In today’s cybersecurity news…
Feds derail Raptor Train
FBI Director Chris Wray said a joint operation last week took down a Chinese-state-sponsored botnet known as Flax Typhoon, in operation since at least May 2020. Researchers at Black Lotus Labs referred to it as Raptor Train. The group used a Mirai variant to hijack routers, IoT devices, and storage devices, conducting attacks against various organizations, including government agencies. The FBI noted that while many of the devices used in the botnet were end-of-life as expected, many likely still received vendor updates. After Flax Typhoon operators realized the Feds tracked them attempting to switch infrastructure they “essentially burned down” their operation. The US accounted for 48% of botnet devices with over 126,000 enrolled.
(Cyberscoop, Bleeping Computer)
Newmark creates Volunteer Network for Civil Cyber Defense
At the Aspen Cyber Summit, the titular founder of Craigslist, Craig Newmark, announced his philanthropic organization worked with CISA, the University of California, Berkeley, and the CyberPeace Institute to create the new Volunteer Network for Civi Cyber Defense. Newmark described the initiative as a way to bring “critical resources into communities that need a hand with cyber protection and resilience.” Craig Newmark Philanthropies will provide $1.2 million in funding, initially aiming to coordinate existing resources to high-risk communities. The Volunteer Network will operate as part of the programs under the Newmark Foundation’s Cyber Civil Defense Coalition.
US to host global AI safety summit
Back in May, US Commerce Secretary Gina Raimondo announced the launch of the International Network of AI Safety Institutes. This saw members agreeing to prioritize safety, innovation, and inclusivity, including Australia, Canada, the European Union, France, Japan, Kenya, South Korea, Singapore, Britain, and the United States. Now members will meet on November 20th in San Francisco to start technical collaboration on priority work areas, knowledge sharing, and other preliminary underpinnings. Raimondo said the goal of the meeting is to ensure the ongoing rules of the road for AI will be based on “safety, security, and trust.”
(Reuters)
Australian officials infiltrate encrypted messaging app
Australian police announced they infiltrated the encrypted messaging app Ghost, arresting its alleged administrator Jay Je Yoon Jung on charges including supporting a criminal organization. This follows a series of arrests related to the Ghost sting, with 38 suspects rounded up over the last four days across Canada, Ireland, and Italy. As part of his arrest, the police claim Jung developed Ghost specifically for criminal use. As part of a multi-year Europol-led global task force, Australian police were able to modify software updates for Ghost to allow for access to encrypted messages on infected devices. Australian police claim the infiltration prevented 50 people from serious harm since March.
(AP News)
Thanks to today’s episode sponsor, Conveyor
Conveyor is the market-leader in instant, generative AI answers to entire security questionnaires no matter the format they are in.
Yes, that’s right. Upload any file like excels, word docs and even PDFs for instant processing and tackle any portal-based questionnaire with a browser extension that auto-scrolls and fills in answers for you.
Try a free proof of concept today at www.conveyor.com.
DOJ charges Chinese national over alleged spearphishing operation
The individual, Song Wu, allegedly sent spearphishing emails to employees at the U.S. Air Force, Navy, Army, NASA, and the Federal Aviation Administration, as well as research universities in Georgia, Michigan, Massachusetts, Pennsylvania, Indiana, and Ohio. According to the Justice Department, Song worked for the Aviation Industry Corporation of China (AVIC), which is an aerospace and defense conglomerate owned by the Chinese government and headquartered in Beijing. The DOJ stated this multi-year campaign involved creating email accounts to impersonate U.S.-based researchers and engineers and “then used those accounts to obtain specialized restricted or proprietary software used for aerospace engineering and computational fluid dynamics, which could be used for industrial and military applications, such as development of advanced tactical missiles and aerodynamic design and assessment of weapons.”
CISA urges action on cross-site scripting vulnerabilities
The agency issued a joint Secure by Design alert with the FBI, urging organizations to eliminate this oldie but a goodie vulnerability. The alert said that while input sanitization techniques help prevent some XSS attacks, organizations should reinforce them with additional measures. There aren’t a lot of groundbreaking recommendations in the alert. CISA recommends using modern web frameworks that can distinguish between user input and application code, as well as conducting code reviews, and red teaming. Back in May CISA introduced a Secure by Design pledge, where signees commit to making a good-faith effort to seven goals around transparency and product security.
An argument for cyber deterrence
In an interview with Cyberscoop, US Ambassador-at-Large for Cyberspace and Digital Policy, Nate Fick, made the argument against the conventional wisdom that national deterrence measures don’t apply in cyberspace. He argued that cyber deterrence is increasingly important given the expansion of hybrid operations across foreign influence and physical warfare on display in Ukraine, Moldova, Poland, and Estonia. Fick also advocated for an expansion of a $50 million foreign aid fund for shoring up allied cyber defenses, saying those funds could “generate outsized foreign policy returns.”