CyberWire Daily - Daily: Hacktivism vs. Italy & the UN. Ransomware update. Report on healthcare's cyber threat model. Apple takes the 5th?
Episode Date: February 25, 2016Daily: Hacktivism vs. Italy & the UN. Ransomware update. Report on healthcare's cyber threat model. Apple takes the 5th? Learn more about your ad choices. Visit megaphone.fm/adchoices...
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K. grounds. Team Poison is back and effing with the UN. Operation Blockbuster fingers North Korea in
the 2014 Sony hack. A study suggests that the health care sector is operating with the wrong
threat model. Apple's lawyers surprise observers by preparing a Fifth Amendment repose to the
Justice Department. Finally, the ghost of Joe Hill, or was that the Ice Wizard, walks the streets of
Silicon Valley.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Thursday, February 25, 2016.
Anonymous surfaces again in attacks on government websites in Italy's Apulia region.
The cause is said to be opposition to the Trans-Adriatic Pipeline Project, intended to carry natural gas from Azerbaijan. The opposition is based on fears
of environmental dangers the pipeline might pose to Apulia. In other hacktivist news, it appears
that Team Poison is back. The crew is widely believed to have been effectively dismantled
over the past few years by arrests or by drone strikes, the group's most famous alumnus
is thought to be the late Junaid Hussain, also known as Trick. The UN's World Tourism Organization
was briefly defaced this week and suffered a data dump by hackers claiming Team Poison membership.
Team Poison's Jimmy gave the motive. Quote, we owned the UN back in 11, said Jimmy. Only seem
right to F with them again. End quote. The industry
group running Operation Blockbuster against the Lazarus Group indicates that their research points
fairly conclusively to North Korea as the source of the 2014 Sony hack. This agrees with earlier
U.S. government attribution and runs counter to Norse's 2015 argument that the incident was a kind
of riot with many participants,
the North Koreans among them, but instigated by disgruntled employees working with hacktivists.
Operation Blockbuster also serves as an interesting case study of how cybersecurity companies can collaborate against threat actors. The usual churn continues in the world of
ransomware. CTB Locker, also known as Cryptroni, is back as a minor league counterpart
of Tesla Crypt, Cryptowall, and Locky. It's likely to remain minor league insofar as it targets
websites whose contents, of course, are routinely backed up and easily restored. Mobile health
records, an attractive option to the healthcare sector for many reasons, continue to exhibit
disturbing patterns of vulnerability and poorly resourced security. And it's not just mobile devices and networks that are problematic.
Independent Security Evaluators has released the results of a two-year study of hospital
cybersecurity it recently completed, and those results are discouraging, especially insofar as
they suggest medical device vulnerability to cyber attack. The Baltimore Sun's account is a bit
breathless,
suggesting the possibility of death by cyber,
but the risks appear quite real.
We spoke with Independent Security Evaluator's CEO,
Stephen Bono, about the report.
Our study was based around the question,
if one were to be so inclined,
how difficult would it be for them to break into
a cyber attack on a hospital of some kind?
We were getting interweb applications.
We did a USB experiment where we distributed USB drives.
We were able to access hospital systems from a lobby kiosk in one incident.
Today, almost everybody's talking about medical records. What we found is that most efforts by security vendors to provide security for hospitals
and most efforts by hospitals to be more secure are all centered around protecting the loss of these records
and not actually protecting the medical devices that, if compromised, could harm a person.
You can read the Hacking Hospitals Report at securityevaluators.com.
Proofpoint takes a look at hacker behavior and turns up some unsurprising trends.
Cyber criminals want, for example, banking credentials and regard fraudulent wire
transfers as their mother load. They also devote much attention to crafting spear phishing messages
for business email compromise. But here's one surprising trend.
Do you know that you're most likely to be phished bright and early on a Tuesday morning?
Neither did we.
Turning to industry news,
KeyW gets a nice boost in the markets after reporting better than expected earnings.
The company is also restructuring,
selling off its CETA unit, that's Systems Engineering and Technical Assistance,
to a Massachusetts firm for $12 million.
CEO William Weber tells the Baltimore Business Journal
that KeyW is considering strategic alternatives for its Hexis subsidiary.
Crypto wars being adjudicated in the courts now,
and Apple's lawyers are preparing a case as unexpected
as the Department of Justice's basing its own case on the All Writs Act.
It was expected that Apple would cite the First Amendment, as it apparently intends to.
It wasn't expected that they'd also cite the Fifth Amendment's protections against self-incrimination.
Some quick clarification on the case from the University of Maryland's Jonathan Katz,
who recently took us through the technical implications of Apple's dispute with the
Department of Justice. Apple didn't give FBI access to the disputed phone's iCloud data. The FBI didn't need Apple's
help. The phone was owned by San Bernardino County, and therefore it was within the county's
ability to grant access. It was widely but misleadingly reported that Apple had provided
the iCloud data in this case, probably because Apple had been served with a warrant. They didn't
provide the iCloud data. They didn't have to. And while the case may be decided in the courts, it's also
playing out in public. Apple CEO Tim Cook says that delivering compromised encryption would be
like distributing a carcinogen. The company is said to be working on devices that Apple itself
will have no means of breaking into. Verizon comes down on the side of strong crypto, and thus of
Apple, but Arizona's Maricopa County District Attorney says his department will no longer buy Apple
phones. Put down Maricopa County, then, in the FBI's column. And finally, there are signs of
employee discontent in Silicon Valley, and in this case we mean literal signs. Someone stuck
posters to lampposts on University Avenue in Palo Alto calling on Palantir employees to
and specifically telling them they should strike for bigger,
or at least non-zero, equity stake in their companies.
We have absolutely no idea what conditions are like at Palantir
or in any other Silicon Valley company,
but we do note the posters feature a dead unicorn.
To one of our stringers,
that unicorn looks more like an Adventure Time Rainicorn. I was sick, but I am healed. Returning to W Network and Stack TV.
The West Side Ripper is back.
If you're not killing these people, then who is?
That's what I want to know.
Starring Kaley Cuoco and Chris Messina.
The only investigating I'm doing these days is who shit their pants.
Killer messaged you yesterday?
This is so dangerous. I got to get out of this.
Based on a true story.
New season premieres Monday at 9 Eastern and Pacific.
Only on W.
Stream on Stack TV.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. hot yoga. Too sweaty. We could go skating. Too icy. We could book a vacation. Like
somewhere hot. Yeah, with pools.
And a spa. And endless snacks.
Yes! Yes! Yes!
With savings of up to 40% on
Transat South packages, it's easy to
say, so long to winter.
Visit Transat.com or contact your Marlin
travel professional for details. Conditions apply.
Air Transat. Travel moves us.
professional for details. Conditions apply. Air Transat. Travel moves us.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to
give you total control, stopping unauthorized applications, securing
sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your
company safe and compliant.
Malek Ben Salem is the R&D manager for security at Accenture Technology Labs,
one of our academic and research partners.
Malek, obviously we all know authentication is important,
but your research is taking it to the next level with behavioral biometrics.
Well, as you know, existing access control mechanisms and authentication mechanisms are limited in the sense that we rely a lot on passwords, which are easily stolen or gettable using password crackers.
So we want to complement those types of access control mechanisms with
behavioral biometrics. They're not easily visible, they're hard to mimic, and there's not a
significant impact from losing them. So if you lose a copy of your fingerprint, that may have
more great consequences than, you know, your behavior,
which is not easily observable or mimicked.
Give me a rundown of what kinds of things fall into the category of behavioral biometrics.
So things like, you know, how do you type?
How do you use a keyboard?
How do you use a mouse?
How do you interact with a system? All of those are types
of behaviors that we can use to authenticate or de-authenticate users. The type of research we're
focused on in our lab is to look at how users use applications. And the reason we focus on those
rather than keystroke dynamics is that an adversary, for example,
may log in into the system and steal information without having to necessarily type anything on the keyboard.
So the system is learning about my behavior over time and then, in an ongoing basis,
comparing my behavior to what it knows about me.
Correct.
We build a baseline of your normal behavior and then in real time we compare the behavior
of the user using the system with the historical behavior or the behavioral model that we built
for the illegitimate user of the system.
And if there are any significant deviations,
then we can deauthenticate the user
or, you know, kick them out of that session.
Malik Ben Salem, thanks for joining us.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Thank you. products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your
role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.