CyberWire Daily - Daily: SWIFT seeks better security, what business wants from (US, UK) government, fast exploits.
Episode Date: May 23, 2016In today's podcast, we hear about attempts by SWIFT to work toward upgraded security with clients. Japan sustains a coordinated looting of ATMs (to the tune of ¥1.44 billion). Operation Ke3chang retu...rns to snoop on Indian diplomatic missions. ISIS returns to inspiration. Business gives advice to government in the UK and the US, and investors see recent cyber stock price corrections as, maybe, a buying opportunity. We learn about monitoring your wireless attack surface from Pwnie Express' Paul Paget. And Joe Carrigan from Johns Hopkins Information Security Institute shares how they keep Mom safe online, Baltimore style. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Swift works with its clients to improve security.
ATMs get looted in Japan.
A final follow-up on the realization that 2012's LinkedIn breach was
bigger than thought. So old, but really big. Operation Kichang is back, now new and improved
with Tidepool malware. ISIS information ops turn to inspiration and may betray some uncertainty
about the group's ability to hold its core territories in Syria and Iraq. British and
American officials get some cyber policy advice from business.
Investors in the cyber sector see recent corrections as, perhaps, a buying opportunity.
And how they keep moms safe online, Baltimore style.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Monday, May 23, 2016.
The Swift Financial Transfer System is working with its customers
to stop theft of the kind and scale the Bangladesh Bank suffered earlier this year.
It's promising a security upgrade, and in the meantime,
it's offering suggestions for superior, more secure implementation
to its partners in the financial sector.
Among the initiatives SWIFT advocates is more sharing about attempted breaches,
particularly those involving fraudulent transfers.
Indeed, the system has told its clients that they're obligated to provide such information under the terms of service.
Another robbery occurred last week, but this was unconnected with SWIFT.
ATMs in Japan were systematically looted of 1.44 billion yen,
roughly equivalent to 12.7 million U.S. dollars,
in the early morning hours of May 15th.
The fraud appears to have involved around 100 collaborators who used forged payment cards.
Whether the card data came from skimmers or some other compromise is so far unclear,
but The Guardian reports that the card information was obtained from a bank in South Africa.
Investigation proceeds.
The Cyber Wire heard from John Gunn, vice president of communications at Vasco Data Security.
Gunn sees ATM fraud is likely to increase in the U.S. as EMV cards,
commonly called chip-and-pin cards, come into more widespread use at retail point-of-sale systems.
Criminals, he suggests, are likely to follow the path of least resistance towards ATMs.
Quote,
It's easy for fraudsters to buy stolen cards to make unauthorized withdrawals,
but it's nearly impossible to commit theft if they must also have the intended victim's mobile phone
physically at the ATM machine at the same time.
End quote.
Gunn says large banks are moving to integrate ATM security into their mobile banking apps,
and that we can expect to see them leverage customers' mobile devices to reduce fraud
across all channels.
Last week's report of a breach at LinkedIn turns out, we've seen, to have been simply
a recognition that the breach the business-focused social network sustained in 2012 was much
larger than realized.
Some 117 million users' credentials were discovered for sale as a commodity on darknet criminal markets.
So, not a new breach, but belated recognition that an old breach was more serious than realized.
Savias' director of product management, Jay Botello, told the CyberWire that this case is an example of the way in which security experts have tended to be overwhelmed by poor quality data.
The risk has been that even critical alerts can go unrecognized.
Botello says, quote,
The good news is that automated data collection technologies are available today that help identify and capture the relevant network traffic for use in investigations, either at the
time of an alert or months later, end quote. Such systems increasingly provide not only data,
but sufficient context to examine a breach for what Botello calls the who, what, where, and when.
We talk a lot about minimizing your attack surface, giving the bad guys and gals the
least amount of opportunity to gain access to your network.
One of the challenges these days, especially if your company has a bring-your-own-device policy,
is that most of those devices have one or more wireless systems built in, like Wi-Fi or Bluetooth.
Paul Padgett is CEO of Pony Express.
We're used to seeing attacks come from afar through websites.
We're used to seeing phishing attacks through
email. And now we're starting to see attacks directed at users because of the susceptibility
of the devices they carry. And those devices are bridges for the bad guy to get into the
authorized network because that user has credentials. And that's, you know, so it's a
stepping stone to get into the network.
Padgett says many companies are vigilant about protecting their internal network,
but have a harder time knowing what's going on in the wireless spectrum all around them.
So it started with the simple idea of, hey, can you show us what's communicating in and around
our network because we can't see this stuff anymore. We've actually tightened our firewalls and our
rules so much that we can only see the devices that we know, that we've authorized, that we've
provisioned. We can't see devices that are communicating wirelessly. To do this, you do
need something with an antenna and a receiver so you can see the signals. Fortunately, the devices
that we all use broadcast a lot of information about themselves. So we can see all that.
And all the intelligence is fed centrally into a cloud-based application.
It's important to look for attackers trying to hit your Wi-Fi, of course.
But Padgett warns it's not unusual to see vulnerable access points added to a network
through the course of doing normal day-to-day business.
The kinds of things we see as anomalies are pretty interesting.
They're things that are misconfigured by employees. You know,
somebody comes in and plugs in an HP printer, plug it into the network, it's a network printer,
but the Wi-Fi is on by default and password is password. So it's an open connection,
not just to that printer, but it's an open connection to that network that anyone can
access. So those are the kinds of things that become risks to the organization.
That's Paul Padgett, CEO of Pony Express.
Palo Alto's Unit 42 reports that Operation Kachang has resurfaced,
now with new Tidepool malware.
Kachang is a cyber espionage campaign, and its targets remain mostly Indian diplomats.
There's no attribution yet, and Unit 42 is cagey about offering hints,
but they do go so far as to suggest that, as the Magic 8-Ball might put it, signs point to China.
ISIS returns to inspiration in cyberspace, calling for lone wolf attacks in Europe and the U.S.,
should you, the jihadi, be unable to reach the front lines in Syria or Iraq.
It's also stepping up recruiting in India
by promising vengeance for Muslim deaths in 2002's riots in the state of Gujarat.
These efforts suggest to some observers
a loss of confidence and ability to hold its core territory.
The U.S., meanwhile, is running an InfoOps campaign
in the form of
both physical leaflets and social media image sharing designed to undermine ISIS's hold on
its nominal capital in Syria. Residents are advised to flee to safety. Both Indonesia and
Japan announced plans to establish new cybersecurity agencies. Japan's is being characterized as a
white hat operation,
and will devote attention to the security of the upcoming Olympics.
American and British officials receive some advice from industry. Insurers in the United Kingdom want Her Majesty's government to establish and maintain a national database
of cyber incidents. In the U.S., startups tell Congress that data security, read encryption,
makes us all strong
and that Congress should draw the appropriate policy implications once it realizes this.
In industry news, IBM plans another round of layoffs as it continues its long repositioning of itself as a service provider.
Investors continue to wonder whether recent rough times for cyber stocks represents a buying opportunity.
Many seem to think so. Finally, we often hear about the importance of two-factor authentication
in staying safe online. Yet the redoubtable Graham Cluley posts a video from across the pond about
at least one service provider who seems unclear on the concept. This provider offers two-factor
authentication, that's good, but requires
customers to agree to receive advertising from various partners in order to get it.
Wait, hold on. Not so good. Really, chaps?
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews,
and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
Joining me once again is Joe Kerrigan from the Johns Hopkins University Information Security Institute. Joe, we've spoken before about some of the adventures that your mother has had with her
computer. You've got a new story, right? Right, right. As the guy with
a computer science degree, I get all the phone calls and all the tech support calls from the
family. I'm familiar with that. Right. So to give you a little background on this, my mom had a
sound playing on a machine that was telling her that she was infected with some kind of virus.
And she called me right off the bat and said, what do I do? I said, just turn the machine off
and bring it up to me.
And then I came in here and talked about it,
having not seen it yet
and imagining that she had somehow downloaded
some kind of malicious software or something.
When I did get the machine,
it turns out it wasn't even that sophisticated.
It was just a webpage that she had been visiting,
which I didn't even consider was actually an option,
although I've seen these things happen.
But it seems so basic and so simple that nobody would fall for it.
But it was convincing enough to get my mom to actually pick up the phone and call me.
And someone she knows actually picked up the phone
and called the people that the web page was telling them to call
and got scammed by these folks.
So they're doing it because it works, right?
These bad actors.
By the time I got the machine,
the website had been pulled down.
I couldn't even see what she was seeing at the time.
So what's our advice to our parents,
to our friends and family?
Something like this pops up,
what's the best thing to do?
Well, turn off the computer and call somebody and ask for some help or disregard it. Nobody's ever going to call you and say you
have a virus on your machine. If you're on a web page, there's virus. I don't know of a virus
product that opens up and says with a voice, you've got a virus on your machine, call this
number. And then they're going to ask you for a credit card number. They're going to ask you to
install more software. Those should be red flags that go up and you should not
be participating in that activity. All right, Joe Kerrigan, good advice for all of us who end up
being the lifetime unlimited tech support for our friends and family. That's right.
And now a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home,
your company is at risk. In fact, over one-third of new members discover they've already been
breached. Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire. We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Thank you. you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.