CyberWire Daily - Evrial and the Clipboard threat. SamSam ransomware recovery. Olympic hacking? Russian bots. Crime and punishment. Speculated origins of Bitcoin.
Episode Date: January 22, 2018In today's podcast, we learn that the Evrial Trojan is interested in what's on your Windows Clipboard. The healthcare sector continues its struggle to recover from SamSam ransomware. People raise ...the possibility that Olympic timekeeping could be hacked. They're not saying it was, just that it might be. Russian troll farms are barking at the US House Intelligence Committee and the Czech Presidential run-off election. Some notes on crime and possible punishment. Malek Ben Salem from Accenture Labs on the challenges of deploying next-generation cryptography. And there are two new theories about Satoshi Nakamoto. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
The every-owl Trojan is interested in what's on your Windows clipboard.
The healthcare sector continues its struggle to recover from SamSam ransomware.
People raise the possibility that Olympic timekeeping could be hacked.
Russian troll farms are barking at the U.S. House Intelligence Committee and the Czech presidential runoff election.
Some notes on crime and possible punishment.
And there are two new theories about Satoshi Nakamoto.
I'm Dave Bittner with your CyberWire summary for Monday, January 22, 2018.
A new Trojan, Evreal, has been discovered.
It can snoop through browser cookies and stored credentials,
which is unpleasant but not particularly novel when it comes to crimeware.
But Evreal is different in that it also scans the contents of Windows Clipboard, and it not
only scans, but it can also identify
and replace strings of interest
in that clipboard. Criminals
are using this functionality to replace
strings with code that can redirect
Bitcoin payments to their own wallets.
Malware Hunter Team,
one of the discoverers of Evreal,
says that the code is being sold on Russian criminal fora for the low, low price of about $27.
It's become a very popular offering in the criminal-to-criminal market.
Why, one might ask, is this useful in stealing Bitcoin?
Here's why.
Bitcoin addresses are difficult to type.
They're complicated pieces of text.
Bitcoin addresses are difficult to type, they're complicated pieces of text. So the typical way people handle the addresses is to copy them and then paste them into the
relevant app that's doing the sending.
Since most people don't check their cutting and pasting, the imposture is likely to succeed.
We've called the motive Bitcoin theft, but really Bitcoin stands for several other kinds
of strings the crooks are interested in copying.
Bleeping Computer, in their useful account of Evreal,
points out that the malware is configured to recognize strings
that correspond to Bitcoin, Litecoin, Monero, WebMoney,
Kiwi addresses, and Steam items trade URLs.
How Evreal is being distributed isn't clear yet,
so the best advice out on protecting yourself is that old standby.
Practice good digital hygiene and be especially alert for phishing attempts.
This month's wave of SamSam ransomware crests in the health care sector.
Allscripts, a leading electronic health record provider,
continues its recovery from the infestation disclosed last week.
Its Electronic Prescriptions for Controlled Substances, EPCS for short, was restored Saturday.
But other services remain only partially recovered.
Allscripts is working closely with its customers to bring their systems back online.
Here's something to worry about, Olympic fans.
In between the tear-jerking and inspirational stories of hardscrabble athletes
and the obstacles they've overcome to reach the PyeongChang Games,
now you can wonder if all those wireless sensors that time bobsled runs to the hundredth of a second
are being manipulated by hackers to tilt the results one way or another.
Or so says an op-ed in USA Today by Betsy Cooper,
executive director of the Center for Long-Term Cybersecurity
at the University of California, Berkeley.
And it's not just bobsledding, but also alpine skiing,
speed skating, presumably luge, and maybe skeleton too.
Why would someone cheat like this?
Well, to speculate, there's always national pride as a motive,
not to mention the prospect of lucrative commercial endorsements post-Games.
But here's an obvious motive.
Why not just transpose anger at the Olympic Committee to an effort to discredit the whole process?
It's happened with anti-doping doxing.
So let the official timekeepers look to the security of their particular IOT.
The Games open on February 9th.
Twitter continues to notify users that they've interacted with bots from the Internet Research Agency,
the now-famous St. Petersburg troll farm.
This is part of Twitter's response to concerns about the platform's role in spreading fake news.
If you know it's a bot, the thinking goes, you're less likely to credit what it's telling
you.
Twitter has pegged just over 3,800 accounts as Internet Research Agency trolls, and it's
contacting people to let them know that they either followed or retweeted stuff from them.
U.S. Senator John Cornyn, Republican of Texas, is among those who received a notice, and
he's tweeted what they told him, with full approval that social media are, quote,
"...finally waking up to manipulation of public opinion by our adversaries," end quote.
In any case, Russian bots show no sign of scuttling into the darkness to avoid the light
being shined on them.
In fact, they appear to have shown a new flurry of activity over the weekend.
Tweeting toward Washington, the bots call for the release of a FISA memorandum prepared by House Intelligence Committee staff.
The memo is said by the bots and others to be explosive, and perhaps good government would be served by its release,
but that's not what they're interested in around Moscow and St. Petersburg.
The committee chair, Representative Devin Nunez, Republican of California,
is being asked to release a classified memo on alleged FISA abuses.
Social media trolling is also on the upswing in the Czech Republic,
as the Czechs conduct their presidential runoff elections
between challenger Jira Dreyos and incumbent Milos Zeman.
Radio Liberty says the trolls have for the most part been snapping at Dreyos
with a wide mix of scurrilous and outlandish accusations.
In news of cybercrime and punishment, we'll take college cut-ups for 100, Alex.
And the answer is...
The former history professor at Adrian College
accused of hacking the college president's and vice president's email accounts.
The question is, who is former Jeopardy champion Stephanie Joss?
Ms. Joss, charged in December with unauthorized access to a computer program and network and using a computer to commit a crime,
waived a preliminary examination and will appear for a pretrial hearing in
Michigan on February 28th.
There's also news of the crackers with attitude, those madcap hacktivists with a more or less
pro-Palestinian bent, who succeeded in compromising a lot of email accounts belonging to senior
officials in the U.S. intelligence community.
The FBI popped two of the stateside alleged conspirators back in 2016,
they're Californians, but the alleged ringleader was British. Kane Gamble, the alleged head cracker,
was also arrested in 2016, but he was in England. Mr. Gamble, who was only 15 years old at the time
of his arrest, appeared in Leicester Crown Court last week and described how he was able to impersonate
former U.S. Director of Central Intelligence John Brennan to access highly classified information.
Mr. Gamble's counsel argues that the defendant is on the autism spectrum.
He'll be offering apparently a reduced capacity defense.
Finally, we turn to what may be the fever swamps of wild conspiracy theory.
Or are they?
Sputnik News reports that Natalia Kaspersky, Eugene's ex and co-founder of their eponymous security company, Kaspersky Lab,
has said she knows who the real Satoshi Nakamoto is.
He is, Ms. Kasperskaya says, no single person, but rather a crew of crypto experts working within the U.S. intelligence community.
They created Bitcoin as $2.0, she said, the better to advance the Five Eyes' interests around the world.
Crazy, no? Or is it?
Other people have a different theory from another part of the fever swamp.
Roughly that part that maintains NASA Goldstone
is an entry portal for an underground network of
caves used by grey aliens.
This theory
holds that Satoshi isn't even human
and that Bitcoin is the work of a
rogue AI.
So take your pick. It seems that
Satoshi Nakamoto was either
Jim Clapper or Skynet.
Unless those are the same person.
Come to think of it, we've never seen the two of them in the same place.
But that's a coincidence, right?
Or is it?
Calling all sellers. Thank you. and showing the world what AI was meant to be. Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI. Now that's a new way
to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash
cyber for $1,000 off. And now a message from Black Cloak. Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover
they've already been breached.
Protect your executives and their families
24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And I'm pleased to be joined once again by Malek Ben-Salem.
She's the R&D Manager for Security at Accenture Technology Labs.
Malek, welcome back.
We wanted to talk today about some of the challenges when it comes to deploying some of these next generation crypto technologies.
Yes, so there's a lot of talk about post-quantum cryptography and the need for developing new quantum-safe crypto algorithms, crypto systems.
NIST is working on that, their call for new algorithms.
And so there's a lot of talk among the community and a lot of focus on developing those algorithms that are quantum-safe and fault-tolerant.
algorithms that are quantum safe and fault tolerant. But there's less discussion about the journey that it will take us to deploy these algorithms once they exist, once NIST
publishes its standards for post-quantum crypto systems. How long would it take us to deploy this?
I think based on prior crypto deployments, we can definitely assert that
this will take a very long time, probably a time by which quantum computers will be able to break
a lot of the existing crypto systems that we have today. So when you say take a long time,
what kind of timescale are we talking about? So it's hard to predict, but a recent study about deployment of HTTPS, for example, just shows that we're not there yet.
You know, if you think about HTTP over TLS, that protocol, the TLS protocol, has been out there since the late 1990s.
SSL has been published in the early 1990s. But according to
this study, only 69% of the top 100 websites do offer HTTPS. And only roughly about 50% of them
offer it by default. If you look at the top 1 million websites, that number drops down to probably half of that.
So we have a long journey before we adopt these secure protocols.
The same applies to DNSSEC, so DNS security extensions. In the early 1990s, Steve Belvin identified a problem with the
DNS protocol, and there was an RFC published in the mid-1990s. But a recent study has also looked
at the use of DNSSEC, and they identified that it's still rather limited.
For instance, while a lot of the big domains apply it,
so more than 90% of the top-level domains or TLDs
and 47% of the country code TLDs are DNSSEC-enabled,
the use of it is not deployed properly.
A lot of these domains produce records that cannot be validated due to missing or incorrect records.
So even if the technology exists, what I'd like to caution out here is that we need to work on the processes to deploy the technology. We need to
work on training the individuals deploying this technology. So it's really time to start
building awareness about the change that needs to happen once we have these post-quantum crypto
algorithms and standards.
And it's not a matter of if, it's a matter of when.
Exactly.
Yeah. All right. Good stuff as always. Malek Ben-Salem, thanks for joining us.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field,
sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
The Cyber Wire podcast is proudly produced in Maryland
out of the startup studios of DataTribe,
where they're co-building the next generation
of cybersecurity teams and technologies.
Our amazing Cyber Wire team is Elliot Peltzman,
Puru Prakash, Stefan Vaziri, Kelsey Vaughn,
Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen,
Nick Vilecki, Gina Johnson, Bennett Moe, Chris Russell,
John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie, and I'm Dave Bittner. Thanks for listening.
We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, Thank you.