CyberWire Daily - Privateering goes fully political. Compromised robots? Conti’s campaign against Costa Rica. Cyberconflict along the Nile. A reset in the cyber insurance market.
Episode Date: May 18, 2022Chaos ransomware group declares for Russia. Hacktivists claim to have compromised Russian-manufactured ground surveillance robots. Conti's ongoing campaign against Costa Rica. The claimed "internation...al" cyberattack against Nile dam was stopped. Rick Howard speaks with author Caroline Wong on her book “Security Metrics, a Beginner's Guide”. Our guests are Kathleen Smith and Rachel Bozeman, hosts of the new podcast, Security Cleared Jobs. And the cyber insurance market experiences a “reset.” For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/96 Selected reading. Chaos Ransomware Variant Sides with Russia (Fortinet Blog) Did hackers commandeer surveillance robots at a Russian airport? (The Daily Dot) Russian Hacking Cartel Attacks Costa Rican Government Agencies (New York Times) Costa Rican president claims collaborators are aiding Conti's ransomware extortion efforts (CyberScoop) "We will overthrow the government" - Does Conti have help inside Costa Rica? (Tech Monitor) Costa Ricans scrambled to pay taxes by hand after cyberattack took down country’s collection system (Yahoo) Ethiopia faces new cyberattacks on its Nile dam (Al-Monitor) Cyber Insurers Raise Rates Amid a Surge in Costly Hacks (Wall Street Journal) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
The Chaos Ransomware Group sides with Russia.
Activists claim to have compromised Russian-manufactured ground surveillance robots.
Conti's ongoing campaign against Costa Rica.
The claimed international cyber attack against Nile Dam was stopped.
Rick Howard speaks with author Caroline Wong on her book, Security Metrics, A Beginner's Guide.
author Caroline Wong on her book, Security Metrics, A Beginner's Guide.
Our guests are Kathleen Smith and Rachel Bozeman,
hosts of the new podcast, Security Cleared Jobs. And the cyber insurance market experiences a reset.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Wednesday, May 18th, 2022.
Conti declared its alignment with Russia back in February, right after Russia invaded Ukraine.
Its rivals in the LockBit crew tried to remain nominally neutral, saying they were apolitical and just wanted to make a dishonest buck.
Now, another ransomware gang, the Operators of Chaos, has declared for Russia, Fortinet researchers report,
it's customary for ransomware to include a message that normally demands a ransom
and tells the victims how they can recover their files after paying.
There's none of that here.
This is the message Chaos has been displaying recently.
Stop Ukraine war. F Zelensky.
Don't go die for effing clown! You can see the truth here!
With a link that takes the recipient to a Russophone propaganda site, the
Information and Coordination Center, that page, which leads with the motto,
Victory Will Be Ours, explains its purpose in a Who We Are section. The site's goal appears to be recruitment of hacktivists and influencers.
The site includes a list of resources currently being coordinated,
and it offers other items like names of Ukrainian soldiers killed in action
and the names of alleged Ukrainian war criminals.
Chaos, while it's a ransomware builder in the C2C market,
clearly isn't a conventional ransomware gang.
Fortinet concludes,
The Chaos ransomware variant that this blog covers is unique in the sense that the attacker has no intention of providing a decryption tool or file recovery instructions for its victims to recover their affected files.
Finding them is a tall order for non-technical victims,
which pretty much makes the malware a file destroyer. Clearly, the motive behind this
malware is destruction. The politically inclined messages also indicate that the attacker is pro-Russian
and frustrated with the current situation. And with the Chaos ransomware builder now readily
available, its options allow anyone to create destructive malware
And with no end to the war in sight, FortiGuard Labs expects more malware like this to emerge
The Daily Dot reports that a hacktivist group, CaucusNet, says it successfully compromised Trial Patrol 4.0 unmanned ground video surveillance systems.
Hashtagging OpRussia and GloryUkraine,
CaucusNet's Twitter feed crowed,
We hacked the patrol robots of the Russian company SMP Robotics.
Now we control the robotics robots all over the world.
We broadcasted the anthem of Ukraine and the Georgian song
300 on all the robots on May 9th. Trial patrol robots have been sold in many countries,
but CaucusNet claimed in particular that they'd hacked the systems at Moscow's
Sheremetyevo International Airport. The airport did not confirm any incident to the Daily Dot,
saying only, Sheremetyevo International Airport does not confirm the incident to the Daily Dot, saying only, Like most hacktivism, this amounts to a nuisance.
This one should be received with open-minded skepticism.
Costa Rica continues to work to restore services in the country
that were disrupted by Conti ransomware,
and Conti ransomware,
and Conti continues its woofing about seeking to foment an insurrection in Costa Rica to help force payment. The government has been unable to collect taxes in the usual manner,
and it's also having difficulty paying its employees. For its part, Conti has not only
upped its ransom demand to $20 million, but claims to have insiders working for it within Costa Rica.
A communique from the group, reproduced by TechMonitor, said,
We have our insiders in your government.
I recommend that you're responsible.
Contact UNC 1756.
There is less than a week left when we destroy your keys.
We are also working on gaining access to your other systems.
You have no other option but to pay us.
We know that you have hired a data recovery specialist.
Don't try to find workarounds.
I communicate with everyone in this business.
I have insiders even in your government.
I once again appeal to the residents of Costa Rica to go out on the street and demand payment.
You are just forcing us to use terrible methods.
Another attempt to get in touch through other services will be punished by deleting the key.
The reference to UNC-1756 is just made up bragging,
since there's no record of activity under this particular classification,
but CyberScoop reports that Costa Rica's president,
Rodrigo Chavez, has led credence to the claim that Conti's getting some local help.
The president said,
There are very clear indications that people inside the country are collaborating with Conti.
Citing national security, he declined to give details.
Conti is a Russian gang, privateers who operate at the sufferance of Moscow and who've
also declared that they intend to operate in Russia's interest during its war against Ukraine.
So there's been speculation, the New York Times reports, that the campaign against Costa Rica
is intended to punish that country for siding with Ukraine. But that seems implausible. While
sympathy in Costa Rica has generally run against
Russia's war, that's true of the world in general, and Costa Rica certainly hasn't been delivering
crucial assistance to Kiev. It seems more probable, as some sources tell the Times,
that Costa Rica is a target of opportunity, still more easily caught while bigger fish grow warier and more inclined to spit the hook.
Ethiopia says it stopped cyberattacks on its Nile Dam and some financial institutions, the Addis Standard reports.
AI Monitor says that Egypt's government has not officially responded to Ethiopian accusations that it's behind any such cyber attacks.
The Grand Ethiopian Renaissance Dam and the Nile water rights it affects have been a point of contention between the two countries. And the Wall Street Journal reports that the cyber insurance
market is undergoing a reset as it deals with a surge in costly ransomware attacks and concerns that Russia's war against Ukraine will spill over into cyberspace
in a more significant way than it has yet to do.
According to the Journal, direct written premiums collected by the largest U.S. insurance carriers in 2021
swelled by 92% year over year,
according to information submitted to the National Association of
Insurance Commissioners. That's because the carriers are charging more, not because they're
expanding their coverage. The reset also includes more stringent requirements customers must meet
before they'll receive coverage. Ransomware has continued to surge. A study by Cybersecurity Works released this morning finds a 7.5% spike in APT groups engaged in ransomware.
Do you know the status of your compliance controls right now?
Like, right now.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to
evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize key
workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta
when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact, over
one-third of new members discover they've already been breached. Protect your executives and their
families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
You're listening to the theme song of the HBO long-running hit Game of Thrones,
the unofficial anthem for the Cybersecurity Canon Project,
the project designed to find the must-read books for all cybersecurity professionals because one of the greatest characters of all time, Tyrion
Lannister, had this to say about reading books.
Why'd you read so much?
Well, my brother has his sword and I have my mind, and a mind needs books like a sword needs a whetstone.
That's why I read so much, Jon Snow.
Which means it's Cybersecurity Canon Week here at the CyberWire, where we are interviewing all the Canon Hall of Fame inductee authors for the 2022 season.
I'm Rick Howard, the Chief Security Officer, Chief Analyst, and Senior Fellow here at the Cyber Wire. And today's book is called Security Metrics, a Beginner's Guide by Caroline
Wong. Enjoy. I'm joined by Caroline Wong, the Chief Strategy Officer at Cobalt and host of her
own podcast, Humans of InfoSec. Caroline, thanks for coming on the show.
What a pleasure to be here. Thank you for having me.
You're quite welcome. So you wrote this book in 2011, and as near as I can figure,
it's one of the first books published for the cybersecurity community that dealt with the
thorny subjects of risk, metrics, and analytics. Why did you write the book?
So first, I have to say, Andy Jaquith wrote a super good book about security metrics before this book.
I was so honored that Andy wrote a little bit in this book as an introduction.
Andy wrote a little bit in this book as an introduction.
I certainly want to respect the shoulders of giants that I stood on in order to produce this work.
Andy had done excellent work in this area.
And what I had an opportunity to do was to say,
how do you take some of these really great ideas that for the most part at that point
in time, now more than a decade ago, were largely theoretical and how do you put that into practice?
And that's what I was very interested in doing. I had the privilege of working with Dave Cullinane when he was CISO at eBay.
And together, we and the team, we built this program. And I saw the value and the necessity
of security metrics, not only to demonstrate the value of the program,
but also to ensure ongoing investment.
And it's a topic that has fascinated me throughout my career.
For the first time in my career,
I understand what a whisker chart is, right?
And how to read it, what linear regression is,
and how to easily build plots with the data in a spreadsheet.
And I actually did some practice runs
because of your book, Caroline, in Google Sheets to see if I could do it. And I'm here to
say, if I can figure it out, I think anybody can do it thanks to your explanation. And the last one
is exactly what is logarithmic scale and why mathematicians use it. So just, you know, as an
example, can you tell our listeners, why do we use logarithmic scale in metrics and analytics?
These math things, these modeling things, they are tools for us to use.
They are not by any means the end result.
I think the simple description of linear versus logarithmic, it's kind of like the earthquake scale.
You know, what's the difference between a size seven earthquake and a size eight earthquake?
If I ask my seven-year-old daughter, what's the difference between the number seven and eight?
She says, that's not a very big difference. You know, seven is followed by eight. But if we're
talking about logarithmic terms, then we're talking about a magnitude increase times 10.
If we're talking about logarithmic terms, then we're talking about a magnitude increase times 10.
And so it's like just way bigger.
And so it just depends on your data set.
It depends on the velocity at which your data is changing, whether it's useful to view it in a linear or logarithmic fashion. That's Caroline Wong, the latest author inductee into the Cybersecurity Canon Hall of Fame
with her book, Security Metrics, A Beginner's Guide.
For more information on the Cybersecurity Canon Project,
go to your favorite search engine and look up cybersecurity canon.
That's canon with one N as in canon of literature and not two Ns where you blow stuff up.
And Ohio State University, the project's official sponsor.
If you like what you hear and want to hear the full interview,
subscribe to CyberWire Pro today to get access to the latest episodes of CSO Perspectives, plus much more.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly
and securely. Visit ThreatLocker.com today to see how a default-deny approach can keep your
company safe and compliant. For those of us outside of the intelligence community, there's a bit of mystique around having a security clearance.
What does it take to get one? What does it mean once you have one? And how does it affect your job prospects?
one, and how does it affect your job prospects? Kathleen Smith is Outreach Officer at ClearedJobs.net and Rachel Bozeman is Director of Talent Acquisition for Consumer Cellular.
Together, they're co-hosts of a new podcast called Security Cleared Jobs.
Rachel, I think there's a perception that having a security clearance
makes it so that when you're out there job hunting,
that you will demand a premium? There are fewer people in that community.
Is that an accurate perception? No, I really don't think that it is. I think that
salaries are such a hot topic everywhere, outside of cleared, inside of cleared, everywhere. So I really, I think that's
probably a misperception that's out there. Lots of the salaries that are set within the cleared
space are either set by the government contract. So there are salary ranges. And so a lot of people
think I can demand more having a security clearance. Well, you can't really demand more.
You will probably get more because you have that upper level skill set, but you also have
that upper level clearance.
But it's also going to be limited on what the government contract award was.
There will be other things.
We've talked about this several times on the podcast about there might not be some leeway within the salary, but there are definitely leeways within the
benefits that the company can offer. And then if you're working for the government in particular,
then there's also ranges as far as that can be. Rachel, anything else on that?
I'd say ditto. I think it's coming in and being able to ask the questions, I think, is the big piece to it.
Understanding all of those different pieces when working the salary.
But no, I think you outlined it beautiful.
Who are you all trying to target here with this particular podcast?
Who's the ideal listener that you're focusing on?
podcast? Who's the ideal listener that you're focusing on? So we've actually really narrowly focused the audience to being security cleared job seekers who want to hear from cleared facilities
employers. Rachel was one of our customers as a cleared facilities employer beforehand. And
fortunately for us in the podcast, she then left that space and is in the commercial
space. So now I get to have a friend and not worry about showing favoritism to a specific client.
Rachel, what do you think about some of the recruiters that we've interviewed for so far,
as far as their advice to cleared security job seekers? Their advice?
Security cleared job seekers. Yeah. The securityclear job seekers. Yeah, the security-clear job seekers.
Sorry.
Absolutely.
So it's everything from resumes.
It's how to talk about salary.
It's all of those different, and they're really focusing on the culture because that's what has to matter.
So when you think of the different type of roles, we talked about not limiting yourself
to just a particular employer, but really thinking about that diversity of different career opportunities that are out there, they've really focused on culture,
why their organization matters, things that should matter to any job seeker, but especially in that
cleared space where you're thinking of the different opportunities and where you're going
to land and where you're going to invest so much of your time. You spend more time usually with your work family
than your personal family
or your family that you didn't get to choose.
And so it's really important to understand that culture.
What are the things, their benefits,
are they a dog-friendly employer?
All of those different things that they offer there.
Cause let's just say mine's dog-friendly.
I'm not as friendly right
now because she wants to interrupt all the time today. But that's another fun thing about the
podcast. Pretty much everyone has dogs. And so we have some dog component in absolutely every
single episode so far. They give a lot of great advice, you know, just keep showing up, just keep
wagging your tail. Great things will follow.
Well, they're, they're loyal.
They're loyal for sure, right?
They are loyal and they, most dogs can pass that security clearance check.
So I don't know about mine, but most other ones could certainly pass.
Kathleen Smith and Rachel Bozeman are co-hosts of the new podcast, Security Cleared Jobs.
and Mighty Cortado.
Cozy up with the familiar flavors of pistachio or shake up your mood
with an iced brown sugar oat shake and espresso.
Whatever you choose,
your espresso will be handcrafted with care at Starbucks.
And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
The Cyber Wire podcast is proudly produced in Maryland out of the startup studios of Data Tribe,
where they're co-building the next generation of cybersecurity teams and technologies.
Our amazing Cyber Wire team is Rachel Gelfand, Liz Ervin, Elliot Peltzman, Trey Hester, Brandon Karp,
team is Rachel Gelfand, Liz Ervin, Elliot Peltzman, Trey Hester, Brandon Karpf, Eliana White,
Puru Prakash, Justin Sabey, Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen, Nick Vilecki,
Gina Johnson, Bennett Moe, Chris Russell, John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.