0:00

Speaker: Welcome to Cybersecurity Today. This is the week in review for the week ending Friday, June 7th, 2024. I'm Howard Solomon, contributing reporter on cybersecurity for technewsday. com. With me this week is guest commentator David Shipley of Beauceron Security. We'll be talking about the data breaches at a cloud storage and analytics provider called Snowflake. Researchers at SEC Consult say the application has multiple vulnerabilities. The cloud version was patched in February. What's worrisome is that the vulnerabilities were identified and the vendor warned almost two years ago. When the FBI and other law enforcement agencies struck the LockBit ransomware gang in February, they got a bonus over 7, 000 keys that can unscramble the data that the gang encrypted.

0:02

The employee fell for the spoofed email that appeared to come from the union's investment manager. The message asked the union to change the bank it usually sent payments to. The account the money went to. was really controlled by a crook. The money allegedly was laundered and traced to seven accounts in Hong Kong, China, Singapore, and Nigeria. This gang has attracted some large former affiliates of the Alpha V Black Cat ransomware gang, which closed earlier this year. In another example of There's No Honor Among Thieves, The Chinese online shopping platform Pandabuy has admitted it was recently hit twice by the same extortion gang. The Chinese firm told the bleeping computer news site the first time it paid a ransom to prevent the stolen data from being leaked or sold on the dark web.

0:04

Speaker 3: I, nothing nothing work related. It is entirely been an amazing time with family and vacation and it's an absolute gem of a city. It's been fantastic. My I don't think my resting heart rate has improved this much in years. Australia's cybersecurity agency confirmed this saying it's aware of Successful compromises of several companies using Snowflake. At the same time, Ticketmaster acknowledged a huge data theft from an unnamed third party cloud database that it uses. Some news outlets think that it was Snowflake, although One cybersecurity researcher it spoke to it spoke to the supposed hackers and they said the data came from an AWS instance.

0:06

Snowflake does say that threat actors are leveraging stolen credentials and are targeting users that only use Single factor authentication. So David, it seems what we have here is blame those who aren't using multi factor authentication. Either way, this is not a milestone we particularly want to have for 2024 and I'm prepared today to call the year five months in as already significantly worse than 2023 because of this. When we think about UnitedHealth, MediSecure in Australia, London Drugs in Canada and so much more. All of this comes at a time when many companies have cut cybersecurity spending and staffing.

0:08

Now, Advance operates 4, 777 stores and 320 WorldPak branches and also serves 1, 152 independently owned CardQuest stores in the United States, Canada, Puerto Rico, the U. S. Virgin Islands. Mexico and various Caribbean islands. The stolen data allegedly includes 380 million customer profiles, name, email, phone address, and more 140 million, 140 million customer orders, 44 million loyalty gas card numbers that could hurt. The criminal user profile icon is a spider. Now that's hardly a smoking gun, but it's, I would say, arguably interesting circumstantial evidence. Nonetheless, I know this issue of teenagers getting involved in crime is a huge issue for global law enforcement and they're deeply worried about it. And they're trying to combat it.

0:10

According to the bleeping computer news service, a cybersecurity company claimed that it spoke to the threat actor who is taking credit for the Santander and Ticketmaster thefts through a Snowflake employee's account using stolen credentials. After Snowflake denied that an employee's account with access to customer data was hacked, the cybersecurity company withdrew its report. Speaker 2: One thing for sure, the Ticketmaster hack was huge. Data on over 500 million customers was copied. What does this say about this organization's preparations for a data theft?

0:12

And I think as companies rush to embrace generative AI and the temptations to be data pack rats continues to grow. And obviously I have strong feelings about questionable value of zombie data. We are actually going to see more of this. So as people data hoard, and they think that they can extract future value from the data and they put it in these platforms and running all this AI on it, they are also setting themselves up for a very bad day if they have a single point of failure. We're talking here about the Royal Canadian Mounted Police, the RCMP, which operates the new National Cybercrime Coordination Center, the Communications Security Establishment. Which is Canada's counterpart to the U. S. National Security Agency. And the CRTC, which is the broadcast regulator that's responsible for enforcing our anti spam legislation.

0:14

The RCMP, the Communications Security Establishment, and Public Safety Canada have discussed creating a single place for individuals to report cybercrime, but they haven't got past talking about it. Another problem. As of January, the RCMP was having trouble hiring cybersecurity investigators. David, what stood out to you in this report? I think the first damning insight from this report is the ball drop on a child sex exploitation case between the CRTC and the RCMP. And it's a perfect example of the CRTC needing to get out of this business. We need to wind down the CRTC's role in cybercrime, specifically the role it was given under the Canadian anti spam legislation and transfer it to the Canadian Center for Cybersecurity, which as a collaboration between CSC and the RCMP is better equipped to handle this.

0:16

The cyber center should be the single point of contact for Canadian businesses and individuals impacted by all forms of cyber attacks, whether it's destructive attacks, attacking critical infrastructure, criminal attacks with extortion or ransomware, espionage, or cyber enabled fraud. This would enable the proper funneling to appropriate agencies with better visibilities into the problem and data collection. For God's sakes, this is not rocket science. Australia has already done it. We need to set aside the past. What has been done and get serious about protecting our future and getting out of this miserable present state of affairs.

0:18

I know. That the RCMP care about these issues, but they are woefully and absolutely inadequately resourced to the escalating challenge. They face. Keep in mind that in the federal 2018 budget, the scale of cyber crime that was being reported in cyber enabled fraud was about 100 million dollars. Today it's $600 million reported. We are in a crisis. It's time to treat it that way, and we need to see the cyber story as part of a larger issue in this country around the strategic threat of cyber at the national security level, and alongside foreign interference and intensifying international conflict, the fact that we live in a much more hostile world.

0:20

federally. But setting aside the data side, I don't even think that's the biggest problem swamping police right now. With the inadequate level of resources that they have, and the fact that they just keep jumping from fire to fire, rather than having the ability to follow something through and really go at these gangs, which, you look at Genesis Market, takes years of consistent policing effort. A police department got a warrant to get its hands on that data for a criminal investigation, but rather than hand over the devices or the information that it had to police, the CRTC got permission of the owner to delete the data and then told the police department we no longer have the data that you want.

0:22

Speaker 2: One thing to make clear, this was not a report on the effectiveness of Canadian government agencies, such as the Canadian Centre for Cyber Security, on advising organizations and individuals on their roles in cyber attack prevention. One thing I have as a worry, as a deep concern that is not in the Auditor General report, because it only came through in the newly announced federal enterprise IT strategy cybersecurity strategy rather is that the federal government is going to place even more work on protecting Thank you.

0:24

The images are stored on each user's PC. And then employees can use AI to search the stored data. Terry Cutler and I discussed the pros and cons of this last week. But an article this week on Wired. com continues the debate. A security researcher found that on a test computer, restore stores its snapshot data. Two things to remember all tests so far have been done on non approved windows devices. Microsoft says that when efficiently launched recall will only run on PCs powered by snap dragon processors. And these PCs will also be branded co pilot plus. Microsoft is trying to work with Intel and AMD to get recall license for those machines.

0:26

Speaker 3: Absolutely. Andrew Cunningham wrote for a spot on opinion piece in Ars Technica that absolutely nails the core issue here. Here's the headline. Quote, Windows Recall demands an extraordinarily level of trust that Microsoft hasn't earned. Period. I agree. I'm frankly stunned that they've gone ahead and released this to the hype that they have. Wired's piece eviscerated, and I use that word purposefully, the marketing speak security assurances that have been provided. And what is likely the, the example you mentioned, the first of what will be many real world toolkits used by criminals and researchers. In this case, this one's called total recall.

0:28

Which is great when the threat model is someone getting access to your device and physically trying to get it off of the hard drive. But the data, no matter what, that's being stored here, and let's be really clear, it's being stored on the device. Has to be decrypted at various points to be processed and used. Speaker 2: well, Microsoft says, in addition to encryption, there's other protections, a user needs administrator privileges to access the recall data store and windows administrators can turn recall off.

0:30

Speaker 3: I think. Honestly, if they don't pull this feature soon, sooner or later, the US Congress or Senate, and they have some senators who are absolutely gunning for Microsoft right now, they're going to realize the risk this tool could pose to their political campaign machines and personal devices, which, by the way, are not managed by government, they're going to lose their minds.