Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency, joins “CBS Mornings” to discuss his new Masterclass and share ways people can protect themselves from online scams, identity theft and deepfakes.
#protect #scams #identity #theft
Google is filing a federal lawsuit against a network of foreign cybercriminals based in China that is accused of launching massive text-message phishing attacks, the tech giant told CBS News in an exclusive interview.
Google said the messages are part of a criminal network called “Lighthouse.” The texts look legitimate, often warning recipients of a “stuck package” or an “unpaid toll,” but they’re actually phishing or what’s called smishing — a type of phishing scam that uses text messages to try to trick recipients into revealing personal and sensitive information, such as passwords and credit card numbers, which are then stolen.
“These scammers ended up compromising anywhere from 15 [million] to 100 million potential credit cards within the U.S. and impacted, at our current estimates, over a million victims,” Google’s general counsel, Halimah DeLaine Prado, told CBS News.
DeLaine Prado said Google has filed what it calls a first-of-its-kind lawsuit under the RICO Act, which is typically used to take down organized crime rings.
The case targets unknown operators — listed as John Does 1 through 25 — who allegedly built a “phishing-as-a-service” platform to power mass text attacks.
DeLaine Prado said the lawsuit is not meant specifically to help victims recover any losses, but rather to serve as a “deterrent for future criminals to create similar enterprises.”
Google said it found more than 100 fake sites using its logo to trick people into handing over passwords or credit card numbers. According to its complaint, it estimates the group has stolen sensitive information linked to tens of millions of credit cards in the U.S. alone.
Kevin Gosschalk, the CEO of cybersecurity firm Arkose Labs, said that while recovering lost money is a challenge, lawsuits like Google’s could help disrupt scammers’ operations.
“It has an impact on the ecosystem,” Gosschalk told CBS News. He said that if there are three major players and you go after the big one and take it down, “then the other two start second-guessing, ‘Hey, should we be in this business, or should we get out of this business?'”
Google’s move appears aimed as much at setting a legal precedent as at seeking punishment — testing whether a 1970s racketeering law can be applied to a 21st-century digital crime.
Gosschalk said it will be very hard for Google to go after cybercriminals overseas since a lot of them also operate in countries like Cambodia, where there are limited extradition laws.
“But it does mean the individuals behind those things will not be able to travel to the U.S. in the future, so it does add extra risk,” Gosschalk said.
Users can avoid text scams by not clicking links or replying to unknown messages. On an iPhone, users can turn on “Filter Unknown Senders” and “Filter Junk.” On Android, enable Spam Protection and forward scam texts to 7726 (SPAM).
Note that those filters can also catch legitimate messages from numbers that are not in the phone’s contact list, so be sure to check the unknown senders or spam folder once in a while.
#Google #lawsuit #accuses #Chinabased #cybercriminals #massive #textmessage #phishing #scams
The Cybersecurity and Infrastructure Security Agency on Wednesday issued a sweeping emergency order directing all federal agencies to immediately patch critical vulnerabilities in certain devices and software made by F5, a technology vendor, after confirming a nation-state cyber actor gained unauthorized access to F5’s source code.
CISA — a part of the Department of Homeland Security that manages risks to the U.S.’s cyber and physical infrastructure — issued Emergency Directive 26-01 following the company’s disclosure that a foreign threat actor had maintained long-term, persistent access to its internal development and engineering environments using source code.
Officials warned that attackers could exploit the vulnerabilities to steal credentials, move laterally through networks, and potentially take full control of targeted systems. F5 said it first discovered the attack in August but did not disclose exactly when it began.
“This directive addresses an imminent risk,” Nick Anderson, CISA’s executive assistant director for cybersecurity, said during a news briefing Wednesday. “A nation-state actor could exploit these flaws to gain unauthorized access to embedded credentials and API keys. That’s an unacceptable risk to federal networks.”
F5 is a publicly traded American technology company headquartered in Seattle, Washington.
Earlier Wednesday, F5 disclosed the breach in a filing with the Securities and Exchange Commission.
In the SEC 8-K report, F5 said the Justice Department on Sept. 12 “determined that a delay in public disclosure was warranted.” It’s one of the first times a company has publicly acknowledged DOJ intervention under the SEC’s cybersecurity disclosure rules.
The rules were adopted in July 2023 and require companies to report cybersecurity incidents within four business days of determining that a material event has occurred.
“Under item 1.05(c), the Department may grant a delay after finding that a disclosure required by Item 1.05 would pose a substantial risk to national security or public safety,” a Department of Justice spokesperson told CBS News in a statement.
F5 CEO François Locoh-Donou signed the filing, which said the company learned of the attack on Aug. 9 and launched an investigation alongside cybersecurity firms CrowdStrike, Mandiant and others, with assistance from federal law enforcement and unnamed “government partners.”
“During the course of its investigation, the Company determined that the threat actor maintained long-term, persistent access to certain F5 systems, including the BIG-IP product development environment and engineering knowledge management platform,” F5 wrote in its filing.
CISA’s order directed federal civilian executive branch agencies — which include the Department of Justice, Department of State, Department of the Treasury and the Federal Trade Commission, among others — to inventory F5 BIG-IP products, which are application delivery and security services.
The federal agencies need to evaluate if their networks are accessible from the public internet, and apply newly released updates from F5 by Oct. 22, the emergency order stated. They must also complete scoping reports identifying affected devices by Oct. 29.
There are currently thousands of F5 devices in use across federal networks, Anderson told CBS News. The cybersecurity agency said it expects to know more about the scope of exposure by the end of the month.
CISA Acting Director Madhu Gottumukkala said in a statement that the agency remains “steadfast” in its mission to defend U.S. networks, even amid the ongoing government shutdown and the lapse of the Cybersecurity Information Sharing Act of 2015.
“The alarming ease with which these vulnerabilities can be exploited demands immediate and decisive action,” Gottumukkala said. “These same risks extend beyond federal systems — to any organization using this technology.”
Anderson confirmed that CISA is not aware of any current data breaches within federal agencies, though the directive is designed to uncover any potential compromises. He said the campaign appears to be part of a broader nation-state effort targeting elements of the U.S. technology supply chain, not just one vendor.
“The broader goal here is persistent access — to gather intelligence, hold infrastructure hostage, or position themselves for future attacks,” Anderson told CBS News during Wednesday’s briefing.
CISA declined to name the country behind the attack, citing ongoing investigations.
“The U.S. government is not making a public attribution at this time,” said Marcy McCarthy, CISA’s director of public affairs.
In a statement to CBS News, the head of threat intelligence for Unit 42, a team of cybersecurity experts and researchers at Palo Alto Networks, said the theft of F5 BIG-IP source code is “significant, as it potentially facilitates rapid exploitation of vulnerabilities.”
“Generally, if an attacker steals source code, it takes time to find exploitable issues,” Unit 42 Chief Technology Officer Michael Sikorski said. “In this case, they also stole information on undisclosed vulnerabilities that F5 was actively working to patch. This provides the ability for threat actors to exploit vulnerabilities that have no public patch, potentially increasing speed to exploit creation.”
Pressed on the government’s ability to respond amid furloughs and staffing reductions at CISA, Anderson acknowledged the agency’s challenges but said it remains operational.
“We’re sustaining essential functions and providing timely guidance like this to mitigate risk,” he said. “This is core mission work for CISA — exactly what we should be doing.”
Anderson also said the lapse of the Cybersecurity Information Sharing Act of 2015, a law that had governed federal-private sector cyber information sharing before sunsetting, did not delay coordination with F5 or impact the agency’s response.
While the directive applies only to federal agencies, CISA is strongly urging state, local and private sector organizations using F5 technologies to follow the same patching and mitigation steps. F5’s products, including its BIG-IP line, are widely used in both government and commercial networks to manage internet traffic and security.
#Cybersecurity #order #warns #imminent #risk #federal #agencies #breach