CyberWire Daily - Malware infections down during World Cup matches. UK-Russia tensions. Australian National University hacked. Data breach notes. Calls for cooperation. Tell it to the Marines.
Episode Date: July 9, 2018In today's podcast, we hear that if your nation's team was playing a World Cup match, you probably weren't visiting dodgy websites. Concerns mount in the UK that Russia may be readying a long-expected... attack on British infrastructure and holding it until the Cup is decided. The Australian National University is hacked in an apparent espionage attempt. Data breaches at Timehop, DomainFactory, and Macy's. Russia calls for international cooperation. The Marines say it wasn't them on that dating app. Malek Ben Salem from Accenture Labs with tips on GDPR compliance. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
If your nation's team was playing a World Cup match,
you probably weren't visiting dodgy websites.
Concerns mount in the UK that Russia may be readying a long-expected attack on British infrastructure
and holding it until the cup is decided.
The Australian National University is hacked in an apparent espionage attempt.
Data breaches at TimeHop, Domain Factory and Macy's.
Russia calls for international cooperation.
And the Marines say it wasn't them on that dating app.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Monday,
July 9th, 2018. Enigma Software has found that malware infections are off about 20% in countries on the days in which their teams are playing in the World Cup.
The biggest game-day drop in malware infection was observed in Uruguay,
which saw a fall-off of slightly more than 41%.
Other drop-offs in this particular leaderboard were Croatia, down 29%,
Mexico, 23%,
Sweden, narrowly nosing out Belgium, with both countries just shy of 22%.
France, ahead of Colombia, both just above 19%.
Switzerland and Spain coming in slightly over 18%.
Germany and Brazil just below 18%.
And England at 17%.
There's been one exception to the trend.
Russia.
The country's hosting the games is the outlier,
with infection rates actually rising almost 6% on match days.
These are, we stress, game day drops,
presumably due to people going offline to watch the matches,
probably in pubs, sports bars, the dens of friends, and so on.
The World Cup continues to provide plenty of fish bait for malicious links, attachments, and so on.
Enigma has tracked rising and falling infection rates against significant outside events for some time,
and their findings are interesting.
Rates, for example, tend to spike during holiday shopping seasons,
think Black Friday and Cyber Monday,
and they tend to drop during penitential religious seasons like Lent,
where observant users of the Internet are less likely to go online.
There is some concern in the UK that a long-expected Russian cyber campaign
directed against British infrastructure is only on hold during the World Cup
and that it will be executed once the Games are over.
Tensions between the two countries rose over the weekend
as the first known death in the Salisbury nerve agent attacks occurred.
Don Sturgis, a bystander who was probably an accidental victim
and not a target of the attack at all.
The UK has opened a murder investigation.
Denial of involvement in the sad affair will continue to figure
in Russian official and deniable propaganda.
The Australian National University reported sustaining an attack on its networks last week.
The Sydney Morning Herald says that Australian federal officials have confirmed
both that the university's network was compromised and that the attack was mounted from China.
The goal would appear to be espionage,
but the story is still developing. TimeHop, which resurfaces posts from social media accounts,
disclosed Saturday that it had sustained a breach that compromised personal data of 21 million
users. Roughly a fifth of those users had associated a phone number with their account.
The attackers appear to have
accessed TimeHop's cloud environment through an admin account, not protected by multi-factor
authentication. TimeHop has deactivated all authorization tokens provided by other social
networking sites, and users who wish to continue to use the service will have to re-authenticate
each social media account to the TimeHop app.
Many observers in the security industry have been pointing to the incident as a cautionary tale on two counts.
First, what an attacker can do if they get privileged credentials,
and second, the importance of using multi-factor authentication.
Domain Factory, a large web hosting firm based in Germany,
disclosed at the end of last week that it had sustained a data breach.
Heise Online reported Saturday that an attacker,
who seems to have been interested in getting some sort of unspecified help collecting money,
he says an unnamed individual, not Domain Factor, owes him.
The data exposed are consequential.
They include customer names, physical and mailing addresses,
telephone numbers, passwords, bank account information, and Shufa credit scores.
The hacker began talking about his activities on a domain factory support forum,
where he was initially regarded as nothing more than a pest,
interested in drawing attention to himself.
Unfortunately, he turned out to have the goods.
To prove that he'd accessed the hosting company's data,
he posted samples online.
Investigation and recovery are in progress.
Macy's e-commerce platform has also sustained a data breach.
The Detroit Free Press has reported that the retailer is warning customers
that it detected suspicious login
activity on June 11, and that after investigating, the department store concluded that an unauthorized
third party had since late April been using valid usernames and passwords to access customers'
accounts.
Macy's is blocking the accounts it's determined to have been affected until customers can
securely re-establish them.
it's determined to have been affected until customers can securely re-establish them.
As expected and scheduled, the Reserve Bank of India will no longer provide services to cryptocurrency exchanges. This will have the effect of forcing cryptocurrency transactions
into cash channels. Russia's President Putin called Friday for closer international cooperation
on cybersecurity. Addressing a cyber conference in Moscow, Mr. Putin said, Russia's President Putin called Friday for closer international cooperation on cyber security.
Addressing a cyber conference in Moscow, Mr. Putin said,
quote, cyber threats have reached such a scale that they could only be neutralized by combined efforts of the entire international community.
We have repeatedly seen that some nations' egoism,
their attempts to act squarely to their own advantages hurt the global information stability.
Mr. Putin demurely left the egotistical nations unspecified.
And finally, the U.S. Marine Corps has looked into claims that some of its recruiters were using dating apps to find prospective Marines.
And the Marine Corps says no, it wasn't them.
And the Marine Corps says, no, it wasn't them.
So beware, you lonely ones,
that winsome gunnery sergeant you just met online may not be what they claim to be.
Calling all sellers.
Salesforce is hiring account executives
to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents,
winning with purpose,
and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies, like Atlassian and Quora,
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to
vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off. And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365,
with Black Cloak. Learn more at blackcloak.io.
And I'm pleased to be joined once again by Malek Ben-Salem. She's the Senior R&D Manager for
Security at Accenture Labs, and she's also a New America Cybersecurity Fellow. Malek, welcome back. You have some
insights to share when it comes to GDPR, which of course is a hot topic these days, but you all
recently published some information to help people navigate what they have to deal with since it went
into effect. Yeah, absolutely. So we just published a point of
view on building explainable security programs and our GDPR. We know that most people or most
companies are getting ahead with their GDPR compliance, but the new standard now for
intelligent enterprises will be to create and maintain transparent and explainable security programs globally,
and to proactively share them with their customers, employees, and business partners.
But building a data collection program that is explainable is easier said than done.
So what we listed out for CISOs and security executives is certain steps that
they should consider to build such programs. Number one is updating their security operation
processes. Building the data collection program that's explainable will require creating new data
governance processes and, most importantly, approaching algorithms differently.
We know that a lot of, let's say, data erasure requests may involve the use of automated
processes, sometimes machine learning algorithms.
Under the GDPR requirement, these have to be explainable.
Under the GDPR requirement, these have to be explainable.
So what CISO should consider is create or add a human into the loop within those processes, or at least make sure that the process generates a paper trail that explains the conclusion of the algorithm that's being run.
The second step we recommend is strengthening consent management frameworks.
With each new data item that a company collects, again, under the GDPR requirement,
they need to get consent from the owner of that data.
So what that means is that they'll have to create a repeatable automated process
for obtaining this consent. But what's more critical or a better long-term strategy may be
for the chief data protection officer, in conjunction with the CISO, to regularly refresh
the company's consent management framework, both inside and outside the enterprise.
consent management framework, both inside and outside the enterprise.
The third step we recommend is federating and automating erasure processes. We know that companies under GDPR now are liable for data breaches for third companies that they share
data with. And by the same token, they're required to honor erasure requests. These are the right to erasure or the right to be forgotten types of requests.
They have to honor those requests for data that they have shared with third parties.
So they need to have a process for that.
A CISO would need agile tools to mine the data quickly, to redact it or remove it entirely,
would need agile tools to mine the data quickly, to redact it or remove it entirely,
and should consider installing security mechanisms such as rate limiting,
because if they have a process that would honor those data erasure requests automatically,
that process would have extremely high privileges and access to data that is extremely valuable for the company so it needs to be monitored very well and secured before it purges large
amounts of data and so we recommend at least until installing security
mechanisms such as rate limiting for that process and And then finally, as the fourth recommendation, we recommend to CISOs that they
revisit digital trust across their entire ecosystem and third-party platforms. Finally,
we recommend that CISOs look at the entire cost of ownership under GDPR. We know that GDPR exempts specific types of encrypted data sets
from the 72-hour reporting requirement for breaches.
So CISOs may be tempted to encrypt more data.
That comes at the expense of building an explainable security program
when the data is encrypted.
So they need to consider the total cost of ownership and the benefits that come or the reduction of liability that comes with
encrypting data versus the longer term benefit of building an explainable program that will build
the resilience and trust they need to keep growing.
All right. Well, it's good advice as always. If people want to find out more,
what is the name of the report? How can they find it?
It's the Accenture Security Technology Vision for 2018.
All right. Well, as always, Malek Ben-Salem, thanks for joining us.
Thank you, Dave. Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions
designed to give you total control, stopping unauthorized applications, securing sensitive
data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see
how a default deny approach can keep your company safe and compliant.
And that's the CyberWire. For links to all of today's stories, check out our daily briefing at thecyberwire.com. And for professionals and cybersecurity leaders who want to stay abreast
of this rapidly evolving field,
sign up for CyberWire Pro.
It'll save you time
and keep you informed.
Listen for us
on your Alexa smart speaker, too.
The CyberWire podcast
is proudly produced in Maryland
out of the startup studios
of DataTribe,
where they're co-building
the next generation
of cybersecurity teams
and technologies.
Our amazing CyberWire team
is Elliot Peltzman,
Puru Prakash, Stefan Vaziri, Kelsey Vaughn,
Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen,
Nick Volecki, Gina Johnson, Bennett Moe, Chris Russell,
John Petrick, Jennifer Iben, Rick Howard, Peter Kilby,
and I'm Dave Bittner. Thanks for listening.
We'll see you back here tomorrow. practical and adaptable. That's where Domo's AI and data products platform comes in. With Domo,
you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents
connect, prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.