CyberWire Daily - Daily: Norway reports Chinese cyber espionage. Hospital ransomware. Carding black market. RSA update.
Episode Date: February 29, 2016Daily: Norway reports Chinese cyber espionage. Hospital ransomware. Carding black market. RSA update. Learn more about your ad choices. Visit megaphone.fm/adchoices...
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K. Thank you. Cyber stocks are lifted by positive earning reports, depressed by analyst downgrades.
Some Apple users seem to regard their iPhones as their confessionals.
Our theological consultant shakes his head.
I'm Dave Bittner in San Francisco with your Cyber Wire daily podcast for Monday, February 29, 2016.
We're at RSA today, podcasting from the floor of the world's leading cybersecurity conference and exposition.
Before we take a look at the conference's first day events, we'll offer our customary
rundown on cyber news from around the world.
First, some news from Norway.
That country's intelligence service, in a report that highlights assessment of Russian
and Chinese intelligence services as major threats to Norway,
details Chinese espionage targeting energy and defense sectors.
Norway's oil industry makes it an important source of gas and oil production intellectual property.
Its NATO membership also promises access to defense technology. And the report claims that technology stolen from Norwegian networks
has turned up in some of China's military systems.
In the UK, hacktivists claiming allegiance to ISIS, and calling themselves Caliphate
Cyber Army, follow their familiar pattern of defacing lightly secured targets of opportunity,
in this case the website of UK Solar, a small manufacturer of solar panels in Sussex.
The ransomware incident that hit the healthcare sector with the most energy this month was,
of course,
the Lockheed attack that affected Hollywood Presbyterian Medical Center in Los Angeles.
But an earlier infestation was observed in Germany, at Lukas Krankenhaus in Neuss.
Two more ransomware incidents have been reported in Germany, both in Nordrhein-Westfalen.
Knieken-Arnsberg says it sustained a ransomware attack, but that patient care was unaffected.
A second unnamed hospital was also hit and has taken steps to isolate its critical networks.
Police are investigating all three incidents.
TrustWave's researchers find another widely used website, ExtendoOffice.com,
distributing the Angler exploit kit and its customary payload of TeslaCrypt ransomware.
Fighter POS, a strain of point-of-sale malware active largely in Brazil,
has acquired worm-like capabilities that enhance its ability to spread across payment networks.
Fighter POS steals payment card details,
and a Brazilian site is offering validation services on the black market
to assist criminals with monetization of stolen cards.
Validated cards fetch a premium price among criminals.
Trend Micro is tracking the episode.
Snapchat has apparently sustained a successful phishing attack in exposure of employee data.
The phishing email claimed to be from the company's CEO.
It was, of course, not, and asked for a transmission of payroll information.
The incident affords another object lesson in the importance of skepticism
in the face of apparent executive communications.
Unfortunately, said Snapchat in a blog post,
the phishing email wasn't recognized for what it was, a scam,
and payroll information about some current and former employees was disclosed externally.
The company is understandably reticent about the information that was exposed
and has referred the matter to law enforcement for investigation.
The U.S. Internal Revenue Service has revised upward by some 390,000
the number of taxpayers whose information was stolen from weakly secured IRS sites.
Known as the Get Transcript breach, a Treasury investigation into the incident reported late Friday.
Information compromised is said by
non-Treasury sources to include Social Security account numbers, dates of birth, and street
addresses. These are thought to have been used to bypass multi-factor authentication in other
attempts on taxpayer data. Some good industry news at the end of last week, notably a strong
earnings report from Palo Alto Networks, has lifted not only Palo Alto but other stocks
as well, notably Checkpoint and Fortinet. Other story stocks drop, however, on analyst
downgrades. The Baltimore Sun ran a story this morning
sharing the news that Federal Hill cybersecurity startup Terbium Labs raised $6.4 million in
venture capital funding. In the story, Terbium CEO Danny Rogers said the funds were aimed
at improving
MatchLight, their system designed to detect when a company's stolen information is posted online.
And the Apple-FBI face-off will resume this week. Some observers have now begun arguing that some
sort of privilege analogous to attorney-client privilege, or even the seal of the confessional,
ought to apply to Apple. Whether Cupertino actually entertains such ambitions remains to be seen.
Stay tuned.
Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot? Yeah, with pools. And a spa skating. Too icy. We could book a vacation. Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes! Yes! Yes!
With savings of up to 40% on Transat South packages, it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply.
Air Transat. Travel moves us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation
to evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize
key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. just a challenge. It's a necessity. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of
solutions designed to give you total control, stopping unauthorized applications, securing
sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com
today to see how a default-deny approach can keep your company safe and securely. Visit ThreatLocker.com today to see how a default deny approach can
keep your company safe and compliant.
And joining me once again is Jonathan Katz. He's a professor of computer science and the
director of the Maryland Cybersecurity Center, one of our academic and research partners.
Jonathan, when we're talking about encryption, we hear a lot about bit depth.
For example, in the recent Apple case, Apple talks about they claim that they're using 256-bit key encryption.
Give me an idea, when they say that, what does 256-bit key length mean?
Well, the strength of the key or the strength of the encryption that's being used is directly
related to the length of the key. That's at least the case for symmetric key algorithms
like we're talking about here. And essentially, if your encryption algorithm
is good enough, then the only way to break it is to do a brute force search or
an enumeration of all possible keys that can be used. So if you have,
let's say, a 4-bit key,
that means you have 2 to the 4 or 16 different possibilities, which isn't very much. If you have
a 256-bit key, then the number of possibilities for the key is 2 to the 256, which is an astronomically
large number. And essentially what that means is that every bit you add on to the key is going to
double the difficulty of doing a brute force search for the key. So as computing power increases, is it inevitable that today's
uncrackable encryption will be crackable in the future? Well, that's a great question. And it
turns out, actually, that you can do the calculation and you can see exactly how long it might take
to do a brute force search over keys of a particular length. And for example, if you imagine that you have a computer that's capable of checking a key
once every computer cycle, and it's been running, say, I don't know, since the beginning of
the universe, then it turns out if you do the calculation, you get that you can search
through a 96-bit key space.
So it looks pretty safe to say that we're not going to be cracking keys that long anytime
soon.
And in fact, you can even use the laws of physics to get an upper bound on how many It looks pretty safe to say that we're not going to be cracking keys that long anytime soon.
And in fact, you can even use the laws of physics to get an upper bound on how many keys you could potentially search through.
There's a calculation online somewhere where if you even extract all the energy coming out of the sun
and do this brute force searching over the time scale of the universe,
you can search through about keys of length 187 bits.
So 256-bit keys look pretty safe until we start
computing with things other than matter and energy. All right, so we're safe for the time being,
but why use a key that complex? Is there a computational penalty for using a key that's
that complex? Right, well, so everything I was talking about so far assumes that the best way
to attack the system is a brute force search over the entire space of possible keys.
And so from that point of view, a 256-bit key would protect you forever.
The concern that people have, of course, is that the encryption algorithm may not be perfect.
Somebody five or ten years from now may come up with a method to break the encryption scheme that's slightly faster than a brute force search.
And so you want protection even in the event that people are able to kind of shave a few bits off the effective strength of the key.
People are also concerned about the possibility of quantum computers that might be able to
speed up the attack.
It's still, the jury's still out over whether that's actually possible in practice, but
the theory says that on a quantum computer, you can cut the effective key strength in
half.
So from that point of view, a 256-bit key would have only
the strength of a 128-bit key against a quantum computer. Jonathan Katz, thanks for joining us.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company
is at risk. In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Thank you. you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.