CyberWire Daily - Daily: Industry news, and some plaintiffs may wish to reconsider.
Episode Date: April 20, 2016In today's Daily Podcast we gain perspective on post-Brussels ISIS-inspired hacktivism. Developers should take care using Xcode command line development tools. The Thanatos Trojan is discovered in, an...d booted from, a hosting service. Analysts draws some familiar lessons from last year’s Hacking Team breach. And plaintiffs may think twice about suing Ashley Madison for alleged catphishes. Plus, Jonathan Katz from the Maryland Cybersecurity Center shares his team's research into searchable encryption. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
A review of hacktivist inspiration.
The Brussels attacks were correlated with a rise in website defacements
from ISIS sympathizers last month.
Researchers find unpatched remote code execution flaws in the Git version shipped with Apple's
Xcode command line development tools. SurfWatch spots and reports an infestation of a malware
for rent Trojan. We look at some industry news, an IPO, some acquisitions and funding rounds,
and new risk management offerings. And two old incidents return to the news.
The hacking team and Ashley Madison breaches.
I'm Dave Bittner in Baltimore with your CyberWire summary for Wednesday, April 20, 2016.
The terrorist strike against the Brussels airport had its expected effect on cyberattacks worldwide last month.
Brussels airport had its expected effect on cyber attacks worldwide last month.
Researchers at Cytigic and other companies have noticed a spike in ISIS-inspired hacktivist cyber attacks against targets in both Western Europe and North America.
The good news is that most of this activity hasn't risen above the nuisance level
customarily associated with ISIS hacking, and that nuisance has mostly been suffered
by the sort of poorly defended targets of opportunity cyber jihadists have usually attacked.
It's worth noting in this regard that even the annual hashtag OpIsrael, a favorite of anonymous associated hacktivists,
this year showed declining results.
Much of this is due to Israeli preparation, but it does seem consistent with the generally shared low assessment of ISIS cyber-offensive capabilities.
Information operations, of course, are quite another matter.
There, ISIS has shown itself very capable.
Developers take note there's a remote code execution vulnerability in the Git version
Apple ships with its Xcode command line developer tools.
Actually, there are two flaws, and both of them were publicly disclosed last month.
tools. Actually, there are two flaws, and both of them were publicly disclosed last month.
CSO reports that while patched elsewhere, the bug remains in the command line developer tools.
Presumably a patch is in the works, but there's no official word yet on when it will arrive.
We've been watching the ongoing maturation of the criminal cyber market.
One relatively recent development is malware as a service. Surfwatch says it's detected and stopped one such offering that appeared on the black market last month,
a Trojan with a hybrid name Thanatos.
Thanatos is actually a rental.
The author, or at least controller, goes by the alias AlphaLeon.
Seeking to increase the size of his botnet, AlphaLeon attacked websites and online forums hosted by Envision
Power Services, or IPS. IPS hosts fully functional e-commerce sites as well as traditional online
forums, and some of its customers are large businesses. Softpedia reports that these
customers include Evernote, the NHL, the Warner Music Group, Bethesda Softworks, and Live Nation.
the Warner Music Group, Bethesda Softworks, and Live Nation.
SurfWatch detected AlphaLeon's activity and notified IPS,
which was then able to close off the access point the hacker had been using.
In industry news, SecureWorks' IPO is expected to receive its formal valuation tomorrow evening.
Pre-IPO reviews have been running positive.
Seeking Alpha, for example, is quite bullish on the offering,
despite recent turbulence in cyber stock prices and the spotty performance of other high-profile IPOs. We'll know more tomorrow. The credit reporting company Experian is set to buy the
Texas-based security firm CSID for a reported $360 million, according to the Austin Business
Journal. Landdesk has completed its acquisition of endpoint security shop Absence.
Venture capital firm Strategic Cyber Investments has placed its first big bet,
$5 million in deception technology startup TrapX, which has closed a $14 million Series B round.
Both CrowdStrike and FireEye have announced new service offerings.
They are now offering to
perform cyber risk assessments for mergers and acquisitions. Two older incidents return to the
news. The first of these is last year's hacking team breach, which resurfaced earlier this week
when the self-confessed or self-declared hacker Phineas Fisher posted a post-mortem on the hack.
Analysts are drawing lessons from his
account. Many of these lessons are familiar ones, but they are nonetheless worth reviewing.
CSO's Salted Hash blog published a useful summary along these lines. First, minimize and harden your
attack surface. Second, monitor and assess your networks. Firewalls and IPS can yield valuable
indicators and warnings of an attempt on a network. Third, keep your systems patched and up your networks. Firewalls and IPS can yield valuable indicators and warnings of an
attempt on a network. Third, keep your systems patched and up to date. Phineas Fisher appears
to have exploited a known vulnerability within a hacking team's network management system.
Fourth, segregate your networks and protect your backups. Keep operational and managerial networks
separate. Fifth, protect and control privileged accounts.
And finally, use data loss prevention solutions. A great deal of information was exfiltrated
undetected during the hacking team breach. The other old story that's with us again is
the Ashley Madison breach. Since few of our listeners, this being a family show,
will have any particular acquaintance with Ashley Madison, suffice it to say that Ashley Madison is a kind of online bazaar for would-be adulterers.
And we say adulterers advisedly because the site's in hot litigation water over its apparent,
alleged practice of having used fictitious identities in order to goose the apparent
number of ladies signed on to the service. Ashley Madison was breached last year, and many otherwise unembarrassed customers,
because they were unnamed among the customer data lost,
are feeling the fictitious identities done them wrong.
So they've become plaintiffs, at least until a ruling, looked for in June,
requires them to use their real names to sue.
At that point, many plaintiffs are expected to back out.
So whether it's June or May and September, our advice remains, straighten up and fly right.
Transat presents a couple trying to beat the winter blues.
We could try hot yoga. Too sweaty. We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes!
Yes!
Yes!
With savings of up to 40% on Transat South packages, it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply.
Air Transat.com or contact your Marlin travel professional for details. Conditions apply. Air Transat. Travel moves us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatL are evolving every second, and staying ahead is more than just a challenge. It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
sensitive data and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant.
I'm joined once again by Jonathan Katz. He's a professor of computer science at the University
of Maryland, also director of the Maryland Cybersecurity Center.
Jonathan, I know one of your areas of research is searchable encryption.
What can you tell us about that?
Searchable encryption is a mechanism that allows a user to offload storage of their email
to a third party, like a cloud provider,
and to do that in encrypted form so that the cloud provider can't read anything in emails,
can't actually learn any information whatsoever about the underlying emails.
But the challenge is to ensure that even while doing that,
the user is still able to search over their emails and pull back emails that match some keyword, for example.
So searchable encryption schemes provide exactly that kind of a functionality.
All right. It sounds straightforward, but it's my understanding that this is not entirely without risk, correct?
That's right. And in a recent paper of ours, we actually looked at current searchable encryption schemes and showed that even ones that were proven secure, meaning that they leaked only some minimal amount of information, could be broken and the privacy could be violated just by exploiting exactly the information that they leak. So in particular, what these systems guarantee is that they leak nothing other than the fact
that the same email, say, might be returned in response to multiple queries.
And we showed that by exploiting that and additionally sending emails to the system
with known content, an attacker could actually ultimately figure out exactly what terms the
user was searching for.
So this really demonstrates the importance of understanding exactly what these cryptographic security definitions actually guarantee when used in the real world.
It reminds me of one of my former places of employment.
We used encryption in our email, but it was frustrating because you could only search on message titles and who the message was from.
You couldn't actually search on the content of an
individual message, which was quite limiting. So I guess searchable encryption would solve
this problem for us? That's exactly right. So searchable encryption, I guess what you're
using there is not searchable encryption. And so what you're doing is encrypting the email
and then storing it on some server. But then that exactly takes away any ability to search
over the email because everything's encrypted.
So searchable encryption schemes would allow you to perform the encryption, but yet still enable you to do searches over that data.
So they actually are, as you can imagine, quite non-trivial to design.
Jonathan Katz, thanks for joining us.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home,
your company is at risk. In fact, over one-third of new members discover they've already been
breached. Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Thank you. you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.