CyberWire Daily - Daily: Anonymous hits Bank of Greece. I am Satoshi!
Episode Date: May 3, 2016In today's podcast we look quickly at the current state of the cyber war between the US and ISIS. Anonymous is out to punish banks with DDoS for "crimes against humanity," and criminals continue to ho...ne their ransomware game. The US security clearance system seems set to move toward FICO-like scoring. Joe Carrigan from Johns Hopkins University explains why medical records are so valuable on the cyber black market. Bob Hansmann from Forcepoint returns for more findings from their 2016 threat report. And Satoshi Nakamoto seems as airborne as ever. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
U.S. Cyber Command is said to be enjoying success against ISIS finances and command and control.
ISIS sympathizers hit back online with more attempts at inspiration.
Anonymous launches a DDoS campaign against the Bank of Greece.
The hacktivist collective vows to punish the world's financial institutions
for what it characterizes as their crimes against humanity.
And a U.S. magistrate tells a California woman to let the FBI use her fingerprints to unlock an iPhone.
It's a search warrant in a drug case.
FBI use her fingerprints to unlock an iPhone.
It's a search warrant in a drug case.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Tuesday, May 3, 2016.
The U.S. cyber offensive against ISIS continues to report inroads against the terrorist group's finances and command and control apparatus.
These are targets Cyber Command is well equipped to hit.
ISIS's information ops reach will be harder to shorten.
Hacktivists who find inspiration in these self-proclaimed caliphate's online murders
have called for death to U.S. drone pilots,
but as its physical territory shrinks,
ISIS will continue to seek to expand its footprint in cyberspace.
Anonymous has hit the Bank of Greece with a distributed denial-of-service campaign.
The hacktivist collective is calling it, curiously, Op Icarus,
where one might think Op Daedalus or Op Hermes might be better,
since Icarus, after all, crashed after soaring too close to Helios.
The goal of Op Icarus is to force the world's financial institutions to atone
for what Anonymous characterize as bankers' crimes against humanity.
Some of the bank's services were offline for about six hours, according to Hack Read.
Greece is said to be just the first.
A video warns that banks in Bangladesh, Brazil, China, Iran, Pakistan, the U.S., and the European Union are also in the crosshairs.
Pakistan, the U.S., and the European Union are also in the crosshairs.
DDoS may be a preferred hacktivist attack method, but ransomware continues to hold its place in the criminal underworld. New techniques and variants aim to stay ahead of the defenders. According to
Avira, Lockheed is now encrypting its command and control communication to make it more difficult
for defenders to sinkhole the criminal sites. Proofpoint notes that about 24% of all emails found with malicious attachments
in the first quarter of this year were distributing Lockheed.
The runner-up was the Drydex banking trojan,
which itself is increasingly being adapted to serve ransomware attacks.
There's no need to look far to explain ransomware's popularity.
Willie Sutton could have answered that question.
There's a widespread perception in the underworld
that cyber extortion offers easy money.
On Monday's show, we heard from Forcepoint's Bob Hansman,
who shared highlights from their recently published threat report.
We continue our discussion today,
starting with the threat of what he calls accidental insiders.
On the insider threat, the accidental insider could be somebody
who has simply fallen for a social engineering type of attack so that they've been part of an
external attack. But there's also the cases where they do a reply all. They post information they
don't realize is sensitive to their Facebook account. Somebody who posted that, hey, our
company did really great this quarter, and yet the financial earnings have not been reported yet, and so there's legal consequences.
We also saw a case a couple years ago where an employee was doing a regular process, sending tax information out to citizens of a city. and in the end sent everybody's personal information and tax details to the next person on the list
because the email merge process was off by one.
And they never tested it and ended up exposing everybody's information to everybody in town.
We also discussed the inevitable tension between IT and employees who just want to get their work done.
Hansman suggests that IT departments be mindful of their attitude.
IT has developed this reputation as the department of no.
No, you can't do that. No, that's got some problems.
We haven't looked into that. We don't have time for that.
That's where we have shadow IT.
People are adopting their own technology.
Sometimes it's because there isn't an official solution.
Often it's simply because nobody wants to ask IT.
If you ask IT, you'll be told no. It's better to just go ahead, get a third-party service,
use it, and ask forgiveness later. At least we can get our jobs done. So IT needs to become more
proactive. They need to start being polite when people call and ask, hey, I want to share a large
file. Instead of saying, oh, we've had that for three years.
Why isn't anybody using it?
Let me show you where it's at.
Instead, they should say something like, you know, I'm glad you asked,
and deliver it in a more positive tone and become an assistant to help departments get their jobs done.
Not that department that, if I've got a problem, I'll call them.
Otherwise, try and keep them out of your business.
That's Bob Hansman from Forcepoint.
Their website is forcepoint.com.
The U.S. security clearance system may soon undergo a significant shift,
moving toward a FICO-like insider threat scoring system.
That score would be based on a number of factors,
among which the social media activity of
cleared personnel would figure prominently. Another feature of the emerging security system
would be continuous monitoring of government networks and users. NextGov quotes the director
of the Defense Security Service as calling the amount of illicit adult material just unbelievable,
and by illicit he means clearly illegal.
A U.S. magistrate judge has ordered a woman to let the FBI unlock her iPhone using her fingerprints,
pursuant to a search warrant, a development that will surely raise issues both biometric and constitutional.
And finally, where's Satoshi?
The elusive inventor of Bitcoin seems to have been cited less frequently than Sasquatch.
Errata Security outlines how it's possible for anyone to claim to be Satoshi Nakamoto.
Read through the post at blog.erratasec.com and judge for yourself.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel,
Night Bitch is a thought-provoking and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI. Now that's a new way
to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash
cyber for $1,000 off. Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization
runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep
your company safe and compliant. Once again, I'm joined by Joe Kerrigan from the Johns Hopkins University Information Security Institute,
one of our academic and research partners.
Joe, I read recently something that was interesting in an article.
They were saying that medical records information is particularly valuable
because unlike a credit card, your medical records cannot be reset.
Right.
What the medical record contains that is particularly valuable
is all of your personally identifiable information
that is necessary to steal your identity.
So it contains like your name, your address, your date of birth,
your social security number in many cases,
other information as well that could be used to verify your identity.
Additionally, there's also a more sinister aspect to this, and that is if you have something in
your medical record that you don't want being made public, that that actually provides an
opportunity to extort you to keep that information private. And the prime example of this is if
someone is HIV positive and they just don't want that information to be made public.
And of course, the most valuable information is that the hospital has about the patients
themselves. And that's where the ransomware comes in, in the medical facilities themselves.
Right. That's where the information is most useful is when the patient and the practitioner
need to access it to diagnose or to treat the patient. So that's why we're seeing this increase
in ransomware.
It's because these malicious actors know
that the biggest value of this information
is when the practitioners can access it
to treat the patient.
And if they can't do that,
then they might be willing to pay a large price
to get the information back.
Right, we're talking literally
about life and death situations potentially.
That's right.
And so we've seen on several cases, it's easiest for the hospitals to simply pay the ransomware.
That's what happens.
Yeah, interesting also that when they pay, the records get unlocked.
Well, that's right.
That's almost what has to happen because the malicious actors almost have to unlock the files
or else the ransomware business model doesn't work because people realize,
okay, now I'm in a hole
because my data has been encrypted, but I'm not going to deepen that hole by paying some money
to somebody who's not going to unlock my files. Right. And of course, the lesson is always have
recent backups of your files. That's right. The first four rules of owning a computer are backup,
backup, backup, and backup. All right. Joe, thanks again for joining us.
My pleasure.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your
company's defenses is by targeting your executives and their families at home. Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And that's the Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
solutions that are not only ambitious, but also practical and adaptable. That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses
that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your Thank you.