CyberWire Daily - Daily: Hybrid SUV proof-of-concept hack. Al Qaeda peeks over Twitter's parapet.
Episode Date: June 7, 2016In today's podcast we discuss another in the long-running series of big social media breaches, this one in VK. Password re-users are advised to change not only their credentials, but their ways. Vulne...rabilities are reported in Facebook features, and in Ubee VoIP routers. Dale Drew from Level 3 Communications explains that cyber attack traffic in Latin America is up. Raytheon's Dave Amsler shares the findings of a new survey on how companies interact with MSSPs. Al Qaeda makes its way back to Twitter (from Syria). As the US seeks expanded warrantless electronic search authority in terrorism and espionage investigations, observers find themselves thinking that maybe Snowden actually did the NSA some favors. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Get groceries delivered across the GTA from Real Canadian Superstore with PC Express.
Shop online for super prices and super savings.
Try it today and get up to $75 in PC Optimum Points.
Visit superstore.ca to get started.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me. I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners,
today get 20% off your Delete.me plan
when you go to joindeleteme.com slash N2K
and use promo code N2K at checkout.
The only way to get 20% off
is to go to joindeleteme.com slash N2K and enter code N2K at checkout.
That's joindelete me.com slash N2K code N2K.
VK is the latest social media platform to be pwned, and its users also have lousy passwords.
Checkpoint reports vulnerabilities in Facebook chat and Messenger.
F-Secure warns of rat-snipping at Visa applicants.
Angler gets evasive with Silverlight and Flash exploits.
Proof-of-concept for an SUV Wi-Fi hack is demonstrated.
MSSPs attract enterprise customers.
Al-Qaeda returns to
social media, and observers see a silver lining for Fort Meade as they look back from the
three-year A.S.
That's after Snowden.
I'm Dave Bittner in Baltimore with your CyberWire summary for Tuesday, June 7, 2016.
The most recent big data dump has emerged from Russia,
where information on more than 100 million accounts
associated with social media platform VK
is being offered for sale by someone calling himself,
herself, or themselves tessa88 at exploit.im.
Coming as it does on the heels of realization
that earlier breaches at LinkedIn and MySpace
were much larger than thought, the lessons all should take from the incident are, don't
reuse your passwords, consider changing them, and try not
to use easily guessed passwords.
With respect to that last lesson, the top passwords revealed in the VK breach were,
in depressingly familiar order, 123456, 123456789, QWERTY, 1111111, and 1234567890.
And note, this one's really not any better than 123456, even with four extra numerals.
Still better than da-da-da, maybe.
And speaking of da-da-da, the Our Mind team,
who counted coup by revealing this to be Mark Zuckerberg's LinkedIn password,
are clearly hunting celebrity accounts.
Twitter accounts belonging to Keith Richards and Tenacious D
have also been reported compromised.
As Brian Krebs puts it on his blog,
password reuser, get ready to get busy. As Brian Krebs puts it on his blog, Checkpoint is also reported finding vulnerabilities in Facebook's chat and messenger,
Facebook's working on them.
F-Secure says travelers applying for U.S. visas in Switzerland
are being prospected by cybercriminals serving up QuaralexRat or QRAT.
The remote-access Trojan is being delivered by someone posting as ustraveldoc.com
and using a Skype account with an easily overlooked misspelling.
There's no attribution, but some signs point to Turkish criminals as the controllers.
The Angler Exploit Kit has developed the ability to evade Microsoft's EMET security tools.
It's added Silverlight and Flash exploits to its
functionality. Enterprises are advised not to rely on EMET as a hedge against patching.
They should instead patch promptly. Researchers at Pentest Partners have demonstrated that the
Mitsubishi Outlander hybrid SUV is vulnerable to hacking through its onboard Wi-Fi. They didn't
actually reach the vital controller area network,
but they were able to get to the infotainment system,
which suggested to them that with a bit more time and effort,
they could indeed intrude into the can.
As it was, they were able to turn the lights and climate control on and off,
alter the charging program, and disable the anti-theft alarm.
Mitsubishi is working on a fix.
Meanwhile, the carmaker advises customers to disable the anti-theft alarm. Mitsubishi is working on a fix. Meanwhile,
the carmaker advises customers to disable the Wi-Fi app.
Fortinet reports seeing signs that ransomware, which until now has enjoyed its greatest success
against healthcare enterprises, is increasingly targeting the manufacturing sector. Since most
of the vulnerabilities exploited are old and known, up-to-date patching remains one of the best first line of defense.
This is not Patch Tuesday, that comes a week from now,
but Google has issued updates for Android.
Eight critical and 28 high-risk vulnerabilities were closed in the June update.
The Japanese telecommunications giant NTT is forming a new business unit
for the managed security services market.
NTT Security will combine the services of Integralis, NTT ComSecurity, and Solutionary.
Such MSSPs are increasingly popular, especially as corporate boards take a closer interest in
cybersecurity and as operational responsibility for such security shifts from IT departments to
line of business units.
Raytheon yesterday released a study of how businesses are signing up for MSSPs,
why, when, and how. We spoke with Raytheon's Dave Amsler about the study's findings and the security lessons they suggest. It confirmed a couple of components for me. One,
that most organizations did not feel comfortable with where their capabilities were today.
Whether that meant they were going to have to staff up or spend more internally or whether they were going to outsource it,
not many organizations felt comfortable with where their capabilities were.
But the other thing that was glaring to me was the amount of customers or respondents that felt their current managed service provider was not providing
the services they felt they needed. I felt like that was the case, but to get a survey to prove it,
when you hear 84% of, you know, the respondents saying they don't provide some of the advanced
services they really feel they need, that tells me a lot about where we are in the industry today
and where we need to go. One of those advanced
services referred to in the survey is, according to Amsler, threat hunting. That's almost a buzzword
these days, so I asked Amsler to describe what it means. Up to this point, we've spent a lot of time
building technologies, IDS, firewall, even SIMs, and even sandboxing solutions that are reactive in nature.
They have to be told what bad looks like, either through a rule or a signature or quote-unquote heuristics,
that have essentially said, look for this kind of activity or A plus B equals bad,
because they've seen that in the past and they know that's what an actor looks like.
So they tell the tool, when you see this, alert me.
So then you have analysts sitting in front of screens waiting for bells or alarms to go off.
That's a very reactive method.
And we've proven that doesn't work.
It doesn't find the sophisticated actor.
To find those, you have to have data, it's a visibility,
and then you have to use different techniques to look for
behaviors, to look for anomalies, to look for things that are actually inside of what appears
to be normal traffic, because that's what the sophisticated are actually going to look like.
It's more proactive. I'm diving into the data and I'm shifting through it, looking for behaviors or
anomalies versus reactively waiting for a tool to tell me,
hey, I found bad because you told me what bad looks like.
That's Dave Amsler. He's president of Raytheon's foreground security team.
You can read more about the survey on their website.
In policy news, recent attacks circumstantially linked to Pakistan
lend urgency to calls in India for
establishment of a cyber command. Such a move has been under consideration for some time,
and the government is under increased public pressure to act. In the U.S., the administration
is seeking legislation that would give investigators warrantless access to persons'
browser histories and other electronic data in espionage and terrorism cases.
browser histories, and other electronic data in espionage and terrorism cases.
As ISIS cannibalizes itself under pressure, Al-Qaeda makes a tentative run to Twitter from Syria.
The message is a pedantic restatement of their familiar call to jihad,
and we shall see if it resonates as inspiration the way ISIS chatter has.
Finally, this week marks the third anniversary of the publication of Edward Snowden leaks about the U.S. electronic surveillance operations. Former Attorney General Holder spoke
in a general way last week about the silver lining inside that particular cloud, and this week
Lawfare echoes the conclusion with a more extensive and thoughtful treatment. Lawfare thinks, with
some reason, that NSA actually
came out of the affair stronger and better looking than it went in, especially since the
increased scrutiny appeared to show that the agency did indeed take its legal responsibilities
more seriously than skeptics would have believed. So, to answer the question, qui bono, who's to
gain, one would say with Lawfare, NSA. We would add, sure, of course,
NSA, but first of all, Russia's FSB. Still, you take your silver linings where you can get them.
Miller Lite. The light beer brewed for people who love the taste of beer,
Miller Lite. The light beer brewed for people who love the taste of beer and the perfect pairing for your game time.
When Miller Lite set out to brew a light beer, they had to choose great taste or 90 calories per can.
They chose both because they knew the best part of beer is the beer.
Your game time tastes like Miller time.
Learn more at MillerLite.ca. Must be legal drinking age.
Do you know the status of your compliance controls right now? Like, right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access
reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber. That's vanta.com slash
cyber for $1,000
off.
In a darkly
comedic look at motherhood and society's
expectations, Academy Award
nominated Amy Adams stars
as a passionate artist who puts her career on hold to stay home with her young son. But her maternal instincts So, From Searchlight Pictures. Stream Nightbitch January 24 only on Disney+.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications,
securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today
to see how a default-deny approach
can keep your company safe and compliant. And joining me once again is Dale Drew. He's Chief
Security Officer at Level 3 Communications. Dale, there's been an uptick in malicious activity
originating from the Latin America region. What can you tell us about that from your point of view?
You know, we are seeing a pretty significant increase in malicious traffic and DDoS traffic,
both originating and terminating inside of Latin America.
It's becoming sort of the new frontier for bad guys.
And what we're seeing is bad guys are using a lot of techniques that they've gleaned from
or learned from other regions and applying that to the Latin America region where a lot
of those companies and a lot of those capabilities have not yet been fully banked.
So, for example, we've seen a 40% increase in DDoS attacks in that region alone in the
past six to 12 months.
We've also seen a significant uptick in command and control systems and compromised computers.
So, and this is traffic originating inside of Latin America
as well as terminating inside of Latin America.
So actors who are operating in that country
are learning from advanced techniques in other regions
in order to apply that within that region.
Is this a matter of, on the one hand,
sort of a simple market expansion
where as security gets tighter in the United States and Asia and places in Europe are being attacked, then the bad guys move on to the next frontier?
Yeah, I would say it's sort of a factor of twofold.
I would say that organized crime syndicates in Latin America are really beginning to branch out in cyber, where they've not had that sort of frontier, that sort of
capability before. And they're seeing a pretty significant amount of economical advantage in
doing so. So organized crime syndicates in Latin America are creating more advanced cybercrime
capabilities. We're also seeing people outside Latin America who are seeing Latin America companies as prime targets.
So not so much.
I would say we're seeing more traffic inside Latin America attacking other Latin America companies than we are seeing traffic from the outside.
But it's definitely an uptick from the outside of that region as well.
All right, Dale Drew, thanks for joining us.
And now a message from Black Cloak. Drew, thanks for joining us. digital executive protection platform secures their personal devices, home networks, and connected lives. Because when executives are compromised at home, your company is at risk. In fact, over one
third of new members discover they've already been breached. Protect your executives and their
families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner.
Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.