CyberWire Daily - Dogs that haven't barked. Surveillance authority reauthorization advances in the US Senate. Notes on ICS cybersecurity.
Episode Date: October 26, 2017In today's podcast, we hear that there's still no sign of the Reaper botnet doing anything. An update on BadRabbit—which for some reason seems to have hopped quietly away from its infrastructure. O...ther forms of more conventional ransomware, however, remain in circulation, in the wild. It looks as if Kaspersky software might have stumbled across NSA files after all. The US Senate Intelligence Committee has voted to reauthorize Section 702 surveillance authorities through the end of 2025. Ben Yelin from UMD CHHS on states' funding challenges when trying to sure up the security of their voting systems. Bob Ackerman and Dave DeWalt from AllegisCyber, on the occasion of their business announcements, discussing the investment climate for cyber security. And we have notes on ICS from Atlanta. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Several dogs aren't barking today.
Still no sign of the Reaper botnet doing anything.
An update on Bad Rabbit, which for some reason seems to have hop-hop-hopped quietly away
from its infrastructure.
Other forms of more conventional ransomware, however, remain in circulation in the wild.
It looks as if Kaspersky Software might have stumbled across NSA files after all.
The U.S. Senate Intelligence Committee has voted to reauthorize Section 702 surveillance
authorities through the end of 2025,
and we have notes on ICS from Atlanta.
I'm Dave Bittner in Baltimore with your CyberWire summary for Thursday, October 26, 2017.
Most attention today has been given to Bad Rabbit.
Experts are increasingly convinced that it's the work of the same threat actors responsible for NotPetya.
The consequences of NotPetya were so heavy that Bad Rabbit is being watched with considerable concern.
FireEye, ESET, Avira, McAfee, and others have noticed something curious and interesting about Bad Rabbit, however.
The servers and sites Bad Rabbit's controllers use seem to have shut down after just a few hours of activity.
The controllers appear to have taken down their own infrastructure. Why they might have done so
is a matter of conjecture. Some observers have speculated that they feared detection,
got spooked, and tried for a quick getaway. That's one possibility,
likeliest if Bad Rabbit is a
criminal caper. There are, of course, other possible explanations. The incident was
misdirection. The incident accomplished whatever it was intended to accomplish.
The controllers found they were wreaking unintended and undesirable consequences,
and so on. It's very early in the incident, and as usual, one expects that it will take the expert some time to sort things out.
Other ransomware remains active.
Iran's Computer Emergency Response Team's Coordination Center reports that variants of tyrant ransomware are circulating in that country.
Komodo has been tracking what it characterizes as a fourth wave of Icarus ransomware using the Assassin file extension.
rises as a fourth wave of Icarus ransomware using the Assassin file extension, and Fishme notes that Sage ransomware has assumed a more convincing form with a more engaging user interface and
easier payment options. The U.S. Senate has moved closer to enacting a version of Section 702
surveillance authority for NSA. There are competing versions circulating in Congress,
but on Tuesday,
the Senate Intelligence Committee voted 12-3 in closed session to send legislation to the
floor that would renew Section 702 through the end of 2025.
Kaspersky Labs' transparency and charm counteroffensive may have hit a bump.
The company acknowledged that its security software did indeed scoop up some NSA tools from a machine that should never have had them in the first place.
They say they promptly deleted the sensitive files, but some of the material they say they
inadvertently pulled in turned up in the hands of the shadow brokers. It's not known, of course,
that the brokers got their goods via Kaspersky Tools. But as they say inside the
beltway, the optics aren't good. In industry news, cybersecurity investment capital firm
Allegis Capital announced a name change to Allegis Cyber, as well as the appointment of
Dave DeWalt as a managing director. Mr. DeWalt is well known in the cybersecurity industry,
having previously been the CEO of both FireEye and McAfee. We spoke with Mr. DeWalt is well known in the cybersecurity industry, having previously been the CEO of both FireEye and McAfee.
We spoke with Mr. DeWalt along with Allegis Cyber founder Bob Ackerman on the occasion of the announcement at their DataTribe startup incubator.
We begin with Mr. Ackerman.
For us, Allegis Capital was the first dedicated cyber venture fund in the world.
And building on that success, we're always
looking for ways to where do we go next. And so Data Tribe is a startup studio to begin creating
companies here in Maryland was part of that initiative. We're also announcing that, you know,
my good friend Dave DeWalt, sort of one of the legends of the cyber industry, is joining Allegis
as a managing director. And, you know, for us, what that really brings is a lot of these young cyber companies,
they're phenomenal solution innovators, but they struggle on the commercial side.
And so bringing Dave into the team does a couple things for us.
It brings his network, his operating experience to bear in supporting our young companies.
We're also going to extend our investment focus a bit to early growth.
So historically, Allegis has been an early-stage venture firm focused on cyber.
With DataTribe, we're now incubating companies.
With Dave joining, we're also extending the platform to include early growth.
And the idea is that we want to be able to engage with the best
entrepreneurs regardless of their stage of development and really create in Allegis,
now being rebranded Allegis Cyber, kind of the go-to one-stop shop for entrepreneurs
who are doing meaningful things in cyber. Dave DeWalt believes the Mid-Atlantic region
has untapped potential. Well, one thing to understand is the amount of
talent that sits in this Washington, Baltimore, Virginia area. And so a guy who spent 30 years
in Silicon Valley building companies, 20 years in cybersecurity, you recognize how much talent
is sitting in this region. But when you sort of look at the amount of engineering talent,
then you look at the access to capital, and you look at how many commercial companies are produced, those ratios are quite a bit off.
So here, you know, this announcement of both Allegiant Cyber's fund as well as DataTribe
and its incubation model and the combination of those two really create a platform for government
and its ecosystem to roll out commercial products and roll them out successfully.
So this has really not been done before to really watch the capabilities of incubating a company,
seeding a company, launching a company, making it successful from cradle to grave, so to speak.
And it's about time because from one man's view, the threat landscape is driving a necessity for this type of solution to be built.
When we think about investing in this space, what we see is where the innovation, you know, is evolving.
You know, we can look at things like threat intelligence.
That's pretty well sorted out.
Endpoint, first generation, pretty well sorted out.
So I think in some of these legacy areas where there's a lot of innovation, I think we've wrapped our arms around the problem and the solution.
We're probably going to see some consolidation. But what happens is we see new frontiers, new domains
for innovation around cyber opening up. So, you know, we're real active, for example, in identity
authentication. And we think in a digital economy, authentication,
in fact, is one of the core pillars of cybersecurity. But you also think about
social. You think about consumer. You think about industrial. You think about satellite.
You think about cloud. These are all emerging domains that all of a sudden are sort of on the
front line of cyber threats. And that's where we see a lot of the innovation shifting going forward. That's Bob Ackerman along with Dave DeWalt from Allegis Cyber.
Today is the final day of the ICS Cybersecurity Conference. Our staff down in Atlanta found two
presentations this morning particularly interesting. Stephen Ridley, Senrio's CTO and founder,
spoke about the Devil's Ivy IoT vulnerability his company's researchers discovered earlier this year,
but his main points were,
Code and hardware reuse are pervasive across
verticals, he argued. The other presentation that merits a brief mention was by Dr. Peter
Vincent Pry, representing the EMP Task Force on National and Homeland Security. He made everyone's
flesh creep with an account of the EMP threat, that's electromagnetic pulse, that's not just to
the power grid, but to civilization itself. EMP occurs naturally in the form of solar
geomagnetic storms. We've seen big ones in 1859 and 1921, before the dawn of the electrical
civilization we now enjoy. And Prye says, you ain't seen nothing yet. We're due for another big one.
And it needn't be the sun behaving badly either. Mr. Kim would do just fine. EMP can also be
induced artificially, either by a nuclear weapon or on a smaller scale, by a non-nuclear EMP kit.
An EMP attack that's well within the demonstrated capabilities of a failed state like North Korea
could, Prye argued, take down the U.S. power grid for 18 months with an attendant loss of life on a
catastrophic scale. The Atlanta meetings have highlighted the challenges of securing industrial
systems, where environments and installations vary so widely that highly tailored security
measures seem a practical inevitability.
There's an interesting divide on evidence at the ICS Cybersecurity Conference.
The engineers who operate plants worry about doing so safely and reliably. They tend to fall into the more pessimistic camp. They're very much aware of the dependencies among systems,
including surprising dependencies, to the possibilities of cascading failure,
and to the difficulty of keeping complex systems in equilibrium. The cyber operators tend toward
the optimistic. They're engaged, at least imaginatively and sometimes actually, in thinking
about attack, and they perceive all of the attacker's difficulties that are so familiar
to military operators. To be sure, the attacker has the initiative and can choose the time and place of engagement.
Beyond that, the defender has advantages too.
It's not for nothing that conventional tactical wisdom
looks for a three-to-one advantage before going on the attack.
Thank you. purpose, and showing the world what AI was meant to be. Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now?
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta with her young son.
But her maternal instincts take a wild and surreal turn as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 thought-provoking and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+. And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And I'm pleased to be joined once again by Ben Yellen.
He's a senior law and policy analyst at the University of Maryland Center for Health and Homeland Security.
Ben, we have an article here from Politico.
The title is Cash Strap States Brace
for Russian Hacking Fight. Certainly, we've been seeing more and more information coming out about
voting systems, not just influence operations, but perhaps more than we thought. Voting systems
themselves may have been accessed, explored, probed, if you will. This article digs into the fact that some states are having some
trouble coming up with money to properly defend themselves. Yeah, so we know the threat is there.
Obviously, the administration has denied Russia's involvement to a certain extent in the 2016
presidential election, but the intelligence community has largely accepted their conclusions,
and we know that efforts will be made to affect the integrity of our voting systems,
including our voter databases, which contain personal information on American voters.
The problem is that states are indeed cash-strapped. There was a federal statute that
passed in the wake of the contested 2000 election called the Help
America Vote Act, in which federal money was appropriated to update electoral systems. For
the most part, states have run through that money. They no longer have access to those funds.
In addition, majority of states, I think almost all 50 of them require by their state constitutions a balanced budget.
So they're far less flexible to address growing threats, whatever they may be, than the federal
government, which can operate at a deficit. So many states of all political persuasions have
been pleading with the federal government to offer some sort of assistance to protect the integrity of voting systems.
So far, Congress has been resistant, to say the least.
I think one of the committee chairmen of jurisdiction, Senator Richard Shelby of Alabama,
basically said that this was a state problem.
Elections are a state domain and they need to figure it out themselves, which I think is technically true. But this this is even though elections are traditionally administered
at the state level we're beginning to recognize that this is a national problem that might require
a national solution and it's not just the potential that our systems are going to be
hacked it's about the confidence and the integrity of our electoral system. And losing that confidence, even in the absence of some sort of attack, is bad enough in and of itself.
So I think it's very concerning.
Yeah, explain the politics behind this for us.
I mean, it seems to me that assuring the integrity, as you say, of our electoral system would be an issue without much controversy coming
from either side, but not necessarily so. Yeah, so I think part of it is President Trump's
insistence that the Russian hacking did not have any tangible impact, if it did exist, on the 2016
presidential election, and frankly, some of his self-consciousness about the fact that
people think his victory is partially due to that election hacking. I mean, I think that's
a large part of the partisan response. And then there's also a more legitimate ideological
opposition among Republicans to appropriate federal money for an area that's traditionally
been in the state domain. According to our constitution, states administer their own elections.
And so I can understand philosophically why some political conservatives would want to keep it that way.
The problem is you can have that ideology, but you still have to put up with the impacts.
Whether the states are able to come up with funds to address the problems themselves is an extremely
open question. And you can have an ideological opposition, but that's not going to solve a very
pressing problem. So you have to decide whether you want that ideological opposition to supersede
your ability to address a national problem. You know, Russia is not only going to be attacking
a limited number of blue states, they have broad, wide already exists.
And one of the leading Democrats to address this issue, Senator Klobuchar of Minnesota, whose committee oversees elections, is pushing a bill that would put the commission in charge of creating digital defense standards and would authorize grants to help implement those standards.
That is a bill that's widely supported among Democrats.
But again, you see this resistance on the Republican side, largely due to the appropriation of federal money.
And frankly, this idea that a lot of this is sour grapes among Democrats for having lost the 2016 presidential election.
All right, Ben Yellen, thanks again for joining us.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide. ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly
and securely. Visit ThreatLocker.com today to see how a default deny approach can keep your
company safe and compliant. And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data
products platform comes in. With Domo, you can channel AI and data into innovative uses that
deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.