CyberWire Daily - The CyberWire 1.28.16
Episode Date: January 28, 2016Learn more about your ad choices. Visit megaphone.fm/adchoices...
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindelet.com slash N2K, code N2K. Update on Ukraine grid hack. ISIS information ops continue to look better than it's hacking, but the cybercaliphate isn't giving up.
They say they're going to take down Google.
Dodgy apps for both Apple and Android appear, one from Apple.
Oracle starts down the path of retiring Java browser plug-ins.
Congress wants answers on Juniper's backdoored screen OS
and gives federal agencies two weeks to come up with them.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Thursday, January 28, 2016.
Yesterday's attack on the Israeli power grid turns out to amount to less than at first thought. The group attacked, the Israel Electric Authority, is a regulatory body whose network is quite unconnected to utilities' networks,
still less connected to control systems.
The attack seems to have been real enough, but it also appears to have amounted to spear phishing with ransomware payloads,
and that, of course, would account for why there was no effect on power distribution.
The Ukrainian power grid hack remains both interesting and complicated.
Reuters reports that another unnamed utility was compromised back in October, and that
the attackers were able to gain access by exploiting users' naivete about phishing,
and by utility network operators' willingness to connect control systems, they ought by
policy to have left air
gapped. The Black Energy 3 malware dropped by phishing payloads still does not strike investigators
as directly implicated in control system manipulation, but researchers at Sentinel-1
have determined that Black Energy did include a network sniffer. A Ukrainian telecoms engineer
has told the Register that attribution of the attack to Russia is a provocation, a put-up job by Ukraine's government to whip up popular anger against its large and menacing neighbor.
ESET, which did much of the initial investigation of the incident, when asked about the attribution, points out sensibly that attribution is a slow and difficult process.
While the association of black energy with Russian threat actors is fairly
well established, evidence of Russian responsibility for the attack remains circumstantial. But one
would have to note that evidence of Ukrainian provocation is less than circumstantial,
resting as it does largely on a theoretical possibility. The grid hack continues to alarm
those who concern themselves with industrial control systems. There's much talk of the risks involved in networking such systems.
And to take one expert's opinion, Rob Joyce, chief of the US NSA's Tailored Access Operations, also known as TAO,
yesterday told a conference in San Francisco that, quote,
SCADA security is something that keeps me up at night, end quote.
He commended the problem to industry and academic researchers.
The ISIS-affiliated cyber caliphate is reported to be working on an unspecified attack against Google.
Elsewhere on the ISIS cyber front, the alleged security capabilities of the Al-Rawi messaging app,
discussed recently by the Ghost Security Group, are now pretty conclusively debunked.
Not even Ghost Security seems to believe
they amount to much. So far, then, ISIS cyber capabilities remain more aspirational than actual.
Their information operation capabilities, on the other hand, remain very real. Retired U.S. Army
Lieutenant General Jim Dubik argues in an Army Magazine opinion piece that winning against ISIS
will require defeating the group's narrative. U.S. Secretary of Defense Carter has given Cyber Command marching orders to increase its operations
against ISIS, and a passcode poll shows sentiment among influencers now running narrowly in favor
of nudging tech companies to do more to impede ISIS messaging. In other cyber risk news, FireEye
warns that JS Patch, an open-source hot-patching tool available to apps in the Apple App Store, is vulnerable to exploitation.
JSPatch could allow malicious actors to work around the review protections built into the Apple Store's walled garden.
Oracle announces that it will deprecate the notoriously risky Java browser plugin with Java version 9 and will remove it entirely in a subsequent release.
Heimdall warns of a renewed, vigorous CryptoWall 4.0 campaign and suggests that it might be
preparing the way for a more dangerous CryptoWall 5.0 ransomware effort. Bleeping Computer reports
discovery of a new ransomware strain, 7EV3N, we'll also call it 7, which is demanding a fairly pricey ransom,
13 Bitcoin, which comes to about 5,000 US dollars. Symantec describes a new strain of Android
ransomware, Android Lockdroid E, which uses clickjacking to acquire admin privileges on
the targeted machine. The malware is available as an app, but not, one is happy to
note, from the Google App Store. So, Android users, beware of downloading dodgy apps from
third-party stores or torrent sites. Members of Congress appear to have lost patience with
U.S. executive agencies' failure to account for and report on their vulnerability to compromise
through the backdoor in Juniper Network's ScreenOS. The House Oversight and Government Reform Subcommittee on Information Technology
wants answers within two weeks.
The subcommittee chair, Texas Republican Rep. William Hurd,
takes to the Wall Street Journal's op-ed page to call the vulnerability,
quote, the breach you haven't heard of, end quote.
Homeland Security and other departments are investigating.
Another rogue Google extension, iCalc, poses as a calculator app,
but in fact says researchers at Malwarebytes install spyware on unwary users' devices.
In a minor cruel twist, it doesn't even function as a calculator.
I mean, come on, criminals. Really?
Really? Solving customer challenges faster with agents, winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now. We know that real-time visibility
is critical for security,
but when it comes to our GRC programs,
we rely on point-in-time checks.
But get this.
More than 8,000 companies
like Atlassian and Quora
have continuous visibility
into their controls with Vanta.
Here's the gist.
Vanta brings automation
to evidence collection
across 30 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber
for $1,000 off.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist
who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking
and wickedly humorous film
from Searchlight Pictures.
Stream Night Bitch January 24
only on Disney+.
Cyber threats are evolving every second
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of
solutions designed to give you total control, stopping unauthorized applications, securing
sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
Joining me is John Petrick, editor of the Cyber Wire.
John, in the global arena, what makes the U.S.-China relationship so challenging?
There's nothing mysterious, really, about why it's challenging.
You have two countries that aren't, they're not enemies.
They're not adversaries in that sense.
They're huge trading partners with one another.
It's difficult to imagine the Chinese or the American economies without one another.
They have diplomatic relations with one another. There are all kinds of exchanges between the two
countries. There are all sorts of relationships there. But there's also this fraught competition.
So there are competitors who depend upon each other. And that makes for a difficult relationship.
And what are the Chinese capabilities in cyberspace?
If you look at things that the US Cyber Command has published recently, there's a lot of talk
about the United States facing a peer competitor, a technological peer competitor in cyberspace.
Peer competitor is an interesting term. The last peer competitor we had in general military terms
was the Soviet Union. Since the Soviet Union went away, the United States really hasn't had a clear peer competitor.
So a peer competitor is somebody who has about the same kinds of capabilities that you have
and can do many of the same things you can do.
The People's Liberation Army, and its third department specifically,
which is responsible for cyber, certainly has capabilities that are analogous to those that the U.S. Cyber Command has.
And this goes beyond just your run-of-the-mill spy versus spy espionage.
Yeah, it does.
The Chinese have explicitly avowed that they have an offensive cyber capability.
That's a declared capability.
They declared that last year formally.
So they want people to know that. And there's no reason to think that they don't have declared capability. They declared that last year formally. So they want people to know that.
And there's no reason to think that they don't have that capability.
They surely do.
That kind of capability is more than just the modernized version of old signals intelligence.
This is the ability to damage systems, to manipulate information,
to do all the sorts of things that we associate with offensive cyber operations.
And what is the United States doing in terms of deterrence?
For deterrence to work, and deterrence is a concept that really has its home historically
in the Cold War.
It's nuclear deterrence is where all these concepts developed.
So what you have, if you've got deterrence, is you fundamentally have two rational actors
who are competing with each other.
And each one is able to hold something vital of the others at risk, whether it be a capability,
whether it be their people, whatever it is that they value, you hold it at risk.
And the basic idea is that you're telling the opponent, I have this capability. And if you
use your similar capability against me,
expect retaliation. Or if you do these certain things, you can expect us to do this. And the
goal is that they won't do it, that both sides will be deterred from acting this way. It's not
clear yet how well that will work out in cyberspace, or even if it works out at all in cyberspace.
All right, John Petrick, thanks for joining us.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already
been breached. Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Thank you.