CyberWire Daily - A junta shuts down a nation’s data networks. Lessons from multi-domain ops against ISIS? SilentFade returns. Iran’s surveillance actors. Data breaches large and small. Company towns returning?
Episode Date: February 8, 2021Myanmar blocks data networks. Notes on offensive cyber operations, from present and former Five Eyes officials. SilentFade seems to be back, with more ad fraud. Iranian cyber operators up their survei...llance game. Brazil’s big data breach remains under investigation. Company towns may make a return in Nevada. Rick Howard casts his gaze on the AWS cloud. We welcome Dinah Davis from Arctic Wolf as our newest industry partner. And why in the world are hackers interested in other people’s colonoscopies? For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/25 Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Myanmar blocks data networks,
notes on offensive cyber operations from present and former Five Eyes officials.
Silent Fade seems to be back with more ad fraud.
Iranian cyber operators up their surveillance game.
Brazil's big data breach remains under investigation.
Company towns may make a return to Nevada.
Rick Howard casts his gaze on the AWS cloud.
We welcome Dinah Davis from Arctic Wolf as our newest industry partner.
And why in the world are hackers interested in other people's colonoscopies?
From the CyberWire studios at DataTribe,
I'm Dave Bittner with your CyberWire summary for Monday, February 8th, 2021.
On Saturday, Myanmar's Ministry of Transport and Communications directed that all mobile operators serving the country block the nation's data network.
Voice and SMS services will remain available, TechCrunch reports.
The general interdiction of data services follows earlier decisions by the country's new military government to block first Facebook and then Instagram and Twitter.
to block first Facebook and then Instagram and Twitter.
The ruling junta has sought to tamp down opportunities for mobilization of dissent and opposition
since it took power in a coup last month.
The Grey Zone podcast yesterday featured an interview
with GCHQ Director Jeremy Fleming and General Sir Patrick Sanders,
head of the UK's Strategic Command, also responsible for military cyber operations,
in which they described Britain's cyber operations against ISIS.
British cyber forces disrupted the terrorist group's drone operations,
denied their operators mobile service, and interfered with online propaganda.
The campaign by Britain's National
Cyber Force, most active in 2016 and 2017, is, Sky News says, the UK's only publicly avowed
offensive cyber operation to date. The counter-propaganda influence operation is in some
ways the most interesting and intrusive of the efforts. Fleming is quoted as saying,
We prevented their propaganda both through physical actions on the battlefield,
but also remotely getting to their servers, getting to the places they stored their material.
The intrusion into ISIS networks extended to locking ISIS members out of accounts,
deleting or altering the group's information, and taking down online
posts and videos. General Saunders said, quote, we wanted to ensure that when they tried to
coordinate attacks on our forces, their devices didn't work, that they couldn't trust the orders
that were coming to them from their seniors, end quote. He added that deception and misdirection were important ways of degrading ISIS combat power.
Tactically, British cyber operators, said to have been working closely with allies, including the U.S.,
were able to block ISIS commanders' orders from reaching subordinates
and were also able to misdirect ISIS forces on the ground,
in some cases sending their units into kill zones.
ISIS forces on the ground, in some cases sending their units into kill zones. It was, General Sanders explained, a combined arms, multi-domain effort. The cyber operations didn't stand on their
own. He said, quote, we wanted to deceive them and to misdirect them, to make them less effective,
less cohesive, and sap their morale. But you can't just do that in cyberspace. You have to coordinate and integrate that
with activities that are going on on the ground,
whether it's from our own forces,
special forces, and others.
End quote.
Former Director of the U.S. Cybersecurity
and Infrastructure Security Agency, Chris Krebs,
drew some press attention over the weekend
with an interview he gave the Financial Times.
The headline in the media outlet Silicon is representative,
quote,
ex-U.S. cyber boss calls for military strikes on ransomware hackers, it says,
which suggests a brace of tomahawks prancing downtown to hit egregore extortionists
in their parents' basements,
or maybe the pre-dawn vertical
insertion of a ranger battalion to put paid to the Ragnar locker gang in whatever tacky
cybercafe they're using. But a close reading, or actually a pretty casual reading, of Krebs'
remarks indicates that he's pretty much closer in his thinking to GCHQ's Fleming than he is to, say, Curtis LeMay or George Patton.
His point is that ransomware is sufficiently destructive and costly to make it worth a
government's while to actively disrupt the gang's operations. Military cyber units like U.S. Cyber
Command and the U.K.'s National Cyber Force have disruptive capabilities law enforcement
organizations don't, and it might
be useful to think about how they might be used. If at all, there may be decisive legal objections
to doing so. On the other hand, there might be some legal models under which that kind of action
might be legitimately organized. What if ransomware actors could be treated like pirates, for example?
What if ransomware actors could be treated like pirates, for example?
New Post reports that Kaspersky has discerned new activity by the crew using the Silent Fade malware.
Silent Fade is an online ad fraud operation that Kaspersky has observed resurgent against victims in Asia and Europe.
They'll be worth watching.
The Silent Fade gang is thought to have been responsible for some $4 million in fraud against Facebook users in Europe. They'll be worth watching. The silent fade gang is thought to have been responsible for some $4 million in fraud against Facebook users in 2019.
Security firm Checkpoint's updates on Iranian cyber threat actors Domestic Kitten and Infi warns that both groups remain active, mostly against dissident targets.
Checkpoint calls them advanced and writes that they have a lot in common.
Quote,
Both groups have conducted long-running cyber attacks and intrusive surveillance campaigns,
which target both individuals' mobile devices and personal computers.
The operators of these campaigns are clearly active, responsive,
and constantly seeking new attack vectors and techniques to ensure the longevity of their operations.
Iranian dissidents, both at home and in the Iranian diaspora, are prime targets of surveillance,
as are ethnic Kurds, which Tehran regards with suspicion as an unreliable, probably separatist element.
Reuters reported this morning that Experian is investigating the large quantity
of personal information found in January, apparently for sale on the internet. The
data's provenance was and remains unclear, and Experian has been looking into whether the
information might have come from its Brazilian subsidiary, Sarasa. The data include photographs,
social security details, vehicle registrations,
and social media login details, none of which its subsidiary collects. Experian says it's been
unable to find evidence that its systems had been compromised and that the data breach doesn't
appear to have originated with Sarasa. Threat actors obtained and posted patient information from two medical
centers, one in Florida, the other in Texas. Patient names, dates of birth, letters to insurers,
and colonoscopy results were posted, but to what end is unclear. Leon Medical Centers in Miami
and Nakona General Hospital in Texas were affected by the incident. According to
NBC News, the hospital's data weren't locked up and the medical centers haven't received the
extortion demands one would expect in a ransomware attack. It's difficult to imagine that this is
simply a case of art for art's sake, but what's in it for the attackers? Surely not the lulls,
one would think, but what else it might have been remains obscure.
Always wanted to be a local politician, but you've always thought you'd like it better
if local government were run more like a business and so forth?
Hey, move to Nevada.
The U.S. state of Nevada, in a bid to foster economic development,
is considering the creation of innovation zones,
effectively alternative forms of local government.
Companies with large tracts of undeveloped land,
and there's no shortage of undeveloped land in Nevada,
would be able to organize local governments with authority to impose taxes,
form school districts and courts, and provide government services.
Effectively, they would be able to do the sorts of things a county government is able to do.
So, if you've got the right business, and the right business would be one of those
sexy high-tech kinds, IT, cyber, biotech, sustainable energy, and so on,
and if you're the happy owner of a lot of empty desert, then hey, bonanza.
It would be like being a Pennsylvania coal town in the 19th century,
a Disney town in Florida in the late 1960s, or in some ways a university today.
Question for businesses.
How attractive would providing basic services actually be?
Would it be worth the taxation and regulatory freedoms the arrangement might bring?
Word to the wise, check your water rights before you buy. It can get pretty dry out there.
Calling all sellers. Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents, winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more. GRC programs, we rely on point-in-time checks. But get this, more than 8,000 companies like
Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
And it is always my pleasure to welcome back to the show Rick Howard.
He is the CyberWire's Chief Security Officer and Chief Analyst.
Rick, it's great to have you back.
Hey, Dave.
So last week, you wrapped up a two-part miniseries that you did on Microsoft Azure
and how to deploy first principle strategies in that virtual environment.
This week, you are tackling Amazon AWS. Now that you
have looked into two of these massive cloud servers, cloud providers, were there any aha
moments, anything that popped out to you? Well, that's a great question. Before I started this
project, if I would have thought about it for more than two seconds, I would have anticipated
that all cloud providers have a shared vocabulary to describe, you know, the concepts of how these cloud services work.
But here's a but, and this is a big but. The ideas are similar, okay, but many of them have
slightly different names and offer little subtle differences in capability.
For instance?
Well, my favorite one, okay,
it's the first one that always comes to mind,
is this basic networking concept
that facilitates access to and from the internet.
Both Microsoft and Amazon use an old legacy networking trick
called Network Address Translation, or NAT, to pull it off.
You're familiar, right?
Yeah, yeah.
So Amazon calls its cloud version a NAT gateway,
but Microsoft calls its version a source network address translation,
or wait for it, SNAT, for short, which I love, okay?
And just for the record.
Because of course they do.
I know.
SNAT.
Yeah, okay.
So SNAT's become my favorite acronym of 2021.
Narrowly outpacing, by the way, my other favorites this year,
taint analysis and APT side hustle.
And if you're trying to understand what those words mean,
you should absolutely be subscribing to another one of our Cyber Wire podcasts
called Word Notes,
where we take five minutes to find the word, describe where it comes from, and my favorite part, we try to link it back to hacker culture. Yeah, well, my favorite word from Word Notes so
far is daemon, which is the Unix name for those little programs that pop up, perform a little
task, and then poof, they disappear again. Yeah, we published that one over the Christmas break,
and there is a fantastic hacker novel called Damon
written by Daniel Suarez that takes that idea to the extreme,
and I highly recommend it.
I can't wait for the movie to come out.
But for this week's CSO Perspectives podcast,
we're going to cover some basic cloud networking 101
for both Azure and AWS,
and then double down on how to
implement first principle strategies in AWS. All right. Well, it is the CSO Perspectives
Podcast. It is part of CyberWire Pro. You can learn all about that on our website,
thecyberwire.com. Rick Howard, thanks for joining us. Thank you. thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization
runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep
your company safe and compliant.
And it is my pleasure to welcome to the show Dinah Davis.
She is a VP of R&D at Arctic Wolf.
Dinah, it is great to have you back and to welcome you to be one of our new corporate partners.
Welcome back to the Cyber Wire.
Thank you. I am so pumped to be here.
This is going to be great fun.
Yeah, yeah. Well, let's get started as we always do when someone joins us this way.
Let's get to know you a little bit.
Can you take us through your professional journey?
Where'd you get your start and what led you to where you are today?
Yeah, so I actually started off thinking I was going to be a math teacher
because, you know, the counselor in the high school said,
you know, you're a woman and you're good at math.
We've noticed you're a woman.
Yeah, we've noticed you're a woman and you're good at math. We've noticed you're a woman. Yeah, we've noticed you're
a woman and you're good at math, so you should be a math teacher. And at 17, I was quite naive
about that and thought, okay, I guess that's what I should do. But quickly found when I went to
university to do that, that I enjoyed the mathematics far more than I enjoyed figuring
out how to interact with children. I do love children, but I think I loved math more.
And so I ended up going into the more math side.
And in my third year, finally took my first computing course
because I was putting it off.
All my friends in humanities said it was really hard.
And I realized in the first day I was like oh my
god this is the way I think this is amazing this is an actual real technical application real life
application of how my brain thinks this could be my job this is amazing um and so that's how I got
into computing and I started to take as many computing courses as possible.
And then I'm looking for a summer co-op program, which is what we call internships in Canada, except you get paid.
And we I saw a job posting for the Canadian government.
And it said somebody who's good at math like and can code.
I was like, hey, oh, hey, that's that's me that's me let's check this out and so i ended up working for the federal government and that was my first introduction
to cyber security and what i did was actually um evaluate help them evaluate the bluetooth
algorithm for aes because the new aes contest was on. Of course, I believe they ended up choosing Blowfish, right?
Where it had been triple-des. And so it turns out Bluetooth really not secure. We all know that now,
but great pairing tool. So, you know, aged myself there. But that's where I really got into this world of my goodness.
You know,
cryptography is this manifestation of mathematics combined with computer
science.
And this is like just the perfect meeting of all my worlds.
So I got,
I got a degree in from university of Waterloo,
a master's in cryptography, and ended up landing a job
at BlackBerry when there was less than a thousand employees and less than a million people using
BlackBerrys. And I was on the, we called it the crypto dev team. It was about five people
at the time. And that team grew huge as I was there. And we were the
team that was responsible for security in BlackBerry. And so it was an extremely exciting
job. It was the bleeding edge of mobile security. And it was an amazing ride to go on. Of course,
we all know how that story ends. But, you know, the eight years I was
there were pretty amazing. And after I left there, I was looking for that same experience again,
looking to be part of something really big, something, you know, that would hockey stick,
something that would be really cool like that. And I tried out a few places until five and a half years ago, I met
the co-founder of Arctic Wolf, was explaining to her what I wanted to do for my career. And she was
just like, oh, you should come work for me. And I was like, seriously? I thought she was joking.
And then I soon found out she doesn't joke. And at the end of the conversation, she was
like, oh, no, seriously, our CEO is in town from Silicon Valley. You need to come meet him.
And like three weeks later, I was the director of R&D at Arctic Wolf Networks running their R&D
team. And I've been there ever since, and we have been on an amazing
journey. And we have, I would say we are exceeding the BlackBerry, in my opinion,
experience for myself anyway. And I'm still in security, loving security,
and growing development teams, which is what I love to do.
And as you mentioned, I mean, you know, watching the growth of Arctic Wolf and the
rounds of investment that the company has received and the growth, I mean, it's not the small
company you joined just five or so years ago. No, there was like 34 people in the company when I
started and now we're over 700. Wow. Yeah, it's super crazy.
My development team was 15 people.
We're closer to 150 devs now.
Yeah.
You know, and there were some very tough years.
It was not all roses.
You know, like the first couple years,
I think we were a bit early for the market.
People didn't really realize how much they needed security monitoring
and then basically want to cry and not pitch a hit.
And everybody went, oh, yeah, we really do need that.
And it became a lot easier to sell.
Right, right, right.
All right.
Well, Dinah Davis, looking forward to what's to come in our ongoing discussions.
So happy to have you aboard.
Thanks for joining us.
Absolutely.
And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field,
sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Made in the USA.
Listen for us on your Alexa smart speaker too.
Don't forget to check out the Grumpy Old Geeks podcast where I contribute to a regular segment called Security Ha. I join Jason and Brian on their show for a lively discussion of the latest
security news every week. You can find Grumpy Old Geeks where all the fine podcasts are listed.
And check out the Recorded Future podcast, which I also host. The subject
there is threat intelligence. And every week we talk to interesting people about timely
cybersecurity topics. That's at recordedfuture.com slash podcast. The Cyber Wire podcast is proudly
produced in Maryland at the startup studios of Data Tribe, where they're co-building the next
generation of cybersecurity teams and technologies. Our amazing CyberWire team is Elliot Peltzman, Guru Prakash, Kelsey Bond, Tim Nodar, Joe Kerrigan,
Carol Terrio, Ben Yellen, Nick Vilecki, Gina Johnson, Bennett Moe, Chris Russell, John Petrick,
Jennifer Ivan, Rick Howard, Peter Kilby, and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow. Thank you. measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to
your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.