CyberWire Daily - Daily: State hacking, state messaging. Crimeware evolution.
Episode Date: April 12, 2016In today's Daily Podcast we follow up on the Panama Papers' investigation, and, like everyone else, wait for the expected shoes to drop. BAE warns that Qbot has become more aware, more evasive, and ha...rder to block. Cisco's Talos predicts the disturbing rise of "crytpoworms." The US Federal CIO warns of the risks inherent in legacy systems. Guy Guzner from FireGlass helps us sort out the Panama Papers speculation, and Markus Rauschecker wonders if the FBI will have better luck convincing Apple to unlock another iPhone. And we take a trip down memory lane with the unlamented legacy code represented by Clippy. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
The expected other shoes have yet to drop in the Panama Papers case,
but investigations widen.
The means by which Mossack Fonseca was hacked remain unknown,
but there's some informed speculation out there. BAE warns of polymorphic Qubot malware,
and Cisco's Talos researchers grimly predict the rise of crypto worms. We hear about the risks of
physical loss, inattentive offboarding, and legacy systems. And finally, remember Clippy?
It looks like you're listening to a podcast.
And finally, remember Clippy? It looks like you're listening to a podcast.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Tuesday, April 12, 2016.
No major new developments in the Masek Fonseco Panama paper's journalistic investigation,
but reporters continue to hope for more names named and more information about how the leak was accomplished. British Prime Minister David Cameron strikes back in Parliament at what he characterized as the deeply hurtful inferences Fleet Street
and Her Majesty's loyal opposition are drawing from the leaks,
and Peru has joined El Salvador by raiding local Masakvonseko offices.
And Russia Today teases with quotations from Sidovich Zayayding's discussion of the possibility that secret agents from the CIA and elsewhere used Mossack Fonseco's services to conceal their activity.
Guy Guzner is from Fireglass, at the public-facing sites of the company
and some of their interfaces and found some interesting things
that may be related or not related to the bridge itself,
but may tell something about their stance on cybersecurity.
For example, it was found that their public-facing website was using outdated versions of both
WordPress and Drupal content management systems.
In fact, the Drupal system wasn't updated for three years, and we know that there have been a number of different vulnerabilities
that have been then patched in that system. So obviously they don't keep their system very much
updated and secure, and then it may apply to other places in their organization as well.
That's Guy Guzner from Fireglass. Their website is fire.glass.
BAE warns that a new polymorphic version of Q-Bot malware is circulating in the wild.
Q-Bot shows an awareness of its surroundings that's enabling it to be unusually evasive and
difficult to interdict, as polymorphic malware tends to be. Heimdall reports that Atmos,
an evolution of the venerable Zeus
malware by way of Citadel, is actively targeting banks in France. Atmos is also being delivered
in conjunction with TeslaCrypt, which suggests that criminals are, as expected, combining attacks
for the mutual misdirection. Ransomware itself continues to evolve in disturbing directions.
Cisco's Talos Labs warns that crypto worms appear to represent this class of malware's future.
As the name suggests, crypto worms are self-spreading
and require little or no user interaction to infect systems.
In industry news, the first cyber IPO, indeed the first major tech IPO of the year,
that of Dell SecureWorks, has received its initial valuation.
It appears likely to be $1.42 billion. Inadvertence and physical transfer continue to threaten data security.
The U.S. Federal Deposit Insurance Corporation, FDIC, sustained an inadvertent breach in February
that affected the records of some 44,000 customers. In this case, it wasn't hacking, but rather unfortunate off-boarding.
A departing employee had inadvertently downloaded files into a personal storage device,
then left with both device and data.
Both were returned without evident theft or compromise.
But there's a clear lesson. Pay attention to your off-boarding procedures.
Another lesson is to limit the use of portable storage devices,
a step the FDIC says is in its plans.
Such plans would figure into the general IT modernization initiatives the U.S. administration proposed in its Cybersecurity National Action Plan.
U.S. CIO Tony Snow sees such modernization as important to security.
Quote, A typical CIO in a typical agency spends a high percentage of his budget
just keeping his systems running,
Snow said at a passcode event in Baltimore this morning.
Trying to keep legacy systems running
involves a struggle against diminishing skill sets,
the difficulty of getting parts, and so on.
But agencies have a hard time replacing systems.
As new requirements emerge and laws are passed,
quote,
We wind up piling more
dirt on top of old immovable objects, as Snow put it. Finally, while we're thinking about legacy code,
and as we've been watching the recent travails of artificial intelligence, security travails,
workplace travails, chatbot travails, Duo Security urges us to remember Clippy. Clippy was that small
bug-eyed paperclip Microsoft used to
use as an intelligent user interface to offer you help as you did things in office. Looks like you're
writing a letter, Clippy would observe from the corner of your screen, full of hope that you'd
ask for its anthropomorphic help. Alas, few did ask, in part because too many people felt that
Clippy was leering at them in an unwelcome, male-gazy kind of way,
and also because he got to be kind of a pest, leering or not.
Well, Duo says it turns out Clippy was legacy code that also amounted to one big built-in backdoor.
How big?
Big enough to drive a truck full of malicious macros right into the old Vista operating system,
the OS between Windows XP and Windows 7. That's how big.
So those AIs, they come from good families, but sometimes they develop ways about them that just
aren't right. Are we right, Tay? Looks like you're using legacy code. No, you don't need Clippy's help.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks. But get this,
more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls
with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30
frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting, and helps you get security questionnaires done five times faster
with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to
vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
Thank you. suite of solutions designed to give you total control, stopping unauthorized applications,
securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant. Joining me is Marcus Roshecker.
He's the Cybersecurity Program Manager at the University of Maryland Center for Health and Homeland Security,
one of our academic and research partners.
Marcus saw a story recently that, once again, the Justice Department wants Apple to help unlock an iPhone.
This is not the iPhone in the San Bernardino jihadist case. This
is one in New York. Yes. So this issue between law enforcement and Apple continues. As you may
recall, the iPhone in the San Bernardino case was apparently cracked by the FBI through the help of
a third party. A third party was able to offer a solution that helped the FBI gain access to that
encrypted phone. But it looks like that solution is only applicable to the iPhone 5C model, which
was the model in the San Bernardino case, which means that for other cases that involve different
models of iPhones, the FBI will again need Apple's technical assistance to try to gain access to encrypted
information on those phones. So this is a case in New York, and this is a case that's on appeal,
is that correct? Yes. So this was also a pretty high profile case. It involved a drug dealer who
was using an iPhone. This drug dealer has actually pled guilty, but the FBI would still like to gain access to this person's
phone, which is encrypted. The phone does run an older version of the operating system, so the
assistance that Apple would have to provide wouldn't be as extensive as it would have had to
provide in the San Bernardino case. Apple would not have to build any new software. It would have
a much easier time to help the FBI gain access to
the phone. This case in New York also revolves around this legal issue of the All Writs Act.
Again, the FBI is relying on the All Writs Act to try to compel Apple to help them access the phone.
In the initial decision by the judge in this New York case, the judge actually ruled in favor of
Apple and said that the FBI could not rely on the All Rights Act to compel Apple to break into the phone.
Now, the Department of Justice has appealed this case, and then Apple will file papers
in opposition to the Department of Justice by April 15th, so in a couple of days.
We'll have to see how this progresses.
But certainly this issue of law enforcing,
trying to compel a person or a private entity to assist it pursuant to a court order,
that issue is still open. And we still need to get a final decision on that.
All right, Marcus Roshecker, thanks for joining us.
joining us. And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal
devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk. In fact,
over one-third of new members discover they've already been breached. Protect your executives
and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Thank you. and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare,
and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard.
Domo is easy.
Learn more at ai.domo.com Learn more at ai.domo.com.
That's ai.domo.com.