CyberWire Daily - Hacktivists claim to perform a public service. Once and Recorded Future ransomware. Attribution controversies. Disturbing toys.
Episode Date: January 4, 2017In today's podcast, we hear about how some hacktivists are again turning to defacement, which they claim to be doing as a public service to raise security awareness. Recorded Future takes a close look... at ransomware's likely course in 2017. ISIS exposes itself online. Attribution controversies: the Vermont hack-that-wasn't, tactical hacks in eastern Ukraine, and the FBI-NCCIC Joint Analysis Report. Malek Ben Salem from Accenture Technology Labs describes how Deep Learning may be applied to cyber security. And would you hug Skynet, if it looked like Teddy Ruxpin? Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K. public service. Recorded Future takes a close look at ransomware's likely course in 2017.
ISIS exposes itself online. Attribution controversies, the good, the bad, and the ugly.
And would you hug Skynet if it looked like Teddy Ruxpin?
I'm Dave Bittner in Baltimore with your CyberWire summary for Wednesday, January 4th, 2017.
In separate incidents, HackRead is reporting that hacktivists hit both Philippine military sites and the Google Brazil domain.
In both cases, their declared intention was to warn people about the need for better security.
In the Philippines, someone with the handle ShinobiHacksaw told the army it was pwned by me and warned, fix your security or I will be back.
In the Brazilian case, one Kourosh gave both a shout-out to his friend Shinobi
and a sneer in the direction of rival NoFox
as he kept a defaced page up on Google Brazil for about half an hour.
Kourosh told HackRead that Google Brazil was defaced
to show the world everything can be hacked
and we should not underestimate our security risks.
So, okay.
Although one thinks the point might be better made
without inconveniencing users and subjecting them
to a picture of two anime teens in all their large-eyed glory.
One might, for example, consult some recent reports on threat trends.
Recorded Future published an interesting one a few hours ago dealing with ransomware
and what we should expect from it in 2017. Their conclusions stand in contrast to predictions
McAfee Labs made in November to the effect that ransomware had peaked and might be expected to
decline in 2017, which on the face of it isn't an irrational prediction
given falling criminal profits and more widespread understanding
of how to prevent and recover from ransomware attacks.
But Recorded Futures' report suggests that ransomware
will continue to grow in the current year.
They offer several predictions that are worth reviewing.
First, ransomware will become just another tool in the hacker utility belt.
It will be useful for distracting defenders from more serious attacks, as we've seen DDoS used.
So large criminal organizations will use it for both profit and misdirection.
A Carbonite study of ransomware reaches a similar conclusion about this sort of attacks utility as a smokescreen and distraction.
Second, we'll see more attacks designed to publicly shame the victims.
The public shame is designed to force quick payment of ransom.
Third, we can expect ransomware to become stealthier.
More examples of ransomware using no executable as a means of evading detection.
Fourth, ransomware spam campaigns will target the security of webmail providers.
Webmail is complex and offers an attractive attack surface.
Ransomware can be expected to follow the same path here as other spam attacks.
Fifth, a contrarian prediction, there will not be any ransomware IoT campaigns.
It's too easy, the researchers think, to wipe or replace IoT devices, and so there's less incentive to pay.
Related to the last is the sixth prediction.
Similarly, there will not be a Mirai-style botnet installing ransomware.
Finally, if there is a decline in ransomware,
it will be because of law enforcement action.
So support your local police, and if you're in the U.S.,
get to know your regional FBI office.
The Daily Beast has an account of how Islamist exploitation of social media and other online
platforms for information operations has proven a proverbial double-edged sword.
It's been undeniably successful for recruiting and inspiration, but it's also been risky
for the caliphate's information operators.
Many leaders have been targeted when their phone chatter exposed their location, and ISIS dependence on the internet for its own
version of command and control has enabled the civilized world to collect a great deal of
actionable intelligence about the terrorist group. Unfortunately, effective inspiration
needs only a few receptive minds, or what FBI Director Comey characterized as a few screwed-up individuals,
to inflict the suffering and sorrow recently visited on Berlin, Baghdad, and Istanbul.
The first week of 2017 continues to see skeptical takes on various attributions.
The conclusions being called into question range from the debunked, like the hacking
of the Vermont power grid, through the newly controversial, like the Russian malware-enabled counterfire against Ukrainian guns,
to the generally accepted, like Russian intrusion into U.S. political party networks.
Krebs on Security has a particularly good roundup of the grid hack that wasn't,
with a reflective account of how the story gained currency.
a reflective account of how the story gained currency.
Thai Global's Jeffrey Carr calls Buncombe on CrowdStrike's Danger Close report on Android ex-agent targeting of artillery positions.
He promises more details at the upcoming Suits and Spooks conference.
In the meantime, Security Week says that CrowdStrike stands by its report.
It's an interesting and complex case.
We hope to learn more about it in the near future.
And many observers continue to express disappointment over the level of detailed
evidence contained in the FBI-NCCIC joint analysis report on Fancy Bear's election hacking. Many of
those same observers also note the difficulty of making such a case without disclosing more
about sources and methods than the intelligence community would find it prudent to reveal.
One overarching lesson to be drawn, perhaps, from these various attribution controversies
is that it's rare that any threat actor is in sole possession of the attack code they use.
The Neutrino Exploit Kit, for example, may well have figured in Fancy Bear's bag of tools,
but it's in a whole lot of other bags of tools as well.
And finally, there's a fresh horror out there in the Internet of Things.
Sean Gallagher writes in Ars Technica about a proof of concept
for a grim connected toy he developed.
As he put it, quote,
I had an idea to connect a speech-driven AI and the Internet of Things
to an animatronic bear,
all the better to stare into the lifeless, So, he took a 1999 edition of the Teddy Ruxpin animatronic bear,
equipped it with a raspberry pie, and enslaved the unholy monster to Amazon Alexa,
with predictably disturbing results.
As one commenter on the
Ars site put it, quote, a huggable Skynet on every kid's pillow. Oh, that's so sweet, end quote.
But that's not the freshest hell, friends. It was left to Gallagher's competitor,
Brian Kane of the Rhode Island School of Design, to penetrate the real heart of darkness.
Kane connected Alexa to Billy the Talking Big Mouth Bass,
a man-cave artifact whose morbid tackiness rises almost to grandeur.
The horror.
The horror.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with
Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews,
and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. Thank you. a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
Joining me once again is Malek Ben-Salem. She's the R&D manager with security at Accenture Labs.
Malek, you wanted to talk today about deep learning for cybersecurity.
Yeah, so there has been a lot of talk about deep learning and its use for cybersecurity lately and whether it's a suitable approach for the cybersecurity domain. Well,
as you know, deep learning is an area of artificial intelligence which deals with vast quantities of
data. It's not new. Some people say deep learning is just a buzzword
or rebranding of neural networks. And that's to an extent true. But while neural networks
have been out there for a long time, they have been used in a very limited way.
They've been used with only one layer, one internal layer of neurons.
What we're able to do today with the new developments in technology,
with the abundance of data and multiple GPUs available,
we're able to revisit that and implement neural networks with several input layers,
and that's what constitutes deep
learning. And the approach, meaning deep learning, has been successfully applied in various domains,
such as computer vision and voice recognition. So it has some potential in cybersecurity.
So it has some potential in cybersecurity.
My understanding of deep learning is that the systems themselves, rather than telling the systems what to do, you rely on the system to kind of figure out what to do on its own.
And so that can lead to novel approaches to problems?
Exactly. So one of the promises of deep learning is that it replaces the manual selection of features with efficient algorithms for unsupervised learning so that
you don't have to tell the algorithm what are the right features to model,
but it should be able to learn on its own what are the right
features it can extract them autonomously and also the other
difference that deep learning brings is a way of a hierarchical feature
extraction which is not the case for the existing machine learning algorithms and
dig into that for me a little bit. What do you mean by hierarchical feature extraction? So for example, let's think about computer vision.
The way people recognize the contents or understand what's in a picture is complex,
right? We first recognize an overall shape, the shape of the main object within the picture,
and then we may then recognize certain details within that picture to be able to tell exactly
what that picture entails. That's what deep learning does, is it mimics that same way of
recognition. So it may recognize the main object and then it may
recognize the edges of that object, then it may recognize later on certain
specific features within the object. So it's very similar to the way
the human mind works as well. So how do we apply deep learning to cybersecurity? So it has been actually applied already in certain problems for cybersecurity.
It has been implemented by Symantec, for example.
Another smaller startup cybersecurity company by the name of Deep Instinct is also implementing deep learning to recognize malicious files.
It's being currently tested for network intrusion detection and detection of DDoS attacks.
But results at this point, you know, are promising, but are similar to existing machine learning algorithms.
The point is with deep learning is that it requires a lot of data.
So wherever we have a lot of data, that's where it shines.
And another promising application for it could be with spam filtering and spear phishing.
So I expect that it will be applied successfully to solve that problem as well.
Malek Ben-Salem, thanks for joining us.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your
company's defenses is by targeting your executives and their families at home. Black
Cloak's award-winning digital executive protection platform secures their personal devices, home
networks, and connected lives. Because when executives are compromised at home, your company
is at risk. In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire. We are proudly produced in Maryland by our talented team
of editors and producers.
I'm Dave Bittner.
Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps
tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.