CyberWire Daily - SingHealth breach hits Singapore. Manufacturers afflicted with third-party data exposure. Aspen Security Forum takes cyber threats seriously. Ecuador may withdraw asylum from Assange.
Episode Date: July 23, 2018In today's podcast we hear that Singapore's SingHealth has sustained a major data breach: authorities speculate it may have been the work of a nation-state yet to be determined (or at least named).... A third-party data exposure affects major manufacturers, including car makers. The Aspen Security Forum concludes with sobering warnings from senior US Government officials and the private sector of election interference and the prospects of a "cyber 9/11." Ecuador may be tiring of Mr. Assange. Rick Howard from Palo Alto Networks revisiting the notion of a metaphorical cyber moon-shot. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_23.html Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Singapore's SingHealth sustains a major data breach.
A third-party data exposure affects major manufacturers, including car makers.
The Aspen Security Forum concludes with sobering warnings from senior U.S. government officials
and the private sector of election interference and the prospects of a cyber 9-11.
And Ecuador may be tiring of Mr. Assange.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Monday, July 23, 2018.
A major breach in SingHealth developed over the weekend, affecting approximately 1.5 million citizens of Singapore.
The data, which were taken over a period of eight days before the exfiltration was discovered,
included name, national registration identity card number, address, gender, race, and date of birth.
For some 160,000 patients, the data taken included details of medicines they'd received.
Singapore officials, while acknowledging the value the data could have if monetized by criminals, think the operation was run by a nation-state.
Many have praised the government's response.
FireEye pointed out to Bleeping Computer that detection within eight days is orders of magnitude below the regional norm of 498 days.
But the incident has prompted calls for a reboot of Singapore's Smart Nation initiatives.
Researchers at security firm eSentire report seeing an increase in exploitation of consumer networking devices,
GPON routers, manufactured by Dasan and D-Link.
This doesn't appear to be a highly targeted campaign.
Indeed, the attack pattern suggests that a botnet is in use and that the
exploitation is opportunistic. Users are advised to bring patches up to date, review credentials
to ensure they haven't left the defaults in place, and consider disabling remote access
and universal plug-and-play capabilities. The New York Times, InfoSecurity magazine,
TechCrunch, and others report security firm UpGuard's claims that Level 1 Robotics, which supplies major industrial firms, especially car manufacturers, left 157 gigabytes of data exposed on a publicly accessible server.
Chrysler, Ford, Toyota, GM, Tesla, and Tyson Krupp, including assembly line schematics,
plant floor plans, robotic configurations, request forms for ID badges and VPNs,
and non-disclosure agreements. The data also includes various bits of personal information on Level 1 employees. Scans of passports and driver's licenses are mentioned, as well as
some Level 1 business data, including contracts, details of bank accounts, and invoices.
UpGuard says the data were left exposed on an rSync server that lacked either user or IP restrictions,
and that the data kept there were accessible to any client that connected to the rSync port.
any client that connected to the R-SYNC port. The Aspen Security Forum wrapped up Saturday after clear direct warnings from senior U.S. intelligence and law enforcement officials
that Russian hacking remained a significant threat to the U.S.
Director of National Intelligence Dan Coats warned of the possibility of a Cyber 9-11.
What might such a Cyber 9-11 look like? Other symposiasts said, essentially,
that the worst-case scenario would involve disruption of critical infrastructure,
especially water distribution, the power grid, and the financial system. They thought the prospect
of terrorists, non-state actors, getting their hands on attack tools developed by nation-states
was the most worrisome possibility.
Homeland Security Secretary Kirstjen Nielsen called out Russian interference in elections, saying, quote, I agree with the intel community's assessment full stop. Any attack on democracy,
which is what that was, whether it is successful or it is unsuccessful, is unacceptable. I absolutely
believe their assessment, end quote. I absolutely believe their assessment.
According to an accountant, Fortune,
warnings about election interference came from the private sector as well.
Microsoft's Vice President for Customer Security, Tom Burt,
said that Redmond had identified three spear phishing campaigns directed against campaigns in the U.S. midterm elections.
They traced the incidents to a threat actor Microsoft believes to be associated
with Russia's GRU military intelligence agency.
Burt declined to say who the three targeted candidates were,
but he did say that, quote,
they were all people who, because of their positions,
might have been interesting targets from an espionage standpoint
as well as an election disruption standpoint,
end quote. Burt did add that, so far at least, the Russian services don't seem to be as aggressive as they were in 2016. Still, it's early. As he observed, we may still see attempts to infiltrate
universities, think tanks, and social media in support of more effective phishing campaigns.
As Burt noted, quote, there's a lot of time left before the election, end quote.
Deputy Attorney General Rod Rosenstein said Russia's not the only cyber power everyone ought to be concerned about.
While Russia is just one tree in a growing forest, presumably a pretty big tree,
he also called out the worrisome and increasing threat of cyber attack
by three other familiar nation-state actors, China, North Korea, and Iran.
Julian Assange may be wearing out his welcome in Ecuador's London embassy.
That welcome has grown increasingly strained,
the smiles on the host's faces more pained over the past year,
and Ecuador is said to be considering ending the asylum Mr. Assange has enjoyed since 2012.
Ecuador's government has asked him, as a condition of that asylum,
not to interfere with the affairs of other states,
and Mr. Assange agreed to that condition last year.
It's been difficult for him to restrain himself, however.
Ecuador apparently sees his
support of Catalonian independence as a particularly objectionable breach of trust.
Ecuador's president, Lenin Moreno, who took office in May, has described the WikiLeaks founder as a
hacker, which he doesn't mean in a good way, an inherited problem, and a stone in the shoe.
President Moreno will be in London at the end of this week, and there's considerable speculation that during or shortly
after his visit, Mr. Assange will be handed over to British authorities. A lot of other authorities
are also interested in him. The U.S., in particular, would like him to account for his role in the
leaks by former U.S. Army Specialist Manning. It's a way of life. You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
Joining me once again is Rick Howard. He's the Chief Security Officer at Palo Alto Networks.
He also heads up Unit 42, which is their threat intel team. Rick, welcome back. You know,
a couple months ago, you told me about this notion of a cyber moonshot
that your boss had floated to some folks,
and I think that captured the imagination of some people.
Other people are skeptical of it,
but you've got an update.
There's some new information about this.
Yeah, you're right.
And, you know, the idea of a cyber moonshot
has been around for years and years,
but it's just been kind of a thing, a marketing been around for years and years, but, uh, is this been kind of a, you know,
a thing,
a marketing thing that vendors would go on to.
Um,
and the idea of it was been,
was inspired by president Kennedy's speech at Rice university back in the
early sixties,
where he proclaimed that the United States would send a man to the moon and
bring him back safely in 10 years,
not because it was easy,
but because it was hard.
And that's what Americans do.
We solve hard problems, right? So my boss got up in front of this conference that goes on for the
last few years, the Joint Service Academy Cybersecurity Summit. We've been rotating this
group around the academies for the various years. We did two years up at West Point.
We did two years at Annapolis. And next year, we're going up to the Air Force Academy.
Well, when we went to Annapolis, my boss got up and said, you know what?
I'm tired of talking about the problem.
Why don't we do something about it?
And why don't we all get together and figure out how to do a cyber moonshot?
So here's the mission statement.
If we wanted to make the Internet safe in 10 years, not safer, but safe, what would it take? And that got everybody excited.
When I talked about this on your program the last time, I got lots of phone calls, lots of emails
asking how they can help. And so that's been fantastic, right? But when I talk to network
defenders about the cyber moonshot, okay, they want to jump right to solving the problem, right?
And that's not really where we're going for this. We're not trying to incrementally solve making the internet safe.
We're trying to identify the problems that need to be solved, knowing full well that
we probably don't have solutions in place that can solve those problems.
And so we are trying to identify what those problems are.
Now, here's the news.
Okay, here's what's changed.
Two big things have happened.
The first, the NSTAC, the National Security Telecommunications Advisory Committee,
decided to study the cyber moonshot issue this year. They've been looking
at it for the past few months, and they finished their research, I
believe, and they're going to publish their results. What they did was they went out and interviewed
a bunch of people, a bunch of organizations that did moonshot-like
things in the past. They went out and interviewed NASA and
other medicine research and all those kinds of things. And they kind of get a feel
of what it would take to do a cyber moonshot. And then,
the Joint Service Academy Cybersecurity Summit leaders,
and it's all the academies and some other commercial vendors, they said, why don't we
take that report and try to put some meat on the bones?
So what we're going to do is we're going to hold two or three workshops
up at the Air Force Academy this next year
to try to add some flavor to what it is from what the INSTAC publishes.
And then we'll talk about those issues at the next conference
in the spring up at the Air Force Academy. So what makes us all different, okay, is that it looks like two independent
organizations think this is a valid thing to do. The NSTAC and the Joint Service Academy
Cybersecurity Summit. So I'm optimistic that maybe we can get something going.
All right. Well, it's ambitious to be sure. If folks want to get a hold of you,
if they have suggestions or just want to volunteer their time, what's the best way to contact you?
Yeah, tell them to hit me up on LinkedIn and I will make sure they get on the list and that they want to volunteer for the working groups.
We're already building that list now. And if they want to come out to the conference in the spring of the Air Force Academy, we can make that happen, too.
All right. Terrific. As always, Rick Howard, thanks for joining us. Thank you, sir.
Cyber threats are evolving every second and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide. ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
The Cyber Wire podcast is proudly produced in Maryland out of the startup studios of Databe, where they're co-building the next generation of cybersecurity
teams and technologies. Our amazing
CyberWire team is Elliot Peltzman,
Puru Prakash, Stefan Vaziri,
Kelsey Vaughn, Tim Nodar,
Joe Kerrigan, Carol Terrio, Ben
Yellen, Nick Volecki, Gina Johnson,
Bennett Moe, Chris Russell, John
Petrick, Jennifer Iben, Rick Howard,
Peter Kilpie, and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided
apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.