CyberWire Daily - Daily: New ransomware, along with some golden oldies. Quantifying cyber risk.
Episode Date: April 19, 2016In today's Daily Podcast we hear about the latest wave of ISIS-sympathizer cyber attacks—they’re again low-level defacements of poorly defended targets. Chris Morgan from IKANOW provides tips on q...uantifying cyber risk. A new strain of ransomware is identified, but it seems connected to some long-familiar criminal actors. Microsoft and Apple both continue to resist US Government requests for data and assistance in criminal investigations. Markus Rauschecker reviews the Compliance with Court Orders Act of 2016. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
ISIS sympathizers return to the cyber attack,
but once again they concentrate on defacing poorly defended targets of opportunity.
Analysts conclude that HR data smuggled out by a disgruntled former ISIS insider are genuine.
A new strain of ransomware is observed, but surveys of the threat landscape show that a lot of oldies are still golden.
And Apple responds to prosecutors' requests in that other All Writs Act case.
I'm Dave Bittner in Baltimore with your CyberWire summary for Tuesday, April 19,
2016. As the U.S. steps up its cyber offensive against ISIS, hacktivists sympathetic to the
jihadist group have resumed their own cyber attacks. Team System DZ, an Islamist hacktivist
group based in Algeria, defaced around 80 websites over the weekend.
The affected sites were hosted in the UK, the US, France, and Israel,
but a substantial fraction of them belong to the government of Richland County, Wisconsin.
The attacks are consistent with ISIS's record, hitting poorly defended sites that provide targets of opportunity.
It's the third time in a little more than a year, for example,
that Richland County has suffered website defacements at the hands of what CSO characterizes as script kiddies.
You may recall the recent defection of an ISIS member who carried away on a USB drive what
essentially amount to the caliphate's HR records. The U.S. Military Academy's Combating Terrorism
Center has worked through the data on that drive and concluded that they're genuine.
The defector, who's going by the name Abu Mohammed, said initially that he broke with ISIS over his disillusionment with the group's claim to be genuinely Islamic.
Too many Ba'athist alumni with no discernible religious commitment.
A serious challenge facing organizations these days is how to appropriately allocate limited resources,
balancing your assets against the potential damages a cyber attack could inflict.
Chris Morgan is CTO at iCanal, and we asked him to give us some perspective on quantifying cyber risk.
I think people are wrestling with how do they measure actually the business value of their assets against potentially a cyber risk position.
So one of the things that we have been looking at doing and helping organizations with is measuring the business value within their assets themselves
and then helping those organizations kind of understand, based on those assets, where the potential risk is from a vulnerability prioritization perspective.
Quantifying cyber risk can seem complex,
but Chris Morgan has some practical advice for organizations looking to explore the process.
In looking at their cyber resiliency plans,
coming up with just a few key metrics that they specifically would want to look at
and measure quarter by quarter those improvements,
so specifically things like IOC matching against the assets,
but also looking at IOC matching against the assets, against the business value.
So some measurement of confidence against that business value of the asset
so that basically you can instill in security operations a way for the analyst to make smarter decisions.
Ultimately, that's what you're trying to achieve is making your analyst make the smartest decision possible based on the limited information they
have. And the only way to do that really is looking and measuring the type of workflows
that are required to do that. That's Chris Morgan from iCanal. Their website is iCanal.com.
Proofpoint reports that it's found a new ransomware variant, CryptXXX, which it's traced to the criminal group behind Reviton.
CryptXXX is being dropped by the Angler exploit kit.
The Gosnim double-headed financial malware being tracked by IBM Security is apparently enjoying a successful run, netting some $4 million from U.S. and Canadian banks.
a successful run, netting some $4 million from U.S. and Canadian banks.
Litigation over privacy continues, even now that the U.S. Department of Justice has withdrawn its request that Apple help decrypt the San Bernardino jihadist iPhone. In a related All-Ritz Act case
surrounding a New York meth trial, Apple has responded to the government's demand for assistance
by claiming that prosecutors have failed to show that they require Apple's help.
And Microsoft has cited EU privacy laws in its refusal to give U.S. authorities requested data that reside in Microsoft's Irish servers.
Optio Labs' Bill Anderson has offered the Cyber Wire his perspective on the issues surrounding such legal disputes.
his perspective on the issues surrounding such legal disputes. While it surely makes sense,
under many circumstances, that the government would not want subjects of investigation to know that they're under surveillance pursuant to a criminal inquiry, where, he asks, does the process
end? How, for example, does one return from being a person of interest to being an ordinary citizen
again? Are we all, he asks, to be subjects of investigations forever? And finally, in news of a law firm breach not involving Mossack Fonseca,
a disgruntled former insider at Locklord LLP has been sentenced to seven years and a fine of $1.7 million
on his conviction of two counts of illegally accessing and damaging the firm's networks in 2011.
And thus we end with one bit of best practice recommendation.
Do pay attention to security when you out-process employees.
In this, at least, the good guys seem to enjoy an advantage.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist
who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking
and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January 24 only on Disney+. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on
point-in-time checks. But get this, more than 8,000 companies like Atlassian and Quora have
continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation
to evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize key
workflows like policies, access reviews, and reporting, and helps you get security questionnaires
done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe
and compliant.
I'm joined once again by Marcus Roshecker. He's the Cybersecurity Program Manager at the University of Maryland Center for Health and Homeland Security,
one of our academic and research partners.
Marcus, we recently saw the release of a draft of a bill called the Compliance with Court Orders Act of 2016.
So far, the reaction to this bill has not been positive.
That's true. We did see this new crypto bill coming out and being proposed. I think,
generally speaking, I think the bill is a response to the encryption issue that we've seen in the
legal battle between Apple and the FBI. Certainly, as you recall, there was this encryption issue
and issue about whether or not the FBI or law enforcement in general could compel a private
company to assist the FBI in unlocking an encrypted phone.
As you might also recall, the central legal issue in that battle between Apple and the FBI
was whether or not this old All Writs Act of 1789 could be used to authorize the law enforcement to
compel Apple to provide technical assistance. So I think this crypto bill is the
direct response to that question. The crypto bill that's being proposed by Senators Feinstein and
Burr would make it very clear. It would require private companies to help law enforcement provide
information or data that's unintelligible, i.e. encrypted, and provide that information or data in an
intelligible way to law enforcement pursuant to an authorized judicial order.
And the reaction has been overwhelmingly negative. I mean, even the White House has said they don't
support the bill. How could they have released a draft of a bill that seemed to be so tone-deaf
to the realities of encryption as we know it? You know, it's unclear why this bill would be proposed in this way.
That seems so obviously controversial and would seem like it would get a lot of opposition right from the get-go.
But I think the bill is just, it's a first step in trying to address this encryption issue.
It's a first step in trying to address this encryption issue. And I think to a lot of people, this bill seems to be a straightforward way of addressing that issue.
Again, if the issue here is whether or not law enforcement can compel someone or some organization to provide technical assistance pursuant to a judicial order,
technical assistance pursuant to a judicial order, then certainly this bill would provide the most straightforward way for law enforcement to get that assistance.
So it may just be a matter of whether they have the right to request something,
regardless of whether that is technically possible.
I believe so, yes. I mean, law enforcement doesn't want to live in this dark space where they can't get access to information that they might need in a law enforcement investigation.
So the question really is, how do we best address this issue?
I think there are legitimate reasons on both sides, but it's going to require a solution that's a little more nuanced than what is being proposed by this crypto bill here.
Marcus Roshecker, thanks for joining us.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And that's the Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. Thank you. Gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.