CyberWire Daily - Daily: RSA retrospective. RoK accuses DPRK of hacking. KeRanger updates. Cyberwar investments.
Episode Date: March 8, 2016Daily: RSA retrospective. RoK accuses DPRK of hacking. KeRanger updates. Cyberwar investments. Plus the University of Maryland's Center for Health and Homeland Security's Markus Rauschecker discusses ...how social media companies are joining the fight against ISIS. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. back. If you're not killing these people, then who is? That's what I want to know. Starring Kaley Cuoco and Chris Messina. The only investigating I'm doing these days is who
shit their pants. Killer messaged you yesterday? This is so dangerous. I got to get out of this.
Based on a true story. New season premieres Monday at 9 Eastern and Pacific. Only on W.
Stream on Stack TV. Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash N2K and use promo code N2K at checkout. The only way to get 20% off is to go to joindeleteme.com slash N2K and enter code
N2K at checkout. That's joindeleteme.com slash N2K, code N2K. tensions on the peninsula continue. A sophisticated bit of Android malware targets banks in Turkey, New Zealand, and Australia.
Apple appears to have contained KeyRanger ransomware,
but ransomware continues to increase
its criminal market share.
Brazilian coders stay busy crafting cross-OS malware.
That cyber pathogen the San Bernardino DA was worried about
turns out to be nothing at all.
Really, nothing.
And the University of Maryland's
Marcus Roshecker assesses the progress of social media companies in the struggles with ISIS.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Tuesday, March 8, 2016.
As the U.S. and South Korea conduct joint military exercises and shore up collaborative defenses against cyber threats,
the Republic of Korea's National Intelligence Service accuses North Korea of a systematic campaign of hacking senior South Korean officials' smartphones.
The objectives seem to be those of conventional espionage,
South Korean officials' smartphones. The objectives seem to be those of conventional espionage,
but the incidents come at a difficult time of heightened sensitivity to Pyongyang's nuclear capabilities and aspirations. ESET reports a new and unusually sophisticated form of Android
malware. Spy.agent.si is currently most active against banking targets in Turkey, New Zealand,
and Australia. The malware poses as a version of
Adobe Flash Player, which alone ought to be sufficient to put wearier users on alert,
and then locks an Android device's screen until the user enters the passcode, which, obviously,
the malware goes on to steal. Android phones are widely used in two-factor authentication.
Come to think of it, one of our stringers uses his phone for practically nothing else,
and it therefore seems that spy.agent.si is being used to compromise two-factor authentication by capturing the authentication codes banks send out.
In addition to being wary of things that pretend to be Adobe Flash Player, but ain't,
another good way to protect yourself is not to download apps from places other than the Google Play Store. So far at least, the impresarios of spy.agent.si
haven't been able to get themselves into Google Play.
The post-mortem on the KeyRanger Mac ransomware continues.
Apple clapped a stopper over it relatively quickly
after being tipped off by Palo Alto,
and it's thought that only some 7,000 devices were affected.
KeyRanger takes a number of pages
from the well-established Windows ransomware playbook.
It offers a bogus tone of customer support,
including a FAQ,
along with its extortion instructions,
and gives infected users a deadline for payment.
In this case, it appears to be 72 hours.
KeyRanger was distributed via a legitimate BitTorrent service,
and it's still out there in the wild, so take care.
Users should be aware that this ransomware won't cause a pop-up dialog box to appear,
nor does it require root access to encrypt files. The best protection, experts say,
is to run antivirus protection on your Mac and, as always, to regularly back up your files.
Observers see KeyRanger as confirmation of the increasingly important role ransomware plays in the criminal economy,
and of course older, familiar ransomware variants remain active.
One new infestation is bothering users of the restaurant review service Burp.
Visitors are directed to the Angler Exploit Kit, which in turn serves up a big helping of Tesla Crypt ransomware.
Kaspersky notices a troubling development in Brazil.
Black market coders are busily at work on cross-OS malware. It's being distributed as Java JAR executables that will
function equally well on Windows, Mac OS, and Linux systems. Right now, the proofs of criminal
concept are functioning as malware droppers, but Kaspersky researchers predict that we'll soon see
full-fledged banking trojans emerge from development.
In patch news, Google issues two security fixes for Android media server.
This makes more than two dozen patches for media server since the stage fright vulnerability was disclosed in August of last year.
In industry news, SecureLogic has acquired Computer Room Solutions for a reported $40 million.
Analysts look at IBM's recent acquisition
of Resilient Systems. They think Resilient's incident response system will give IBM the
ability to compete against market leader FireEye, and that it will also give IBM an integrated
end-to-end security operation and incident response offering. The U.S. cyber war against
ISIS is widely expected to boost what the newspapers are inevitably calling the cyber-industrial complex.
Observers see in the Pentagon's plans a $7 billion windfall for cybersecurity companies and the big integrators with whom those companies work.
A senior official of the U.K.'s GCHQ considers the return on investment of the £1 billion they've spent on cyber over the past five years
and concludes that the return on investment has been disappointing.
Reliance on cooperation and information sharing haven't worked, Alex Duedny told RSA last week,
and it might be time for what he calls a more interventionalist policy.
In the U.S., the Federal Trade Commission looks at what it considers a rising tide of identity theft
and warns that it may consider heavier regulatory oversight of data security.
The Federal Aviation Administration is working on cybersecurity regulations for aircraft manufacturers,
and the Department of Health and Human Services is looking for healthcare professionals
willing to serve on its healthcare cybersecurity panel.
And finally, you may have heard some mention over the past few days of a
devastating dormant cyber pathogen, thought by some, or at least by the San Bernardino County
District Attorney, to be lodged in the San Bernardino jihadists' phone. No one really knew
what that meant, and the DA has distanced himself from the remark, although he has said it wasn't
entirely fear-mongering. But the trade press isn't calling it fear-mongering.
It's calling it hooey. Mmm, too sweaty. We could go skating. Too icy. We could book a vacation. Like, somewhere hot?
Yeah, with pools.
And a spa.
And endless snacks.
Yes! Yes! Yes!
With savings of up to 40% on Transat South packages, it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details. Conditions apply.
Air Transat. Travel moves us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies, like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for a thousand dollars off.
In a darkly comedic look at motherhood and society's expectations, Academy Award-nominated
Amy Adams stars as a passionate artist who puts her career on hold to stay home with her young son. But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking
and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
Cyber threats are evolving every second Only on Disney+. is a full suite of solutions designed to give you total control, stopping unauthorized applications,
securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and
compliant. I'm joined once again by Marcus Roshecker from the University of Maryland Center for Health and Homeland Security.
They're one of our academic and research partners.
Marcus, Washington has tried to enlist Silicon Valley in the fight against what they call extremism,
Marcus, Washington has tried to enlist Silicon Valley in the fight against what they call extremism,
and Facebook and Twitter have responded by blocking or otherwise interdicting some accounts associated with ISIS.
How effective do you think this is going to be? We all know that terror groups are using social media to conduct propaganda and also to recruit new members.
It seems to be very effective for them to use social media to accomplish those goals for themselves.
So we see companies like Facebook and Twitter shutting down those accounts that they see as threatening or promoting terrorist acts.
And Facebook and Twitter have done a fairly good job of this.
Since 2015, Twitter has reportedly suspended over 125,000 accounts that use threatening language or promote terrorist acts.
So we see Facebook and Twitter do a lot to try to get rid of those accounts that are used by terrorist groups.
But of course, it can be thought of as a game of whack-a-mole, where Twitter and Facebook will close down one account,
but 10 others will pop up spreading the same
message as the one that was just shut down. So it's definitely a hard fight for Facebook and
Twitter and other social media providers to try to shut down these accounts that the terror groups
are using. But that doesn't mean that Facebook and Twitter's actions aren't successful to a
certain extent, because whenever an account is shut down,
it does kind of limit the messaging
that some of these terror groups can put forth.
So we're seeing Twitter and Facebook shutting down these accounts,
which of course is a good thing,
but we're also seeing that new accounts are popping up.
So we'll see this continue on and on,
but ultimately I think this is probably the extent of what Twitter
and Facebook and other social media sites can do in terms of shutting down the social
media accounts.
And of course ISIS has put Facebook and Twitter on notice saying that they can expect retaliation.
Do you think that they should be worried about it?
I mean up to now ISIS hasn't exactly shown a whole lot of proficiency
at hacking. What we see from ISIS when it comes to cyber attacks is usually some sort of attack
on a social media account. We don't see any really sophisticated attacks up to this point.
But that isn't to say that they couldn't get that capability from somewhere else. They could
purchase that capability, perhaps, or they could actually recruit some technical experts
who would be able to conduct more sophisticated attacks.
So it's important to stay vigilant, obviously.
Facebook and Twitter have to keep vigilant
against potential ISIS threats,
but at this point in time,
it doesn't seem like Facebook and Twitter
have too much to worry about. Marcus Roshecker, thanks for joining us.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your
company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Thank you. impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.