CyberWire Daily - Influence the gullible, and maybe others will follow. Event site sustains a data breach. Contact tracing and privacy protection. Ransomware, again. Social media used to intimidate witnesses.
Episode Date: November 25, 2020Observers see a shift in Russia’s influence tactics, but prank calls are (probably) not among those tactics. An event site suffers a data breach, and warns customers to be alert for spoofing. COVID-...19 contact tracing continues to arouse privacy concerns. Joe Carrigan has tips for safe online shopping during the holidays. Our guest is Dmitry Volkov from Group-IB with insights from their latest Hi-Tech Crime Trends report. Ransomware hits another US school district, and social media are being used to intimidate cooperating witnesses. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/228 Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Observers see a shift in Russia's influence tactics,
but prank calls are probably not among those tactics.
An event site suffers a data breach and warns customers to be alert for spoofing.
COVID-19 contact tracing continues to arouse privacy concerns.
Joe Kerrigan has tips for safe online shopping during the holidays.
Our guest is Dmitry Volkov from Group IB with insights from their latest high-tech crime trends report.
Ransomware hits another U.S. school district
and social media are being used
to intimidate cooperating witnesses.
From the Cyber Wire studios at Data Tribe,
I'm Dave Bittner with your Cyber Wire summary for Wednesday, November 25th, 2020.
While Russian influence operations during the U.S. election seem to have fizzled,
The Voice of America reports
that Moscow appears to be laying the foundations of subsequent campaigns. Instead of troll farming
and inauthentic social media, the new Russian approach to disinformation involves establishing
mindshare in fringe U.S. media, far left and far right, using feeds from state-controlled outlets like RT, Sputnik, TASS, and Izvestia TV.
One of the pathologies of intense political commitment, apparently, is heightened gullibility.
Some Russian operators, and they say they're comedians, funsters, not agents of the state,
continue to enjoy success with prank calls made to various world leaders.
The BBC says that the two performance artists, Vladimir Kunetsov and Alexei Stolyarov,
have released a recording of an exchange they had with Canadian Prime Minister Justin Trudeau
back in January. They pretended to be young climate change activist Greta Thunberg, which is perhaps more plausible than using one of the traditional gag names like
IP Freely or Amanda Huggenkiss.
And they got the PM to pick up the phone.
He was polite and diplomatic, listening to advice that he should
leave NATO, drop your weapons, pick flowers, smile at nature.
Mr. Trudeau's office said in a statement,
the prime minister determined the call was fake and promptly ended it.
The BBC notes that while these two gents have been accused
for working for the Russian security services,
they themselves deny it, saying,
we only choose the subjects we are interested in ourselves.
So who knows? Maybe they're right.
Anyway, they're funnier than TAS, so they got
that going for them. Piatix, which describes itself as a global event discovery and ticketing
platform, has disclosed a data breach that exposed user data. The company is working to contain the
damage. ThreatPost reports that some stolen data have appeared in Instagram and Telegram posts.
Piatix warns users to watch out for spoofed communications.
Some collection of COVID-19 data for contact tracing has been inadvertently intrusive,
as, for example, with the apparently unintentional harvesting of data by Australian
intelligence services. The country's Inspector General of
Intelligence and Security has reported to the Information Commissioner that some collection
of data from the COVIDSafe contact tracing app did occur, but that the data did not seem to
have been decrypted or used by those unnamed agencies. Coincidentally, the United Nations
has issued a general warning about the threats to communications and data privacy management the COVID-19 pandemic presents.
The UN is in favor of contact tracing, but it wants it done without putting potentially repressive and intrusive policies in place.
Five aspirational guidelines are offered. The UN hopes they'll serve as a template for responding to future crises.
the UN hopes they'll serve as a template for responding to future crises.
Be lawful, limited in scope and time, and necessary and proportionate to specified and legitimate purposes in responding to the COVID-19 pandemic.
Ensure appropriate confidentiality, security, time-bound retention, and proper destruction or deletion of data
in accordance with the aforementioned purposes.
Ensure that any data exchange adheres to applicable international law, data protection, and privacy
principles and is evaluated based on proper due diligence and risk assessments.
Be subject to any applicable mechanisms and procedures to ensure that measures taken with
regard to data use are justified by and in accordance with the aforementioned principles
and purposes,
and cease as soon as the need for such measures is no longer present,
and be transparent in order to build trust in the deployment of current and future efforts alike.
Chances are you're doing some online shopping this season. Of course you are. There's no shame in it.
But of course there's always concerns about the possibility of fraud. What does fraud cost? It depends, and holidays or not.
In part, it seems to be a generational thing. Atlas VPN has worked through U.S. Federal Trade
Commission data and concluded that millennials lose between $200 and $300 per fraud case,
Millennials lose between $200 and $300 per fraud case,
while elderly people, those aged 80 and above, lose up to $1,200.
On the other hand, the millennials are scammed more often than their elders,
possibly because they simply do more online and present the grifters with more targets of opportunity.
By the way, we just bought some Girl Scout cookies online ourselves,
and you should feel free to do the same.
Those girls are no grifters.
Two stories come today from Greater Baltimore.
In one, the Baltimore County Public Schools
have canceled instruction today.
The Baltimore Sun reports that the system
has come under a ransomware attack
and all classes have been canceled.
The school district is working to remediate the problem,
but has no estimate as
to when it might be able to resume operations. The disruption comes at a particularly unfortunate
time as schools attempt to shift more instruction online. Also in the Baltimore Sun is an account of
an unusually ugly form of online intimidation. Criminals are posting images of people who
cooperate with police investigations to Instagram.
It's not only intimidation and threat, but it's often extortion as well,
as the criminals demand money in exchange for taking down the pictures.
Only Cash App will get you off this page, says one representatively subliterate post.
May the hoods receive the attention from the police they richly deserve.
May the hoods receive the attention from the police they richly deserve.
You might be experiencing some difficulty accessing our site today.
Amazon Web Services, which we use, have been clobbered with outages today that appear to have been particularly severe along the U.S. East Coast,
roughly between New York and Washington.
Amazon is working on the problem, which ironically has affected their own
service health dashboard. We regret the inconvenience and hope to be back to you soon.
Calling all sellers. Salesforce is hiring account executives to join us on the cutting edge of technology. Here, innovation
isn't a buzzword. It's a way of life. You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be. Let's create the
agent-first future together. Head to salesforce.com slash careers to learn more.
Visit salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. small and mighty Cortado. Cozy up with the familiar flavors of pistachio or shake up your mood
with an iced brown sugar oat shake and espresso.
Whatever you choose,
your espresso will be handcrafted with care at Starbucks.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals
to bypass your company's defenses
is by targeting your executives and their families at home? Black Cloak's award-winning
digital executive protection platform secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact,
over one-third of new members discover they've already
been breached. Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
Cybercrime Con 2020 is a virtual threat hunting and intelligence conference
being held November 25th through the 27th, 2020.
The program for the three-day event powered by Group IB
includes an all-star speaker lineup as well as a full-day threat hunting competition.
The CyberWire is a media partner for the event.
Dmitry Volkov is from Group IB.
He'll be presenting at CybercrimeCon.
He joins us with insights from their latest High-Tech Crime Trends 2020-21 report.
Well, it's our annual report where we're trying to explain what are key threat trends that we observed within a year.
And usually we're always able to find something new
that was not covered by other reports,
basically because we have our own incident response,
our threat intelligence,
and of course our investigation department.
To be honest, all of these threat actors
who were active within a year,
it's always possible to detect the activity. All recommendations
will be the same. You need to pay more attention about your security on network perimeter.
You need to pay attention for how you patch your software and deliver. Of course, you need to be
able to deploy some additional security controls that allow you to track network traffic, do sandboxing,
and of course endpoint solution where it will track the activity of threat detectors
on the behavior level. Sometimes EDR could be helpful and of course you need to find someone
who will do active threat hunting because not everything is possible to detect by existing
security solution stack and that's why actually all these penetration tests, external penetration tests are quite
successful.
But meanwhile, on site stage of attack, usually there are artifacts that allow you to detect
the malware or even threat detector.
Not just detect, but of course, to be able to attribute it.
Was there anything that was surprising in this year's report?
Anything that bubbled up that you hadn't expected?
Well, we didn't thought that the attackers who did targeted attacks against financial institutions
will stop the activity, so we don't attack banks to rob them.
We also stopped this activity and began to participate in affiliate programs
relevant to ransomware. Sometimes it's closed affiliate programs, sometimes it's open, but
like gangs like Silence, Cobalt, MoneyTaker, we don't see them anymore actively doing attacks
against financial institutions. So we have the experience how to get access to the corporate network,
how to completely compromise it, get full control over it.
And then we just deploy ransomware. We don't need to do
money laundering to get access to financial systems.
So much more easier money.
That's Dmitry Volkov from Group IB. He's one of the presenters
at the upcoming CybercrimeCon
that's being held November 25th
through the 27th.
Be sure to check out CyberWire Pro
on our website, thecyberwire.com.
You can find extended versions
of many of our interviews.
That's thecyberwire.com. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
And joining me once again is Joe Kerrigan.
He's from the Johns Hopkins University Information Security Institute.
Also my co-host over on the Hacking Humans podcast.
Hello, Joe.
Hi, Dave.
Joe, it is that time of year.
Yeah, it is.
We are heading on a steep, jumping off the cliff toward the holiday season.
And that means lots of shopping.
It means I'm officially
okay with, you know, after this weekend, after we get through Thanksgiving, that's when it's okay
to put up your decorations and play your Christmas music and all that kind of stuff. Got a little bit
of information for you, Dave. The decorations are already up inside my house. Oh my, oh my. All
right. Well, that's cheating. I call foul. You'll have to take it up with Lisa.
Yeah, I'm sure I'll have a lot of luck with that.
Right.
But getting to our point here, Black Friday, Big Shopping Day, and of course, followed by Cyber Monday.
Yeah.
Saw an article come by from the folks over at the Naked Security blog by Sophos.
The great Paul Ducklin wrote this one up.
And it's basically some good guidelines for staying safe with this rush to shop online.
I mean, certainly this year more than ever,
that's the way folks are going to do it.
That's right.
Black Friday is not going to be waiting in line
at a crowded store this year
for obvious pandemic-related reasons, right?
Yeah.
So the retailers are not going to just let this day go by.
It's a big cash money day for them.
So they're going to just offer these deals online,
which means that there's all kinds of issues that come along with that
for both Black Friday and Cyber Monday this year.
And the article makes the point that whatever you do for your cybersecurity
for Black Friday is good to do all the time, right?
These are just good practices that they have. And Paul has put down some tips in here that are really good tips.
Some of them are things that I've said multiple times, but here's a good one that I have never
said before. Write down the contact details for your financial providers, right? He says,
make an old school written copy of the emergency contact numbers and email addresses
for organizations such as your bank and credit card issuers or insurance companies.
That way you'll have access to them even if you lose access to your payment card or your
phone gets stolen, right?
Because all that information is on the back of your credit card.
So if your wallet gets physically stolen from you, how are you going to call that number?
Yeah, well, it also helps you resist the urge when someone sends you a fake
email or a fake text message that says, hey, this is your bank. Call this 800 number right now.
Yeah. Then they give you a fake number. If you get that information, if you get that text,
just flip the credit card over and call that number. Don't call the number that anybody ever
sends you. That's another bit of advice I've been giving for a long time. Call a number that you
know is the bank.
Either look it up online, go to the phone book, or use the back of your credit card.
But if you've lost your credit card, you should have written it down.
And Paul makes a good point.
Write it down before you wish you had written it down.
Right, right, right.
What else does he list here?
He says, learn about account lock features offered by your bank or credit card issuer.
Some of these card companies have ways to just quickly lock and unlock your credit card so that nobody else can use it. Some don't,
but I think that's going to become more of a differentiator in the marketplace over time.
Learn how to clean up your browser's autofill storage. That's really good advice because
maybe you don't want your credit card information being stored in your browser's autofill storage space. So just learn how to clean that out. Do a little audit. Right.
Do a little audit. Exactly. In the U.S., this is for our U.S. listeners, apparently there's a
federal law that allows consumers to apply a credit freeze, which stops people from applying
for new loans in your name. It's a way to put the brakes
on identity theft. It's a little bit inconvenient because if you need to go out and apply for any
debt, then you have to first release the credit freeze. But you can do this at your leisure,
and the credit companies have to oblige you. It's a law. Paul says, consider using a prepaid
debit card for one-off purchases. And that's a good idea.
There are also other services out there that will let you have a virtual credit card number.
I don't want to endorse anybody in particular, but if you listen to other podcasts, you'll hear
the name of at least one of them. But it gives you a fake and temporary credit card number that
you can use to go out and make a purchase. And that you can actually tie that credit card number to a single merchant so that nobody else can use it.
So even if that merchant gets breached, that credit card information is useless to anybody
unless they go to the merchant that you were using it at. And then you can set up a limit for it.
So, right. And they can be single use, exactly. Good point. You can make disposable ones that you'll use once.
And finally, and this is my number one point right now,
turn on two-factor authentication wherever you can.
Wherever you can, use whatever you can,
the most secure kind you can that's available.
So the three most common types of multi-factor authentication
are the text message, the SMS,
that's more secure than nothing, but not very secure.
The next one is the time-based password.
You see these apps like Google Authenticator, and Microsoft has one as well.
It's the same technology that's in the little tokens that you get from your employer if
they have multi-factor authentication.
And finally, something that's like a physical token, like a FIDO key, like YubiKey or Google has their,
I can't remember what it's called,
but Google has something
that's based off the same infrastructure.
Those are the most secure.
Yeah, yeah.
You know, I think this is one of those articles
that, you know, those of us in the biz
probably do most of this stuff already,
but first it's a good reminder,
but second, this is a great article
to send around to your friends and family.
Just lays it all out in a nice approachable way
for them to, if they haven't thought
about some of these things,
it's a great way to get them started.
I think I'll post this article on Facebook, Dave.
Yeah, yeah, it's a good one.
So that everybody can get some advice from me
because I like telling people what to do.
No kidding.
Nobody listens, but I still like telling them.
That's all right.
It's all right.
It's good.
It's good to know your limits, Joe.
All right.
Well, again, the article is titled Black Friday.
Stay safe before, during, and after peak retail season.
It's over on the Naked Security blog with Sophos,
written by Paul Ducklin.
Joe Kerrigan, thanks for joining us.
It's my pleasure, Dave.
And that's The Cyber Wire.
A happy Thanksgiving to all,
and many thanks to you for listening and reading.
We'll be taking the next two days off for the holiday.
We'll be back, as usual, on Monday.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field,
sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
The best of all is Butterball.
Listen for us on your Alexa smart speaker, too.
Research Saturday is taking a break this week for the Thanksgiving holiday,
but we will be back with more research.
The following Saturday, we hope you'll join us then.
The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTribe,
where they're co-building the next generation of cybersecurity teams and technologies.
Our amazing Cyber Wire team is Elliot Peltzman, Puru Prakash, Stefan Vaziri, Kelsey Bond, Tim Nodar, Joe Kerrigan, Harold Terrio, Ben Yellen, Nick Bilecki, Gina Johnson, Bennett Moe, Chris Russell, John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie, and I'm Dave Bittner. Thanks for listening.
We'll see you back here next week. Thank you. comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable
impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain
insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com.
That's ai.domo.com.