CyberWire Daily - Daily: "It walks, it talks, it reports back to Moscow. (Other news, too, gamers.)
Episode Date: August 24, 2016In today's podcast we hear about Russian hackers going after New York Times reporters (the FBI is investigating). Exploits in the Shadow Brokers' teaser are "test-driven" in the wild. Some of them may... affect Huawei products. The Goznym banking Trojan moves from Poland to Germany. British universities are targeted by ransomware. Researchers give victims of Wildfire ransomware some relief in the form of a decryptor. Gaming sites come under attack. We've all heard of the cloud, but Accenture's Malek Ben Salem tells about the coming fog. There's a new push to restrict encryption in the EU. And a fourth-grade steely-eyed missileman arises in Texas. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k and enter code N2K at checkout. That's join delete me dot com slash N2K code N2K.
Russian hackers go after New York Times reporters and the FBI investigates.
Exploits in the Shadow Brokers teaser are being test driven in the wild.
Op-eds call for a mole hunt at Fort Meade. A familiar banking Trojan moves from Poland to
Germany. British universities are targeted by ransomware. Researchers give victims of
wildfire ransomware some relief in the form of a decryptor. Gaming sites come under attack.
There's a new push to restrict encryption in the EU. And Texas brings us a fourth-grade
steely-eyed
missile man.
I'm Dave Bittner in Baltimore with your CyberWire summary for Wednesday, August 24, 2016.
Add the New York Times to the list of enterprises known to have been targeted by Russian government
hackers.
The paper acknowledged the attempts yesterday, they occurred earlier this month, but said
there was as yet no evidence that the attacks against its internal networks had been successful.
Reporters were targeted directly, ostensibly through their email accounts, which, since
the Times outsources email services to Google, wouldn't count as internal.
The Times' Moscow bureau was most directly affected.
Reports suggest other news agencies may also have received the attentions of Russian intelligence services,
but so far no one seems able to say who those other news organizations are.
The FBI is investigating.
More developments in the Shadow Brokers incident.
Both Cisco and FireEye say they've seen signs that some of the exploits leaked,
especially Extra Bacon, which exploits a Cisco Firewall Zero day, are being test-driven in the wild.
A number of attempts have hit the honeypot Cisco established to help keep an eye on things.
Apparently, it doesn't take a great deal of skill to use the exploits.
The chief of FireEye's iSight intelligence team assessed the degree of difficulty as low.
of FireEye's iSight intelligence team, assessed the degree of difficulty as low.
Exploitation should be accessible to just about anyone with a college computer science degree,
as he put it on FedScoop. The chief of Cisco's product security incident response team told FedScoop, quote, as you can imagine, we have all hands on deck for this, end quote. And yes,
we can all well imagine that. Good luck to Cisco, Fortinet, and Juniper Networks.
We might also say good luck to Huawei.
Komei, which has been poring over the shadow broker's teasers on behalf of Motherboard,
says it's found stuff suggesting that Huawei products were also targeted by the authors of the exploits the shadow brokers got their hands on.
As far as we've been able to determine, no one's come within an order
of magnitude of the shadow broker's half-billion-dollar-plus asking price for the stolen
files. The bidding was stalled yesterday a little north of a thousand, and there are no obvious
signs of movement yet. Understand, though, that we keep such auction sites at arm's length.
They amount to a bad virtual neighborhood. There's much further speculation about how
shadow brokers got
the files. A few people, notably James Bamford, are arguing that there's a second Snowden responsible
for the leaks. In favor of this, they cite material in the teasers they believe could only have been
accessible from inside a U.S. government secure facility. More shakily, they think it unlikely
that a hostile government, say Russia, just for the sake of argument, would have revealed its intelligence success.
This second bit of reasoning is considerably less convincing, if only because it overlooks the obvious information operational dimension of international conflict.
Snowden himself has said for some time he thinks there's another person inside NSA stealing sensitive data,
and The Observer runs an op-ed by John Schindler,
who argues that there probably is a mole at Fort Meade.
He reviews some history of counterintelligence failures going back some 70 years,
and finishes with a cri de corps calling for better internal security.
He also describes Snowden as a patsy, presumably of some other better-placed penetration agent.
In any case, whoever the shadow brokers are, they're clearly no Edward Snowden.
There's not much of the whistleblower about their revelations,
and the Hollywood dialect of their communiques is too over-the-top for credibility.
Boris, Natasha, and Fearless Leader were all more convincing.
Turning, we admit with a sigh of relief, to more conventional cybercrime.
We hear that the Gaznim banking trojan is moving west.
Recently active in Poland, it's now turning up in German banking networks.
Cryptex continues to be widely traded in the black market and used in the wild.
There is some good news on ransomware to balance all this, however.
Wildfire, a strain that's been particularly active in the Netherlands, can now be defeated without payment.
Intel Security and Kaspersky Labs have released a decryptor, so bravo Kaspersky and Intel Security.
Gaming sites have come under attack this week.
First, the Epic Games Forum was compromised with about 800,000 users' credentials exposed.
At midweek, we learn that Blizzard Entertainment and Grand Theft Auto have
also come under attack. Cybersecurity Ventures estimates that cybercrime damages will exact a
global cost of some $6 trillion by 2021. Plixer's Mike Patterson told the Cyber Wire that he agrees
the problem is growing. Quote, I have no doubt that the cost of cybercrime is going to rise
dramatically.
Malware has proven that it often cannot be detected until the crime is underway or until after it's been completed.
Consumers, manufacturers, and financial institutions are not ready to accept that some services should not be tied to the Internet, end quote.
He sees the problem as fundamentally being one of risk estimation and management.
People and businesses are too willing to purchase convenience with a significantly increased risk.
In patching news, VMware Identity Manager and vRealize Automation
have received updates that VMware says address multiple security issues.
Looking at the policy world, the crypto wars are heating up in Europe.
France and Germany, feeling pressure
from increased terrorist activity, are both pushing for more European Union restrictions on encryption.
Finally, a fourth grader in Pflugerville, Texas, has demonstrated what all of us admit in our heart
of hearts. None of us actually really read the terms and conditions. According to KXAN, young
master Evan Robertson, who the news station describes as
kind of a big deal, set up a Wi-Fi hotspot in a mall, wrote not-so-lengthy terms and conditions
for its use. They included, quote, if you are still reading this, you should definitely not
connect to this network, end quote, as the fourth from the last sentence, and then waited to see
what would happen. 76 people connected, fully 40 of whom accepted the terms and conditions,
even though, as Evan put it,
quote, we made it so no one in the universe would agree to it, end quote.
Kind of a big deal, KXAN says.
Well, the Cyber Wire says you, Master Robertson, are one steely-eyed missile man.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks. But get this.
More than 8,000 companies like Atlassian and Quora have continuous
visibility into their controls with Vanta. Here's the gist. Vanta brings automation to
evidence collection across 30 frameworks like SOC 2 and ISO 27001. They also centralize key
workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. It's a necessity. That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe
and compliant. And joining me once again is Malek Ben-Salem. She's the R&D manager at Accenture
Technology Labs. Malek, we talk a lot
about cloud computing, but there's another term that's floating around, and that's fog computing.
Tell us, what do we need to know about fog computing? Fog computing, in a nutshell, is a
system-level architecture that extends a compute network and storage capabilities of the cloud to the edge of the IoT network. And it can be
exclusively located at the edge of the network, or it can be a combination between those capabilities
at the edge, as well as extended all the way to the cloud. One of the key characteristics of
fog computing is that it lowers the latency of transactions. And that's the reason behind
moving this intelligence and this computer networking capability closer to the edge,
so that you can offer services with very low latency. Also, a great advantage of the fog
computing model is that the jitter is very low as opposed to the jitter
within the cloud computing model. And jitter basically is a variation in delay of the
received packets. So the quality of the service is much better in fog computing. Now because all of
these services are closer to the edge, the data does not have to travel a long distance to
the cloud and back. So the exposure of that data is limited, and therefore there is greater privacy
if it's protected correctly, and the attack surface is smaller. So there are some security benefits.
Are there any downsides to it? The downside is that, so let me give an example of one application of fog computing.
Let's think about smart cities, right, and managing traffic signs, signals, as well as traffic light signals,
as building a fog of their own where they can communicate together to manage traffic,
to manage the flow of the traffic.
And that's a local application, but you can also have a cloud-level application
where you look at that traffic over a longer period of time
over the entire city to make policy recommendations about how to route traffic or where to build new
roads. The downside is that you may have to make assumptions about the status of the underlying
network and particularly the status of the network connections between
those devices at the edge. Because it's highly mobile, because these devices are highly mobile,
and because in many cases it relies on wireless networking, then connectivity is not always
available. I see. And is this something that people are, that's actually being put into use
now or are there fog networks in use or is this something that we expect to see growing in the
future? This is something that we expect to see in the future mostly. Yeah. All right. There are
consortiums building, being created around this concept to define the fog architecture that is open,
but it's a model that we'll see more of in the future.
And one major benefit of this is that it will push a lot of the network traffic to the edge,
so the major backhaul networks will see some relief.
Ah, interesting.
All right, Malek Ben-Salem, thanks for joining us.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk. In fact,
over one-third of new members discover they've already been breached. Protect your executives
and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
and that's the cyber wire we are proudly produced in maryland by our talented team of editors and producers i'm dave bittner thanks for listening Thank you. you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com.
That's ai.domo.com.