CyberWire Daily - Fancy Bear spotted in France, Denmark, and maybe Bulgaria. Tensions mount around North Korean weapon programs. Power grid fragility. Milkydoor in the PlayStore. AV misunderstanding. Kelihos indictment. Ashley Madison blackmail.
Episode Date: April 25, 2017In today's podcast, we hear that Fancy Bear has as expected been spotted snuffling around the French Presidential election. Denmark and Bulgaria also report bearish activity. Sino-US pressure on North... Korea may foreshadow an uptick in the cyber op-tempo. Power failures prompt worries about the grid's fragility. Milkydoor's Trojanized Android apps pose a BYOD threat to businesses. Webroot is fixing its AV misunderstanding with Windows. Alleged Kelihos botnet master indicted. Webroot's David Dufour discusses IoT supply chain challenges. Eric Burger describes the 2017 Borderless Cyber conference. And another Ashley Madison extortion caper surfaces. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Fancy bear is spotted snuffling around the French presidential election.
Denmark and Bulgaria also report bearish activity.
Sino-U.S. pressure on North
Korea may foreshadow an uptick in the cyber-op tempo. Power failures prompt worries about
the grid's fragility. Milky Door's Trojanized Android apps pose a BYOD threat to businesses.
WebRoot is fixing its AV misunderstandings with Windows. And another Ashley Madison extortion
caper surfaces.
I'm Dave Bittner with your CyberWire summary for Tuesday, April 25, 2017.
As expected, reports of Russian intelligence services working to influence French elections have surfaced. Security company Trend Micro
reports that the threat actor it calls Pondstorm, also known as APT-28 and Fancy Bear, and generally
identified as an operation of Russia's military intelligence service, the GRU, has been fishing
the campaign of Emmanuel Macron. Trend Micro says the tactics, techniques, and procedures in play
are essentially those
successfully used against the U.S. Democratic National Committee during 2016's U.S. presidential
election. The French security agency ANSI has confirmed that the attempts occurred and that,
quote, it's the classic operation procedure of pawnstorm, end quote. Mindful of the difficulties
of attribution and the possibility
of false flags, however, ANSI declined to attribute the operation to any particular nation-state.
What the fishing accomplished is so far unknown, but Fancy Bear is known to hang on to stolen
emails for long periods of time, waiting for the right moment to release them for maximum effect.
The campaign against centrist popular outsider
Macron is thought to be intended to benefit rightist populist insurgent Marine Le Pen,
but that speculation is at this point circumstantial. Fancy Bear has been busy elsewhere,
too. Denmark's Minister of Defense says the Russian service has been aggressively pawing
at his ministry's networks for the past two years.
Bulgaria's President Rosen Plevneliev has also gone public with accusations that an unnamed threat actor based in Russia sought to interfere with Bulgaria's 2015 local elections.
Tensions continue to rise over North Korean nuclear and long-range missile programs,
with China and the U.S. assuming the roles, respectively,
of good cop and bad cop. The good cop seems to be losing his temper with the perp, however.
Chinese economic sanctions appear to be biting with effect, and while public statements by
China's president and others continue to call for U.S. restraint, there's an unmistakable tone
of impatience in communications directed at Pyongyang.
An increased cyber-op tempo can be expected in this dispute.
Last week's brief power outages in New York, Los Angeles, and San Francisco,
while apparently not caused by any cyberattacks, have nonetheless raised concerns about the electrical grid's vulnerabilities to disruption by cyberattack.
ICS security expert Joe Weiss
points out that, quote, one breaker failed in PG&E's Larkin Street substation. This one breaker
in one substation brought the city of San Francisco to its knees, end quote. Thus, he warns that the
North American grid remains too susceptible to takedowns, with single points of failure capable of producing
large, cascading effects. The Cyber Wire is proud to be a media partner for the upcoming
Borderless Cyber Conference in New York this June. Eric Berger is a research professor of
computer science at Georgetown University, and we spoke to him about the event.
The goal is to bring together people from both the private sector, public sector,
and as importantly, policymakers. And the goal here is to evaluate and debate and collaborate
on cyber threat intelligence information sharing. So what the technology is, but more important,
especially given our target, what are the best practices and sort
of things that you can actually take away and use.
So this is a two-day event.
Can you take us through some of the highlights, some of the keynotes?
Sure.
So, you know, sort of the goal and the overarching theme for this year's edition of Borderless
Cyber is what we call changing the economics for computer network defense.
Historically, it's been pretty inexpensive for the bad guys to attack systems, and it's been looking at how can we change those economics to make it more economical to defend as well as raise the costs of attacks for the attackers.
So kind of with that theme, we'd be talking about and hearing about how people are actually deploying sort of proactive and reactive threat intelligence and automation. So kind of
figuring out the attacks before they come, but especially with the focus on information sharing,
you know, what else is out there and what do I need to be concerned about?
Looking at different strategies for changing those cyber economics, you know, how do we
decrease the cost of defending, increasing the cost of the attacks?
And really, you know, a bit practical as well.
The lessons from the trenches.
How are other people in the industry protecting themselves?
Now, one part of our target audience is it's mostly looking at the C-level executives,
the CISOs and even CIOs and
CFOs. So we have a lot of focus on not just, you know, here's this particular tool that implements
taxi and sticks, but this is what it means for the corporation. This is what it means to the business and why, as a business owner or an owner of a significant part of the risk portfolio,
you need to be aware of what other people are doing in this sector.
That's Eric Berger.
The borderless cyber event takes place in New York the 21st and 22nd of June 2017.
Trend micro researchers have also announced
discovery of an Android backdoor.
They're calling it Milky Door,
designed to use vulnerable Android devices
as a point of entrance into corporate networks.
About 200 Trojanized apps infected with Milky Door
have been found in Google's Play Store.
They appear to be originally legitimate apps,
mostly of a recreational kind, that have been repacked and republished by criminals.
Security firm Webroot is in the process of fixing its widely used antivirus solution.
Its automated features are misidentifying benign Windows files as malicious,
and it's also stopping legitimate apps that ride atop those files.
and it's also stopping legitimate apps that ride atop those files.
Bad definitions of dangerous files were, according to WebRoot,
live for about 13 minutes yesterday before being taken down.
The company is working on a remediation for its user community.
The alleged mastermind behind the Kilohos botnet was indicted by U.S. authorities last Friday.
Pyotr Lavashov is being charged with eight crimes.
Mr. Lavashov is currently being held by Spanish police,
and the U.S. is seeking extradition.
And finally, Ashley Madison is back in the news.
A group of extortionists are sending emails promising to expose users of the adultery facilitating site
unless they pay hush money.
As the criminals say, quote,
On May 1, 2017, we are launching a new site, Cheaters Gallery,
exposing those who cheat and destroy families.
We will launch the site with a big email to all the friends and family of cheaters
taken from Facebook, LinkedIn, and other social sites.
This will include you if you do not pay to opting out.
End quote.
If you get such an email, remember, paying up will probably do you no good. account executives to join us on the cutting edge of technology. Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies, like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation
to evidence collection across 30 frameworks like SOC 2 and ISO 27001. They also centralize key
workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel,
Night Bitch is a thought-provoking and wickedly humorous film
from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
Cyber threats are evolving every second, on Disney+. solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com
today to see how a default-deny approach can keep your company safe and compliant.
And I'm pleased to be joined once again by David DeFore.
He's the Senior Director of Engineering and Cybersecurity at Webroot.
David, welcome back.
I know a hot topic for you, something that you are particularly interested in, is this whole notion of the Internet of Things and trust when it comes to the supply chain.
Yes, David.
Once again, thanks for having me back.
And, you know, I could really talk your ear off on this supply chain of trust.
It's a big deal to me.
And I think it's one of the biggest gaps we're seeing in the security market related to IoT devices.
Well, let's dig in.
Where do things break down?
So we see a lot of velocity and new ideas in both software and hardware coming out.
People are manufacturing things, prototyping solutions.
And where there's a lot of times a security breakdown is not necessarily just in the design side that they didn't build security in, but also where they're OEMing their solutions from.
So let's say I'm making a widget and I want that widget to be Wi-Fi enabled.
Well, I'm going to go out
and I'm not going to build a Wi-Fi radio.
I'm going to go buy one off the shelf
from a manufacturer who's already made it.
And if I've not taken the time to understand
where that chip's coming from,
the firmware required to run that chip
and the susceptibility of that chip
to be able to be hacked,
then I'm actually building into my prototype or even my go-to-market solution some very unsecure technology that is susceptible to hacking.
You know, it's a real challenge with IoT devices and knowing, like you say, what's deep down inside on that circuit board.
I've heard people mention that perhaps what we need is something along the lines of like Underwriters Laboratory,
where there's someone who's certifying these devices, digging in and making sure that they have a certain level of security.
Do you have a take on that?
So I absolutely think that's where we need to go.
I think we're a long way from that.
It's the Wild West right now.
That's where we need to go. I think we're a long way from that. It's the Wild West right now.
I don't necessarily want to wait for the government or some organization to come around and form that.
But I will not disagree long term. That's the solution we need to take a look at.
So how should we approach this? I mean, obviously, I've heard people say, you know, well, don't just buy that no name webcam off of Amazon.
But, you know, we've had situations where even well-known name brands have these sorts of problems as well.
Well, that's true.
And so there's two sides to this.
If you're the consumer who's buying these products, you want to take the time, do some research.
You're not going to know what's built into the device, but try to buy from reputable companies that have a good track record.
And if you're the manufacturer, a really good example of someone I've talked to before
about how they handle this,
kind of a fun company called Taser,
that they make those things that'll shock you,
they actually put together a team internally
of hardware folks, their software folks, and their security folks.
And they have this team vet all the products they're bringing in to take a look at how
they're going to integrate those, ensure the security exists.
And they're very diligent about putting a team together and reviewing this.
I think until we have those organizations that can tell us what products are good or bad,
as a manufacturer, you really have to take the time to get those security guys together with
the software guys, get together with the hardware folks. Good information as always. David DeFore,
thanks for joining us. And now a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home,
your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families
24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts, and act
with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more at
ai.domo.com. That's ai.domo.com.