CyberWire Daily: Sanctions on Russian Hosting, AI Regulation Battles, and Data Lakes for SOC AI

International Sanctions and Cybercrime

• 🇺🇸 The US, UK, and Australia have imposed sanctions on Russian bulletproof hosting providers implicated in supporting ransomware gangs and cybercrime.
• 🎯 These providers lease infrastructure to threat actors, ignoring takedown requests and facilitating various malicious operations.
• ⚖️ Sanctions target Media Land and affiliated companies, with executives also facing penalties, freezing assets and imposing secondary sanctions.

AI Regulation and Surveillance Concerns

• 🏛️ The White House is reportedly preparing an executive order to direct the Justice Department to sue states over AI regulations, citing interference with interstate commerce.
• 🚗 US Border Patrol operates a surveillance program tracking millions of drivers, flagging suspicious travel patterns using license plate readers and algorithms.
• 🔍 Civil liberties experts express concerns over mass data collection and pattern analysis, raising Fourth Amendment issues.

Cybersecurity Enhancements and Threats

• 🔒 A bipartisan bill has been reintroduced to strengthen the SEC's cybersecurity posture by requiring modern data protection protocols and uniform policies.
• 📱 A new Android banking Trojan, Sternis, can capture content from end-to-end encrypted apps by reading decrypted messages from the device screen.
• 🇧🇷 A Brazil-focused banking Trojan, Eternidad Stealer, escalates cybercrime activity by spreading via WhatsApp and targeting financial and crypto apps.
• 🚨 A zero-day vulnerability in Fortinet's FortiWeb has been actively exploited, despite a medium CVSS rating, allowing authenticated attackers to execute OS commands.

AI in Security Operations Centers (SOC)

• 💡 Cliff Crosland of Scanner.dev discusses how security data lakes are ideal for AI in the SOC, enabling faster investigations and threat hunting.
• 🚀 Agentic AI workflows are increasingly being built on data lakes to speed up sec ops responsibilities, with humans remaining in the loop for oversight.
• ⚡ Query speed in data lakes is critical for AI agents to perform investigations quickly, with advancements in data engineering and formats like Apache Iceberg improving performance.
• 🤝 The combination of human intuition and AI capabilities leads to better outcomes in cybersecurity investigations, reducing both false positives and false negatives.
• 🛠️ AI can assist in tuning detection rules to reduce alert noise and improve the efficiency of SOC analysts, allowing them to focus on higher-leverage projects.

Insider Threats and Green Energy Hijacking

• ⚖️ A former Philippine mayor was sentenced to life imprisonment for human trafficking linked to a scam center.
• 💨 A technical manager at Nordex hijacked wind turbines for a blockchain side-hustle, siphoning energy for crypto mining, resulting in community service and damages.