CyberWire Daily - Daily: Panama Papers count coup. Trojanized Android apps found.
Episode Date: April 6, 2016In today's Daily Podcast we find out more about how the Panama Papers leaked, and what their consequences are likely to be. A malicious SEO campaign hits vulnerable Joomla and WordPress installations.... Ransomware gets personal. Dr. Web finds a Trojan in 104 Android apps. We discuss the Billington CyberSecurity International Summit. US policymakers mull the status of Cyber Command. We talk to the University of Maryland's Ben Yelin about ransomware and HIPPA. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
The Panama Papers fallout continues to fall, and it's fallen hardest in Iceland.
Avast warns of a malicious SEO campaign,
a Trojan finds its way into Android apps on the Google Play Store,
and Google also boots a dodgy but popular Chrome extension.
We learn about ransomware in HIPAA,
and we hear of a highly personalized ransomware spear phishing campaign.
We'll share a quick report on what we learned at the Billington Cybersecurity International Summit,
and we remember that more Panama Papers are said
to be out there. I'm Dave Bittner in Baltimore with your CyberWire summary for Wednesday, April 6,
2016. Exactly how the Panama Papers leaked remains unclear. The papers, of course, are that trove of documents
obtained under obscure circumstances from Panamanian law firm Mossack Fonseca and published
earlier this week by Sidoitza Zeitung. They allegedly constitute evidence that some high-profile
public figures around the world have been systematically hiding very large amounts of
money in offshore caches, and that Mossack Fonseca facilitated the offshoring.
Masik Fonseca told Reuters in a brief statement that its email server was hacked, and that
the exfiltration of documents was definitely not an inside job, but email server hack leaves
a great deal unexplained and to the imagination.
The Australian firm Nuix says that the Sidoitsa Zeitink and its collaborators in the International Consortium of Investigative Journalists
use the Nuix Big Data Analytical Tool Investigator Workstation to help develop the story.
That story has been in process over the better part of a year.
What, if any, laws were broken remains under investigation.
That is, investigation in at least seven countries.
remains under investigation, that is, investigation in at least seven countries.
But the scandal counted its first coup yesterday when Iceland's prime minister resigned in the midst of public outrage over allegations that members of his family sought to conceal large
amounts of money in offshore accounts. Russian President Putin's name has also surfaced in the
documents, but Moscow pooh-poohs this as a bunch of resentful American disinformation.
Security industry observers see the Panama Papers as a clear instance of two trends.
First, the enormous quantity of highly sensitive information law firms hold, and second, the
relatively porous defenses with which these firms surround that information.
In other hacking news, Avast warns that a malicious search engine optimization SEO
campaign is attacking vulnerable WordPress and Joomla installations.
More serpents emerge in the Google Play Store's walled garden. Security firm Dr. Web found that
104 Android apps available for download were infected with an information-stealing trojan.
Dr. Webb is calling the trojan Android Spy 277 Origin.
Dr. Webb disclosed the problems to Google, which is removing the apps.
Google has also given the heave-ho to the popular Chrome extension Better History, which users complained has been hijacking browser sessions and redirecting them to unwanted ad pages.
has been hijacking browser sessions and redirecting them to unwanted ad pages.
Ransomware retains its position as the current criminal approach of choice,
although DDoS is also not forgotten.
Proofpoint researchers report a new development, customized ransomware,
which calls its intended victims by name,
and it's made its appearance in the wild, turning up in spear phishing campaigns.
With so much ransomware targeting the healthcare sector recently,
we spoke with the University of Maryland's Ben Yellen on ransomware and HIPAA.
We'll hear from him after the break.
We attended Billington Cybersecurity's inaugural international summit in Washington yesterday.
You'll find a complete account of the conference on our website,
but some interesting themes are worth mentioning. We were struck by the extent to which the speakers saw voluntary, Thank you. When organizations, whether military or civilian, government or private, find themselves in situations where they need to cooperate to succeed,
they typically find ways of doing so.
Several speakers advocated a pragmatic, experiential approach
to developing effective policies and procedures for cybersecurity.
Cooperation is more important than technology, they tended to believe,
and they thought that leaders might well seek to create conditions
under which positive, spontaneous organization can occur.
It was also noteworthy how many of the speakers found unclassified, open-source information
to be of very great value.
There was a general consensus that over-classification was a problem that needs to be addressed and
an obstacle to effective cooperation.
But it was also striking how many thought progress could be made
simply by attending to and using the vast amount of unclassified information
that can already be freely shared.
U.S. NSA Director Admiral Michael Rogers appeared before Congress this week.
He named Russia and China as the leading threats to the U.S. in cyberspace,
but warned that Iran was gaining ground as well.
He reignited an old roles and missions debate by recommending that U.S. Cyber Command be
designated a combatant command.
Finally, we noted earlier that the Panama Papers represent the outcome of an investigation
that's been underway for at least the better part of a year, and this suggests one interesting
line of reasoning.
Journalists seem better at keeping secrets than at least some law firms, and this suggests one interesting line of reasoning. Journalists seem better at
keeping secrets than at least some law firms, and perhaps some government agencies. There are
apparently more revelations to come, at least according to the SEDOICHES EIDING. The German
newspaper said, in response to questions about why there didn't seem to be prominent citizens
of some prominent countries on the list of those named in dispatches, that there's a lot more to
come. Stay tuned. The West Side Ripper is back. If you're not killing these people, then who is? That's what I want to know.
Starring Kaley Cuoco and Chris Messina.
The only investigating I'm doing these days is who shit their pants.
Killer messaged you yesterday?
This is so dangerous. I got to get out of this.
Based on a true story.
New season premieres Monday at 9 Eastern and Pacific.
Only on W.
Stream on Stack TV.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to
vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
In a darkly comedic look at motherhood and society's expectations, Academy Award-nominated Amy Adams stars as a passionate artist who puts her career on hold to stay home with her young
son. But her maternal instincts take a wild and surreal turn as she discovers the best yet fiercest
part of herself.
Based on the acclaimed novel,
Night Bitch is a thought-provoking
and wickedly humorous film
from Searchlight Pictures.
Stream Night Bitch
January 24
only on Disney+.
Cyber threats are evolving
every second
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization
runs smoothly and securely. Visit ThreatLocker.com today to see how a default-deny approach can keep
your company safe and compliant. I'm joined once again by Ben Yellen.
He's a senior law and policy analyst at the University of Maryland Center for Health and Homeland Security,
one of our academic and research partners.
Ben, there was an article in Forbes recently that was questioning whether or not a ransomware attack
on a health care provider constituted a HIPAA violation.
So just for a little background, HIPAA is a federal law that has some reporting requirements.
Hospitals are required to report data breaches to individuals who are affected.
And if more than 500 individuals are affected, they're required to report to the media.
And also there are general reporting requirements to the Department of Health and Human Services.
There was a ransomware attack that occurred recently here in Maryland at a health group called MedStar Health,
which is one of the biggest providers in Maryland. And there's question as to whether that breach
would require some sort of notification. So generally, notification is only required for
protected health information or PHI. When you have a ransomware
attack, it's unclear whether there's actually a breach of that data. The reason is sometimes
the ransomware attackers will simply surround the data, hold it hostage for some sort of ransom,
but that data is never actually penetrated or released to the public in any capacity.
actually penetrated or released to the public in any capacity. So there's no legal reporting requirement if that data isn't breached. Now, you know, hospitals for publicity reasons may want to
report both to their own patients and to the media for other reasons. But it is interesting that
without that protected health information being penetrated, there may not be a legal reporting requirement to
HHS under the terms of HIPAA. Ben Yellen, thanks for joining us.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Thank you. deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your