CyberWire Daily - Spyware in the Subcontinent. Notes on cyber fraud, cyber theft, and ransomware. The US gets a chief to lead response to Solorigate. Updates on the Florida water system cybersabotage.
Episode Date: February 11, 2021Spyware in the Subcontinent. Some crooks auction stolen game source code while others bilk food delivery services. Emotet survived its takedown. Ransomware developments. The US now has a point person ...for Solorigate investigation and response. Andrea Little Limbago from Interos on her participation in the National Security Institute at George Mason University. Our guest is Chris Cochran from Hacker Valley Studio with a preview of their Black Excellence in Cyber podcast.And there’s no attribution yet in the Oldsmar, Florida, water system cybersabotage, but it’s increasingly clear that the utility wasn’t a hard target. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/28 Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Spyware in the subcontinent.
Some crooks auction stolen game source code while others bilk food
delivery services emotet survived its takedown ransomware developments the u.s now has a point
person for salora gate investigation and response andrea little limbago from enteros on her
participation in the national security institute at george University. Our guest is Chris Cochran from Hacker Valley Studio
with a preview of their Black Excellence in Cyber podcast.
And there's no attribution yet in the Oldsmar, Florida water system cyber sabotage,
but it's increasingly clear that the utility wasn't a hard target.
From the CyberWire studios at DataTribe, active in the ongoing long-running conflict between India and Pakistan.
between India and Pakistan.
Lookout thinks that both Hornbill and Sunbird are interesting for their intense focus on exfiltrating a target's communications via WhatsApp.
Both surveillance tools abused Android accessibility services
in ways that obviated any need for root access.
Sunbird also records any calls the victim might make
through WhatsApp voice-over IP service,
exfiltrates data from applications like BlackBerry Messenger,
and may also be able to execute commands on the affected device.
Turning from cyber espionage to cybercrime,
the crooks who claim responsibility for hacking CD Projekt Red say they're going to auction the stolen source code
for The Witcher and Cyberpunk 2077 for millions
in a dark web market, The Verge reports.
SIFT's Digital Trust and Safety Architects
report more evidence that delivery services
have become attractive targets for online fraud.
Criminals are advertising on Telegram,
offering to use stolen payment information to buy food at a discount for diners
whose consciences are apparently untroubled by their complicity in theft.
SIFT says that fraud rates among restaurant apps and food delivery services
increased 14% from Q3 to Q4 in 2020.
Merchants are most affected. They lose the food and then have to refund the bilked owners of the payment accounts used in the fraud.
The food delivery scam market is just one aspect of pandemic-driven cybercrime. Researchers at
security company Akamai this morning released a new study of the underground as it's been shaped
by COVID-19. Shopping scams came first as people sheltered in place and bought more of their
essentials online. These were soon accompanied by credential phishing campaigns and now, more
recently, vaccination scams. The UK's National Health Service has been warning of the vaccine-related fraud ever since methods of immunization began serious development.
The Egregor ransomware gang has adopted some new techniques.
Morphosec researchers think that Egregor,
one of the early adopters of the criminal method of both encrypting and stealing data,
a tactic that's now become routine,
is again on the leading edge of change in criminal
tactics. The researchers say, quote, as can be seen from the latest waves of ransomware campaigns,
extortion, human-operated propagation, exploitation of VPN applications,
and meteoric encryption are a landmark change in the current attack landscape, end quote.
are a landmark change in the current attack landscape.
U.S. President Biden placed a single official in charge of investigating and coordinating the remediation of the SolarWinds supply chain compromise
and other associated cyber espionage activity generally attributed to Russian intelligence operators.
The Wall Street Journal reports that the task has been handed to Ann Neuberger,
Neuberger now serving on the National Security Council until recently had served as the first
head of NSA's Cybersecurity Directorate. As many foresaw, Emotet has proven resilient in the face
of law enforcement takedowns. Checkpoint says the malware held on to the top spot for crimeware in the month of January.
Investigation into the Oldsmar, Florida, water treatment system cyber-sabotage continues.
There's no word yet on attribution, and the intrusion looks more elementary than ever.
CNN quotes the Pinellas County Sheriff as confirming that the attacker got in through TeamViewer.
The utility was no longer using TeamViewer and hadn't done so for about six months,
but the software had been left on the utility's network.
And, as the AP noted, apparently every employee shared the same TeamViewer password.
Understandably, people far, far outside the range of the water treatment sabotage incident have been worried about the safety of their local water supply.
A cybersecurity advisory for public water suppliers from the Massachusetts Department of Environmental Protection
provides not only reassurance for the state's consumers,
but a useful summary of how utilities can mitigate the risk of cyber sabotage.
Their advice is more of the sensible counsel on cyber hygiene and good security practices,
restricting remote connections to SCADA systems,
use one-way devices for remote monitoring,
use a firewall and two-factor authentication,
keep systems patched and up-to-date,
and consider using a virtual private network.
Keep systems patched and up to date, and consider using a virtual private network.
So, there's no attribution of the Oldsmar cyber sabotage in sight.
The Washington Post's Ellen Nakashima, covering former CISA Director Chris Krebs' testimony before a House Homeland Security hearing yesterday,
tweets that Krebs suggested the possibility of a disgruntled insider.
In later remarks, Krebs clarifies,
quote,
It's possible that this was an insider or a disgruntled employee.
It's also possible that it's a foreign actor,
but we should not jump to a conclusion that it's a sophisticated adversary.
End quote.
So there's a range of possible threat actors,
and public attribution at this point hasn't gone beyond a priori speculation.
Or even as domain tools logician and ICS security maven Joe Slowik points out,
mere tautology.
A or not A isn't terribly helpful at the moment.
We can infer some aspects on the entity responsible based on limited technical details,
but still far removed from any clear assignment of blame.
technical details, but still far removed from any clear assignment of blame.
And finally, speaking of attribution, while this will probably have confused few, but better safe than sorry, better clear than confused, it's therefore perhaps worth noting
that when Florida public officials say that the GRU water system cannot be accessed remotely,
as Gainesville Mayor Lauren Poe did on Facebook,
they mean the Gainesville Regional Utilities,
which serve the Northern Florida University town.
They don't mean the Russian Military Intelligence Service, that GRU.
Mayor Poe added,
Rest assured, water security and cybersecurity are a top priority of the GRU water system.
Oldsmar is down near Tampa, about a two-hour drive from Gainesville. So the mayor's statement is reassurance
to the jittery, not an acknowledgement of any connection to the Oldsmar sabotage. There is no
such connection, and no one said the GRU pwned Florida water supplies.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents, winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist. Vanta
brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives. Because when executives are compromised at home,
your company is at risk. In fact, over one-third of new members discover they've already been
breached. Protect your executives and their families 24-7, 365 with Black Cloak. Learn more
at blackcloak.io.
Chris Cochran and Ron Eddings are co-hosts of the Hacker Valley Studio podcast,
and this week they've released a special edition of their show titled
We Are Here, Black Excellence in Cyber.
To learn more about the project, I caught up with Chris Cochran.
So originally we had this idea for a framework for excellence just across the board. Ron and I,
we do think weeks about twice a year where we sit and we think and we strategize. We think about how
we want to make an impact with our business, but also how we're going to make an impact for society and help people. And we came up with this
framework called EXIST. And it's an acronym. EX is explore. So how do you explore new worlds
within cybersecurity? How do you explore new worlds within hobbies or sports? And then you
move from explore to immerse. One of the best ways to learn any
language is immersion. If you want to learn a foreign language, you would go to that country
and live there for any appreciable amount of time and you'd learn so quickly. But you move from
immersion to practicing or study. That's the S. So you go from immersion, just being around the ideologies, the artifacts and the imagery to moving into learning.
What are the tools?
What are the courses?
What are the books, the instructors, the mentors that you could have to become great at this thing?
And then ultimately you go to T, which is translate or transform.
How do you apply it?
How do you teach the youth? How do you teach the youth?
How do you teach your peers?
How do you innovate or invent or up-level
whatever it is that you're,
the world that you've entered into?
And so we started playing around with this idea
and just around the same time,
we started talking to other
black cybersecurity professionals.
And it just so happens that, you know,
now we are in Black History Month.
And we just, all these ideas just came together
and we decided that it was time to put out We Are Here.
And really what it's all about
is just representation in cybersecurity.
And so what can we expect?
What are we going to hear in this special?
Yeah, in this special, it's three parts.
The first part is your usual interview with Hacker Valley Studio, but with a slight twist in turn.
It's with Patrice Washington that's actually already out.
And also part two is out as well.
That's with AJ Yan. He's a founder and CEO of a cybersecurity company.
Kelvin Coleman, he's the executive director of the National Security Alliance.
Charles Nwatu, he's a good friend and engineering manager at Netflix.
Tia Hopkins, founder of EmpowerHer and also an architecture VP.
And of course, my good co-host, Ron Eddings.
That's going to be the big feature for this project.
It's about an hour and a half long of a discussion.
We go through the Xist framework
and really just talk about black excellence.
Because when we were young,
we didn't really have a lot of idols to look up to.
We didn't have a lot of examples of the path
on how do we go through this world of technology,
this world of cybersecurity.
And so we wanted to say that we are here
and we want to inspire the youth
and the people that are transitioning into cybersecurity today. In your estimation, I mean,
where do we find ourselves today? What is the state of things when it comes to
folks who've traditionally been underrepresented in the space? Are we on a path where things are
getting better? I believe things are getting better. There are a lot of organizations and a lot of people putting in a lot of work in order to make things better. But I do
feel like there's a lot more that we can all do from an allyship perspective, from a practitioner's
perspective. We can always do more to bring more diversity to all fields across the world. But I
really wholeheartedly believe that cybersecurity is an avenue for socioeconomic
equality. And that's one thing that people have been talking about for a long, long time. And
because I'm a cybersecurity professional, I feel like that's one of the ways that I can give back
is to first expose cybersecurity to folks in those socioeconomic statuses, and then be able to help
shepherd them into this path and be able to solve
problems that we haven't even thought of. So who are you targeting here? Who should listen to this
special? So that was an interesting thing as we were pulling this all together because we really
wanted to hit three audiences. We wanted to hit the audience that doesn't even know cybersecurity
is a path for them to take. We wanted to hit the folks that doesn't even know cybersecurity is a path for them to take.
We wanted to hit the folks that are already practicing and thinking of ways to enrich the
youth, to enrich other people, to bring the community together, but then also the allies
of the Black community, the folks that help support Black excellence and bring things to another level.
What have you taken away from the experience yourself going through the process of putting
this special together? What are the takeaways for you? I would say the biggest takeaway is that even
though I'm the one of the people that's trying to pull this project together, I'm still in awe
of the conversations that we had, the experiences that other people just like me
have had. And I learned a lot. I learned a lot during this project. And I really hope that
all other people learn as well, just as I have from these incredible individuals.
What's the best way to find the special? Where can we find it online?
Easily. Just go to www.hackervalley.com.
It's right there.
It'll be the first thing you see.
All right.
It's We Are Here, Black Excellence in Cyber.
Chris Cochran, thanks so much for joining us.
Thank you.
Thank you. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant. And I'm pleased to be joined once again by Andrea Little-Limbago.
She's the Vice President of Research and Analysis at Interos.
Andrea, I want to touch on something
that you are involved with.
This is the National Security Institute.
You are a senior fellow and program lead there
in the Emerging Technology Working Group.
I wanted to give a little overview
as to what that's all about,
what sort of things you're up to there.
Yeah, no, thanks.
And I appreciate you taking the time to help Yeah, no, thanks. And I appreciate you
taking the time to help highlight some of the work. So I think it's really interesting. So
National Security Institute was founded by Jamil Jaffer, and it's based out of George Mason
University. And so it's many ways you can think of it as a startup think tank. If that, you know,
on one hand, that could be sounds kind of sounds like an oxymoron, but it is what, you know,
that that's really what, you know, what is being crafted and created
out of George Mason. So that, you know, that alone is exciting. It maintains, you know, a foothold
with an academia. And so one of the benefits I see of that is that it brings in a lot of experts,
but those experts also can interact with the students. And, you know, for me, really focusing
on not just getting the work out there of great experts, but also, you know,
helping build that next generation is really important. The other component, you know, in
addition to, you know, the thought leadership and the educational component for students,
what also is great about it is it's bipartisan. And the really, you know, the mission is focused on
finding ways for how the U.S. can lead as part of an engaged member of the global community.
So we've seen, you know, for several years, more of a retraction of the United States
away from the global arena on many of the various forums from the Paris Accords to the
U.N. to, you know, at least recently with the World Health Organization.
But how can the U.S. regain more of a global engaged footprint?
But on top of that, you know, for the purposes of helping not only our own democracy, but really leading by example. And so I love that it's
bipartisan in that regard because national security should be bipartisan. And very often,
I think we see too much of these security issues, you know, hyper-politicized, and that's the
environment that we live in. And it's really great to be talking to much of these security issues hyper-politicized, and that's the environment that we live in.
And it's really great to be talking to some of these really great national security experts on areas in a bipartisan way and coming to consensus on recommendations and so forth. And so what NSI does is it holds a variety of, you know, they've had a couple,
they've had a whole group of webinars or podcasts, both of them actually that address this.
I'd recommend people go to their website and take a look because they bring in some really,
really interesting speakers that I don't think you can hear elsewhere. And again,
it's in a bipartisan way to push forth, you know, a greater role for the U.S.
and national security, but also with a big focus on emerging tech and cyber. And that's, you know,
that's the area that I work in. I co-lead the group with Megan Brown, and we're really focused on
what policies and strategies should the U.S. pursue in the realm of emerging tech and cyber
to, you know, push forth and help create greater
security and privacy, not only for our own national security, but for the national security
and well-being of other democracies and to help those that are trying to push back against some
of the dictatorships and really what the U.S. role should be. And it's one of those interesting
questions that I think is on everyone's mind right now.
What is the role of the United States into the future?
And so we're trying to help shape what it could look like in a way that is bipartisan and supports democracy.
Yeah, I mean, I think that it's the notion of a bipartisan collaboration in good faith, you know, we're so bombarded with the opposite of that these days, I suppose, in the political discourse in particular.
So it must be a bit of a breath of fresh air to have folks coming together who may come from different, but have similar goals in mind.
Absolutely. I say it's absolutely refreshing. It's really, it's wonderful. It's, you know,
it's a good opportunity to hear from people that may not always come together as well. I mean,
that's sort of the other component. There's the bipartisan component that too often we see the
politicization of it all. But also, you know, we've got the private sector, public sector that
sometimes works together well, sometimes doesn't. And so we intentionally bring together people from both of
those backgrounds to bring their perspectives. Because really, you know, it has to be, you know,
it's a whole society effort that we're going to need to, you know, push back on the backsliding
of democracy across the globe to help ensure the U.S. has, you know, enhanced and improved
national security as we, you as we continue on in this digital
revolution. And so many of our policies and strategies just are still not in tune with the
rapid pace of technological change. And given that, you need the private sector to be on board,
you need the public sector to help provide those guardrails, try and create the guardrails so that
both aren't overreaching.
You know, the two big areas that we have focused on this year was on the role of emerging technologies, but also on the role of China. And, you know, the two overlap a decent amount,
but it really is looking at, you know, what is this new future that's emerging and how,
you know, what should the posture be for the United States? And, you know, how can the United
States pursue policies
that inspire others,
especially in the realm of democracy,
to help inspire those underlying values
and enhancing national security.
And I think it's a really important mission.
And I think that the work that comes out
is really interesting.
There are white papers on the future of the Arctic.
There's one that I'm working on with Lori Gordon on supply chains that's coming out soon.
There's one earlier on Section 230, which is the big discussion right now about the role of tech companies and whether they should be moderating speech.
And so all these have big tech and cyber implications, but obviously also national security and societal implications as well.
So we bring in the fellows writ large.
I think it's close to 100 fellows now from all areas of national security,
and that's what makes it really exciting.
It's an increasingly diverse group of scholars, academics, policy leaders, tech leaders,
and bringing those minds together to try and figure out the path ahead and
make recommendations. And that, I would say, is also one area that we really try and focus on is,
you know, not just highlighting what the challenges are, but making concrete recommendations in the
papers that we produce. And you can only go so far with sort of characterizing what the problem is.
You need to, we need to, we need solutions. And so that's so we try and make some recommendations for that as well.
All right.
Well, Andrea Little-Limbago, thanks for joining us.
Great.
Thanks for having me. And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field,
sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Go forth and be fabulous. Listen for us
on your Alexa smart speaker too. The CyberWire podcast is proudly produced in Maryland out of
the startup studios of DataTribe, where they're co-building the next generation of cybersecurity
teams and technologies. Our amazing CyberWire team is Elliot Peltzman, Puru Prakash, Kelsey Bond,
Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen, Nick Falecki, Gina Johnson, Bennett Moe, Thanks for listening.
We'll see you back here tomorrow. Thank you. not only ambitious, but also practical and adaptable. That's where Domo's AI and data
products platform comes in. With Domo, you can channel AI and data into innovative uses that
deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.