CyberWire Daily - Daily: Panama Papers, privacy, & financial transparency. MedStar ransomware incident update. Current scams.
Episode Date: April 7, 2016In today's Daily Podcast we catch up on the latest reports of the recent MedStar ransomware infestation. Mobile security company SkyCure share the results of their recent report on vulnerabilities in ...the medical field. DDoS also remains a problem. The FTC and IRS warn of socially engineered scams. The Panama Papers continue to name a lot of celebrities, but no new political leaders. Hacking Team loses its export license. We talk to the Johns Hopkins University's Joe Carrigan and get his expert reflections on last week's Women in CyberSecurity conference. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
MedStar has hired Symantec to clean up its recent ransomware infestation.
The hospital chain's not saying much, but it has denied the incident can be traced to failure to patch. The FTC warns us not to believe anyone calling from something called
the Global Privacy Enforcement Network. The IRS again warns everyone that they'll never email us
and tell us to click a link. The Panama Papers bring down Iceland's government, but other than
that, most of those so far named in dispatches are celebrities from sports and entertainment.
The Los Angeles Times is hacked, the Philippines voter database is leaked, Other than that, most of those so far named in dispatches are celebrities from sports and entertainment.
The Los Angeles Times is hacked, the Philippines voter database is leaked,
and the Italian government revokes hacking teams' export license.
I'm Dave Bittner in Baltimore with your CyberWire summary for Thursday, April 7, 2016.
Investigation into the recent MedStar hack continues.
MedStar itself isn't saying much beyond that it's hired Symantec to find the problems and fix them. The hospital chain has, however, told the Baltimore Sun that it categorically denies an AP report's assertions,
derived from an anonymous source, that the incident can be traced to failure to pass
known JBoss web application server vulnerabilities. JBoss maintainer Red Hat patched those
vulnerabilities in 2007 and 2010. MedStar says that none of the known JBoss vulnerabilities
were factors in the attack. The hospital chain isn't answering other questions,
Ars Technica reports, but it has pointed out that it restored operations rapidly and that it has found no evidence that patient or staff data
were compromised. According to research recently published by mobile security provider SkyCure,
medical practitioners are particularly vulnerable to attacks, in no small part because medical
records are particularly valuable, four times more valuable than credit card information, they say.
The problem, according to SkyCure's Varun Kohli, is insecure devices.
What we saw was the attack can come to the mobile device from three different places.
Number one, around 4.21% of all Android devices had malware, high-risk malware on it.
The other finding that we had was network exposure.
So around 22% of all the doctors' devices that doctors were using to assist with their day-to-day practice
were exposed to a network attack in the very first month.
And this number rose up to 39% over the next three months.
The last thing that I want to talk about is the vulnerabilities.
There were around 11% of the devices that had stored patient data
and were vulnerable to high-severity vulnerabilities
because they were not on the latest version of the operating system.
SkyCure's website is skycure.com.
Akamai reports that the Bill Gates bot family of malware
is being used in the criminal underground to facilitate distributed denial-of-service attacks.
Obviously, there's no connection between the malware and either Mr. Gates or Microsoft,
beyond the lowbrow satire implicit in the name.
Attackers using the malware, which seem to have an Asian origin,
are for the most part using SSH brute forcing for root login credentials.
The U.S. Federal Trade Commission has warned of phone calls coming in from the
vaguely official-sounding but quite bogus Global Privacy Enforcement Network. The calls seek to
convince victims to give up their online credentials. The con job is a variant of the
old tech support scam, but in this case, the Global Privacy Enforcement Network tells the
that their email has been compromised, that their account is distributing fraudulent messages, and that the Global Privacy Enforcement Network will take legal action
against the Mark lets the network take control of their computer to fix it.
It's a scam.
Hang up.
The U.S. Internal Revenue Service has also warned of a spike in tax-themed phishing targeting
residents of Maryland, Virginia, and the District of Columbia.
The phishing emails, which purport to be from the IRS, tell the victim to verify the last four
digits of their social security number by clicking a link. Again, don't. It's not the IRS.
Poking through the wreckage of the Mossack Fonseca breach, people reading the Panama
papers so far seem to be turning up more celebrities than political figures,
although Iceland does have a new prime minister and will have to call early elections.
Mossack Fonseca, which isn't getting a lot of media love, points out that the only clear crime
here was the hack itself, and that the shell companies it establishes are perfectly legal.
They may be right. In any case, they filed a complaint with Panamanian prosecutors.
The leak was,
they insist, definitely an outside job. Various governments are calling for renewed
emphasis on transparency in business transactions and privacy of data. Panama has called for the
formation of an international panel to address transparency in offshore financial operations,
and UK Prime Minister David Cameron characterized his late
father's use of the offshore and untaxed accounts as a private matter. Legalities aside, there's no
easy way of avoiding the bad optics here. Edward Snowden, of whom listeners may have heard,
has been ladling out a series of sauce-for-the-gander tweets on Mr. Cameron.
Masek Fonseco may well have a point about legality and victim-blaming,
but most pundits, at least, seem to see the affair as exemplifying Michael Kinsey's adage,
the scandal isn't what's illegal, the scandal's what's legal.
In industry news, Italian lawful intercept shop Hacking Team has lost its export license.
Italian authorities have revoked the company's authorization to sell its intercept tools outside the European Union. The U.S. FBI says the tool it bought to unlock the San Bernardino
jihadis' iPhone will work only on the iPhone 5C. It's still widely believed the Bureau retained
the services of Celebrite in the case. Other U.S. federal law enforcement agencies that are
Celebrite customers include the Drug Enforcement Agency and the Department of Homeland Security's Immigration and Customs Enforcement.
The Los Angeles Times has apparently sustained a criminal cyber attack.
Shell access to the paper is being offered for sale online.
According to a statement issued by the paper,
hackers seem to have exploited a vulnerability in the Times' WordPress installation.
The paper uses WordPress to manage its events.latimes.com subdomain.
Personal information belonging to some 55 million voters in the Philippines
has been exposed after the entire database of the Philippines Commission on Elections was leaked online.
This is bigger than the U.S. OPM data breach,
but only if you restrict your count to just the 20 million people whose security clearance forms were lost,
and exclude all the other acquaintances and references those 20 million listed in their forms.
If you add in those others, then, well, the U.S. is still probably number one.
So, American listeners, you can still feel free to chant USA, USA, in the general direction of OPM, should you be so inclined.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist
who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta. Here's
the gist. Vanta brings automation to evidence collection across 30 frameworks like SOC 2 and
ISO 27001. They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
Joining me once again is Joe Kerrigan.
He's from the Johns Hopkins Information Security Institute, one of our academic and research partners.
Joe, you and I both had the privilege of attending the Women in Cybersecurity Conference last week in Texas.
I thought it was a great event. What was your take on it?
I also thought it was a great event. It was a lot of energy.
I spent most of my time in the exhibit hall trying to recruit new students,
undergrad students, into our master's program that we have at the Information Security Institute.
And I got to meet a lot of great people.
You actually had one of your grad students there with you. And what was her take on it?
She enjoyed it greatly. She thought it was a great learning experience. She actually got to learn a lot of technical information and be exposed to different ways of learning it. She
also got a, it was a great networking experience for her as well.
Yeah, I really thought there was a really amazing energy to that conference.
You know, well attended, about 750 people.
And you could really tell walking around that it was just one of those events where everyone seemed to really enjoy being there.
Yes, and you and I were definitely in the minority there.
I know, right.
Who better to talk about the Women in Cybersecurity Conference than you and I, two men.
Right, Two men. Two men. Yeah. Well, I'll take the opportunity to tease the fact that we will be releasing a special edition of
our podcast, which will have coverage of the Women in Cybersecurity event. So look for that.
Joe Kerrigan, thanks once again for joining us. It's my pleasure.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact,
over one-third of new members discover they've already been breached. Protect your executives
and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner.
Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.