CyberWire Daily - Apache Struts patched. Dragonfly is in the power grid. Ransomware notes. Taringa breached. Cryptocurrencies in China and Russia. Signal stealing that's not SIGINT.
Episode Date: September 6, 2017In today's podcast we hear about a critical vulnerability in Apache Struts. It's been patched—enterprises are advised to apply it as soon as possible. Dragonfly poses a clear and present danger to... European and US power grids. Ransomware continues rampant. Latin American social media platform Taringa suffers a breach. Notes from the Intelligence and National Security Summit. Cryptocurrencies in China and Russia. Ben Yelin from UMD CHHS on the resignation of many of President Trump’s cyber security advisors. Guest is Tom Billington promoting the upcoming Billington Cybersecurity event. And say it ain't so, Joe—are the Red Sox stealing signals with an Apple Watch? Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. To learn about combining threat intelligence, analytics, and orchestration, check out ThreatConnect’s webinar. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
A critical vulnerability in Apache Struts has been patched.
Dragonfly poses a clear and present danger to European and U.S. power grids.
Ransomware continues rampant.
Latin America social media platform Taringa suffers a breach.
Notes from the Intelligence and National Security Summit.
Cryptocurrencies in China and Russia.
And say it ain't so, Joe.
Are the Red Sox stealing signals with an Apple Watch?
I'm Dave Bittner in Baltimore with your CyberWire summary for Wednesday, September 6, 2017.
Apache patched a major bug in its open-source Struts software yesterday. The vulnerability enables an attacker to execute remote code on affected servers, running applications using the REST plugin.
remote code on affected servers, running applications using the REST plugin. Apache Struts is very widely used, and the vulnerability discovered by researchers at LGTM is a serious one.
It's been assigned the identifier CVE-2017-9805. A majority of Fortune 500 companies, as well as
many government agencies, are affected. Vulnerable applications run from
online banking to airline booking systems, from the U.S. Internal Revenue Service to any number
of state departments of motor vehicles. It's a critical flaw, and organizations are being urged
to patch immediately. LGTM has a proof-of-concept exploit which it hasn't released, so by all means,
of concept exploit which it hasn't released. So by all means, patch.
There's a disturbing report out about a threat to the power grid. Symantec researchers warn that the Dragonfly threat group has been actively pursuing and has to some measure achieved
access to US and European power grid operational networks. According to Symantec, this means that
Dragonfly has no further hurdles to clear were it to decide to disrupt power distribution.
The effects would be similar to those Sandworm had on Ukraine's power grid,
but differences in approach suggest that Sandworm and Dragonfly are distinct actors.
There's no attribution yet. Both Russian and French text appears in the code, but that's consistent with
false flagging. Global imposter, SYNAC, Princess, and Locky ransomware continue to surge in the
wild. The best first defense against ransomware remains the tried-and-true practice of regular,
secure, offline backup of your files. Other DDoS-based extortion campaigns are hitting
some online gambling
sites, which of course are highly sensitive to service disruption.
Latin America social media service Turinga, described as Reddit-like, has sustained a
major breach. 28 million accounts have been compromised.
We have a stringer down at the Intelligence and National Security Summit in Washington, D.C. today and tomorrow.
Some interesting notes from the conference so far have touched on the U.S. intelligence community's engagement with the private sector
and on emerging U.S. cyber deterrence policy.
The USIC wants people to understand that it gets one big fact about industry and innovation.
It's not all in the U.S. and not even all in the other four of the five I's.
Don Myricks, deputy director of central intelligence for science and technology,
cautioned that we've encoded in our DNA that the U.S. is preeminent in technical innovation.
We've also encoded this in our laws and regulations, she added.
This post-World War II assumption is no longer true, and the government needs to rethink how it invests.
Anne Winblad, founding partner of Hummer-Winblad Venture Partners, offered an interesting fact.
The quarter that just closed, she said, is the first quarter ever in which more venture capital flowed to China than to the United States.
in which more venture capital flowed to China than to the United States.
The summit also heard from Tom Bossert,
assistant to the President for Homeland Security and Counterterrorism,
National Security Council, Executive Office of the President.
He talked about some of the essential elements of cyber deterrence.
What's needed, he explained, is a well-thought-out and generally accepted set of norms for conduct in cyberspace.
We also need reliable, high-confidence attribution of attacks.
And we need retaliation that's sure, proportionate, and revocable.
He said, significantly, that he thought such retaliation would probably not be cyber-retaliation.
Krebs on Security has a long profile on Marcus Hutchins,
the white-hat hacker the FBI arrested in Las Vegas.
Mr. Hutchins is, according to the profile, a complex man with a complicated history.
China has banned VPNs, and a man already convicted under the ban faces nine months in prison.
China has also banned initial coin offerings.
Russian communications minister Nikiforov has called for an indigenous cryptocurrency.
Bitcoin and Ethereum are based on, in his words, foreign cryptography and thus undesirable. He says the government is working with Ethereum to develop a homegrown cryptocurrency. Here's a tip for Mr.
working with Ethereum to develop a homegrown cryptocurrency.
Here's a tip for Mr. Nikiforov.
Russia's already got its own cryptocurrency, Voppercoin.
We talked about it on Friday.
If he'd care to do so, Mr. Nikiforov can stroll on over to the Burger King in the Arbat and supersize himself to financial security.
He'll also be able to enjoy some of that flame-broiled goodness.
Is that Vopper indigenous or foreign?
Who cares?
It's delicious.
Taking a quick look at our CyberWire event tracker
at thecyberwire.com slash events,
the Cybersecurity Summit is coming up in New York
on September 15th.
You can use code CyberWire50 for 50% off admission.
There'll also be a Cybersecurity Summit in Boston on November 8th. You can use code CYBERWIRE50 for 50% off admission. There will also be a Cybersecurity
Summit in Boston on November 8th. The Economic Alliance of Greater Baltimore is having a
breakfast event called Leading the Cyber Transformation. That's September 9th, 2017,
starting at 7.30 a.m. Maryland Cyber Day is coming up October 10th in Baltimore, Maryland.
You can learn more about that at mdcyber.com.
There's an event coming up in October called Networking the Future from the Florida Center
for Cybersecurity. That's their annual conference. You can find out more about these events at
thecyberwire.com slash events. And speaking of events, the Cyber Wire is proud to be a media
partner of the 8th Annual Billington Cybersecurity Summit coming up in Washington, D.C. on September
13th. Tom Billington heads up Billington Cybersecurity, and he's here to tell us about
the summit. The attacks are growing, whether they be WannaCry or Petra, and nation states across the
globe are becoming more active. We thought it was important to address both the proactive approach and the unprecedented times that we're living in
to be an overall focus. And obviously, we dive deeper throughout the full day.
We had the cybersecurity executive order from the president. That's one of the topics you're
going to be talking about? It certainly will. We will be kicking off the conference with the D&I director, Daniel Coates.
Then we will be focusing on the implementing the executive order from the perspective of five CISOs at DHS, HHS, Treasury, and Defense, who are responsible for the implementation of that
executive order in their agencies. And this year, you're even more than ever, you have an
international focus. Take us through what's the international angle here. I'm very excited that
this year we will have the UK Cybersecurity Ambassador, Conrad Prince,
and also the Australian Ambassador for Cyber Affairs, Dr. Toby Feakin. Those are obviously
two of the five Five Eye partners. Their perspectives are really critical because,
as we know, cybersecurity is a global issue, and our Five Eye partners in particular are crucial to our country's ability to enhance our cybersecurity in our own country and for our Five Eye partners.
So what about operationalizing cyber for the warfighter?
General Votel is a four-star commander for United States Central Command. He oversees
military operations in a variety of countries, including in Iraq and Afghanistan. He will be
attending to give the closing keynote and discussing cyber in the context of the warfighting domain.
And General Votel doesn't speak publicly often,
so we're very honored to have him speak at this conference in our nation's capital.
What's your hope? When someone attends this conference,
what kinds of things do you want them to walk away with?
Three things. One is a much better understanding of the cybersecurity executive order.
Second is a terrific networking.
And third is the understanding of what's around the block in trends.
What will the next threats be that might arise?
And how can all of us best address them.
That's Tom Billington. The 8th Annual Billington Cybersecurity Summit is coming up in Washington,
D.C. on September 13th. You can find out more about this event and learn how to list your
event on our CyberWire event tracker at thecyberwire.com slash events.
Finally, another Boston sports team seems to have been caught stealing signals.
Major League Baseball is said to have determined that the Red Sox were using an Apple Watch
to steal signals from the New York Yankees.
Allegedly, a guy out by the scoreboard was reading the catcher's signs, relaying them
to a team staff member's Apple Watch, from where they were in
turn relayed to the batter. The Red Sox say, well, you too, Yankees. They say the Bronx Bombers were
doing roughly the same thing, as if that makes it okay. This right back at you sounds fallacious to
us. Not, you'd understand, that this Baltimore show is carrying water for the New York Yankees.
During the New England Yankees.
During the New England Patriots' Deflategate scandal,
scientifically literate Baltimore Ravens fans greeted the New England club with Tom Brady jerseys emblazoned not with Mr. Brady's name,
but with the universal gas law, PV equals NRT.
If you have suggestions for a similar greeting to the Red Sox
the next time they visit Camden Yards, by all means, let us know.
Maybe DeMorgan's theorem or Bayes' theorem?
We welcome your suggestions.
In any case, we hope the Orioles hit an Avogadro's number of dingers against the Bo Sox the next time they meet.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology. Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents, winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now? Like, right now? We know
that real-time visibility is critical for security, but when it comes to our GRC programs,
we rely on point-in-time checks. But get this, more than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation
to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. darkly comedic look at motherhood and society's expectations, Academy Award-nominated Amy Adams stars as a passionate artist
who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel,
Night Bitch is a thought-provoking and wickedly humorous film
from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+. And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Thank you. Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
Joining me once again is Ben Yellen.
He's a senior law and policy analyst from the University of Maryland Center for Health and Homeland Security.
Ben had an article come by from The Independent, this news story about Donald Trump's cybersecurity advisors resign and their warning of insufficient attention to the growing threats. There was a whole group of
folks resigned from this committee. Bring us up to date here. Yeah, so it was a large portion of this
presidential task force on cybersecurity.
They wrote an extensive letter outlining all of the reasons they decided to leave the commission.
Now, some of them are cyber related.
They have problems with the speed and urgency of the president's efforts to combat cyber threats.
But they also talked about seemingly unrelated ideological problems.
talked about seemingly unrelated ideological problems.
I think since a lot of members of this council are prominent players in the private sector,
they don't want to be associated with a president making comments like the one that he made after the Charlottesville attack. They also mentioned his inattention to climate change,
citing the fact that he withdrew the United States from the Paris International Climate Agreement.
So there are specific cybersecurity reasons, but we also see broader ideological reasons
that some of these members don't want to be associated with this president.
It's interesting, you know, from the cybersecurity point of view, because I think in general,
President Trump's cybersecurity executive order received positive notes from both sides of the
aisle. Yeah, I think that's true to an extent. Obviously, some of these members objected to the
fact that President Trump hasn't focused on issues of election systems integrity. He has denied
Russian interference in our presidential election. But yeah, if this were solely about his attention to the narrowly defined
issues of cybersecurity, I don't think we would have seen these mass resignations. I think the
resignations are the result of a broader critique of the president's policies. So I think the
members who have quit this council are not doing so primarily because of narrow issues related to cybersecurity.
I think it's because of broader forces at play. And many of these folks were holdovers from the
Obama administration, yes? Exactly. So to be fair, I think this article mentions that three of the
members were Obama administration holdovers. Obviously, those members are going to have
major ideological differences with the president. And we've seen that in past administrations where you have some holdovers
on presidential commissions from previous administrations that were ideologically
different. And we maybe haven't seen this kind of mass resignation as we've seen, especially in the
wake of the Charlottesville incident. But we certainly see people leaving some of these boards
when they are forced to work with a president that they don't agree with ideologically.
I think the difference here is one of scale and one of publicity.
I mean, I think not just this commission,
but in a number of some of the business advisory commissions that the president has appointed,
you've seen members of the commission offer public rebukes and public critiques of the president's actions, not related to the narrow
policy issues of those commissions, but related to his performance of his duties at large. Yes,
some of it is normal ideological differences, but I think the difference here is in the scale of resignations.
Ben Yellen, thanks for joining us.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker, Thank you. and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, Thank you. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.