CyberWire Daily - A call-up of Russian reserves, and more notes on the IT Army's claimed hack of the Wagner Group. Netflix phishbait. The Rockstar Games and LastPass incidents. CISA releases eight ICS Advisories.
Episode Date: September 21, 2022It’s partial mobilization in Russia, and airline flights departing Russia are said to be sold out. Further notes on the IT Army's claimed hack of the Wagner Group. Leveraging Netflix for credential ...harvesting. Rockstar Games suffers a leak of new Grand Theft Auto footage. Ben Yelin has the latest on regulations targeting crypto. Our guest is Amy Williams from BlueVoyant discussing the value of feminine energy in the male dominated field of cybersecurity. CISA releases eight ICS Advisories. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/182 Selected reading. Russia moves toward annexing Ukraine regions in a major escalation (Washington Post) Four occupied Ukraine regions plan imminent ‘votes’ on joining Russia (the Guardian) Putin sets partial military call-up, won’t ‘bluff’ on nukes (AP NEWS) Putin announces partial military mobilization for Russian citizens (Axios) Pro-Ukraine Hacktivists Claim to Have Hacked Notorious Russian Mercenary Group (Vice) Fresh Phish: Netflix Bad Actors Go Behind the Scenes to Stage a Credential Harvesting Heist (INKY) Leveraging Netflix for credential harvesting. (CyberWire) Social Engineering: How A Teen Hacker Allegedly Managed To Breach Both Uber And Rockstar Games (Forbes) Rockstar Games suffers leak of new Grand Theft Auto footage. (CyberWire) LastPass source code breach – incident response report released (Naked Security) Notice of Recent Security Incident (The LastPass Blog) The LastPass incident. (CyberWire) Medtronic NGP 600 Series Insulin Pumps (CISA) Hitachi Energy PROMOD IV (CISA) Hitachi Energy AFF660/665 Series (CISA) Dataprobe iBoot-PDU (CISA) Host Engineering Communications Module (CISA) AutomationDirect DirectLOGIC with Ethernet (CISA) AutomationDirect DirectLOGIC with Serial Communication (CISA) MiCODUS MV720 GPS tracker (Update A) (CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
It's partial mobilization in Russia.
Further notes on the IT Army's claimed hack of the Wagner Group,
leveraging Netflix for credential harvesting.
Rockstar Games suffers a leak of new Grand Theft Auto footage.
Ben Yellen has the latest on regulations targeting crypto.
Our guest is Amy Williams from Blue Voyant,
discussing the value of feminine energy in the male-dominated field of cybersecurity.
And CISA releases eight ICS advisories. discussing the value of feminine energy in the male-dominated field of cybersecurity.
And CISA releases eight ICS advisories.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Wednesday, September 21st,
2022. This event belongs in the kinetic world, that is, it's happening in real life, but it has implications that will reverberate in hybrid warfare and, of course, in the form of disinformation. I'm speaking, of course,
of President Putin earlier this morning announcing what media describe as a partial mobilization,
a call-up of reservists. Rusty and aging as they may be, reservists constitute a pool of at least
relatively trained soldiers. Up to 300,000 may be recalled to active service, the AP reports.
Reuters reports heavy booking of airline flights out of Russia, and this, as Pravda used to say,
is no accident. Departures are said to have sold out within hours of the call-ups announcement,
and the preferred destinations are countries with permissive visa requirements.
Social media posts are also reporting traffic jams at the Finnish border, the last one open
in European Russia. The pictures look like California 101 northbound at rush hour,
right at the Ventura County line.
Of course, the scenery's not as nice.
The call-up came as Russia advanced plans to hold votes, regarded by essentially everyone as sham votes.
In those portions of Ukraine, it still holds.
The population will be invited to choose annexation by Russia,
which in Moscow's official view would make the occupied regions permanent organic parts of Russia.
One of the Kremlin's mouthpieces, Deputy Chairman of the Russian Security Council,
explained the thinking behind the Potemkin plebiscites, saying, The geopolitical transformation in the world will be irreversible once the referendums are held
and the new territories join Russia.
Encroachment into Russian territory is a crime, and if it is committed, that allows you to use
all possible force in self-defense. That is why these referendums are so feared in Kyiv and in
the West. That is why they need to be carried out. Returning to cyberspace proper, Ukraine's IT army is claiming to have personal
identifying information on the members of the Wagner Group, although so far it hasn't posted
any as a proof of hack. But there are other indications in the form of archived website
defacements that indeed the IT army has been fiddling with Wagner's online assets. The IT Army posted a link to an archived version of a Wagner Group site that's been defaced
to show pictures of Wagner Group dead beneath a Welcome to Ukraine message, stating,
All of your personal site data is with us.
Welcome to the Ukraine.
We are waiting for you.
Vice, which reports the defacements, also has a characterization of the Wagner Group
as a de facto, if deniable, arm of the Russian military,
effectively an umbrella term for a varied class of Russian government operations.
Inky this morning blogged about a phishing scheme that impersonates Netflix.
Researchers report that between August 21st and August 27th
of this year, Netflix customers were the target of a PII data harvesting campaign. The campaign
used a malicious HTML attachment compressed in a zip file. The campaign is noteworthy because it
shows that criminal social engineering is being conducted with greater polish, without some of the clumsy
diction and non-standard language that once made it easy to spot. The phishing emails targeted
Netflix customers and were spoofed to look as though they came from Netflix's actual domain.
The emails originated from a virtual private server in Germany and then moved to an abused
mail server from a Peruvian university,
which allowed the email to receive a DKIM pass and make it to the recipient.
Inky reminds users of best practices when it comes to unidentified emails.
They advise being cautious of zip file attachments, since there's no ability to preview them,
visiting a company's website directly to resolve an account issue, and
using the browser's address bar to hover over links and determine that you're on a website
instead of a local file.
They also note that SMTP servers should be set up so that they don't accept and forward
emails from non-local IP addresses to non-local mailboxes.
The AP and others have been reporting a network intrusion
at Rockstar Games, in which the company suffered the leak of some aspects of its new Grand Theft
Auto game, currently in early development. Someone claiming to be the hacker apparently posted 90
clips from the theft, and claimed also to have source code for the game, which they want to sell for
at least upwards of $10,000. The Video Games Chronicle reports that Rockstar has released
a public comment on its social media channels, noting that they were extremely disappointed that
details of the game were shared by the hacker, and they say that there will not be delays in
the project. The motive seems to have been extortion,
which is the sort of motive that might drive a Grand Theft Auto game plotline,
only in this case there seems to have been less slapping and curb stomping.
Rockstar said in a statement,
We are extremely disappointed to have had any details of our next game shared with you all in this way.
Our work on the next Grand Theft Auto game will continue as planned,
and we remain as committed as ever to delivering an experience to you, our players,
that truly exceeds your expectation.
We will update everyone again soon,
and of course, we'll properly introduce you to this game when it's ready.
We want to thank everyone for their ongoing support through this situation.
when it's ready. We want to thank everyone for their ongoing support through this situation.
LastPass has published an update on the security breach it sustained last month,
Naked Security reports. LastPass found no evidence that the attacker gained access to customer data.
The threat actor was able to steal some source code, but the company found no evidence of attempts of code poisoning or malicious code injection.
The mention of code poisoning is interesting insofar as it indicates that companies are thinking about this as a real possibility, which of course it is.
LastPass had this to say about what they found.
Our investigation determined that the threat actor gained access to the development environment using a developer's compromised endpoint.
While the method used for the initial endpoint compromise is inconclusive,
the threat actor utilized their persistent access to impersonate the developer
once the developer had successfully authenticated using multi-factor authentication.
And finally, the U.S. Cybersecurity and Infrastructure Security Agency yesterday issued eight industrial control system advisories.
See CISA's ICS site for details, and please do read them and heed them.
Coming up after the break, Ben Yellen has the latest on regulations targeting crypto.
Our guest, Amy Williams from Blue Voyant, discusses the value of feminine energy in the male-dominated field of cybersecurity.
Stick around. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this. More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals
to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
The Cyber Guild's Uniting Women in Cyber event is taking place on September 27th in McLean, Virginia.
The Cyber Wire is pleased to be a media partner for the event.
Dr. Amy Williams is Senior Director of Proactive Services at Blue Voyant,
and she's a panelist on a session titled Shining Your Light, Unlocking Your Own Potential.
panelist on a session titled Shining Your Light, Unlocking Your Own Potential. We spoke about the value of feminine energy in the historically macho field of cybersecurity. So for feminine energy,
typical positive feminine attributes are intuition, creativity, vision, a collaborative nature,
making decisions from your heart, and wanting to connect, those are more feminine energy attributes,
whereas positive masculine attributes are qualities such as A to B type reasoning or
more mathematical analysis. And I'm intentionally avoiding the word logic because the word logic is
charged with some negative connotations. A competitive spirit, being purpose-driven,
being strong-willed, all of those are masculine qualities.
And to have an effective cybersecurity program, you really need a balance of all of those things.
You can't have just a one-sided approach and be very effective.
And most people, if you asked them, you gave them this list of attributes, they'd say,
I'm a mix of those things.
I'm not purely and categorically feminine or masculine. And so,
I think when we talk about women versus men in cybersecurity, we're missing that nuance that
women don't all look the same and men don't all look the same. It's the feminine energy that needs
to be balanced with the masculine energy within everyone and certainly within teams in order to build an effective cyber program. So it strikes me that we have been making
some gains with just percentages of numbers of getting more women involved in cybersecurity,
but it's lagging particularly at the leadership level. For folks who are leaders, how do you
suggest that they make room for this, that they make sure that there's a space, that there's an opportunity to bring this energy to their organizations?
That's a great question, and there's some very nuanced, complex characteristics that come into the answer on that solution.
on that solution. One is that cybersecurity at the top is viewed as a cost center that we need to reduce and that we need to make sure that we have our assets covered, but that we don't spend
any more on it than we absolutely have to, instead of looking at cybersecurity as a strategic
initiative. So that keeps us minimalizing cybersecurity to begin with. If it can be understood universally that
cybersecurity is a holistic, strategic approach to managing the organization and ensuring that
there aren't any gaps in the protection of all of the assets, then that's going to open up not
only more funds, but a better understanding of what an effective cybersecurity
program takes. And an effective cybersecurity program requires that we have a complete,
inclusive inventory of our assets, that we have good communication across the organization of
what is allowed and what's not allowed, we also have to have those more,
you know, masculine attributes of network segmentation and, you know, a sim that analyzes
data and immediately responds. But, you know, just having MDR in place without having an effective,
well-built, well-designed architecture is not effective
because if you're only monitoring half of your network,
then you're not doing a very good job with cybersecurity.
So I think people in cybersecurity need to be more communicative with the executive suite
about what a holistic cybersecurity program is,
and then that will help us move in the right direction.
What are your recommendations for organizations who want to do a better job with this? I mean,
how do they take stock and establish what their own ground truth is?
Cybersecurity programs need to be funded better, and the executive team needs to understand better
what they need to include in order to have the most effective program.
And the reality is that it requires a broad range of skills.
And so being inclusive of a variety of different people with different skill sets into the program is critically important. I mean, one of the reasons why I love the Cyber Guild so much is because
they are dedicated to inclusivity of everyone. It's not, you know, if you read carefully on
their website what they talk about, they don't talk about, we're going to elevate this one group
of people who look a certain way. They're interested in championing inclusivity. And cybersecurity is a very complex, nuanced issue to tackle.
And we can't do it by having a one-size-fits-all set of people managing the cybersecurity program.
Any advice for women in particular of strategies for best taking their place?
strategies for best taking their place? I think that the best advice would be to align yourself with people who are going to have your best interest at heart. And sometimes that's
going to be other women and sometimes it's not, unfortunately. But I've always had the good
fortune to have good mentors. And sometimes they were women and sometimes they weren't, but you want to
be on the best team. You also want to know what your strengths are and play to those. And like
my background is math and computer science and all of that. And so it was difficult for me to,
I dressed like a man for the first, in my twenties. I wore a tie and a suit most of the time,
and it was just so I would look like everybody else
so that I would just be taken seriously for my brain.
And I used to feel bad about that,
but I don't feel bad about that anymore
because I did what I needed to do
to be seen the way that I wanted to be seen,
even though it was a little odd at the time.
So I would say that that's what you need to do.
If you are interested in
cybersecurity, but you haven't had a ton of programming and all of that, figure out what
it is that you are interested in and figure out a way to have a path forward and try to surround
yourself with people who will welcome you into the fold on that. That's Dr. Amy Williams from
Blue Voyant. The Cyber Guild's Uniting Women in Cyber event is coming up September 27th.
You can find more on our website, thecyberwire.com, in the events section.
And joining me once again is Ben Yellen.
He's from the University of Maryland Center for Health and Homeland Security and also my co-host over on the Caveat podcast.
Hello, Ben.
Hello, Dave.
So, interesting story came by in the past few days.
This is from the Washington Post article by Jeff Stein and Tori Neumeier.
And it's titled,
from the Washington Post article by Jeff Stein and Tori Neumeier, and it's titled,
Treasury Will Warn White House That Crypto Needs Major Regulations. What's going on here, Ben?
So the Biden administration has had its eyes on the threats that crypto poses to personal privacy, data privacy, data security, and also the economy writ large. President Biden released an executive order on digital currency, I think in 2021.
And now the Treasury Department is trying to effectuate some of what the president was
expressing by issuing those executive orders.
So the Treasury Department is planning on issuing four separate reports to make clear
that, quote, the Biden administration's top economic officials
believe crypto needs strong oversight as lawmakers weigh new rules for digital assets.
So there's a bunch of things happening here. One is, I think, because of the performance of the
stock market this year in particular, there's new concern about the economic danger of cryptocurrencies.
There's certainly some fraud risk they pose for investors
because there is a lack of oversight.
And I think investors were scared off
by the fact that cryptocurrencies lost so much value this year
that there's kind of doubt
about their long-term economic viability.
Right, once people start losing money,
oh, we need oversight.
Yeah, exactly. Please help us, government.
We're going to create this amazing currency that doesn't rely on traditional banks or government regulators.
And then everything goes to H-E double hockey sticks and they want the government to come in and help them.
Okay.
So, Treasury is saying that these cryptocurrencies don't pose a stability risk
to the broader financial system.
This is not housing in 2008.
But they think that
as crypto gains more of a foothold,
that situation could change.
And they focused on stable coins.
So,
those coins that are pegged
to the U.S. dollar.
They want Congress
to give banking regulators
new authority to police these digital tokens. dollar. Right. They want Congress to give banking regulators new authority
to police these digital tokens.
But Congress being Congress,
despite the collapse
of Stablecoin
and this year's
stock market,
have been unable
to agree on
how to provide
proper oversight.
There are a couple
of tertiary issues.
The sector itself,
so the actual industry
that controls crypto and their lobbying groups
want to establish regulation under the Commodity Futures Trading Commission.
And one of the reasons they want to do that is they think that the CFTC is going to be less
hostile to crypto interest than the Securities and Exchange Commission. So there's a big debate
going on in Congress behind the scenes
about which one of those agencies is going to get that type of regulatory power.
I think it's worth noting that Janet Yellen, the Treasury Secretary,
no relation, spelled differently,
is just very skeptical of cryptocurrencies and always has been.
So it's not a surprise that Treasury is putting out these warnings.
But I wonder if the warnings themselves will have a significant impact on,
A, the value of cryptocurrency,
and B, what happens in terms of congressional regulations.
Seems like this has been a long time coming.
I mean, that's my sense.
Yeah, I mean, we're more than a decade into this.
I think the CEOs in the industry have been preparing for some type of regulatory regime to emerge.
Right.
And they want to shape it in their, they want to mold it in their preferred way to minimize risk to themselves.
risk to themselves, but also if you're going to have oversight, make it something
where the government actually
can root out fraud and
protect against the backdrop
of the economic
house of cards falling down because
some cryptocurrency
goes off the deep end.
So I think they have been,
regulators at least, have been considering how to
deal with this new animal
and they've been doing it in a this new animal. And they've been
doing it in a variety of ways. And it's not just Treasury. I mean, every agency within the
government has had to deal with cryptocurrency one way or another because it is a national
security issue. There were sanctions on a crypto company that was doing business primarily with
North Korea. So that comes into play. It affects our foreign policy.
And then something like tax enforcement with the IRS.
That was the big issue for the first several years
is how to categorize income from cryptocurrency.
So that's obviously been a debate that's been ongoing as well.
And I think we'll continue to see that until Congress steps in.
And knowing Congress, there's no guarantee that that's going to happen in the short term.
It's interesting to me how, and help me if my perception is correct here or not,
that with a situation like this where when things are riding high,
when everybody's making money hand over fist,
there's this notion of just leave us alone. Don't interfere with this
tremendous success that we're all enjoying, right? Right. Right. But that would be the perfect time
to talk about this, to put, rather than taking that opportunity when everybody's happy,
doing well, to say, what are some smart regulations or oversight or whatever we can put
in here? No, no, no, no. Don't, government, stay out of this. But then when things get bad.
Bubbles never burst. You just have to be aware that.
I know. I'm sure there are people out there listening to me, listening right now who are
saying, oh, Dave, you're so adorable. Like, you're oversimplified ideas of how all this works. And I will absolutely take the hit on that.
Me too.
But we've seen these too good to be true
types of things in the past.
Right.
Like cheap housing
to people who couldn't afford to pay mortgages.
Right.
It was that too was a financial instrument
that benefited a lot of people.
It seemed like it was free lunch money,
and then the whole house of cards collapsed because it wasn't actually pegged to anything
particularly secure. I'm not a financial expert. So maybe we should include that as a disclaimer.
This is not investment advice. But I think...
Dare I say a caveat.
Exactly.
That's a nice plug for our show there.
But I do think this is something where, yeah, you want
Congress and regulators to step in
before it becomes
a threat to the stability of the economy
and the nationwide economy.
Yeah, fair enough.
All right, well, Ben Yellen, thanks for joining us.
Thank you.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions
designed to give you total control,
stopping unauthorized applications,
securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a
default-deny approach can keep your company safe and compliant.
And that's The Cyber Wire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
The Cyber Wire podcast is proudly produced in Maryland
out of the startup studios of DataTribe,
where they're co-building the next generation
of cybersecurity teams and technologies.
Our amazing Cyber Wire team is Elliot Peltzman,
Trey Hester, Brandon Karp, Eliana White, Our amazing CyberWire team is Thanks for listening.
We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights,
receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo
is easy. Learn more at ai.domo.com. That's ai.domo.com.