CyberWire Daily - Daily: Hey, padawans: Supreme Leader Snope hints he's got your back!
Episode Date: May 4, 2016In today's podcast we look at studies of how ISIS actually operates online. Apparently they do so much the way crooks do—by abusing legitimate services. But when it comes to encryption, the jihadist...s seem to be rolling their own. Ransomware updates and warnings—the FBI reminds victims not to pay. The group that hit the Qatar National Bank may be preparing release of another bank's information. Infrastructure companies invest to shore up cyber defenses. We hear from the University of Maryland's Jonathan Katz on digital signatures, and we talk with the Denim Group's John Dickson about power grid security. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
How do terrorists actually communicate online?
A lot like criminals, trend micro-fines.
More bank breaches may be queued up, Kaspersky Labs warns.
Ransomware remains a threat, and the FBI says again that you shouldn't pay.
Investors look at the cyber sector, and some VCs put some money on it.
And hey there, all you people who hold clearances, did you know that President
Putin and Supreme Leader Khamenei are concerned about your privacy? Neither did we.
are concerned about your privacy? Neither did we.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Wednesday, May 4, 2016.
How terrorists actually communicate online has been scrutinized lately. The conclusions people draw or jump to about how ISIS works in cyberspace have informed or inflamed the crypto wars.
Trend Micro yesterday published a timely study in which they took a close look at online
terrorist communications.
Their conclusions emerged from the study of more ordinary forms of cybercrime.
The researchers found that terrorist groups have a lot technically in common with their
underworld brothers and sisters.
Both classes of mischief makers abuse legitimate services.
Both crooks and terrorists work to establish and maintain anonymity. Both need to work with
unskilled collaborators. In this last respect, their needs and interests diverge a bit.
Criminal gangs use disposable mules. ISIS aims at the sort of inspiration that might both inspire
a mass movement and stand in for fragile command and control of terrorist cells.
The financial sector continues to receive attention from the hacktivist criminal axis.
Kaspersky warns that hackers who breached the Qatar National Bank have hit a second unnamed bank
and will be releasing stolen data soon.
The group is thought to be based in Turkey.
Nothing new today on Op Icarus, the opening round in the Anonymous campaign to punish the world's banks for crimes against humanity.
Ransomware continues to circulate.
The FBI issued another warning about the threat at the end of last week and has again urged victims not to pay.
While malicious email links remain common vectors, they're not the only ones.
common vectors, they're not the only ones. Fox IT has outlined how ransomware purveyors are abusing vulnerabilities in remote desktop protocol installations as an infection route.
Such RDP vulnerabilities are of particular concern to corporate networks.
Chances are, unless you're in the power distribution biz, you really don't think
all that much about electricity. In most of the developed world, electrical power is available 24-7, and it's been that way for decades. But as electrical grids become more
connected to networks, they're also connected to potential vulnerabilities. John Dixon is a
principal with the Denham Group. He was essentially taking what was really a closed system, electrical
distribution and creation, and all of the industrial controls around it, and maybe they
bit more open. And if you look at electrical utilities in any country, they're usually split
between the folks responsible for the distribution or production side and the folks that run the
internal IT network. Those two entities are starting to merge the cultures, the security
concerns, and that's what's created much of this clash of cultures. Part of the reason for this
culture clash are the different needs and tempos of the teams involved in various areas of the
production environment. You have a production network that is a little bit more sit and forget.
The lifetime life cycle of some of these systems may be measured in decades.
Compare that with the network world and the IT world, where you're upgrading and operating
systems at least on an every other year basis, and your infrastructure is being swapped out
at least every three to five years. So it's just a much more dynamic and much more changing
network, and it creates all these different interesting interactions.
Utility companies typically aren't under the same kind of constant attacks that, say,
financial institutions experience because there aren't the same sort of financial incentives.
But John Dixon warns utility companies not to be complacent.
The challenge with the electrical industry is the
fact that the likely attacker is going to be what we call a nation state, a country. And if that
country has a national interest to knock somebody off the grid for a week or two, that is particularly
worrisome. And most electrical utilities are not equipped to defend against that level of threat.
That's John Dixon from The Denim Group. Their website is denimgroup.com.
In industry news, investment analysts are looking nervously at FireEye.
The industry bellwether is due to release results late tomorrow after markets close in New York,
and some analysts think sales channel confusion,
intensified competition, and product pricing may lead to a disappointment.
Venture Capital, despite some fears to the contrary, continues to reach some security
startups. DF Labs, a Milan-based company that offers automated cyber incident response and
management, has just secured $5.5 million in Series A funding from
Evolution Equity Partners. Michigan's Duo Security received a $2.5 million grant from the state's
Strategic Fund. This is a workforce development grant. Duo will hire up to 300 employees as a
result of the funding. Finally, as the U.S. malls changes to its security clearance management
systems,
considering increased monitoring of online behavior for insider threats and possible adoption of a FICO-like threat score for cleared personnel,
some surprising observers express some surprising concerns.
Iran's Press TV and Russia's Sputnik News are there for you, Fort Meade,
worried about your privacy and civil liberties.
So you've got this going for
you. Vladimir Vladimirovich and Ali Khamenei have got your back. It's nice people care,
but somehow this strikes us with cognitive dissonance, as if Chancellor Palpatine and
Supreme Leader Snoke were to position themselves as protectors of the Gungan.
Well, may the Fourth be with you, Padawans.
Gungan. Well, may the fourth be with you, Padawans.
Calling all sellers. Salesforce is hiring account executives to join us on the cutting edge of technology. Here, innovation isn't a buzzword. It's a way of life. You'll be solving customer
challenges faster with agents, winning with purpose,
and showing the world what AI was meant to be. Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now? Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes!
Yes!
Yes!
With savings of up to 40% on Transat South packages,
it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply.
Air Transat. Travel moves us.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're
thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses
worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization
runs smoothly and securely. Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
Jonathan Katz is a professor of computer science at the University of Maryland
and director of the Maryland Cybersecurity Center, one of our academic and research partners. Jonathan, I know
one of your areas of research is digital signatures. In fact, you wrote a book on
the subject. What do we mean when we refer to digital signatures? Digital
signatures are a mechanism for providing message integrity in the public key
setting. And basically the way they work is that one party will generate a pair
of keys, a public key and a matching private key.
And then they can distribute their public key widely and, of course, keep their private key secret and known only to themselves.
And then what they can do is they can take any message and sign it using their private key to generate what's called a signature
and release that along with the original message.
and release that along with the original message.
And anybody in possession of that party's public key can then verify that that signature is a valid signature on that message with respect to that public key. And this serves as a proof that the party in question actually did affix their signature, did compute their signature over that message,
and said that the message actually originated from them.
And so what are the areas where digital signatures are most likely to be used?
Well, digital signatures are actually used quite widely. One of the ways in which they're used
perhaps most often is in the SSL protocol. And basically what they are used for is as a component
in proving to a user that you are actually connecting to the website that you intended to.
So for example, when you go online and try to connect to Google.com, for example,
there's a complicated protocol that takes place,
but underlying that is a digital signature that actually proves
that the party at the other end that you're communicating with
is a party who has Google's public key.
And then, presumably, the only party in possession of that matching private key is Google,
and so that serves as proof that the person at the other end whom you're communicating with is Google themselves.
So is this an area of ongoing development?
Well, it is, and one of the big concerns nowadays is the potential for quantum computers,
which, as we know, have the potential to break all public-key cryptography currently used on the Internet.
And so one thing people are looking at is so-called post-quantum digital signature schemes
that would be secure even in the advent of quantum computers.
Jonathan Katz, thanks for joining us.
Don't forget we'd like to hear your questions for our academic and research partners.
If you have a question, you can email it to questions at thecyberwire.com.
and you can email it to questions at thecyberwire.com.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning
digital executive protection platform
secures their personal devices, home networks, and connected lives. Thank you. and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland
by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. practical and adaptable. That's where Domo's AI and data products platform comes in. With Domo,
you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents
connect, prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more at
ai.domo.com. That's ai.domo.com.