CyberWire Daily - Russian dogs not yet barking in German elections. ISIS is doing a lot of howling at lone wolves. Equifax updates. CCleaner found unclean. OurMine hacks Vevo to avenge its honor.
Episode Date: September 18, 2017In today's podcast, we note reports that, while Germany will hold elections Sunday, Russian cyber operators seem quiet. Too quiet? Switzerland and Singapore both report sustaining state-sponsored cyb...er espionage attempts. ISIS howls for its lone wolves to hit soft targets. The Equifax breach news isn't getting any better. Cisco finds a backdoor in an Avast security product. Chris Poulin from Booz Allen Hamilton, our newest industry partner, introduces himself. He leads the Internet of Things security strategy in Booz Allen’s Dark Labs, as well as dabbles in Machine Intelligence. He joins BAH from IBM, where he lead their X-Force research teams and built the first prototype Watson for cybersecurity.OurMine hackers hit Vevo to redress an insult delivered over LinkedIn. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Recorded Future's user conference RFUN 2017 comes to Washington, D.C. , October 4th and 5th, 2017, bringing together the people who put the act in actionable intelligence. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Germany will hold elections Sunday, and the Russian cyber operators seem quiet.
Too quiet.
Switzerland and Singapore both report sustaining state-sponsored
cyber espionage attempts. ISIS howls for its lone wolves to hit soft targets. The Equifax
breach news isn't getting any better. Cisco finds a backdoor in an abased security product.
Our mine hackers hit Vivo to redress an insult delivered over LinkedIn.
over LinkedIn.
I'm Dave Fittner in Baltimore with your CyberWire summary for Monday, September 18, 2017.
As Germany prepares for Sunday's federal elections, the country remains on high alert for last-minute Russian election meddling.
This is especially true after reports of vulnerabilities in the nation's electronic voting systems led people to fear manipulation of the count, and after episodes
of apparent attempts at influence operations earlier this summer. But so far, with the election
less than a week away, the mystery is that Russian influence operations and attempts at disruption
have fallen off dramatically, so the dog isn't barking. It's unknown whether
this is because Russian involvement in the election is a myth, basically this is the
official Russian position, well represented in the media by RT but taken seriously by
few, or because German security measures have been remarkably effective during the electoral
season's endgame, or for some other reason.
Switzerland's defense ministry has announced that it detected and blocked
state-sponsored attempts at intruding into the ministry's networks.
The incident, said to have occurred in July, isn't attributed to any specific nation,
but sources suggest that it showed similarity to Turla activity.
Turla has been connected by many security researchers with Russian espionage services.
Singapore's government has also said that an unnamed agency was probed by a foreign
cyber espionage campaign late last year. Sources don't name the state suspected,
but said that it was one that had hitherto not been particularly active in the East Asia and Pacific region.
ISIS has claimed responsibility for Friday's fizzled but damaging bombing in London's Tube.
The ISIS soldier suspected in the attack is in custody,
apparently tracked down in large part because security cameras,
practically ubiquitous in London,
followed him and his distinctive red hat away from the scene of the attack.
Last week, officials of the U.S. Department of Homeland Security said that recent hurricanes had raised U.S. vulnerability to terrorist attack.
Resources are stretched thin, law enforcement and first responders are coping with damaged infrastructure,
and large concentrations of potential victims are crowded into necessarily weakly secured emergency location sites,
and ISIS appears primed to take advantage of the natural disasters.
The caliphate has been howling to its lone wolves over Twitter to point out the opportunity they have to strike.
Law enforcement authorities are calling the chatter more aspirational than operational, but they're watching it closely.
ISIS continues to lose ground in its core areas of operation.
Indeed, the physical territory it can be said to control has largely vanished under military pressure.
Even ISIS rivals in the region,
like the more jihadist-than-ISIS hard core
represented by Hayat Tarim al-Sham,
are fragmenting under external pressure and
internal dissent. This seems to have had the effect of causing jihadist extremism to metastasize
outside the Middle East. General Joseph Fotel, commander of U.S. Central Command, said last week
that this was to be expected. In his closing keynote at last week's Billington Cybersecurity Summit, he said,
quote,
He emphasized that ISIS was active mainly in attempts to shape the information environment,
not in traditional hacking.
Thus, its concentration on inspiration and the perceived necessity of
finding some effective counter-messaging. In the meantime, vigilance online would seem to be in
order. Effects of the Equifax breach continue to expand, as do investigations. Some 400,000
individuals in the UK are now known to have been affected, as have an unknown number of Canadians.
in the UK are now known to have been affected, as have an unknown number of Canadians. Canadian authorities have opened an investigation, as have at least 31 U.S. states. The incident is now
explained unambiguously as exploitation of a known but unpatched Apache struts vulnerability.
Equifax has attracted generally bad reviews not only for a failure to patch, but even more so for its slow disclosure
and less than fully successful incident response. The public communications aspects of that response
have been notably poorly executed. The company has been punished in the stock market, with its
share price down sharply since the breach was disclosed on September 14th. That drop may have
reached at least a temporary bottom today, as the stock,
as of this writing, appears to be trading sideways. The effects of the breach are being
felt elsewhere in the sector, as Representative Carolyn Maloney, a Democrat from New York,
has asked the CEOs of rival credit reporting agencies Experian and TransUnion for details
of their own security measures.
Congressional dissatisfaction with the credit bureau security seems clearly bipartisan.
Just awful is how the Republican chair of the House Energy and Commerce Committee characterized some of the poor digital hygiene revealed under the scrutiny prompted by the breach.
Representative Greg Walden, a Republican from Oregon, was commenting specifically on the use of admin as the password on administrative accounts, but he also offered a foreshadowing of what's likely to come next.
Quote, you can't stop stupidity, you can't legislate against it, but you can hold people accountable for it. End quote.
Cisco reports that Avast's CC Cleaner security product, version 5.33,
was infected with a multi-stage backdoor, apparently introduced in the supply chain.
Cisco's Talos Research Group observed suspicious activity from the CC Cleaner app, and upon investigation determined that when the app was downloaded,
its installation executable was signed with a valid digital signature. CC Cleaner, however, wasn't the only application that arrived in the download.
It was accompanied by a malicious payload that included both a domain generation algorithm
and hard-coded command and control functionality. Talos reads this as an indication that somewhere
along the line, the development or signing process was compromised. The security company recommends that users of the Avast product either restore to its
pre-August 15th state or upgrade to version 5.34. We're spending tomorrow with our friends and
neighbors at the Johns Hopkins University as we attend the fourth annual Cybersecurity Conference for Executives.
Watch for live tweets tomorrow and coverage this week.
We launched Research Saturday this weekend, a new weekly podcast that concentrates on current research in cybersecurity. The first edition was a conversation about the Cobian Rat with
Deepan Desai, Senior Director of Security Research and Operations at Zscaler. We hope you'll give it a listen.
Finally, the phony grey hats of our mine have gone after Vivo, breaching the video service and
offering to leak over three terabytes of stolen data, most of which strike observers as fairly
anodyne, neither sensitive nor discreditable, nor even valuable. It was, however, a breach,
as Vivo acknowledged,
and that in itself is embarrassing.
The motive for the attack seems to be petty.
It's apparently revenge for the disrespect
and consequent wounded self-regard our mind says it suffered
from a Vivo employee who was rude to them on LinkedIn.
So when we say phony gray hats with petty motives,
we mean that in the nicest and most respectful way possible.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together. Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel,
Night Bitch is a thought-provoking
and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals
to bypass your company's defenses Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover
they've already been breached. Protect your executives and their families 24-7, 365,
with Black Cloak. Learn more at blackcloak.io.
And I'm pleased to welcome a new partner to the Cyber Wire podcast.
Chris Poulin is a principal at Booz Allen Hamilton Strategic Innovations Group.
He heads up their Internet of Things security group at Booz Allen.
Chris, welcome to the show.
Thanks for having me.
Well, as we do when we welcome someone new, we want to start off with just some introductions.
So why don't we learn a little bit about you? Why don't you tell us about your career path? What led you to cybersecurity?
Ah, okay. So it's interesting. I will say, as an inflection point about five years ago,
the thing that my entire career had been waiting for was when information security converged with
physical security. So I actually started life in the U.S. Air Force way back when working on
satellite systems and under the National Reconnaissance Office, which you couldn't say
back then, by the way. And then I left the Defense Department and started my own business,
grew that, so information security. And then I went to work for a startup, QN Labs, who makes
a security information and event management system that was eventually bought by IBM. And I actually thought that I was not going to enjoy being part
of a 450,000 person company, but I realized being an entrepreneur that you are effectively in
a country that is under an organizational name of IBM. So I struck out and sort of made my way.
And that's effectively when the IoT came around.
And so I started to work in connected cars and also taken a little bit of machine learning or
cognitive computing, as IBM likes to call it. And then after about five years, I saw a good
opportunity to jump to Booz Allen Hamilton and help to build up their capabilities in the,
what we're calling connected products, which is effectively
connected cars, medical devices, building controls. So the cyber aspect of that for the commercial
markets, as well as some defense market. My particular focus is commercial, despite my
entry into the Department of Defense way back early in my career. And I also work with the
industrial control systems cyber team, as well as some of the
machine learning folks over here at Booz Allen Hamilton. So I'm sort of a master of everything,
but I excel where physical and digital come together. So what's a typical day for you?
What are you doing on a daily basis there? So, well, I have a mix of management and technical
responsibilities. And so there's sort of a three-legged stool that my responsibilities take the form of.
And so part of it is actually working with what we call our Dark Labs team.
We have a team of engineers who actually take the tradecraft from some of our defense work,
and they bring it over into our Dark Labs.
And they'll do things like take apart cars and try to find weaknesses in them.
They're very good at taking firmware and extracting it and reversing it. So, you know,
it's funny because there was one engineer a long time ago who told me that he wasn't particularly
good at writing code, but he was really good at reversing it. And so it turns out that we have a
fair amount of people who actually do that kind of work.
And interestingly, by the way, they also, because of our defense work, they have been involved in
not only the defensive side, which I'm used to on the commercial side, but also, you know,
offensive tradecraft as well. So they get to see it from both sides of the coin. And then I also
manage, you know, the work that's part of my job is to move things around and lead people.
A little bit more banal, but at the same time, you get to see the fruits of your labor.
Working with the commercial teams and clients is sort of another aspect of that because you always have to keep in touch with what clients are asking for.
Then the last thing I do a fair amount of, as you can see from this particular podcast, is I do a lot of evangelism.
So I go out and speak and talk and try to take both what we're learning from our labs and from our clients and bring them out to the general public to inform them with as little fear and certainty and doubt as possible.
That's sort of my bugaboo.
I despise fear and uncertainty is what I call it, by the way.
I'm not sure where doubt fits in there, but yes, fear and uncertainty.
All right.
Chris Poulin, welcome to the show. Glad to have you.
Thank you.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and securely. Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant. And that's the Cyber Wire. We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role. Thank you.