CyberWire Daily - Operation Cloudhopper. Chrysaor spyware. Microsoft to upgrade Office security. Notes from SeaAirSpace. High school hacking.
Episode Date: April 5, 2017In today's podcast, we hear about how Operation Cloudhopper gets to its espionage targets via their cloud and managed service providers. Details are out on the Android version of the Pegasus spyware. ...Microsoft will upgrade Office security. Notes on the annual SeaAirSpace expo, including an excursus on cyber Marines. Cisco’s Chief Privacy Officer Michelle Dennedy joins us from the Women in Cybersecurity Conference. Dale Drew from Level 3 describes the security ecosystem disruption. And what is going on in Bedford County, Pennsylvania, a place where the laws of physics may not apply? Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Operation Cloud Hopper gets to its espionage targets via their cloud and managed service providers.
Details are out on the Android version of the Pegasus spyware.
Microsoft will upgrade office security.
Notes on the annual Sea Air Space Expo.
And what is going on in Bedford County, Pennsylvania,
a place where the laws of physics may not apply.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Wednesday, April 5, 2017.
PricewaterhouseCoopers and BAE are reporting a surge in Chinese government cyber espionage.
Operation Cloudhopper is said to be targeting cloud and managed service providers
with the goal of gathering information on their customers,
including not only companies but also diplomatic services.
As has so often been the case with Chinese operations, the espionage extends beyond intelligence collection to theft of intellectual property.
British targets are thought to be particularly affected, but the campaign is multinational in scope
and a comparable operation is being run simultaneously against Japanese targets.
PWC and BAE have been tracking the operation since late last year,
and they identify the specific threat actor as APT-10,
also known as Red Apollo, CVNX, and Stone Panda.
Security firm Lookout's report on Chrysaor, the Android version of Pegasus, is out and worth a look.
Pegasus is a spyware product for lawful intercept uses produced by NSO Group.
Pegasus came under scrutiny during investigation of surveillance of journalists, activists, and dissidents by various regimes,
most famously in the United Arab Emirates.
Lookout worked with Google on Chrysaor.
It had earlier worked with the University of Toronto's Citizen Lab on Pegasus.
Microsoft has announced that later this month
it will add advanced threat protection safe links to Word, Excel, and PowerPoint,
and that Office 365 will receive an upgraded
Advanced Data Governance and Threat Intelligence package.
We were at the Navy League's annual Sea Air Space Exposition this week down in National
Harbor, Maryland, where cybersecurity matters receive the increasing attention they now
get from all the services.
As Palo Alto Networks put it in conversation with us,
there's a perceived need to educate senior leadership to move the sea services
beyond a patch-and-repair approach to cybersecurity that can still remain the easy default.
Rear Admiral Timothy White, Commander, U.S. Cybercom National Cyber Mission Force,
Vice Admiral Jan Tai, Deputy Chief of Naval Operations
for Information Warfare and Naval Intelligence Chief, and Vice Admiral Michael Gilday,
head of the U.S. Navy's Fleet Cyber Command, were among the senior leaders who spoke,
and they did exhibit the mature understanding of the issues Palo Alto hoped would become general.
The U.S. Marine Corps was, as it always is, a highly visible presence on the
floor. The Corps offered some discussion of its new cyber-military occupational specialties,
typically called MOSs. These will be available for enlisted Marines as well as non-commissioned,
warrant, and commission officers. Thus, experienced personnel won't have to rotate back to a primary
specialty after a few years of service.
The personnel system is self-consciously modeled on that used by Marine Corps Forces Special Operations Command.
See thecyberwire.com for more coverage of Sea Airspace.
All week, we're hearing from some of the people we met at the 2017 Women in Cybersecurity Conference.
Michelle Dennedy is Chief Privacy Officer at Cisco and was a keynote speaker at the event.
My role is really the strategic side of privacy to look at what I call turning values to value.
So privacy and ethics and morality and these kinds of things sound like ishy, squishy words.
What we do is we use a privacy engineering methodology,
and we're starting to change the culture at Cisco and at our customers to be data-centric first
and then use privacy engineering techniques so that we'll have a high-quality, authenticatable system
that reflects not just the laws of the lands, plural,
but really the ethics and the expectations of our customers.
The issues that we have with women being underrepresented in the cybersecurity workforce, it's not getting better.
And one of the things that really strikes me is that retention is not getting better.
So even when we get women to join us, they're not staying.
It's a very tough problem. And I tell you what's great
about, this is my first time at the WESIS event, and I'm loving the energy from these young women
in particular, that they are so positive in their own ability to make change, of their flexibility
to say, should I start here, assuming that I'm going
to go there and there and there.
So I think that it's hopefully going to get better.
It's a very hostile work environment still, and not always overt.
And in fact, I think the most pernicious problems are not overt.
I think that what if every single person, men and women, picked one diverse candidate from whatever diversity
you feel most passionate about, race, ethnicity, economic circumstances, geography, gender.
And if every single one of us picked one person not to mentor, but to sponsor,
to push that person to take those next risks or pull them up when you see them lagging.
If every single person did that, it would only take half a generation to get to the place where
we have enough competent people working in a respectful environment where all we're doing is
innovating and creating and sort of bringing our best selves to work. I tell you what, a couple of
the young gals came up to me this morning
and were so cute because they were, you know,
oh, I'm getting my second PhD and I have two masters
and, you know, what do I need to learn anymore?
And I think for both genders, I would just say nothing.
It's not so much stuff you can stuff in your head.
Just go out there and fail.
You know, try so hard and dream so big that you don't reach it.
Because if all you're doing is planning, planning, planning, planning to get there
and doing everything you need to do to get there
and then executing on that plan,
then you're going to look back and realize,
I probably could have done more.
If you've failed a few times and you've reached and reached
and your fingers slipped off at the very last second, that's your edge.
So find your edge.
That's Michelle Dennedy from Cisco.
You can hear more from her in our upcoming CyberWire special edition
on the 2017 Women in Cybersecurity Conference.
And finally, there's some news out of Bedford County, Pennsylvania. Last
week, around 6.30 on the morning of March 28, the network of Chestnut Ridge High School in New Paris
was knocked offline. Pennsylvania State Police are investigating, but they say that the outage
was induced by a juvenile male student, that is a local high school boy, who was hacking from home.
As far as we've heard,
no one's saying anything about charges, but the Chestnut Ridge School District Superintendent
said the outage was a significant inconvenience to the school's staff. So please, kids, don't do
this kind of thing from home. But there may be another angle to the story. In a Cyber Wire
exclusive brought to us by a stringer who vacations in
New Paris, Bedford County is one of those places where the laws of physics may not apply. We're
referring, of course, to Gravity Hill on Bethel Hollow Road. Put your car in neutral, make sure
it's safe, take your foot off the brake, and your car rolls uphill. Our stringer swears he's done it more than once
and he's seen it with his own eyes.
So that's that.
So have the state police considered a possible transgravitational effect
as the cause of the network outage?
If New Paris is the site of such kinetic effects,
who's to say it couldn't have informational weirdness as well?
If anyone's interested, by the way,
there's a U.S. Marine Corps recruiter just down the Lincoln Highway in Bedford.
Just saying.
So, Semper Fi, and go Lions.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword. It's a way of life.
You'll be solving customer challenges faster with agents, winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs,
we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist
who puts her career on hold
to stay home with her young son.
But her maternal instincts
take a wild and surreal turn
as she discovers the best
yet fiercest part of herself.
Based on the acclaimed novel,
Night Bitch is a thought-provoking
and wickedly humorous film
from Searchlight Pictures.
Stream Night Bitch January 24
only on Disney+. businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization
runs smoothly and compliant.
Joining me once again is Dale Drew.
He's the Chief Security Officer at Level 3 Communications.
Dale, today you wanted to talk about security ecosystems and the way that they handle the disruption cycle.
Yeah, so our view might be a little biased as a network provider,
but with that sort of lens,
we have been sort of watching this exploit ecosystem over the past handful of years
and made an observation that a lot of the sort of approach to security ecosystems is based on
how fast the security research community can get mitigation or corrective action in the hands of the end
system, whether it's the consumer's desktop or whether it's the computing device in the data
center, a company's end system. But it's largely based on the actual computer itself. And so we've seen on average about a four-month life cycle from the time that it takes to detect a piece of malware in the wild, to capture it, to analyze it, as an example, other application hosting providers, and saying that if we can get other ISPs in this fray to be able to actively shut down the command and control piece of this, while the rest of the security research community focuses on the
clients, I think we're going to have a significant disruption capability in the bad guys to be able
to operate this sort of large extortionist-related botnet infrastructure. There is a new protocol
being proposed to that community called DOTS. It's the DDoS Open Threat Signaling Protocol.
I don't know if that's the right answer, but it's definitely in the direction of the right answer
because that is moving us toward a reputation-based routing environment.
So imagine an environment.
Let's say it's two years from now.
Let's say it's three years from now.
But imagine an environment where ISPs, the security research community, Let's say it's two years from now. Let's say it's null routing, whether it's black holing, whether it's firewalling
compromised IPs on the global internet, while they work with the victim to get that machine
corrected. If the entire network environment, the global internet environment was oriented toward
a reputation-based routing environment, it would be nearly impossible for a bad guy to operate
on the global internet.
We believe that's the direction that we need to get the overall research community headed toward.
And we think it's going to have a very significant impact on being able to stop
bad guys from operating. Dale Drew, thanks for joining us.
And now a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Thank you. comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain
insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com.
That's ai.domo.com.