://thecyberwire.com/newsletters/daily-briefing/13/18 ("The Cyberwire.com/newsletters/daily-briefing").
Please scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
Daily Briefing for 01.26.24
SUMMARY
At a glance.
- US senator says NSA's purchase of Americans' data is unlawful.
- Mexican banks targeted by AllaKore RAT.
- Trickbot developer sentenced to five years.
- Suspected Chinese threat actor uses backdoor from 2005.
- US senator says NSA's purchase of Americans' data is unlawful.
- Mexican banks targeted by AllaKore RAT.
- Trickbot developer sentenced to five years.
- Suspected Chinese threat actor uses backdoor from 2005.
US senator says NSA's purchase of Americans' data is unlawful.
US Senator Ron Wyden (Democrat of Oregon) yesterday sent a letter to Director of National Intelligence Avril Haines asserting that the US National Security Agency (NSA) is unlawfully purchasing US citizens' information from data brokers, the Record reports. Wyden states, "Although the intelligence agencies’ warrantless purchase of Americans’ personal data is now a matter of public record, recent actions by the Federal Trade Commission (FTC), the primary federal privacy regulator, raise serious questions about the legality of this practice." The FTC earlier this month barred two data brokers from selling Americans' location data.
Wyden adds, "According to the FTC, it is not enough for a consumer to consent to an app or website collecting such data, the consumer must be told and agree to their data being sold to 'government contractors for national security purposes.' I have conducted a broad probe of the data broker industry over the past seven years, and I am unaware of any company that provides such warnings to consumers before their data is collected. As such, the lawbreaking is likely industrywide, and not limited to this particular data broker."
Wyden requests that Haines direct the US intelligence agencies to conduct the following actions:
- "Conduct an inventory of the personal data purchased by the agency about Americans, including, but not limited to, location and internet metadata. As you know, the cataloging of IC acquisition of commercially available information was also a recommendation of the Senior Advisory Group Panel on Commercially Available Information in its January 2022 report.
- "Determine whether each data source identified in that inventory meets the standards for legal personal data sales outlined by the FTC. This, too, is consistent with the Senior Advisory Group’s recommendation to “identify and protect sensitive [Commercially Available Information] that implicates privacy and civil liberties concerns.”
- "Where those data purchases do not meet the FTC’s standard for legal data personal data sales, promptly purge the data. Should IC elements have a specific need to retain the data, I request that such need, and a description of any retained data, be conveyed to Congress and, to the greatest extent possible, to the American public."
Optimize the value of your biggest investment – your cyber talent.Gain actionable insights to continuously build and maintain high-performance teams, climb the knowledge curve, and stay ahead in a rapidly changing world. N2K’s Strategic Cyber Workforce Intelligence is a comprehensive solution designed to identify current capabilities and develop a data-driven framework to enrich hiring, upskilling, and career mobility efforts in your people strategy that evolves with ongoing organizational transformation. Learn more.
US Senator Ron Wyden (Democrat of Oregon) yesterday sent a letter to Director of National Intelligence Avril Haines asserting that the US National Security Agency (NSA) is unlawfully purchasing US citizens' information from data brokers, the Record reports. Wyden states, "Although the intelligence agencies’ warrantless purchase of Americans’ personal data is now a matter of public record, recent actions by the Federal Trade Commission (FTC), the primary federal privacy regulator, raise serious questions about the legality of this practice." The FTC earlier this month barred two data brokers from selling Americans' location data.
Wyden adds, "According to the FTC, it is not enough for a consumer to consent to an app or website collecting such data, the consumer must be told and agree to their data being sold to 'government contractors for national security purposes.' I have conducted a broad probe of the data broker industry over the past seven years, and I am unaware of any company that provides such warnings to consumers before their data is collected. As such, the lawbreaking is likely industrywide, and not limited to this particular data broker."
Wyden requests that Haines direct the US intelligence agencies to conduct the following actions:
- "Conduct an inventory of the personal data purchased by the agency about Americans, including, but not limited to, location and internet metadata. As you know, the cataloging of IC acquisition of commercially available information was also a recommendation of the Senior Advisory Group Panel on Commercially Available Information in its January 2022 report.
- "Determine whether each data source identified in that inventory meets the standards for legal personal data sales outlined by the FTC. This, too, is consistent with the Senior Advisory Group’s recommendation to “identify and protect sensitive [Commercially Available Information] that implicates privacy and civil liberties concerns.”
- "Where those data purchases do not meet the FTC’s standard for legal data personal data sales, promptly purge the data. Should IC elements have a specific need to retain the data, I request that such need, and a description of any retained data, be conveyed to Congress and, to the greatest extent possible, to the American public."
Gain actionable insights to continuously build and maintain high-performance teams, climb the knowledge curve, and stay ahead in a rapidly changing world. N2K’s Strategic Cyber Workforce Intelligence is a comprehensive solution designed to identify current capabilities and develop a data-driven framework to enrich hiring, upskilling, and career mobility efforts in your people strategy that evolves with ongoing organizational transformation. Learn more.
Mexican banks targeted by AllaKore RAT.
Researchers at BlackBerry warn that a financially motivated threat actor is using a modified version of the open-source remote access tool AllaKore to target Mexican banks and cryptocurrency trading entities: "Lures use Mexican Social Security Institute (IMSS) naming schemas and links to legitimate, benign documents during the installation process. The AllaKore RAT payload is heavily modified to allow the threat actors to send stolen banking credentials and unique authentication information back to a command-and-control (C2) server for the purposes of financial fraud. The targeting we observed was indifferent to industry; the attackers appear to be most interested in large companies, many with gross revenues over $100M USD. We know this because the lures sent out by the threat actors only work for companies that are large enough to be reporting directly to the Mexican government’s IMSS department."
RSAC 2024—Where the Cybersecurity Community UnitesCybercrime knows no bounds, and a united front is our strongest defense. At RSAC 2024, May 6 – 9, we unite in San Francisco as a cybersecurity community, fostering learning, networking, idea exchange, and exploration of cutting-edge innovations. Join us as we face the future of cybersecurity head on. Learn more and register.
Researchers at BlackBerry warn that a financially motivated threat actor is using a modified version of the open-source remote access tool AllaKore to target Mexican banks and cryptocurrency trading entities: "Lures use Mexican Social Security Institute (IMSS) naming schemas and links to legitimate, benign documents during the installation process. The AllaKore RAT payload is heavily modified to allow the threat actors to send stolen banking credentials and unique authentication information back to a command-and-control (C2) server for the purposes of financial fraud. The targeting we observed was indifferent to industry; the attackers appear to be most interested in large companies, many with gross revenues over $100M USD. We know this because the lures sent out by the threat actors only work for companies that are large enough to be reporting directly to the Mexican government’s IMSS department."
Cybercrime knows no bounds, and a united front is our strongest defense. At RSAC 2024, May 6 – 9, we unite in San Francisco as a cybersecurity community, fostering learning, networking, idea exchange, and exploration of cutting-edge innovations. Join us as we face the future of cybersecurity head on. Learn more and register.
Trickbot developer sentenced to five years.
Russian national Vladimir Dunaev, a former developer of the Trickbot malware, pleaded guilty in the US to conspiracy to commit computer fraud and conspiracy to commit wire fraud, the Register reports. Dunaev admitted in his plea agreement to providing "specialized services and technical abilities" to the Trickbot gang between June 2016 and June 2021. Dunaev has been sentenced in the Northern District of Ohio to five years and four months in prison.
Russian national Vladimir Dunaev, a former developer of the Trickbot malware, pleaded guilty in the US to conspiracy to commit computer fraud and conspiracy to commit wire fraud, the Register reports. Dunaev admitted in his plea agreement to providing "specialized services and technical abilities" to the Trickbot gang between June 2016 and June 2021. Dunaev has been sentenced in the Northern District of Ohio to five years and four months in prison.
Suspected Chinese threat actor uses backdoor from 2005.
Researchers at ESET are tracking a China-aligned threat actor they've dubbed "Blackwood" that's conducting cyberespionage against Chinese and Japanese companies. The threat actor has also targeted individuals in China and Japan, as well as a "Chinese-speaking individual connected to the network of a high-profile public research university in the United Kingdom."
Blackwood has been active since at least 2018, and it's using an updated version of an implant called "NSPX30" that dates back to 2005. The researchers note, "Interestingly, the Project Wood implant from 2005 appears to be the work of developers with experience in malware development, given the techniques implemented, leading us to believe that we are yet to discover more about the history of the primordial backdoor."
Researchers at ESET are tracking a China-aligned threat actor they've dubbed "Blackwood" that's conducting cyberespionage against Chinese and Japanese companies. The threat actor has also targeted individuals in China and Japan, as well as a "Chinese-speaking individual connected to the network of a high-profile public research university in the United Kingdom."
Blackwood has been active since at least 2018, and it's using an updated version of an implant called "NSPX30" that dates back to 2005. The researchers note, "Interestingly, the Project Wood implant from 2005 appears to be the work of developers with experience in malware development, given the techniques implemented, leading us to believe that we are yet to discover more about the history of the primordial backdoor."
Notes.
Today's issue includes events affecting China, Japan, Mexico, Russia, the United Kingdom, and the United States.
SPONSORED EVENTSRH-ISAC Cyber Intelligence Summit (Denver, CO, USA, Apr 9 - 11, 2024) The RH-ISAC Cyber Intelligence Summit features presentations, along with collaborative workshops, cybersecurity exercises, and networking opportunities. This is the “can’t-miss” event for cybersecurity professionals from the retail and hospitality industries.RSA Conference 2024 Ι May 6 – 9 Ι San Francisco (San Francisco, CA, USA, May 6 - 9, 2024) Join the cybersecurity community at RSAC 2024 for cutting-edge innovation, expert-led sessions, inspiring Keynotes, networking, and more. Register now!SELECTED READING
Today's issue includes events affecting China, Japan, Mexico, Russia, the United Kingdom, and the United States.
Attacks, Threats, and Vulnerabilities
How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar (WIRED) From repeatedly crippling thousands of gas stations to setting a steel mill on fire, Predatory Sparrow’s offensive hacking has now targeted Iranians with some of history's most aggressive cyberattacks.
Akira ransomware gang says it stole passport scans from Lush (The Register) Cosmetics brand goes from Jackson Pollocking your bathwater to cleaning up serious a digital mess
GSA Sparks Security Fears After Buying Risky Chinese Cameras (Data Breach Today) Experts are raising fresh concerns about the "significant risk" for Chinese espionage against U.S. federal networks after a government watchdog caught the
Microsoft reveals how hackers breached its Exchange Online accounts (BleepingComputer) Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign.
Blackwood hackers hijack WPS Office update to install malware (BleepingComputer) A previously unknown advanced threat actor tracked as 'Blackwood' is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals.
How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar (WIRED) From repeatedly crippling thousands of gas stations to setting a steel mill on fire, Predatory Sparrow’s offensive hacking has now targeted Iranians with some of history's most aggressive cyberattacks.
Akira ransomware gang says it stole passport scans from Lush (The Register) Cosmetics brand goes from Jackson Pollocking your bathwater to cleaning up serious a digital mess
GSA Sparks Security Fears After Buying Risky Chinese Cameras (Data Breach Today) Experts are raising fresh concerns about the "significant risk" for Chinese espionage against U.S. federal networks after a government watchdog caught the
Microsoft reveals how hackers breached its Exchange Online accounts (BleepingComputer) Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign.
Blackwood hackers hijack WPS Office update to install malware (BleepingComputer) A previously unknown advanced threat actor tracked as 'Blackwood' is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals.
Products, Services, and Solutions
SecurityScorecard Launches MAX to Redefine the Supply Chain Cyber Risk Management Market (SecurityScorecard) New managed services offering from SecurityScorecard is winning over customers, driving record revenue with its simplicity and outcomes-focused approach.
SecurityScorecard Launches MAX to Redefine the Supply Chain Cyber Risk Management Market (SecurityScorecard) New managed services offering from SecurityScorecard is winning over customers, driving record revenue with its simplicity and outcomes-focused approach.
Legislation, Policy, and Regulation
On eve of final negotiations, US says consensus growing around ‘narrow’ UN cybercrime treaty (The Record) A State Department official said the U.S. is holding firm in its desire for a scaled-back version of an international cybercrime treaty, with a final round of negotiations starting later this month.
FTC officially asks Big Tech about their AI deals (Cybernews) The US Federal Trade Commission (FTC) announced an inquiry into the massive investments in leading AI companies by Big Tech companies. Orders have been sent to Microsoft, Google, Amazon, OpenAI, and Anthropic.
Senate Committee debuts bipartisan bill to add OT, ICS environments to federal employee cyber competition - Industrial Cyber (Industrial Cyber) Homeland Security and Governmental Affairs Committee debuts bipartisan bill to add OT, ICS environments to federal employee cyber competition
On eve of final negotiations, US says consensus growing around ‘narrow’ UN cybercrime treaty (The Record) A State Department official said the U.S. is holding firm in its desire for a scaled-back version of an international cybercrime treaty, with a final round of negotiations starting later this month.
FTC officially asks Big Tech about their AI deals (Cybernews) The US Federal Trade Commission (FTC) announced an inquiry into the massive investments in leading AI companies by Big Tech companies. Orders have been sent to Microsoft, Google, Amazon, OpenAI, and Anthropic.
Senate Committee debuts bipartisan bill to add OT, ICS environments to federal employee cyber competition - Industrial Cyber (Industrial Cyber) Homeland Security and Governmental Affairs Committee debuts bipartisan bill to add OT, ICS environments to federal employee cyber competition
Litigation, Investigation, and Law Enforcement
Wyden Releases Documents Confirming the NSA Buys Americans’ Internet Browsing Records; Calls on Intelligence Community to Stop Buying U.S. Data Obtained Unlawfully From Data Brokers, Violating Recent FTC Order (The Record) The Official U.S. Senate website of Senator Ron Wyden of Oregon
Trickbot malware developer sentenced to 5 years behind bars (The Register) Most of the crew still at large
INDUSTRY EVENTSFor a complete running list of events, please visit the Event Tracker.
Wyden Releases Documents Confirming the NSA Buys Americans’ Internet Browsing Records; Calls on Intelligence Community to Stop Buying U.S. Data Obtained Unlawfully From Data Brokers, Violating Recent FTC Order (The Record) The Official U.S. Senate website of Senator Ron Wyden of Oregon
Trickbot malware developer sentenced to 5 years behind bars (The Register) Most of the crew still at large
For a complete running list of events, please visit the Event Tracker.
Events
SANS Cyber Security Mountain: January 2024 (Virtual, Jan 22 - 27, 2024) At SANS Cyber Security Mountain: January 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
Insider Threat Program Development, Management & Optimization Training Course (Laurel, Maryland, USA, Jan 30 - 31, 2024) This highly sought after and very comprehensive 2 day training course will ensure that the Insider Threat Program (ITP) Manager and others who support the ITP (Insider Threat Analyst, FSO, CSO, CISO, Human Resources, CIO - IT, Network Security, Counterintelligence Investigators, Behavioral Science Professionals, Legal Etc.), have the Core Knowledge, Blueprint, Resources needed for developing, managing, enhancing an ITP / ITP Working Group.
Improve Spear Phishing Detection With AI (Virtual, Jan 30 - 31, 2024) Phishing remains one of the costliest attack vectors. Spear phishing, a more targeted form of phishing, is very convincing and poses a great risk to organizations. As threat actors crank up the volume of spear phishing attacks, companies are increasingly embracing AI for cybersecurity. Join this webinar to learn how NVIDIA’s AI technologies, along with ecosystem partners, can help organizations build powerful solutions to defend against cyber threats.
SANS Tysons Corner – NOVA 2024 (Tysons Corner, Virginia, USA, Feb 5 - 10, 2024) At SANS Tysons Corner-NOVA 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
SANS San Diego 2024 (San Diego (and virtual), California, USA, Feb 12 - 17, 2024) At SANS San Diego 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
SPONSOR & SUPPORTGrow your brand, generate leads, and fill your funnel.With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.
SANS Cyber Security Mountain: January 2024 (Virtual, Jan 22 - 27, 2024) At SANS Cyber Security Mountain: January 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
Insider Threat Program Development, Management & Optimization Training Course (Laurel, Maryland, USA, Jan 30 - 31, 2024) This highly sought after and very comprehensive 2 day training course will ensure that the Insider Threat Program (ITP) Manager and others who support the ITP (Insider Threat Analyst, FSO, CSO, CISO, Human Resources, CIO - IT, Network Security, Counterintelligence Investigators, Behavioral Science Professionals, Legal Etc.), have the Core Knowledge, Blueprint, Resources needed for developing, managing, enhancing an ITP / ITP Working Group.
Improve Spear Phishing Detection With AI (Virtual, Jan 30 - 31, 2024) Phishing remains one of the costliest attack vectors. Spear phishing, a more targeted form of phishing, is very convincing and poses a great risk to organizations. As threat actors crank up the volume of spear phishing attacks, companies are increasingly embracing AI for cybersecurity. Join this webinar to learn how NVIDIA’s AI technologies, along with ecosystem partners, can help organizations build powerful solutions to defend against cyber threats.
SANS Tysons Corner – NOVA 2024 (Tysons Corner, Virginia, USA, Feb 5 - 10, 2024) At SANS Tysons Corner-NOVA 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
SANS San Diego 2024 (San Diego (and virtual), California, USA, Feb 12 - 17, 2024) At SANS San Diego 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
Comments
Post a Comment
Please leave a comment about our recent post.