CyberWire Daily - IBM, Apple, and Intel all fix vulnerabilities and block threats. Neustar's DDoS report. Updates on the DarkOverlord and (separately) LizardSquad. Info ops and what they're after.
Episode Date: May 2, 2017In today's podcast we hear that Trojanized USB sticks are out in the wild. So are phishing emails complete with backdoors and spyware payloads. Intel reports (and mitigates) a major firmware vulnerabi...lity in Core processors. The DarkOverlord and third-party risk. ShadowWali backdoors afflict Japanese enterprises. The LizardSquad may be back, but you still shouldn't listen to them, still less pay them protection. Neustar looks at DDoS trends. Ben Yelin from the UMD Center for Health and Homeland Security explains tractor hacking. Nehemiah Security's Paul Farrell thinks we need to mind the security basics. And do info ops heighten the contradictions? Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Trojanized USB sticks are out in the wild,
so are phishing emails complete with backdoors and spyware payloads.
Intel reports and mitigates a major firmware vulnerability in core processors. I'm Dave Bittner in Baltimore InfoOps heighten the contradictions?
I'm Dave Bittner in Baltimore with your CyberWire summary for Tuesday, May 2, 2017.
Some malware found in the wild affects products by two of the world's largest vendors, IBM and Apple.
And Intel has found a vulnerability in its core processor's firmware. This may be a busy
do-it-yourself week for sysadmins, especially in small and medium enterprises. In the first
incident, it appears that IBM inadvertently shipped trojanized USB sticks to customers.
The devices were to be used as initializers for IBM's storeise disk racks. The company has, of course, stopped shipping the drives
and is advising customers to destroy any they've received.
The malware is apparently a Trojan dropper that enables installation of other malware.
According to researchers at security firm Kaspersky,
this particular malware strain has hitherto mostly affected Russian systems.
It's basically spyware, and Kaspersky researchers say it reports back to gangland operators.
So, if you've received a USB drive from IBM with the part number 01AC585, don't use it.
If you already did, IBM recommends making sure your antivirus software is up to date,
configuring that security software to scan temporary directories,
and then, of course, scanning.
IBM also has instruction on how to manually remove the malicious file
by deleting the temporary directory.
Checkpoint warns that the OS X dock malware
that installs a backdoor and monitors web traffic
has been spreading through European targets.
Like most successful Mac malware, it's disseminated through phishing.
Apple says Gatekeeper wasn't bypassed, and that although the malware was signed with a legitimate but illegitimately obtained certificate,
that certificate has now been revoked.
There's also a firmware vulnerability in Intel platforms that researchers
say is nine years old. Intel has patched its widely used core processors, with the fix extending back
to its first-generation core, Nahalem, which shipped in 2008. The company warns that if left
unpatched, the flaw could lead to remote management takeover of systems using
Intel Active Management Technology, Intel Small Business Technology, and Intel Standard
Manageability. These are widely used by small and medium enterprises, who are advised to
work through the patching as soon as they can.
We've all seen the ads for the latest and greatest security products, promising that
they, and only they, have the solution that, at last, is going to solve all the world's cybersecurity problems.
Heck, we run some of those ads here on the CyberWire. And they are awesome.
That said, it's important to not forget the basics. Paul Farrell is CEO of Nehemiah Security. We think it's really important that a lot of good can happen in the industry by doing the unglamorous stuff.
And the industry headlines get the glamorous all the time, the newest, sexiest exploits and how to block them.
But from what our experience is, is that a lot of good can be done by blocking and tackling in organizations in the day-to-day,
like educating people on hygiene.
Like, don't click on that link.
I mean, you'd be surprised how many people still click on the links.
So it's concentrating on that kind of stuff and then locking down applications,
not allowing browser plug-ins, doing upgrades, patches.
You know, identify the problem in your network, manage it, and then put stuff in place to protect it.
Are we really talking about a balance here of making sure that you're blocking and tackling with the basics,
but then, you know, having some of the newer tools as well?
Correct. We all got to ride the wave of innovation.
tools as well? Correct. We all got to ride the wave of innovation. But what we try to maintain is that innovation is great and we need to keep our fingers on the pulse of the industry from
that perspective. But in another case that you can make a lot of headway, just doing the blocking
and tackling. We're reminding people what they should be doing. We're focusing on putting business cases forward for the financial side of the house to understand what the risk is by not upgrading or not going to
the next version of software. What's the risk exposure? And I think, you know, as this industry
more matures, we're getting away from the fear, uncertainty and doubt is, you know, the security
salesman comes in and pounds on the desk. you must upgrade because this is the latest and greatest.
And if you don't, you're going to be exposed to now what I call saying business-like is
like, okay, what's my risk?
My risk is, let's say my risk is $10 million.
The cost upgrade is a million.
So we should be able to present those things to the business users and say, look,
here's your risk, here's your exposure. What do you want to do? And I think that's where our industry, as it matures, that's what we need to focus on. We need to focus on going back to basics,
the basics of configuration management that we're talking about here, and the basics of presenting
a business case as to why we need to do things in the IT operations side and the business side.
That's Paul Farrell from Nehemiah Security.
Security firm Cyber Reason reports that Shadow Wally, a run-of-the-mill but quietly effective
backdoor, has been used to attack Japanese businesses since 2015. Shadow Wally Harvests
Credentials, its author said to be highly anonymous and known to researchers only as
User123, appears to be operating from somewhere in East Asia, but his or her or their identity
remains unknown. Remember the Lizard Squad? A gang of young skids who worked for a while as
DDoS impresarios? They're back, or at least someone claiming to be them is. Their stock
in trade has been to send businesses letters threatening them with DDoS unless they pay
protection money. But we've heard from the DDoS protection specialists at Akamai,
and they say it's mostly hooey. The extortion notes seem
to be mass junk mail, and you shouldn't, Akamai recommends, consider paying them under any
circumstances. The chances that you'd actually be subjected to the threatened distributed denial
of service attack is vanishingly small, and even if you were subjected to DDoS, there's no reason
to believe paying the protection would keep you protected. Keep your Bitcoin in your wallets, and if you're trolled by Lizard Squad, let law
enforcement know. Security company Newstar today released a major study of DDoS trends,
real trends, that is, not bulk-mailed nasties like the likes of the Lizard Squad.
The problem is, unfortunately, real and increasing.
The size, pace, and volume of attacks have grown significantly over the past year,
as have the costs they exact from enterprises.
In the field of cyber conflict, observers continue to point out
the conceptual continuity of old-school propaganda with new-school information operations.
The latter are troublesome in that technology has lowered the barriers to entry.
Now small nation-states and even smaller movements
can exert a formidable effect on mass opinion by working effectively online.
One of the goals of some of the mass movements is also familiar from the late 19th century,
heightening the contradictions.
The viler the messaging,
the more pressure governments come to feel to do something,
and that something is often a step on the slippery slope to repression.
There's a growing parliamentary sentiment in the UK, for example,
to punish social media providers who fail to stop, quote,
hate speech from crossing their platforms, end quote.
The old Bolsheviks would have understood perfectly.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life. You'll be solving customer challenges faster with agents, Thank you. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. stay home with her young son. But her maternal instincts take a wild and surreal turn as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel,
Night Bitch is a thought-provoking
and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
Cyber threats are evolving every second and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization
runs smoothly and securely. Visit ThreatLocker.com today to see how a default-deny approach can keep
your company safe and compliant. Joining me once again is Ben Yellen. He's a senior law and policy analyst at the University of Maryland Center for Health and Homeland Security.
Ben, a story came by on Motherboard about some American farmers who are turning to the black market to get software for their John Deere tractors.
Bring us up to speed here.
What are we talking about?
Sure.
talking about? Sure. So when a farmer, your average Midwest farmer buys a John Deere tractor,
they sign a contract that basically says they don't have a right to repair in the case of any sort of malfunction. They have to call the dealer and the dealer will bring a USB port, which has
the relevant software to make the connection. John Deere owners don't like this. They don't want to pay the
exorbitant cost of calling the dealer. Sometimes it takes a long time for the dealer to make an
appointment and get there. You don't want to interrupt your farming, etc, etc. So many of
these farmers have gone on the black market and are buying devices from the Ukraine, buying them
online. One of the reasons I think this is particularly interesting
is that there's this whole notion of people having the right to repair their devices.
And as more and more devices have software being a major part of them,
you know, our cars, our computers now.
It's interesting to me that back in 2015,
the Librarian of Congress basically carved out an exemption
of the Digital Millennium Copyright Act for land vehicles, and that includes tractors.
But John Deere has found a way around that.
Right. They found a way around that by, you know, putting this provision in their contracts.
But what the Library of Congress said in association with the Copyright Office is that you can't contract away a right to repair.
You know, normally when you pirate software, you're going to be charged under the Digital
Millennium Copyright Act. But this exception applies to things like land vehicles, including
tractors. These are realms that exist in the physical world and have existed in the physical
world. And it makes common sense to us that an owner of one of these devices should be able to go in and fix it themselves. I think
that was the justification behind the policy change. So it is superseding even the contact
agreement that farmers make with John Deere. I think the federal government is trying to make it
legal to initiate these repairs without a person having to go to the
dealer. You know, the broader lesson of this is this right to repair is going to apply more and
more when we're dealing with brick and mortar type items that used to be able to just fix with a
screwdriver. Now you need to have some access to software to fix them. And there's going to need
to be some sort of legal precedent around whether you should treat it like it's an old Buick
or whether you should treat it like a Dell computer.
The laws have sort of had varying standards to that effect,
but I think as more and more of these brick-and-mortar devices require software,
I think we're going to start to see more conformity.
Maybe there can be a contract provision where the owner of the tractor can make
these modifications, can legally under the law procure software, even on the black market,
that they're responsible for any potential damages to the tractors.
Right. All right. It's an interesting one. Ben Yellen, thanks for joining us.
Ben Yellen, thanks for joining us.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives. Because when executives are compromised at home, your company is at risk. In fact, over
one-third of new members discover they've already been breached. Protect your executives and their
families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner.
Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.