CyberWire Daily - Dridex & Locky, macro-spread malware. Apple, FBI, spar in & out of court. Dark Reading watches 20 startups.
Episode Date: February 17, 2016Dridex & Locky, macro-spread malware. Apple, FBI, spar in & out of court. Dark Reading watches 20 startups. Learn more about your ad choices. Visit megaphone.fm/adchoices...
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K. and anti-ISIS policies. ISIS has some cash flow and narrative problems. Crypto wars continue as Anissa comes down on the side of strong encryption,
and as the FBI takes a novel approach to getting Apple's help
unlocking the San Bernardino shooter's iPhone.
Symantec calls Drydex the most dangerous banking malware,
and Palo Alto warns against locky ransomware.
Linux admins it's time to patch,
and Dark Reading names 20 cyber startups to watch.
I'm Dave Bittner in Baltimore with your CyberWire summary for Wednesday, February 17, 2016.
Anonymous is out and about this week with actions against Turkish police sites and a Tanzanian telecom provider.
Nothing new from them as far as we can tell on the ISIS front,
but ISIS itself seems to be going through a rough patch.
To be a convincing caliphate, you have to be able to rule,
and ISIS is having some problems in this regard.
The AP reports that ISIS is experiencing cash flow issues
and is cutting salaries and benefits.
This has an informational ops dimension because, again,
a caliphate has to
be able to deliver. These internal troubles appear as U.S. and Canadian intelligence,
security, and information operations policies receive criticism over a roseate view of the
situation on the ground and the alleged weakening of security policies.
ANISA reaches essentially the same conclusion on encryption backdoors the recent Harvard study did.
They weaken defenses without offering a compensating payoff in improved intelligence. Breaking device security moves
prominently into the news as Apple receives a court order to assist the FBI in unlocking an
iPhone belonging to one of the San Bernardino jihadists. The FBI has been unable to access
the phone's contents and it wants Apple to assist its efforts to brute force the password.
Note that the Bureau hasn't asked Apple to give up the device's passcode, but rather
to help the FBI bypass protections to prevent brute forcing.
The device they want to access is a relatively old iPhone 5C.
Arata Security describes the order as having three elements.
First, the Bureau wants Apple to prevent the phone from erasing itself after ten attempts
to guess the password.
Second, it wants help from Apple to enable the Bureau to submit passcodes electronically,
which would be far faster than having someone type them in one at a time.
And finally, there's some suggestion that the way to accomplish this would be through a firmware
update. Apple says it won't comply. The case is interesting in several respects. For one thing,
the federal law under which the Bureau argues Apple should be compelled to help is an old one, specifically the All Writs Act of 1789. For another, this is
not a request that Apple install a backdoor. It's a subtler, more limited request that Apple do
something it can apparently do. An iPhone 5C could well be opened this way. Apple says it wouldn't
be able to work these tricks on a later model, particularly an iPhone 6,
and the general consensus is that Apple's right about that.
And finally, some are asking, notably a story running today in Quartz,
whether Apple takes a similarly principled line in jurisdictions other than the U.S. and the U.K.
Has the company agreed, for example, to the security audit the Chinese government has demanded as a cost of doing business in that biggest of all emerging markets?
Quartz thinks Apple's statements, which Quartz says falls short of denying that it will comply with the audit, are at best ambiguous. The Cyber Wire sat down this morning with legal and
policy expert Marcus Roshecker of the University of Maryland's Center for Health and Homeland
Security. We'll hear from him after the break. We'll give Kevin Mitnick's Twitter feed the last
word on Apple. He says,
and we're going to edit a little bit since we're a family show, quote, Tim Cook's response,
FBI has good intentions. Boo to them. We aren't building an iPhone backdoor. FBI has good
intentions. End of message. Turning to cybercrime, Symantec warns that Drydex, the credential
stealing trojan that affects bank customers, is showing rising infection rates and has become the most dangerous species of financial malware.
Drydex typically infects its victims when they open a Microsoft Office document with malicious macros.
Palo Alto Networks has found a newly virulent form of ransomware called Locky that spreads in the same fashion.
Linux admins should take note.
The new C library implicated in the ghost vulnerability discovered last year
has another flaw that affects Linux devices,
API web services and many important web frameworks.
Apache is out and admins should do well to apply it as soon as practical.
Investment analysts continue to speculate that the cybersecurity market
is in for a round of consolidation in 2016.
As the annual RSA conference approaches,
such rumors will continue, as will coverage of aspiring unicorns and potential acquisition
targets. Dark Reading contributes to the conversation by naming 20 startups to watch.
Here they are. ZeroFox, Twistlock, ThreatQuotient, Tenable, Synac, SentinelOne,
Threat Quotient, Tenable, Synac, Sentinel-1, Pindrop Security, Menlo Security, Malwarebytes, Looking Glass, Illumio, HackerOne, Fireglass, Exabeam, Digital Shadows, Cynet, Symmetria, Cyber Reason, Argus Cyber Security, and Appthority.
Did you notice we read them in reverse alphabetical order?
You're welcome, ZeroFox. Yes! Yes! Yes! We could book a vacation. Like somewhere hot. Yeah, with pools. And a spa.
And endless snacks.
Yes! Yes! Yes!
With savings of up to 40% on Transat South packages, it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply.
Air Transat. Travel moves us.
moves us. Do you know the status of your compliance controls right now? Like, right now?
We know that real-time visibility is critical for security, but when it comes to our GRC programs,
we rely on point-in-time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to
vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off. we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization
runs smoothly and securely. Visit ThreatLocker.com today to see how a default-deny approach can keep
your company safe and compliant.
Joining me is Marcus Roshecker.
He's the cybersecurity program manager at the University of Maryland Center for Health and Homeland Security.
Marcus, things in the encryption debate just got a lot more interesting.
Yeah, they certainly have.
So this debate about encryption has been going on for a long time now.
There's a battle between law enforcement and companies like Apple and Google and others.
And we've recently had a court order now that actually has compelled Apple
to find a way to circumvent the encryption on one
of its devices, a device that was used by one of the San Bernardino terrorists. Law enforcement,
FBI has been trying to get access to that device that was used by the terrorist,
but have been unable to do so up to this point because of the encryption on the device.
And they're not asking Apple to decrypt the phone.
They're asking Apple for basically help in brute forcing the phone.
Is that correct?
That's correct, yes.
So the court order that was issued requires Apple to provide reasonable technical assistance
to the FBI to figure out a way to get at the encrypted data and essentially then allow law enforcement to,
as you said, brute force their way into the device by attempting all the different passcode
variations that could eventually unlock the phone. And so what are Apple's options in terms
of fighting the court order? Well, the court order says that they have five days to go back to the court and appeal this
decision. And Apple has already indicated that they will do so. So, you know, we'll have to see
exactly what they will base their appeal on. But we should be seeing that within a matter of days.
It's interesting that the government is using the All Writs Act of 1789
to make their argument,
you know, an old law for new technology.
Right.
So we actually see that every once in a while
where government will look to any kind of law
that they can hang their hat on.
And this Old Writs Act of 1789 certainly is an old law,
but government has interpreted it in such a way as to give judges broad powers in terms of compelling
third parties to enforce court orders. On the other hand, Apple is arguing that this
old law should be interpreted very narrowly and should not be interpreted in a way that gives judges the authority
to compel them to carry out their court order.
We'll have to see. This is really an issue of statutory interpretation,
and since this law is very old, it can be a little difficult sometimes to interpret exactly what it's saying.
Apple posted a public message to their customers today laying out their case.
If nothing else, this really brings this issue of encryption more to the public eye.
Oh, absolutely.
I think this issue of encryption has been in the public eye for the past few months.
We've seen testimony on the Hill.
We've seen advocacy groups arguing on behalf of this issue.
But I think this court order really has put the issue to the absolute forefront,
and especially with a public statement from Apple CEO.
I think we're seeing this story in the news everywhere now.
I think everyone is going to be talking about it,
and I'm sure everyone will have their own opinion on how things should develop.
All right, Marcus, we'll keep an eye on it, and we'll check back in with you as things develop.
Thanks again for joining us.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And that's the Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Thank you. is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.