CyberWire Daily - Daily: Dark web observations on coups and lists. Pokémon Go and the madness of crowds.
Episode Date: July 18, 2016In today’s podcast, we hear about social media’s role in the suppression of the coup d’ état in Turkey. The United Cyber Caliphate and the competing “Peace Brigades” release overlapping and... competing target lists. Ukrainian nationalist hacktivists hit Poland’s Ministry of Defense. “Delilah” is a backdoor Trojan built for blackmail, and “Wildfire” is a new strain of ransomware. Some databases for sale on the Dark Web look like junk. Deloitte's Emily Mossberg shares insights from their latest report, and John Leiseboer from Quintessence Labs explains the security benefits of interoperability. Pokémon Go looks like the biggest mania since the 17th Century’s tulip craze. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K. at the Twitter feeds. The United Cyber Caliphate and the competing Peace Brigades release overlapping
and competing target lists.
Hacktivism in Eastern Europe
likes neither Russia
nor NATO.
Delilah is a backdoor Trojan
built for blackmail.
Wildfire ransomware
looks like the work
of the Russian mob.
Some purported databases
for prominent sale
in the dark web
look like junk.
And of course,
Pokemon Go
looks like the biggest mania
since the 17th century's tulip craze.
I'm Dave Bittner in Baltimore with your CyberWire summary for Monday, July 18, 2016.
Turkey's President Erdogan seems firmly in the saddle as his government puts down an apparent coup d'etat over the weekend.
A purge of both the judiciary and security forces is in progress.
Those who were said to have attempted to depose the president are said to have seized some mass communication media,
but they either overlooked or were unable to cope with Twitter.
The entire incident was tracked by tweets, which is ironic at best given the Erdogan administration's ambivalence
about social media and its periodic efforts to rein them in. The government's use of Twitter
seems to have significantly contributed to the president's ability to prevail over the attempt.
We'll be watching for hacktivist or state-sponsored operations in response to the coup.
For now, however, such activity seems limited. Terbium Labs has told us that they observed signs of one Turkish group
breaching and exposing a Russian government database over the weekend,
which they view as in line with long-standing Turkish efforts
to push back against both Islamist and Russian influence,
insofar as such affects regional stability.
ISIS names more people in the U.S. and elsewhere as targets,
marking them by name as crusaders and encouraging the caliphate's followers to strike them.
The announcement was made online by the United Cyber Caliphate, ISIS's nominal cyberspace arm.
Iraqi Shiite leader Motadha al-Sadar, whose peace brigades have fought the prominently Sunni forces of ISIS, has also announced some new and perhaps unexpected targeting.
prominently Sunni forces of ISIS, has also announced some new and perhaps unexpected targeting.
He advises that he will consider U.S. forces deploying to the region to fight ISIS targets.
These statements, widely disseminated online, coming as they do after recent terror attacks,
leads analysts to wrestle with the difficulty of distinguishing terrorists from people who are, as the New York Times calls them, simply deranged.
Some think terrorist is used tendentiously and too expansively,
but others argue that, given ISIS and similar groups' calculated appeal to the disaffected,
the unsuccessful and unstable, a distinction without a difference.
In other nationalist hacktivism, a Ukrainian nationalist faction,
anti-Russian but not happy about NATO either,
claims responsibility
for a cyber attack on Poland's defense ministry.
Diskin Advanced Technologies reports on Delilah, a backdoor Trojan criminals are using to infect
and blackmail employees who visit adult or gaming sites.
It collects information about the employees' dodgy surfing, then recruits the victims to
steal and report corporate information.
Failure to comply results in exposure. The insider threat comprises one aspect of cyber risk.
There was much discussion last week at Cynet's Innovation Summit of Risk Management.
Today we'll hear from Deloitte's Emily Mossberg, who talked us through her firm's latest report
on cyber risk, Beneath the Surface. She told us that many conversations about cyber
risk were only seeing part of the picture. There was a lot of dialogue focused on how do you
quantify a breach of personally identifiable information and a lot of focus on the notification
and customer protection mechanisms following a breach of personally identifiable information. But we knew
through working with our base of clients that there really were a number of broader impacts
that they were experiencing that really didn't seem to be part of the current equation.
The report organizes potential impacts from a cyber breach into two main categories,
above the surface and below the surface, and uses a metaphor of an iceberg to illustrate the concept. Above the
surface risks include things like the technical investigation, public relations, regulatory
compliance, and attorney's fees. But it's the below the surface factors that Mossberg says
aren't getting the attention they deserve. Things that were not typically talked about,
and that included things like the value of lost intellectual property. Things that were not typically talked about, and that included things like the value
of lost intellectual property. Not that a breach of intellectual property is never contemplated,
but we hadn't seen a real value or calculation related to what that might mean to an organization.
Things like loss of contract value, as well as lost customer relationships.
Then we have things like operational disruption and destruction. Again, most of the conversation
around breach and incidents revolves around a breach of information. There hasn't been as much
focus on what are the true costs if part of the business is unable to function or there is a true disruption
of service. The report makes the case that while the above-the-surface risks get the most attention,
it's actually the below-the-surface ones that can be the most costly.
90% or greater of the total impact ends up being beneath the surface. And so what that really
compels organizations to do is to, one, think about this problem a little bit differently than they've been thinking about it before, and look to additional mitigation strategies as it relates to how they secure the assets, how they monitor those assets, and how they plan to respond when they actually have an incident.
Mossberg says she hopes the report spurs conversations among stakeholders.
How do we start to change the way that we talk about this and think about this
to align more with a broader enterprise risk management strategy
so that we're doing scenario planning around cyber risk similar to
the way in which we're doing scenario planning for broader enterprise risk management. That's
Emily Mossberg from Deloitte. The report is titled Beneath the Surface of a Cyber Attack.
And a program note, you can hear more from Emily Mossberg and other experts in our upcoming special edition,
Quantifying Cyber Risk, which will be published July 19th.
Ransomware continues its romp through corporate networks.
Cisco OpenDNS researchers have uncovered a new variant, they're calling it Wildfire,
that appears on internal evidence to be the work of Russian organized crime.
Several vendors are working on answers to the ransomware threat.
We heard at Cynet's Innovation Summit that big customers are also big integrators of security products,
often trying to pull together dozens of different solutions.
Later on this podcast, we'll hear from Quintessence Labs' John Lisabore,
who talk us through the interoperability challenges this situation presents.
who talk us through the interoperability challenges this situation presents.
Even as new threats appear, old malware variants still comprise the dominant forms of malicious code in circulation.
Configure still holds its lead by a comfortable margin, with Sality trailing in second place.
Relative newcomer mobile malware Hummingbird has risen into third place,
at least as Checkpoint sees the leaderboard.
More files purporting to be stolen databases are for sale on the dark web, but some of them are more sizzle than steak, or if you prefer
more hat than cattle. A widely reported Amazon Kindle credential database being hawked in one
of the black markets, for example, struck many at the time of its discovery as largely bogus,
and we've received some confirmation today from Terbium Labs that those suspicions are well-founded.
To them, it looks like junk, mostly, a bot database.
The backtraces, they said, are from something running in Azure and running a Selenium crawler, presumably to download free Kindle books.
Pokemon Go now amounts to both a cyber-physical security phenomenon and the latest chapter in the history of the madness of crowds.
The game is wildly popular, and if the videos we're seeing of self-organized mobs of Pokémon trainers surging through public parks is any indication,
it's at least as popular among adults as it is among children.
One such herd was observed stampeding after Vaporeon.
This struck our technical editor as surprising, given that you can evolve Vaporeon on your own.
We hasten to reassure the suits that our technical editor heard this from someone else, we think,
not that he's, like, playing Pokemon on company time or anything like that.
And there's plenty of other Pokemon Go news you can use,
not the least of which are the emergence of a large number of malicious and bogus Pokemon Go apps
that will snare the unwary, so download with caution.
And please do watch where you're going as you pursue the Pokemon.
Joint Base Lewis-McChord, for example, near Seattle,
has asked trainers not to chase Pokemon into sensitive areas of the base.
You're welcome, General Lanza.
Some people, however, we encourage to follow where the Pokemon lead,
especially if you're in Manchester, New Hampshire,
where the police department has helpfully notified a number of wanted felons
that a Charizard, a freaking Charizard, has been spotted inside their main station.
Go get them, Granite State's most wanted.
And Manchester PD, catch them all.
Paradise is an all-new series set in a serene community
inhabited by some of the world's
most prominent individuals.
But this tranquility explodes
when a shocking murder occurs
and a high-stakes investigation unfolds.
Starring Sterling K. Brown,
James Marston,
and Julianne Nicholson.
Paradise is streaming January 28th only on Disney+. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI. Now that's a new way
to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash
cyber for $1,000 off. Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization
runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep
your company safe and compliant. And I'm joined once again by John Lisisebar. He's the CTO at Quintessence Labs, one of our academic and research partners.
John, I know one of the concepts you wanted to share with our listeners was interoperability.
What can you tell us about that?
Sure.
So interoperability commits the exchange of information between components of a system.
So, for example, the ability to exchange emails,
the ability to display an image on a television screen,
the ability to use the global positioning system,
the car navigation system to help you drive to a new destination.
So it's all about making it possible to use different vendors' equipment
to allow for the exchange or the display or the reproduction of information
in a way that would expect it to all work transparently.
Interoperability amongst different vendors' products
really empowers users to deploy components in a system
with some degree of confidence that they'll work together
and they'll work together properly.
It provides users with choice.
It enables diversity in system deployment,
which is extremely important for reliability, availability,
and for security.
Without diversity, a single vulnerability could allow,
for example, a breach of many different systems.
It allows the effort required by an attacker to be much lower,
but it also increases the likelihood of
successful attack. So interoperability is all about protecting us from single points of failure.
So when we're talking about cybersecurity in particular, what are some of the challenges
that we face when it comes to interoperability? Some of the challenges with interoperability,
when we're talking about cyber security systems relate to ensuring
that the algorithms we use, the data formats being used, the protocols for exchanging information,
that they not only permit that exchange of information freely amongst the different systems,
but that they also do it in a secure fashion.
There are many ways of exchanging information, some of which are more secure,
some of which are less secure. So one of the real challenges is finding the appropriate
interoperability standards that are implemented correctly as well.
All right, John Lisebore, thanks for sharing the information. We'll talk again soon.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home,
your company is at risk. In fact, over one-third of new members discover they've already been
breached. Protect your executives and their families 24-7, 365 with Black Cloak. Learn more
at blackcloak.io.
And that's The Cyber Wire. We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Thank you. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com