CyberWire Daily - Daily: Good guy update: SWIFT. Bad guy update: Turla, CryptXXX, DMA Locker, Flash 0-day... Bonus: Scunthorpe Problem.
Episode Date: May 24, 2016In today's podcast, we hear about Turla's return, this time in an espionage campaign against Switzerland's RUAG. The Panama Papers and other hacks prompt reiteration of lots of good, if familiar advic...e, some of it directed at the US Congress and other small businesses. The TeslaCrypt proprietors seem less remorseful than resourceful, as they shift to CryptXXX. SWIFT plans to announce a security upgrade today. US Cyber Command announces the winners of its $460 million IDIQ. Guccifer prepares to cop a plea, and the Scunthorpe Problem surfaces in Oxfordshire. We also hear about cloud storage security from Quintessence Labs, and Protemus talks to us about medical records' privacy. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Turla Malware returns, this time in Switzerland.
Lessons we should all learn from the Panama Papers, and that's you too, Congress.
Tesla Crypt's proprietors seem to have found it easier to move on to CryptX than to go straight.
The recently patched Flash Zero Day has appeared in the Angler, Neutrino, and Magnitude exploit kits.
Swift gets ready for a security upgrade.
The U.S. Department of Justice investigates allegations of retaliation against whistleblowers.
Guccifer cops a plea.
And the Scunthorpe problem is with us still.
I'm Dave Bittner in Baltimore with your CyberWire summary for Tuesday, May 24, 2016.
Turla espionage malware is back, and it recently hit Swiss defense firm RUAG. Switzerland's CERT
described the incident as a patiently staged and executed attack
using Epic Turla, previously seen in espionage directed against governments,
military organizations, and embassies. The attacker used complex sets of vectors to gain
access to closely targeted accounts, then pivoted through the compromised networks to achieve their
goals. The campaign appears to date to 2014 at least. No attribution yet,
but Turla is generally held to have an Eastern European, almost surely Russian, provenance.
The Panama paper's post-mortems proceed, reaching some consensus among observers that Masak Fonseco
was the victim of an SQL injection attack, the oldest hack in the book, as ITProPortal puts it.
injection attack, the oldest hack in the book, as ITProPortal puts it. AFCEA's Signal blog offers lessons from the incident, and they're familiar. Segment data, impose access controls, and encrypt
information. Also, monitor your network traffic and respond quickly to evidence of compromise.
Similar advice is also being offered in a bipartisan way to the U.S. House of Representatives
by two of its members, Representatives Will Hurd, a Republican from Texas in the 23rd District, and Ted Lieu,
Democrat from California in the 33rd. They emailed their colleagues Monday to offer some
good advice on security. Of interest, they show some love for encryption.
You'll recall that ESET recently received the keys to TeslaCrypt, along with expressions of remorse and implied promises of reform from the ransomware's criminal masters.
There was, it appears, less altruism here than met the eye.
Bleeping Computer says TeslaCrypt's impresarios appear to have made a simple business decision to transition to Cryptex.
Ransomware has recently hit healthcare enterprises.
The medical sector faces other
challenges as well, notably securing the privacy of patient records. We spoke with Robert Lord
from Protennis about why this is difficult and what can be done about it. What we noticed from
the inside was that it was a real challenge to protect electronic medical records because
there's a huge attack surface that's inherent
to medicine itself. And what this means is that if you have any access to an electronic medical
record, you essentially have ubiquitous access to it. You can't necessarily use drool-based
access control or network segmentation or a lot of the other tools that are used to control and
protect data in these networks.
Because the challenge is, in health care, everyone needs to be able to access most of the data, most of the time.
One of the challenges the medical industry faces is that medical records can be extremely valuable on the black market.
Depending on the source, while a social security number goes to about a quarter on the black market and a credit card number a dollar, an electronic medical record can go for upwards of $1,000.
And this is because medical records can be used for a wide array of very specific and
dangerous threats.
They can be used for Medicare fraud.
They can be used for prescription fraud.
They can be used for good old-fashioned identity theft.
They can be used for medical blackmail in cases where individuals might have sensitive
diagnoses.
Robert Lord warns that a lack of confidence in the security of medical records isn't just
a consumer issue. It could be slowing down the development of new treatments as well.
There are still a lot of issues around trust with this data. Until you have systems that
ensure the appropriate use, user by user, patient by patient, scenario by scenario,
of all of this data, you're not really
going to be in a situation where people are going to feel comfortable processing, analyzing, and
using that data for anything from clinical trials to personalized medicine to the wide array of
promises that have been levied by the EMR industry. So I guess where I see things going is I think that privacy and security enhancing
technologies like ProTennis will really pave the way for advances that right now have been slowed
and blocked for a variety of different reasons. But I think that once we can restore that trust
in healthcare, we're going to see an explosion using all of the data that we have, using all
of the information and people feeling that not only is it providing benefit, but they don't need to make that privacy and security
trade-off that right now I think people feel a lot of tension around. That's Robert Lord from
Protennis. The recently patched Flash Zero Day has now been integrated into at least three exploit
kits, as FireEye, Proofpoint, Cyfort, and Caffeine have told ThreatPost.
It's being distributed with Magnitude, Angler, and Neutrino.
In industry news, the Swift funds transfer system plans to release a plan for upgrading
security sometime today. The organization plans to improve information sharing,
harden security requirements for its member institutions, and offer those members help
in detecting fraud through some form of pattern recognition. IBM may be preparing another round of layoffs, but that doesn't mean
it's not hiring. It is, just not in those areas supporting business lines it's exiting.
Security types remain in demand. vArmor has raised $41 million to support expansion of its data
center and cloud security business.
U.S. Cyber Command has announced the companies who've won places on its big, that's $460 million big, cyber IDIQ contract.
The primes include KeyW, Vencor, Booz Allen Hamilton, SAIC, CACI Federal, and Secure Mission Solutions.
Romanian hacker Marcel Leal Lazar, better known by his nom de hack Guccifer,
is preparing to plead guilty to several charges in U.S. federal court.
Guccifer is famous for his claims to have doxxed former President Bush
and to have pwned former Secretary of State Clinton's now-famous and controversial Homebrew email server.
The latter claim is disputed by both Ms. Clinton, who says it never happened,
and the State Department, who says there's no evidence it happened.
In the U.S., dismissed Department of Defense Assistant Inspector General John Crane
has filed charges with the Office of Special Counsel
alleging illegal retaliation against whistleblowers.
At least one of the charges has been referred to the Justice Department for investigation. Finally, if you didn't think that acting
against terrorist information operations was technically tough, consider the pitfalls the
ambiguity of natural language places in the technologist's path. Residents of Oxfordshire
are having trouble with PayPal, which, with the best intentions in the world and considerable official encouragement, is blocking payments headed for ISIS.
Unfortunately, there's an ISIS river nearby, and plenty of innocents live on streets with
names that include the word ISIS.
We'll leave it as an exercise for you to come up with other innocent usages of ISIS.
This issue of having problematic words embedded in innocent words is known as the
Scunthorpe problem, and we'll also leave it to you to figure out why. We are, after all, a family show.
Do you know the status of your compliance controls right now? Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection
across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Cyber threats are evolving every second. Thank you. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
Joining me once again is John Lisebore.
He's the CTO at Quintessence Labs,
one of our academic and research partners.
John, I know you all do a lot of research with cloud data storage,
particularly on how to protect your data in the cloud.
Yes, cloud data storage is one of those areas
that we're seeing increasing take-up by many, many different individuals and organisations.
Most of us have subscriptions to some sort of cloud storage service, like Dropbox or Drop, or maybe at enterprise level we're using Google AWS or Glacier or something like that.
using Google AWS or Glacier or something like that.
And what we're doing when we're using these services is we're handing over our information, our data,
to the operators of those services.
In some cases, that's OK.
We might not be too worried about having our information stored
and managed in someone else's system.
And in fact, from a cost and operational point of view,
it's very advantageous. It's a lot easier to use someone else's system. And in fact, from a cost and operational point of view, it's very advantageous.
It's a lot easier to use someone else's well-managed
and secure, to some degree, system to store our data.
But when it comes to data that is particularly concerning
with respect to loss or...
And by loss, I mean, I I guess loss of confidentiality information,
then we need to have a bit of a closer think, a bit of a harder think about how we use cloud data storage services.
I'm not saying we shouldn't trust cloud storage vendors, but I guess like most of the listeners here today,
I am concerned that when I hand over my data to a third party, that third party
not only contractually is bound to look after my data properly, but actually does look after
it, even in the face of perhaps a subpoena from a relevant authority or even from accidental
revealing of information stored in their services.
So with cloud data storage, how to protect it, I guess if we have those sorts of concerns,
I think there's only one real answer,
is to look to encryption technologies
to protect that information.
But when using those encryption technologies,
make sure that encryption is performed in such a way
that the provider that's storing the information
is not in control of the keys.
So that might mean encrypt your data
before you pass it out to a storage service,
or it might mean use two or more different vendors out there
to handle a different part of each piece of the storage solution.
So perhaps one vendor manages the keys,
another vendor manages the actual storage itself.
And through that sort of methodology,
you can provide a bit of a higher level of protection around that information that you're
giving to someone else to look after on your behalf. John Leisabore, thanks for joining us.
And now a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home,
your company is at risk. In fact, over one-third of new members discover they've already been
breached. Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Thank you. you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.