CyberWire Daily - Daily: Ransomware & DDoS combining. Malicious USB chargers. Cyber ops aren't 'bombs?
Episode Date: May 25, 2016In today's podcast, we hear about the current state of ransomware, why criminals like it, and what can be done about it. Keyloggers are being distributed by malicious USB charging devices. Blue Coat m...ay be headed for an IPO. US cyber operations have been called "cyber bombs," but they may be a lot more like battlespace preparation (and so traditional EW and intelligence). Microsoft Azure Active Directory does something about bad passwords. And Markus Rauschecker from the University of Maryland Center for Health and Homeland Security explains why the FCC and FTC are holding back on IoT regulation. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k and enter code N2K at checkout. That's join delete me dot com slash N2K code N2K.
Ransomware remains a problem and now it's being combined with DDoS.
A Kansas hospital finds that paying the ransom may no longer get you your files back.
Tesla Crypt is giving way to Cryptex. The FBI warns that malicious USB charging devices are
being found in the wild. They contain key loggers. Are U.S. cyber operations cyber bombs, or are they
battle space preparation? And I wonder, those passwords I find easy to remember. They're still good, right?
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Wednesday, May 25, 2016.
Ransomware continues to trouble enterprises worldwide.
It's increasingly being teamed with distributed denial-of-service attacks, that earlier form of cyber extortion,
and both sophisticated and blunt instruments of attack are being used in the wild.
More criminals are making use of combined ransomware and DDoS attacks.
NoB4, Invincia, and FireEye are tracking this development, and many observers think it represents
the new normal.
Such attacks are inexpensive to mount and promise a good payoff.
We can expect more of them.
We heard from Travis Smith, a security researcher at Tripwire,
on why ransomware has become so attractive to criminals.
Compared with other forms of cybercrime, he said, ransomware is easy to monetize.
Profiting from spamware or purloined data is time-consuming
and in many cases requires more expertise than the typical
criminal has. These forms of cybercrime also carry a higher risk of your being detected and
apprehended. It's also grown easier to get ransom demands paid. Smith said, quote,
the rise of anonymous cryptocurrency such as Bitcoin has made it easier than ever for attackers
to infect a machine with ransomware. The success of ransomware, Tesla Crypt still seems to be on its way to retirement.
We stress seems because of the frequency with which malware, botnets, and threat actors have returned from what
was thought to be their graves. Trend Micro adds its voice to those who see Tesla Crypt's former
users moving to Cryptex, one of the more sophisticated criminal tools. The blunt
instrument is represented again by Cyber.Police, whose foolish and unpersuasive lock screen message, shows a 12-year-old scareware design sense.
As in, you're caught, the cyber police have got you, are you ever in trouble?
But all that aside, Cyber.police is a nuisance and remains a problem for Android devices.
Backing up your data remains a sound approach to protecting yourself against ransomware, especially if you're an individual user.
approach to protecting yourself against ransomware, especially if you're an individual user.
It's a good practice for an enterprise, too, but in that context, it's more complicated and more difficult. Many enterprises have been tempted to pay the ransom in order to restore crucial
systems to operation. This has been true in particular of healthcare enterprises,
where availability of data and systems is crucial to patient care. Hollywood Presbyterian Hospital in Los Angeles
paid ransom in such circumstances and succeeded in restoring its systems.
But payment is no longer a reliable path to recovery, if indeed it ever was. Kansas Heart
Hospital in Wichita sustained a ransomware attack and made the judgment that it was better to pay
the ransom, as Hollywood Presbyterian did, than to fight through the attack, as MedStar did.
So Kansas Heart paid, but the attackers reneged on their promise to release the encryption keys.
The criminals decrypted a fraction of the affected data, then demanded further payment.
Kansas Heart has had enough. It's no longer paying.
Keyloggers are still with us.
The U.S. FBI recently issued a warning that it had found
USB charging devices bearing keyloggers. Be careful what you plug into your device,
no matter how innocent it may have looked at that trade show or just sitting there in the parking
lot. In industry news, it appears that Blue Coat, privately held for the last six years,
may be preparing for an IPO. There are rumors of a move in this
direction as early as next week. U.S. Army Cyber Command has integrated cyber operations into more
comprehensive combined arms training, and the other services have similar programs underway,
so the capability is being increasingly mainstreamed. In essence, as NSA Director
and Cyber Command Head Admiral Rogers put it last week,
the Department of Defense is determined not to give an enemy uncontested freedom of action in
cyberspace. U.S. Secretary of Defense Ashton Carter has been surprisingly open about the
offensive cyber operations against ISIS, even describing them as dropping cyber bombs. This is,
for the most part, metaphorical, and some observers take
exception to it. Defense One, for example, argues in an opinion piece that cyber operations are
better understood as, quote, what they are, changing spreadsheets, intercepting email,
jamming comms, and a lot of deception, end quote. Thus, not so much bombing as battle space
preparation, and battle space preparation is indeed what the tactical cyber exercises appear to include.
Finally, Microsoft's Azure Active Directory is now blocking weak passwords that have appeared among leaked data.
Thus reports the register,
Microsoft, even with an exclamation point for an I, a zero for an O, and a dollar sign for an S will not be accepted.
No word yet on Ninja, Let Me In, or 123456, so I figure I'm still good, right?
I mean, I use that for everything.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta. Here's
the gist. Vanta brings automation to evidence collection across 30 frameworks like SOC 2 and
ISO 27001. They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. Thank you. cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of
solutions designed to give you total control, stopping unauthorized applications, securing
sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com
today to see how a default-deny approach can keep your company safe and compliant.
And I'm joined once again by Marcus Roschecker from the University of Maryland Center for Health and Homeland Security,
one of our academic and research partners.
Marcus, I've been seeing recently that the FCC and Congress, when it comes to the Internet of Things, they're saying that this might not be the best place to impose a lot of regulatory law.
Yes. Well, at this point, it seems that imposing regulatory schemes on the Internet of Things
area would probably be premature. We're seeing a tremendous explosion of IoT devices. Of course,
it seems like these days everything is starting to be
connected to the internet. And we're certainly seeing some pretty cool things come out of that,
and consumers are demanding this interconnectivity. But at the same time, this also raises tremendous
vulnerabilities when it comes to these devices. As more and more devices are connected, the
vulnerabilities are increased. And the real problem is that a lot of these devices, while they are connected to the networks, are not secure enough when it comes to securing people's privacy or personal information.
And there's a real concern that more needs to be done when it comes to securing those IoT devices.
Implementing a regulatory scheme on top of this IoT field seems to also run counter to the incredible innovation that we're seeing in the IoT field.
Certainly, there are new ideas and new devices being developed almost on a daily basis.
And the fear is that if a regulatory scheme is placed on top of this, it would severely diminish the innovation that we're seeing these days. So there's a natural tension here between the innovation part and the security
part of IoT. There's no real good solution right now, I think. But certainly everyone recognizes
that more needs to be done when it comes to securing these IoT devices. There was a story
in The Hill recently where they quoted one FTC commissioner who said that they needed to exercise regulatory humility.
I think that's an interesting take on the situation.
I think there's a recognition on Congress's part and the community at large that the regulatory scheme does have a role to play.
community at large that the regulatory scheme does have a role to play. But when it comes to a new field like IoT, one really needs to think about how to best implement those regulations.
We certainly don't want to stifle innovation, but we do also need the security that is going
to protect those devices and the data that is being stored on these devices. Right now,
we're a little premature in terms of trying to implement some sort of regulatory scheme,
but I think further down the road, we'll probably see more action in this field.
All right, Marcus Roschecker, thanks for joining us.
Thanks very much.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk. Thank you. Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Thank you. platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to
your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.