CyberWire Daily - Microsoft buys GitHub for $7.5 billion. VPNFilter tries to reconstitute itself. Ransomware and DDoS notes. USA Really seems to be latest in Russian disinformation.
Episode Date: June 4, 2018In today's podcast we hear that Microsoft is buying GitHub for $7.5 billion. VPNFilter seeks to reestablish itself. Financial Trojans are up and ransomware is down, but don't count the ransomware... out, not yet. A get-decrypted-for-free card to Russian ransomware victims. The children of Mirai trouble an unhappy world. USA Really may be the latest incarnation of the Internet Research Agency, complete with rabid Florida squirrels, Wisconsin blood-suckers, and advice on Louisiana's secession. Malek Ben Salem from Accenture Labs on using keyboard biometrics to detect mental disorders. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Microsoft buys GitHub for $7.5 billion.
VPN filter seeks to reestablish itself.
Financial trojans are up and ransomware is down,
but don't count the ransomware out. Not yet. There's a get decrypted for free card to Russian
ransomware victims. The children of Mirai trouble an unhappy world. USA Really may be the latest
incarnation of the internet research agency, complete with rabid Florida squirrels, Wisconsin
bloodsuckers, and advice
on Louisiana's secession.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for
Monday, June 4th, 2018.
We begin with some major industry acquisition news.
Weekend rumors that Microsoft was in talks to buy open-source code repository GitHub were borne out this morning.
Speculation about price ran to around $5 billion.
This morning, Redmond announced that Microsoft had indeed made that acquisition, but not for $5 billion.
but not for $5 billion. Rather, GitHub went for a cool $7.5 billion in stock,
about $2.5 billion more than already overheated rumor had predicted.
Some observers see the move as representing for Microsoft a kind of return to its developers'
roots. Developers in general have shown a mixed reaction, with many predictably responding to the news in a Martians-have-landed-and-the-man-is-out-to-get-you
mood.
Rival platform GitLab saw a considerable immigration of projects on Sunday as rumors of the deal
spread.
Microsoft itself expects a good bit of churn as it integrates this acquisition.
The VPN filter botmasters may be attempting to reconstitute their botnet.
Researchers at security companies Jask and Gray Noise reported late Friday
that the threat actors behind the first round of infestations are working to herd another set of routers.
In an attempt to work around the US FBI's sinkholing of the to-know-all domain,
they are actively scanning microtik routers with Port 2000 exposed online,
and they're looking only for routers in Ukrainian networks.
The focus is unsurprising, given that the threat actor in question is widely believed,
on compelling if circumstantial evidence, to be Fancy Bear, also known as APT-28,
also known as Russia's GRU.
The interest in Ukrainian targets is significant,
but no one in any country should be blasé about the possibility of router infection.
The FBI's advice remains good, and the Bureau regards this episode as a teachable moment.
As Symantec's Vikram Thakur told Dark Reading,
the Bureau is, quote,
trying to get the word out that people should reboot their routers
and set up regular routines for doing firmware upgrades, end quote.
So cycle power on your Soho router and update your firmware.
The seesaw of criminal practice currently seems to be tilting financial Trojans up and ransomware down.
Ransomware is, of course, still significant.
AlienVault notes that the Satan ransomware family
has adopted new approaches to spreading itself, some of them involving the Shadow Brokers' Eternal
Blue exploit. And where are the Shadow Brokers these days? It's been a while since they've been
heard from. In another ransomware development that affords some insight into the complex
relationship between ransomware extortionists
and either national pride or relationships with national security services,
the authors of the SIGRUN ransomware are offering free decryption to Russian users.
They try to avoid infecting Russian users by the rough-and-ready method of detecting a Russian keyboard,
but sometimes things happen.
So what would cost
an American user about $2,500 in Bitcoin or Dash, a Russian user can get for free.
Bleeping Computer consulted the Malwarebyte security researcher who noticed the discount.
He told them that the Sigrun hoods are also willing to help out Ukrainian users.
The Ukrainian Cyrillic keyboard layout is sufficiently different
from the Russian to permit a normal infection rate in Ukraine. Best not to get infected in
the first place, so click with caution and treat email attachments with due suspicion.
And should you wind up infected with Sigrun or any other ransomware variant,
your best assurance of resiliency and ability to recover is regular,
secure backup. NetScout Arbor reports that criminals continue to make extensive use of
evolved forms of Mirai for denial-of-service attack flavors Satori, GenX, OMG, and Wicked.
Satori added remote code injection exploits, GenX relies on external scanning and exploitation tools,
OMG added HTTP and SOX proxies, and Wicked, the latest evolution, has moved from credential scanning to RCE vulnerability scanning.
FireEye says a new site that popped up last month, USA Really, is in fact a Russian information operation run out of
the same building in St. Petersburg that housed the famous internet research agency Troll Farm.
As FireEye's iSight manager of information operations analyst puts it to McClatchy,
quote, we're not saying it is the internet research agency, but there are a number of
indicators that suggest it is. Some of the features are
charmingly bizarre. For example, blood-sucking monsters invade Wisconsin. The denizens of
Milwaukee will recognize this as a reference to what are normally called mosquitoes. Louisiana
ought to secede again, on account of, if it were a country, it would have the 45th largest economy.
Deceit again, on account of, if it were a country, it would have the 45th largest economy.
Rabid squirrels are infesting Florida, possibly in homage to Peter Singer's famous ruminations about the squirrel threat to the power grid, and so on.
But the intent is thought to be malign erosion of such civic trust that Americans may still enjoy, or so we hear.
USA Really popped up on May 17th.
It had a Facebook page until reporters asked Facebook Friday,
hey, how about it, at which point Facebook took them down.
They've still got their Twitter feed, at least the last time we checked.
Their come on is mistrust.
Don't get your news from the mainstream media or their puppets in the political classes.
If you want the skinny on the rabid squirrels, the deep state's not going to come clean with you.
But while the boys and girls on Savushkina Street talk Russian among themselves,
they'll talk straight to you. Or so they say.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents, winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now? Like, right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs,
we rely on point-in-time checks. But get this, more than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation
to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io. And joining me once again is malek ben salem she's the senior r&d manager for security at
accenture and she's also a new america cyber security fellow malek welcome back you have
some interesting research that you wanted to share about using behavioral biometrics
for detecting mental disorders what What's going on here?
Thanks, Dave. So as you know, behavioral biometrics have been proposed as an approach
to authenticate users continuously as they interact with a digital system or a mobile device
to complementing the way we regularly authenticate to those systems using passwords.
We regularly authenticate to those systems using passwords.
It turns out that those same behavioral biometrics can be used for other purposes.
And this is really, really exciting.
It's exciting to see how cybersecurity research can be applicable to other fields and improve people's lives.
One example of a behavioral biometric that can be used for authentication is the way we type,
our typing behavior. Our research has indicated that that typing behavior is unique by person, by user, and it can constitute a digital fingerprint. But because of that uniqueness,
that consistency in typing behavior, some researchers
within the medical field have looked at using that to see if it can detect mental disorders.
You know, the way we type basically becomes a habit. It becomes hardwired into our brains.
Our brains get attacked by a mental disease. That wiring gets affected.
get attacked by a mental disease, that wiring gets affected. So are we talking about a change in the way that we type over time? We're detecting you used to type something one way and now it's
different? It's a change in the way we type. How fast do we type? Which combinations do we use?
How long does it take us to move from one key to another? It's those types of behaviors that are typically consistent for people during the day, during
the week, but if our brains get attacked, they tend to change.
And if you think about it, the way mental disorders get diagnosed today is very expensive. So doctors have to do brain scans, or they may have to run
expensive cognitive tests and time-consuming cognitive tests, or they may have to rely on
their subjective analysis. So offering them a way to monitor typing behavior, monitor an activity that everybody does, you know, almost every time
is mundane activity, can be very useful for early diagnostics. So a company, a startup company
called Neuromatrix, based in San Francisco, is using and harnessing typing cadence to assess a patient's mental health.
At this point, they reported some encouraging results,
but it was based on an internal study about Parkinson's disease
that distinguished patients from healthy people with 99.9% accuracy.
Now, it's interesting.
I mean, I could certainly see the advantages of this
if I were someone where I knew I had trouble with something like depression, and maybe I could have an app
monitoring me to give me some indications that maybe even before I was self-aware of it, that
maybe I was heading into a bad place. I could see the usefulness of that. But on the other hand,
I would imagine this wouldn't be something that I would want installed on my computer at work. I might not necessarily want my boss to know these sorts of things.
Yeah, absolutely.
And actually, the company is offering a consumer app that provides such an evaluation as a feature for consumers to look at how consistent their typing behavior is.
It reports their consistency score, but it also shares the typical score range for a healthy
person. It does not draw any conclusion about their mental health because, you know, the app
might get the company into trouble with government regulators, but at least it gives the consumers a
heads up about, you know, how consistent they are. And, you know, it may indicate some issue that may
let them go or decide to go see a doctor. No, it's an interesting story for sure. And like you said,
an example of some technology used for security that could help people in other ways.
Malek Ben-Salem, as always, thanks for joining us. Thanks, Dave.
Thanks, Dave. worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep
your company safe and compliant.
And that's the Cyber Wire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field,
sign up for CyberWire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technologies. Our amazing CyberWire team is Elliot Peltzman, Puru Prakash, Stefan Vaziri, Kelsey Vaughn,
Tim Nodar, Joe Kerrigan, Carol Terrio,
Ben Yellen, Nick Volecki, Gina Johnson,
Bennett Moe, Chris Russell, John Petrick,
Jennifer Iben, Rick Howard, Peter Kilpie,
and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.