CyberWire Daily - Lazarus Group is back. Dun & Bradstreet loses data; so does ABTA. Patriotic cyber rioting or state influence operations. US indicts four in the Yahoo! breach.
Episode Date: March 16, 2017In today's podcast we hear about the return of the the Lazarus Group (or maybe it never really left). A Dun & Bradstreet database is compromised—more than thirty-three million are said to be affecte...d. British travel association ABTA suffers a breach. Notes on identity theft. Netherlands voter information sites hit with DDoS—Turkish hacktivists (or government operators) suspected. The University of Maryland's Center for Health and Homeland Security's Markus Rauschecker describes the increasingly important role of cyber lawyers in M&A activity. Digital Guardian's Tim Bandos has methods for protecting against state sponsored actors and hacktivists. The US indicts four in the Yahoo! breach—two of them have FSB connections. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
The Lazarus Group is back, or maybe it never really left.
A Dun & Bradstreet database is compromised.
More than 33 million are said to be affected.
British travel association ABTA suffers a breach.
Notes on identity theft. Netherlands voter information sites hit with DDoS.
Turkish hacktivists or government operators are suspected.
And the U.S. indicts four in the Yahoo breach. Two of them have FSB connections.
have FSB connections.
I'm Dave Bittner in Baltimore with your CyberWire summary for Thursday, March 16, 2017.
The Lazarus Group is back, the North Korean hacking syndicate implicated in earlier instances of both fraud, as in the Bangladesh bank SwiftCaper, and data theft, as in the Sony hack.
Symantec has fingered the Lazarus Group for a wave of bank fraud in 31 countries.
The Lazarus Group is widely believed to be a criminal operation run by and on behalf of the
Kim regime in North Korea. The affected banks in the latest Lazarus Group campaign were concentrated
in Poland, with the U.S., Mexico, Brazil, and Chile being home to other heavily targeted institutions.
Pyongyang is facing an economic pinch that's squeezing even a society as austere
and devoid of ordinary markets as the Democratic People's Republic of Korea.
When China embargoed North Korean coal imports in response to that country's missile tests last month,
observers predicted a surge of cybercrime to make good the loss of North Korea's single biggest source of funds.
Pyongyang has denied any involvement with the Lazarus Group's activities,
citing reports to the contrary as foreign provocations orchestrated from Seoul, Washington, and other parts of the civilized world.
orchestrated from Seoul, Washington, and other parts of the civilized world.
Dun & Bradstreet sustained a data breach that exposed contact information for some 33.7 million persons employed by companies and U.S. government agencies.
D&B acquired the database when it bought Net Prospects in 2015,
which should arouse some interest in cyber risk assessment during M&A due diligence.
which should arouse some interest in cyber risk assessment during M&A due diligence.
Who illicitly obtained the data, how did they get it,
and for what end remains matters of investigation.
There's been another, smaller but still significant breach at ABTA,
Britain's largest travel trade organization.
ABTA disclosed that some 43,000 individuals may have been affected in an attack that came through a web server maintained for ABTA by a third-party vendor.
Breaches of this magnitude always rightly arouse concerns about identity fraud.
New data security's Lisa Bergen noted to us the role criminal aggregators now play
in facilitating identity theft.
They cross-reference and assemble surprisingly complete identities,
which they sell on the black market.
Such comprehensive identities are called FULs in the criminal markets, that's F-U-L-Z for those who may not speak leet fluently.
And FULs enable criminals to do an awful lot in the name of their victims, including accessing victims' legitimate consumer and social media accounts.
Younger people seem most targeted, lots of under 30s,
and even more disturbingly, lots of under 21s.
New data shared some advice on how to reduce your risk of identity theft in social media.
First, be selective and careful about who receives your status updates.
Second, do some profile maintenance. Clean up your posts.
Third, use the highest, most restrictive security settings
available. Fourth, don't share personal information without necessity. Birthdays, addresses, phone
numbers shouldn't be posted everywhere. Fifth, don't use obvious personal information for security
questions and don't expose the answers to security questions online. Your high school, your
grandmother's name, your pets, all of these show up too often
in authentication questions. Finally, watch for changes to your credit score and odd charges on
your bank and credit card statements. And if you're a victim, by all means report it to police,
banks, and others who can help you. Tensions between Turkey and EU members Germany and the
Netherlands appear to have been manifested online. most recently in a distributed denial of service attack two Dutch voter information sites suffered
yesterday.
Many, perhaps most observers, see this as Turkish government-inspired and possibly Turkish
government-directed.
It demonstrates again the difficulty of distinguishing state action from patriotic cyber rioting,
and also how low the barriers of entry to
political influence operations have fallen.
There's been an evolution of attacks from state-sponsored actors and hacktivists, and
organizations are investing in a variety of technologies to help protect themselves.
Tim Bandos is director of cybersecurity for Digital Guardian.
From a state-sponsored perspective, basically these are groups of individuals or organizations For Digital Guardian. cause associated with breaking into an organization. One of the last companies that I worked for, one thing that we specifically worked on was, you know, genetically modifying, you know,
GMO type technology. And that was heavily against a particular threat group. So they would commonly
target us and attempt to break into our organization or cause some sort of denial of service.
So take me through what are those types of attacks from those groups typically look like?
From a state sponsor perspective, you know, one thing that we would see is commonly,
you know, targeting phishing emails, spear phishing attacks,
but we also saw that evolution, right? They were leveraging third-party networks as an entrance
vector, right? So they would target that organization and come in laterally, or they
would leverage some sort of proof of concept technology that we just stood up out of nowhere,
and they were even aware of that. So now you run into this, is there a potential insider also
feeding, you know, outsider, you know, that type of information? Even with all the advancements in technology,
it still comes back time and time again to the human factor. And, you know, you talk about
insider threats. You know, what's your take on the best ways to protect against that?
Yeah, so from an insider threat perspective, it's one having visibility into, you know,
your data movement, where your classified files are, you know, understanding contextually your environment. And then when
you see those things triggering within a solution like a data loss prevention, you know, type
technology, you can respond a lot quicker, right? And you're aware of that, you know, from that
perspective. One thing that we saw a lot of times where when individuals actually leave a company,
you know, they'll do a massive download to a USB device and then take that technology over to the new company.
Technology like DLP can actually prevent that type of activity from occurring or at least detect it and notify the analysts.
But you're also hearing about technologies such as EDR, Gartner termed the endpoint detection and response capabilities or technology.
That's a huge push, and I think everyone's, you know, kind of moving towards that now, you know, gone are
the days of just primarily relying upon antivirus or firewalls.
They really want to have visibility into what's actually happening on the endpoints because
we're at this point now where we just assume that a breach is going to happen or it can
occur.
So, you know, notifying or, you know, identifying that activity when it, you know, occurs is,
you know, I, success, right?
And then you can kind of remediate and neutralize the second that something happens.
That's Tim Bandos from Digital Guardian.
The U.S. Justice Department has indicted four men in connection with the Yahoo breaches.
Three are in Russia, Dmitry Alexandrovich Dokuchayev, Igor Anatolevich Shushkin,
and Alexei Alisaevich Bailon, the fourth in Canada,
Karim Baratov. Baratov and Bailon are described as criminal hackers, but Dokochaev and Shushkin
are said to be FSB officers. Major Dokochaev is in trouble with both the U.S. and Russia.
He appears to be one of the FSB officers currently facing charges for treasonously
providing information to Americans. Dokuchayov worked in the FSB's Center 18, responsible for
liaison with the U.S. FBI in matters touching cyber law enforcement. Police in Montreal have
Baratov in custody, and he will probably wind up before a U.S. court. The others are being named and shamed.
It appears that the FSB used criminals as, in effect, contractors.
Bailon and Baratov had apparently been turned by the FSB,
which used them to help it gain access to Yahoo data.
The FSB was presumably interested in sweeping up the sort of personal information
that might prove useful in intelligence work,
compromising potential agents, that sort of thing. Bailon and Baratov were profiting on the side in the customary criminal market channels. American authorities have asked Canadian police
to seize Baratov's snazzy cars. They assert that the rides should be forfeited as fruits of his
criminal activity. So expect to see a swell BMW turn up at a U.S. Marshalls auction near you.
One owner, low mileage.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now?
We know that real-time visibility is critical for security,
but when it comes to our GRC programs,
we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security
questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta
when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal
turn as she discovers the best yet fiercest part of herself. Based on the acclaimed novel,
Night Bitch is a thought-provoking and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
Cyber threats are evolving every second and staying ahead is more than just a challenge, Thank you. you total control, stopping unauthorized applications, securing sensitive data, and ensuring your
organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company
safe and compliant.
And I'm pleased to be joined once again by Marcus Roshecker.
He's the Cybersecurity Program Manager at the University of Maryland Center for Health and Homeland Security.
Marcus saw an article come by on the Bloomberg Law blog, a big law business,
and it was talking about how cyber lawyers are likely to be playing a bigger part in mergers and acquisitions.
Yeah, I think that is true. Lawyers are certainly playing a larger and larger role in the
cybersecurity field in general. But when we're talking about mergers and acquisition deals,
specifically, I think lawyers are going to be playing a larger role because they need to look
at and examine any potential problems that might arise for the company that is acquiring another company
in terms of cybersecurity problems. There's, of course, the potential that the company that's
being acquired has suffered a breach and doesn't even know about it yet. So once the acquisition
goes through, the company that has acquired the other company could potentially
take on all of the issues associated with that data breach. And that could mean huge costs later
on down the road. So there needs to be some analysis of these potential issues. And I think
lawyers are the ones to really help out in that regard. Yeah, and certainly the deal going through with Verizon and Yahoo has
brought this issue to the fore. Oh, absolutely, yeah. So these breaches were all revealed after
the merger and acquisition negotiations had commenced already with Verizon. And so now
Verizon, of course, is thinking about its dealings with Yahoo. And a lot of people were asking, well,
does this mean now that we know about these data breaches that Verizon will pull out of
the negotiations? But it doesn't look like that's going to be the case. Apparently,
the acquisition price has dropped a little bit, about $250 million. But that's not all that much when we're talking about an almost $5 billion
deal. Yeah, you know, and I think this speaks to a trend that we've heard about certainly in the
last year or so, which is that these cyber issues are gaining more and more attention in the boardroom.
Oh, absolutely. Yeah. I mean, I always say cybersecurity is not
only for the technologists anymore. Lawyers and executives are playing a much larger role
when it comes to cybersecurity. The boardroom needs to be fully aware of all the cybersecurity
issues that a company could be facing. And that means that lawyers need to be involved as well to provide the legal advice
when it comes to cybersecurity issues. So it needs to be a consideration at every level of a
company, including from the boardroom all the way down to the tech and everyone else involved in
the company as well. All right, Marcus Roshecker, thanks for joining us. Thanks very much.
well. All right, Marcus Roshecker, thanks for joining us. Thanks very much.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home? Black Cloak's award
winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland
by our talented team of editors and producers.
I'm Dave Bittner.
Thanks for listening. and adaptable. That's where Domo's AI and data products platform comes in. With Domo,
you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents
connect, prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role. Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.