CyberWire Daily - The CyberWire 1.21.16
Episode Date: January 21, 2016Learn more about your ad choices. Visit megaphone.fm/adchoices...
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K. suspicions point to crooks and maybe not to states. Turkish patriotic activists hack away at Russian and Iranian sites. Cyber security companies
detail the latest evolution of crimeware kits. Cisco and Intel issue
patches. Governments around the world warn of and prepare for an escalation
of cyber conflict. FireEye buys iSight partners and
cyber security startups prepare for growth and IPOs. And a
swatting hacker cops a plea and heads up the river.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Thursday, January 21, 2016.
ESET, who's been monitoring events in Ukraine's cyberspace closely since turning up evidence of power grid hacking,
reports that utilities in that country have come under fresh attack.
This time, the incidents display no immediate connection with black energy malware,
but rather spear-fished industry targets with an email vector delivering a malicious XLS file.
This seems, the researchers suggest, an approach more consistent with a criminal group than a state security service.
Ukrainian authorities continue to investigate this week's earlier hacking incident at Kyiv's Boryspil International Airport.
A number of governments around the world see a growing threat of state-on-state cyber combat.
The Republic of Korea's President Park warns her country to prepare for a surge of cyber-aggression from north of the 38th parallel.
Israeli officials think Iran and others will shed such inhibitions as long as cyber-attacks
are perceived as cost-free. American and Australian authorities work toward even
closer cooperation in cyberspace. Patriotic cyber-rioting flares again,
this time from Turkey, as the THT group hits both Russian and Iranian websites
to display THT's support both Russian and Iranian websites to display
THT's support for Turkey's Erdogan government. Symantec observes a new criminal campaign
affecting small and medium-sized businesses in India, the United Kingdom, and the United States.
It's low-skilled crime. The hackers are phishing businesses to install two commodity remote-access
Trojans, Backdoor Brout and Trojan Nankrat.
The motive is theft.
The targets are finance departments.
IBM's X-Force continues to follow the evolution of Drydex
and sees it picking up some redirection tricks from Dyer.
Drydex's tricks have this difference, however,
where Dyer redirected via a local proxy,
Drydex is doing so by local DNS poisoning.
Another banking Trojan, Blackmoon,
which has been around since 2014 at least, has updated its farming and drive-by injection capabilities. Proofpoint's research breaks down the malware's evolution and notes that it's still
concentrating on South Korean targets. Dr. Webb describes a new Linux trojan, Linux Ecoms 1, whose apparent use is system reconnaissance.
Such spyware need not stay spyware.
See, for example, the transformation of As a Cub into mobile banking malware.
Kaspersky researchers say As a Cub's transition is now complete.
The Angler exploit kit continues to display a vexing adaptability.
Zscaler notes that it's now coming via music-themed malvertising, so all you hipsters, think twice before you decide to dig
that crazy beat. And Sophos Labs notes that Angler seems to have rung in the new year by lashing up
with crypto wall ransomware. In patch and update news, Cisco closes vulnerabilities in its modular
encoding platform D9036 software,
unified computing system UCS manager software, and Firepower 9000 series devices.
Intel addresses a potentially serious man-in-the-middle in the Intel Driver Update utility,
and Facebook begins what it's calling experimental support for Android Facebookers to browse using the Tor network.
More observers characterize British surveillance policy as moving toward requiring key escrow.
In the U.S., some members of the Senate Intelligence Committee seem growingly anxious to move out
on crypto legislation.
A proposed National Commission to study the issue strikes them as dangerously slow.
California legislators follow the example of their New York colleagues and introduce a bill
that would require industry to build decrypt-on-demand capabilities into their products and
services. The declared motive in California's case is to suppress human trafficking. The New Yorkers
are intending to get tough on terrorism. In industry news, today's big story is FireEye's
acquisition of iSight Partners for a reported $200 million in cash up front,
followed by $75 million in cash and equity.
Analysts see the acquisition as a play for more cyber intelligence market share.
How the market reacts remains to be seen,
but FireEye, whose Story stock has seen rough sledding over the past couple of weeks,
appears to be receiving some favorable buzz from its iSight announcement.
IBM reports $2 billion in annual revenue from its security business.
Malwarebytes raises $50 million in venture capital from Fidelity.
Forescout joins the unicorns and prepares, analysts think, for an initial public offering,
as it raises $76 million in its latest funding round.
And two Baltimore and D.C. area companies, Tenable and Distil Networks,
prepare for significant growth by expanding their facilities.
In Crime and Punishment,
the hacker who tried to swat Brian Krebs
and frame him with a staged heroin delivery
is going up the river.
Sergei Vovenenko has copped a guilty plea
to aggravated identity theft and conspiracy
to commit wire fraud.
Mr. Vovenenko will be receiving at least a two-year sabbatical from his computer work,
courtesy of the Federal Bureau of Prisons.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility
is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to
vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
Thank you. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant. Joining me is Marcus Roshecker.
He's the Cybersecurity Program Manager at the University of Maryland Center for Health
and Homeland Security.
They're one of our academic and research partners.
Marcus, I want to talk about the importance of education in cybersecurity,
but one of the focuses that you have there at CHHS is focusing on law and policy. Why is that an area that you're focusing on? We obviously know that technical ability and technical skill
is critical when it comes to cybersecurity, but we kind of see tech as a tool, and we need to know
how to use that tool. So focusing on law and policy really helps us to develop the structure, the frameworks,
and the basic guidance on how to use that tool, both on a national level within the United States,
but also on an international level when we're talking globally.
So this is a situation where there are opportunities for people coming out of high school,
people looking for careers, where they don't necessarily just have to be the computer science kid.
Oh, absolutely, yes.
And we're seeing this demand for people with this skill set in law and policy more and more.
As I said, we have a lot of skill when it comes to technology.
But there's a real importance to focusing on some of these legal and policy questions that are out there.
Focusing on those issues really helps us fill this knowledge gap
where we might not know exactly what the ramifications of any decisions might be that we make,
but if we have people who are experts in law and policy of cybersecurity,
those kinds of people can then help answer some of those questions that are out there.
And what are some of the specific areas of study that you all are focusing on?
Well, there's a ton of questions out there that still need to be developed and need to be
analyzed. There are issues regarding jurisdiction, so simple questions like who's in charge and what
are the roles and responsibilities of different stakeholders,
questions regarding privacy versus security, what is the right balance to attain here,
and then what are some of those basic standards and security measures that we should be thinking about implementing.
Those are all some of those critical areas that still need a lot of work. So what would your advice be? Let's say we've got someone who's heading towards the
end of her high school career. What kind of advice would you give to someone like that who is
interested in the law and policy side of cyber? Well, there are several options for someone who's
interested. Obviously, one of the ways to approach this area is to apply to law
school and go to law school and get a full-fledged law degree. Obviously, then coming out of law
school, the person could become a practicing lawyer and could end up at a law firm or with
government to work on these kinds of issues in cybersecurity. But there are other pathways as well.
There are degree programs that focus on law and policy
but don't require you to go to law school for a full three years.
But they also provide those basic skill sets
that one would need to address some of these legal and policy issues that are out there.
All right, Marcus Roshecker, thanks for joining us.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals
to bypass your company's defenses
is by targeting your executives and their families at home? Black Cloak's award-winning
digital executive protection platform secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact, over
one-third of new members discover they've already
been breached. Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Thank you. that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.