CyberWire Daily - The CyberWire 1.6.16
Episode Date: January 6, 2016Learn more about your ad choices. Visit megaphone.fm/adchoices...
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
In today's podcast, as intelligence services increasingly link Russia to the cyber attack on Ukraine's power grid,
we discuss speculation about possible motives.
Iran, Saudi Arabia, and ISIS ramp up their mutually antagonistic postures in cyberspace.
We have more on MSISOF's discovery and description of the JavaScript-based ransomware-as-a-service tool, Ransom32, and we talk with the CyberWire's editor about some of these latest developments.
developments. I'm Dave Bittner in Baltimore with your Cyber Wire summary for Wednesday, January 6,
2016. To most observers, and those include, according to reports, U.S. intelligence services,
Russia looks like the most likely suspect in December's cyber attack on the Ukrainian power grid. That the rolling blackouts were caused by a cyberattack
is increasingly clear, but how the attack actually worked, however, remains a matter
for investigation. As ESET's reports suggest, signs point to black energy malware as the toolkit
used in the operation. Black energy was found in affected networks. But some industry observers
think it's too early to close the case, especially since much black energy functionality is not clearly related
to a capability to manipulate industrial control systems.
Other utilities around the world reassure stakeholders
they've taken precautions against similar attacks.
The motive for a Russian hack also remains unclear.
Even given ongoing fighting in eastern Ukraine,
the rolling blackouts don't have an obvious operational purpose.
Some speculate the episode amounts to dissuasion or saber-rattling or capability testing. In its
own bit of dissuasion, by the way, the U.S. Treasury Department has finalized and announced
its system of sanctions for hacking. Saudi Arabia and Iran seem poised to escalate their ongoing
tension into conflict in cyberspace, although neither state has, as far as it's known,
used its full cyber attack capabilities.
ISIS, implacably hostile to both Iran and Saudi Arabia,
has renewed its denunciations of the Saudi regime as tyranny
and Saudi soldiers as apostates.
Shiites, Christians, and Jews come in for their usual share of odium
in dash social media.
Western services are still working out their information operational response.
ISIS hasn't shown much ability to hack,
but there are no questions about its ability to inspire.
Genius Jordan, known for attacks on Kuwaiti and Nepalese sites,
defaces Ugandan foreign ministry sites
with protests of U.S. and Israeli actions in the Middle East.
In Southeast Asia, Anonymous takes down Thai police sites to protest death sentences
handed down in the case of two murdered tourists. The hacktivist collective sees
the suspects as having been railroaded for the sake of Thailand's tourist industry.
Analysts review Ransom32, which Emsisoft described earlier this week.
In regards to Ransom32's JavaScript-based
ability to affect different operating systems, Emsisoft's CTO Fabian Vossar told the CyberWire,
quote, the way Ransom32 works leads to the logical conclusion that upcoming versions will target
multiple OSs, whereas most ransomware is confined to a single or a limited number of OSs.
Herr Vossar also thinks Ransom32
is disturbing in its crimeware as a service distribution. Quote, you can configure your
very own ransomware and buy it from the website, he told the Cyber Wire. While this isn't entirely
new for malware in general, in the ransomware segment specifically, it is innovative.
Emsisoft also points out that whoever put Ransom32 together did their crypto
homework and got it right. That doesn't always happen with crimeware, whose work is as susceptible
to bugs as is legitimate software. We see an example of such bugginess with the competing
ransomware Linux.encoder, now on its third release and still, according to Bitdefender,
crackable. We'll keep an eye on Ransom32, and you should too.
In other news, Rapid7 finds issues with Xfinity's home security system,
and Android patches 5 security flaws.
Do look to the security of your Android devices.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks. But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide. ThreatLocker, the cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
I'm joined by John Petrick, editor of the Cyber Wire.
John, once again, the situation with the Ukrainian power grid is in today's
edition of the Cyber Wire. Why attack the Ukrainian power grid? Why is this a target for Russia?
Power grids can be attacked for all sorts of reasons. There are military objectives. A power
grid, for example, could be the thing that you're using to run your air defense systems, things like
that. That doesn't seem to be the case here at all. There doesn't seem to be any direct military payoff. So speculate about Russian motives. And most people think that it was
Russian security services who were responsible. The Ukrainians say that. And there are reports
today that U.S. intelligence services are reaching the same conclusion quietly. So why would they do
it? And the best speculation seems to be that it is a form of deterrence, a kind of dissuasion, letting an opponent know that you can hold important things at risk.
Why now?
Well, at the beginning of January, Ukraine has been scheduled to start some closer moves towards integration with the European Union.
So there's that.
And that certainly is a development
that would be unwelcome to the Russians.
In other news, again today we talked about the new Ransom 32 exploit.
Why is this one particularly noteworthy?
It's interesting because, and Emsisoft is the outfit
that found and described the ransomware.
It's interesting because ransomware hasn't so far been offered
under a crime-rise-a-service model on the black market.
There's plenty of ransomware that's been out there,
but it hasn't been distributed in this particular way.
And Ransom32 is.
It looks like a turnkey solution,
and it's something that you can use with relatively little skill.
So that's interesting.
It's also dangerous.
All ransomware is dangerous, of course,
and most people will know that what ransomware does
is encrypts a user's files and then asks him for money
or her for money so that they can receive the encryption key
and get their files back, get the use of their files back.
So they're always dangerous.
But this is particularly dangerous
because the people who wrote the crimeware seem to have done, as
Emsisoft says, they've done their homework when it comes to encryption.
They've done it right, they say. And that may sound simple,
but as Emsisoft points out, there are a lot of pieces of ransomware
that have been buggy. And this one seems not to be buggy. There is some
buggy ransomware in the news today.
There's a competitor called Linux Encoder, and it hit its third release,
and Bitdefender is already saying, we can decrypt it, we can break it.
So the criminals who write software have just as many problems
as the legitimate people who write software.
It's good to remember that.
So are we heading towards a point where anyone can spend a few dollars in Bitcoins,
run their own ransomware program and profit? I don't know that anyone could do it. You certainly
don't need a lot of technical skill to use these solutions, which is why they're successful on the
black market. So you can get these things and use them without being a genius hacker yourself,
and that's why they're disturbing. There's a kind of proliferation going on with them.
If people want to learn more about the Ransom32 exploit, where can they go?
I would go right to the people who discovered and described it. I think you can find out
a lot of good information at msisoft.com.
All right. John Petrick, once again, thanks for joining us. And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
is by targeting your executives and their families at home.
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data
into innovative uses that deliver measurable impact. Secure AI agents connect, prepare,
and automate your data workflows, helping you gain insights, receive alerts, and act with ease through guided apps
tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.