Daml’ers,
This episode has us quaking in our wellies. We’ve got the US president advising Russia that they need to fix their ransomware use, while he advises that you should be able to fix your own phone … and tract’r!
A new algo to help with your recommendations, AI that can say stuff bett’rn we can, and a new clampdown that will have you selling your DiDi and Baba shares faster than a jack rabbit in a foxes den.
We finish with a story that will keep you out of your car and down on the farm.
It’s all here, it’s all fresh and just like the crops, it’s just been rotated, so grab that horse and let’s go!
US: Support the Ex pres. Share your PII with the world by signing up for a New Gettr Account.
The Security issues of the ex-US president’s social media sites have been a theme of 2021:
First, an absurdly basic bug in Parler allowed all of its posts to be scraped in the hours before it was dropped by its hosting provider and went offline.
Then Gab was breached by hackers who stole and leaked 40 million of its posts, public and private.
Now a site called Gettr, launched by a former Trump staffer, has become a third, strong contender in the competition for the worst security among pro-Trump social media sites, as hackers managed to hijack high-profile accounts and scrape tens of thousands of users’ private data, including email addresses and birthdates—all within hours of its launch.
That scraping of private data appears to have been made possible by a leaky API—a problem pointed out by security professionals even before the site launched. In fact, many high-profile users of the site were also hacked more directly, by unknown means: Official accounts for far-right congresswoman Marjorie Taylor-Greene, former secretary of state Mike Pompeo, Steve Bannon, and even the site’s founder, former Trump staffer Jason Miller, were all hijacked by someone called “@JubaBaghdad.”
Trump, for his part, has so far refused to join the service—perhaps in part because of its security woes, or because the site has also been flooded with Sonic the Hedgehog porn.
So what’s the upshot for you? Does security matter at all in a world where anything can be true? And what’s this about Sonic?
US: Biden rings Putin on the matter of Ransomware
Rumor has it that Friday, US president Joe Biden gave his Russian counterpart, Vladimir Putin, a quick phone call. Biden pointed out that Russia has a responsibility to tamp down on cybercrime originating in its country. Biden also warned Putin that the US would reserve the right to take action if Moscow continued to be tolerant to ransomware gangs operating from within Russia.
Then Biden shared a list of 16 untouchable US critical infrastructure sectors, every attack against them carried out by these Russian gangs will trigger a severe response from the US. Those entities include energy, water, health care, emergency, chemical, nuclear, communications, government, defense, food, commercial facilities, IT, transportation, dams, manufacturing, and financial services.
So what’s the upshot for you? The Federal Security Service or FSB is a Russian internal security and counterintelligence service created in 1994 as one of the successor agencies of the Soviet-era KGB.
The US can’t confirm FSB involvement in the Kaseya attack, but it does feel like there could be some “alignment”, especially after the very mysterious Bitcoin ransomware recovery from the Colonial Oil pipeline compromise.
RU: Russia ‘Cozy Bear’ Breached GOP Just as the Ransomware Attack Hit Kaseya
Apparently, at some point after the president-to-president phone call, the hackers known as Cozy Bear, in the past linked with Russia’s foreign intelligence agency known as the SVR, breached the Republican National Committee (RNC), two people familiar with the matter told Bloomberg.
The RNC itself denied that it was hacked or that any information was stolen—but then admitted that an RNC technology provider, Synnex, was hacked.
So what’s the upshot for you? It’s not clear whether the incident has any connection to the ransomware-focused hack of Kaseya, which has been tied to the Russian cybercriminal operators known as REvil. But given that the SVR is tasked with stealthy intelligence collection on all manner of political and government targets, it’s perhaps no surprise that it targeted the Republican National Committee, just as it famously targeted the Democratic National Committee back in 2016.
Note that US president Biden is a Democrat.
US: If you own it, the U.S. president thinks you should be able to mend it yourself, privately.
In a fact sheet detailing the 72 initiatives from last Friday’s executive order, the White House calls out everything from tech mergers that affect user privacy to being able to fix your own tractor or phone.
The order announces an administration policy of greater scrutiny of tech mergers, especially by dominant internet platforms, with particular attention to the acquisition of nascent competitors, serial mergers, the accumulation of data, competition by “free” products, and the effect on user privacy.
The order also suggests that big tech platforms gather too much personal information: “Many of the large platforms’ business models have depended on the accumulation of extraordinary amounts of sensitive personal information and related data”, so the order encourages the FTC to establish rules on surveillance and the accumulation of data.
The being able to fix it yourself bit acknowledges that companies’ restrictions on “the distribution of parts, diagnostics, and repair tools” make repairs more expensive and time-consuming for the end-user. In the order, the Biden administration brands such restrictions by tech companies as “anticompetitive” and urges the FTC to force companies to allow their customers to use independent repair shops to fix the devices they own or allow them to perform repairs themselves.
The executive order is considered a significant win for right-to-repair advocates. Groups like the US Public Interest Research Groups and the repair-kit seller iFixit have argued for years that tech consumers and large equipment buyers should have better options for repairing their devices. As part of their arguments, right-to-repair groups have alleged that tech companies such as Apple and Microsoft, as well as farm equipment makers like John Deere and large medical device makers, have made it intentionally difficult for consumers to seek independent repairs, often forcing consumers to go back to the original manufacturers for fixes.
So what’s the upshot for you? This executive order seems to be full of good common sense suggestions for the consumer. Let’s see what happens as a result of this, oh and can we borrow your wrench?
US: Practicefirst rewriting the rules of Breach Notification?
https://www.practicefirstsecure.com/security-incident
Practicefirst Medical Management Solutions and PBS Medcode recently notified 1.2 million patients (yes this is July) that their data was accessed and stolen from its network, ahead of a ransomware attack deployed on Dec. 25, 2020.
Praticefirst is a medical management company tasked with data processing, billing, and coding services for health care providers.
The stolen information varied by the patient and could include names, contact details, dates of birth, Social Security numbers, driver’s license numbers, medical information, patient identification numbers, bank account details, credit card information, and employee usernames, passwords, and security questions and answers, among other sensitive data.
The notice does not explain the six-month delay in notifying patients. Under HIPAA, providers are required to inform patients of data breaches within 60 days of discovery and not at the close of an investigation.
Practicefirst officials said they negotiated the release of the data, with confirmation the data was destroyed and not shared. It’s important to note researchers assert there’s no guarantee hackers will actually adhere to promises made to victims around the return or deletion of data. Conti ransomware actors, in particular, have been known to falsify evidence provided to victims.
With its 1.2 million breach tally, the incident is now the fifth-largest health care data breach in 2021 so far.
So what’s the upshot for you? Not good. We expect to see this company get heavily fined for treating 6 months the same as 60 days. “How heavily fined” will provide some indication of what incentives the regulators wish to provide other companies that expose patient medical records.
Global: Consumer sampling Plus AI Equal BytePlus Recommend
ByteDance, the company behind TikTok, has launched a new division called BytePlus to sell platform services based on TikTok’s features. Of the six services offered, the most striking to us is ‘BytePlus Recommend,’ the artificial intelligence (AI) recommendation algorithm responsible for TikTok’s meteoric rise to the top of the social media digital entertainment landscape.
Unlike most social platforms with follow-and-feed content models, TikTok focuses on serendipitous discovery powered by its AI recommendation engine. After a user uploads a video, TikTok tests it on a small number of users and, depending on engagement statistics such as time watched, likes, comments, shares, and downloads, decides whether or not to push it to a broader audience. It repeats that cycle with larger groups until engagement peaks. As a result, in just five years, TikTok’s app has scaled to more than 1 billion users globally.
With BytePlus Recommend, entrepreneurs now will have access to this potent recommendation engine, the adoption of which could impact business success globally. According to the BytePlus website, after implementing BytePlus Recommend, for example, Singapore-based travel app Wego enjoyed a 40% increase in conversions.
So what’s the upshot for you? Interestingly, although they do not say that they store your data in China, (they initially say Singapore,) they do say this: We will retain your personal data for at least 5 (five) years following the termination of your Account or such other period as required under the Indonesian Personal Data Protection Regulations.
Oh and also: “We may store your personal data outside of the jurisdiction of Indonesia in which our servers or third-party cloud servers cooperating with us are located.”
US: “Call the union rep.” this Deep Learning AI thing Enunciates better than we do!
Improving quality has piqued the interest of a growing number of companies: Recent breakthroughs in deep learning have made it possible to replicate many of the subtleties of human speech. These voices pause and breathe in all the right places. They can change their style or emotion. You can spot the trick if they speak for too long, but in short audio clips, some have become indistinguishable from humans.
AI voices are also cheap, scalable, and easy to work with. Unlike a recording of a human voice actor, synthetic voices can also update their script in real-time, opening up new opportunities to personalize advertising.
Synthetic voices have been around for a while. But the old ones, including the voices of the original Siri and Alexa, simply glued together words and sounds to achieve a clunky, robotic effect. Getting them to sound any more natural was a laborious manual task.
Deep learning changed that. Voice developers no longer needed to dictate the exact pacing, pronunciation, or intonation of the generated speech. Instead, they could feed a few hours of audio into an algorithm and have the algorithm learn those patterns on its own.
AI voices have grown particularly popular among brands looking to maintain a consistent sound in millions of interactions with customers. With the ubiquity of smart speakers today, and the rise of automated customer service agents as well as digital assistants embedded in cars and smart devices, brands may need to produce upwards of a hundred hours of audio a month. But they also no longer want to use the generic voices offered by traditional text-to-speech technology—a trend that accelerated during the pandemic as more and more customers skipped in-store interactions to engage with companies virtually.
Whereas companies used to have to hire different voice actors for different markets—the Northeast versus Southern US, or France versus Mexico—some voice AI firms can manipulate the accent or switch the language of a single voice in different ways. This opens up the possibility of adapting ads on streaming platforms depending on who is listening, changing not just the characteristics of the voice but also the words being spoken. A beer ad could tell a listener to stop by a different pub depending on whether it’s playing in New York or Toronto, for example.
But there are limitations to how far AI can go. It’s still difficult to maintain the realism of a voice over the long stretches of time that might be required for an audiobook or podcast.
So what’s the upshot for you? If you have chosen the podcast to review this content, you probably just heard a large sigh of relief!
Global: How does REvil Operate? This man has studied them for 3 years.
https://unit42.paloaltonetworks.com/revil-threat-actors/
The man behind a new Unit 42 report John Martineau, is the principal consultant of Palo Alto Networks’ Unit 42 global threat intelligence team and has been studying REvil for years.
The methods chosen by the group to gain access to the target systems are depressingly simple," he said, “The most common methods are as simple as sending a phishing message or attempting to log in to Remote Desktop Protocol (RDP) servers using previously compromised credentials.”
Once inside; REvil attackers cement their access by creating new local and domain user accounts, install Cobalt Strike’s Beacon covert payload – a commercial product which apparently delivers a little too well on its promise to “model advanced attackers” for “threat emulation” – and disable antivirus, security services, and other protection systems. The impact is further expanded to other devices on the network, using “various open-source tools to gather intelligence on a victim environment.”
And because it could be a while before the attack is noticed – no surprise given how the group often exfiltrates gigabytes of data as part of its ransom approach. “REvil threat actors often encrypted the environment within seven days of the initial compromise,” Martineau commented. “However, in some instances, the threat actor(s) waited up to 23 days. They often used MEGASync software or navigated to the MEGASync website to exfiltrate archived data. In one instance, the threat actor used RCLONE to exfiltrate data.”
Unit 42 also observed common evasion techniques across all engagements in which REvil threat actors used [1-3] alphanumeric batch and Windows PowerShell scripts that stopped and disabled antivirus products, services related to Exchange, VEAAM, SQL, and EDR vendors, as well as enabling terminal server connections.
“For these services, REvil takes a percentage of the negotiated ransom price as their fee. Affiliates of REvil often use two approaches to persuade victims into paying up: they encrypt data so that organizations cannot access information, use critical computer systems or restore from backups, and they also steal data and threaten to post it on a leak site (a tactic known as double extortion).”
According to research carried out by Martineau and colleagues, REvil and its affiliates averaged $2.25m in payouts per breach over the first six months of 2021.
So what’s the upshot for you? We’d like to quote Jake Moore of ESET after he reviewed the report and the stats., “All attacks seem to involve a phishing email along the way”.
So the way in is always through one of us!
RU: Ransomware gang REvil’s websites become unreachable
Websites run by the ransomware gang REvil suddenly became unreachable today (Tuesday).
Ransomware gang websites can be unreliable, and it was unclear whether the site’s disappearance was a momentary fluke or whether the hackers had been taken offline.
Vanishing acts are common in the ransomware world, where gangs tend to disappear and rebrand when they begin attracting too much heat.
Both the group’s payment portal and its blog, which named and shamed their victims who refused to pay, were unreachable on Tuesday.
So what’s the upshot for you? When asked by a Reuters correspondent on Friday whether it would make sense to attack the Russian servers used in such intrusions, US President Joe Biden paused, smiled, and said: “Yes.”
Global: Great new site to Track where Ransomware Payments are Going.
Ransomware payments… it’s nearly impossible to understand their full impact, nor is it known whether taking certain decisions — such as paying the cybercriminals’ ransom demands — make a difference.
Jack Cable, a security architect now at Krebs Stamos Group who previously worked for the U.S. Cybersecurity and Infrastructure Agency (CISA), is looking to solve that problem with the launch of crowdsourced ransom payments tracking website, Ransomwhere.
“I was inspired to start Ransomwhere by Katie Nickels’s (she’s worked on incident response for nearly a decade for the U.S. Department of Defense) tweet that no one really knows the full impact of cybercrime, and especially ransomware,” Cable told TechCrunch. “After seeing that there’s currently no single place for public data on ransomware payments, and given that it’s not hard to track bitcoin transactions, I started hacking it together.” Since no such thing existed he set about creating one… and Ransomwhere was born.
To date, Ransomwhere has tracked over $56 million in ransomware payments. So far, Netwalker dominates the leaderboard with more than 520 payments made. That includes several payments of hundreds of Bitcoin — the two biggest converting to $7.4 and $8.6 million at today’s exchange rate.
The website keeps a running tally of ransoms paid out to cybercriminals in bitcoin, made possible thanks to the public record-keeping of transactions on the blockchain. As the site is crowdsourced, it incorporates data from self-reported incidents of ransomware attacks, which anyone can submit. However, in order to make sure all reports are legitimate, each submission is required to take a screenshot of the ransomware payment demand, and every case is reviewed manually by Cable himself before being made publicly available. If an approved report’s authenticity is later called into question, it will be removed from the database.
At the time of writing, the site is tracking a total of more than $32 million in ransom payments for 2021. The bulk of these payments have been made to the REvil, the Russia-linked ransomware gang that took credit for the JBS and Kaseya hacks. The group has racked up more than $11 million in ransom payments this year, according to Ransomwhere, an amount that could increase dramatically if its recent demands for $70 million as part of the Kaseya attack are met.
So what’s the upshot for you? Will it ever be possible to get the full picture? Perhaps with Bitcoin, but increasingly criminals are trending to Monero and that is nearly impossible to track.
CN: We have all yours, but we don’t think you should have ours…”
For years China has been quietly collecting personally identifiable information (PII) on pretty much everyone on the planet, through device data collection (fitness trackers, pregnancy tests, genetic testing, breaches, hacks, and public website scraping).
So when China’s cyberspace regulator said on Saturday any company with data for more than 1 million users must undergo a security review before listing its shares overseas, broadening a clampdown on its large “platform economy”, more than a few eyebrows were raised.
“The security review will put a focus on risks of data being affected, controlled or manipulated by foreign governments after overseas listings,” the Cyberspace Administration of China (CAC) said, posting the proposed rules on its website.
China’s cyberspace regulators are imposing tighter restrictions on data collection and data storage. Two new sets of rules, the Data Security Law and the Personal Information Protection Law, which cover data storage and data privacy respectively, are set to go into effect this year.
Saturday’s announcement will also require firms to submit the IPO materials they plan to file for review. The security review, according to the CAC, will consider national security risks as “risk of supply chain interruption due to political, diplomatic, trade and other factors,” and risk of key data “maliciously used by foreign governments after listing in foreign countries.”
So what’s the upshot for you? Could the next wars be genetic in nature? Sounds crazy right? But 70 years ago who thought we would be fighting wars over submarine cables? (See last week’s blog/podcast for more detail)
US: As drivers in the US tank up for their Summer Road Trip: States in the US with best and worst driving records.
Top of the best was Massachusetts with top of the worst Missippi. Second best Pennsylvania and 2nd worst Texas. But the shocker was that New York was 5th from the top in the best drivers list, and perhaps also that Florida drivers were only ranked 10th worst (something that is hard to believe if you have ever visited Florida).
So what’s the upshot for you? If you’d really like to prepare yourself (psychologically) for your next road trip, we have some other sites that might have you leaning more toward a staycation:
NHTSA Fatality and Injury Reporting System Tool (FIRST) Fatality and Injury Reporting System Tool (FIRST)
Arrests by State 2019 by the Federal Bureau of Investigation’s Uniform Crime Reporting (UCR) Program FBI — Table 69
Facts + Statistics: Uninsured motorists by the Insurance Information Institute. Facts + Statistics: Uninsured motorists | III
Google trends Google Trends
…and in the meantime, we’re canceling a couple of those Summer time-off requests.
That’s all for this week folks, be kind, stay secure, stay safe, and “heavens’ to Betsey… be careful on them thar roads”!
