CyberWire Daily - Supercomputers as cryptomining rigs. UK grid operator recovers from hack. EU Parliament data exposure. REvil ransomware gang promises dirty laundry. US-China conflict. Catphishing.
Episode Date: May 18, 2020European supercomputers were hacked by cryptominers. UK electrical power distributor recovers from its cyberattack. A database containing personal data related to the EU Parliament is found exposed. R...Evil says it’s got the celebrity goods, but has yet to show its hand. The US and China move into a new round of trade and security conflict. Justin Harvey shares insights on how companies are adjusting to the new remote working environment and the impacts to their security posture. Our guest is Ehsan Foroughi from SecurityCompass on compliance issues. And catphishing with some pretty implausible impersonations of US Army generals. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/newsletters/daily-briefing/9/96 Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K. UK electrical power distributor recovers from its cyber attack. A database containing personal data related to the EU parliament is found exposed.
Our evil says it's got the celebrity goods but has yet to show its hand.
The US and China move into a new round of trade and security conflict.
Justin Harvey shares insights on how companies are adjusting to the new remote working environment
and the impacts to their security posture. Our guest is Ihsan Farohi from Security Compass on compliance issues
and catfishing with some pretty implausible impersonations of U.S. Army generals.
From the CyberWire studios at DataTribe,
I'm Dave Bittner with your CyberWire summary for Monday, May 18th, 2020.
The motivation behind the attacks on European supercomputers,
first discovered in an incident at the UK's Archer National Supercomputing Service, is now clearer.
The attackers were cryptojacking, ZDNet reports.
Archer has been updating its status regularly. Der Spiegel has reported
attacks at six facilities in Germany. Last Thursday, the Leibniz Supercomputer Center
of the Bavarian Academy of Sciences and Humanities also closed outside access to its systems.
TU Dresden took the same action for its Taurus system. On Saturday, Switzerland disclosed a similar incident at CCSC.
The European Grid Infrastructure Computer Security Incident Response Team
confirmed that the intruders were seeking to use the supercomputers
as crypto-mining rigs.
Alexaun, a middleman in the UK's electrical grid,
continues to recover from the cyber attack it sustained last week. Industry Week, while noting that the incident did not compromise
power distribution, argues that the attack should place infrastructure operators on alert.
The European Parliament told Politico Saturday that a database holding information belonging
to some 1,200 elected officials and their staff members,
along with another 15,000 other accounts of EU affairs professionals, was found exposed to the Internet.
The database belonged to the European People's Party,
and the system that held it, while operating under the EU's parliament's europarl.eu domain,
wasn't hosted by the parliament itself.
The exposure was discovered by researchers at Shadowmap, and EU Today writes that this raises questions about the Parliament's own security.
The FBI pointed out that the extortion attempt the R-Evil ransomware gang made against the
boutique celebrity law firm Grubman, Shire, Macil, and Sachs may amount to an act of cyberterrorism
and that paying terrorist ransom can be a violation of federal law. That angered the gang,
Forbes reports, and the hoods released a lot of anodyne and generic emails purporting to be a
foretaste of the dirty laundry they have on President Trump. The dump didn't prove that
they had much of anything. The emails weren't by
President Trump, who's not a client of Grubman, Shire, Masalis, and Sachs, and they appeared to
include mere mentions of his name and uses of the verb to Trump. The path of compliance can be a
tricky one to walk, with a patchwork of state regulations here in the U.S., California's CCPS,
and of course, the reigning global champion, GDPR.
Ehsan Faroqi is VP of Products at application security firm Security Compass. To be honest, I see ourselves in an increasingly steep curve of more and more regulations being introduced.
The technology landscape is getting more complex and
their regulatory bodies are trying to keep up, alas, a bit
behind. But there are new regulations being introduced
left and right. And the doers, engineers,
the business people are having a bit of a challenge keeping up with all these
regulations. And I suppose, I mean a challenge keeping up with all these regulations.
And I suppose, I mean, it's fair to say these regulations are coming from somewhere.
There's a hunger for them.
People want to have the protections that they provide. But of course, that provides regulatory burdens on the business owners.
It is true.
The challenge with that is that everything is getting connected.
It's no longer the case that only we are limited to certain software on the internet.
Even the power generation systems, industrial control systems,
our homes are all being connected to the internet.
With connectivity, there are new concerns.
There are privacy concerns.
There are data protection concerns.
And regulatory bodies are trying to do their best
to keep up. I know businesses look at these compliance and regulations as a challenge,
but they're also kind of a necessary evil, right? It's hard to protect the public interest,
it's hard to protect the public interest,
specifically in a competitive landscape where people that can cut corners, can get ahead,
could win in the market for a short time
before something bad happens to their clients and their public.
So regulatory bodies step in, try to put us in,
but it also increases the cost for the manufacturers, for the business owners.
Where do you come down on the notion that what we really need here is a federal regulation that will supersede the ones being made by the states?
Well, like in any kind of situation, you start by having some states
that are forward thinking.
Take California.
They are leading the way
into starting a law there
and the federal government
will start taking a step behind them.
And then it comes down to,
can they consolidate into a national
and international level of a standard?
This is where the critical role is on the compliance bodies like National Institute of Standards and Technology, NIST,
to come out with a good compliance standard that is balanced,
that keeps the interest of both sides of the public side and
the business side in mind, something that can take traction. And if the traction is there,
I don't think their states will be inclined to have their own version of the compliances more
and more. Yeah, that's really interesting. It's an investment in your future.
You pay me now or pay me later.
Yes, it's paying small installments now or pay in a big chunk later on.
That's Ehsan Faroqi from Security Compass.
The U.S. Commerce Department's announcement late last week
that it would extend licensing requirements to semiconductors made abroad
but with U.S. technology is clearly aimed at companies on the entity list, notably Huawei and ZTE.
The decision will, among other things, affect the company's ability to import chips made in Taiwan by TSMC.
It's also been coldly received by Beijing, Reuters and others report.
It's also been coldly received by Beijing, Reuters and others report.
Global Times, a Chinese government news outlet, quotes a source to the effect that China will take forceful countermeasures to protect its own legitimate rights.
Qualcomm, Cisco and Apple, and possibly Boeing as well, are among the U.S. companies Beijing
suggests will bear the brunt of what Global Times characterizes as a counterattack.
will bear the brunt of what Global Times characterizes as a counterattack.
They all face placement on an unreliable entity list and close scrutiny under applicable Chinese cybersecurity and anti-monopoly laws.
Global Times, to quote them again,
blames the U.S. measures for dragging Washington and Beijing into a tech cold war.
And finally, who knows more about matters of the heart than the United States Army?
No one, friend, that's who. But sorry, ladies, we hate to tell you, it's not General Nakasone
flirting with you by email from a U.S. Cyber Command outpost in Syria. As CyberScoop points
out, you're being catfished. It's especially poetic that the fish bait that initiated this whole business
was chatter about the musical Hamilton.
Perhaps including an appreciation of the Aaron Burr aria,
love doesn't discriminate between the sinners and the saints.
It takes and it takes and it takes, and we keep loving anyway.
Anywho, somehow this involved well-intentioned social media correspondence with another catfish
who claimed to be General Steve Lyons, head of U.S. Transportation Command.
The faux general recommended that his correspondent, a woman identified only as Susan,
spin the wheel of fortune and reach out to his colleague, U.S. Cyber Command Commanding General Paul Nakasone,
who, the catfish said, was deployed to Syria,
going on patrols and doing a lot of paperwork. He was a lonely widower in need of companionship.
For the record, General Nakasone is not a widower in Syria. He's happily married and
busily employed at Fort Meade, Maryland. The paperwork part, okay, but the rest of it?
The paperwork part, okay, but the rest of it?
It's just a bunch of hooey.
The U.S. Army's Criminal Investigation Command shared a list of red flags with Business Insider,
the sorts of things you can take as signs you're looking for love in all the wrong places.
So when you get that email from a U.S. Army general, madam, you are to consider a general officer will not be a member of an internet dating site.
That seems right.
Soldiers are not charged money or taxes to secure communications or leave.
Yep, yep, check.
Soldiers do not need permission to get married.
Who knew? We all know now.
Deployed soldiers do not find large sums of money
and do not need your help to get that money out of the country.
Check and double check.
One can sense the weariness behind Criminal Investigation Command's words.
Look, we get it.
The heart has its reasons, which reasons know not.
But come on, heart, think for a minute.
Susan did.
She recognized that the whole thing seemed kind of weird.
She wasn't in the market for a date. Susan did. She recognized that the whole thing seemed kind of weird. She wasn't in the market for a date in any case. It should be unnecessary to say this, but it's probably not.
Neither general had anything to do with this nonsense. It's just some inartistic bozo looking
for a quick online score. Now, we're just spitballing here, but we imagine CIC's red flags
would be waivable with any other military organization in the world.
The People's Liberation Army Navy.
The Royal Army Veterinary Corps.
The Republican Guard.
Even, heaven forfend, the United States Space Force.
You get the picture.
picture. Calling all sellers. Salesforce is hiring account executives to join us on the cutting edge of technology. Here, innovation isn't a buzzword. It's a way of life. You'll
be solving customer challenges faster with agents, winning with purpose, and showing the world what
AI was meant to be. Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our
GRC programs, we rely on point-in-time checks. But get this, more than 8,000 companies like
Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist,
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001. Thank you. that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's
vanta.com slash cyber for $1,000 off. And now a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And joining me once again is Justin Harvey.
He's the Global Incident Response Leader at Accenture.
Justin, always great to have you back.
I wanted to check in with you on some of the things that you're seeing and tracking when it comes to these adjustments folks have made working remotely and how that's affecting their security.
Yeah, we're seeing all of these enterprises out in the world
and not just in North America.
They're all pivoting to remote work for their employees.
And there is an impact to their cybersecurity posture
by them making that move.
And we're also seeing more adversaries
that are kind of switching their game up
and really for high profile targets and high-value victims out there in enterprises,
we're seeing that adversaries are trying to track them down and get to their home machines.
And the reason that we're seeing that is that more and more employees are working from home.
And not everyone has a laptop.
Some of them actually have used their home workstations
and they install their VPN client, they install their email client on there. And essentially what
happens is it essentially extends the surface, the attack surface of the enterprise to cover the home
as well. And the net effect of that is that you'll see more and more adversaries, or we've seen more and more adversaries that are targeting home users of enterprise employees
in order to find an easier soft target, if you will.
Now, I was thinking about you and your team,
because you and I have talked about how when you would go and do incident response,
that you would travel and you guys had, you know, big,
you had racks of hardware that you would, you know,
flight cases that you would pack up and go and, you know,
descend upon a situation and make an order out of chaos.
How has that changed given this environment
where you can't just drop in on people
and even things like flights aren't happening?
Well, what's lucky for
us is that we are able to do most of the work that we do remotely. In cases where we do need to
take a physical forensic image of a machine or of a device, then we can leverage the client that
we're working with and give them instructions. You need to go down into this cubicle.
You need to put this USB drive in and so on.
But we still have obligations out there.
We do have retainers for some very large institutions.
And if something were to go wrong, we may need to send employees on site.
But we talked as a global team at the beginning of this pandemic, and many people
volunteered to travel or to put themselves in harm's way if it was for a good cause. So,
if there are any interruptions to our supply chain, if there are any attacks versus healthcare
and health systems or the systems that are being utilized to develop or deliver
life-saving processes, then myself included, we are all volunteering to show up on site and
to fight the bad guys. But luckily, we haven't had any of those cases come in
that have required us to travel. Have you seen any shift in the pace of things,
either up and down or of things speeding up or slowing down?
Absolutely. We are seeing a heck of a lot more ransomware cases out there. Not just your typical,
I'm browsing an email and I click the wrong link and then I have ransomware. That's more of a
commodity type operation. It's a drive-by,
if you will. We're seeing less of those and we're seeing more adversaries that are using advanced
techniques to breach the perimeter, establish a beachhead, and then move laterally in order to do
privilege escalation and then deliver their ransomware setup from the ground up to be delivered and
kind of custom set up.
And we're seeing about a 40% increase since the beginning of this pandemic on those types
of targeted ransomware attacks.
Wow.
Wow.
Yeah, that's it.
I mean, that's a real number, right?
Yeah, the trick here is that many enterprises are not used to having all of their workforce work remotely.
And there are a lot of changes that need to happen to a security operations center to think about that remote mindset.
Imagine if one day all of your employees were in the office and working and you
knew exactly where everything was. And then the next day, none of them are there. They're all out
in the wild. And so there's a lot of things like you need to focus on privileged access,
control points, VPN terminations, and focus on those sort of control points that are not normally
used as much. Now they're the main
vehicle for employees to get into your enterprise and monitoring posture needs to shift as well.
All right. Well, Justin Harvey, thanks for joining us.
Thank you.
Cyber threats are evolving every second and staying ahead is more than just a challenge. Thank you. designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach
can keep your company safe and compliant.
And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com. And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too. Thank you. Thanks for listening. We'll see you back here tomorrow. Thank you. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com. That's ai.domo.com.