CyberWire Daily - The CyberWire 1.25.16
Episode Date: January 25, 2016Learn more about your ad choices. Visit megaphone.fm/adchoices...
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K. and their allies. ISIS, whose cyber operators have increasingly been targeted by U.S. airstrikes,
post another inspirational video threatening the U.K.
Anonymous remains quiet with respect to ISIS, but punishes Japan for whaling.
Ireland sustains another wave of denial of service.
Insurance markets and lawsuits shape cyber standards of care,
and one risk analyst tool offers some insights.
We learned some things about the Internet of Things security,
and if you're worried about someone hacking your nanny cam, well, for Mary Poppins' sake,
password protect that thing. I'm Dave Bittner in Baltimore with your Cyber Wire summary for Monday,
January 25th, 2016. Palo Alto Networks
releases the results of a long-running study of cyber operations, mostly reconnaissance,
conducted against Tibetan and Uyghur dissident groups in China. Palo Alto calls the threat group
involved Scarlet Mimic and offers no other attribution, but other observers think the
target set fits the interests of Chinese security services.
The U.S. is reported to be actively targeting ISIS cyber operators with airstrikes.
ISIS cyber operations, despite last week's minor defacement of a Chinese university's webpages,
continue to concentrate on information ops.
A particularly lurid instance of inspiration appeared over the weekend,
as ISIS released a 17-minute clip of the Paris terrorists engaged in pre-attack training and local atrocities in Syria. In Pakistan, hacktivists respond to last
week's massacre at Baku Khan University by taking control of websites belonging to Pakistan's
Ministry of Health. The defaced pages express solidarity with bereaved families and demand
vengeance against the attackers, thought to be a faction of Pakistan's Taliban. Anonymous remains quiet on the anti-ISIS front,
but elements of the collective do hit the website of Japan's Narita International Airport to protest
whaling. Irish government websites have come under a sustained distributed denial of service
campaign. This follows last week's similar attack on the national lottery. No individual or group has claimed responsibility. Authorities are investigating. Google disputes
PerceptionPoint's claims of widespread Android device vulnerability to privilege escalation
attacks through a kernel bug. The bug is real, and Google's patched it, but Google insists only
a minority of devices would have been affected. The SSH backdoor recently discovered in Fortinet's FortGuard system has now also been discovered
in the company's FortiSwitch, FortiAnalyzer, and FortiCash products.
Fortinet advises moving to more recent versions, unaffected by the backdoor, and has also provided
a set of manual workarounds to mitigate the vulnerability.
AMX Harman, provider of widely used audio-visual
equipment and building system controls, denies deliberately putting a backdoor in its products.
The putative backdoor is merely a legacy diagnostic and maintenance login for customer support,
according to the company, and they say they removed it back in December. They also apparently
pushed out a hotfix some 10 days ago. The company that disclosed the vulnerability, SEC Consult, says it hasn't had time to evaluate the patches yet.
Shodan, the Internet of Things search engine, has added a category that displays screenshots taken from vulnerable webcams.
For the most part, the vulnerable cameras are not protected by passwords, so the privacy fix seems obvious.
Password protect your webcams, baby monitors, nanny cams, and so on.
Malwarebytes describes a strain of ransomware, Le Chiffre,
which has been infesting Indian banks and at least one pharmaceutical company since early this month.
Belying the French name it's been given, Le Chiffre seems to have been written in Russia.
It is, Malwarebytes sniffs, unprofessional in its lack of obfuscation,
openness to analysis, primitive encryption, and unsophisticated mode of communication.
It asks the victims to email the controllers.
So, probably the work of rookies, but troublesome nonetheless.
RSA 2016 has disabled what appeared to be a Twitter credential-collecting registration form. The misstep, as well as the choice of entertainment celebrities
for a few of the Expo's much-coveted keynotes,
has provoked some pre-conference controversy.
Skype has enhanced its users' privacy.
It will henceforth hide their IP address.
And here's a dog-bites-man story from Bluecoat.
The security company releases a study that points out that
browsing porn is bad for your smartphone, and presumably other devices as well.
Not surprising, of course, but a reminder is always in order.
Business insurance describes the patchwork quality of conventional insurance coverage for cyber incidents.
Willis Tower's Watson Wire goes them one better, laying out in some detail trends in what cyber policies cover and what they do not.
better, laying out in some detail trends in what cyber policies cover and what they do not. Damage to digital assets is generally included. Death or physical injury typically would not be. In general,
the trends would be unsurprising to those familiar with insurance markets. One big remaining area of
uncertainty involves coverage for damages sustained in cloud operations. As insurance markets continue
their contribution to developing cyber standards of care, so does the plaintiff's bar.
One case industry should watch closely is Affinity Gaming's suit against Trustwave,
which alleges the security provider failed to meet acceptable standards in investigating and preventing further damage from an incident Affinity experienced.
The outcome will have implications for both tort and contract law.
The outcome will have implications for both tort and contract law.
Observers call it potentially disruptive to the cybersecurity industry,
and they counsel, unsurprisingly, that security vendors should take a close look at their insurance coverage.
Thus, insurance markets and lawsuits will probably prove again to be reciprocally illuminating. Of interest in this regard is Business Insurance's announcement of its Innovation Awards,
one of which goes to pivot point risk analytics for its new method of estimating and quantifying cyber value at risk.
Pivot Point Risk Analytics was spun off from our publisher, CyberPoint International, last October.
The U.S. and EU are in the final stages of safe harbor negotiations, and whether they achieve a
new agreement before the legacy one expires remains in doubt.
U.S. Attorney General Lynch denies its administration policy to require backdoors or weaken encryption.
The government just wants some technical help from the tech sector to avoid the bugaboo of criminals going dark online.
What such help would look like remains to be worked out. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
programs, we rely on point-in-time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings
automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI. Now that's a new way
to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash
cyber for $1,000 off.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default
deny approach can keep your company safe and compliant.
I'm joined by Joe Kerrigan, Senior Security Engineer at Johns Hopkins Information Security Institute.
They're one of our academic and research partners.
Joe, the Internet of Things.
Let's start with the consumer stuff.
So what's the downside?
What's the danger of my refrigerator being connected to the Internet?
These are things that have not traditionally been Internet-connected that are now becoming Internet-connected.
About six months ago, Samsung had a refrigerator that they opened up for penetration testing,
and somebody found that if you were on the network, you could perform a man-in-the-middle
attack on that refrigerator that would let you get the user's Google username and login,
username and password information.
So is it a matter of it just being one more thing, one more place where someone has an
opportunity to get at your information?
Absolutely.
This is what we refer to in security as your attack surface.
And when you start putting all these other devices on your network, you start increasing your attack surface.
But speaking of the industrial systems, what is the danger here?
What are we up against?
Well, actually, this is an interesting problem.
We've seen three times now in industrial control systems that have caused real-world damage. What are we up against? The information has not been released, but there was physical damage to a steel mill in Germany.
And recently in Ukraine, a power grid was taken down for several days remotely by attacking their industrial control systems on that power grid.
Would your advice be stay away, be cautious?
How should people protect themselves?
My advice is to stay away.
But I understand that there's a cool factor to it.
And, yeah, you should protect yourself.
You should know what the device is doing, and you should stay.
Now you have to keep up to speed on any security alerts that come out about that device.
So it's one more thing in the home to worry about in terms of cybersecurity.
Correct.
And I don't know how many people actually keep up to speed even on the security
issues of their own operating systems on their
main computers they have
that they use daily. Joe Kerrigan
from Johns Hopkins University
Information Security Institute. Thanks for joining us.
My pleasure. And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures
their personal devices, home networks, and connected lives. Because when executives are
compromised at home, your company is at risk. In fact, over one-third of new members discover
they've already been breached. Protect your executives and their families 24-7, 365,
with Black Cloak.
Learn more at blackcloak.io.
And that's the Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Your business needs AI solutions that are not only ambitious,
but also practical and adaptable.
That's where Domo's AI and data products platform
comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable
impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain
insights, receive alerts, and act with ease through guided apps tailored to your role.
receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.