CyberWire Daily - Amid widespread unrest, Sudan shutters its Internet. A new PRC influence campaign targets US elections. Software supply chain security. And cybercrime in wartime.
Episode Date: October 26, 2022Sudan closes its Internet as the country sees protests on the first anniversary of a coup. A Chinese influence campaign targets US elections. A software supply chain security study, and a look at vuln...erability scanning tools. Documenting cyber war crimes in Ukraine. CISA issues eight ICS Advisories. Andrea Little Limbago from Interos on the effects of water scarcity on data centers. And if you’ll indulge us, we’ve got some pretty exciting CyberWire news. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/206 Selected reading. Internet is shut down in Sudan on anniversary of military coup (The Record by Recorded Future) Pro-PRC DRAGONBRIDGE Influence Campaign Leverages New TTPs to Aggressively Target U.S. Interests, Including Midterm Elections (Mandiant) Rezilion Vulnerability Scanner Benchmark Report Finds Top Scanners Only 73% Accurate (PR Newswire) Four in Five Software Supply Chains Exposed to Cyberattack in the Last 12 Months (BlackBerry) Ukraine Documenting Russian Hacks, Eyeing International Charges (Bloomberg) CISA Releases Eight Industrial Control Systems Advisories (CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Sudan closes its internet as the country sees protests on the first anniversary of a coup.
A Chinese influence campaign targets U.S. elections.
A software supply chain security study and a look at vulnerability scanning tools documenting cyber war crimes in Ukraine.
CISA issues eight ICS advisories.
Andrea Little-Limbago from Interos on the effects of water scarcity
on data centers.
And if you'll indulge us,
we've got some pretty exciting
CyberWire news.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Wednesday, October 26th, 2022.
On the first anniversary of the military coup that brought the current regime to power,
Sudan has shut down most of the country's internet access, the record reports.
The measure, likely to be temporary, comes as civil unrest spreads through the country,
according to Reuters, protesters number in the tens of thousands. Mandiant this morning
described what it characterizes as a pro-PRC influence campaign actively directed against
the U.S. midterm elections. The themes of the campaign are familiar and unconvincing stuff.
Mandiant calls it Dragon Bridge. The researchers outlined three of the themes. First,
claims that the China nexus threat group APT41 is instead a U.S. government-backed actor. Next,
aggressive attempts to discredit the U.S. democratic process, including attempts to
discourage Americans from voting in the 2022 U.S. midterm elections,
and allegations that the U.S. was responsible for the Nord Stream gas pipeline explosions.
Taken individually, it's sad stuff, but the opportunistic scattershot quality of the narratives,
coupled with new sophistication and impersonation, plagiarism and alteration of sources, and the
use of inauthentic persona to amplify messaging, suggests that the objective may be the more
attainable one of confusion than the heretofore more common Chinese aim of persuasion.
Resilient today released a report, the Vulnerability Scanner Benchmark,
detailing inaccuracies they've found across popular commercial and open-source scanning technologies.
Resilient found that in using six different popular vulnerability scanners,
only 73% of relevant results were returned out of all vulnerabilities that should have been detected.
Only 82% of the results were identified correctly and relevant.
Across the examined 20 containers from Docker Hub, over 450 high and critical severity
vulnerabilities were wrongly identified. On average, the scanners also missed more than 16
vulnerabilities per observed container. Resilient recommends ensuring that the scanner you choose matches your needs
and being aware of its capabilities and limits. They also advise that you don't blindly follow
the scanner's results, as the report showed misidentification. Also recommended was utilizing
a software bill of materials to validate the results of the scanner and gain visibility.
And in a distinct and independent but topically related study,
BlackBerry has released the results of a survey focused on supply chain software security
conducted by research firm Coleman Parks.
Surveyed were 1,500 IT decision makers and cybersecurity professionals
from North America, the United Kingdom, and Australia.
81% of those surveyed reported experiencing cyber attacks in the last 12 months,
with 29% indicating that they had been compromised via operating systems.
59% of respondents identified lack of skilled talent as the primary barrier to regular software inventories, with limited
visibility found to be the next greatest barrier. 68% of respondents also said that they would
welcome a tool to inventory software libraries, as visibility of software potentially impacted
by a vulnerability is difficult. 59% of those surveyed who had been notified of a software supply chain vulnerability
or attack were operationally compromised, while 57% experienced data loss. 62% of respondents
value speed of communication as the most important aspect of communication with stakeholders
when a vulnerability is discovered. The survey found that 68% of respondents are very confident
that their suppliers and partners have adequate cybersecurity regulations and compliance practices.
74% of those surveyed were in favor of greater governmental oversight
of open-source software to secure against cyber threats.
Ukraine and others have been engaged for some time in documenting war crimes
with a view to prosecution of those responsible. According to Bloomberg, Ukrainian authorities have
also been documenting Russian cyber attacks, also with a view to prosecution of those responsible.
These are perhaps best thought of as cyber crimes committed during wartime,
These are perhaps best thought of as cybercrimes committed during wartime,
especially given the still-fluid state of international norms concerning cyberwar.
Viktor Zora, chief digital transformation officer of Ukraine's Special Communications and Information Protection Service,
said his government was collecting evidence of malicious cyberactivity and sharing it with the International Criminal Court.
Zora said,
Our intention is to bring this to justice after the war,
and perhaps this will be the first prosecution of the first global cyber war and cyber crimes that were conducted with kinetic operations and war crimes in Ukraine.
Finally, yesterday, the U.S. Cybersecurity and Infrastructure Security Agency
issued eight industrial control system advisories. See the details on CISA's site,
and if you use the systems mentioned in dispatches, evaluate your implementations and patch as necessary.
After the break, Andrea Little-Limbago from Interos on the effects of water scarcity and data centers.
And I'm joined by Peter Kilby and Simone Petrella
with some exciting news about the CyberWire and CyberVista.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io. Thank you. a cyber learning and education company that I'm sure many of you know well, as well as the formation of a new parent company called N2K Networks.
Joining us to explain how this came to pass and what it means for all of us
are Peter Kilpie and Simone Petrella.
Peter, Simone, welcome.
Hey, Dave.
Hey.
Let me start with you, Peter.
So can you take us through the journey here?
This started with
looking to do an A round of fundraising and led us in a little bit of a different direction, right?
It did. Yeah. Thanks, Dave. First of all, it's really exciting to be on this side of the microphone
in six years of working for the Cyber Wire. I haven't had this chance to actually sit here
with you and talk. So this is a lot of fun. Yeah. I actually remember the day when you first came to my office and you were
looking at our newsletter and said, hey, Peter, this would make a great podcast. Right. And here
we are, 25 shows later, lots of newsletters attracting some of the most influential people
in cybersecurity. It's a really exciting time.
The growth we've had over the years turned us into a profitable company,
but we thought we had a lot more to offer.
So we wanted to grow.
We ended up starting that A round process, like you said.
And one of the A-listers that we were looking at for this round
was a company called Graham Holdings.
They have been part of the journeys
of many of the most iconic companies in audio, in media, and in education. And we had a great
conversation with them, and they were interested to invest in us. And they went back to their group
to think about what they wanted to do, came back to me and said, hey, we want to do this with you, but we have this
other idea. And they ended up introducing me to Simone and sharing what her company did.
I think what Graham saw was a path that we knew we were already on, which is news to knowledge.
I think we started to realize early on as a company that people weren't just listening to
the cyber wire for that situational awareness or to stay up on the news, but they were listening to learn. You know firsthand that
people are coming to us all the time saying, oh, you helped me get that job or, oh, you know,
I learned a lot about this new topic the other day or I'm transitioning to cyber and you really
helped me. Even some of the icons of our industry literally use us to help
them do their jobs better. And they could see Ramsaw that we were on that path and introduced
me to Simone, like I said, and we ended up having a really great like six hour deep dive conversation
and thought that this was going to work. Well, let me get your perspective, Simone. You are there minding your own business, running CyberVista,
a very successful company in its own right.
You were not out and about shopping for merger opportunities.
So how did this present itself to you?
Yeah, that's very true.
And I want to echo my thanks, Dave.
This is just such an exciting time to be part of this transition and this
evolution of both of our companies and into N2K networks. Yeah, I would say we're there
minding our own business and running a cybersecurity training and education company.
But one thing that we had always talked about in Cyber Vistas history was the challenge of
bridging the gap between what do you do when you work with a
company to train a workforce, upskill them into the role. And once they've kind of gotten those
initial skills, a lot of the learning by definition is often on the job. It's through absorbing the
current events and the threat landscape and staying up to date on what's happening on a
constantly rotating basis.
And so we've always been the purveyors and the providers of that evergreen underlying knowledge. And even in our own history, we have toyed around with trying to provide that kind of
newsletter-like content as an after component of our training. And we learned the lesson very
early on, That's an incredibly
difficult thing to maintain. You can't both build high quality content and delivery for training
and then also be a news provider or an information intelligence provider at the same time.
And so Graham Holdings, as our parent company from the get-go and a huge advocate for what we were doing in
the space, they understood that from the very beginning. And I think to echo Peter's point,
having a background in education companies and having a background in media, I think they saw
the power of what that combination could be. And, you know, I'm sitting there
minding my own business and I get the call, you might want to talk to this Peter guy.
Might go nowhere. It might be absolutely nothing, but it's at least worth an introduction and let's
see where it goes. And so I think that was kind of the beginning of, you know, what was this very long journey, including a six-hour meeting, to kick it off.
Yeah, it's just for our listeners.
I mean, it's been months in the making behind the scenes and lots of interesting discussions and planning meetings and all that sort of thing.
Peter, for our listeners, I'm sure some of them are thinking, what does this mean to
me? How is this going to affect my relationship with the CyberWire? Is everything going to run
as usual? Are things going to change? What can they expect? Great question. I think the listeners
and people who are users of the CyberWire today and CyberVista are going to get a whole lot more
of what they're used to. This opportunity gives us the ability to invest in the CyberWire, to grow it,
to invest in the learning tools and technologies that Simone's team is building.
Good way to look at it is Simone, as she takes the reins at the CyberWire,
she's going to be going deep into cyber. She has an incredible background. She knows this industry, not only from a workforce perspective, but from an intelligence perspective, from a technical perspective.
She's going to go deep, and we're going to make the CyberWire stronger than it ever has been before.
The CyberWire brand will always be there.
But we're also going to go long, and that's going to be my job, helping invest in the tools and technologies that will help take us into new markets, into new places, and deliver the kinds of content that we're going to need for the future.
Simone, what are you excited about?
What are you looking forward to?
I am so excited to get to think about creatively ways that we can invest in technology and our products in a way that augment each other.
creatively ways that we can invest in technology and our products in a way that augment each other.
And we've had so many conversations over the last few months around once we hit the ground running, what can we do when we think about providing just-in-time knowledge with education? How do
you start to combine audio elements with video and hands-on? So I think there is an entire
spectrum of modalities that we can really get creative with
and innovate on that will really change the way people consume content, at least today in the
cybersecurity industry. I think we can bring it up to par with the way people are consuming and
learning in a lot of other areas today. All right. Well, interesting times to come.
Lots of exciting things around here. And thank you both for coming in and sharing your perspectives. Peter Kilby and Simone Petrella, thanks so much for joining us.
And I'm pleased to welcome back to the show Andrea Little-Limbago.
She is Senior Vice President for Research and Analysis at Interos.
Andrea, it is always great to welcome you back.
I want to touch today on an interesting element that affects policy, which is the scarcity of water. I mean, we're seeing with climate change, rivers are drying up, weather is all over
the map, and turns out data centers need water.
Yeah, shocking.
Actually, shocking to probably no one that works within the data center community at
all.
But for people who may not have been paying as much attention and absolutely know that the impact of water scarcity and climate change on the human toll, obviously, is of most importance.
But when looking at broader implications as well, one that average people really don't think about all that much, and I think many companies don't think about as much, is the impact of water scarcity on their data centers and exactly where their data centers are located. And I think that over the last several months,
this issue has started to rise in prominence
because we're starting to see an actual real-world impact.
So it's moved from hypothetical to a reality
where if you look at the London heat wave,
both Google and Oracle had to shut down their data centers
during the unprecedented heat
wave that went on there. And then just over towards the end of summer, early fall, we're
seeing that with California's heat wave, Twitter had to shut down their data center in California.
And so we're seeing the real world consequences of the climate change and the heat waves causing
these shutdowns. And what that then leads to the natural progression on that is,
well, to keep them up and running, to keep them cool,
it requires hundreds of thousands of gallons,
if not millions of gallons, depending on the size of the data center,
to keep those data centers cool.
And if they're in areas that have significant water scarcity,
that's going to increasingly be a problem.
If they're in areas that are increasingly prone
to these kind of heat waves and have water scarcity,
that's just a perfect storm
for really causing enormous disruptions
across the global economy.
And data centers across the globe
really are the backbone of the digital economy.
And so it's one of those things
that isn't just going to impact a company here impact, you know, a company here and there.
It's going to increasingly impact a broader range of companies across the globe.
And so what are the considerations here as organizations decide where to put their data centers?
I mean, are they thinking we should put our new data centers somewhere where it's cold?
I think those are the conversations that I think are starting to happen now.
And perhaps more of the forward-looking organizations
have already been thinking about this a little bit.
But what we can see, we just did an analysis
just overlaying where data centers were
in areas that are really at extreme risk
of water scarcity over the next decade or so.
And at least 15% are in high to moderate risk
right now across the globe.
And that's a pretty substantial amount in extremely risky areas.
And as companies start thinking about the impact of climate change,
really, for the most part, they look at where the supply chain is,
are there major companies in those areas that might be hit by hurricanes
or forest fires or flooding.
One of the areas that may not be getting as much reflection
are where are their data centers
and are their data centers going to be especially prone
to these kind of activities?
And so that's the kind of consideration
that leadership across government and private sector
need to really start thinking about
is where is their data?
Where is it being stored?
The data centers, cloud infrastructure
provides so much technological innovation. At the same time, it also can be a vulnerability if it's
in these areas that are at really extreme risk. So they need to really start thinking about this
as part of their broader strategy for their global footprint. And how much of this comes down to
unexpected change? I mean, in other words, if I'm building a data center in Dubai,
I know it's going to be hot and I've built it to handle that from the outset. But it seems to me
like some of what's going on here, like you say, in England, you know, they weren't expecting,
you have unprecedented heat waves. And so they weren't engineered for this. The data centers
weren't built to take this kind of heat. Right. And we're still seeing data centers popping up in Arizona, for instance,
and relatively new ones, which makes me think that it still isn't as much of a consideration.
It becomes areas where, similar to everything, are there good tax breaks? Is the government
providing the labor and resources and whatever other kind of carrots to help incentivize a company to go there. Maybe if you have solar and wind power, then that
offsets the need for it to be cooler. Right, and that would be nice, but at least I haven't seen
much of that kind of discussion going on. It still really is, you know, still moving to some areas
that really are not looking like
they'll be great providers of water
in the foreseeable future.
So I think the risk calculus
is still looking very short-term
versus medium to long-term.
And what we're seeing, though,
I think this year has been unfortunately indicative of it,
is that these changes that we thought
were farther down the road are starting to come now.
And so what is considered far-term is really becoming near and medium-term,
but are still treated as far away.
So we haven't seen much like that.
I will say there are companies that are starting to acknowledge this challenge
and are starting to look for innovative ways to cool data centers.
And ideally, those kind of innovations can then transfer to dealing with water scarcity in a broader sense across the globe. There are some new research innovations
starting to emerge to address this problem. All right. Well, interesting stuff. Andrea
Little-Limbago, thanks for joining us. Thank you. can keep your company safe and compliant.
Clear your schedule for you time with a handcrafted espresso beverage from Starbucks.
Savor the new small and mighty Cortado.
Cozy up with the familiar flavors of pistachio
or shake up your mood with an iced brown sugar oat shaken espresso.
Whatever you choose, your espresso will be handcrafted with care at Starbucks.
And that's The Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com.
The Cyber Wire podcast is a production of N2K Networks, proudly produced in Maryland out of
the startup studios of DataTribe, where they're co-building the next generation of cybersecurity
teams and technologies. Our amazing Cyber Wire team is Elliot Peltzman, Trey Hester, Brandon Karp,
Eliana White, Puru Prakash, Liz Ervin, Rachel Gelfand, Tim Nodar, Joe Kerrigan, Carol Terrio, Thanks for listening.
We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights,
receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.