CyberWire Daily - Daily: US banks warned to get their security act together. Security trends.
Episode Date: June 8, 2016In today's podcast we hear about trends in phishing, ransomware, and distributed denial-of-service—and none of those trends are particularly good. We hear why some ransomware may keep coming back af...ter it's been removed. US bank regulators warn financial institutions to mind their security manners in the wake of the SWIFT-related fraudulent transfers, and investigation into the Bangladesh Bank hack still point toward Pyongyang (with a slight nod in the direction of Shanghai. The FBI is actively stinging potential jihadists, and Singapore gets ready to wean its civil servants from the Internet at work. And we welcome our newest research partner, Dr. Charles Clancy from Virginia Tech's Hume Center. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Get groceries delivered across the GTA from Real Canadian Superstore with PC Express.
Shop online for super prices and super savings.
Try it today and get up to $75 in PC Optimum Points.
Visit superstore.ca to get started.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me. I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners,
today get 20% off your Delete.me plan
when you go to joindeleteme.com slash N2K
and use promo code N2K at checkout.
The only way to get 20% off
is to go to joindeleteme.com slash N2K and enter code N2K at checkout.
That's joindelete me.com slash N2K code N2K.
Phishing, ransomware and the state of the Internet.
Why some malware comes up again even after cleaning.
Investigations into the Bangladesh bank hack continue,
with attention centering on North Korea,
and with some suspicion that the DPRK may have bought some access from moonlighters in Shanghai.
Another acquisition in the cyber sector, and no one's immune from a tight labor market.
Singapore will restrict civil servants' Internet access next year, and wants to keep official from a tight labor market. Singapore will restrict civil servants
internet access next year and wants to keep official email out of private channels. The FBI
continues its investigation into alleged public-private email co-mingling and various
strains of jihad and counter-jihad cross paths online. I'm Dave Bittner in Baltimore with your CyberWire summary for Wednesday, June 8, 2016.
Bogus Apple domains are the source of several phishing expeditions targeting users in the UK and China.
FireEye says the phishers are after Apple IDs and passwords.
Another phishing campaign is out to double-tap victims of the Mt. Gox cryptocurrency exchange collapse.
If you lost money in Mt. Gox,
CYRAN warns, expect to be phished from the notorious Kraken exchange.
Locky and TeslaCrypt ransomware are being overtaken by a crimeware dark horse called Crisis.
ESET researchers report that Crisis is unusual in that it seems largely agnostic with respect to file extensions.
Most crypto ransomware picks out certain extensions for encryption, but crisis goes after pretty much everything.
Black Shades is also still out there as ransomware attacks show no signs of abating.
Black Shades, as Trend Micro notes, accepts ransom by PayPal and taunts security researchers with subliterate boasting
embedded in its code. Blackshade's victims are still mostly English and Russian speakers.
SecureWorks offers an explanation for the apparent recurrence of some malware in cleaned systems.
Some attack code exploits BITS, a native Windows tool used to retrieve updates.
The Bangladesh bank hack still looks to many like a North Korean job,
although there are some suggestions that the attackers may have bought some of their access
from moonlighting hackers who have day jobs in China's People's Liberation Army. F-Secure's
Miko Hyponen notes that the cool billion the thieves almost got away with would have solved
a lot of budget problems for the DPRK, which runs on about
$4 billion a year.
Whoever was behind the fraud, the theft may well have been enabled by compromised and
lousy passwords.
Not as bad as da-da-da, perhaps, but not much better.
We hear there's this guy who was using da-da-da for his LinkedIn and Pinterest accounts, if
you can believe it.
In any case, U.S. bank regulators have joined the international chorus of financial system minders
telling banks to up their security game.
The Federal Financial Institutions Examination Council, FFIEC,
which numbers among its members the Federal Reserve, the Federal Deposit Insurance Corporation,
and the Comptroller of the Currency, didn't issue any new rules,
but advised banks to review their risk management practices and their controls over payment networks.
So the warning amounts to a stern counsel to mind your compliance and your best practices,
lest you sustain scrutiny from regulators, which of course you will.
This week sees a number of trend reports.
The New York Times points with alarm to the well-known state-driven market for zero days, and the aforementioned Mikko Hypponen observes that the notorious
difficulties of attribution make cyber-weaponry perfect for the sort of semi-deniable hybrid
war being waged in many parts of the world today.
Akamai's quarterly State of the Internet report sees a continuing rise in distributed
denial-of-service attacks, and observes that many of these are using stressor, booter-based botnets.
DDoS remains cheap and it remains an effective misdirection technique to mask other attacks.
Akamai also reports that account takeover attacks are particularly targeting financial
and entertainment verticals. In industry news, Fortinet announces its acquisition of ExcelOps,
the Silicon Valley's security information and event management shop. Fortinet sees the
acquisition as a play to move security intelligence to the cloud. And U.S. Cyber Command isn't immune
to a tight labor market. Major General Paul Nakasone, commander of its National Mission Force,
says that while recruiting is fine, retention is proving more challenging.
Elsewhere in the U.S., the Intelligence Advanced Research Projects Agency, IARPA,
the IC's homegrown version of DARPA,
is soliciting ideas for innovative and deceptive approaches to cybersecurity.
Looking at cybersecurity research more generally,
the Cyber Wire is pleased today to welcome its newest research partner,
Virginia Tech's Hume Center.
We spoke with the Hume Center's director, Charles Clancy,
about his organization and its research interests.
We'll hear from him after the break.
Singapore is going to restrict its civil servants' Internet access dramatically,
hoping thereby to reduce its government's vulnerability to phishing,
water-holing, and so on. They can say adieu to freely surfing the web by May of next year.
Such surfing, we note, isn't necessarily or even usually frivolous. There are lots of important
business reasons to maintain access to the internet. It's interesting that one of the
tech-savviest governments on the planet is working toward this kind of separation.
Civil servants will still be able to access the web from private devices,
as long as those endpoints have no access to government email.
The government will provide dedicated and closely controlled terminals
for those personnel whose work requires internet access.
In the U.S., the FBI's investigation of some American government officials' use of personal servers
that may or may not have commingled personal and government emails continues,
but behind a discreet investigatory veil of secrecy,
some civil servants are said to have received partial immunity.
And finally, as anti-ISIS jihadis from Iran's Revolutionary Guard
take to online media to tweak the self-declared caliphate,
the FBI director warns that those who flirt with jihad risk arrest.
The bureau has apparently expanded its use of sting operations to net aspiring terrorists,
so surfers beware, and stay clear of that guy from the Revolutionary Guard.
He calls himself Abu Azrael, that's father of Azrael.
Azrael, our stringers tell us, would be the angel of death, so Abu Azrael must be a dangerous guy.
In any case, he seems to act as ruthlessly as his enemies.
Miller Lite. The light beer brewed for people who love the taste of beer
and the perfect pairing for your game time.
When Miller Lite set out to brew a light beer,
they had to choose great taste or 90 calories per can.
They chose both because they knew the best part of beer is the beer.
Your game time tastes like Miller time.
Learn more at MillerLite.ca. Must be legal drinking age. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on
point-in-time checks. But get this, more than 8,000 companies like Atlassian and Quora have
continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation
to evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize key
workflows like policies, access reviews, and reporting, and helps you get security questionnaires
done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn as she discovers the best yet fiercest part
of herself. Based on the acclaimed novel, Night Bitch is a thought-provoking and wickedly humorous
film from Searchlight Pictures. Stream Nightbitch January 24 only on Disney+.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
And it's my pleasure today to introduce our newest academic and research partner.
Dr. Charles Clancy is the director of the Hume Center for National Security and Technology.
They're part of Virginia Tech.
Dr. Clancy, welcome to the Cyber Wire.
Thanks. It's great to be here. They're part of Virginia Tech. Dr. Clancy, welcome to the Cyber Wire.
Thanks. It's great to be here.
Just as by way of introduction, could you tell us a little bit more about yourself and the kind of research that goes on there at the Hume Center?
Certainly. The Hume Center at Virginia Tech was established in 2010
really to try and help bridge the gap between students who are interested in careers in national security
and a growing demand by employers, both in the federal government and industry, help bridge the gap between students who are interested in careers in national security and
a growing demand by employers, both in the federal government and industry, for students who are
really interested and understand the world of national security. Given cybersecurity is an
increasing challenge to our nation, it's a key focus of much of the curriculum that we've developed
and the student-oriented programs that we have unveiled over the last few years.
What are the particular areas of research that you are interested in personally?
Personally, my research has historically been in wireless security.
I've done a lot of work in cellular, and as the Internet of Things becomes a key part of cellular,
doing a lot of work in the Internet of Things and security challenges for the Internet of Things.
doing a lot of work in the Internet of Things and security challenges for the Internet of Things.
All right. Well, we look forward to talking to you as time goes on and learn about some of the interesting things that you all are working on there. Thanks for joining us.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your
company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire. We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable. Thank you. Your AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.