CyberWire Daily - Cyber retaliation for a kinetic attack, again. Industrial espionage from China. Botnet does sextortion. Typosquatting the other candidate. A poor approach to reputation management.
Episode Date: October 16, 2019The US may have retaliated in cyberspace for Iran’s strikes against Saudi oil fields. China’s new C919 airliner seems to have benefited greatly from industrial espionage. An old botnet learns new ...tricks. Typosquatting as an election influence trick. A look at price lists in the Criminal-to-Criminal marketplace. Recovering from ransomware. And when it comes to reputation management, there’s not so much a right to be forgotten as there is a right to fuggeddaboutit, if your get what we mean. Justin Harvey from Accenture on ESports gaining popularity in cyber security. Guest is Aashka, a high school junior who helped plan the Raytheon Girl Scouts National Cyber Challenge. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_16.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
The U.S. may have retaliated in cyberspace for Iran's strikes against Saudi oil fields.
China's new C-919 airliner seems to have benefited greatly from industrial espionage.
An old botnet learns new tricks.
Hypo-squatting is an election-influenced trick.
A look at price lists in the criminal-to-criminal marketplace.
Recovering from ransomware.
And when it comes to reputational management,
there's not so much a right to be forgotten
as there is a right to forget about it, if you get what we mean.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Wednesday, October 16, 2019.
Reuters reports that the U.S. retaliated for Iranian kinetic strikes against Saudi oil facilities with cyberattacks against Iranian information operators.
Two officials, speaking on condition of anonymity, told Reuters that the attacks did some physical damage
and that they were conducted to degrade Tehran's ability to spread propaganda.
China's Comac C919 airliner was built from
industrial espionage, a report from CrowdStrike concludes. The complex operation was the work
of Turbine Panda, a unit of the MSS Jiangsu Bureau, the Chinese intelligence service widely
believed responsible for the 2015 breach of the U.S. Office of Personnel Management.
The campaign on behalf of COMAC was long-running, patient, and multifaceted,
encompassing forced technology transfer, joint ventures, physical theft of intellectual property
from insiders, and cyber-enabled espionage. The news comes as the U.S. shows signs of
cracking down on Chinese espionage activity, as the Asia Times puts it,
particularly those related to Beijing's Thousand Talents program of recruiting insiders to collect against Western industry.
The C-919 would seem to indicate how dependent China economic development may be upon industrial espionage. The current U.S.
crackdown may be intended in part to turn that dependence into a strategic vulnerability.
A well-known botnet has been turned into an instrument of extortion,
showing randomly selected users one of their previously compromised passwords
and threatening to expose them for things it's seen them doing within view
of their webcam. Security firm Checkpoint has found that the botnet 4PX, also known as Trick,
which over the last 10 years has moved into ransomware and cryptojacking distribution,
is now sending extortion emails. Two things are worth noting. First, and we hope this will be
clear enough to most victims,
it's a pure hustle.
The blackmailers don't have anything on anyone
except a list of email addresses and old compromised passwords.
They use this to lend legitimacy to what would otherwise be a bald and unconvincing narrative.
Second, and this is more unusual and interesting,
the secret to the crook's business plan is volume.
They're pushing up to 30,000 emails out per hour,
and they're using compromised machines to do it.
The users being exploited to send the spam
are probably unaware that they're even compromised,
Checkpoint says.
Raytheon has teamed up with the Girl Scouts of the USA
for their first-ever National STEM Challenge event. It's called the Girl Scouts of the USA for their first ever National STEM Challenge event.
It's called the Girl Scouts Cyber Challenge, brought to you by Raytheon.
The challenge scenario puts participants in the middle of a hypothetical ransomware attack on a moon base,
and over 2,500 girls across the country will take part in the pilot program.
We spoke with a young woman named Ashka.
She's a high school junior from Texas
who's been part of the planning for the event. The summer before my sophomore year, I took a
Girl Scout cybersecurity camp. It was a week-long camp, and it really just changed my life. It
brought light to a new camp that I took this summer before my junior year. It was a five week long camp for cybersecurity. And it really just
lifted how I think about it. Like some of the instructors there, not all of them were in like
the core cybersecurity field. Some of them were doing like cybersecurity, but with marketing or
cybersecurity, but with management information systems, like it was just, I learned that like there was a lot more
to just what meets the eye in cybersecurity.
Like I said, it was, there's like business involved in it, fashion.
There's just so much more than just coding and programming.
Back when I was in my sophomore year, so around this time, about a year ago,
they came to us, it's a national team who have joined together and Raytheon
is helping support this. And it's just to help girls like raise awareness about like technology
and STEM play like such an important part in their lives and how it's a really good career to invest
yourself into. Personally, for me, I wasn't as big of a cyber type of girl but I learned like basically that
cyber security isn't just coding setting and programming and I think that's a really valuable
lesson that we're trying to teach the girls that you can have fun while working in stem and that
it's not just sit down in technology it's not like the average picture you'll see of like a hacker sitting and doing those things.
It's not that. It's a lot of communication and things like that.
There's just so much more to cybersecurity than what meets the eye.
Well, take us through this simulation itself.
I mean, it's quite a story that you all have come up with here, quite compelling.
It'll be a lot of fun for them.
It'll be like a typical Girl Scouts journey.
However, at the end of the day, they'll earn the new badge, which is a cyber badge.
And hopefully they'll go away from like they'll leave the event with the newfound love for cybersecurity.
And my understanding is that there's a story here that's part of it where you're protecting a colony on the moon yeah so we had a few discussions about spies or like space or
environment or something and like a school or something it's like which event seems the best
and almost unanimously it was the space one i I feel like that one is just such an
interesting thing to do, protecting a colony on the moon, since like a lot of people do have an
interest in space, but I think it was a very good thing to do. There's something for everyone, like
even the girliest of girls can find something in Girl Scouts and in the cyber challenge. She'll
find like new friendships and things like that. Even someone like me, I also found the Cyber Challenge. And it's just a very
good way to bring you along and bring you to new experiences. And I really do want to pursue a
career in it and gain some experience. I think it's not work if I love it. Once again, the event
is called the Girl Scouts Cyber Challenge, brought to you by Raytheon.
Flashpoint looks into the criminal-to-criminal market's pricing structure.
The security firm trolled through various dark web markets to see how things had changed since their last systematic survey in 2017.
They found that prices are up, but in a small way.
Physical passports are the most valuable commodity and command top
dollar. Exploit kits, on the other hand, are selling at a discount, no longer commanding
the premiums they once did. DDoS for hire services are way up. Fools? Full information on a person?
They're about where they were, just slightly up, unless they include financial information about
the victim, including credit scores, in which case you might as well be shopping at a really tony boutique.
In a bit of slamming the door after the vandals have come and gone,
the City of Baltimore's Board of Estimates has approved the purchase of two cyber insurance policies
that could pay up to $20 million in damages if, or when,
the city sustains another attack like the ransomware that hit its systems in
May. The city will pay just over $800,000 for the policies, and each policy carries a million-dollar
deductible. The city has estimated its losses in the May incident at around $18 million,
but there's a fair bit of uncertainty around that figure. Some of the losses, city officials say, may have been clawed back,
and there may be other costs associated with the attack that have yet to be figured into the total.
For instance, $800,000 and change in insurance premiums.
And finally, some news from the world of online reputation management.
You've heard the commercials.
If someone is giving you bad reviews,
the reputation managers will give your online reputation a nice thorough scrubbing.
But there are good ways and bad ways of doing this. Speaking hypothetically, repeatedly mass
emailing people who reviewed you as a big flopperoo would seem to be a mistaken and even
self-defeating course of action, especially if you escalated to threatening the reviewers
with going after their advertisers.
That's not the way the people who advertise on the radio say they do it,
but we're not in Kansas, are we, Toto?
For Kansas is indeed the venue of our story.
Wichita attorney Brad the Bull Pistonic,
whom one would have hoped would know better,
has taken a guilty plea to three counts of being an accessory
after the fact to making an extortionate threat over the Internet, the Wichita Eagle reports.
The misdemeanors will earn him no jail time, but he will pay a $375,000 fine and just over $55,000 in restitution.
The incident arose from Mr. Pistonik's retention of reputation management services that allegedly threatened sites that had posted discreditable material about the accident attorney.
If Wichita were in, say, Bavaria or Luxembourg, Brad the Bull could invoke his EU-guaranteed right to be forgotten and the whole thing would be bygones, right?
Pay no attention to that man riding the bull in his personal injury practice
commercials on the TV. That is kind of hard to forget, especially when it happens in the
nice-mannered Jayhawk state. is hiring account executives to join us on the cutting edge of technology. Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Visit salesforce.com slash careers to learn more. rely on point-in-time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation
to evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize
key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families
at home. Black Cloak's award-winning digital executive protection platform secures their
personal devices, home networks, and connected lives. Because when executives are compromised
at home, your company is at risk. In fact, over one-third of new members discover they've already
been breached. Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And joining me once again is Justin Harvey.
He's the Global Incident Response Leader at Accenture.
Justin, it's always great to have you back. We wanted to talk today about
the growing prevalence of esports and the potential that that holds for folks in cybersecurity.
What do you have for us today? Well, what I've got for you today is that esports apparently
is no longer just for computer games and for console games. Esports is the general terminology
that we use for competing
either in person or virtually against others and having that broadcasted. There are games like
Counter-Strike, PlayerUnknown's Battlegrounds, Dota 2, and of course my favorite Overwatch that are all
on the esports arena. But what's happening is that in the cyber defense and cybersecurity realm, we are seeing
more and more of the commercialization and the popularization of capture the flag. That would
be teams of attackers. So that would be the red team and teams that are defending that would be
the blue team. I have absolutely seen the increase in popularity with that. And I've also seen that more and more employers want to see that experience on someone's resume.
Participating in these events, most notably the capture the flag events, it's a great way to credentialize yourself.
It's a great way to demonstrate that either you have the offensive capabilities or that you have the defense
capabilities. The capture the flag scenarios and games that are being run at conferences like
Black Cat and DEF CON are serving several purposes. First is it is showing the public and other
practitioners exactly how it's done. What does it look like
inside of an attack and what does it look like inside of the blue team defending it?
I think it's also broadening the appeal of cybersecurity past the technology practitioners
to show them that there is a wide array of roles and a wide array of applying that in an exciting manner. And I think
it only helps our industry drum up interest in everything that we do. The other side effect to
this is that the attackers and the defenders, they've got to be innovative. In order to win,
they have to think outside the box. And this is after after being an avid gamer, a 30-plus year gamer, and actually I've done eSports in the early 2000s with Counter-Strike, I'm fascinated by this in the sense that when you play a computer game, you're playing on a playing field or on a map that everyone knows.
You're playing it at home, then you go to the eSports arena and you play it there.
And there's not that much innovation or disruption. There might be some little tactics and techniques you
can employ to thwart the enemy, but we pretty much know how those games are going to go.
And if we were to take eSports to the next level around cybersecurity, then we're seeing people
innovate and adapt and overcome the obstacles that are put in front of them.
And that's good for a couple of reasons. First is it shows us practitioners new ways to apply it,
but it also elevates our playing field when it comes to disrupting the enemy or disrupting
our adversary. So I am, for one, I'm very excited about this. I'm not sure that there's going to be
a huge appeal. I'm not sure if there's going to be a huge appeal.
I'm not sure if it's going to be in the top 10 of channels on Twitch, for instance. But I do think
that we're going to start to see more and more of this. I'd love to see a company step in and start
to do rankings and do teams. I mean, I'd love to have my incident response team go toe-to-toe
with our competitors that we see every day out there,
as long as there's a fair and even playing field. It's interesting, too, I think that there's this
emphasis on teams, which I think goes against that stereotype of the lone hacker banging away
on the keyboard by themselves. That teamwork is really a part of this. There is a battlefield
analogy, and that is you want to go into battle with people that you trust, that you have experience
with, that you can anticipate their every move. And I think it's like that, even though it's a
little bit of a different analogy, but it's like that in the corporate world as well. You want to
train like you fight, and you want to fight like you train. And this is a great
way to do it. And it's a fun way and it keeps people interested. All right. Well, Justin Harvey,
thanks for joining us. Thank you.
Cyber threats are evolving every second and staying ahead is more than just a challenge.
It's a necessity. That's
why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses
worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see
how a default-deny approach can keep your company safe and compliant.
And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker too. The CyberWire podcast is proudly produced in Maryland out of the startup studios
of DataTribe,
where they're co-building
the next generation
of cybersecurity teams
and technologies.
Our amazing CyberWire team
is Elliot Peltzman,
Puru Prakash,
Stefan Vaziri,
Kelsey Vaughn,
Tim Nodar,
Joe Kerrigan,
Carol Terrio,
Ben Yellen,
Nick Volecki,
Gina Johnson,
Bennett Moe,
Chris Russell,
John Petrick,
Jennifer Iben,
Rick Howard, Peter Kilpie, and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow. Thank you. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.