CyberWire Daily - Big big DDoS. Evolving malware families. (More) privacy by default. A superseding indictment in the US case against Julian Assange. The EU reviews two years of GDPR.
Episode Date: June 25, 2020Akamai’s report on the record-setting DDoS attack it stopped this week. Glupteba GLOOP-tib-yeh and Lucifer malware strains described. Apple and Google move their defaults in the direction of greater... privacy. The US designates Huawei and Hikvision as controlled by China’s military. A superseding indictment in Julian Assange’s case. The EU looks at GDPR and likes what it sees. REvil gets ready to sell stolen data. David Dufour from Webroot with tips on navigating new workplace realities. Our guest is David Sanger, author of The Perfect Weapon - War, Sabotage, and Fear in the Cyber Age. And the Navy recruiting campaign that wasn’t. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/123 Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents, winning with purpose, and showing
the world what AI was meant to be.
Let's create the agent-first
future together. Head to
salesforce.com slash careers
to learn more.
Your business
needs AI solutions that are
not only ambitious, but also practical
and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to
your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.
Akamai's report on the record-setting DDoS attack, it stopped this week. Thank you. preceding indictment in Julian Assange's case. The EU looks at GDPR and likes what it sees.
Our Evil gets ready to sell stolen data. David DeFore from Webroot with tips on navigating new
workplace realities. Our guest is David Sanger, author of The Perfect Weapon, War, Sabotage,
and Fear in the Cyber Age. A lot of Daves on today's show. And the Navy recruiting campaign that wasn't.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Thursday,
June 25th, 2020. Akamai has published an account of the very large distributed denial of service attack against an unnamed European bank it stopped earlier this week.
The attack generated 809 million packets per second.
In terms of packets per second, Akamai believes this is a record.
The attacker's motivation is unclear, but whoever was behind it had a large botnet.
Most of its bots, over 96%, were observed for the first time in this incident.
Assessing the size of a distributed denial-of-service attack is not necessarily a straightforward matter.
Akamai expressed its estimate of this most recent attack size in terms of packets per second.
You'll also see the size of DDoS attacks expressed in bits per second.
What's the difference?
Well, Akamai explains it this way.
Imagine a grocery store checkout. A high-bandwidth attack measured in BPS is like a thousand people
showing up in line, each one with a full cart ready to check out. However, a PPS-based attack
is more like a million people showing up, each to buy a pack of gum. In both cases,
the final result is a service or network that cannot handle the traffic thrown at it. Sophos has observed a new
member of the Glooptibia malware family. It's stealthy and evasive, and it not only collects
a great deal of information from victim machines, but it's also being used to drop cryptocurrency miners and browser
stealers.
Its name can be rendered into English, roughly, as, you dummy.
Palo Alto Networks describes Lucifer hybrid malware with both cryptojacking and DDoS functionality.
Lucifer begins by scanning for OpenTCP ports, then either credential stuffs or brute forces
its way in.
Once there, it drops the Monero miner XM rig and establishes a connection with the command
and control server.
Patches are available for all the exploits Lucifer uses, at least 10 of them, and users
should apply them.
Both Apple and Google are moving their defaults toward greater privacy.
Google yesterday announced changes to its default data handling practices.
The Verge describes the new defaults as representing a compromise between privacy and the data it collects for ad targeting, Google's bread and butter.
The changes affect search history, both on-web and in-app, location history, and voice commands given to google assistant or google home this data
available for user inspection in the my activity page had been retained indefinitely although last
year google gave users the option of setting their systems to delete the information after either
three or 18 months depending on their preference the change announced yesterday makes an 18-month auto-delete the default.
Location history is now off by default, although users will have the option of turning it on
should they wish to do so.
YouTube, owned by the Mountain View tech giant, will default to a three-year auto-delete,
the better to serve YouTube's recommendation algorithms.
These changes affect new users only.
Existing users will still have the option of opting for auto-deletion,
and Google intends to promote that option heavily.
The keynote at Apple's Worldwide Developers Conference,
for which MacRumors published a transcript,
said that iOS 14 would feature significantly enhanced privacy protections.
Henceforth, according to Naked Security, users will be given the app-by-app option of choosing to allow tracking or ask app not to track.
As a condition of using Apple's IDFA mobile advertising tool, app developers will have to seek consent from iOS device users in order for third parties, aka app monetization partners, to access their
data, Adweek explains, adding, this in effect makes IDFA an opt-in feature for users and
advertisers will no longer be able to target them by default. The U.S. Department of Defense has
designated Huawei and Hikvision, among other firms, as companies owned or controlled by China's military,
Reuters reports. The designation in itself triggers no sanctions, but it can lay the
groundwork for more restrictions on the companies named. The U.S. Justice Department has issued a
superseding indictment of WikiLeaks impresario Julian Assange. It doesn't add charges to the
18 counts Mr. Assange already faces,
but it does broaden the scope of the conspiracy surrounding alleged computer intrusions
with which Assange was previously charged.
He's alleged in the new indictment to have conspired with LulzSec and Anonymous.
The European Commission yesterday released its assessment of the first two years of GDPR.
It's positive,
but the commission would like to see more vigorous enforcement.
According to the Register, the R-Evil ransomware gang is preparing to put at least some of the
celebrity information it says it took from Lawyers to the Stars, Grubman, Shire, Masalis, and Sachs,
back in May, online. The data, which Variety said at the time the gang had offered
to sell back to Grubman for $42 million, is said by R-Evil in their Shadow Broker-esque dialect
to contain big money and social manipulation, mud lurking behind the scenes in sexual scandals,
drugs, and treachery, and bribery by a Democratical party. No one's really sure what they've got,
but the consensus is that the gang's got some of what it claims to have. The first tranche of mud
lurking behind the scenes is supposed to involve just three of the celebrities, singers Mariah
Carey and Nicki Minaj and LeBron James. Our Evil says the bidding will open on July 1st.
LeBron James. Our Evil says the bidding will open on July 1st. And finally, maybe you heard from a friend that the United States Navy was posting recruiting messages to a well-known adult site.
And maybe you thought to yourself, hey, good idea. What better place to find potential sailors?
Bravo Zulu, USN. We hasten to add that the well-known adult site is well-known to other people, not to you or to us.
Well, task and purpose has dashed cold water on the story.
There were some messages that looked like recruiting messages, but they were just spoofs.
Navy spokeswoman Lieutenant Commander Megan Isaac said,
The social media account discussed on the podcast is a fraudulent account
with no official connection to the Navy.
As a matter of policy, Navy recruiters are not authorized to recruit on pornographic websites.
It's difficult not to notice that Lieutenant Commander Isaac's statement
technically doesn't rule out an unofficial connection,
but we doubt there's one of those either.
And the Naval Criminal Investigative
Service, the actual NCIS, not the television franchise, has asked the adult side in question
to take down the content. Suggestion to NCIS, if they're looking for the spoofer's hidden hand,
tell it to the Marines.
screens. Our celebration of Cybersecurity Canon Week continues, and today CyberWire Chief Analyst Rick Howard speaks with David Sanger, author of The Perfect Weapon, War, Sabotage, and Fear
in the Cyber Age. David Sanger, welcome to the show. Great to be with you, Rick.
cyber age. David Sanger, welcome to the show. Great to be with you, Rick. Why did you write the book, David? Well, Rick, you know, I cover cyber-related issues and particularly state-on-state
cyber conflict issues and have for, oh, a decade and a half as part of my national security
portfolio with the New York Times. And I felt as if we were heading into a new era of
conflict where people saw this blitz of headlines, whether it was, you know, some Chinese group that
just got your medical health records or just got into the Office of Personnel Management's records
about people who hold security clearances, or you read about the
Sony hack, or about Stuxnet, a story that I broke a lot of the details about. But they hadn't tied
it all together. And I kept running into people who understood we were going into a new age
and really didn't have any sense of what that would mean to us strategically.
And so, you know, I went back and I reread some
books that I had read as an undergraduate, including Henry Kissinger's Nuclear Weapons
and Foreign Policy, which was a book written in 1957 about how nuclear weapons were changing the
way Americans should think about national security policy. And I even went to talk to Kissinger and he said to me at
one point, you know, David, cyber is so much more complicated than this because, of course,
he said, you know, in our day, we only had to deal with one player, you know, the Russians
or then the Soviets. And then, of course, later on, they had to go, you know, spread that out
and deal with China and North Korea, Iran, India, Pakistan.
But it was a relatively small group.
But in cyber, of course, it's everyone.
It's states, it's criminals, it's terrorists, it's teenagers, right?
And sorting out a different strategy for each of them makes this far more complicated.
for each of them makes this far more complicated. The Perfect Weapon is not a book for people who are interested in how to set up defenses or how to code this. It is a book about how to think about
a new era in American national security, one that is forever changed by the introduction of a weapon that enables small
states to balance their power with large ones and that enables large ones to go do via cyber
something that previously they could only do by bombing another country or sending in saboteurs.
So the book is The Perfect Weapon, War, Sabotage, and Fear in the Cyber Age.
It is the first book I recommend to anybody that is interested in cybersecurity,
and it is now officially inducted into the Cybersecurity Canon Hall of Fame.
Congratulations, David, and thanks for being on the show.
Thank you, Rick. We'll be right back. The only investigating I'm doing these days is who shit their pants. Killer message to you yesterday?
This is so dangerous. I got to get out of this.
Based on a true story.
New season Mondays at 9 Eastern and Pacific.
Only on W.
Stream on Stack TV.
And now a message from our sponsor Zscaler, the leader in cloud security.
Enterprises have spent billions of dollars on firewalls and VPNs,
yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools. It's time to rethink
your security. Zscaler Zero Trust plus AI stops attackers by hiding your attack surface, making
apps and IPs invisible, eliminating lateral movement, connecting users only to specific apps,
not the entire network, continuously verifying every request based on identity and context, Thank you. organization with Zscaler Zero Trust and AI. Learn more at zscaler.com slash security.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up,
they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done.
Take control of your data and keep your private life private
by signing up for Delete.me.
Now at a special discount for our listeners.
Today, get 20% off your Delete.me plan
when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k, code n2k.
And joining me once again is David DeFore.
He's the Vice President of Cybersecurity and Engineering at Webroot, an open text company.
David, always great to have you back. You and I spoke previously about some of the things that you think are coming down the pike
when it comes to organizations dealing with work and some of the changes we're going to see in this post-pandemic
time. I want to come at it from a slightly different direction this time and talk about
the workers themselves, the folks who have adjusted to this from the workforce point of
view, those of us who are getting the job done every day. What sort of changes do you think
we're going to see for those people? Well, you know, David, first of all,
always great to be here. I love having these conversations. You know, a lot of, as people
are working at home more from a network computer security perspective, all of a sudden people are
used to coming in the office. Even remote workers typically would come in once, maybe twice a week, plug their computer in, they'd make sure they had antivirus updates,
any patches were applied. All of a sudden, poof, that's gone. That ability for the folks
who control your infrastructure to do that is all but gone because who knows how you're connecting
to the network back at the office or even, you know, getting your emails, et cetera.
And so what's really happening from a purely technical perspective, never mind the business process side of it, is not only are we trying to do our regular jobs, we've now become IT
support for our internal home network, but we're also that perimeter defense for the
corporation and the corporate environment as well.
Yeah.
I mean, that's interesting because it seems like to me there's also a bit of a privacy
issue here as well, where I don't know that I necessarily want, you know, the folks from
IT stopping by the house to evaluate and adjust, you know, all of my router settings in my
living room.
That's exactly right. And I think if they show up with coffee at your house, you're going to of my router settings in my living room. That's exactly right.
And I think if they show up with coffee at your house,
you're going to let anybody in to do anything.
True, true.
Or certainly pizza.
Yeah, that would do it.
I forgot that one.
But for sure, it becomes a question of, you know,
I'm working on this device, but I bought it.
I'm connecting to my job.
My job just told me I have to work from home.
Who really is managing that infrastructure? And, you know, that becomes a discussion that needs to
be had, negotiated. And I think we're going to see, you know, before you'd come in, you'd start a job,
you'd sign the piece of paper that said you won't browse the bad websites on your work computer.
Well, you can't do that. So some policies are going to have to change as well
from an internal IT perspective, because people are being more productive at home. People are
actually happy. Yes, they probably want the opportunity to come to an office once in a while,
but the productivity is really surprised, folks. So we're going to have to adapt from a corporate
perspective on how we support, you know, the mom who's also the great,
you know, engineer who's able to write tons of code. How do we get her able to do patch
management on the computer and make sure that she's securing our environment because she's
our perimeter now? Yeah. Can you envision a situation where companies say, you know what,
Can you envision a situation where companies say, you know what, it is a lot cheaper for us to provide, you know, a really high speed, secure connection to someone's home separate from their personal private one?
You know, that's cheaper than having to maintain office space.
Let's do that.
Well, that's an option.
But I think the more direct option would be, hey, maybe let's bump up your bandwidth a little bit. We're going to make a secure tunnel, or I'm going to ship you a little black box that
you're going to plug into, and then we will send you your corporate laptop. The problem there
becomes is now you're managing all these disparate things. What happens if that machine bricks? You've
got all these things you've got to manage. So I think the better answer, just like moving servers
from a data center to the cloud where they're accessible from everywhere rather than through
one pipe into a data center, I think the answer becomes how do we put tools in place? And I think
a lot of people are answering these questions, a lot of small companies. How do we put tools in
place to manage and work with those people remotely and just blow up the perimeter? Let's
not have physical network.
We don't have cloud and data or we don't have data centers anymore.
We got cloud.
Let's blow up the physical network and put that as a cloud network.
I think that's where we're going.
How do you suppose people are going to respond to that?
Do you generally think they're going to be positive about it or maybe a mixed bag?
I think much like social media initially are using me like,
this is great. I can work from my computer at home. And then all of a sudden, companies are going to start locking these computers down and preventing people from doing things they want to
do. And I know if I can't play my massive online computer games, I'm going to be frustrated.
So I think there'll be a little bit of pushback, but it's like that pendulum. We'll find an
equilibrium. But I think right now, everybody's excited. As soon as companies start trying to lock down stuff,
there'll be that blowback, and then we'll find a nice equilibrium.
Yeah, yeah. All right. Well, David DeFore, thanks for joining us.
Great being here, David.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks. But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And that's the Cyber Wire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro. Thank you. next generation of cybersecurity teams and technologies. Our amazing CyberWire team is Elliot Peltzman,
Puru Prakash, Stefan Vaziri, Kelsey Bond,
Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen,
Nick Volecki, Gina Johnson, Bennett Moe, Chris Russell,
John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie,
and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
the cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications,
securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today
to see how a default deny approach
can keep your company safe and compliant.