CyberWire Daily - Daily: Healthcare cyber risks. Jihadi's iPhone accessed. Working with MSSPs.
Episode Date: March 29, 2016In today's Daily Podcast we hear about yesterday's apparent hack of MedStar Health—possibly ransomware, but that's still unconfirmed. FireEye warns that legacy point-of-sale systems are under increa...sing attack. Kaspersky says Turla spyware is using satellite connections to work around C2 server takedowns. The FBI says its succeeded in cracking that jihadi's iPhone. We talk to Accenture's Malek Ben Salem on healthcare cyber security, and we hear from Zimperium about their successful experience integrating their mobile security solution with a big telecom's services. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K. Speculation suggests ransomware. Ransomware continues to spread, with the latest targets being mobile devices.
Turla spyware hijacks satellites to keep its command and control up.
Crooks are going after legacy point-of-sale systems and hard.
They want to beat the move to chip and pin.
Surveys say that the general public doesn't like that dark web thing they've been hearing about.
And the Department of Justice says, thanks, Your Honor, but the FBI's cracked that iPhone after all. I'm Dave Bittner in Baltimore with your Cyber Wire summary for
Tuesday, March 29, 2016. Yesterday, personnel reporting to MedStar Health Hospitals in the
Baltimore and Washington regions of the U.S.
found their systems inaccessible.
MedStar, one of the larger U.S. health care providers,
had detected a virus in its networks and shut down both email and access to its medical records database as a precaution.
Hospital personnel are using hard copy records as backups and caring for patients until the systems are restored.
hard copy records as backups and caring for patients until the systems are restored.
Early speculation suggests a ransomware attack as opposed to a medical device hack or an identity theft caper, but the story is still developing. The FBI is investigating.
Ransomware may or may not be behind the incident at MedStar, but it's a growing problem.
Bluepoint, Tripwire, Kroll, and K2 all note an increase in the targeting of mobile devices,
particularly mobile devices used by law firms. And the U.S. FBI has both come out unambiguously
against victims paying the ransom and has asked industry for its help. On Friday, the Bureau asked
private sector enterprises to alert the FBI's Cywatch cyber center if they come across any indication they've
been hit with ransomware. Among ransomware variants recently discovered, in this case by
Trend Micro, is Petya, which infects victims who believe they're accessing a resume stored in some
online sharing site. Often that site is Dropbox. And should you find yourself infected, by all
means, call the FBI.
The controllers of the Turla spyware Trojan, widely believed to be connected with Russian security and intelligence services, is proving dismayingly resilient.
Kaspersky reports that Turla is hijacking asynchronous satellite internet connections,
thereby working around the many shutdowns of its command and control servers.
by working around the many shutdowns of its command and control servers.
FireEye warns that the long-expected, slowly developing migration of U.S. point-of-sale systems to a more secure chip-and-pin architecture is driving a spike in point-of-sale exploits
as criminals attempt to get their last shots in against legacy systems.
In industry news, several firms announced new products or significant enhancements to existing lines.
CloudLock's CloudThreat funnel purports to offer a fresh approach to reducing false alarm rates
by recognizing and isolating behavior that poses a genuine threat to an enterprise.
AlgoSec has extended its security policy management solution to Microsoft's Azure Cloud Platform.
Intrepid announces that it's enhanced the capabilities of its Passages Enterprise secure
virtual browser by improving the user interface and integrating advanced malware scanning
from Cylance.
We talked to another company, Zimperium, about its successful experience integrating its
mobile security solution with the services of a major telecommunications company.
Although Deutsche Telekom has some great mobile security expertise,
it's a very specialized skill to be able to build
really sophisticated detection technology on Android, iOS,
and soon other mobile platforms.
And I think if I were in Deutsche Telekom's position,
I'd rather partner with leading technology
than try to go build my own and
compete with it.
When they decided to build the organization TSEC, they would have had a years-long effort
to build a product from scratch.
Instead, they were able to identify the leading technology in the market, which happened to
be us, and bring it to market for their customers within just a few months.
And of course, for Zemperium, we get a lot more reach with our
product and that's fantastic. And in the end, the customer really wins because it's an easier
process for the customer to acquire and to manage and maintain. That's John Michelson from Zemperium.
We'll hear more about their partnership with Deutsche Telekom, the challenges, the successes,
and their thoughts on protecting your intellectual property when you partner with a giant, on tomorrow's podcast.
Zimperium's website is zimperium.com.
The dark web's reputation is sufficiently dark that surveys indicate most people would like to
see it shut down, privacy or no privacy. The New York Times reports that one of the key ISIS figures in Western
European attacks was selected by his masters specifically for his proficiency with TrueCrypt,
but TrueCrypt's actual use in any terrorist operation remains largely a matter of conjecture.
The long-running dispute between Apple and the FBI is over, at least in court. The Bureau
announced late yesterday that it had succeeded in gaining access to the contents of the San Bernardino Jihadis' iPhone. How it did so, the Bureau's
not saying, and legal observers think that Apple will have difficulty getting the FBI to tell it,
but the services of Celebrite are still widely believed to have made a central contribution
to getting into the phone. Ever taken the SAT? Sure you have, or at least a lot of you have, or soon will.
It seems the SAT's been leaky for a while, with answer keys widely distributed, especially in Asia.
So here's a sample question, kids, to help you with the reading comprehension section of the exam.
What's one indication that a test just might have been compromised? A. The test reuses old questions.
that a test just might have been compromised.
A. The test reuses old questions.
B. A lot of people from Taipei seem to be getting perfect scores.
C. Answer keys are for sale online.
Or could it be D. All of the above.
Here's a hint.
The answers are usually B or C we hear,
but in this case, pick D.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection
across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. just a challenge, it's a necessity. That's why we're thrilled to partner with ThreatLocker,
the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing
sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com
today to see how a default-deny approach can keep your company safe and securely. Visit ThreatLocker.com today to see how a default deny approach can
keep your company safe and compliant. Malek Ben-Salem is the R&D manager for security
at Accenture Technology Labs, one of our academic and research partners.
I know you all are doing some research when it comes to the data protection in the healthcare industry.
What can you share with us about that?
So as you know, in 1996, the HIPAA Act was enacted.
And that act set some strict privacy requirements that healthcare providers must abide by in the handling of sensitive electronic data. And one of the things that it requires is
minimum privilege access to patient medical records. Now, hospitals and healthcare providers
struggle with enforcing or implementing those requirements. But as you know, when providing
healthcare services, in many cases, doctors or nurses may need emergency access to patient data
that, based on their role, they should not have access to. So what happens is that these healthcare providers do not restrict access to patient records,
but rely on auditing mechanisms to see when their doctors or nurses have access to patient data that
they did not need to access. You know, there are millions and millions of accesses and these logs are huge. So many hospitals do not even do that audit either.
So not only do they not enforce or comply with HIPAA requirements of minimum or least privilege
access, but they don't even audit them. So what we try to do is develop a tool that could be used
by healthcare providers to, one, infer a de facto access control policy
based on the audit logs that they've collected,
and two, identify if they have an access control policy in place,
where was that access control policy violated?
So it's really digging into the data and automating the process for the auditors.
Exactly. And that gives them the opportunity, based on the insights that they can get from that, that gives them the opportunity to identify the violation, perhaps go back to reduce or
lower the access privileges of certain users or of certain peer groups if they are not using those
privileges. For a long time, that probably means that they are not using those privileges.
For a long time, that probably means that they don't need those privileges.
So they can go back and at least try to implement the spirit of HIPAA
even though they cannot implement it completely.
So the point here is to make sure that we can balance the usability
with protecting the privacy of the patients as well.
Malek Bensalem from Accenture Labs, thanks for joining us.
And now, a message from Black Cloak. Did you know the easiest way for cybercriminals to bypass your
company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, Thank you. Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.