CyberWire Daily - Daily: Australia's new cyber strategy, Dorkbot's old; CryptXXX is new.
Episode Date: April 21, 2016In today's Daily Podcast we hear about CryptXXX—recently discovered ransomware—and about old, familiar Dorkbot. The US Congress continues to mull legislation that would mandate decryption, and the... banking and tech sectors don’t care at all for what they see in those pending bills. Australia announces its cyber security strategy, and says that its national capabilities definitely include offensive ones. Jason Lewis from LookingGlass warns us about third party network access, and Dale Drew from Level 3 Communications emphasizes the importance of collaboration. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Cyber criminals and some apparent state actors show some old tricks and some new ones,
and all of them are working.
Crypto legislation being considered by the
U.S. Congress gets very little love from industry. ISIS expands its information campaign in Africa
as the U.S. gets more active and open in cyber operations against the extremists.
Australia announces a big science push for more cyber capability
and says it has and will continue to develop an offensive cyber capability.
and says it has and will continue to develop an offensive cyber capability.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Thursday, April 21, 2016.
Cyber crime eclipses hacktivism at midweek,
with examples of both novel malware and old well-known threats working damage.
Criminals being nothing if not opportunistic,
as chip and PIN cards are adopted more widely in the U.S., the cyber gangs are making a last-minute push
to compromise legacy magnetic strip-swipe systems
before they're superseded in the very large American retail market.
FireEye and its recently acquired EyeSight unit
are tracking the familiar carding gang Fin6, which is more
active than usual in attacking vulnerable point-of-sale systems and selling paycard
data on black market carding sites.
Proofpoint is continuing to report on the circulation and behavior of CryptXXX ransomware
in the wild.
This recently discovered strain of malware came to the notice of researchers only
last week. The cryptocurrency community is particularly concerned with CryptXXX,
since the ransomware is particularly well positioned to extort payment in Bitcoin.
If CryptXXX represents the new, then Dorkbot can represent the old, and serve as a reminder that it
can take some time for old cyber-mob soldiers to fade away.
The Dorkbot worms' infrastructure was taken down last December after roughly five years of activity.
Unfortunately, when crimeware infrastructure gets whacked, it doesn't go down as fast as
Sunny Corleone, and Dorkbot is back in circulation, crippled but not eliminated.
ESET warns that Dorkbot is being used in attacks on bank accounts
and to lock systems in order to hold them for ransom.
You may be fairly confident that you've got your own network locked down,
but what about your third-party vendors?
They may have legitimate reasons for needing access to your network,
but according to Jason Lewis from Looking Glass,
they can also be a vector for vulnerability.
The best example is the Target breach happened last year. They were actually, you know, their
network was pretty secure, but it turns out one of their vendors, which is an HVAC company,
had access to the network. And so the attacker gained access to the HVAC company and then used
that access to get on Target's network. And then from there, they were treated just like the third-party vendors. So they're trusted. And the next thing
you know, they're uploading malware to the point of sale systems and just collecting credit cards.
Lewis says that much of the increased attention to third parties is being driven from the top down.
The ones who are at the cutting edge are the ones that are making a lot of money. So financials,
banks, those folks, they know those risks
and they're starting to address them.
And I think we're reaching that stage now where they're starting to bring up
these teams that are dedicated to looking at third parties.
And as those big banks start to implement those things,
it impacts everyone else.
So when that gas station with the credit card stuff
suddenly can't get access and they can't sell gas,
they may put some money into trying to make sure their network is more secure.
As for prevention, Jason Lewis offers this practical advice.
Well, it's monitoring. I mean, it really boils down to you have to be looking for those things
to be able to do anything about them. So, you know, step one is you lock down your network.
If a partner doesn't need to have access to corporate email or corporate file servers,
then you don't give them access.
You kind of limit it that way.
And then from there, you need to be logging.
A lot of folks use IDS.
A lot of folks use different scanners for malware and those kind of things.
So the minimum is make sure that you're looking for things that are anomalies on your network.
And then from there, you focus kind of like a pinpoint on those third-party connections to make sure that traffic is legitimate.
That's Jason Lewis from Looking Glass. Their website is lgscout.com.
The spread of encryption, most recently in WhatsApp, suggests that technology may soon render the ongoing round of crypto wars moot.
Legislation mandating various forms of decryption in the service of law enforcement is still being considered in the U.S. Congress.
It's attracted few fans outside relatively narrow law enforcement precincts.
Microsoft, Facebook, and Google are all publicly opposed to the measures,
and American Banker is running an op-ed series characterizing the proposed legislation as nothing
less than an attack on online banking. To be fair, we must note that the law enforcement
agencies who favor some sort of legislative support of decryption in response to a warrant
are neither ill-informed, provincial, nor technically clueless. They include both the U.S. Secret Service and the FBI.
We heard some Secret Service criticism of widespread, strong, and effectively unbreakable
encryption at SINET ITSEF yesterday, where we also heard some equally well-presented
counterpoint from the Electronic Frontier Foundation.
Australia announced its national cyber strategy yesterday.
It features a strong commitment to applied cyber research
and development of a world-class domestic security industry.
Interestingly, Australia also joined two of the other Five Eyes, the US and the UK,
in openly declaring that it has and will continue to develop an offensive cyber capability.
Finally, remember that report last year that something happened at
Australia's Federal Bureau of Meteorology? A hack or an outage? Something like that? Well, it turns
out Prime Minister Turnbull said yesterday that yes, it was indeed a cyber attack, as was widely
reported at the time. We'd say, looking at that confirmation coming in tandem with an avowal of
offensive cyber capabilities, that the forecast down under may be a little bit stormy. I was sick, but I am healing. Returning to W Network and Stack TV. The West Side Ripper is back.
If you're not killing these people, then who is?
That's what I want to know.
Starring Kaley Cuoco and Chris Messina.
The only investigating I'm doing these days is who shit their pants.
Killer messaged you yesterday?
This is so dangerous. I got to get out of this.
Based on a true story.
New season premieres Monday at 9 Eastern and Pacific.
Only on W.
Stream on Stack TV.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this. More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI. Now that's a new way
to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash
cyber for $1,000 off. Adams stars as a passionate artist who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn as she discovers the best yet fiercest part
of herself. Based on the acclaimed novel, Night Bitch is a thought-provoking and wickedly humorous
film from Searchlight Pictures. Stream Night Bitch January 24 only on Disney Plus. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
I'm joined once again by Dale Drew. He's the Chief Security Officer at Level 3 Communications. Dale, I think it's natural for many companies to like to keep their findings
close to their vest, but you think collaboration is important. I do. I mean, we've seen a trend in the industry where threat intelligence data is becoming a for-profit business.
And so, as a result, information about attackers and attack techniques becomes sellable items
and therefore become very difficult for these companies to distribute freely. We really think that sharing of this information
quickly is going to allow the security industry to be adaptable to identifying
and stopping security threats faster than the bad guys are able to create capability.
Can you give me some examples of where collaboration has led to
good things happening, to new discoveries?
You know, it's our viewpoint that security infrastructure operates at different levels
of the ecosystem. Some security infrastructure protects applications, some protect data,
some protect network assets. When you're able to share threat data across all of those ecosystems,
then each of those security infrastructures can better protect
the entire infrastructure as opposed to just single layers of the infrastructure.
We identified recently, as an example, we identified a network-based attack
of a very sophisticated and emerging credit card scam that was starting out in Europe.
We shared that information with the industry the moment we detected it.
Not only did we block it on the backbone,
but we also shared the signature with the industry.
The industry was then able to take that data,
put it into their product portfolio,
and prevent that credit card scam from becoming the next black POS attack.
So what's your advice to companies who are maybe a little bit skittish about sharing their information?
You know, we really believe that the industry needs to focus on sharing threat information
as opposed to today, people are sharing information that demonstrates the identity of the customer or the attacker.
identity of the customer or the attacker. So we think that sharing information about the actual threat itself will really alleviate a lot of the concerns that people have about identifying
themselves as a victim or the source of an attack. Dale Drew, thanks for joining us.
And now a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home,
your company is at risk.
In fact, over one-third of new members discover
they've already been breached.
Protect your executives and their families
24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Thank you. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com. That's ai.domo.com.