CyberWire Daily - Coincheck cryptocurrency heist. ICO phishing. Jackpotting comes to America. Dridex and FriedEx. Transduction attack threat to IoT sensors. Jihadist steganography. Oversharing with Strava?
Episode Date: January 29, 2018In today's podcast, we hear that hackers have looted cryptocurrency exchange Coincheck to the tune of about $530 million. Experty's ICO speculators get phished by crooks. Jackpotting hits America...n ATMs. The Dridex banking Trojan apparently has a ransomware sibling: FriedEx. Transduction attacks could hit IoT sensors. Steganographic app "Muslim Crypt" is designed for jihadist communication. North Korea tells Britain to mind its own business about WannaCry. Zulfikar Ramzan from RSA with his perspective on Spectre and Meltdown. Strava fitness app reveals locations of user activity. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K. of about $530 million. Ex-Birdies ICO speculators get fished by crooks.
Jackpotting hits American ATMs.
The Drydex banking trojan apparently has a ransomware sibling, Frydex.
Transduction attacks could hit IoT sensors.
Steganographic app Muslim Crypt is designed for jihadist communication.
North Korea tells Britain to mind its own business about WannaCry.
And the Strava fitness app reveals locations of user activity.
I'm Dave Bittner with your CyberWire summary for Monday, January 29, 2018.
The Japanese cryptocurrency exchange Coincheck has reported the loss of some $530 million in NEM tokens to
cybercriminals. This passes the record formerly held by Mt. Gox, the now-defunct crypto exchange
done in by a $450 million heist. Coincheck announced Friday that it had suspended NEM
deposits and shortly thereafter stopped NEM trading. Over the weekend, all payments on the Coincheck platform were halted.
The theft appears confined to NEM, also known as NEMU.
Early suggestions that transfer of Ripple currency were fraudulent
appear to have been premature and unfounded.
The story continues to develop.
It's not known how the exchange was looted or whodunit,
but there are reports that
say the currency taken had been stored in an internet-connected hot wallet.
Coincheck has said it intends to reimburse users who lost funds in this attack.
They plan to repay about $400 million.
But how they'll get the funds to do so remains unclear.
Japanese authorities are investigating the theft.
There's been another noteworthy cryptocurrency hack, this one of an ICO. The ICO was for Xperty, a startup that bills itself as the first Ethereum-powered voice and video application,
which allows users to monetize their time, knowledge, and expertise on a global scale.
Sales handled by Bitcoin Suisse.
A bogus pre-ICO announcement purporting to be from Experty
fished unwary speculators into transferring more than $150,000 in Ethereum to the crooks' wallets.
Experty says it's addressed security issues surrounding the phishing expedition
and that it will be offering some compensation to investors inconvenienced
by the incident.
Jackpotting has arrived in the U.S., hitherto seen most often in Eastern Europe and East
Asia.
The hacking of ATMs to get them to spill cash to a waiting mule has now appeared in the
U.S.
The Secret Service is working with banks and ATM vendors to contain the problem.
Hackers get access to the ATMs by posing as maintenance workers and connecting to the
device with an endoscope.
Once they've synced, they can remotely induce the machine to dump cash into the waiting
arms of a money mule.
Bratislava-based security firm ESET reports that the authors of the familiar banking Trojan
drydecks have branched out into ransomware. They're responsible, the researchers say, for the ransomware strain known as either
BitPamer or Fridex. Not only do Dridex and Fridex share code, but there are several instances of
the malware strains having the same date of compilation. Fridex was discovered last year
and usually infects its targets by a brute force remote desktop protocol attack.
Research indicates that widely used electronic sensors are susceptible to transduction attacks,
which suggests a greatly expanded Internet of Things attack surface.
A transduction attack, as a report from researchers at the University of Michigan and Zhejiang University explains,
quote, exploits a vulnerability in the physics of a sensor to manipulate its output or induce intentional errors, end quote.
They call for greater attention to embedded security,
particularly at the border of the analog and digital world sensors occupy.
In news that will doubtless figure in future crypto war salvos, a new secure communications
app, Muslim Crypt, is out and designed specifically for the jihadi market. It takes a steganographic
approach, hiding messages in a photographic image. Photos have a lot of noise, and in this case,
the message masquerades as just that. Pyongyang tells London to mind its own business about WannaCry,
which Pyongyang says it didn't do in the first place,
and while you're at it, London, stop copying Washington.
So there.
There are the usual threats of massive righteous cyber retaliation, and so on.
Fitness app Strava has published some attractive heat maps showing the exercise patterns of
its users.
The data is aggregated and anonymized, as Strava points out, but critics point out that
the patterns on the map effectively reveal the locations of secret army bases, as The
Guardian puts it.
Strava says military users should just opt out of the reporting.
If they've revealed themselves or their favorite jogging paths to the world, that's on them and not on Strava says military users should just opt out of the reporting. If they've revealed themselves or their favorite jogging paths to the world,
that's on them and not on Strava.
It's worth noting that critics know the patterns correspond to bases
because they already know where those bases are,
and the secrecy of some of the locations people are mentioning,
like Groom Lake, Nevada, is pretty attenuated anyway.
To be sure, you'd have to be pretty highly cleared to
actually visit Area 51, but a Strava heat map isn't exactly revealing this particular high
desert location to the wild world. So, to take one of the examples being cited, you can tell that
someone's riding a bicycle alongside a runway. So what? It's well known to listeners of various
radio shows that are broadcast all night
long from the middle of Parampistan that it's long been a staple in the UFOlogical lore that
circulates throughout the American Pophlagonia that Area 51 is where captured flying saucers
are test flown. And wouldn't you want the civil servants reverse engineering gray technology to
stay fit and trim? Don't believe us
that this is going on at Area 51? Take your heads out of the sand, sheeple. Just watch Independence
Day again. Hollywood knows, man. Here's a question, however. Why would you want this kind of heat map
anyway? Is it pure marketing, like the many cyberattack heat maps we've long enjoyed as a kind of eye candy?
Oh, that alien technology we were mentioning?
We're joking, just having a little fun.
If the public affairs office at Nellis Air Force Base or China Lake or Fort Irwin or 29 Palms are listening,
we're kidding, right?
We don't want a visit from the men in black.
Not to mention, a hovering black helicopter would make it tough to record with good audio.
But seriously, the concern that more temporary, sensitive locations in active theaters of operation might be revealed is more troubling, although how usable such intelligence might
be remains an open question.
is more troubling, although how usable such intelligence might be remains an open question.
And the case shows what information can be developed even from aggregated and anonymized data. No doubt a lot of soldiers, sailors, airmen, and marines are receiving a good OPSEC
talking to this week, and that's a good thing to be sure. So by all means, troops, opt out,
stay safe, and good hunting.
means troops opt out, stay safe, and good hunting.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents,
winning with purpose,
and showing the world what AI was meant to be. Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now? Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks. But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, Thank you. security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000
off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and
connected lives. Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
365 with Black Cloak. Learn more at blackcloak.io.
And joining me once again is Zulfikar Ramzan. He is the Chief Technology Officer at RSA. They're a Dell Technologies business. Zulfikar, welcome back. You know, obviously hot and heavy in the
news these days are Spectre and Meltdown, but you want to make the point, make sure that we're
thinking about these threats correctly. That's right. You know, I think there's been
this trend in the last few years of these mega vulnerabilities, obviously ones like Heartbleed,
more recently Spectre and Meltdown and so on and so forth. And I think that what's interesting to
me is that when you think about vulnerabilities today, we've been dealing and talking about some
of the same issues now for 20 plus years.
Most of the major breaches that occur have happened because of somebody exploiting a known vulnerability.
And so the point that I really want to make is if you're a security practitioner thinking about how to secure and safeguard your organization,
I think it's important to take a much more risk-centric, maybe business-centric view, if you will, around thinking about vulnerabilities. And here's what I mean by that.
The reality is that not every vulnerability is created equal.
Some vulnerabilities will be easy to exploit.
Some may already have exploit code available in the wild.
Some vulnerabilities may have a significant impact to your business if they're exploited.
For example, they may be a vulnerability on a critical production server
or on a piece of hardware that contains critical and sensitive data about maybe your customers,
et cetera.
And I think what people have to do is when they think about vulnerabilities, it's not
so much the, let's jump on with the latest vulnerabilities and try to fix it.
Take a step back and try to figure out the impact of that vulnerability to your business,
the likelihood that that vulnerability will be exploited, and then take those pieces of
information and engage with the business stakeholder or
the infrastructure stakeholder to help alleviate the vulnerability.
Too often today, security professionals will shout out that, hey, we have to fix these
vulnerabilities.
On the flip side, the reality is that very few security professionals have the authority
to fix the vulnerability.
They may have the responsibility of identifying it, but they typically don't own the infrastructure
underneath.
And being able to have that conversation,
I think is what's missing today.
Yeah. And I can't help wondering, you know, when news of something like this breaks, something that is as big a news as Spectre and Meltdown have been, you know, something sort of foundational
the way that they've been. I think it's easy for people to get caught up in the unknowns
that the news is coming quickly and they're not sure. You know, they've got people from their organizations saying, how concerned should we be about this?
And they want answers and not all the answers are there.
That's right.
I think these are also developing over time as people understand the full implications
of these threats.
You know, Spectre and Meltdown, obviously very deep vulnerabilities, really affecting
the lowest level of systems, very widespread.
But on the flip side, I would submit to you that most people who were jumping on the Spectre and Meltdown bandwagon were focused 100% on those
issues, might have been ignoring existing issues on their networks that have been around for some
time that would have a more pressing impact to their business. And so I think the key is not to
ignore what the latest vulnerabilities are, but don't over-rotate to the point that you
completely ignore all the fundamentals that may be more relevant to your business and to your networks today.
Zulfiqar Ramzan, thanks for joining us.
My pleasure.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of
solutions designed to give you total control, stopping unauthorized applications, securing
sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com
today to see how a default-deny approach can keep your company safe and securely. Visit ThreatLocker.com today to see how a default deny approach
can keep your company safe and compliant.
And that's the Cyber Wire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
The Cyber Wire podcast is proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technologies. Thanks for listening. We'll see you back here tomorrow. Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease
through guided apps tailored to your role. Data is hard. Domo is easy. Learn more at
ai.domo.com. That's ai.domo.com.