CyberWire Daily - OpenSSL indeed patched. CISA is confident of election security. Killnet attempted DDoS against the US Treasury. XDR data reveals threat trends. BEC and gift cards. And that’s one sweet ride.
Episode Date: November 2, 2022OpenSSL patches two vulnerabilities. CISA and election security. Killnet attempted DDoS against the US Treasury. XDR data reveals threat trends. Business email compromise and gift cards. Tim Starks fr...om the Washington Posts’ Cybersecurity 202 has the latest on election security. A visit to the CyberWire’s Women in Cyber Security event. And consequences for Raccoon Stealer from the war in Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/211 Selected reading. OpenSSL patched today. (CyberWire) OpenSSL Releases Security Update (CISA) OpenSSL releases fixes for two ‘high’ severity vulnerabilities (The Record by Recorded Future) OpenSSL patches are out – CRITICAL bug downgraded to HIGH, but patch anyway! (Naked Security) Threat Advisory: High Severity OpenSSL Vulnerabilities (Cisco Talos Blog) OpenSSL Vulnerability Patch Released (Sectigo® Official) Clearing the Fog Over the New OpenSSL Vulnerabilities (Rezilion) OpenSSL vulnerability CVE-2022-3602 (Remote Code Execution) and CVE-2022-3786 (Denial of Service) Check Point Research Update (Check Point Software) Undisclosed OpenSSL vulnerability: Free scripts for target scoping (Lightspin) Discussions of CISA’s part in elections and the JCDC. (CyberWire) U.S. Treasury thwarted attack by Russian hacker group last month-official (Reuters) XDR data reveals threat trends. (CyberWire) What happens to a gift card given to a scammer? (CyberWire) How Russia’s war in Ukraine helped the FBI crack one of the biggest cybercrime cases in years (MarketWatch) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents, winning with purpose,
and showing the world what AI was meant to be. Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more. Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected. Thank you. Now at a special discount for our listeners. Today, get 20% off your Delete Me plan
when you go to joindeleteme.com slash N2K
and use promo code N2K at checkout.
The only way to get 20% off
is to go to joindeleteme.com slash N2K
and enter code N2K at checkout.
That's joindeleteme.com slash N2K code N2K. SSL patches two vulnerabilities, CISA and election security. Killnet attempted DDoS against the U.S. Treasury.
XDR data reveals threat trends, business email compromise, and gift cards.
Tim Starks from The Washington Post's Cybersecurity 202 has the latest on election security.
A visit to the CyberWire's Women in Cybersecurity event.
And consequences for raccoon stealer from the war in Ukraine.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Wednesday, November 2nd, 2022.
We begin with a brief note that, as promised,
OpenSSL has patched two vulnerabilities in its software.
Both of the issues had initially been rated critical,
but they've since been downgraded a bit to serious.
That's no reason for complacency, since after all, serious is still serious.
And the patches still merit the prompt attention of users.
Check your systems.
OpenSSL versions 3.0 and above are vulnerable.
Yesterday morning, the Center for Strategic and International Studies held a fireside chat with CISA Director Jen Easterly and CSIS Senior Advisor Suzanne Spaulding. We sat in on the discussion. Easterly discussed how CISA is the sector risk management agency for multiple sectors, including election infrastructure, and notes how it's local and state officials in charge of elections, not the federal government.
She said that CISA's role was to ensure that those officials have the tools, resources, capabilities, and information they need to conduct what Director Easterly called safe and secure and resilient elections.
She noted the years of cooperative effort among federal, state, and local officials,
and she expressed confidence that those efforts were paying off.
Her conclusion about next week's midterm elections was clear and unambiguous.
She said there is no information, credible or specific,
about efforts to disrupt or compromise that election infrastructure.
Recent Russian cyber operations, apart from whatever cyber espionage may be in progress,
have continued to amount to nuisance-level work with the appearance of hacktivism.
Reuters reports that in September, the Kilnet gang attempted a DDoS attack against the U.S. Department of the Treasury.
That attempt was unsuccessful, Treasury says.
The department described the attack as pretty low-level DDoS activity targeting Treasury's critical infrastructure nodes,
and the department adds that it was relatively easily parried.
That said, shields remain up, as is only prudent. It's certainly possible that
offensive cyber operations in the war against Ukraine may quickly become more consequential
and show themselves capable of doing more damage than they have so far.
Security firm Barracuda has published a report on the severity of threats over the course of 2022,
finding that a larger number
of serious attacks occurred during the summer while many employees are on vacation. Microsoft
365 account compromises in particular were found to increase during the summer. 40% of attacks
between June and September 2022 involve logins to Microsoft 365 accounts from suspicious countries.
Barracuda classifies these attacks as high risk.
So, there was a surge in incidents during the vacation season.
Barracuda observes that cyber attackers target companies and IT security teams
when they are likely to be under-resourced.
This could be on weekends, overnight, or during a holiday season, such as
the summer. This is reflected in the XDR data, that is, extended detection and response data,
which clearly shows that despite an overall reduction in threat volume, a significantly
greater proportion of threats detected during the summer months were at the higher risk end
of the scale. Of course, summer vacation is now way back in the metaphorical rearview mirror,
but Barracuda thinks we should expect a similar surge during the upcoming holidays.
Business email compromise is a commonplace problem and has been for some time.
It traces its origins back to the old hoary Nigerian prince scams,
but of course it's continued to advance in cunning and guile since those early days of the advance fee scam.
The criminals have shown an ability to gull employees into thinking that they've received emailed instructions from the boss.
Often you'll see BEC scammers impersonating C-suite executives to make wire transfers to vendors, organizations, and accounts that they control.
Curiously, one of the forms of payment the scammers ask for is gift cards.
That itself should be a tip-off.
How often has your boss directed you to purchase a gift card?
Yet, gift cards are what they want.
Security firm Cofence released a report today
in which they detail trends in business email compromise
and explain what would happen
if you gave scammers traceable gift cards.
Cofence researchers purchased $500 worth
of trackable gift cards to see where they would go
after the cards were given to a scammer.
Scammers were found to prefer in-store cards and tended to be
flexible with what was available. The experiment showed how quickly scammers move funds, showing
that in all but one case, the gift cards were stolen, resold, and used for purchases within a
day. So remember, your CFO probably isn't going to email you to ask for gift cards.
your CFO probably isn't going to email you to ask for gift cards.
And finally, what becomes of criminals during wartime?
Maybe, like others, they get drafted.
And here, we note, we're talking about criminals still at large.
Those in the slammer are convicts, and if they happen to be in Russia,
well, they'll be offered a chance to join the Wagner Group and serve at the front in exchange for remission of their sentence.
But regular, still-at-large crooks take their chances like the rest of us.
Consider the case of the raccoon-stealer Malware-as-a-Service operation and one of its impresarios,
Mr. Mark Sokolovsky, a native son of the Ukrainian city of Kharkiv.
native son of the Ukrainian city of Kharkiv. It's known that the U.S. has indicted Mr. Sokolovsky on charges that alleged he was a principal behind Raccoon Stealer and that he was arrested by Dutch
police on a U.S. warrant. He's presently in custody in the Netherlands, appealing a Dutch decision to
extradite him to America. But what was he doing in the Netherlands? Apparently, bugging out of Ukraine.
A story in Market Watch says that shortly after the Russian invasion, Mr. Sokolovsky climbed into
a Porsche Cayenne with his girlfriend to get away from the fighting. The Kharkiv native drove through
Poland and Germany, and the police in the Netherlands picked him up on an FBI tip.
Raccoon Stealer, formerly a big criminal enterprise,
has itself gone into hibernation.
Market Watch quotes their farewell message.
Unfortunately, due to the special operation,
we will have to close our Raccoon Stealer project.
Our team members, who were responsible for critical components of the product,
are no longer with us.
Thank you for this experience and time for every day.
Unfortunately, everything, sooner or later,
the end of the world comes to everyone.
Now, come on, raccoon stealers.
It's not like, oh, I don't know,
extradition to the United States is the end of the world,
you nutty little trash pandas.
Think of it rather as a time of transition,
perhaps even an opportunity for growth.
And another thing, the cayenne is a nice ride, Think of it rather as a time of transition, perhaps even an opportunity for growth.
And another thing, the Cayenne is a nice ride, but it's still a compact SUV, sort of a mom-bomb.
If you're paroled, pick up a Dodge Hellcat.
You'll be in envy of the dark web. After the break, Tim Starks from the Washington Post's Cybersecurity 202 has the latest on election security and a visit to the CyberWire's Women in Cybersecurity event.
Stay with us. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like
Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber
for $1,000 off.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached. Protect your executives and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
The Cyber Wire recently hosted our annual Women in Cybersecurity reception at the fabulous Spy Museum in Washington, D.C.
Several hundred women gathered to celebrate women in cyber and tech, to enjoy a panel discussion from industry experts, and perhaps most importantly, to socialize, network, and create connections.
Here's a taste of the event from CyberWire associate producer Liz Ervin.
On October 20th, the CyberWire held the Women in Cybersecurity event
at the Spy Museum located down in Washington, D.C.
Hi, good evening, everyone.
This is the most inspiring room to see.
It was incredible getting to see all the amazing women of cyber in one room together,
mingling and discussing their professions with one another.
And I had the absolute pleasure to interview just a few of the 300 women in attendance that night.
I'm Dr. Diane Janicek. I'm with the National Security Agency.
My name is Sarah Sendak. I work at FTI Consulting. I'm a senior director on the cybersecurity and data privacy communications team.
I'm Simone Petrella, Founder and CEO of CyberVista. I'm Dinah Davis. I'm VP of R&D Operations, and I work at Arctic Wolf. I'm Lauren Sasson. I work at Team Lewis here in Washington,
D.C. My name is Lexi Vanden Heuvel. I work at FTI Cybersecurity, and I do digital forensics
and incident response. At the beginning of the event, we had a panel of four different women
from four different companies sit down for a discussion.
I got to see what some of the guests thought
of this year's panel.
What I really loved about the panel
and being part of not only, you know,
getting to listen to the panelists,
but having the honor of putting the panel together
was that we really were able to achieve representation
across a really diverse set of cybersecurity roles
within the panelists themselves.
The panelists were awesome. The moderator was great.
I just loved it. I loved to hear what the young lady had to say.
Actually, it was the intern last summer and how she said,
you don't have to have a role model. You can be your
own person. And I just think that's beautiful because the world keeps changing. So you are
who you are. Seriously enjoyed it. It was really amazing. And I was thinking as I was listening to
it, the diversity in that panel was amazing. Sitting down with these women, I asked them what it meant to be here at an event
supporting women in this field and why it's important for us to make our voices heard
in this industry that is typically male-dominated. Here's what they had to say. It is so nice to see
such a wide variety of cybersecurity jobs and women filling those roles. And then also to be at the Spy Museum
where you can see women throughout history who've been involved in these types of jobs. It's very
inspiring. The workforce of the future is in this room today and it's growing year over year. Every
year that this event has happened, it has gotten bigger and there are more women that are asking
for a seat at the table and deserve a seat at the table. And so I think the industry needs to take notice and they need to really kind of support and think about what they need to do to embrace this untapped talent still.
Like we still have so far to go, but this workforce is in this room right now and it's outside this room too.
So we need to figure out how to bring more women in the field, cultivate
them, grow them, and we're going to have better businesses and better organizations for it.
I feel like for any woman in cybersecurity, there's oftentimes a feeling of being
underrepresented in this field. It's often male dominated, go to any conference and it's not,
you're not going to see as many females around. But there are a lot of females
in this field and it's important to be able to connect with them and help lift each other up and
help build those bonds in this line of work. Lastly, I asked our guests what advice they
would give to women looking to get into this field. So there's, you know, so many jobs available,
but there's going to be so many more and so many more and so many more because it's always changing.
And there's so many different aspects.
I think one thing that women don't understand, and many people in general, is that there's probably like 200 types of cybersecurity jobs.
And not all of it is, you know, wearing a hoodie in a basement.
is, you know, wearing a hoodie in a basement. In fact, that's actually a very, very small percentage of the cybersecurity jobs out there, right? Don't count yourself out. You know, I grew up
thinking that STEM is not for me, math is not for me, technology is not for me. And I found myself
just by accident in an intersection of technology and of something that I do think is for me, you know?
So I think don't count yourself out just because there are other people in the world who are telling you that you're not deserving of these positions,
that you're not capable of these positions, that you're not smart enough.
smart enough and find your passion that can intersect with technology, with cybersecurity and pursue that.
Google and Twitter are your best friend in the security world.
You're constantly learning new things on those blogs.
And listen to the Cyber Wire podcast, obviously.
Females, we have a role for you in cybersecurity.
We need you in cybersecurity.
You're multidisciplinary, multi-talented.
You've got passion.
You love teamwork.
You love collaboration.
So join the cybersecurity field and stay in the cybersecurity field and then recruit your best friends.
cybersecurity field and then recruit your best friends. I want to thank all of the women who came out to support our event and especially those who were able to sit down with me and chat.
I am grateful that I was able to sit down with some of the women in this industry
and it was such an inspiration to be able to talk about what it means to be a woman in this field
and discuss the event and the panel. This was very enlightening. Thank you so much.
Thank you, Jen, for putting this all together.
I can't even tell you how excited I am.
This room is so full and it makes my heart so happy.
Thanks again to everyone who shared.
Special thanks to our audio team, Elliot Peltzman and Trey Hester,
and to producer Liz Urban for making this segment possible, and to senior producer Jennifer Iben for organizing the event itself.
And it is my pleasure to welcome to The Cyber Wire, Tim Starks.
He is the cybersecurity reporter at The Washington Post and also the author of The Cybersecurity 202.
Tim, it's great to have you join us today.
Yeah, it's great to be here.
So before we dig into our topic for the day, can you give our listeners just a little brief rundown of exactly what the
mission is of the Cybersecurity 202 there at The Post? I would say that it's a newsletter in name,
you know, and you get the things you would expect to get from a newsletter there, which are
rundown of all the big important news of the day. But it's also a little bit like a reported column.
You know, once per day, I will dive in from between 600 to 1,000 words on some subject with a little bit of analysis.
So the idea is to give people stuff that they want to get from everywhere.
And we can put it all in one place, but also to give them stuff they can't get anywhere else.
I like to say that if you're going to subscribe to one newsletter, make it the CyberWire,
but if you're going to subscribe to two, include the Cybersecurity 202 as well.
Well, let's dig into some topics here. I know you've been putting a lot of energy into examining
what's going on with the upcoming elections. We have. Every time there's an election,
elections? We have. Every time there's an election, certainly there's a lot of cyber eyes on what's going on there. And no difference this time. We've talked about how this time maybe things
don't look as scary as they have in past elections. Certainly when you go back to 2016,
where there was a hack that essentially changed the election to some degree. It may not
have won the election for Trump, but it certainly influenced the election with a hack of the
Democratic National Committee and the officials on the Hillary Clinton campaign. And then the
hack and leak operation that was an influence operation, essentially. So those twin threats have been around since 2016. And this time, certainly to hear CISA Director Janice Durley tell it, there are no specific credible threats that would undermine election infrastructure.
We have also, of course, reported on some warnings that the FBI has sent to the state political parties saying, hey, there's some Chinese hackers, Chinese state government-affiliated hackers
who are probing your networks.
So it's not that there's a lack of threats.
It's just that maybe they seem diminished this time.
Where the threats have maybe shifted in focus,
as you guys talked about earlier this week,
is worries about disinformation.
Since the 2020 outcome of race, we've seen not just foreign influence
attempts, but we've seen domestic groups trying to spread disinformation about what happened in
that election and what might happen in this upcoming election. We've even seen some collaboration,
perhaps on accident, where a foreign government will say something, and then you'll see the people
perhaps unwittingly amplify it in the United States,
people where that dovetails with their message.
So those are some of the big threats we're looking out for.
I think we're comfortably able to say, as we did this morning in our newsletter,
that things are better than they were in 2016.
And of course, you would expect that after nearly a billion dollars worth of investment
just from the federal government alone.
That doesn't count the state and local investments.
But we also know that there are a lot of things
that we haven't finished doing yet.
And that the state and local election officials will tell you,
we need a lot more than a billion.
We need five billion next year.
That's what they said in December.
Yeah, it's interesting to me because as you say, it seems as though we've got the technical side of things pretty buttoned up in
terms of the actual voting machines and the infrastructure and that sort of thing. My sense
is there's a high amount of confidence in that from the folks who would know better. But it's
that disinformation side that seems, in my mind, to have been ramped up. I mean, when you compare
to recent elections, does it seem as though that's where the, to have been ramped up. I mean, when you compare to recent elections,
does it seem as though that's where the bad actors have been focusing?
Yeah, I would say that.
You know, it is difficult to really change an election
by hacking into the machines.
You know, the kinds of hacks that we've seen demonstrated,
by and large, for the most part, are hacks that have, you know,
you would have to have access to a specific machine. And maybe in a district where things
are close or in a state where things are close, if you could switch one machine, maybe you could
have a big impact on the election. But you have to have access most of the time, and that's hard.
You know, there's also a push to make it so that any kind of connectivity to the internet that
these things have is going to go away. We've seen very few states still kind of using these modems to transmit unofficial
results. That's one thing we've seen them do with it. But you don't want the connectivity for the
reasons that, you know, there's a potential that if you are connected to the internet that someone
can get in. So it's difficult. What is easier to do is to lie on the internet. Now, to the credit of some of the social media companies, and maybe I don't want to give them too much credit because there are people who will say they have not done enough to crack down on disinformation and influence operations.
But they have done some things, and they've done more than they were doing back in 2016.
And there seems to be this growing awareness that they need to be on top of this. And a lot of the networks that
they've found and exposed, and not just them, but external organizations they work with,
have not had a whole lot of reach. If you look at the engagements, they've been limited in some
degrees. But some of my colleagues recently, just as recently as this week, were reporting on
something on Twitter where it actually did get pretty good engagement.
So it's the ease of the operations,
and the bang for your buck is coming from that,
if anything, between those two things.
Yeah. I wonder, for the cybersecurity professionals in our audience, is it on them to help spread the word among their family, friends?
We all have those folks who are skeptical.
To just remind them, use their expertise to say,
you know what, at least the technical side of this,
we're in pretty good shape here.
Certainly, I think that I'd like to give some real credit
to the cybersecurity officials who answered our poll
that we ran earlier this week.
It's to their economic incentive to emphasize the hacking threat and de-emphasize the disinformation threat.
But they're a pretty honest set of group who would say, you know, even though my career is in hacking and cybersecurity, what I'm really worried about for this election is the disinformation piece.
And, you know, one of the things that appealed to me about cybersecurity when I first started writing about it was that it was this unsettled, wild frontier of policymaking where nobody had the answers. And we still don't. We
have some answers, but we still, by and large, do not have the big answers on this. Disinformation
is perhaps even harder than that. Yes, do you spread the word with your friends? Sure. But
then there are also people who will tell you that if you're trying to communicate with somebody who
is in the embrace of disinformation, if you are too dogmatic with
them, you can actually deepen their hostility toward correct information. So you hear approaches
like ask them questions. Draw them out that way. Don't tell them, no, you're wrong and here's why
you're wrong. And show them credible news outlets because they don't trust those credible news outlets.
Try to get them to talk about why they are where they are.
And then you've got the bigger, bigger, bigger pieces
are things like better media literacy training
and education at the K-12 level.
So it's definitely something
where the more people who are contributing, the better.
But at the same time,
you've got to be really careful about how you do it.
And we haven't really figured this out yet.
All right.
Well, Tim Starks is the author of the Cybersecurity 202 at The Washington Post.
Tim, thanks so much for joining us.
Yeah, it was great.
Cyber threats are evolving every second, and staying ahead is more than just a challenge. Thank you. Clear your schedule for you time with a handcrafted espresso beverage from Starbucks.
Savor the new small and mighty Cortado.
Cozy up with the familiar flavors of pistachio.
Or shake up your mood with an iced brown sugar oat shaken espresso.
Whatever you choose, your espresso will be handcrafted with care at Starbucks.
And that's The Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com. The Cyber Wire podcast is a production of N2K Networks, proudly produced
in Maryland out of the startup studios of
Datatribe, where they're co-building the
next generation of cybersecurity teams
and technologies. Our amazing
Cyber Wire team is Elliot Peltzman,
Trey Hester, Brandon Karp,
Eliana White, Puru Prakash, Liz
Ervin, Rachel Gelfand, Tim Nodar,
Joe Kerrigan, Kirill Terrio,
Maria Vermatsis, Ben Yellen, Nick Vilecki, Gina Johnson, Bennett Moe, Catherine Murphy, Janine Daly, Thanks for listening.
We'll see you back here tomorrow. Thank you. solutions that are not only ambitious, but also practical and adaptable. That's where Domo's AI
and data products platform comes in. With Domo, you can channel AI and data into innovative uses
that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.