CyberWire Daily - The CyberWire 1.12.16
Episode Date: January 12, 2016Learn more about your ad choices. Visit megaphone.fm/adchoices...
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K. Thank you. today. I'm Dave Bittner in Baltimore with your Cyber Wire summary for Tuesday, January 12, 2016.
Arbor Networks describes a multi-pronged malware campaign targeting sites,
most of them belonging to non-governmental organizations in Southeast Asia. There's no
formal attribution of the malware cluster yet, which Arbor is calling Trokillus,
but the campaign's sophistication in choice of targets suggests to some observers that it was mounted by China's government.
The Internet Storm Center has published an account of the XLS dropper
that seems implicated in the black energy attack on Ukraine's power grid.
ESET, which was early to the investigation,
summarizes what's known and what remains unknown about the attack.
Observers glumly agree that the incident is a bellwether, not an outlier,
and warn that utilities should expect more attacks in 2016.
Some, like the Foundation for Resilient Societies,
note that the attack in western Ukraine seems to have operated by striking
substations, and that regulatory regimes for the power distribution industry tend to neglect
substations. For all the warnings, however, we're reminded again, today by Sophos's Naked Security
blog, that squirrels have a far greater track record of success against the grid than packers.
Increasing sectarian and political tensions between Saudi Arabia and Iran inflame
a guttural regional cyber-riot in which many expect to see the governments themselves join,
if they haven't already. Proclamations of fealty to ISIS emerge from the Philippines.
European governments continue to work toward closer cooperation against extremism and its
resultant terror. The U.S. Departments of State and Defense show signs of looking beyond technical approaches to fighting ISIS
and toward more aggressive counter-messaging.
But some American watchers think the new style of information operations,
even if it gets its messaging right,
will soon find itself entangled with legal and organizational obstacles.
Akamai warns that a malicious search engine optimization scheme
is using SQL injection to goose search hits.
A flaw in eBay is reported to have rendered user credentials vulnerable to compromise.
Fake login pages may have enabled hackers to steal usernames and passwords.
European data center services provider Interzeon discloses a breach in its CRM system
that may have exposed sensitive customer information.
The Russian hacker Worm, associated
in recent years with attacks on the BBC, the Bank of America, and Adobe, claims to have successfully
broken into Citrix. Worm's identity remains unknown. It's not even known if Worm is a single
individual or a group. Some Dell customers report being contacted by unusually plausible scammers
who know a lot about their Dell accounts.
The calls aren't from Dell, and Dell, which is investigating, says it hasn't been hacked,
so where the data came from remains a mystery.
Trend Micro has patched a remote execution bug in its antivirus software.
A Google researcher discovered and disclosed the vulnerability.
Today is the day Microsoft ends support for Windows 8 and for versions 7
through 10 of Internet Explorer, from which Redmond is transitioning to Edge. Drupal moves
to improve the security of its update process, and analysts take stock of Juniper's announcement
that it's ending use of the backdoored dual-EC DRBG pseudo-random number generator. Security
experts draw some familiar lessons from this week's takedown of a Romanian ATM hacking gang
and the recent guilty plea by a former baseball executive
who intruded into the rival club's system.
First, old, unpatched software is inherently risky.
Take note, users of Windows 8 and Internet Explorer.
And second, pay close attention to common-sense cyber hygiene,
especially when employees transition in or out of your organization.
Industry continues to dislike proposals by various governments to mandate weak encryption or installation of backdoors.
While experts differ, the emerging consensus is that the effect of doing so would be to increase the vulnerability of Internet users without realizing any compensatory gains in security.
Internet users without realizing any compensatory gains in security.
Industry is also leery of cyber arms control agreements, which some see as tending toward the criminalization of legitimate security research.
The U.S. House of Representatives Committee on Oversight and Government Reform is holding
hearings this afternoon on proposed U.S. implementation of the Vossener cyber arms control regime.
Symantec, VMware, and Microsoft will be testifying,
and from what we've heard from Symantec, their testimony isn't exactly going to be a mash note
to the Department of Commerce and State. Various cyber story stocks, including perennial market
darling FireEye, experience a sell-off, but investment analysts remain generally bullish
on the sector. Nice Systems agreed yesterday to purchase analytics shop Nexidia for $135 million.
Bloomberg speculates about 2016 tech IPOs.
Their list of IPO candidates includes two cybersecurity firms, Tenable Network Solutions and Tanium.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. Thank you. smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can
keep your company safe and compliant.
Joining me is John Petrick, editor of the CyberWire. John, today the U.S. House of Representatives are holding hearings on the implementation of Vassanar.
Start us off here. What is Vassanar?
Vassanar is an arms control agreement.
Its formal name is the Vassanar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies.
And right now some 40 countries are parties to Vassanar.
So is this a treaty?
No, it isn't. It isn't a treaty. It's an export control regime.
And what that means is that all the important action with respect to Vassanar
lies in how the parties to the arrangement decide to implement it.
So what do you have to do to be a part of Vassanar?
To be admitted to the Vassanar arrangement, a state has to meet several requirements.
First, it must produce or export arms or sensitive industrial equipment. It should follow non-proliferation policies,
and it should especially adhere to the policies of the nuclear suppliers group,
the missile technology control regime, the nuclear non-proliferation treaty,
the biological weapons convention, the chemical weapons convention, and the like.
And it must maintain fully effective export controls.
Here in the U.S., who is in charge of implementing it?
In the U.S., the Department of Commerce, and specifically its Bureau of Industry and Security.
So why is Vassanar so controversial?
It's controversial. It's been around for a while. The agreement itself has been around since 1996,
and it became important to cybersecurity only in the last few years,
as cyberspace has increasingly become a domain of conflict, and various cyber tools have
increasingly been seen as and used as weapons. And so in December of 2013, there were plenary
meetings at Vassar that reached an agreement on controlling what they call intrusion and
surveillance items. So the Commerce Department's Bureau of Industry and Security has published a proposed
implementation of the new arrangement, and they did that just this past summer. And that
implementation effectively proposes requiring a license to export, re-export, or transfer in
country cybersecurity items. All right. Well, who could possibly object to all that?
Yeah, a lot of people object to it. The proposed implementation has been, to say the least, coldly received by industry. And industry regards the prospective rule as
effectively restricting, and in some cases, even criminalizing what had hitherto been considered
perfectly legitimate kinds of research. And the objections haven't just come from industry,
that the Electronic Frontier Foundation, which is not generally seen as just a shill for the IT biz,
that the Electronic Frontier Foundation, which is not generally seen as just a shill for the IT biz,
has called the proposed rule an unworkably broad set of controls that on the face of it would prohibit, for example, sharing vulnerability research without a license.
So the U.S. House of Representatives Committee on Oversight and Government Reform
is the outfit holding the hearings this afternoon,
and I'm sure they will receive some interesting and vigorous testimony.
All right. John, thanks again for joining us. this afternoon, and I'm sure they will receive some interesting and vigorous testimony.
All right. John, thanks again for joining us.
And now, a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk. In fact,
over one-third of new members discover they've already been breached. Protect your executives and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Thank you. AI and data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.