CyberWire Daily - Date extortion attempt against Liberty Life. Rex Mundi, Black Hand arrests. Hidden Cobra's back. Clipboard hijacking hits cryptocurrency wallets. ZTE, Huawei security fears. Pulp fiction.
Episode Date: June 18, 2018In today's podcast we hear that Liberty Life has sustained an attempt at data extortion. In separate operations, international police agencies cooperate against Rex Mundi, Black Hand, and the remn...ants of Silk Road. Cyber espionage notes. North Korean hacking resumes. More clipboard hijacking afflicts cryptocurrency wallets. Security concerns tighten around ZTE and Huawei. And pulp fiction: from Russia with love, and from the Clinton Library. Malek Ben Salem from Accenture Labs on concerns over emerging technology capable of voice impersonation. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Liberty Life sustains an attempt at data extortion.
In separate operations, international police agencies cooperate against Rex Mundy, Black Hand, and the remnants of Silk Road.
We've got some cyber espionage notes.
North Korean hacking resumes.
More clipboard hijacking afflicts cryptocurrency wallets.
Security concerns tighten around ZTE and Huawei.
And pulp fiction from Russia with, if not quite love, an at least intense activity, and also from the Clinton Library.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Monday, June 18, 2018.
South Africa-based insurer Liberty Life reported Saturday that it had sustained a breach by unauthorized parties.
It's an extortion play under a veneer of freelance penetration testing.
Liberty, which says it regained control of its systems by Sunday, said of the attack,
quote,
An external party claims to have seized data from us, has alerted us to potential vulnerabilities in our systems, and has requested compensation for this.
Reports say the hackers claim to have obtained sensitive data about top clients, which they intend to release if their extortion demands aren't met.
Liberty denies early reports that it was negotiating payment with the attackers.
Note that this isn't a ransomware case.
Liberty's data hasn't been encrypted and rendered unavailable.
Instead, the hackers are threatening to release the data publicly if they're not paid.
Liberty now also faces the risk of being fined for breaching the Protection of Personal Information Act,
which is administered by that country's information regulator.
Thus, regulatory risk accompanies financial and reputational risk.
The Liberty incident is reminiscent of one last year that's just been rolled up with arrests by a multinational law enforcement effort.
Europol has arrested five alleged members of the Rex Mundi cybercrime gang.
The operation was an international one, with participation by the French National Police, Europol has arrested five alleged members of the Rex Mundi cybercrime gang.
The operation was an international one, with participation by the French National Police,
the UK Metropolitan Police, and the Royal Thai Police.
Rex Mundi overreached itself last year with a data extortion attempt during the hack of an unnamed British company.
A francophone member of Rex Mundi tugged on Superman's cape by calling
Europol to demand a €580,000 ransom in Bitcoin for non-disclosure of the customer data stolen,
or alternatively, more than €825,000 for information on how Rex Mundi compromised the
firm's systems. Researchers at security firms F5 and Lorica report substantial
cyber espionage activity targeting last week's Trump-Kim summit, most of it from Russia,
which obviously has an intelligence interest in the negotiations.
The New York Times reports that U.S. Cyber Command has received and is using authorities
to conduct offensive cyber operations.
The operational template is thought to be drawn from that used against the Islamic State.
But Pyongyang, as many have had occasion to note, hasn't been idle either.
U.S. CERT warns that DPRK hackers are back,
with the hidden Cobra threat group deploying TypeFrame malware in its distribution
of remote-access Trojans. There are some steps an enterprise can take to protect itself from
TypeFrame. As Plixer's Director of Audit and Compliance, Justin Jett, pointed out to us in
an email, TypeFrame uses a set of known IP addresses. These are identified in the US cert report and blacklisting those IP
addresses is not a bad place to start. Bitcoin and Ethereum investors have been
hit with another round of wallet looting. According to Kihu360, the technique is
the familiar one of clipboard hijacking. They get your clipboard and from that
they get your wallet's address. These addresses being too complicated
to be conveniently typed afresh each time they're used. French authorities have taken down the
Black Hand dark web market. Black Hand specialized in selling both contraband, like drugs and weapons,
but also stolen databases, banking data, and bogus documents. The main administrator and several other people are now in custody.
Alleged Silk Road collaborator Variety Jones, whose actual name is Roger Thomas Clark,
has been extradited to the U.S. from Thailand to face charges related to the now-defunct dark web market
once run by the dread pirate Roberts, a.k.a. Ross Ulbricht. Mr. Clark, who had famously
boasted that the authorities had nothing on him, will now have an opportunity to try that
confident assessment in an American court. The U.S. Senate is expected to take up ZTE's
lifeline this week, deliberating whether to withdraw it on security grounds. Congress is believed
interested in taking on Huawei next. There appears to be considerable bipartisan support
building for a ban on both companies' products. Huawei is also facing security worries in
Australia, where the company may find itself excluded by the government from participation
in that country's impending 5G build-out.
Huawei is the world's third-largest manufacturer of smartphones,
trailing only Samsung and Apple, and a leader in 5G technology.
The Australian Broadcasting Corporation has an account of why Australia is so skittish about Huawei.
Their concerns seem to derive from the difficult experience another of the Five Eyes, the United Kingdom,
had when British Telecom concluded a major deal with Huawei in 2005.
The experience is believed to have been an unhappy one from the point of view of infrastructure security.
ABC, reading between the heavily redacted lines of a GCHQ report on Chinese exploitation of the BT-Huawei connection,
thinks Australia has received sufficient warning from its British partners to fight shy of
any major engagement with Huawei.
The impresario who's serving as the public face of the Russian online service USA Really,
Aleksandr Malkovich, is busily disporting himself in Washington.
He showed up outside the White House on Flag Day last week,
intending to lead some sort of demonstration for which few alas showed up,
but he seems undeterred.
He's come to, quote, test the limits of American freedom, end quote,
doing so by, among other measures, sporting a variety of legible t-shirts. One
had the Russian language equivalent of effing morons displayed below a picture of the Russian
foreign minister wearing a disdainful expression, and renting a co-working space near the executive
mansion. The co-working space didn't work out. WeWork gave Mr. Malkiewicz the heave-ho just two hours after he
entered the building, which is probably some sort of record. Foreign policy suggests that Mr.
Malkiewicz is either a troll or a bumbling self-promoter. Some of his outlet's offerings
are from a sub-tabloid level of journalism. One in particular, quote, man served his friends tacos made from his severed limb,
end quote, has drawn particular comment. He's not without some credentials. He is, for one thing,
a member of the Civic Chamber of the Russian Federation, a group that advises the Duma on
media policy and other matters. His USA Really venture is backed by funds from the Federal News Agency,
a Russian outfit connected to the Internet Research Agency,
the now notorious St. Petersburg troll farm.
Whether Mr. Malkovich is a forward-deployed troll, a hyperactive hambone,
or, perhaps most likely, a mix of the two,
well, welcome to the Beltway, sir.
Hyperactive hambones often enjoy a good run,
thereabouts. And finally, people are reviewing the latest thriller, out just in time for beach
reading. This one is a big summer novel co-authored by James Peterson and former President Bill
Clinton. It's called The President is Missing, and it's all about international cyberattacks,
and so forth. We haven't read it yet because we haven't gone on vacation yet,
but our editor swears that if the suits hire him an assistant,
he'll schlep a copy with him the next time he goes to North Point State Park in Edgemere,
his favorite relaxation spot, and then he'll tell us about it.
As far as we can tell from reviews in Ars Technica, The Atlantic, and Errata Security,
the book deals with the harem-scarum adventures of a U.S. president,
former governor of a southern state, John Duncan by name but Mary Sue by inspiration,
who disappears to fight Bosnian terrorists who've installed a wiper malware called Dark Age in every computer in the U.S.
Dark Age is President Mary Sue's MacGuffin.
Anywho, apparently, after a lot of freelancing gunplay
organized from the Prexy's unacknowledged
and off-the-book safe house somewhere in Virginia,
the president defeats the terrorists
and then delivers a speech to a joint session of Congress
to celebrate the nation's deliverance
and also offer his thoughts on gun control and the minimum wage.
So we'll let you know what we think, but if that ain't policy, we don't know Arkansas.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword. It's a way of life. Thank you. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies, like Atlassian and Quora have continuous
visibility into their controls with Vanta. Here's the gist. Vanta brings automation to
evidence collection across 30 frameworks like SOC 2 and ISO 27001. They also centralize key
workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for a thousand dollars off. And now a message from Black Cloak. Did you know
the easiest way for cyber criminals to bypass your company's defenses is by targeting your
executives and their families at home. Black Cloak's award
winning digital executive protection platform secures their personal devices, home networks,
and connected lives. Because when executives are compromised at home, your company is at risk.
In fact, over one third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And I'm pleased to be joined once again by Malek Ben-Salem.
She's the Senior R&D Manager for Security at Accenture Labs,
and she's also a New America Cybersecurity Fellow.
Malek, welcome back.
You know, I have a lot of interest in my voice.
It's how I make a living.
And you're going to share some research today about people using the forgery of voices
and the security implications that might come with that.
It's really concerning.
You know, with the wide use of digital assistants,
we are relying on our voice to interact with digital systems, right?
You know, with Apple, Siri, and Microsoft's Cortana, and Amazon's Alexa.
And with that voice, a lot of companies now are considering offering their own services through those digital assistants.
For instance, a bank may offer a service where you can access your banking account by talking to Alexa, which can talk to your banking account.
So what that means is that they have to build in voice authentication using those digital assistants.
The problem is because our voices are now out there, you know, especially your voice, like a one-minute sample of your recording, and some sample text, they're able to synthesize and create an audio file reading that text with your own voice.
So that creates several security problems, right?
If we're relying on our voice to authenticate to access certain accounts, and now that voice can be forged, then there's a huge risk to accessing those services.
forged, then there's a huge risk to accessing those services. The risk is even bigger if we know that, you know, companies like Apple and Google and Microsoft are recording voices from
hundreds of millions of people, and they're storing them for, you know, one year, 18 months,
etc. So any breach to that type of data would let the attackers,
would give them an opportunity to impersonate hundreds of millions of people. Obviously,
there are other attacks that would result from this type of software that can forge voices.
And by the way, the companies that created the software, you know, had the best intentions in
mind. They created the software so that they can help people who have lost their voice recover it, right?
Create software for those people that can let them interact with their environment.
But then this type of software can be misused.
Another type of attack is exactly spear phishing. You know, we're used to spear phishing through email,
but now this would make spear phishing through voicemail very believable,
and people may fall for it.
And then yet another attack is disinformation and blackmail.
Malicious actors could also fool a large group of people with this technology
by generating fake audio or video that can be used as blackmail for famous people, celebrities, or world leaders.
One could think of solutions where honest audio or video creators could embed a digital watermark into the media that they create, but that's no guarantee that everyone
will follow the same rules. Also, it's hard to independently tell whether a video or audio
recording has been falsified. So we'll have to basically rely on user awareness to counter this
type of attack, especially because it takes long to detect forgery.
And fabricating statements by world leaders, for example, or publishing fake videos,
would create problems much, much faster than those audios or videos could be debunked.
So again, we'll have to rely on user awareness to counter this type of attack.
It's an interesting thing of who becomes our trusted sources.
It seems like that could be an ongoing challenge as we head forward.
Malek Bensalam, thanks for joining us.
Thank you, Dave.
Just for fun, I spent about five minutes training one of the systems that Malek described.
Give it an idea of what my voice sounds like.
Here's what it spit out for me.
From the CyberWire studios at DataTribe,
I'm Dave Bittner with your CyberWire summary for Wednesday, May 30th, 2018.
So, I guess that kind of sounds like me.
I'm not going to be updating my resume anytime soon.
Still, if there's one thing we can count on,
this stuff is going to get better.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide. ThreatLocker
is a full suite of solutions designed to give you total control, stopping unauthorized applications,
securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for CyberWire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technologies.
Our amazing CyberWire team is Elliot Peltzman,
Puru Prakash,
Stefan Vaziri,
Kelsey Vaughn,
Tim Nodar,
Joe Kerrigan,
Carol Terrio,
Ben Yellen,
Nick Vilecki,
Gina Johnson,
Bennett Moe,
Chris Russell,
John Petrick,
Jennifer Iben,
Rick Howard,
Peter Kilpie,
and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. AI solutions that are not only ambitious, but also practical and adaptable. That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.