CyberWire Daily - More data theft by ransomware. Patch Tuesday notes. Espionage and possible data corruption against COVID-19 researchers. Be a role model for your AI.
Episode Date: May 13, 2020Ransomware continues to steal personal information. Notes on Patch Tuesday--and please, by all means patch. The FBI says it’s investigating cyberespionage directed against COVID-19 researchers (and ...US officials see direct data corruption in espionage). And the AI doesn’t really know what to make of us any more. Joe Carrigan from JHU ISI on Twitter’s response to 5G related Coronavirus conspiracy theories, our guest is Chris Cochran from Netflix on the importance of personal health and safety. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/newsletters/daily-briefing/9/93 Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Ransomware continues to steal personal information.
Notes on Patch Tuesday, and please, by all means, patch.
The FBI says it's investigating cyber espionage directed against COVID-19 researchers,
and U.S. officials see direct data corruption in espionage.
Joe Kerrigan with Twitter's response to 5G-related coronavirus conspiracy theories.
Our guest is Chris Cochran from Netflix on the importance of personal health and safety.
And the AI doesn't really know what to make of us
anymore. From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for
Wednesday, May 13th, 2020. Ransomware continues to steal data. Bleeping Computer reports that Magellan Health, a large U.S. managed care and insurance provider,
discovered on April 11th that it had been the victim of a ransomware attack.
The incident compromised personal data, including names, addresses, employee ID numbers,
and various details from U.S. W-2 or 1099 tax forms.
A letter to affected stakeholders said that no fraud had so far
been detected, but of course the incident remains under investigation. Magellan said
that the ransomware arrived in a phishing email that misrepresented itself as coming from a
customer. And speaking of ransomware, yesterday, May 12th, was marked by many as the third
anniversary of WannaCry's peak,
and Interpol declared it Anti-Ransomware Day.
InfoSecurity Magazine quotes the head of Interpol's Cybercrime Directorate as saying the agency wants to remind everyone to keep good cyber hygiene and to wash your cyber hands.
Yesterday was also Patch Tuesday.
Adobe took care of 36 bugs, and Microsoft addressed 111 issues.
There's a view in circulation that you should take a wait-and-see approach to applying patches,
and that in particular you ought to turn off automatic Windows updates.
Hang on, one columnist wrote, and wait to see what happens with other people.
While in principle this might make sense under some circumstances for
an enterprise that must test patches to ensure the fixes won't affect their system's availability,
and even granted that some patches come with problems, it's hard to see why individual users
should do the same. One security expert tweeted that the advice amounted to digital anti-vax
clickbait. Go ahead and patch.
But if you must be selective in your patching,
take a look at CISA's list of the 10 most exploited vulnerabilities,
and start with those.
A joint warning issued by the U.S. Federal Bureau of Investigation
and the Cybersecurity and Infrastructure Security Agency,
that's the FBI and CISA, respectively,
says the Bureau is actively's the FBI and CISA, respectively, says the Bureau is actively
investigating the targeting and compromise of U.S. organizations conducting COVID-19-related
research by PRC-affiliated cyber actors and non-traditional collectors. The PRC is, of course,
the People's Republic of China, and non-traditional collectors has, in earlier U.S. government
advisories, referred to students and researchers already in place at institutions
who are being activated to collect.
Think of non-traditional collectors as, for the most part,
forming a specific kind of internal threat.
So the espionage has allegedly moved beyond the password-spraying attack
CISA and its UK counterparts in the
National Cybersecurity Center warned against last week. Chris Cochran is threat intelligence
and operations lead at Netflix, and also co-host of the popular Hacker Valley Studio podcast.
He joins us with insights on the importance of personal health and safety,
especially in these uncertain times. I'm a service-centric
person, so I support everyone else's functions and their missions across the company. And so
any information from a threat perspective that I can supply to them is what my role is. In my
opinion, we're doing a service for the world because a lot of people are stuck inside. They
are, you know, hearing things on the news that might not be as uplifting as it usually is. And
so being able to have something to escape into is, I think, really important in this time. So,
you know, my family, we sit down and we watch Netflix just like everyone else. And it's really
and we watch Netflix just like everyone else.
And it's really a good family bonding time to kind of just dive into that world for a bit
and get away from everything else that's going on.
You are also the host of the Hacker Valley Studio podcast.
Tell me about that.
Yeah, the Hacker Valley Studio podcast.
That's my passion project.
It's literally what I go to bed thinking about and wake up thinking about.
We really focus on the human element of cybersecurity.
So the personas, the stories behind different products and teams.
And it's been amazing.
We started last year, and we actually just hit our one-year mark here in April.
year. And we actually just hit our one year mark here in April. And we've had some amazing guests on and it just seems to be crawling in its own legs. And I couldn't be happier with it.
So you say you focus on the human side. What sort of stories are you setting out to tell there?
Yeah, so the way we kind of look at our podcast is we look at it 70% sort of personal growth, self-help, and 30% cybersecurity.
Because it's in my opinion that as cybersecurity professionals, we are truly mental athletes
with no off time. There's no off season for us. And so we want to supply our professionals,
the people that are in our community, with knowledge to make themselves better, better in their lives, better in their careers. So all the things that you can think of
from leadership ability to, you know, nutrition and fitness to, you know, training, things like
that, that's the stuff that we sort of focus on. Now, I think a lot of us find ourselves in the situation we're in these days with the coronavirus and working from home and being separated from our colleagues and even our loved ones.
That takes an emotional toll on us.
Do you have any tips, any advice for folks to how to kind of keep their chins up and keep motivated to
given these challenging times? Yeah, I would say reach out to people, definitely
stay in communication as you can, whether it's through, you know, people that are in your house
or virtually, there are tons of events that are going on online all the time. So find something
where you can interact with other human beings, because I feel like, you know, now all the time. So find something where you can interact with other human beings,
because I feel like, you know, now is the time that we can actually build some bonds,
even though we're all separated in this current time. So definitely reach out to people,
talk to people, and just build memories. You know, hopefully this doesn't last much longer,
but if it does, you know, at least you'll still have people that you can rely on.
longer. But if it does, you know, at least you'll still have people that you can rely on.
That's Chris Cochran from Netflix. If you have not yet checked out the Hacker Valley Studio podcast,
what are you waiting for? It's a good one. Check it out.
The Wall Street Journal writes in an exclusive that Iran, as well as China, is engaged in spying on organizations conducting COVID-19-related research.
These efforts have been in progress since January 3rd, at least,
and the damage they may have done could extend to more than simple theft of intellectual property.
There appears to be a serious possibility of data corruption in the course of the incursions.
Such corruption may have been accidental.
It may have been incidental to the attacker's attempts to cover their tracks, like a house burglar who by cleaning his own fingerprints causes inadvertent damage to
the home, or it may have been intentional. The Journal quotes a U.S. senior official as saying,
it is difficult and sometimes impossible to know what motivates such malfeasance,
but any such activity carries with it the risk of triggering accidental
disruptive effects.
End quote.
CNBC notes that research organizations inevitably expand their attack surface as more of their
people work from home, and that both personal and institutional networks are likely to become
targets of cyber espionage.
CNBC does mention the honor among thieves point of view, that early in the pandemic
took seriously various criminals and state-sponsored threat actors avowals of their intention
to leave medical, emergency, and research organizations alone, presumably for the common
good. But at this point, it should be safe to say that all that stuff was so much argle-bargle and
pixie dust to misdirect the rubes. Attacks
on these kinds of organizations have, if anything, risen. And finally, the AI really doesn't know
what to make of you nowadays. You're breaking its artificial heart. It's like you don't talk
anymore, and that we hear, because there's not much to do beyond watching your advice shows on
daytime TV, is bad for any relationship.
Here's a consequence of the pandemic emergency it's been easy to overlook.
MIT Technology Review says that artificial intelligence trained on actual human behavior
has been suddenly baffled by all of your toilet paper hoarding,
your strange hours, your seclusion in your basement, attic, bedroom,
or other functional
garret. It really doesn't know what to make of a population where what was once outlier behavior
is now mainstream, when the new normal is so, so abnormal, at least from the machine's point of
view. This has been particularly evident in applications of AI to retail problems.
What to expect people to buy, how likely they are to close a purchase,
how consumption patterns inform inventory, and so on. A lot more human intervention is required,
but many businesses who've deployed AI lack the human resources to supervise the machines.
Technology Review finds the upside in all of this. Quote, if we are looking for a silver lining,
then now is a time to take
stock of those newly exposed systems and ask how they might be designed better, made more resilient.
If machines are to be trusted, we need to watch over them. End quote. Raise them up right. You
don't want your AI to grow up sniping butts and throwing rocks at cars. And hey, as good old Dr. Phil says,
we teach people how to treat us.
That's as true of the scarecrow and the tin man
as it ever was for Dorothy.
They weren't AI, were they?
No.
Maybe the tin man was.
Calling all sellers. Salesforce is hiring account executives Thank you. and showing the world what AI was meant to be. Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI. Now that's a new way
to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash
cyber for $1,000 off. And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
And joining me once again is Joe Kerrigan.
He's from the Johns Hopkins University Information Security Institute,
also my co-host on the Hacking Humans podcast.
Joe, great to have you back.
Hi, Dave.
Interesting article from The Telegraph,
and I know I'm probably going to set you off here.
It's titled,
Twitter Steps Up Its Fight Back Against 5G Coronavirus
Conspiracy Theories. Now, Joe, I love a good conspiracy theory as much as the next guy.
Can you unpack what's going on here? I will say this, Dave. I also love conspiracy theories as
well. I'm a big fan of them. So long as they're harmless, right? Like people being flat earthers. OK. People being anti-vaxxers. Not OK.
People saying that 5G is the cause of coronavirus. Not OK.
And that's because it has wound up causing people to do things like set fire to cell phone masks in the UK.
They've also seen some abuse directed at the telco engineers in Britain.
There is no link between 5G and coronavirus.
Right.
Of course not.
I don't think that's how viruses work.
You know, if you look at a map of where 5G and coronavirus are,
they're going to overlap because that's where people are.
So it's the old correlation is not causation.
Exactly.
We're looking at correlation.
Correlation is not causation.
There is a correlation between where these are
and where these two things coexist,
but it is not the cause of the COVID-19 virus.
Well, the other thing I wanted to explore here, though,
is that these major platforms like Twitter, they're making some attempts to crack down on the spread of this misinformation.
Yeah, that's actually the point of the article is that Twitter is going to start sending sponsored content to people who post about this conspiracy theory.
They're going to start getting information that has been verified by the British government in their promoted tweets.
So now if you're a Twitter user, like so many tweets, you'll see a promoted tweet down at the bottom.
And it's a tweet that somebody has paid to have you see.
And Twitter does an okay job of telling you that it's a promoted tweet.
So the British government is verifying this information. And now Twitter is
going to say, okay, we're going to show these people who believe the conspiracy theory about
5G and coronavirus, this information that the British government has vetted and approved.
So trying to counter the misinformation with vetted good information.
Yes, exactly. I don't know how effective it's going to be.
My earlier example with flat earth people, you can show them all the evidence in the world and some of them will not believe any of it.
Right, right.
Well, the evidence is just evidence of the cover-up, not that they're wrong.
Exactly.
A massive global cover-up involving thousands and thousands and thousands of people, which would be
almost impossible to do in and of itself. But hey, they do it somehow. It's interesting. They quote
Guillaume Chalot, who is a former Google engineer. He actually laid a lot of this at the feet of
social media sites and said that their algorithms promote watch time at any cost. If you think about
that, Facebook and Twitter and other social media sites are only valuable as long as you're looking at the sites, right?
As long as there's eyeballs on the webpage.
This goes back to why I say this is not a good environment for political discussion because you're only going to hear things that make you feel good, not things that make you think, which might make you uncomfortable.
Right?
Right.
So they're promoting engagement rather than enrichment.
That's right.
That's a good way to say it, Dave.
They're promoting engagement over enrichment.
Yeah.
And something that Shalot says here, he says,
people have freedom of speech to say whatever they want,
but they shouldn't have freedom to be amplified millions of times.
In this case, I'm okay with that. But my problem is, my problem with saying that is that you actually run to say whatever they want, but they shouldn't have freedom to be amplified millions of times.
In this case, I'm okay with that, but my problem is, my problem with saying that is that you actually run the risk for some pretty serious censorship down the road. Yeah, so it's interesting
that these platforms are sort of dipping their toes in this. I think they recognize that they're
getting pushback on this, and even if they don't consider themselves responsible or think that they bear responsibility,
perhaps just the PR part of it that, you know, people are getting, are having bad feelings
about their platforms because of these things.
Maybe that's enough to make them have some change or at least try some things.
Well, hopefully it will be.
You know, that's the old argument that I hear you and Brian and Jason talking about frequently
is it's just a platform.
We let people say whatever they want to say or post whatever they want to post.
Right.
I don't know.
I think you bear some responsibility to moderate that platform or to curate it in some way,
shape, or form.
All right.
Well, it's interesting for sure.
I guess in the meantime,
everybody continue to stay safe out there
and please don't...
Don't burn down telephone masks.
Right, exactly.
Harass engineers.
Right, right.
Enjoy the enhanced speed of 5G
and just let it be that.
Right, yeah.
All right. Joe Kerrigan, thanks for joining let it be that. Right, yeah. All right.
Joe Kerrigan, thanks for joining us.
It's my pleasure, Dave.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution
trusted by businesses worldwide.
ThreatLocker is a full suite
of solutions designed
to give you total control,
stopping unauthorized applications,
securing sensitive data,
and ensuring your organization
runs smoothly and securely.
Visit ThreatLocker.com today
to see how a default deny approach
can keep your company safe and compliant.
And that's the Cyber Wire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
The Cyber Wire podcast is proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation
of cybersecurity teams and technologies.
Our amazing Cyber Wire team is Elliot Peltzman,
Puru Prakash, Stefan Vaziri, Kelsey Vaughn,
Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen,
Nick Volecki, Gina Johnson, Bennett Moe, Chris Russell,
John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie,
and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.