CyberWire Daily - OilRig fingered as Iranian state-sponsored group behind attempted hacks of Israeli targets. Shamoon still under the same management. Botnet wars in the IoT. Countermessaging, hopes of missile hacks, and more.
Episode Date: April 28, 2017In today's podcast, we hear that researchers have named the hitherto unnamed country that attempted to hack Israeli targets. Other researchers conclude Shamoon is still under the same management. Role...s and missions dispute among Israeli security organizations. Peter Galvin from Thales takes a look at data security in the US Federal sector. VA Tech's Dr. Charles Clancy explains the pros and cons of 5G mobile technology. Financial malware vector startles phishing victims into clicking. Vigilante botnets are not helping the IoT. Countermessaging is still not as easy as it looks. And there's a lot of thinly sourced hope about hacking North Korean missiles. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Researchers name the unnamed country that attempted to hack Israeli targets.
Other researchers conclude Shamoon is still under the same management.
Talas takes a look at data security in the U.S. federal sector. A financial malware vector
startles phishing victims into clicking. Vigilante botnets are not helping the IOT.
Counter-messaging is still not as easy as it looks,
and there's a lot of thinly-sourced hope about hacking North Korean missiles.
North Korean missiles.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Friday, April 28, 2017.
An unnamed country behind a recent cyber campaign against Israeli targets has been named.
Research by Morphosec, confirmed by EyeSight Partners, points to Oil Rig, also known as Helix Kitten, and Iranian threat actor.
Israel's National Cyber Defense Authority says the attacks were blocked. The attacks sought to exploit a known and patched vulnerability in Microsoft Word, CVE-2017-0199.
Israel's National Cyber Defense Authority has been operating officially for a year since April 2016.
It's recently become controversial in a dispute over agency equities.
Security officials from Shin Bet, Mossad, and elsewhere in the IDF
have expressed concern that pending legislation involving the National Cyber Defense Authority
leave its charter too vague and
open to the possibility of mutual interference by organizations working in the same space.
McAfee researchers conclude that recent Shamoon attacks were conducted by the same group that
first mounted them in 2012, and that group too is generally believed to be working on
behalf of Iran's government.
Shamoon's principal targets have been Iranian regional rivals, especially Saudi Arabia.
To review, Shamoon emerged in 2012 with a destructive wiper attack on the networks of
oil producer Saudi Aramco. It resurfaced in late 2016 with attacks on other Saudi targets.
Shamoon is particularly interesting in that it has a clearly destructive and disruptive purpose. It's not conducting espionage, nor is it working any
sort of information campaign. Recovery from successfully executed Shamoon attacks has
proven both costly and time-consuming. Brickerbot is another destructive campaign,
but this one is different in that it appears to be the work of a vigilante.
Brickerbot is another destructive campaign, but this one is different in that it appears to be the work of a vigilante.
Brickerbot's code searches for Internet of Things devices susceptible to infection by
the Mirai botnet.
Once it locates such a device, it preemptively and permanently bricks them, hence its name.
Brickerbot, whatever its author's professed intentions, has not been well received by
the security community, nor, obviously, by its victims.
SierraTel, a California internet service provider, was disrupted earlier this month by the competition between BrickerBot and Mirai for vulnerable devices, in this case, high-speed modems.
SierraTel, which has received generally positive reviews for its transparency with customers concerning the incident,
says it had cleared up the problem by April 22nd.
BrickerBot's presumed author, who's known by his screen name Janitor,
claimed credit for the service disruption in a communication with bleeping computer.
The other vigilante strain of IoT malware, the less destructive but still irritating Hajime Botnet,
is worrying security experts as its herd of bots grows.
Hajime is now believed to have roped in some 300,000 devices.
Researchers at security firm Forcepoint have identified a new variant of Geodot Emotet
banking malware pursuing targets in the UK.
The vector is an email that appears to be a legitimate billing request.
It asks for payment of an abnormally large amount,
and of course, surprised and alarmed, recipients are quick to click,
and then the crooks have them pwned.
Government counter-messaging programs, information operations designed to combat ISIS,
draw tepid reviews even as lethal strikes have an increasingly clear effect on the caliphate.
Facebook publishes a study of information operations that draws some useful distinctions
and offers operators some insights into this difficult art.
The U.S. administration again refuses to say whether it hacked North Korean missile tests.
Some in the media, particularly in the U.K., take this as an admission that the US did indeed hack them. So speculation proceeds apace, especially among those unfamiliar with the many ways missiles fail.
This strikes the steely-eyed missile men on our staff as wishful thinking,
for some reason concentrated in the UK.
Sure, who in the civilized world wouldn't like Pyongyang's long-range nuclear strike capability
to be hackable at need?
But don't get your hopes up, kids. Rockets and missiles fail all the time for reasons completely
unrelated to hacking. Thank you. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection
across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies,
access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn as she discovers the best yet fiercest part of
herself. Based on the acclaimed novel, Night Bitch is a thought-provoking and wickedly humorous film
from Searchlight Pictures. Stream Night Bitch January 24 only on Disney+. Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions
designed to give you total control,
stopping unauthorized applications, securing
sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com
today to see how a default-deny approach can keep your company safe and compliant.
And I'm pleased to be joined once again by Dr. Charles Clancy.
He's the director of the Hume Center for National Security and Technology at Virginia Tech.
Dr. Clancy, I saw a couple of sort of conflicting articles come by recently. One was a demonstration that Samsung was doing with new 5G technology.
And then a few days later, I saw an article that said that
5G is a ways off, you know, basically don't hold your breath. What's the real status here?
5G technology has become synonymous with millimeter wave technology. And millimeter
wave technology is essentially moving the frequencies at which your cell phone communicates
to the cell tower up to much higher bands. So in particular, 28 gigahertz is what many of these trials are testing out right now. The FCC recently approved
a number of new frequency bands for 5G in the millimeter wave band, and they range from 28
gigahertz all the way up to 73 gigahertz. So many of these companies that are advertising these 5G
trials are really just testing out millimeter wave technology in some of
these 5G bands or bands that the FCC has designated as 5G. If you actually look at the progress that's
being made in the standards group, in particular 3GPP, which is the organization that's responsible
for defining the standards for cellular communications, they still have a lot of work
to do, as you mentioned. There are currently efforts to define the requirements and
begin establishing the framework for what the 5G physical and data link layers look like,
but we are probably at least a year away from having a draft standard of what that actually
looks like. Some of the initial reports indicate that it's going to look a lot like 4G,
so it's shifted up to higher frequencies. So it'll be interesting to see if any new and innovative technologies make their way into the standard in the coming months.
With this millimeter technology, we're going to have to have a lot more towers, right?
There's a range issue at these frequencies.
Oh, definitely.
Current 4G technology can penetrate walls fairly well,
and it can go reasonably long distances, upwards of a kilometer or two are the typical design ranges for cell towers.
In urban areas, they're obviously less than that just because of the density of users.
Millimeter wave technology is designed for even shorter ranges than that.
And in particular, because up at these higher frequency ranges, the signals can't propagate through walls.
In fact, some of the 5G frequencies can't even go
through a piece of paper. So as a result, there's a lot of research underway, particularly in outdoor
environments, looking at how 5G signals would work in a dense urban environment and how it would
reflect off concrete buildings and things of that nature. And then if you look at the indoor
deployments, you probably need a 5G base station in nearly every room in order to provide systematic coverage in an indoor environment.
So figuring out how to do that and what the backhaul look like, these are all major research questions that are still underway.
But then the upside would be higher speeds, right?
Oh, yeah.
Orders of magnitude increase in data rates.
So the actual deployments of 5G are likely to be incremental, where you're going to have sort of a base code of 4G coverage everywhere. And then if you're in a 5G area,
you may see 10 to 100x faster data rates, but it would be in sort of a hotspot sort of environment
where you're only getting coverage in these limited areas, which then necessitates new data
models where maybe your mobile device can download and cache content on an anticipatory
basis when you happen to be in one of these very high data rate zones.
All right. Interesting stuff. Dr. Charles Clancy, thanks for joining us.
And now a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
My guest today is Peter Galvin, Vice President of Strategy at Talus eSecurity.
They recently published the federal government edition of the Talus Data Threat Report for 2017,
Trends in Encryption and Data Security.
I think there were three big takeaways from that report.
The first takeaway was really how at risk the federal government or federal and civilian
agencies feel against cyber threats, hackers, and nation states. And really the biggest area they
were concerned about when it came to hackers were really cyber criminals. So as much as we hear a
lot today about nation states and nation states being the biggest concern, the area that we actually found that they were most concerned about, like most organizations, were cyber criminals.
The second area was that these organizations are looking at lots of new technologies and looking at adopting them pretty quickly.
looking at adopting them pretty quickly. So the federal government has been promoting for both these civil and defense agencies the use of, you know, things like cloud technology,
IoT, and containers, which is part of the DevOps revolution, and how they're adopting those. And
the concerns, you know, there are high concerns about using security in those areas.
And I think the third area of interest was that in the federal government, budgets are growing around for cybersecurity.
But the biggest concern has the biggest thing that we found out was that of all the other verticals that we looked at. And so we looked at, for example, health care, retail, financial services,
the increases in the federal budgets for cybersecurity were among the lowest,
although fairly significant in their budget increases. And I think what's interesting about
that federal government is they're moving from many very old systems with reduced staffing levels.
You know, they're one of the biggest areas where cyber criminals are going after them. So those are the big three takeaways
from the report that we saw. One of the report's findings is that the risks to federal data is very
similar to the risks to data in commercial environments. I think there are only so many
nation states. And so I think that, you know,
cyber criminals see the federal government
as another big area
where they can find sensitive data
or personal identical information
or either personalized
identical health information.
And so I think that cyber criminals
look at that as a way to be able to,
wow, if I can break into some of these systems,
there's some very valuable information that I can get and sell on the dark web.
I think, you know, why the federal government agencies face so much more security threats
is that it's just not the cyber criminals, but it's also nation states who are trying
to find out, you know, secrets about the government or secrets about how agencies work or travel habits of agencies, etc.
And so they have an additional threat. who are going in and thinking they're doing some kind of civic duty by hacking into private information and leaking that information to the rest of the world.
So I think they have similar vulnerabilities when it comes to cyber criminals, but they also face additional threats from nation states and hacktivists,
which a lot of commercial enterprises don't face as much of
that pressure. And so the other encouraging thing is that we have seen year over year that people
believe that encryption is what will meet their privacy requirements and allow them to safely
expand some of these new technologies. So as the organizations are looking at
these new technologies around, you know, cloud computing, IoT, mobile, and containers and DevOps
type of activities, the one technology that now is coming out more strongly is encryption,
because they believe that encryption will help them protect against these data breaches,
that even if the data is breached, if somebody accesses that data, that data is encrypted,
and those organizations, that information is still protected from those cyber criminals
or those nation states that might attack them.
And one of the things that we found out is that when we talked to the federal government
about what do they think are some of the top three data security controls that agencies
can implement over this next year, especially as they're moving to the cloud, almost half
of them said tokenization, which was, okay, take that information and tokenize it so that
it's not in the clear
and use that token as a method of being able to authenticate identity or purchase something.
And then the second aspect is really use cloud gateways or cloud encryption gateways
so that anything that's leaving your premises and going to the cloud is automatically encrypted
and then also using encrypted services within the cloud.
And so I think there is a realization that is happening across the federal government
and the federal agencies that one of the missing pieces in making sure
that they're securing their environment is using encryption.
So, you know, essentially to use encryption, you need to
figure out where your sensitive data is, and then make sure you're encrypting that data
and using the right policies and procedures for people to access that data.
That's Peter Galvin from TALIS eSecurity. The name of the report is TALIS Data Threat Report 2017
Trends in Encryption and Data Security, Federal Government Edition.
And that's the Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI
and data products platform comes in. With Domo, you can channel AI and data into innovative uses
that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.