CyberWire Daily - The CyberWire 1.5.16
Episode Date: January 5, 2016Learn more about your ad choices. Visit megaphone.fm/adchoices...
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K. grid, the hunt for Jihadi John, hacktivist response to recent Saudi executions, and we
talk with the CyberWire's editor about the latest in power grid hacking.
I'm Dave Bittner in Baltimore with your CyberWire summary for Tuesday, January 5th, 2016.
Late December's cyberattack on a Ukrainian electrical utility has been linked to a variant
of the Black Energy Trojan, long disseminated by the Sandworm threat actors. The attack produced
rolling blackouts in western Ukraine, but ESET researchers believe the operation sought to affect
a much wider area than a single OBLAST. They found the malware in at least two other utilities'
networks. The attack was accompanied by a flood of calls to utility support centers,
effectively distracting responders through misdirection and some telephony denial of service.
Black Energy includes modules that establish persistence and can, if so desired, destroy files.
Ukraine's SBU security service unambiguously blames Russia for the operation,
the Kremlin has not commented, and Western observers tend to agree.
The nature of the hack, the ongoing tension between Ukraine and Russia,
and the absence of an obvious criminal motive strongly suggest state activity.
Coming after revelation of Iranian reconnaissance of a small New York state dams control system,
this attack heightens concerns about the cyber vulnerabilities of physical infrastructure. Observers are calling the attack on Ukraine's electrical utilities
the first case of the physical effects they've long predicted and long feared.
Hackers DDoS the Saudi Ministry of Defense to protest a leading Shiite cleric's execution.
Iranian media, generally sympathetic to protesters, says the hackers are Saudi Shiites.
As authorities hunt for Jihadi John, the latest murderous online face of ISIS,
the case for Dash's effective use of crypto increasingly strikes observers as weak.
PlayStation succumbed to a DDoS attack last night,
responsibility claimed again by the Phantom Squad skids.
Emsisoft finds new Java-based ransomware, Ransom32.
It's evasive and works across several operating systems.
Cisco discloses, on the basis of research by Synactive, that Jabber is vulnerable to
man-in-the-middle attacks.
No patch or workarounds are yet available, so use it with caution. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies
like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001. They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
And I'm joined by John Patrick, who's the editor of the Cyber Wire.
John, ever since 9-11, we've heard warnings of threats to our infrastructure.
In the past week or so, we've seen a couple of threats to infrastructure around the world.
The situation with the dam in New York State, which we'll get to in a minute.
But I'm particularly interested in the attack of the power plants that happened in Ukraine.
What can you tell us about that?
I think the first thing to say is that we need to keep this in perspective.
As the defense intellectual Peter W. Singer is fond of pointing out,
we have orders of magnitude more squirrel-induced power failures than we do
cyber attack-induced power failures. So we need to keep it in perspective.
So what exactly happened in Ukraine?
At the end of December, right around Christmas, the region around the western Ukrainian city of Ivano-Frankivsk started experiencing rolling blackouts.
It's now come to light, as announced by the Ukrainian security services, that this was a cyber attack, that the rolling blackouts were caused by a cyber attack that the Ukrainians claim was mounted by Russian authorities, by Russian security services.
And they apparently did that
by installing malware called Black Energy. Now, the Black Energy malware has been fairly well
known since about 2007. But it's interesting because this time it's being used to install
problems with control systems. It is, by the way, a problem with the grid, with the power
distribution system, not a destructive physical attack on power generation itself, but rather with power distribution.
So this is interesting and troubling for a couple of reasons, mainly because you have someone who is finally using a cyber attack to bring about a real physical effect, that is, blackouts in a power grid.
So what else can you tell me about this black energy malware?
It's got a few capabilities.
One of the more interesting ones is that it is capable of destroying files.
Apparently, it looks for files with certain extensions.
You can select the file extension, and it will destroy those files.
Did this attack occur in isolation?
No.
There were some other things that were going on,
and you often find certain forms of activity being conducted in conjunction with cyber attacks as a form of what magicians would call misdirections or as a form of what
military technicians would call a feint.
So in this case, you had, while the attack was going on, a very large number of telephone
calls being made to the service centers of the affected Ukrainian utilities, and these
had the effect of pulling responders away from
the actual problem that was going on in the grid itself.
So let's talk about the dam in New York State. It doesn't seem like there's any direct relation
between the two of them. It's just a coincidence that these two attacks happened within about a
week of each other. It is a coincidence that the New York State incident, and by the way,
that's a very small dam, so that we're not talking about a hydro of each other. It is a coincidence that the New York State incident, and by the way, that's a very small dam,
so we're not talking about a hydroelectric power generating station.
We're talking about the kind of small dam on a small stream
that's used for flood control, something like that.
Rye, New York is a town in Westchester County.
It's on Long Island Sound.
It's got this sluggish stream running through it.
The dam is there to prevent flooding, a fairly old dam, very small.
So what's disturbing about that is that big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very big, very they could do it, and two, that apparently the federal authorities who found out about it didn't promptly share the information with the people in Westchester
County who were cooperating with them in information sharing. All right, John Petrick,
once again, thanks for joining us. And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures
their personal devices, home networks, and connected lives. Because when executives are
compromised at home, your company is at risk. In fact, over one-third of new members discover
they've already been breached. Protect your executives and their families 24-7, 365,
with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire. We are proudly produced in Maryland by our talented team
of editors and producers. I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious,
but also practical and adaptable.
That's where Domo's AI and data products platform
comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable
impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain
insights, receive alerts, and act with ease through guided apps tailored to your role.
receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.