CyberWire Daily - The CyberWire 1.29.16
Episode Date: January 29, 2016Learn more about your ad choices. Visit megaphone.fm/adchoices...
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Spearfishing continues to work, and both allies and adversaries continue to snoop on one another.
Utilities work to shore up their defenses, and experts warn them not to over-rely on incident response.
ISIS may be trying to hire hackers in India.
HSBC sustains a denial-of-service campaign
against its online banking services in the United Kingdom.
The RSA Innovation Sandbox's ten finalists are announced.
In the U.S., NIST and the FDA post draft cyber guidelines.
An audit suggests that Homeland Security's Einstein is no Einstein.
Safe harbor seems farther away.
And whatever you do, Facebookers, don't be like Bill.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Friday, January 29, 2016.
Bittner in Baltimore with your Cyber Wire summary for Friday, January 29, 2016.
Some notes on surveillance of Israeli targets by foreign intelligence services surface at week's end. Israeli officials cite leaks as they say British and American agencies monitored
Israeli Air Force communications. Other sources claim Iran targeted Israeli generals in extensive
spear phishing campaigns, and more targets than one might expect opened the emails and consequently leaked information.
The post-mortem on Ukrainian grid incidents continues to focus on black energy and its
distribution through compromised Word files. As utilities in the U.S. and elsewhere look
to their defenses, control system security experts warn that incident response, a staple
of cyber defense in other sectors,
is a bit more complicated in the industrial control system world. Dark readings interviews
with experts surface two issues. First, availability is a matter of central concern to utilities.
Their industrial control systems can't simply be taken offline without extensive reliable backup.
And second, cyber incident responders, including digital forensic experts,
tend to be unfamiliar with ICS. As ICS security expert Joe Weiss told the Cyber Wire recently,
securing control systems in all industries is very different from securing business IT systems.
Finn Fisher spyware has shown up in some Australian data centers. Hack Read, for one,
points at Indonesia as a likely suspect,
that country's presumed motive being revenge for alleged Australian surveillance of Indonesia.
Both Australian and Indonesian agencies are reported to be Finn Fisher customers.
Disturbing reports suggest that ISIS has begun recruiting hackers in India,
offering monetary incentives to hack for the caliphate.
The India Times says that ISIS is
willing to pay $10,000 for information stolen from government networks. This seems to be hacking for
hire, as opposed to an attempt to build a stable of coders that would give ISIS a credible cyber
offensive capability. But there's certainly the potential for this effort to develop in more
troubling directions. Offering money should lend urgency to government's efforts to disrupt ISIS finances. HSBC's online customer banking sites have been disrupted by a significant
distributed denial-of-service attack. The attack, remediation of which is in progress as we go to
press, comes at an inconvenient time for British banking customers. It's not only messing with
end-of-month payroll disbursements, but also with freelancers' ability to meet tax deadlines.
BugSec and Synet, that's C-Y-N-E-T, not to be confused with the other Synet, S-I-N-E-T,
report finding a vulnerability in LG Android phones that could be exploited for data theft.
The vulnerability lies in Smart Notice, a pre-installed widget that manages a range of notifications and alerts.
LG has patched the bug.
In other patching news, a Cisco firmware update closes a hole in that company's RV220W wireless network security firewall devices,
and OpenSSL fixes an encryption weakness.
Its cryptographic library could, if so instructed, have reused prime numbers.
In industry news, Proofpoint, Checkpoint, and Fortinet all posted
encouraging numbers this week, so investors are breathing a bit easier about them. Checkpoint
says it's evaluating acquisitions, big and small. And the RSA conference announces the 10 finalists
for its annual Innovation Sandbox competition. Congratulations to them all. The finalists,
in alphabetical order, Bastille Networks, Elusive Networks, Menlo Security, Phantom, Prevotee, ProtectWise, Skyport Systems, Vera, and Versa Networks.
The Cyber Wire will be covering RSA in San Francisco the first week in March, and we're looking forward to seeing the finalists in the sandbox.
Turning to emerging standards, the U.S. National Institute of Standards and Technology is soliciting comment on its draft publication on random number generation, a topic of vital importance to cryptography.
And the U.S. Food and Drug Administration has a draft set of guidelines on improving medical device cybersecurity.
The FDA would also welcome comment.
In policy news, both Indonesia and Malaysia take steps to counter jihadist messaging and direct action.
Safe harbor renewal increasingly seems a forlorn hope,
as U.S. efforts to accommodate European concerns over privacy find little transatlantic love.
The U.S. Department of Homeland Security's well-known Einstein cybersecurity system,
more formally known as the National Cybersecurity Protection System, may not, an internal assessment finds, be returning good value on its $6 billion investment.
Defense One writes that Einstein, quote,
does not scan for 94% of common computer vulnerabilities, but that's not all of its shortcomings, end quote.
The audit also found poor performance against advanced persistent threats,
coverage for only a small set of vulnerabilities,
inadequate information-sharing capabilities, and an inability to spot zero days until they're no longer zero.
Canadian government watchdogs find that the country's communication security establishment
improperly collected Canadian citizens' information.
The CSE is said to be moving toward some reduction in its cooperation
with the other four of the Five Eyes,
Australia, New Zealand, the United Kingdom, and the United States.
And finally, if you're a Facebook user, take care before interacting with one of the current memes, BeLikeBill.
BeLikeBill posts use a cutesy stick figure generated from the Blah Blah website
to give advice about keeping your updates non-obvious and similar social media
emily post isms unfortunately those who like the winsome stick man may find that an evil william
got there first scammers are tricking aspiring bills into entering their facebook credentials
and exploiting them to hijack accounts so don't be like Bill. solving customer challenges faster with agents, winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility
is critical for security,
but when it comes to our GRC programs,
we rely on point-in-time checks.
But get this.
More than 8,000 companies
like Atlassian and Quora
have continuous visibility
into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection
across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber
for $1,000 off.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist
who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant.
I'm joined once again by Joe Kerrigan.
He's a senior security engineer at Johns Hopkins University Information Security Institute.
They're one of our academic and research partners.
Reverse engineering.
I know this is something that you have a lot of background on.
Let's just start with the basics.
Why reverse engineer something? All right.
So I'll give you an example from my career.
When I was a young software engineer, people would come to me and
say, hey, we have this software package that does a very essential task, but now it's outdated,
so we need to update it. So write us a new one. And make sure it does everything this one does.
So I would have to actually sit down and figure out what it was and how it worked,
and then write software that replaced it. So that's as simple as bringing something that's older up to date.
Correct.
But in the case of malware, walk me through the process of reverse engineering malware.
Right.
Well, it's the same kind of discipline that applies.
Let's say I'm a security company.
I've captured some malware from the wild.
I want to know what it is and what it does.
So I can put the malware into a sandbox environment and then monitor its behavior.
I can also do the same thing with malware that I did with my old software, where I can
decompile it and see what it is that it does, and hopefully I can get some source code out
of it, provided that the malware actually isn't encrypted with some key.
So there are cases where the malware is actually sort of trying to actively defend itself from
being reverse engineered.
Absolutely. What happens in a case like that? This is where the malware is actually sort of trying to actively defend itself from being reverse engineered.
Absolutely.
What happens in a case like that?
In a case like that, what normally happens when they're successful at reverse engineering is somehow they get a hold of the key, they find the key, because that key has to exist somewhere for the malware to decrypt its functionality. So now it's a combination effort.
So you're monitoring it in its sandbox environment to see when it accesses the encryption key
so it decrypts the part of itself that it needs.
So what's the balance between the practical applications of this
and something that's more pure research?
Well, the practical applications are developing software that does what old software did,
and it also helps in developing a signature for malware so that you can detect the malware.
All right. Joe Kerrigan from Johns Hopkins Information Security Institute.
Thanks for joining us. My pleasure.
And now a message from Black Cloak. Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover
they've already been breached.
Protect your executives and their families
24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire. We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Thank you. you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.