CyberWire Daily - Hybrid warfare. Inveterate DDoS against ProtonMail. Security concerns about Chinese companies. Retail breaches. Agencies scrutinize Facebook data abuse. Infrasound weapons?

Episode Date: July 3, 2018

In today's podcast we hear that Ukraine has warned of hybrid warfare during UN counter-terrorism meetings. ProtonMail DDoS continues. Security concerns surrounding ZTE, Huawei, and China Mobile. ...Retail data breaches. A quiz app's backup data are accessed by unauthorized parties. FBI, FTC, and SEC sift through Facebook's answers to questions for the record. A strange set of symptoms among diplomats in China arouses suspicion of infrasound weapons. Rick Howard from Palo Alto Networks on the Cyber Threat Alliance. Guest is Vince Arneja from 5nine on secure cloud implementations.   Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 You're listening to the Cyber Wire Network, powered by N2K. Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions. This coffee is so good. How do they make it so rich and tasty? Those paintings we saw today weren't prints. They were the actual paintings. I have never seen tomatoes like this. How are they so red? With flight deals starting at just $589, it's time for you to see what Europe has to offer.
Starting point is 00:00:31 Don't worry. You can handle it. Visit airtransat.com for details. Conditions apply. AirTransat. Travel moves us. Hey, everybody. Dave here.
Starting point is 00:00:44 Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me. I have to say, Delete.me is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected. Delete.me's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Delete.me.
Starting point is 00:01:22 Now at a special discount for our listeners. private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K. Ukraine warns of hybrid warfare during UN meetings. ProtonMail DDoS continues. Security concerns surrounding ZTE, Huawei, and China Mobile. Retail data breaches. Thanks for watching. Symptoms among diplomats in China arouses suspicion of infrasound weapons. From the Cyber Wire studios at Data Tribe, I'm Dave Bittner with your Cyber Wire summary for Tuesday, July 3, 2018.
Starting point is 00:02:39 Ukraine takes the occasion of a counterterrorist officials meeting at the UN to outline its experience of Russian hybrid warfare, especially information operations, and the use of nominally irregular and thus deniable forces on the ground. Ukraine has been particularly affected by direct Russian cyber attack, notably the two takedowns of portions of its power grid and the large NotPetya infestations. It's noteworthy that the country's counter-terror officials should choose to single out propaganda and disinformation to give this style of information operations its traditional name for particular mention. ProtonMail says that the distributed denial-of-service attacks it sustained continue and that users may experience periodic outages.
Starting point is 00:03:27 The privacy-friendly service was hit last week by the Apophis Group, a collection of hacktivist skids who've exchanged hard words with ProtonMail over that attack and others. They've told Bleeping Computer that they resented ProtonMail's CTO calling them clowns on Twitter. The outages that continue suggest an unusual inveteracy of the attackers. Neither the lulls nor hurt feelings would seem to be adequate motivation, but who at this point knows? In any case, ProtonMail is taking the usual measures to ward off the jamming. Sentiment against entanglement with Huawei continues to run through Australian opinion.
Starting point is 00:04:07 Fears there, as in the U.S. and elsewhere, center on the company's alleged closeness with Chinese intelligence and security services. There may be other concerns as well. South Korean media note reports by CVE Details that Huawei devices may suffer from an uncomfortably large number of security issues. But disentangling a national telecommunications infrastructure from a large, low-cost device provider is no trivial matter. China is of course a significant trading partner, and as reaction to U.S. sanctions against ZTE demonstrates, it's not a one-way street.
Starting point is 00:04:44 Chinese companies depend upon their international trading partners as well. Huawei does have its defenders in Australia and elsewhere. One such is in the U.S., where United Telecom, a wireless telecommunications provider based in Kansas, says that it would have to suspend service if a proposed FCC ban on the Chinese company's devices were to proceed. The U.S. administration takes aim at another Chinese company. China Mobile has been denied a Section 214 license on security grounds. China Mobile
Starting point is 00:05:19 is the world's largest mobile phone service, but its customers are mostly domestic Chinese users. It had been attempting to enter the U.S. market for the past seven years, but that door seems to have been firmly shut. According to the U.S. Department of Commerce, granting the carrier license to operate in the United States would pose, quote, unacceptable national security and law enforcement risks, end quote. Typeform, whose widely used app delivers online quizzes businesses and government agencies use to make their sites stickier, has disclosed that it discovered a data breach last week, compromising first names, dates of birth, mobile numbers, and email addresses entered by quiz takers. The company has been notifying its customers, the organizations
Starting point is 00:06:06 who use their services, not the individuals who took the quizzes, and much information about the incident comes from those customers. It appears, according to the register, that the information accessed was in a partial backup of Typeform's data. Enthusiasm for cloud services continues unabated, but for many organizations and particularly small businesses, it can be challenging to decide which services to move to the cloud and how quickly. Vince Arnasia is with Five9, a company that helps organizations with these transitions, and he offers his perspective. A lot of companies are currently dealing with the situation around whether they stay private cloud, do they go to hybrid cloud, do they move everything to public cloud and I think the main thrust of it is around where do you put the
Starting point is 00:06:57 workloads, where do you put the workloads that are sensitive, where do you put the workloads that are more database centric. That's really where a lot of enterprises, whether they be small, medium, or large, are assessing their needs going forward. And what do you suppose the deciding factors for people should be as to where they place their various assets? So a lot of it has to do with the industry and the security regulations that the corporation is bound to. That obviously factors into their decisions around, do they go into an all-public cloud infrastructure, or do they somehow balance it between private and public? What sort of security posture they need to have in these computing environments?
Starting point is 00:07:40 Obviously, the types of applications and workloads they're running. So what we're seeing is a lot of companies are betting on hybrid. They're basically betting on the fact that it's just like anything else. There's always a middle ground that ends up being what's typically utilized versus one extreme or another. And so hybrid seems to be that middle ground where a lot of companies are settling and obviously trying to figure out, you know, where a lot of companies are settling and obviously trying to figure out, you know, do I put my sensitive applications here? Do I put my databases here? How do I balance it? And so a lot of that's, you know, being discussed internally, I'm sure, with CIOs, CISOs, etc.
Starting point is 00:08:18 And how much do they benefit from diversity of not putting all their eggs in one basket or, you know, spreading backups across various systems that sort of thing yeah absolutely that's critical right you need to be multi-vendor you need to be in some regards multi-cloud you need to be multi-cloud computing environment in order to spread around the applications workloads databases etc so a lot of companies that are larger in size can take that approach and you know manage the cost and manage the infrastructure but a lot of the smaller companies that we talk to for example have a tough time with that that sort of multi pronged approach across these different cloud computing environments now for those smaller
Starting point is 00:09:03 companies what typically is holding them back? Is it complexity or cost or a combination of the two? It's a combination of the two, plus if you factor in the unknown, right, a lot of these smaller companies just don't know enough in regards to the cloud computing environments. And so they're risk-averse because whatever they have currently, even though it might be band-aided together, is working. And so do they want to really disrupt that? If so, what's the process involved? Typically, they're looking for a vendor to handhold them through the process because they just don't have the skill set, the comfort level, the knowledge, the time, the resources. And so
Starting point is 00:09:43 they're hamstrung in regards to that sort of notion of moving to hybrid. Now, what's your advice to people who are looking to make that transition as easy as possible? What should their approach be? I mean, obviously, just like anything else, you want to start small. You want to assess the options around public cloud. You want to get a couple of workloads set up with your tenant in Azure, for example. You want to think about the simple workloads that aren't necessarily production or sensitive in nature.
Starting point is 00:10:16 Putting those out there, possibly using technologies and tools from certain vendors that make it easier for you to do it all through a platform that allows for you to manage and secure that environment. I think we've seen in my interaction with a lot of our customers, a lot of them six months ago were assessing Azure, and now they're actually moving workloads to Azure now that they've gotten more comfortable. And so it's one of those things where it takes a little time to do it, but you've got to put your toe in the water and start to do that over some time.
Starting point is 00:10:53 That's Vince Arnasia from Five9. Adidas continues to investigate customer data exposure. It's not alone. Fortnum & Mason, purveyors of luxury goods, has sustained a breach said to affect more than 20,000 customers, and a third-party recruiting service, PageUp, used by British hospitality company Whitbread, may have lost applicants' data. U.S. federal law enforcement and regulatory agencies are close reading Facebook's long response to Congress on data abuse. This isn't merely picking over the bones of Cambridge Analytica,
Starting point is 00:11:30 but appears to be a set of serious, independent inquiries by organizations with diverse roles, missions, and responsibilities. The agencies looking are the FBI, as one would expect, but also the somewhat flintier Federal Trade Commission and Securities and Exchange Commission. Finally, there's a very odd case from China, similar to events that have occurred over the years in other diplomatic stations. It's not strictly speaking a cybersecurity issue, but it does touch on intelligence and other forms of diplomatic security. U.S. consular personnel have been moved out of China after odd sounds and strange debilitation were reported.
Starting point is 00:12:12 The symptoms are said to be neurological, similar in some respects to a concussion, and the reported sounds are described as simply abnormal but not extraordinarily loud, indeed not even audible to normal human hearing. What to make of the event is uncertain. Explanations range from some sort of deliberate attack to malfunctioning surveillance equipment to shared delusion, but the symptoms are real enough, whatever their origin,
Starting point is 00:12:38 for the State Department to take them seriously. U.S. and Canadian diplomats and their families experienced unusual symptoms in Cuba during 2017. Again, the cause was obscure, but there was inconclusive public speculation about some form of acoustic device. Symptoms included hearing loss, headaches, visual problems, difficulty with balance,
Starting point is 00:13:00 and sleep problems. Speculation at the time turned toward Russia, but again nothing was definitively established, at least publicly. Similar symptoms were reported in Tashkent by U.S. diplomatic and aid personnel accredited to Uzbekistan. The likeliest explanation would appear to be infrasound, low-frequency sound waves below the human hearing range. U.S. Secretary of State Pompeo has raised the matter with his Chinese counterparts
Starting point is 00:13:29 during talks otherwise devoted to North Korean matters. Calling all sellers. Salesforce is hiring account executives to join us on the cutting edge of technology. Here, innovation isn't a buzzword. It's a way of life. You'll be solving customer challenges faster with agents, winning with purpose, and showing the world what AI was meant to be. Let's create the agent-first future together.
Starting point is 00:13:59 Head to salesforce.com slash careers to learn more. Visit salesforce.com slash careers to learn more. on point-in-time checks. But get this. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC.
Starting point is 00:14:54 Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off. And now, a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home. Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives. Because when executives are compromised at home, your company is at risk. In fact, over one-third of new members discover they've already been breached. Protect your executives and their families 24-7, 365 with Black Cloak.
Starting point is 00:15:49 Learn more at blackcloak.io. And I'm pleased to be joined once again by Rick Howard. He's the Chief Security Officer at Palo Alto Networks. He also heads up Unit 42, which is their threat intel team. Rick, welcome back. You and I have talked about the Cyber Threat Alliance before. You've got some updates for us. Why should the Cyber Threat Alliance be on folks' radar?
Starting point is 00:16:18 Yeah, and you're right. We have talked about it in the past. It's kind of an ISAC for security vendors, but it has really two key differences from the other ISACs in the world, right? First is that you have to share to be part of the group, okay? In other ISACs, most people don't have the resources to share. So, but in this, you can't be part of the club, okay, unless you share and we measure it daily. And the second unique thing about it is that since we are security vendors, we already have the ability to update our own products with new intelligence. It happens with all the automation in the background. It's why you buy us, right?
Starting point is 00:16:55 But now, if you get a bunch of vendors sharing intelligence with each other, we can send and get prevention controls deployed around the world in minutes to hours if you're using one of the products from members of the alliance. All right. So it's a really interesting idea. Customers have been asked after us for years to get organized. Well, we finally got it going and it's working. And the use case that proves the point that this is something that should have been existing for years finally happened a couple of weeks ago. the point that this is something that should have been existing for years finally happened a couple of weeks ago. The Cisco intelligence team, Talos, published an intelligence report on an adversary playbook called VPN Filter. Are you familiar with this? Oh, sure. We've reported on it.
Starting point is 00:17:35 Sure. So this active campaign compromised some 500,000 home routers and installed the malware installed had a brick option, which allowed the attackers, if they wanted to, to destroy all those routers with just a push of the button. Now, Cisco had been working on this report for several months in secret and had been working with law enforcement to arrest the individuals involved. Because Cisco was part of the Cyber Threat Alliance, the Talos analysts briefed the entire VPN filter situation to the alliance members and provided details around the adversary playbook use way before they published it in public, right?
Starting point is 00:18:12 And so all the alliance members were able to get protection controls in place before the information went public and the bad guys knew what we were talking about, okay? And so this is why the Cyber Threat Alliance exists, to distribute those prevention controls around the world in a timely fashion, in this case, ours, to better protect our mutual customers. Okay. And this is why, this is the plug here, right? Why network defenders should not buy equipment and services from vendors who are not in the alliance. There is no reason that a security vendor should not be part of this community to help our mutual customers. So here is the ask for your listeners. from vendors who are not in the alliance. There is no reason that a security vendor should not be part of this community
Starting point is 00:18:45 to help our mutual customers. So here is the ask for your listeners. When security vendors visit and they try to sell them their wares, they should be asking them, why aren't they a member of the Cyber Threat Alliance? And better yet, if they're publishing a formal RFP to replace some security kit this year,
Starting point is 00:19:03 make those vendors answer it in writing. Now, they can still choose them. I'm not trying to force them into choose them. All right. But they should make that vendor go through the pain, right? Because they absolutely should be part of the cyber threat alliance and we want them in the club. All right. Well, it's a compelling pitch for sure. As always, Rick Howard, thanks for joining us. Thank you, sir. us. Thank you, sir. worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant.
Starting point is 00:20:15 And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com. And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for CyberWire Pro. It'll save you time and keep you informed. Listen for us on your Alexa smart speaker, too. The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technologies. Thank you. back here tomorrow. Thank you. guided apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com.
Starting point is 00:21:51 That's ai.domo.com.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.