CyberWire Daily - The CyberWire 1.15.16
Episode Date: January 15, 2016Learn more about your ad choices. Visit megaphone.fm/adchoices...
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Looking for the malware that enabled the hack of Ukrainian electrical power substations?
DDoS grows in importance as misdirection.
ISIS expands its media operations with an online cybermag and a news service. Thank you. stocks to find a silver light zero day. Fortune offers a nuanced take on David Chom's proposal
to end the crypto wars, and Twitter's being sued for permitting ISIS to use its service.
I'm Dave Bittner in Baltimore with your CyberWire summary for Friday, January 15, 2016.
The attack on power distribution substations that produced
rolling blackouts across western Ukraine late last month is pretty clearly a cyber attack.
Breakers were cycled remotely, and black energy malware was found in the affected utilities
networks. But how the breakers were cycled remains unclear. Black energy, long familiar as an
espionage kit, is in all probability not the means the attackers used to take down the grid.
Industrial control system security expert Joe Weiss told the Cyber Wire what investigators should be looking for.
Breakers were opened in a whole series of substations, and that led to somewhere between a three to six hour outage to something like 80,000 customers.
hour outage to something like 80,000 customers. That's what we should be focusing on. The hacking questions all have to be in the context of how did that relate to the breakers being opened
in the substations. You can hear an extended version of our interview with Joe Weiss
on today's Cyber Wire Week in Review. Other analysts
continue to warn utilities, especially those engaged in nuclear power generation, to be on
their guard. And Correra warns utilities, telecom providers, and others to watch for what it's
calling dark DDoS. By this, they're not implying that there could be a light DDoS, let us say Ray
as opposed to Kylo Ren, but rather they're emphasizing the increased use of
denial of service as a smokescreen for a more serious attack. DDoS does remain a threat. Akamai,
for example, estimates that 2015 saw them increase in frequency by 180%, but as usual, it's possible
to overhype any particular incident. A recent case may be found in the New World Hackers New Year's Eve
test attack on the BBC. Hashtag Tango Down, the name of the op, and skid speak for Io Triumfe,
claimed 600 gigabytes per second in a test of power, which would indeed be pretty big.
As ZDNet observes, quote, you would think that after such a big bang, someone might have noticed,
end quote, but no one did. Tripwire sums up Akamai's findings as great number, smaller punch.
ISIS has launched its own encrypted messaging app, but it continues to focus on information operations. It's offering not only grisly emojis for inspiration across social media,
but an online cyber warfare magazine, Kybernetik, published initially in
German, and a news service, Amok, that features early distribution of communiques claiming
responsibility for attacks. The Slembunk android banking trojan discovered last year is proving
more persistent and dangerous than initially thought. It's got a longer attack chain and
drive-by infection capability, and according to
FireEye, it's being actively used in the wild. Researchers are finding Apple's patch of OS X's
gatekeeper security feature more porous than users might wish. Other researchers claim they've
identified vulnerabilities in AdvanTech's EKI-1322 serial device server. The flaws may include a backdoor. Kaspersky describes how it
used hacking team leaks to discover a vulnerability in Silverlight. E-Week describes Kaspersky's
approach as turning users into honeypots. In news techs can use, Sand shares a de-obfuscation tool,
and Linux Journal describes what's actually involved in server hardening.
tool, and Linux Journal describes what's actually involved in server hardening.
A Staten Island lawmaker would add New York State to the list of jurisdictions seeking to require device manufacturers to be able to decrypt traffic carried by their products.
Legal observers think the bill has slim chance of passage and slimmer chance of withstanding
the inevitable challenges in court.
Elsewhere in the crypto wars, Fortune claims that cryptography
guru David Chom's Privategrity, widely discussed as Chom's contribution to achieving a modus vivendi
between privacy and security, has been widely misunderstood. Privategrity is not, Chom tells
Fortune, a backdoored encryption scheme, and he regrets having let earlier reports characterize
it as having a backdoor,
but rather one that features distributed, ten-party control. The cryptography community will no doubt be discussing whether this changes the prevailing dim view of privategrity.
Industry remains skeptical of cybersecurity rules that pass the European Union's Internal
Markets Committee. While they must still clear the European Parliament, final passage is
widely expected. Consensus among industry observers is that the measures are both expensive
and fatally lacking in specificity. Google finds itself under U.S. regulatory and senatorial
scrutiny for its handling of student data. Twitter is being sued by the widow of a man
ISIS murdered in Jordan. She claims Twitter negligently permitted ISIS to pass on inspiration and direction to her late husband's murderers.
Few legal observers expect the suit to hold up in court,
but in the event it does, the case's implications for online communication will be very large.
In industry news, AppThority picks up $10 million in Series B venture funding,
IBM buys Iris Analytics in a
fraud prevention play, Raytheon and WebSense will call their new combined venture Forcepoint,
and will integrate firewall shop StoneSoft, recently acquired from Intel, into the brand.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have
continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation
to evidence collection across 30 frameworks like SOC 2 and ISO 27001. They also centralize key
workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe
and compliant.
Joining me is John Patrick, editor of the Cyber Wire. John, it seems like the bad guys have exploits.
And what is an exploit?
An exploit is something used to exploit some computer system network or program to accomplish some malicious action.
So you're exploiting a system.
You're exploiting a vulnerability.
If you're using software, data, commands, or hardware devices to do something to that system that ought not to be done to it.
And choose those as a noun, as an exploit, that is some particular thing that an attacker can use against the system.
That's an exploit.
Exploits are often packaged into kits.
You hear about exploit kits.
Exploits are often packaged into kits. You hear about exploit kits.
And some of the exploit kits we read about in the news, like Angular, for example,
are packaged sets of malware that automate the exploitation of vulnerabilities.
And that's very commonly some crimeware web application that enables attacks on unpatched systems.
So exploit kits form a very important part of the criminal malware black market.
So when we're talking about exploits, very often it is something that has been named.
So there's the Angular exploit.
It's been prepackaged as something that's easy to use.
That's right. There are also named vulnerabilities, not to be confused with exploits.
But, yeah, an exploit is very often named.
Some of the names are compelling.
Some of the names are slightly ridiculous.
But everybody who does vulnerability research would love to name their own exploit.
So again, just for clarity's sake, what is the difference between a vulnerability and an exploit?
An exploit is something that takes advantage of a vulnerability.
The vulnerability is the thing that the exploit exploits, that the exploit uses to get at you. It's the hole in the system that the attacker uses.
The exploit is what it uses to get through that hole.
All right, John Petrick, thanks very much.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks,
and connected lives. Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner.
Thanks for listening. Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.