CyberWire Daily - Recent criminal activity–it’s as opportunistic as ever. Cyber risk to the pharma sector. Updates on the hybrid war. Returning Cobalt Strike to the legitimate red teams.

Starting point is 00:00:00 You're listening to the Cyber Wire Network, powered by N2K. Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions. This coffee is so good. How do they make it so rich and tasty? Those paintings we saw today weren't prints. They were the actual paintings. I have never seen tomatoes like this. How are they so red? With flight deals starting at just $589, it's time for you to see what Europe has to offer.

Starting point is 00:00:31 Don't worry. You can handle it. Visit airtransat.com for details. Conditions apply. AirTransat. Travel moves us. Hey, everybody. Dave here.

Starting point is 00:00:44 Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me. I have to say, Delete.me is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected. Delete.me's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Delete.me.

Starting point is 00:01:22 Now at a special discount for our listeners. private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code n2k at checkout. That's joindeleteme.com slash N2K, code N2K. Dex and team claims ransomware attack against AirAsia. DraftKings users suffer credential harvesting and pay card theft. Assessing cyber risk in the U.S. pharmaceutical industry. Killnet claims successes few others can discern. Coral Terrio on digital echo chambers and what's in it for us. Nancy Wong from Ford is Alert Logic discusses how she is helping more young women get into the STEM field and leadership positions.

Starting point is 00:02:24 And Google seeks to render Cobalt Strike less useful to threat actors. From the CyberWire studios here at DataTribe, I'm Trey Hester with your CyberWire summary for Tuesday, November 22nd, 2022. The Dexin team, a criminal ransomware game that was the subject of a joint CISA and FBI warning last month, has claimed a successful attack on Malaysian carrier AirAsia's networks. The gang claims on their portal, Hacker News Reports, to have stolen personal information associated with 5 million passengers and all of the airline's employees. According to Tech Monitor,

Starting point is 00:03:19 the attack is said to have happened on the 11th or 12th of November, and the Dachshund team has shared two spreadsheets showing what appears to be personal information from passengers and staff of the airline, including date of birth, country of birth, where the person is from, when employed for employees, and the secret question and answer used to secure accounts. End quote. In their advisory last month, the U.S. Cybersecurity and Infrastructure Security Agency and the FBI said that the Dexon team appeared to base their ransomware on leaked Babic Locker's source code. They also said that the gang has been known for its concentration on the healthcare sector, but clearly this particular group of hoods is branching out. DraftKings users have fallen victim to a hack the Action Network reported yesterday. DraftKings users have fallen victim to a hack the Action Network reported yesterday. Some users reported suspicious bank activity from the online betting platform, such as changed login credentials and spam emails. The company, however, reports no breach of systems.

Starting point is 00:04:22 CNBC reported yesterday that the online betting platform has said they've found no evidence of a breach of systems following the hacking reports. The company reports that less than $300,000 of customer funds were affected, and DraftKings co-founder and president for global technology and product Paul Lieberman said in a statement, quote, DraftKings is aware that some customers are experiencing irregular activity with their accounts. We currently believe that the login information of these customers was compromised on other websites and then used to access their DraftKings says they intend to make whole any customers that were impacted by the hacks. Given that DraftKings thinks customer login credentials were compromised on other sites where they'd been reused, it's worth reflecting on two familiar security best practices. First, don't reuse passwords. And second, enable multi-factor authentication where it's worth reflecting on two familiar security best practices. First, don't reuse

Starting point is 00:05:05 passwords. And second, enable multi-factor authentication where it's available. Moody's Investor Services released a report last week on cyber risks in the pharmaceutical industry. The report says that overall, the cyber risk to the pharmaceutical sector is low. The report details the pharmaceutical industry's systemic risks, labeling them as moderate, largely because of the sector's high profile and the significant potential for consequences of an attack. But cyber risk mitigations done by the industry as a whole keep the overall risk low, despite the moderate severity of systemic risks. Killnet continues its program of nuisance attempts against Western targets of opportunity.

Starting point is 00:05:44 The hacker auxiliary group has recently turned its attention to, among others, the British royal family, Computer Weekly reports. These have been the now familiar and largely ineffectual distributed denial-of-service attacks. Killnet made large and baseless claims of success, saying that it hit three targets in the UK, Bankers Automated Clearing Service, the London Stock Exchange, and the official website of the Prince of Wales. The group said the royal official site was down, adding, perhaps this is due to the supply of high-precision missiles to Ukraine. Also,

Starting point is 00:06:15 today all medical institutions, government services, and online services will stop working. No one else sees any signs of such successes. And finally, Cobalt Strike is a legitimate penetration testing toolset, but it's often mentioned in dispatches as one that criminals and state actors abuse against their targets. The security firm Fortra, formerly Help Systems, developed Cobalt Strike so users could emulate an attack against their networks in the course of testing for vulnerable software. Unfortunately, since the tool set was introduced 10 years ago, threat actors have been able to abuse it as what Google calls, quote, a robust tool for lateral movement in their victims' networks as part of the second-stage payload attack, end quote.

Starting point is 00:06:58 Google is seeking to make such abuse more difficult by, quote, releasing to the community a set of open-sourced Yara rules and their integration as a virus total collection to help the community flag and identify Cobalt Strike's components and its respective versions. Since many threat actors rely on cracked versions of Cobalt Strike to advance their cyber attacks, we hope that by disrupting its use, we can help protect organizations, their employees, and their customers around the globe. The rules focus on detecting versions of the tools being deployed across a system. The pirated versions are, Google explains, usually at least one version behind Fortra's latest version of Cobalt Strike. Screening them out and disabling them, Mountain View hopes, will take Cobalt Strike out of the criminal's hands and return it

Starting point is 00:07:42 to legitimate Red Team users where it belongs. Coming up after the break, Coral Terrio discusses digital echo chambers and what's in it for us. And Nancy Wong from Portis Alert Logic discusses how she's helping more young women get into the STEM field and leadership positions. Stick around. Do you know the status of your compliance controls right now? Like, right now. We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their

Starting point is 00:08:39 controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off. And now, a message from Black Cloak. Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?

Starting point is 00:09:36 Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives. Because when executives are compromised at home, your company is at risk. In fact, over one-third of new members discover they've already been breached. Protect your executives and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io. Nancy Wong is VP of Technical Product Management at AlertLogic by Help Systems. Nancy is looking to solve the low female employee representation in technical fields like software development, cybersecurity, and technical product management, especially in leadership positions.

Starting point is 00:10:33 When I joined AlertLogic in the R&D team, this was 10 years ago. I was the only female employee at the time out of almost like 200 people. Now, looking back, we have way more people in R&D, in tech, and then, you know, a lot of like pleasant change around female in leadership roles as well. But if we look at the stats, it's still not to the level that we, you know, we want to see, right? So you don't see the same amount of female tech employees or tech leaders compared to the male counterpart. So overall, I think the industry is definitely improving. And I've seen a lot more conference events recognition around female women in IT, women in technology conference, and then women's alliance groups. conference, and then women's alliance groups. Even here at AlertLogic, we have a women's alliance team that's formed last year. And a lot of things are thriving. So definitely improved over the

Starting point is 00:11:35 years. What about at events and conferences and things like that? Are you finding a shift in the tone there? Are folks more welcoming? I think so. I think so. It depends on sort of which type of conference that we're talking about, right? Of course, for, you know, specific conference related tech field, it's sort of slightly less focused around the gender. It's more on the subject matter, on the technical the gender. It's more on the subject matter, on the technical trend and industry focus. But then all some of the recent conference I went to, I spoke at the Women in Tech Texas conference, and I also attended the Women in IT Summit in New York this year. Both are a lot of focus talking about how do we bridge this gender gap in tech, in cybersecurity. And a lot of people, including myself, are super passionate about it.

Starting point is 00:12:33 We are saying what we are doing in our day-to-day lives about mentoring fellow female employees. What we're trying to do, we're brainstorming ideas about how do we even reaching out to the younger generation and for our next generation to come, this gap, what we want to see and what I want to see is this gap being smaller and smaller. And by the time I have two girls, by the time my girls are entering the workforce, hopefully this gap will not exist. How far back do you suppose we need to go to get young girls interested and involved and give them a sense that there is a place for them here? Do we begin in elementary school, middle school? Where do you suppose a good place is?

Starting point is 00:13:18 It's interesting you ask. So this one thing I learned, you know, attending this Women in IT conference earlier this year was I learned someone showed me a study result, right? So study shows that the kids in the middle school ages, middle school years are actually the most crucial for them to determine what they can and cannot do in life. So I would say start from young, but then definitely focus on the middle school years. So one of the ideas we came up with was kind of from a personal experience as well. I spoke at the career day at my older daughter's class. So they're fifth graders and kids just, they are not aware like what cybersecurity is about, you know, what do you do as a product manager. So it's crucial to kind of explain the different career paths that entering STEM field can open up to, right? It's not necessarily

Starting point is 00:14:20 always sitting there, sitting at your computer programming. There are so many different career paths one can get into when they enter the technical field and STEM field. So based on that study, you know, we came up with the idea of saying, hey, why don't we, a group of leaders, female leaders in the technical field, why don't we offer free in-person and virtual career days for just, you know, not just our kids, for just anybody, right? We offer that up and we provide this just level of awareness so that we can let the girls know, try, you know, don't be afraid of trying new things. Be confident. You do not shut the door in front of you before you even explore the potential. What are some of the stories that you hear from some of these young women as you talk to them? Is there a bit of realization or a revelation that perhaps this is something they can pursue?

Starting point is 00:15:18 Or do some of them already have their sights set on it? Yeah, I definitely got a lot of interest. So in speaking to my daughter's class, and then I did a similar sort of training and class to the Girl Scout group my older wife's in as well. I think it's just, it's an interesting field for them, right? It's, they have no idea what cybersecurity is about. They even correlated to kind of some, their life experience. Like a lot of girls are, or, you know,

Starting point is 00:15:48 girls and boys are playing a lot of games now. And they're saying, oh, you know, like some people reaching out to me on this game, they're strangers, they want to kind of, you know, chat with me.

Starting point is 00:16:01 And then I just, I kind of quoted, hey, this is a way of way of hacking into your lives. And this is like relevant to social engineering. You know, that kind of relationship, it triggers their interest. I hope, you know, I think I definitely see a lot of interested eyes in the audience. And I hope this kind of triggers them to research more later on in their lives and in their study as well. That's Nancy Wong from AlertLogic.

Starting point is 00:16:43 Our UK correspondent, Carol Theriault, files a report on digital echo chambers and what's in it for us. So I was thinking about these digital echo chambers of ours. You know how our online media feeds present us each with content, opinions, and ads curated just for us individually. Of course, I can see the benefit for providers like YouTube or Facebook and the like. If a user consumes some content without bouncing out early or immediately starting a new search, chances are that they might like to see something similar. And of course, we know that's how they win. You stay on the site, they boost their ad revenue potential. we know that's how they win. You stay on the site, they boost their ad revenue potential.

Starting point is 00:17:32 But the question is, what's in it for us, if anything at all? Recent research and opinion on the topic of echo chambers showed a number of different angles. For instance, I saw that a Harvard Business Review report said that the higher leaders go, the more likely they'll find themselves in an echo chamber, surrounded by people who think like them and agree with them. A problem if you're trying to find a solution to a problem and can only look at it from one perspective. A recent study from New York University says that by many measures, mass polarization is on the rise in the U.S. Americans are more willing to condone violence, less open to relationships that cut across party lines, and are more prone to partisan

Starting point is 00:18:12 motivated reasoning. And the concern is that social media is accelerating this polarization. I'm not an expert, but in my little world, echo chambers have served to make people more certain of their opinions and less tolerant of others, and me included. On some issues, I've been utterly flabbergasted about how other people seem to respond to the same story, like completely perplexed, and sometimes even emotional. But I have to remember that what shaped my opinion was very different to what shaped their opinions. Who knows where we would each be and what positions we would take if we swapped chambers for a beat or three. One research paper suggested that randomly disrupting our feeds with other viewpoints on a topic serves to calm polarity in opinion but another focusing on radical echo chambers said that when a group felt invaded by opposing viewpoints on a topic serves to calm polarity and opinion. But another focusing on

Starting point is 00:19:05 radical echo chambers said that when a group felt invaded by opposing viewpoints, they undermined or marginalized the invader, suggesting that there might be limited potentials to counter messages to underline radical behaviors in these chambers. Now we've seen Elon Musk, the richest man in the universe and the new owner of Twitter, warning that it is important for the future to have a common digital town square. Others argue no, no. This type of polarization actually correlates with increases in inequality and economic decline. So there are a lot of opinions and a lot of research and no answers that I see. But echo chambers seem dangerous to me.

Starting point is 00:19:53 What do you think? This was Carol Terriott for The Cyber Wire. Thank you. a default-deny approach can keep your company safe and compliant. Clear your schedule for you time with a handcrafted espresso beverage from Starbucks. Savor the new small and mighty Cortado. Cozy up with the familiar flavors of pistachio, or shake up your mood with an iced brown sugar oat shake and espresso. Whatever you choose, your espresso will be handcrafted with care at Starbucks. And that's The Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com. The Cyber Wire podcast is a production of N2K Networks and proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technology.

Starting point is 00:21:44 Eliana White, Puru Prakash, Liz Irvin, Rachel Gelfand, Tim Nodar, Joe Kerrigan, Carol Terrio, Maria Vermasas, Ben Yellen, Nick Falecki, Gina Johnson, Bennett Moe, Katherine Murphy, Janine Daly, Chris Russell, John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie, Simone Petrella, and I'm Trey Hester, filling in for Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Your business needs AI solutions that are not only ambitious, but also practical and adaptable. That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,

Starting point is 00:22:40 helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.

CyberWire Daily - Recent criminal activity–it’s as opportunistic as ever. Cyber risk to the pharma sector. Updates on the hybrid war. Returning Cobalt Strike to the legitimate red teams.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.