CyberWire Daily - Daily: ISIS rival in Syria. OnionDog hits Korea. Ransomware and DDoS. Remorse in Manitoba.
Episode Date: March 10, 2016Daily: ISIS rival in Syria. OnionDog hits Korea. Ransomeware and DDoS. Remorse in Manitoba. Dave Larson, COO at Corero, shares his thoughts on DDoS attacks, and Jonathan Katz from the University of M...aryland addresses recent healthcare ransomware attacks. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
An ISIS rival in Jihad joins the information war in Syria.
Onion Dog hits Korean infrastructure.
The deniable cyber attack on Ukraine's power grid may have been designed to consolidate Russia's hold on the Caucasus. Thank you. And if you were robbed, would you friend the perp on Facebook to inspire remorse?
A store owner in rural Manitoba did, and it worked.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Thursday, March 10, 2016.
Baltimore with your Cyber Wire summary for Thursday, March 10, 2016.
Another branch of Al-Qaeda, the Caucasus Emirate, takes the field in Syria and begins posting video in competition with its ISIS rivals in Jihad.
The U.S. continues to work toward making good on its promise to take the fight to ISIS in
cyberspace, and quiet conversations with tech companies on their potential contributions
to information operations continue. 360 Sky Eye Labs says that a threat actor they're calling Onion Dog has been stealing
information from the energy, transportation, and other infrastructure industries of Korean-language
countries. That would seem to be a circuitous way of saying that the target is South Korea.
There's no attribution, but some of the command and control appears to be located in
the Republic of Korea itself. Patient zero for cyber warfare waged against infrastructure remains,
of course, the power grid in western Ukraine. Observers see this as the cyber equivalent of
the Green Man, the plausibly deniable militias that operate in the Russian interest during that
country's encroachments into the near abroad. An interesting note in Defense
One suggests that the rolling blackouts had a Clausewitzian connection to Russia's larger
immediate goal of consolidating its hold on Ukraine's Crimean region. If Crimea gets its
power from Russia as opposed to Ukraine, that advances Russian interests in the region.
The Mac ransomware KeyRanger has now been analyzed and assessed by Bitdefender and others
as a variant of the Linux encoder malware identified by Dr. Webb last November.
A Ponemon study claims that healthcare organizations are subjected to an average of a hack a month.
The most famous recent attacks have been ransomware incidents infecting hospitals in Westfalen and California.
The strain of ransomware implications in these attacks, Lockheed,
continues to circulate, steadily increasing its share of this criminal market.
We spoke with the University of Maryland's Jonathan Katz
about the ransomware incident at Hollywood Presbyterian,
the hospital that paid extortionist $17,000 to recover access to its systems.
We'll hear from him after the break.
Children's toys and games continue to be vulnerable points of entry into home networks and families' lives. We'll hear from him after the break. strike fear into any parent's heart. Not only adware and hijack searches, but what the BBC calls grubby ads for aspiring Russian mail-order brides.
Download mods or add-ons for Minecraft with extreme caution,
especially those offered by third parties.
Improperly configured TFTP sites are being used for reflection DDoS attacks.
A team of researchers at Napier-Edinburgh University report, DDoS
remains popular among cybercriminals and hacktivists. We spoke with Carrero's Dave Larson about ways
of dealing with denial-of-service attacks.
Distributed denial-of-service implies that the only concern is availability, and if the
attack traffic is not causing you an outage. Many enterprises wrongly assume that their defenses or their posture or whatever is sufficient to the task.
The reality of it is some of that DDoS traffic may actually be probing and looking for vulnerabilities in the environment.
It may actually be masking actual breach activity that you don't even realize is taking place.
People need to think about this as a security vector, not just an
availability problem. And if they were to look closely at their environment and see the amount
of what looks like innocuous traffic, low-level DDoS, ephemeral vectors that are coming in and
out of their network periodically, there's no reason that we should be comfortable with a
low-level background noise of what otherwise is a malicious vector. Just because you're staying up through it doesn't mean you should
tolerate it in your environment. And I think people need to be a little bit more aware of that,
particularly if they have assets that need to be protected in the form of
personally identifiable information, health records, banking information, etc.
Carrero has a white paper for hosting providers on DDoS protection at their website,
Carrero.com. The case of the jihadists' county-issued iPhone continues to affect
the cybersecurity sector. Cauthority, a project working toward preventing backdoored software
updates, has offered to help Apple ensure that any backdoors installed in response to secret
court orders would become public. The approach Cothority advocates is decentralizing the signing process.
Other security experts suggest that the FBI might try to chip off the phone,
but this method of hardware attack is delicate, often fails, and can result in permanent loss of data.
Apple itself continues its public dispute with the Department of Justice,
as the company's senior vice president of software engineering warns that knuckling under to the request for government OS would cause security to lose ground in its
arms race with hackers. And finally, a thief's digital remorse results in an arrest. A store
owner in Gimli, Manitoba, found his window smashed and some watches taken. He posted surveillance
footage of the break-in to Facebook, succeeded in identifying the culprit, and then sent the burglar a friend request.
The humane gesture so touched the crook's heart that he turned himself in,
saying in extenuation and mitigation that he was intoxicated at the time.
The Mounties warn you, however, that you'd best leave digital law enforcement to the pros.
Oh, Canada.
Blake's so worried about my sister. Randy, Canada. Kaylee Cuoco and Chris Messina. The only investigating I'm doing these days is who shit their pants. Killer message to you yesterday?
This is so dangerous. I got to get out of this.
Based on a true story.
New season premieres Monday at 9 Eastern and Pacific.
Only on W.
Stream on Stack TV.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical
for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist
who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel,
Night Bitch is a thought-provoking and wickedly humorous film
from Searchlight Pictures.
Stream Night Bitch January 24,
only on Disney+.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of
solutions designed to give you total control, stopping unauthorized applications, securing
sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
I'm joined once again by Jonathan Katz.
He's a professor of computer science at the University of Maryland.
He's also director of the Maryland Cybersecurity Center, one of our academic and research partners.
Jonathan, recently in the news we had the situation with Hollywood Presbyterian Hospital.
They were hit by ransomware.
What's your take on that attack?
I think it's a particularly scary attack because in this case, right, the people who wrote that malware were able to not exactly shut down,
but they were able to seriously affect the operations of a major hospital for about a week to the point where ultimately the hospital decided it was better off for them to pay the ransom
and recover access to their data rather than try to recover it using some other means.
And I think this is particularly chilling because in a case like this,
you could actually have lives on the line.
Yeah, that's right. I mean, you had all kinds of data that was encrypted,
including patient medical records, and you could have somebody coming in and trying to
get access to the records for some operation or procedure that they were doing and being
unable to do that. And it also meant that they were unable to communicate with doctors and with
nurses the way they had been doing before. And really, it threw them back about 30 or 40 years,
I guess, in terms of what they were able to do and how efficiently they could do it.
How can organizations like this protect themselves against this sort of ransomware attack?
Well, fundamentally, there are two things here. The first is being infected in the first place.
I don't think we know for sure yet how this hospital was infected,
but more likely than not, it seems it was the result of some kind of a phishing attempt
where a user ultimately was tricked into clicking on some malicious link,
which caused this malware to be downloaded and then installed and run on their computers.
So as usual, it comes down to education of the end user
and trying to make sure that they know to identify potentially malicious links
and not to click on anything like that.
Of course, it also calls for maybe better protection of the systems themselves
so that downloading malware like that would perhaps only infect that one user's computer
rather than the entire network.
Then on the other side, there's the recovery issue.
And really what this highlights is the importance of having backups of all your data.
And if the hospital were regularly backing up their data, say every night, then they may have
lost one day of data, but they would have been able to recover and perhaps not have to pay the
ransom in this case. And there are people actively working on cracking these ransomware encryption
schemes, right? There are. And there have been cases in the past that are kind of interesting, actually,
where the people who wrote this ransomware
actually did a bad job with the crypto,
and the crypto could be broken directly
without having to pay the ransom.
I think that people, the malware writers,
have learned from that,
and I would only assume that in this particular case,
the encryption was not crackable,
and so they had to pay the ransom.
Jonathan Katz, thanks for joining us.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365
with Black Cloak.
Learn more at blackcloak.io
And that's The Cyber Wire.
We are proudly produced in Maryland
by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data
into innovative uses that deliver measurable impact. Secure AI agents connect, prepare,
and automate your data workflows, helping you gain insights, receive alerts, and act with ease through guided apps
tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.