CyberWire Daily - ISIS coordinates online inspiration campaign with terror attacks. APT10 spearphishing. IE zero day. Twitter won't sell Kaspersky ads. UK sentence in Crackas with Attitude case.
Episode Date: April 23, 2018ISIS returns to its grim inspiration. China's APT10 collects against Japan. An Internet Explorer zero-day is reported undergoing exploitation in the wild. Twitter won't sell Kaspersky any more ads, ...but doesn't have any specific explanation for why not. For its part Kaspersky says it's going to donate its Twitter advertising budget to the Electronic Frontier Foundation. Bad but expected news about router security. ZTE's regulatory troubles. Cracka with Attitude will do time. Malek Ben Salem from Accenture Labs on the malicious use of AI. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
ISIS returns to its grim inspiration.
China's APT-10 collects against Japan.
An Internet Explorer zero-day is reported undergoing exploitation
in the wild. Twitter won't sell
Kaspersky any more ads, but doesn't
have any specific explanation for why
not. There's some bad but
expected news about router security,
we cover ZTE's
regulatory troubles, and a
cracker with attitude will do time.
Krekka with Attitude will do time.
From the Cyber Wire studios at DataTribe,
I'm Dave Bittner with your Cyber Wire summary for Monday, April 23, 2018.
ISIS has resumed its online presence.
The terrorist group has claimed credit for a mass murder in Kabul,
where a bombing at a voter registration site killed at least 57, with well over 100 injured.
The Sunni group ISIS in this case made an explicitly sectarian claim.
Its Amak news agency said that the bombing had targeted Shiites, whom Amak characterized as apostates.
ISIS represents a rival to the Taliban for Islamist pride of place in Afghanistan, and bombings and claims of credit can be expected to remain a principal form in
which ISIS will seek to both inspire and recruit. The group also threatened Iraqi polling stations
in upcoming elections. ISIS has been largely expelled from the Iraqi territory it once controlled,
but the group threatened late Sunday
to attack polling places
during next month's parliamentary elections.
Anyone who votes, says the terrorist group,
will by that act have made themselves apostates.
The prominence of Shiite Muslims
in the Iraqi government
is of course another occasion of ISIS enmity
toward that
government. FireEye says that a Chinese threat group, probably APT-10, has been collecting
against Japanese networks in order to obtain intelligence about Japan's policy with respect
to North Korea. The incursions into various networks were generally accomplished, according
to FireEye, by spearfishing.
The fish bait was a lecture on defense delivered by the former head of UNESCO, Koichiro Matsuura.
The nature of the bait is regarded as suggestive of a motive.
China's interest in understanding Japan's point of view and likely actions concerning nuclear tensions on the Korean Peninsula. APT-10 is generally thought to be specially charged
with developing the intelligence on regional security issues.
Chinese security firm Qihu360 reports finding a Microsoft Internet Explorer Zero Day
being exploited in the wild.
They're calling it Double Kill, and it's transmitted by infected office documents.
Users are advised to avoid opening documents forwarded from unknown or otherwise suspect sources until a patch is in place.
Kihu 360 seems to be strictly following sound disclosure practices, so technical details are sparse, but Redmond appears to have them.
Twitter has banned Kaspersky from purchasing advertising on the social media platform.
Their rationale is essentially Kaspersky's perceived ties to Russian security services.
As Twitter explained, pointing in the general direction of the U.S. Department of Homeland Security's
ejection of Kaspersky products from government systems,
their, quote,
decision is based on our determination that
Kaspersky Lab operates using a business model that inherently conflicts with acceptable Twitter ads
business practices, end quote. Ads or no ads, Kaspersky isn't taking the ban lying down.
Eugene Kaspersky has sent an open letter to Twitter's CEO Jack Dorsey in which he tweaked
the social media platform
for what he took to be the incomprehensibility of the ban.
Referring to Twitter's statement
that Kaspersky's business model inherently conflicts
with Twitter's notion of acceptable business practice,
Kaspersky wrote,
Huh? I read this formulation again and again
but still couldn't for the life of me understand how it might relate to us.
One thing I can say for sure is this. He goes on, in the nicest way possible, to accuse Twitter of hypocrisy with respect to its declared commitment of freedom of expression.
In a subsequent tweet, not of course a paid Twitter ad, just a tweet,
he clarified that, quote,
No matter how the situation develops, we won't be doing any more advertising on Twitter this year.
The whole of the planned Twitter advertising budget for 2018
will instead be donated to the Electronic Frontier Foundation.
They do a lot to fight censorship online.
Kaspersky Labs spent roughly $93,000 on Twitter ads last year.
Twitter hasn't had much to say in response or clarification.
No posts on their blog, for example, address the ban.
A spokesperson repeated the inherent conflict with acceptable Twitter ads business practices
lying to Cyberscoop, and then pointed Cyberscoop toward the September 2017 Department of Homeland
Security directive telling federal agencies to remove Kaspersky software from their systems.
That directive expressed concern that Kaspersky was too close to the Russian government, and
that, besides, Russian law compels Russian companies to provide assistance to security
agencies.
Gizmodo received a similar reply.
Eugene Kaspersky has a tweet on that, too, out yesterday.
Quote,
Fun fact.
Twitter justified the ad ban against KL with DHS decree,
which is based on questionable media reports,
which are based on anonymous sources, speculations, and false allegations.
Censorship in action? End quote.
With concern running high about Russian ability to exploit vulnerabilities
in unpatched Cisco routers,
results of a survey by Broadband Genie are discouraging but unsurprising.
Most people, survey says, don't update firmware, don't change their router's default credentials,
and are unfamiliar with ways of securing their devices.
ZTE remains unhappy, to say the least, about a U.S. Commerce Department ban on selling ZTE parts or software.
The company said at the end of last week that the move threatened its very survival.
And finally, the British mastermind, so to speak, of the crackers with attitude,
has received two years in a British juvenile facility for his role in hacking various U.S. officials.
Teenaged boy Cain Gamble will be 20 when he gets out.
His slightly older Carolina colleagues, Justin Liverman and Otto Boggs,
are presently on sabbatical in Club Bed.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology. Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs,
we rely on point-in-time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation
to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now a message from Black Cloak.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And joining me once again is malek ben salem she's the r&d manager for security at accenture labs she's also a new america cyber security fellow malek welcome back um obviously artificial
intelligence we speak a lot about here on the cyber wire and but it's not all good news you
wanted to point out there's the potential for malicious use of AI.
Exactly.
We talk a lot about artificial intelligence and in particular about its use for security, right?
Whether it's for the early detection of cyber attacks. We've been using that in intrusion detection systems for a while.
We are currently more and more using it to assist SOC analysts in incident response.
Obviously, in security analytics, there is more use of machine learning also to authenticate users based on their behavior using behavioral biometrics.
There's a wide range of applications for artificial intelligence for security.
But we don't talk a lot about how malicious actors could misuse AI technology
and the potential ways we can mitigate those threats. There are a number of challenges that
AI can pose for security. And the first one is that it lowers the cost of conducting many existing attacks.
The fact that the attack can become scalable by the use of AI systems automatically means that it can expand the set of actors that can carry out that attack.
It can increase the rate at which the attack can be carried out.
And it can increase the number of potential targets.
Let me give an example.
You know, think about the automation of social engineering attacks. A victim's online information
can be used to automatically generate custom malicious websites or links that are sent to them
that they're likely to click on. It can be sent from addresses that impersonate their own context,
using even a writing style that mimics the writing style of those contexts.
So that increases basically the likelihood that person will become a victim of that attack,
and it increased the veracity of the social engineering attack.
When we've talked about AI and the potential for bad actors to use it, it's often come up that the expense would keep them from adopting it.
Are we heading towards a time when that's no longer the case?
I think so. I think there are more and more libraries that are available, machine learning libraries that are readily available to leverage by attackers as they are
readily available for AI researchers. As we as cyber defenders increase our capabilities,
obviously malicious actors are also increasing their own capabilities. The second challenge that
AI technology poses to security is the fact that it creates new threats and vulnerabilities.
Obviously, AI technology is software, so it has its own software vulnerabilities,
but also it has another type of vulnerability related to data. There are attacks that can be
performed against AI and in particular machine learning based technologies. Things such as poisoning attacks where the malicious actor can introduce training data
that causes the machine learning system to make mistakes.
That's one type of attack.
There are other attacks by giving an input or adversarial input that is designed to be misclassified by the machine learning system.
So I mentioned earlier the behavioral biometric approach for authentication.
Let's say we're using keystrokes to profile the user's behavior and use that as a way to authenticate that user.
The malicious actor can mimic the typing behavior of that user in order to authenticate that user, the malicious actor can mimic the typing behavior
of that user in order to impersonate that person. So that would be another way of exploiting
a machine learning based system. So basically, these are new classes of vulnerabilities.
It's not the buffer overflow. It's not the SQL injection attack that we're used to against regular software, regular scripts.
This is an entirely new class of attacks that is data-driven
and that companies have to account for when they're evaluating AI technology for their own defenses.
All right. The game of cat and mouse continues.
Malek Beddensalalam, thanks for joining us.
Thanks, Dave. Always a pleasure.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and securely. Visit ThreatLocker.com today to see how a default deny approach can keep your
company safe and compliant. And that's the Cyber Wire. For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
The Cyber Wire podcast is proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation
of cybersecurity teams and technologies.
Our amazing CyberWire team is Elliot Peltzman,
Puru Prakash, Stefan Vaziri, Kelsey Vaughn,
Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen,
Nick Volecki, Gina Johnson, Bennett Moe, Chris Russell,
John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie,
and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.