CyberWire Daily - CISA offers its assessment (high) of US election security. An alleged GRU front media group is fingered. Notes on cybercrime, and one cheap proof-of-concept.
Episode Date: November 13, 2020CISA says US elections were secure, that recounts are to be expected in tight races. (But election-themed malspam continues, of course.) A news platform is flagged as a GRU front. A new ransomware str...ain takes payment through an Iranian Bitcoin exchange. The Jupyter information-stealer is out and active. David Dufour on detecting deepfakes and misinformation. Dr. Jessica Barker on her new book Confident Cyber Security - How to Get Started in Cyber Security and Futureproof Your Career. And PlunderVolt is a $30 proof-of-concept. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/220 Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
CISA says U.S. elections were secure that that recounts are to be expected in tight races.
But election-themed mal-spam continues, of course.
A news platform is flagged as a GRU front.
A new ransomware strain takes payment through an Iranian Bitcoin exchange.
The Jupiter information stealer is out and active.
David DeFore on detecting deepfakes and misinformation.
Dr. Jessica Barker on her new book,
Confident Cybersecurity.
And PlunderVault is a $30 proof of concept.
From the CyberWire studios at DataTribe,
I'm Dave Bittner with your CyberWire summary for Friday, November 13th, 2020.
The U.S. Cybersecurity and Infrastructure Security Agency issued a statement yesterday about the recent U.S. elections that called them the most secure in American history.
The statement, prepared jointly by federal and state officials, added this perspective on recounts.
Quote,
When states have close elections, many will recount ballots.
All of the states with close results in the 2020 presidential race have paper records of each vote,
allowing the ability to go back and count each ballot if necessary.
This is an added benefit for security and resilience.
This process allows for the identification and correction of any mistakes or errors.
There is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised. End quote.
So, Siss's judgment is that voting systems as such were uncompromised, and that recounts are
proceeding as they would in any close election. Any corrections to ballot counts that may prove
necessary as recounts are finished are thus likely to be prompted by errors or retail-level fraud,
not any deep widespread corruption of voting systems.
However secure the elections were, that, of course, hasn't prevented criminals from seeking
to take advantage of the tension, division, and uncertainty that surrounded them.
The Washington Examiner reports that a great deal of spam baited with allegations of fraud
at the polls is appearing in inboxes.
According to security firm Malwarebytes,
a great deal of the spam is delivering the Qbot Trojan.
Bellingcat reports that Bonanza Media,
which bills itself as an independent investigative project
dedicated to pursuing alternative explanations of the 2014 crash
of Malaysian
Airlines Flight MH17 is in fact a Russian disinformation front run by the GRU.
Bonanza Media was founded, Bellingcat says, early in 2019 by an RT alumna,
Jana Jarlashova, who had specialized in debunking coverage of the Dutch-led investigation.
She received the assistance of a conspiracy-minded blogger in the Netherlands,
one Max van der Werff, who had also become a frequent guest on various Russian media outlets.
Bellingcat's conclusions are that, quote,
Senior members of the GRU entered into direct and regular communication with the project leader.
The GRU received advanced copies of Bonanza's publications, provided its employees illegal
cross-border access into eastern Ukraine, furnished the project with confidential internal
documents of the official Dutch-led MH17 joint investigation team conducting the official
criminal investigation into the deaths of 298 passengers and crew
members that were hacked by GRU's Cyber Warfare Division and likely instructed Bonanza Media
to leak them.
End quote.
Most of Bonanza Media's claims about MH17 have been of the suggestive rather than conclusive
variety, such as the investigation is still open, the documents leave questions
unanswered, there's a lot of reasonable doubt, and so on. The more positive lines of disinformation
that circulated in the open Russian state-controlled media included claims that Ukrainian forces had
shot the airliner down by mistake, that the crash never actually happened, and the debris field and
bodies had been staged by Kiev,
or even that the shoot-down represented a bungled Ukrainian attempt to assassinate Russian President Putin.
The actual non-alternative explanation of the MH17 crash is that the Boeing 777 was shot down over eastern Ukraine by a Russian anti-aircraft unit operating deniably in support of separatist forces
fighting under the control of the Russian government.
Dutch investigators, who had international responsibility for inquiring into the disaster,
concluded that the airliner was shot down with a Buk missile
fired by the 53rd Anti-Aircraft Missile Brigade of the Russian Federation.
The flight had been en route to Kuala Lumpur from Amsterdam with
283 passengers and 15 crew members on board. There were no survivors. The Dutch-led joint
investigation team's findings confirmed early Ukrainian assertions as well as reports by German
and U.S. intelligence services. An article in Foreign Policy describes a resurgence in Islamic activity
online. Some 500 extremist channels focused on Central Asia are active over such social media
as Telegram and Kontakte. Most of the networks have ties to the Islamic State, now expelled
from territory it once controlled in Syria. The online radicalization in Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistan, and Uzbekistan
is following familiar patterns.
Underemployed young, mostly male adherents,
with recruiting eased by international tension between Muslim and non-Muslim nations,
such as the tension between Russia and Turkey,
or between Armenia and Azerbaijan over Nagorno-Karabakh,
and with geographical spread assisted by diaspora members of the target population.
Researchers at security firm Checkpoint are describing the pay-to-key ransomware operation,
which they describe as unusually fast in its ability to compromise and encrypt a targeted network.
CTEK reports that a number of Israeli firms have fallen victim to Pay2Key,
whose operating the ransomware is unknown,
but Bitcoin payments some of the victims have made were channeled through an Iranian cryptocurrency exchange, Excoin.
There's nothing inherently nefarious about Excoin,
but the company does require users to have an Iranian phone number and identification.
On that basis, Checkpoint thinks it likely that the perpetrators are Iranian nationals.
Morphosec has published an account of a new information stealer, Jupiter.
The security company says that so far, Jupiter has collected Chromium, Firefox, and Chrome browser data,
but that it also seems to have potential as a full-fledged backdoor.
Its command and control, while shifting several times since the malware began to appear in May,
has always traced back to Russia.
So, Morfosek thinks Jupiter is probably the work of a Russian criminal gang.
The University of Birmingham has published a follow-up to reports on Plundervolt.
The university says its researchers have demonstrated a device that can overcome protections
against the Plundervolt vulnerability that Intel fixed last year.
The cheap proof-of-concept device, costing only $30,
connects to the separate and unprotected voltage regulator chip
in a way that enables it to control the CPU's voltage. The researchers conclude that it may
be time to rethink SGX, Software Guard Extension, security measures.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now? Like, right now? We know
that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies,
access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk. In fact,
over one-third of new members discover they've already been breached. Protect your executives
and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
my guest today is dr jessica barker she's co-founder and socio-technical lead at uk-based security firm sygenta she joins us to discuss her recently published book confidence cyber security
how to get started in cyber security and future-proof your career. Well, I have to be honest, I was approached by the publishers, Kogan Page.
And so an email just came in out of the blue saying they have this series of books,
you know, confident coding, confident web design.
And they wanted for the first time to publish confident cybersecurity.
They were aware of me and they wondered if I would be interested in being
the author. And so I absolutely jumped at the chance, to be honest. I've been thinking about
publishing a book by myself for a while, so it felt like great timing. And it was an opportunity,
as I saw it, to write a book that I would have loved to have read 10 years ago when I was starting out in the industry.
Well, you break the book up into several sections. Why don't we go through some of those together?
You start off with an introduction to cybersecurity. What are you covering there?
So what I wanted with the book was for it to appeal to people who maybe are getting started
in their career, people who are interested in
cybersecurity but don't know much about it, and people who may be, you know, like board
members who maybe need to know more about cybersecurity and are kind of starting with
not a blank page, but without much background knowledge.
And so I wanted to start with an introduction that really outlines why cybersecurity
is important, what it is, and to make sure that all of us, as we started with the book,
were kind of on the same page. One of the sections of the book covers the future of
cybersecurity and what it means for your career. And I think that's an important part of this. There's a part of this book that really is
a guide, almost sort of a map for folks who are trying to figure out how it does fit into your
career. It's going to fit into so many careers as we move forward. Exactly. I think cybersecurity
is so interesting because essentially it weaves through a lot of different jobs, a lot of different professions in a way that those professions, you know, would never have thought
even probably 10 or so years ago. So I wanted to do justice to that. And particularly, you know,
I work with a lot of senior executives and board members, and I know that they need potentially
more support in getting up to speed.
So I wanted to write for that audience.
But I also wanted to write for the audience of somebody
who is thinking about cybersecurity as their career,
who is maybe starting out, maybe they're at university or even in school,
and they're thinking, actually, I want to work in cybersecurity
or I'm just starting out in cybersecurity.
How do I move forward?
It can be so daunting, this field, to know actually what path to follow.
I wanted to try and provide a bit of practical guidance on that.
Yeah, I mean, it strikes me that there's something here for everyone,
both for folks who are just getting started,
but also for people who've been in
cybersecurity for a while. It's nice to have an overview of maybe some of the areas that aren't
part of your day-to-day. I often hear that from people, and I myself have this. I work very much
on the human side. And so that can mean that I sometimes don't delve as deep into the physical or into the technical elements.
And so actually having something that provides an overview, I think, is very helpful because in cybersecurity, most of us will specialize to some extent in different areas.
It's such a broad field that none of us can be experts in everything.
such a broad field that none of us can be experts in everything. So I wanted the book to actually empower someone who, you know, might be working as a pen tester and actually wants to know a bit
more about social engineering or, you know, wants to know a bit more about cybersecurity at the
board level. You know, if you're working with senior executives, then actually knowing what
they need to know and knowing kind of how they would look at this problem.
I think that can be quite helpful, particularly if you're thinking about moving your career in a different direction or moving to a more senior level.
One of the things I like about the book is that you touch on cybersecurity in a variety of different industries.
different industries? Yeah, it's one thing I noticed working with different people and different industries is the way that cybersecurity is so fundamental in all sorts of different organizations
and sectors. And actually with our work, our outreach work with schools, I developed a talk
that is what Taylor Swift can teach us about cybersecurity. And it's basically a way of
talking about cybersecurity to teenagers,'s basically a way of talking about
cybersecurity to teenagers, you know, particularly the career side, I talk about cybersecurity in
the music industry and the film industry and with footballers. So I thought it would be interesting
to bring that into the book, because I've seen how engaging that can be for people.
And just really bringing to life the fact that this isn't just for banks. This isn't just for governments.
It's also for pop stars.
And it is for the film industry.
It is for sports teams and, you know, influencers, social media influencers.
Like everybody needs an awareness of cybersecurity now because information and connected information is so vital to so many different parts of society
and the economy. That's Dr. Jessica Barker from Sygenta. The book is titled Confident
Cybersecurity, How to Get Started in Cybersecurity and Future-Proof Your Career. There's more to
this interview. You can check it out over on our website, thecyberwire.com, in the CyberWire Pro section.
Cyber threats are evolving every second, and staying ahead is more than just a challenge. It's a necessity.
Thank you. and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
And I'm pleased to be joined once again by David DeFore.
He's the Vice President of Engineering at Webroot.
David, it is always great to have you back on the show. I want to touch base with you when it comes to deepfakes and misinformation,
some of the stuff that I know you and your team are tracking when it comes to that side of things. What can you share with us today? Yeah, so, you know, there's kind of two
different topics that can go hand in hand. Deep fakes being where you create images or videos that
actually look like someone, but they're not that person. And then a lot of times, not only do they
just look like someone, they're presenting information that appears to be coming from that person in that video that could be misinformation.
So these two things tied together can be really tricky.
Well, what are some of the specifics here?
What are your concerns?
Well, a credit card, if it gets stolen, you can call up the bank and get a new credit card number.
That credit card is no good anymore.
For most people, I mean, you and I, David, we're always going to the plastic surgeon,
getting work done. So our faces are always changing. But for most people,
when your images are stolen and used in a deepfake scenario, you know, there's so much
information out there from an image perspective that people aren't thinking about that, you know,
it can start to be used and it's almost becomes insurmountable that it can't be pulled back.
And as this technology gets better, I think we're going to see more and more of a threat of people mimicking other people, both from a celebrity level down to a grassroots individual level, that it's going to become a problem.
What about this creation of new images of people from wholesale creation?
In other words, you know, I've seen someone spins up a fake Twitter account
and you can do an image search on the photo they use for the account image
and it turns out it's a stock photo.
You know, it's an average middle-aged guy or something like that.
But now we've got these systems
that are just literally creating realistic photos
of people out of thin air.
That's a different thing.
Well, that is a different thing.
And not only that,
you can sometimes create an image
based on images you got from someone,
you know, because they had an Instagram page
and somehow start to link all that together to create maybe a Twitter account or some
other account that you control that somehow adds, you know, a validity to the fact that,
oh, I see this person on Instagram and I see all these posts that they're making on Twitter
or on Facebook or some other social media.
And all of a sudden it represents and you could be putting videos out there on YouTube see all these posts that they're making on Twitter or on Facebook or some other social media.
And all of a sudden, it represents and you could be putting videos out there on YouTube and you've built this whole persona around someone that started the nucleus is real.
And now it all becomes believable simply because you've been able to automate and generate
all this contextual information that's completely bogus.
Yeah, it strikes me that, you know, we've got this,
we're heading into this era where it's going to be harder and harder to believe what you see and
what you hear. And obviously, it's good for everyone to be skeptical and have their critical
thinking skills. And I wonder if we're coming up to an age where we need some sort of chain of
custody, dare I say, a blockchain of custody when it comes to digital imagery,
the things that we're, the things we're seeing in our news feeds every day.
I absolutely could not agree more. Unfortunately, I don't have what the exact methodology that would
look like. I haven't been able to, we need smarter people than me to come up with that,
but you're absolutely right. Look, I think five years ago, six years ago,
people put all this information on social media
and they were shocked at what cyber criminals
could do with that information.
And I'm just talking words here,
how they could fake who they were.
And now with the deep fake technology,
you're gonna see a lot of that be visual.
And all of a sudden, people trust their eyes more than they may trust something they read. And so the minute
it's visual, now we've got another, you know, on order, another magnitude of issues. And so to your
point, how do we take some type of technology like blockchain to link that to actually validate
whether it's behind the scenes or, you know, something that you see that says this is legitimate because of my blockchain number. That's something we need
to figure out how to address because it's it is truly going to become an issue. All right. Well,
David DeFore, thanks for joining us. Great being here, David. And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for CyberWire Pro. It'll save you time and keep
you informed. With a name like that, it has to be good. Listen for us on your Alexa smart speaker,
too. Don't miss this weekend's episode of Research Saturday and my conversation with
Larry Kashtaller from Akamai. We're going to be talking about some of his favorite CVE submissions
over the past 20 years.
That's Research Saturday. Check it out.
The Cyber Wire podcast is proudly produced in Maryland
out of the startup studios of DataTribe,
where they're co-building the next generation
of cybersecurity teams and technologies.
Our amazing Cyber Wire team is Elliot Peltzman,
Puru Prakash, Stefan Vaziri, Kelsey Bond,
Tim Nodar, Joe Kerrigan, Carol Terrio,
Ben Yellen, Nick Vilecki, Gina Johnson,
Bennett Moe, Chris Russell, John Petrick,
Jennifer Iben, Rick Howard, Peter Kilpie,
and I'm Dave Bittner.
Thanks for listening.
We'll see you back here next week. Thank you. solutions that are not only ambitious, but also practical and adaptable. That's where Domo's AI
and data products platform comes in. With Domo, you can channel AI and data into innovative uses
that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.