CyberWire Daily - Daily: Inspiration in info ops. Processing unstructured data. Ethics & standards of care.
Episode Date: March 23, 2016In today's Daily Podcast we discuss the developing investigation into ISIS inspiration and control of the Brussels attacks, and what's now know about November's Paris shootings. Ransomware may be deve...loping the ability to spread through networks. The insurance and cyber security sectors are working toward a common understanding of risk, and we talk with Accenture's Malek Ben Salem about processing and protecting unstructured data. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Investigation of the Brussels attack reveals plenty of jihadist inspiration,
but as of yet, no significant insights into direction.
Finland's Ministry of Defense sustains a denial-of-service attack, a CAPTCHA cross-site scripting bug appears,
and there's an Android exploit in the wild. Ransomware may be developing an ability to
spread through networks. The insurance and cyber sectors work toward a common understanding of risk,
and we talk about handling and securing unstructured data with Accenture's Malek Ben Salem.
I'm Dave Bittner in Baltimore with your CyberWire summary for Wednesday, March 23, 2016.
Investigations into yesterday's jihadist massacres in Belgium are still in their early stages,
and the command and control mechanisms the killers may have used remain matters of speculation. Newsweek describes Jihadi Kool and cautions against attribution of attacks to ISIS, if only because they might give ISIS more
credit as a menace than it deserves. But it's worth noting that ISIS has always operated,
at least in the West, more through inspiration than by direction. And that, of course, is
consistent with Jihadi Kool's importance as a theme in the cal, more through inspiration than by direction. And that, of course, is consistent with jihadi cool's importance as a theme
in the caliphate's information operations.
A number of encryption-sympathetic observers have noted that there's no evidence
the murderers in Brussels use encrypted communications to organize their coordinated bombing.
In this case, however, absence of evidence isn't yet evidence of absence.
Because investigations remain in their
preliminary phase, it's too early to tell how the jihadists communicated. But there is some news out
of France concerning the November mass murder in Paris. Those jihadists appear not to have made
much, if any, use of encrypted comms, relying instead on simple, disposable, prepaid burner
phones of the kind long favored by street criminals. Elsewhere in Europe, Finland's defense ministry sustained a distributed denial of service attack yesterday
during a presidential summit with Russia.
That may or may not be coincidental.
Cross-border cooperation was under discussion, as were Russian military operations in Syria and Ukraine.
In any event, there's no attribution so far.
We're all familiar with captchas, the images whose correct interpretation is used to distinguish human beings from bots.
German security firm Red Team Pen Testing found and disclosed a cross-site scripting vulnerability in Secure Image's CAPTCHA software.
Secure Image patched the bug promptly.
Mobile security firm Zimperium finds a routing application in the wild that's targeting Nexus Android devices.
This is not the stage fright vulnerability Zimperium discovered last year.
Instead, it's a local privilege escalation vulnerability patched two years ago in a Linux kernel, but left open in Android.
Zimperium privately disclosed the issue to Google last week, and Google has patched.
We'll be hearing from Zimperium on some of their work in this Friday's Week in Review podcast. Palo Alto tracks dark leech through
its evolution into pseudo-dark leech and beyond. Sucuri discovered dark leech infecting WordPress
sites in 2015, and its infestations continue today. Palo Alto notes that recently the dark
leech and pseudo-dark leech have been distributing the Angler Exploit Kit, which itself is delivering a ransomware payload.
Tesla Crypt is particularly common.
The researchers note that both Dark Leech and Angler change their patterns of behavior often, the better to avoid detection.
Several observers note a new and disturbing crimeware trend, ransomware that spreads through the network to infect peripherals,
including devices used to back up files. Reports indicate that Samus ransomware,
described earlier this month by Microsoft, may now spread into networks from infected devices.
The FBI has also taken notice of the trend. Enterprises are finding, according to surveys,
that security assumptions and practices among their employees appear to be in decline,
which has substantially increased the enterprise's vulnerability to insider threats.
A variety of training, education, policy, and technical approaches to the problem are on offer,
but this trend surely contributes to increasing interest in anomaly detection and its application to enterprise security.
In industry news, analysts hope cyber insurance will drive better practices and help establish
standards of care, but the sector remains too immature with pricing being set by the
market as opposed to being keyed to sound estimates of risk.
Good risk estimation has historically shaped best practices and led to their widespread
adoption.
If insurance is to play the kind of role in cyber standards of care it historically played
in the development of fire codes and automobile safety, it will have to collect and process more
historical actuarial data, or at least some credible surrogate for such data. Standards of
care and the ethics of securing data concern various professionals that handle large quantities
of sensitive customer information. Healthcare and law are prominent in those professions.
Ransomware and simple data loss dominate healthcare cyber concerns. The legal profession Thank you. How to secure such data is always problematic. Accenture's Malek Ben Salem spoke with us about an interesting technical issue.
With so much important data being unstructured data, how should those data be processed and protected?
We'll hear from her after the break.
Finally, the anonymous affiliated hacktivist crew's New World Hacking and Anon Corruption claim to have downed NASA email servers to punish NASA for keeping secrets about ISIS.
But observers aren't finding much evidence the attack actually occurred.
Either nothing much happened, or whatever did was quickly remediated.
But why NASA? What secrets about ISIS would NASA be hoarding?
Roswell, sure, okay, but space jihad?
In this case, perhaps the hacktivists have confused a four-letter space agency
with a three-letter intelligence agency.
It's happened before. After all, they're only a letter apart.
In any case, the truth is out there. Somewhere.
In a darkly comedic look at motherhood and society's expectations, Academy Award-nominated Amy Adams stars as a passionate artist
who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking
and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant.
One challenge we see is that companies want to protect their sensitive data,
and that data often comes in in an unstructured format.
Malek Ben Salem is the R&D manager for security at Accenture Technology Labs,
one of our academic and research partners.
That's something that you all are working on.
Yes, absolutely.
A number of companies are dealing with growing unstructured data in a lot
of environments. It comes in text format. Employees are creating new documents every day. And sometimes
when they create that content, they don't label it appropriately. They don't label it as confidential or sensitive.
So companies cannot apply the right security and data protection controls to it. So what we're doing to address this problem is to build a tool that would automatically classify documents as sensitive or not sensitive.
So give me an idea how that works.
as sensitive or not sensitive. So give me an idea how that works.
So we're collaborating with the Data Science Institute at Columbia University
to build a machine learning tool that would learn what constitutes sensitive documents
versus non-sensitive documents.
It will extract features from the sensitive text documents
and will look for similar features for new documents that are unclassified.
One challenge with this type of classification is that typically the data sets that we use for training the classifiers
do not appropriately match or reflect what we see in real world environments, or that we don't have enough
training data that is sensitive to build an accurate classifier, or that the variety of
non-sensitive data prevents us from predicting what is non-sensitive. So we're trying to come
up with new machine learning algorithms that address those types of learning
challenges. And is this a situation where, for example, the type of automation that would be
required, say, for a law firm would be different than a company that was doing scientific research?
Absolutely, yeah. So as the domain changes, the classifiers would change.
Also, another aspect is perhaps, and this is something we're experimenting with,
as the language changes, the right algorithms may have to change
or the right document representation may have to change.
So we're experimenting with different domains,
with different even companies within the same domain and with documents in different languages.
Malik Ben Salem, thanks for joining us.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your executives and their families at home? Black Cloak's award-winning
digital executive protection platform secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact,
over one-third of new members discover they've already
been breached. Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Thank you. that deliver measurable impact. Secure AI agents connect, prepare,
and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps
tailored to your role.
Data is hard.
Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.