CyberWire Daily - Russia retaliates against the US with tit-for-tat PNGs, consular closure. Assange has no more Internet (until he behaves). Fauxpersky and WannaCry seen in the wild. Facebook works on privacy.
Episode Date: March 29, 2018In today's podcast, we hear that Russia has retaliated against the US with diplomatic expulsions and at least one consulate closure. Potential cyber operations remain a matter of concern. Julian ...Assange no longer has Internet access in his room at Ecuador's embassy. WannaCry hits a Boeing plant, but Boeing is resilient enough to work through the infection. A new keylogger pretends to be Kaspersky AV, but not very convincingly. Facebook works to upgrade user privacy, and Apple says it doesn't need to do the same. David Dufour from Webroot with tips for first-time conference goers. Guest is Deral Heiland from Rapid7 on smart sensors.  Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Russia retaliates with diplomatic expulsions and at least one consulate closure.
Potential cyber operations remain a matter of concern.
Wanna Cry hits a Boeing plant, but Boeing is resilient enough to work through the infection. A new
keylogger pretends to be Kaspersky AV, but not very convincingly. Facebook works to upgrade
user privacy, and Apple says it doesn't need to do the same.
From the Cyber Wire studios at DataTribe, I'm Dave Bittner with your Cyber Wire summary for Thursday, March 29, 2018.
Russia has promised to retaliate in response to the more than 25 countries who have taken diplomatic measures to protest the Salisbury assassination attempts and has just begun to do so.
to protest the Salisbury assassination attempts and has just begun to do so.
Sputnik News is reporting this afternoon that Foreign Minister Lavrov has summoned U.S. Ambassador John Huntsman to inform him that Russia will match
the U.S. expulsion of 60 Russian diplomats by sending an equal number of Americans home.
The Russian government will also match the U.S. closure of the Seattle consulate
by shuttering the American consulate in St. Petersburg.
The Russian government had earlier expelled British diplomats
and ordered the British Council to cease its activities in Russia.
Other retaliation is expected.
Kremlin representatives have been saying they reserve the right to respond at some appropriate time.
Lavrov did say this afternoon that Russian action would mirror those taken by Western countries,
so further tit-for-tat declarations of diplomats from other nations' persona non grata are probably coming.
Russia has denied any involvement in the Salisbury nerve agent attack,
calling the evidence the UK has a hoax.
Russian sources have also suggested the incident is either a British or an American provocation,
aided and abetted by the Czech government, which Moscow hints could have provided stocks
of Novichok nerve agent to the provocateurs.
Essentially, no one believes this, but Sputnik is reporting that Foreign Minister Lavrov
also said that Russia intended to convene an emergency meeting of the Organization for Prohibition of Chemical Weapons, in what Russia calls a bid to start a dialogue and establish the truth.
is an intergovernmental group composed of the 192 signatories to the Chemical Weapons Convention.
It's headquartered in The Hague and works to enforce chemical weapons control and non-proliferation measures.
It's worth noting that as nuanced and lawyerly as Russian-English language services such as Sputnik and RT have been, that country's domestic media have been a lot
rowdier about the Salisbury incident as a cautionary tale of spies and turncoats getting
their proper comeuppance. Why are we spending so much time on diplomacy? It's because of the degree
to which cyber operations now interpenetrate international conflict and tension. The
retaliation that most concerns Western countries, particularly the UK
and the US, is the prospect of Russia executing a cyber attack against electrical power grids
that's been long under preparation. There's other news related to tensions between Russia and the
West, and it too occurred in England. Yesterday, Ecuador cut off WikiLeaks founder Julian Assange's
internet access,
saying he violated a written undertaking not to do things that would damage Ecuador's international relations.
They yanked Assange's connection apparently for at least two reasons.
He's been tweeting support for a Catalan separatist leader arrested in Germany to be handed over to Spanish authorities.
And more significantly, he's also been tweeting in Russia's interest and against Britain's
in the ongoing matter of the Salisbury nerve agent attacks.
The proliferation of IoT devices continues at an ever-increasing rate,
and many of those devices fall into the category of smart sensors,
designed to measure or take a reading on something and report back what they know.
Daryl Hyland is research lead for IoT technology at Rapid7,
and he joins us to share his views on smart sensors.
So a smart sensor is nothing more than some kind of device, whether it is a device for
measuring blood pressure or blood sugar levels in somebody,
and be able to communicate that data somewhere else. Or in the area of a smart city, it may be in a lighting system within the city
that can actually detect traffic movement, as an example,
and be able to feed that information back into some kind of more higher-level data analytics-type system
for making decisions within
the environment. So basically, it is a device that has an embedded type technology that has the
ability to detect, measure, and gather pertinent pieces of information that could be used for
further analysis somewhere else. And is the information flow from these devices generally in one direction? It varies.
It really comes down to the type of sensor. In most cases, that happens to be the case. It is
purely an informational gathering type device, but not always. There can be sensors that
can take, obviously, various configuration changes or alterations
in that direction also, giving them the ability to be reconfigured or modified or, at a bare
minimum, possibly firmware upgrades, things like that done to them.
So, obviously, there are many benefits to having these devices, but your research shows
that there can be some vulnerabilities as well. Yes. As we start thinking about what these devices are used for, it makes us want to stop
and step back and think about it. What is the impact if issues or vulnerabilities arise in
these devices when we're trying to deal with information that's gathered that could be
confidential or information that's gathered that could be confidential or information that's gathered that
used to make critical decisions. You know, what is the impact on confidentiality, you know,
integrity, or even availability? If somebody can take these devices offline with some kind of
denial of service type attack, how does that impact us based on how we're actually utilizing
the technology? Can you give us some specific examples of cases where this could be problematic?
Yeah, I guess an example would be what if a smart city is using sensor-based technology for
monitoring traffic flow within a city and making decisions on that type of information?
Could easily lead to major traffic jams,
very difficult to get out of the city at the end of the day.
Things are not working right.
The traffic flow isn't being able to be monitored, detected, altered, those type of things.
Other examples could be within the industrial environment where sensor-based technology is potentially used for
measuring and monitoring equipment performance or tank pressures or boiler pressures? What if that
information is altered, messed up, or not available? What's the potential hazard there? I mean, it could
lead to catastrophic failure of equipment, potentially risk the life and limb.
And of course, obviously, I guess in the medical community, that would be a real risk as well.
I think what we're seeing with some of the medical stuff is kind of fascinating.
Right now, obviously, you can get kind of technologies that measure like blood pressures
and blood sugar monitors.
I have a device that I can attach to me that I can use for monitoring
blood sugar type levels in my body. So if those things aren't accurate when it comes to a blood
sugar example, it may lead to somebody who's a diabetic increasing their dosage of insulin when
they didn't need to potentially harm them. So have you seen examples of people trying to
exploit these sorts of things or is it mostly theoretical at this point?
I think there's been very little done out there.
I remember some discussions on some lighting systems, some research or some hacks that were done out there here a couple years ago in reference to those type of things.
But right now, I think we're fairly early in the stage.
The actual massive growth in this area around smart cities and smart grids and industrial
is just starting to explode now. So my train of thought is let's get our arms around
how we're going to approach the security, how we're going to think about the security,
how we're going to monitor, maintain, and patch, repair these type of vulnerabilities, issues as they arise, or how we're actually going
to deploy the technology effectively now before it becomes so ingrained into everything we do
and we don't have the ability to make those quick changes or fixes.
That's Daryl Hyland. He's from Rapid7.
quick changes or fixes. That's Daryl Hyland. He's from Rapid7.
In other cyber news, WannaCry has resurfaced, infecting a Boeing 777 assembly line in South Carolina yesterday. Boeing says the infection has been contained, was minor, and didn't interrupt
production. A new keylogger is circulating in the wild. Its discoverers, researchers at Cyber Reason, call it Fopersky because of the malware's rather lame attempt to impersonate a legitimate Kaspersky antivirus splash screen. Built on AutoHotKey, a legitimate tool, the malware is, according to Cyber Reason researchers, unsophisticated but efficient, with a large appetite for data and not much stealth.
Drupal has issued a patch for a severe remote code execution vulnerability.
Users are being urged to apply it as soon as possible.
Observers think the bug likely to be exploited in the wild within a matter of days, if not hours.
Facebook has pushed some new privacy tools, policies, and settings.
Users will now be able to see their privacy settings, formerly spread over about 20 pages,
on a single page.
Facebook has also added an Access Your Information feature that displays all the information
you've made accessible and to whom.
The upgrades have received mixed reviews, with most observers taking the understanding view that,
well, Facebook has to do something to restore the trust
the Cambridge Analytica data scandal damaged.
For its part, Apple has done some pardonable gloating,
reminding everyone that if you're not paying for the product,
you are the product.
CEO Tim Cook told MSNBC that, quote,
The truth is, we could make a ton of money if we monetized our customer, end quote,
but unlike some others, they don't.
When asked what he would do if he were Facebook CEO Mark Zuckerberg,
Cook simply replied, I wouldn't be in this situation.
And finally, congratulations to the people and companies
honored this week by the Cybersecurity Association of Maryland.
Regional awards went to Anne Arundel County's Bridges, Baltimore County's Syncopated Engineering, Thank you. Dale, and Montgomery County's CoolSpan. In the general awards, the People's Choice Award, sponsored by Gula Tech Adventures,
went to Dr. Emma Garrison Alexander of the University of Maryland University College.
The Anne Arundel Economic Development Corporation won recognition with the Industry Resource Award,
and the Cybersecurity Champion of the Year went to Ellen Hemmerle of BW Tech at UMBC,
the incubator at Research and Technology Park.
Cyber Crucible was named the Cybersecurity Company to Watch, and CSIOS Corporation took
honors as Cybersecurity Defender of the Year. The Cybersecurity Innovator of the Year Award went to
Howard County's Pride and Vale, specialists in protecting data at rest and surely a company to
watch closely.
And we're pleased to say that the Cybersecurity Diversity Award went to us, the CyberWire,
in recognition of our diversity efforts and our Women in Cyber program.
Thanks very much to Maryland Cyber for the honor, and special congratulations to our
social media editor and community outreach director, Jennifer Iben, for her long and patient
work. Calling all sellers. Salesforce is hiring account executives to join us on the cutting edge
of technology. Here, innovation isn't a buzzword. It's a way of life. You'll be solving customer
challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now? Like, right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks. have continuous visibility into their controls with Vanta. Here's the gist.
Vanta brings automation to evidence collection
across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And joining me once again is David DeFore. He's the Senior Director of Engineering and
Cybersecurity at WebRoot. David, welcome back. We wanted to talk this week about security
conferences, RSA is coming up.
And you have some tips for folks who might be heading off to their first conference.
A little words of wisdom?
Yes. Hey, it's great to be back, David.
RSA is coming up very soon here.
And, you know, we with a lot of experience having gone to many, many security conferences, and especially coming from the
engineering side, I have some recommendations for both the sales and marketing folks and the
engineering folks. You know, the number one thing that the sales and marketing folks always tell me,
David, is we've got to make sure we have all of our matching shirts and tennis shoes. Because if
we don't look the same, we're not going to be able to sell any products. So make sure you've got your wardrobe figured out and your sales and marketing team have told you what you're going to be wearing.
Yeah, critical, critical, freshly pressed and washed.
That's exactly right.
But in all seriousness, a couple of quick technical things.
When you're going to a security conference, if it's not obvious, you want to be super aware of using Wi-Fi,
even having your Bluetooth on, you know, make sure you're being, you have your like cyber hygiene on
steroids going, where you're maybe not bringing your smartphone to the conference floor, you're
leaving that laptop in the hotel room, because you don't want hackers who are, you know, running
rampant around these security
conferences getting into your devices. That would be a little bit embarrassing, I think.
And you want to make sure you tell your sales and marketing folks the same thing.
You know, some other things, just in general, what I find when I go to these large security
conferences, the big booths with the big manufacturers, they're great. They've probably
got the coolest swag with t-shirts and stuff like that. But from a purely technical side, the place to go is the back of the room, those little bitty
booths where the folks have literally spent their entire marketing budget to make it there.
Because there's some super interesting products, super interesting ideas.
How about in terms of just pacing yourself? I think especially for first timers, you walk onto that show floor and it can be overwhelming. How do you even break down how to best spend your time?
break your time down. I always try to make two passes at whatever conference I go to.
The first one just being a rundown up and down the aisles, taking a look at who's there,
who's interesting. And then I kind of make a game plan from there. And then I'll try to find some time later on in the conference once people are in their groove, once that first wave hits and it's broken, that's when I kind of go
around that second time and I walk a little slower.
I make sure I'm talking to people because at that point, they're looking to talk to
you and they have more time because there's not a million people around.
All right.
Good advice as always.
David DeFore, thanks for joining us.
Thanks for having me, David.
to four. Thanks for joining us. Thanks for having me, David.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total
control, stopping unauthorized applications, securing sensitive data, and ensuring your
organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default
deny approach can keep your company safe and compliant.
And that's the Cyber Wire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast
of this rapidly evolving field,
sign up for CyberWire Pro.
It'll save you time
and keep you informed.
Listen for us
on your Alexa smart speaker, too.
The CyberWire podcast
is proudly produced in Maryland
out of the startup studios
of DataTribe,
where they're co-building
the next generation
of cybersecurity teams
and technologies.
Our amazing CyberWire team
is Elliot Peltzman,
Puru Prakash, Stefan Vaziri, Kelsey Vaughn,
Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen,
Nick Volecki, Gina Johnson, Bennett Moe, Chris Russell,
John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie,
and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. practical and adaptable. That's where Domo's AI and data products platform comes in. With Domo,
you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents
connect, prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more at
ai.domo.com. That's ai.domo.com.