CyberWire Daily - Cable-tapping for a new century. Lazarus Group update. BabaYaga's cannibalistic malware. Patch Tuesday notes. Cryptojacking. World Cup surveillance. Beware of strangers bearing gifts with USB connections.
Episode Date: June 13, 2018In today's podcast we hear that old news is new news when it comes to undersea cables. The Lazarus Group is still at it, against South Korean targets. BabaYaga eats other malware so it can stage Wor...dPress spam. Patch Tuesday notes, including some products that Redmond will no longer support. Crytpojackers are still busy. One new strain of coin-mining malware uses the Eternal Romance exploit to spread. World Cup surveillance threatens visiting fans. And don't plug gifts from strangers into your USB port.  Justin Harvey from Accenture with thoughts on supply chain security. Guests are Saher Naumaan and Kirsten Ward promoting RESET, BAE Systems’ Women in cyber event. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Old news is new news when it comes to undersea cables.
The Lazarus Group is still at it against South Korean targets.
Baba Yaga eats other malware so it can stage WordPress spam.
We've got some Patch Tuesday notes, including some products that Redmond will no longer support.
Crypto jackers are still busy.
There's one new strain of coin mining malware that uses the Eternal Romance exploit to spread.
World Cup surveillance threatens visiting fans.
And don't plug gifts from strangers into your USB port.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Wednesday, June 13, 2018.
Monday's action against several firms the U.S. Treasury Department regards as FSB cat's paws
has prompted discussion over the security or lack thereof surrounding undersea cables.
They are indeed susceptible to both tapping and intentional damage, but this is not a new problem.
Undersea cables were both tapped and cut a century ago, and such activity has continued through today.
So, for all the current interest, this is not a new issue.
Cable hacking goes back at least 100 years to the First World War.
The Royal Navy cut German cables at the outset of the war,
forcing the Wilhelmstrasse to rely on the good offices of neutrals to pass its diplomatic messages.
to rely on the good offices of neutrals to pass its diplomatic messages.
DCHQ ancestor Room 40 was reading and decrypting neutral cable traffic,
with a particular interest in American cables.
That's how they got the text of the Zimmerman telegram the Kaisers offer to help Mexico regain her lost provinces of Texas and California
if she'd keep the U.S. too militarily occupied to join the allies
in Europe. The telegram wasn't decisive, but it certainly helped push the U.S. towards belligerency.
Room 40, by the way, discreetly declined to point out to their American friends that they only read
the German traffic because, well, they were reading all that American traffic too. But, you know,
because, well, they were reading all that American traffic too.
But, you know, bygones.
And it's no excuse for you, FSB.
Just because Admiral Hall did it a hundred years ago doesn't make it right for you.
The U.S.-North Korean summit is now in the record books,
but the Lazarus Group is still out there slugging.
Alien Vault reports that North Korea's Lazarus Group is actively exploiting an ActiveX ZeroDay found on a site belonging to a South Korean security think tank.
Researchers at Defiant are tracking Baba Yaga malware, which generates spam links and
redirections. It's also cannibalistic, like its namesake, it removes competing malware from the devices it infects,
effectively maintaining the WordPress site it infects. The goal of Baba Yaga is generating
spam content. Defiant studied one particular campaign that had a commonly used theme and
set of targets, essay writing services. That's right, kids, the essay writing ads you respond
to are dodgy, so even if you're indifferent to the moral degradation of plagiarism, be advised, you might not want to go there anyway, no matter how attractive that offer of a term paper about the phenomenology of decolonization might look.
The spam content Baba Yaga generates is keyword-heavy.
Defiant calls it meaningless word salad designed to attract search engine traffic
based on those keywords. The crooks get paid through affiliate marketing. They redirect site
visitors to other sites selling stuff you probably don't need in the first place. Herbal enhancement
potions, commemorative figurines, pink sheet stock tips, term papers on the hermeneutics of glaciation,
obvious things like that.
You might think people wouldn't buy such stuff, but there are enough buyers born every minute to make it worth the hood's while.
So add Baba Yaga to your list of petty online crime.
BAE Systems is hosting a one-day cybersecurity conference in London tomorrow, June 14th.
hosting a one-day cybersecurity conference in London tomorrow, June 14th.
They're calling it Reset, and it's gained attention not just for the impressive lineup of speakers and panelists,
but also because every one of those speakers and panelists are women.
Kirsten Ward and Sahar Nauman are both intelligence analysts from BAE Systems,
and they spearheaded the efforts.
We hear from Kirsten Ward first. We've been disappointed with the lack of diversity in not just the speakers, but also the attendees.
A lot of conference organizers complain about the lack of women speakers that they're able to get to their conferences.
Actually, we know so many brilliant women and all we had to do was reach out to them.
So we actually compiled a list of over 100 speakers to reach out to, to present at our conference.
And we ended up getting just over 15 women
who will be individual speakers and panelists.
I think we really want it to come across
that if you are proactive,
if conference organizers try a little harder
and actively reach out to women they know in the industry,
or perhaps their colleagues know
that it's actually not that difficult. And we want to really normalize the presence of women
experts in the field. So one of the reasons that we had an all-female speaker lineup but an open
audience so that women can attend, men can attend, junior and senior professionals in the industry was to show everyone
that women experts is the norm and should be the norm. But really, if men want to be
contributing, what they should do is, again, actively promote these women, give them exposure,
give them the opportunities to show their work and recognition for their research.
That's Kirsten Ward and Sahar Nauman from BAE Systems.
The one-day Reset Cybersecurity Conference is in London, June 14th.
Yesterday was Patch Tuesday, and Microsoft addressed some 50 issues with its software.
The products receiving upgrades include the Windows OS, Internet Explorer, Microsoft Edge,
the Chakra Core JavaScript engine, and Microsoft
Office with its Microsoft Office services and web apps.
No zero days this month, but the update did toggle Meltdown and Spectre mitigations to
new default settings.
Microsoft has also announced that several products would no longer receive tech support.
If you're a user of Windows 7, Windows 8.1,
Windows 8.1 RT, Microsoft Security Essentials,
Internet Explorer 10, Office 2010, and Office 2013,
you are on your own, you and the others in what we've learned to call your user community.
Bitcoin and other cryptocurrencies took a hit
after the weekend disclosure of theft
at the CoinRail ICO exchange.
Crypto jacking continues to make a nuisance of itself. A study by Palo Alto Networks concludes
that about 5% of the Monero out there was mined by malware, and that 2% of the daily hash rate
comes from crypto jacked machines. A couple of dispatches from the Captain Obvious desk.
A couple of dispatches from the Captain Obvious desk.
Well, obvious, but if people didn't fall for these things, Captain Obvious would be out of his very useful job.
The first one concerns the World Cup.
If you, football fan, bring your phone, tablet, or laptop with you to the matches in Russia,
along with your vuvuzela and the other impedimenta of football fandom,
please don't connect to the local free Wi-Fi.
You're asking for trouble.
Don't just believe us.
Take it from the FBI, or more specifically,
from the U.S. National Counterintelligence and Security Center.
You might think you're too insignificant to be targeted by an espionage service,
but you can bet your vuvuzela the espionage services don't see it that way.
The other one comes from Singapore, and it concerns trade show swag, or in this case,
stuff coming from a commemorative summit.
Journalists covering the summit have been given a nice little fan, welcome in the 91 degree heat, that's about 33 centigrade for any football fans out that a ways, but said
fan plugs into your USB drive.
Again, just don't. We leave it as an exercise to determine why plugging stuff strangers give you
into your device is a bad idea. And finally, in other crypto-jacking news,
Fortinet reports the recent emergence of Pyromine IoT crypto mining malware that propagates
through the Eternal Romance exploit. Eternal Romance, of course, is one of the equation group
items dumped by the shadow brokers. And where have those guys been lately anyway? We don't really
want them back, but they're like fruitcake around the holidays. Nobody actually likes it, but somehow
you feel like you'd miss it
if it weren't around. a buzzword. It's a way of life. You'll be solving customer challenges faster with agents, winning
with purpose, and showing the world what AI was meant to be. Let's create the agent-first future
together. Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And joining me once again is Justin Harvey. He's the Global Incident Response Leader at Accenture.
Justin, welcome back. We have seen plenty of stories lately about cyber attacks coming from the supply chain.
Fill us in here. Which companies be doing right now to protect themselves?
Well, as you know, there have been some of the larger breaches in the last decade stemming from an organization supply chain.
think about Target, think about the now infamous NotPetya attack that came through an ERP system being used by a company inside of the Ukraine, and they came in that way. These supply chains
that organizations and enterprises are relying upon for all of their digital goods and physical
goods and applications and software and even hardware,
there's a propensity by enterprises to automatically trust or automatically assume that their suppliers
are taking all the necessary cyber defense and cybersecurity precautions.
Unfortunately, that's not true.
It's very difficult to extend that level of trust in this day and age. So
like the Russian proverb that Ronald Reagan coined, which is trust but verify, I think that
applies very directly to supply chains. But how do you approach that from a practical point of
view? If you have, I can imagine folks have lots of suppliers.
How do you come at this problem?
Well, what we've done with some of our larger clients
is that we've actually built cyber security programs
for their procurement
and for their supply chain organizations.
These sort of programs prioritize based upon the value or the volume that the
supplier is giving to the enterprise. And there's also a risk calculation that can be made based
upon where the supplier is, what types of goods and services are they supplying? What is the history around those companies,
those suppliers? What are the risks associated with those types of services? For instance,
think about the United States and their banning of goods and services from companies like Huawei.
Well, that was based upon Congress and other U.S. government organizations receiving these goods from Huawei.
And they already had malware and espionage and surveillance types of entries into their code that allowed possibly state-sponsored actors to abuse those.
So that's just one example of how thinking through creating a risk-based profile
for your suppliers. And then on top of that, going to your suppliers and actually challenging them
to demonstrate their proficiency across security awareness, across their ability to respond to
incidents. Are they doing threat hunts? And even in some cases, how are your suppliers
managing their own supply chain? That might seem a little bit tinfoil hat, but I got to tell you,
for some of these larger aerospace, defense industrial based organizations, and even
financial services institutions that have no tolerance for risk, we're starting to see
more and more and more emphasis on the supply chain.
All right. Good advice as always. Justin Harvey, thanks for joining us.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of
solutions designed to give you total control, stopping unauthorized applications, securing
sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com
today to see how a default-deny approach can keep your company safe and securely. Visit ThreatLocker.com today to see how a default deny approach
can keep your company safe and compliant.
And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
The Cyber Wire podcast is proudly produced in Maryland out of the startup studios of DataTribe,
where they're co-building the next generation
of cybersecurity teams and technologies.
Our amazing Cyber Wire team is Elliot Peltzman,
Puru Prakash, Stefan Vaziri, Kelsey Vaughn,
Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen,
Nick Volecki, Gina Johnson, Bennett Moe, Chris Russell,
John Petrick, Jennifer Iben, Rick Howard, Peter Kilby, and I'm
Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive
alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.