CyberWire Daily - Ransomware warnings in Ireland, New Zealand, Germany, and the US. Belgium’s new cybersecurity strategy. A tipline to dime out cryptominers. Air India passenger data breach.
Episode Date: May 24, 2021Ransomware warnings in the US, Ireland, New Zealand, and Germany--healthcare organizations are said to be at particular risk. Belgium adopts a new cybersecurity strategy. China isn’t happy with free...lance cryptominers. Air India sustains a third-party breach of passenger personal data. An FBI analyst is indicted for mishandling classified material. Rick Howard previews this week’s CSO Perspective podcast and kicks off cybersecurity canon week with author Perry Carpenter. And happy birthday, US Cyber Command. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/99 Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Ransomware wearings in the U.S., Ireland, New Zealand, and Germany.
Healthcare organizations are said to be a particular risk.
Belgium adopts a new cybersecurity strategy.
China is not happy with freelance crypto miners.
Air India sustains a third-party breach of passenger personal data.
An FBI analyst is indicted for mishandling classified information.
Rick Howard previews this week's CSO Perspectives podcast
and kicks off Cybersecurity Canon Week with author Perry Carpenter.
And happy birthday, U.S. Cyber Command.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Monday, May 24th, 2021.
This week opens up much as last week ended, with a great deal of attention paid to the
continuing problem of ransomware. The U.S. FBI has warned that the Conti ransomware is a current
threat, especially to health care and emergency response organizations. The Bureau counts more
than 400 Conti attacks worldwide. Some 290 of those targets were based in the U.S.,
including law enforcement agencies, emergency health care networks, and 911 dispatch centers.
The record points out that the timing of the alert is no accident,
coming as it did shortly after the gang behind Conti, Wizard Spider in some accounts,
a gang generally believed to operate from Russia,
hit healthcare agencies in New Zealand, and especially in Ireland.
Some of these attacks have interfered with scheduling certain kinds of patient care.
The highest-profile Conti incident currently in progress is Wizard Spider's ransomware attack on Ireland's HSE healthcare agency. It's been disruptive and protracted, with the HSE saying that the cyber attack on our IT systems has caused some disruptions to our service.
Emergency services are being provided as necessary, although staff is reported to be
unusually busy. Other, more routine procedures are also being offered, but with some difficulties and delays.
According to the Irish Times, Dublin is working to resolve HSE's problems and has ruled out paying the ransom.
Minister for Public Expenditure Michael McGrath said that patients' personal information is in the hands of the criminals,
but that the government is resolved not to pay the ransom the hoods have demanded.
Quote,
The state will not be paying a ransom, and we haveiner reports, if their extortion demand isn't met.
The Minister for Further and Higher Education,
Simon Harris, said, quote, there's some evidence that it may already have happened in some
instances, and that's been verified by the Gardai, end quote. One of the predictable effects of data
exposure is an increase in fraud, and Minister Harris reminded all that the government, quote,
will never call asking for
your bank details over the telephone or by email, end quote. Nonetheless, Gardai are preparing for
what the Irish Times calls an avalanche of fraud claims. The Guardian reports that New Zealand's
Wakato District Health Board, which was hit with ransomware last Tuesday, continues to struggle
with its own recovery from what an official has characterized as the biggest cyber attack in the
country's history. RNZ said that about 20 percent of elective procedures are being rescheduled
and that the system is not expected to return to normal until next week.
The head of Germany's IT security agency, BSI, independently warned that ransomware in general is a growing threat, and he too sees the healthcare sector as a particular risk.
Heise writes,
Colonial Pipeline continues to investigate the dark-side ransomware attack it sustained on May 7th.
It's still not known publicly exactly what vulnerabilities, either human or technical, were exploited during the incident, CNN reports.
But government and private sector organizations have been looking to shore up defenses that might prevent them from becoming victims of similar attacks.
An op-ed in The Hill argues that the attack should
serve as a wake-up call for hardening our cyber defenses, a conclusion few would dispute. It urges
three areas deserving increased attention, intelligence and deterrence, post-attack recovery
and resilience, and more attention to security training. DarkSide may have benefited from security researchers' public airing
of some flaws in DarkSide's own code.
DarkSide, in any case,
woofed that a security firm's release of a free decryption tool
had simply helped the gang with its own quality control.
MIT Technology Review urges security researchers
to find ways of helping victims of cyberattack
that don't wind up helping
the attackers by flagging issues with malware. It's difficult to see an easy way of doing this.
At some point, after all, the criminals will get wise to ways in which the effects of their attacks
can be circumvented. But the challenge seems to be worth some thought.
The recent record of the ransomware gangs, infrastructure, hospitals,
emergency call centers, would seem to give the lie to the gangs' claims that they're sensitive
to the social effects of their attacks. But any organization that the criminals think has the
wherewithal to pay is a potential target. Shortly before it announced its dubious intention to shut
down, for example, the Dark Side gang hit British insurer OneCall, computing reports.
The government of Belgium has adopted a new cybersecurity strategy
that gives priority to six strategic areas.
Investing in secure network infrastructure,
raising awareness of cybersecurity threats,
protecting vital institutions,
deterring cyber attacks, improving public, private, and academic partnerships,
and articulating a clear international commitment to the issue, the record reports.
The Financial Times says the Inner Mongolia Development and Reform Commission
has created a hotline for reporting illegal crypto mining.
The government objects to people stealing power to mine coin.
Cryptocurrencies are also seen as potential competitors to the country's new digital yuan,
which the government hopes to position as a digital reserve currency.
The airline passenger data provider Cita at the beginning of March disclosed a data breach
that's apparently continuing to make its effects felt in the air travel industry. Over the weekend, Air India
warned that some four and a half million passengers' data had been compromised. The data exposed
includes names, some credit card details, dates of birth, contact information, passport information,
ticket information, and Star Alliance and Air India
frequent flyer data. TechCrunch takes this as evidence that the initial CITA breach
was deeper and more serious than realized at the time it was first disclosed.
An FBI analyst has been arrested and charged with mishandling classified material.
Kendra Kingsbury, 48, of Dodge City, Kansas, who had worked for the FBI's
Kansas City Division, was arrested last Tuesday and charged with two counts of willful retention
of national defense information, material classified at the secret level she's said to
have removed from her office and taken home with her between 2004 and 2017. The Department of Justice said Friday,
Kingsbury is alleged to have violated our nation's trust
by stealing and retaining classified documents in her home for years.
End quote.
The government hasn't revealed a motive for the theft,
and there's no mention of Ms. Kingsbury's having leaked the documents to anyone.
The arrest came, the Justice Department says,
in the course of investigation into potential insider threats.
And finally, a belated happy birthday to U.S. Cyber Command,
which marked the 11th anniversary of its formation on Friday.
Calling all sellers. Thank you. Do you know the status of your compliance controls right now? Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home,
your company is at risk. In fact, over one-third of new members discover they've already been
breached. Protect your executives and their families 24-7, 365 with Black Cloak. Learn more And joining me once again, as he often does on Mondays, is Rick Howard.
He is the CyberWire's Chief Security Officer and also our Chief Analyst.
Rick, great to have you back.
Hey, Dave.
So it is an exciting week.
It is Cybersecurity Cannon Week here at the CyberWire.
And I know that is a week that is near and dear to your heart.
Can you explain what's going on here for us?
Well, yeah, Dave. You know, it may have slipped out on one of these weekly interviews that you and I do that I'm an avid reader of good cybersecurity books.
You know, I may have mentioned it a couple of times.
No, Rick, I don't know what you mean.
You are a reader of cybersecurity books.
Have we talked about this before? Like, oh, I don't know, every other time you were on when
you were still with Palo Alto Networks and before you joined the Cyber Wire, it seems to me like we
talked about this a lot. Yeah, maybe at every staff meeting. Yeah, I know. I get it. I know
it sounded a little like broken record to you, but, and I get the same reaction from my family.
When I tell them I'm reading some new cybersecurity book,
I get the eye roll or the glaze, right?
Okay.
But I started this project about seven years ago,
and it's called the Cybersecurity Canon Project.
It's kind of a rock and roll hall of fame for cybersecurity books,
and the mission is to identify all the books that cybersecurity professionals should have read by now. And last week, the Cybersecurity Canon Committee
announced the Hall of Fame winners for 2021. And here at the Cyber Wire, we have partnered with
the Cybersecurity Canon Project in order to get the word out about these great books. So what does
that mean? What are we doing for Cybersecurity Canon Week? Yeah, so each day this week, your audience will hear my short interview in the daily podcast with
one of the authors that had just been inducted into the Hall of Fame. We have five interviews
in total, Monday through Friday. And then on the CyberWire Pro side, our subscribers will get
access to the complete long-form interviews in a week or so in my CSO Perspectives podcast feed.
All right.
Sounds good.
Well, speaking of CSO Perspectives, what is in store for us this week on that show?
Well, you know, Dave, we plan these seasons weeks in advance.
And a perfect example of even a broken watch is right two times a day.
We're talking about how to secure the supply chain
at the same time that the story
of the Colonial Pipeline ransomware attacks
here in the States are still unfolding.
We have Ann Johnson from Microsoft
and Ted Wagner from SAP coming to the hash table
to provide some insights
on how they think we should tackle these issues.
All right, well, that's an all-star cast for sure.
What about on the ad-supported side?
What's going on there?
So this week's episode is when I finally figured out what the podcast is really about.
You know, the previous episodes were good, but it was me all over the map on a wide range
of topics.
But on this episode, we started talking about cybersecurity first principles.
And it's the idea that our community has been sliding along for almost 30 years, incrementally improving our defensive posture, but never stopping to consider if we have been going in the right direction in the first place.
And so in this episode, we try to make the case for what is the ultimate goal for any cybersecurity program.
And I'm going to bet you will be surprised by the answer.
All right.
Well, we will have to check that out.
Please do so.
You can go to our website, thecyberwire.com.
Look for CSO Perspectives and see what it's all about.
Rick Howard, thanks for joining us.
Thank you. solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions
designed to give you total control, stopping unauthorized applications, securing sensitive
data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see
how a default deny approach can keep your company safe and compliant.
All this week, my CyberWire colleague Rick Howard is sharing interviews with authors of his favorite cybersecurity books, each one an entry in the
Cybersecurity Canon. Here's Rick Howard to explain. It's Cybersecurity Canon week here at the Cyberwire
and unofficially all of the Cyberwire staff members are referring to this week as Shark Week
for cybersecurity books because the Cybersecurity Canon project has announced the author selectees for the Hall of Fame Awards in 2021.
And I'm interviewing all the winning authors.
Each day this week, you will get a taste of the winning author interviews here in this daily podcast segment.
But you can listen to the entire long-form interviews as special episodes in my CSO Perspectives podcast,
only available to the CyberWire Pro subscribers.
CSO Perspectives podcast only available to the CyberWire Pro subscribers.
Today's interview is with Perry Carpenter, the author of Transformational Security Awareness,
What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors.
I started out by asking Perry about his reaction to being included in this stellar collection of must-read cybersecurity books.
Man, this is not something that I expected when I wrote the book.
I kind of wrote words and threw them out into the wind, hoping that they would be accepted
by the community.
I've been super humbled by the fact that it's not only been accepted by the community, it's
been embraced.
And I hear stories every day about the impact that this book is having on people's lives and their programs.
So I want to thank Rick, thank Ben and Ron for the nomination and the induction into this.
And certainly, man, I want to thank the entire crew of folks that I work with that know before that supported me on this project as I was giving a lot of my time and energy. So thank you so much. I am super humbled by this and I hope that I am
able to continue to contribute in meaningful ways going forward. Perry has a theme running through
the book that he calls the knowledge, intention, and behavior gap. The first one of those is just
because I'm aware doesn't mean that I care.
The second one is if we try to work against human nature, we will fail. That's what most of our policies in the security field try to do. They try to build some kind of practice and say that
we have to do things and they don't take human nature into account. Ultimately, we just end up
frustrated as security leaders because our
people aren't doing the things that we've printed on the page and we don't understand why. And that
leads us to number three, which is that what our employees do is way more important than what they
know. And I'll say it as bluntly as I can. What somebody has known has never stopped a breach.
It's the behavior in the moment,
regardless of what somebody knows. The book is called Transformational Security Awareness,
What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors.
The author is Perry Carpenter, and he is the newest addition to the Cybersecurity Canon
Hall of Fame. And if you're interested in the collection of Cybersecurity Canon Hall of Fame. And if you're interested in the collection of Cybersecurity
Canon Hall of Fame books, plus all the candidate books and even the best novels with the cybersecurity
theme, check out the Cybersecurity Canon website sponsored by Ohio State University at
icdt.osu.edu slash cybercanon, all one word. And with one N for Canon of Literature, not two Ns for machines that blow things up.
And if that's too hard, go to your preferred search engine and type Cybersecurity Canon and Ohio State University.
And congratulations to Perry Carpenter for his induction into the Cybersecurity Canon Hall of Fame.
And that's The Cyber Wire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
Don't forget to check out the grumpy old geeks podcast where I
contribute to a regular segment called security. I joined Jason and Brian on their show for a
lively discussion of the latest security news every week. You can find grumpy old geeks where
all the fine podcasts are listed and check out the recorded future podcast, which I also host
subject there is threat intelligence. And every week we talk to interesting people
about timely cybersecurity topics.
That's at recordedfuture.com slash podcast.
The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTribe,
where they're co-building the next generation of cybersecurity teams and technologies.
Our amazing CyberWire team is Elliot Peltzman, Guru Prakash, Kelsey Bond, Tim Nodar, Joe Kerrigan,
Carol Terrio, Ben Yellen, Nick
Vilecki, Gina Johnson, Bennett Moe,
Chris Russell, John Petrick, Jennifer
Iben, Rick Howard, Peter Kilby,
and I'm Dave Bittner. Thanks for listening.
We'll see you back here tomorrow. Thank you. are not only ambitious, but also practical and adaptable. That's where Domo's AI and data
products platform comes in. With Domo, you can channel AI and data into innovative uses that
deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.