CyberWire Daily - Daily: Malware found in nuclear plant. Threat actors tracked in Asia. And who's Aquaman?
Episode Date: April 28, 2016In today's Podcast, we hear about ISIS attempts at inspiration online—their technical capabilities are low, but they continue to hit information ops hard. A Bavarian nuclear plant finds a malware in...festation—spooky, but apparently without effect. Observers expect more hacks like the one on the Bangladesh Bank, and the Platinum threat group looks state-sponsored. The security industry may be showing signs of consolidation. . The University of Maryland's Markus Rauschecker explains why law firms are attractive hacking targets, and Todd O'Boyle from Percipient Networks urges us to listen to our malware. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. back. If you're not killing these people, then who is? That's what I want to know. Starring Kaley Cuoco and Chris Messina. The only investigating I'm doing these days is who
shit their pants. Killer messaged you yesterday? This is so dangerous. I got to get out of this.
Based on a true story. New season premieres Monday at 9 Eastern and Pacific. Only on W.
Stream on Stack TV. Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash N2K and use promo code N2K at checkout. The only way to get 20% off is to go to joindeleteme.com slash N2K and enter code
N2K at checkout. That's joindeleteme.com slash N2K, code N2K.
The FBI is taking ISIS's potential for inspiration seriously
as the United Cyber Caliphate publishes a hit list online.
Malware is found in a German nuclear power plant,
fortunately isolated and apparently without ill effect.
BAE Systems warns that malware used in the Bangladesh bank heist
is part of a larger toolkit.
Microsoft tracks platinum, a hot-patching espionage ring,
and financial analysts wonder if security industry consolidation
is drying up venture funding.
analysts wonder if security industry consolidation is drying up venture funding.
I'm Dave Bittner in Baltimore with your CyberWire summary for Thursday, April 28, 2016.
The self-proclaimed United Cyber Caliphate is heard woofing on the relatively secure messaging app Telegram. The UCC has published a list of some 3,600 New Yorkers whose assassination
it's urging. This isn't the first time ISIS sympathizers have published hit lists.
The Cyber Caliphate Army, one of the three UCC founding groups, doxed a list of what purported
to be the home addresses of former U.S. State Department and CIA personnel last December,
and so far there's no particular
evidence that any such hit lists have claimed victims, at least in the West.
Passcode notes that the list doesn't seem to have emanated from any official ISIS source,
but in a loosely controlled terrorist group that runs on inspiration,
any meaning one might attach to the word official is necessarily an attenuated one.
The increasingly overt U.S.
cyber campaign against ISIS is intended in part to erode the effectiveness of the group's messaging.
It appears to be having an effect on recruiting. Whether it will have a comparable effect on the
more difficult target of inspiration remains to be seen. A nuclear power plant in the Bavarian
town of Gunt Reminen is mopping up some malware discovered in its systems.
Security teams have found both ConFicker and W32 RAMNET in plant systems.
Security teams found both in a data visualization software retrofit dating to 2008,
and they also found instances in removable storage media, including USB drives.
Plant safety and operations appear not to have
been compromised. BAE Systems, which has been investigating the Bangladesh bank hack, warns
that the malware used in the attack is part of a toolkit that has broader use, and that we can
expect to see it again. Facebook users, the majority but not all of them in the Philippines,
are being targeted by a social engineering campaign that induces users to watch a malicious video.
ESET suggests removing the Make a GIF extension from your Chrome browser.
It's a natural reaction.
See some malware trying to have its way with your network?
Block that malware's IP.
Tato Boyle is CTO and co-founder at Percipient Networks, and he says, not so fast.
I think that blocking IP addresses for malware command and control or just blocking them out of countries and those kinds of things grew out of our use of firewalls, which started in the 90s.
The threats that we deal with today, they operate totally differently than the threats in the 90s.
Almost all of the malware that you'll see
that actually does stealing, it phones home from the inside out, right? And most people's firewalls
filter very little outbound. They filter almost everything inbound, but they don't filter anything
outbound. And so the attackers know this. Attackers, their infrastructure and their malware
is set up so that it automatically routes
around those kinds of things. So the attackers have basically rendered that approach ineffective.
According to O'Boyle, there's valuable information in malware's behavior.
When malware tries to phone home, pay attention to who's trying to do it so that you can go clean
up the intrusion. The other thing that you get out of the malware channel by paying attention to that
is on some fingerprints about the adversary themselves.
If you put it together over long periods of time,
you can, you know, piece together campaigns against you,
you know, lots of targeted malware.
That approach is really the future of how people are going to do security,
especially in the enterprise. That's Toto Boyle from Percipient Networks. malware, that approach is really the future of how people are going to do security, especially
in the enterprise. That's Toto Boyle from Percipient Networks. Their website, named for
their flagship product, is strongarm.io. Verizon launched their 2016 data breach investigations
report. We'll talk to Verizon on tomorrow's edition of the Cyber Wire podcast.
Microsoft researchers continue to track the activities
of the Platinum Espionage Group.
Active since 2009, Platinum has targeted governments,
intelligence agencies, telecommunications companies,
and defense industries, mostly in Asia,
using hot patching to avoid detection.
Microsoft stopped short of calling Platinum
a state-sponsored operation, but it has said that,
quote, the group shows traits of being well-funded, organized, and focused on information that
would be of most use to government bodies, end quote. In industry news, analysts maul the
disappointing SecureWorks IPO and wonder whether a trend toward security industry consolidation
will dry up venture funding opportunities for startups. Several nations, notably India and Australia,
are launching a range of public-private partnerships
designed to foster the growth of an indigenous cybersecurity industry.
We haven't heard much lately about the Panama Papers,
and we do note that the obvious American dog is still refusing to bark.
But the security of the information held by law firms
remains of interest to hackers,
and attorneys can expect that cybercriminals and other threat actors will continue to give them a great deal of unwelcome attention.
We spoke to Marcus Roshecker from the University of Maryland Center for Health and Homeland Security
about why law firms are just so darn attractive to hackers.
We'll hear from him after the break.
Finally, among several product and service announcements comes news that CyberArk has organized what InfoSec Magazine calls, rather breathlessly, a Justice League for Cybersecurity.
This C3 alliance, as it's called, indeed has an impressive lineup.
Not only CyberArk, but also FireEye, Forescout, Intel Security, LogRhythm, Coilus, Rapid7, SailPoint, SecureAuth, Symantec, Tenable Network Security, Tripwire, and Varonis.
Congratulations and good hunting.
But we can't get one question out of our head.
If this is the Justice League, who has to be Aquaman?
Wonder Twin powers, activate.
Stars Activate.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best, fiercest part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
Do you know the status of your compliance controls right now?
Like, right now.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to
evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize key
workflows like policies, access reviews, and reporting, and helps you get security questionnaires
done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta
when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
Thank you. why. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and
securely. Visit ThreatLocker.com today to see how a default deny approach can keep your company safe safe and compliant. I'm joined once again by Marcus Roshecker. He's the Cybersecurity Program
Manager at the University of Maryland Center for Health and Homeland Security, one of our academic
and research partners. Marcus, we're seeing more and more that law firms in particular are becoming
targets for cyber attacks. Why are law firms so attractive to cyber criminals? Yes, that's absolutely true. Law firms are increasingly a target for cyber criminals.
And I think the main reason for that is that law firms hold a lot of sensitive information,
sensitive and valuable information. For example, law firms hold a lot of intellectual property
on behalf of their clients. Law firms are involved in mergers and acquisitions.
So if a cyber criminal gets access to that kind of information, they could use that information
to engage in some sort of insider trading, for example, and they could make a lot of money
based on information that a law firm holds that is not yet available to the public.
In general, there's just a lot of sensitive and proprietary information that law firms will hold on behalf of their clients. That information can have a tremendous impact
on people's lives in big cases, in small cases, and there's just a real desire for cyber criminals
to obtain this kind of information. On top of all this, it appears that law firms are a little bit
behind the times, so to speak, when it comes to ensuring that their networks are secure. It's been revealed in several reports that law firms
are lacking in updating some of the security and safety measures that they should be engaging in
when it comes to protecting their sensitive information. It's interesting also to note that,
according to some reports, up to 97% of law firms
have actually been already breached, and that it takes law firms on average about 225 days until
they actually discover that breach. So this is a very serious topic. And of course, we saw the
recent Panama Papers breach, which really highlights the issue. Absolutely. I mean, in this Panama Papers breach, a law firm was hacked and they lost,
according to reports, 11.5 million documents, about two and a half terabytes of data.
By some accounts, that amounts to basically all of the law firm's documents over the last 40 years.
Marcus Roschek, thanks for joining us.
And a reminder, we'd like to hear from you. If you've got a question or a topic you'd like our
academic and research partners to discuss, you can send us an email at questions at thecyberwire.com.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached. Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io. And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Thank you. into innovative uses that deliver measurable impact. Secure AI agents connect, prepare,
and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard.
Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.