CyberWire Daily - Daily: Info ops for and against ISIS. Industry notes.
Episode Date: April 14, 2016In today's Daily Podcast we discuss ISIS info ops and the cyber war the US is waging against the terrorist group. Ransomware phishing now show signs of knowing its targets' physical addresses. Patch T...uesday also saw updates from Cisco and Google. Cyber sector IPO rumors and declarations of intent. A Department of Justice lawyer, speaking for himself, thinks the debate over offshore accounts should inform thinking on the debate over privacy and security. Plus, Dale Drew from Level 3 Communications explains the importance of having a threat research lab. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
The U.S. steps up its cyber operations against ISIS,
and ISIS returns to information operations in a newly disturbing way.
Ransomware remains a major threat, and it's showing some new geolocation chops in its phishing.
And when you're online, you shouldn't neglect old-school threats either.
This week has seen patches from Cisco and Google, as well as Microsoft.
In industry news, some cyber companies seek, others delay IPOs.
The debate over privacy, security, and transparency continues
and takes a few surprising twists as the Panama Papers meets iPhone hacking.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Thursday, April 14, 2016.
The U.S. steps up its cyber offensive against ISIS
with the general approval and concurrence of the civilized world.
China seems to be taking related, albeit probably less discriminating, steps.
Earlier this week, several Chinese companies announced their cooperation with the government
to help mute extremist inspiration online. Twitter continues to try to block the Islamic
State from making continued use of that social media platform, but its success at doing so
remains mixed.
ISIS adherents continue to keep pace with the blocking by the simple expedient of creating
new accounts.
ISIS itself, Big ISIS we might call it, has returned to information operations this week.
Its familiar inspirational trope, death to apostates and crusaders, now disturbingly
begins to name names.
The group's online publication, Dabiq, is running a theological argument
for the execution of those it calls the Imams of Kafir,
that is, Muslim leaders in non-Muslim countries
who say it's possible to live a Muslim life in places like the United States.
This, Dabiq argues, is tantamount to apostasy.
There's also a longish list of overt
crusaders that's mostly comprised of non-Muslim political figures. Authorities are reported to
be on the alert. In conventional cybercrime news, you may have heard that ransomware is on the way
out, being replaced by old-school device-locking malware and even more primitive scareware. But
not so. Ransomware is as virulent
as ever. What some researchers have observed is a return of earlier, easier-to-execute attacks.
The commodity malware is less challenging for less-skilled criminals, and it works often enough
to make it worth a shot. But it's not time to let down your defenses against ransomware.
One creepy development in ransomware has been observed by
Sophos. They've found samples of phishing emails bearing as an attachment the customary ransomware
payload and the customary bogus invoice. What's creepy is the phish bait's newfound geolocation
capabilities. Some of the samples show the addressee's actual physical brick-and-mortar
home address. The email has other implausibilities in diction and usage,
but it nails the mailing address.
So don't let your address cause you to drop your guard,
whether you live in Oxfordshire, England, or Gravel Switch, Kentucky.
Researchers warn that some Samsung Galaxies can be exploited to call or text,
even when they're locked.
Exposed USB modems provide the attack surface.
This week's patches include the usual run from Microsoft. They also include a Cisco fix for
the company's unified computing system, UCS, central software, and Google has published an
update to the Chrome browser. In industry news, investment analysts continue to sniff around the
opportunities presented by publicly traded companies.
Optiv, formed in last year's merger of Acuvant and Fishnet Security, is rumored to be preparing an initial public offering sometime in 2016. Optiv this week announced its acquisition of
identity and access management firm Advansiv. On the other hand, Tenable, Unicorn though it's
been called, doesn't want an IPO yet. It feels the
market's not quite ready. Underwriters Laboratories, the venerable safety standards organization best
known for the UL stickers affixed to electrical equipment, is now certifying Internet of Things
devices under its UL 2900 standard. Security researchers are both miffed and baffled by UL's refusal to share its new cybersecurity standards with them.
The new privacy shield system set to replace the old transatlantic safe harbor agreement is running into problems in the EU.
Privacy advocates argue that not enough is being done to address their concerns about data sharing.
Privacy concerns also come to the fore as the U.S. Senate deliberates the proposed Burr-Feinstein legislation that would require companies to decrypt content when law enforcement authorities present them with a proper request to do so.
The ongoing Apple-Department of Justice dispute is informing the debate.
Another matter with implications for privacy and transparency is, of course, the Panama Papers.
Those curious about what Masek Fonseca, the law firm at the center of the uproar,
might say on the incident may now consult the firm's comprehensive statement regarding media coverage.
Masek Fonseca is especially concerned to dispel supposition and stereotypes,
educating the public on the nature of their business and its implications for privacy.
the public on the nature of their business and its implications for privacy.
That very business prompts some interesting reflection from an attorney on the DOJ side of the Apple-FBI encryption dispute.
Apple, he suggests, is acting more like an offshore bank than a disinterested civil libertarian.
Finally, as we read the Cornish Guardian this morning, and we do try to keep up with all
the local papers, we saw that hackers had
redirected the website of a dental surgeon in Newquay so that it displayed what we've learned
to call with some delicacy, an adult site. There's of course no obvious motive in the
North Cornwall hack, but we're pretty sure we saw something like this on an episode of Doc Martin.
Didn't we? Anyone?
Didn't we? Anyone? faster with agents, winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their
controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30
frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting, and helps you get security questionnaires done five times faster
with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist
who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel,
Night Bitch is a thought-provoking and wickedly
humorous film from Searchlight Pictures. Stream Nightbitch January 24 only on Disney+.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of
solutions designed to give you total control, stopping unauthorized applications, securing
sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com
today to see how a default-deny approach can keep your company safe and securely. Visit ThreatLocker.com today to see how a default deny approach can keep your company
safe and compliant. Joining me is Dale Drew. He's Chief Security Officer at Level 3 Communications,
one of our academic and research partners. Dale, welcome to the Cyber Wire.
Well, thank you very much for having me.
Level 3 is our newest academic and research partner,
and I thought by way of introduction, maybe we'd get started by just having you give us an overview
of Level 3's threat research labs.
Well, so Level 3 is a global telecommunications provider,
one of the world's largest internet backbone networks.
We operate one of the largest voice networks and content
delivery networks. And we decided pretty early on that we had access to a lot of data that we
could help better protect the internet backbone in our customers' network. And so we've taken that
data and we've created a threat research lab.
Now, when we originally created this function, we did it for our own situational awareness. We did it about four years ago, and we took our NetFlow data,
which is our sort of information on what IP packets are traversing our network,
and our DNS data, and we analyzed that data to be able to derive patterns of malicious activity,
phishing attacks and malware attacks and command and control centers.
And we did that to see who the bad guys were, who the bad guys were attacking,
and how often they were doing it and sort of what their goals were.
And so the Threat Research Lab has been developed for the purposes of better understanding those
threats as well as identifying and stopping those threats when we detect them.
And why do you think it's important for a lab like yours to share their findings with
the rest of the industry?
You know, the faster that we can respond as an industry to make it more expensive for the bad guys to operate,
the more leverage we have in being able to force the bad guys to come up with different ways of running their business.
You know, we recently identified a fairly large industry botnet called the Angler botnet.
It was making the bad guys about $90 million a year in fraud.
When we shut that botnet down, right, we blocked it on our backbone network, which protected our backbone, protected our customers, and for the most part, protected the global Internet.
We removed $90 million in revenue from an organized crime syndicate.
We think that making it more expensive for the bad guys to operate,
more challenging for the bad guys to create capability,
gives the industry the space and time it needs to better protect their infrastructure.
Dale Drew from Level 3 Communications.
Welcome to the Cyber Wire, and thanks for joining us.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your executives and their families at home.
Black Cloak's award-winning
digital executive protection platform
secures their personal devices,
home networks, and connected lives.
Because when executives are compromised at home,
your company is at risk.
In fact, over one-third of new members
discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.