CyberWire Daily - Info ops follow airstrikes, to be followed by sanctions. Expect cyberattacks and reprisals, with a chance of kompromat.
Episode Date: April 16, 2018In today's podcast, we note that RSA has opened with ten rising stars in its annual Innovation Sandbox. US, British, and French coordinated strikes against Syrian chemical warfare targets prompt Ru...ssian information ops and warnings from Britain that the UK will retaliate against any cyberattacks against infrastructure. Charges are filed against an alleged Reveton ransomware money launderer. Emily Wilson from Terbium Labs with tips for conference-goers. Guest is Paul Martini from iBoss with thoughts on growing cyber security companies in a crowded marketplace.  Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
RSA opens with 10 rising stars in its annual innovation sandbox.
U.S., British, and French coordinated strikes against Syrian
chemical warfare targets prompt Russian information ops and warnings from Britain that the U.K.
will retaliate against any cyber attacks against infrastructure. And charges are filed against
an alleged Reviton ransomware money launderer.
I'm Dave Bittner, coming to you this week from San Francisco, the city by the other bay,
here at the 2018 RSA Conference, with your CyberWire summary for Monday, April 16, 2018.
The RSA Conference begins today with the customary preliminaries,
including the first rounds of off-site meetings hosted by companies and associations.
And as a quick note to kick off the week,
our publication and production schedule may be a little different through Friday.
Our time zone is in San Francisco, but our circadian rhythm is in Baltimore.
As, with apologies to Tony Bennett, are our hearts.
The major event today at the Moscone Center, of course, is the annual Innovation Sandbox.
Ten finalists will compete for this year's honors,
with final pitches and voting taking place early this afternoon.
The companies who will compete for top honors include Alcavio.
The news continues elsewhere, of course,
with kinetic action stoking information operations
and putting contending powers on high alert
for more directly damaging cyber offensives.
Strikes against Syrian chemical weapons facilities over the weekend are influencing Western countries'
calculations of the likelihood of Russian cyber retaliation.
The closely coordinated strikes, carried out over a 10-minute period at 4 a.m. Saturday
local time by U.S., British and French forces operating in the region, were an attempt to
cripple the Syrian government's chemical warfare capabilities and punish the regime for its recent
use of them against Syrian civilians in the city of Douma. The strikes were also a warning to Russia,
which is the Assad regime's principal international support, as well as to Iran,
which has its own investment in the Syrian civil war.
The first Russian responses to the strikes have been information operations,
both online and published sympathetic media outlets following government lines in Syria, Russia, and Iran.
Media in Russia, Syria, and Iran have generally denied that Syria conducted chemical strikes,
that Russia altered or removed evidence of such strikes,
that the 105 missiles
fired were mostly intercepted, which on the basis of battle damage assessment photographs
the U.S. released seems clearly false, that the attacks, while unsuccessful, will produce
a refugee crisis, and that of course the strikes are simply malign American aggression.
The U.S. Department of Defense Saturday reported a large
increase in Russian trolling, quoting a figure of 2,000 percent. This should probably be read as
a big increase in information operations, dressed up in some possibly exaggerated quantification.
In fairness to the official Russian organs, we quote Sputnik,
2,000 percent compared to what? Still, a lot of action and plenty of
trolls, by any reasonable estimation. Prime Minister May has been briefed on the likelihood
that leading British public figures, including members of the cabinet and other members of
parliament, will be attacked through release of scurrilous material, Compromat. Germany's
Foreign Minister Heiko Maas
this weekend reiterated his government's attribution of cyberattacks
on his ministry's networks to Russia.
Speaking to ZDF, he said,
quote,
We have an attack on the foreign ministry
where we have to assume that it stemmed from Russia.
We can't just wish all that away.
And I think it's not only reasonable but necessary to point out
we do not view those as constructive contributions.
Those were comments that he made to Reuters.
The U.S., also preparing for cyberattacks, is expected to impose further sanctions on
Russian companies sometime today.
As we explore the show floor at the RSA conference this week, countless companies will be vying for our attention,
hoping to convince us that their solutions outshine their competitors
and are something that we simply cannot live without.
Paul Martini is CEO at iBoss Cybersecurity,
where they provide a web gateway as a service,
and we checked in with him for his thoughts on the cybersecurity marketplace
and the ongoing shift to the cloud.
You know, it's a very crowded market, and I think it's a crowded market for a reason.
Cybersecurity is a very important aspect of society with state and nation warfare and cyber warfare and everything else.
And everybody is trying to find the silver bullet.
I think the reality is there is no silver bullet when it comes to cybersecurity,
the reality is there is no silver bullet when it comes to cybersecurity, just like there is no silver bullet to anything in life, including, you know, seatbelts and airbags that are not going to
definitively prevent a death in an accident. But the thing in this market is to look at ways to
collaborate and to get complementary technologies delivered in such a way that together they can deliver overall better efficacy and
better protection to end users, as well as simplify the job and the workload for IT professionals.
So do you think this is an industry that is ripe for consolidation?
Yeah, absolutely. And it's more than just a consolidation of mergers and acquisitions of companies.
I think the consolidation will happen through the platform providers that enable these technologies to be delivered to the end user or to the IT administrators in a very simple way.
Now, we certainly hear a lot of talk these days about third-party risk.
What do you say to folks who push back and who say, you know, I want to keep,
there's that old saying, I want my servers, you know, where I can see them.
What do you say to folks who are hesitant to collaborate with outsiders?
Yeah, you know, I think, especially when it comes to appliances or virtual equipment,
where, you know, they want an IT administrator security and wants to see the server,
the reality is you can't say the same thing about the employee. So you can't ask the employee to just sit in the office within the
four walls that has all the perimeter defense for that employee. They're going to go home and you're
not going to see them. The difference being that they're going to be on their laptop or on their
phone accessing Office 365 or accessing other cloud applications or business applications that fall outside of your control.
So the shift to the cloud, because the applications have moved there,
has nothing to do with cybersecurity.
And that shift in momentum is happening regardless of whether cybersecurity
wants to catch up or not because it's easy to consume, easy to use,
and allows all of these vendors, some of which may not be in the cybersecurity space at all,
to deliver value to a business. And so really, as the job of a cybersecurity industry or
cybersecurity company is to see how we can apply the same needed cybersecurity in a different world,
in a world that you don't see the servers and you don't see the applications because the world is moving to the cloud regardless of your cybersecurity strategy.
That's Paul Martini from iBoss Cybersecurity.
And finally, at the end of last week, a Microsoft engineer entered a plea of not guilty before a federal judge in Florida.
Raymond Udiale, 41, faces charges of conspiracy
and money laundering. He's alleged to have been involved with the Reviton ransomware gang,
famous for having used the FBI logo in its scare screens,
and is said to have laundered money paid by ransomware victims.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI. Now that's a new way
to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash
cyber for $1,000 off. And now a message from Black Cloak. Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover
they've already been breached.
Protect your executives and their families
24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And joining me once again is Emily Wilson.
She's the Director of Analysis at Terbium Labs.
Emily, welcome back.
We are heading into conference season here.
As we record this, we are just heading into the RSA conference.
You've been attending several conferences already this year, so we thought we'd go through some tips and guidance
for folks who may be heading off to some of the big shows.
Yes, conference season is upon us.
We are all booking flights and checking schedules
and coming to terms with the fact that we're going to have to go to Las Vegas at least once.
There are a few things that I would recommend for people,
and these may sound obvious, but the first one is be
realistic about how many talks you can actually go to back to back and how much time you're going
to need to catch up with people in between. Not all of these conferences are well scheduled for
taking breaks and actually taking the time to network. And I think if you are trying to cram
in every single talk, especially if you are running between different buildings of the
Moscone Center or whatever campus you're on. It's just not going to work.
I think you also need time to digest in between. Take it in, let it settle sometimes.
I think that's important. You should figure out what works best for you. If you're going to
take notes and then type them up later, if you need to digest with yourself or with your colleagues immediately after each talk.
Know yourself and don't try to bend your strengths and weaknesses
too much around a conference.
You and I often talk about diversity issues,
and I'm curious, for someone heading off,
if maybe this is their first time at one of these big shows,
if I'm a young woman heading to a show, do I need to have my defenses up?
What should I be prepared for? That's a loaded question. I would'm a young woman heading to a show, do I need to have my defenses up? What should I
be prepared for? That's a loaded question. I would say a couple of things. One, I have had mostly
positive experiences of chatting with, you know, I was recently at a conference that had exclusively
female speakers and 50% of those were women of color and 10 to 12% were trans and non-binary.
were women of color and 10 to 12% were trans and non-binary. And that's just one example of this is not that hard to do. And I think saying, you know, it's hard because it's tech or it's
hard because it's security, that just tells me it's not a priority for you. And it should be
a priority because I think all of us walk into any space, a conference or anything else, and
we want to see people who look like us there.
And if we don't, what does that mean? And is it worth our time to stay?
But I think it's important to, when you talk about feedback, you know, there's that old saying
that you get more flies with sugar than vinegar. I think, you know, a positive framing of constructive
criticism, do you think that's the better way to go? I do. I think if you approach
someone in frustration, they're going to get defensive just as any of the rest of us would
if someone came up to us frustrated. But I think there is space for having an open and constructive
dialogue about this and saying, you know, hey, I, you know, I noticed I'd like to help. I'm
curious how you went about. I'm curious what your plans are for next year because there are so many incredible people out there who, whether we're talking about diversity
and race or gender, background, age, career path, experiences, there is so much to tap into in this
community and I think we should be taking advantage of it. All right. Emily Wilson, thanks for joining us. solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions
designed to give you total control, stopping unauthorized applications, securing sensitive
data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see
how a default deny approach can keep your company safe and compliant.
And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com. And for professionals and cybersecurity leaders who want to stay abreast of this
rapidly evolving field, sign up for
CyberWire Pro. It'll save you
time and keep you informed.
Listen for us on your Alexa smart speaker, too.
The CyberWire podcast
is proudly produced in Maryland out of the startup
studios of DataTribe, where they're co-building
the next generation of cybersecurity
teams and technologies.
Our amazing CyberWire team is Elliot Peltzman, Puru Prakash, Stefan Thanks for listening.
We'll see you back here tomorrow. but also practical and adaptable. That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.