CyberWire Daily - The CyberWire 1.27.16
Episode Date: January 27, 2016Learn more about your ad choices. Visit megaphone.fm/adchoices...
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K. takes a sorry information operations page from the rival ISIS playbook. At least two cyber reconnaissance campaigns are reported in progress.
Shaky Wi-Fi security affects info sharing and IoT products.
Business email compromise hits a Belgian bank.
And threat intelligence providers talk about what can be learned from watching the dark web.
France seeks legal reach into data held in foreign servers.
China's PLA goes sun tzu on cyber deterrence.
And legislators in New York and California display an urge to weaken encryption. data held in foreign servers, China's PLA goes sun-su on cyber deterrence, and legislators
in New York and California display an urge to weaken encryption.
I'm Dave Fittner in Baltimore with your Cyber Wire summary for Wednesday, January 27, 2016.
Israeli officials said yesterday that the country's electrical grid came under cyber attack this week.
Energy Minister Steinitz called the attack severe, but said it was being successfully mitigated.
Details are scarce, but it appears computers in the utility's networks were infected with malware,
and that response teams isolated the infected machines to prevent the malware's spread.
Electrical power seems not to have been disrupted,
but efforts at defense and mitigation are continuing. There's been no public attribution of this attempt on the Israeli grid, but the incident is likely to increase security worries
at utilities worldwide, especially since it follows closely on the heels of the attack on
power distribution in Ukraine. Utilities in Western Europe have already identified cybersecurity as their top
investment priority for 2016. From North Africa, Al-Qaeda in the Islamic Maghreb releases a video
of a Swiss nun kidnapped in Mali to warn unbelievers to stay clear of Islamic territory.
In this, Al-Qaeda is taking a page from rival ISIS's information operations playbook,
demonstrations of resolution against the infidel as a way
of displaying zeal, power, and inspiration.
Palo Alto Networks describes a new campaign by the Chinese ATP group CODOSO, sometimes
spelled with zeros substituted for the letter O, and also known as the SunShop group.
Best known for compromising a portion of Forbes' website, Codoso appears engaged in espionage against targets in the telecommunications,
tech, legal services, education, and manufacturing sectors.
Codoso is still using spear phishing and watering holes to gain access,
but this time it appears to be going after servers as opposed to endpoints.
Symantec reports seeing a different campaign in the wild.
This one, said to have infected some 3,500 servers worldwide, involves an injection code attack
and appears to represent reconnaissance and possibly battle space preparations for some future, more damaging attack.
The attackers appear to be collecting, SC Magazine says, page title, URL, refer, shockwave flash version, user language, monitor resolution, and host IP address.
Core Security reports multiple vulnerabilities in Lenovo's Share IT product.
Lenovo's now patched them.
Some vulnerabilities involved an easily guessed default Wi-Fi password.
That password was 12345678.
Other vendors have seen comparable problems with Wi-Fi passwords.
Sophos reports Wi-Fi security issues with home routers and smart doorbells.
Businesses wonder whether cybercrime will increasingly come to be regarded as a cost of doing business,
the way retailers regard predictable inventory shrinkage.
U.S. hamburger chain Wendy's is investigating a possible paycard breach
that might well be seen as a risk comparable to
shrinkage. But it's hard to take that view of the large losses fraudulent fund transfers impose.
Belgium's Crelan Bank reports losing 70 million euros, that's nearly 76 million dollars, to a
business email compromise scam. Such scams operate by gaining executive credentials, observing
behavior on a targeted network, and then sending plausible-looking emails instructing employees to transfer money to an account controlled by the criminals.
In industry news, Her Majesty's government continues to push programs that would support incubation of British cybersecurity startups.
ThreatStream makes a case for hanging out in the creepier precincts of the dark web with a view to doping out cyber criminals next move. They also tell V3 how they keep an eye out for data stolen from customers,
often the first indication that a customer's been compromised. The Cyber Wire spoke with
threat intelligence company ThreatConnect about how understanding the threat can help enterprise
security. If you can gain an understanding of the threats or adversaries that wish to do harm to your network
and through various means and for various reasons,
that you can better defend against them at not just that tactical level of matching and assume,
but you can also understand the adversaries better,
grow your understanding of them so that you can better place your defenses to their capabilities and better predict or be better positioned to react to their capabilities as well.
That's ThreatConnect's Andy Pendergast. ThreatConnect recently launched a new version
of their platform. You can learn more at ThreatConnect.com. In policy news, France moves
to gain more investigative access to data held in foreign servers.
U.S. state legislatures, notably those in New York and California,
continue to moot restrictions on smartphone encryption.
Wired says these proposed encryption bans make zero sense because of cyberspace's inherent lack of borders.
Quote,
An idea roughly as practical as policing undocumented birds crossing the Mexican border.
End quote.
But about the larger effect such gestures could have, we don't know. Migratory bird policing aside,
state laws, whether well-conceived or ill-conceived, have played an outsized role in American policy
development in the past. Consider the role of California law, indeed of Los Angeles County law,
in shaping automotive environmental standards, or the place Delaware occupies in business law.
So, good ideas, bad ideas, or just politicians posturing,
what goes on in the state houses isn't necessarily just for the birds.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers
to learn more. Do you know the status of your compliance controls right now? Like, right now?
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate
artist who puts her career on hold to stay home with her young son. But her maternal instincts
take a wild and surreal turn as she discovers the best yet fiercest part of herself. Based on
the acclaimed novel, Night Bitch is a thought-provoking and wickedly humorous film from
Searchlight Pictures. Stream Nightbitch January 24 only on Disney+.
Cyber threats are evolving
every second, and staying ahead
is more than just a challenge. It's a
necessity. That's why we're thrilled to
partner with ThreatLocker, a cybersecurity
solution trusted by businesses
worldwide. ThreatLocker
is a full suite of solutions designed
to give you total control, stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today
to see how a default deny approach can keep your company safe and compliant.
Once again, joining me is Marcus Roshecker, Cybersecurity Program Manager at the University of Maryland Center for Health and Homeland Security. They are one of our academic and research partners. Marcus, cyber warfare, with the situation recently in Ukraine
with their power grid being attacked,
the question comes up, is that an incident of cyber warfare?
Well, that's a really important question,
and it's not one that's easily answered.
What constitutes an act of war in cyberspace?
What constitutes use of force in cyberspace? What constitutes use of force in
cyberspace? It always seems to depend on who's asking the question and who's answering the
question. In the real world, in the physical world, I think it's very easy to determine what
constitutes the use of force and what might even amount to an act of war. But when we're talking
cyberspace, it's a lot more difficult. When we don't have any
physical consequences from a cyber attack, I think generally experts would agree that we haven't seen
an act of war, what would amount to an act of war, or a use of force even when it comes to cyberspace.
But in the instance of the Ukraine, we did see some physical consequences resulting from a cyber attack.
An argument could be made that this was a use of force and potentially even an act of war.
But that's something that legal experts and international experts are going to be debating.
And in the cyberspace, I mean, it's even harder to know
often who is the party attacking us. Exactly. That's what makes cyber warfare so difficult.
There's this whole problem of attribution. Again, in the real world, it's pretty easy to see who's
attacking you when you see the troops crossing the border or the planes coming into your airspace.
But in cyberspace, it's often very difficult to determine accurately who is doing the cyber
attack and where it's coming from and who's behind it.
And where does international law stand on this?
Has it caught up to cyber warfare?
Well, there's been a lot of discussion among international law experts when it comes to cyber warfare. We have seen that international legal experts are applying existing law, like the United Nations Charter, to cyberspace. There's a general agreement that international law does apply to cyberspace. And then you have other legal experts who've gotten
together to create documents like the Tallinn Manual, which kind of outline how these legal
experts see the international law applying to cyberspace and how international law applies
to cyber warfare. All right, Marcus Roschecker, thanks for joining us.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home. Black Cloak's award-winning digital executive protection platform secures
their personal devices, home networks, and connected lives. Because when executives are
compromised at home, your company is at risk. In fact, over one-third of new members discover
they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.