CyberWire Daily - The CyberWire 2.2.16
Episode Date: February 2, 2016Learn more about your ad choices. Visit megaphone.fm/adchoices...
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
German security services point to Russia as the culprit in last year's Bundestag hacks.
Sentinel-1 continues to warn against black energy the u.s congress
looks at the now closed juniper back door and doesn't like what it thinks it sees fire eye
buys in botas bell aerospace acquires wavefront quick heal says it's ready for an ipo and alert
logic says it will be ready for its own next year the cyber sector continues to watch the
strange case of norse and finally we take a look at the sorry wages of cybercrime.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Tuesday, February 2, 2016.
The 2015 breaches of Bundestag systems in Berlin, so far unattributed, are looking more like a Russian operation.
An anonymous source within the Russian security services told Spiegel that the attacks were, quote,
clearly attributable to a Russian military intelligence service, end quote.
Deutsche Welle cites observers who think the deep game is destabilization of the European Union,
with a playbook taken from hybrid
operations Russia has conducted against Ukraine, cyber operations, exploitation of expatriate or
ethnic Russian sentiment, and so on. Sentinel-1, having completed, it says, reverse engineering
the Black Energy 3 malware kit, wants everyone to pull their heads out of the sand. A company
executive is quoted by the Voice of America as saying, This is cyber warfare. We need to wake up and see that this is war.
Black Energy still seems an espionage kit, and the other observers wonder how it's implicated
in what Sentinel-1 and others have called a widespread campaign aimed at disrupting utilities.
Has Black Energy acquired some ability to manipulate control systems? This seems to
most observers as doubtful.
Or is it being used to harvest operator credentials?
More investigation seems clearly in order.
The U.S. Congress is turning its attention to the possibility that the encryption issue in Juniper Products,
which Juniper closed last month,
may have its roots in an NSA-developed encryption algorithm
widely suspected of having been constructed with an intentional backdoor.
If that turns out to be the case, it may represent a security own goal.
The U.S. government is a big Juniper customer,
and the gear the Feds bought and use apparently has a backdoor
as big as anything sold to other customers.
DDoS attacks have become by many accounts
the single most common cyber assault on financial services enterprises.
HSBC has recovered from last week's incident, but the trend looks like an enduring one.
And not only banks are affected.
The Elder Scrolls online game reported a DDoS episode yesterday.
Any enterprise that depends for its business on maintaining high levels of Internet access for its customers is vulnerable to DDoS.
maintaining high levels of Internet access for its customers, is vulnerable to DDoS.
Virtual private server provider Linode publishes a commendably forthright account of the attack it sustained at the end of December, including the lessons it learned in response.
The motivations for DDoS are generally one of these three.
Hacktivists who disapprove of an enterprise or of some cause connected with an enterprise
often mount denial-of-service campaigns.
or of some cause connected with an enterprise,
often mount denial-of-service campaigns.
Relatively easy and inexpensive to mount,
DDoS ranks up with website defacements as a common hacktivist tactic.
A second common motivation for denial-of-service attacks is extortion.
In the early days of cybercrime,
denial-of-service was used to hold online gambling sites up for ransom,
and there's been some evidence that this form of criminal activity is enjoying an uptick. And finally, the third and in some ways most sophisticated use of DDoS is as misdirection for some other more serious attack. If you can occupy incident responders with a big, noisy
denial-of-service campaign, they may well overlook, for example, your quieter efforts to gain
persistence in their network. In industry news, FireEye makes another acquisition,
this time of automation shop Invodus.
This is thought to be a play that will improve incident response capabilities.
Bell Aerospace enters the cybersecurity market with its purchase of Wavefront.
QuickHeal is said to be preparing for an IPO next week, and AlertLogic says it's using 2016 to prep going public next year.
Norse Corporation's main website is still dark,
although its Dark Matters news page and labs site were online today.
Forbes comments on what it calls the chaos left for presumably former employees.
Quoting Norse's CTO is rather surprisingly saying
he doesn't know whether they're still in business.
Forbes also notes the investment KPMG Capital made in Norse this past autumn,
and CSO offers what it calls a deconstruction of Norse reports on Iranian cyber operations.
It sees such reporting as a cautionary tale of what can happen at the intersection of marketing
and tendentious analysis.
And we conclude with some news on trends from the cyber criminal underground.
With the big losses businesses report
when they're hacked, aspiring cyber gangsters might imagine that cybercrime is a royal road
to riches, but not so. As is usually the case, crime is less lucrative than fantasies of greed
suggest. A Ponemon Institute study commissioned by Palo Alto Networks paints a familiar picture
of crooks taking the obvious lowball score when they could really earn more money with an actual legitimate job.
The comparison with street drug sales is obvious.
The retailer runs huge risks with very little prospect of reward.
Not that we're encouraging IT departments to hire criminals,
or, for that matter, discouraging them,
but really, you'd be much better off working at a help desk
than trying to set up as a behooded crime lord.
The study suggests the typical cyber crook gets a bit less than $29,000 a year for an average of 705 hours of work. Granted, the 705 hours isn't full-time,
but the pay is still not great. We're reminded of the scene in Donnie Brasco where Pacino's
character is trying to break open a parking meter to get at quarters. The wages are low,
and really, you're going to break your parents' hearts.
Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools. And a spa. And somewhere hot. Yeah, with pools.
And a spa.
And endless snacks.
Yes! Yes! Yes!
With savings of up to 40% on Transat South packages, it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply.
Air Transat. Travel moves us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting, and helps you get security
questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta
when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide. ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant.
Joining me is John Petrick, editor of the Cyber Wire.
John, let's talk hacktivism.
It comes up in the Cyber Wire fairly regularly. So what is hacktivism. It comes up in the cyber wire fairly regularly.
So what is hacktivism? Well, you know what hacking is, right? Of course. Well, a hacker is someone who looks for and exploits weaknesses in computer systems or networks, and typically someone who
does that illegitimately or illegally. Now, there can be white hat hackers who are legitimate
vulnerability researchers, and there can be black hat hackers. Usually when people say hacker,
they're typically talking about a black hat.
So what's a hacktivist?
There are all kinds of people who take action
against computer systems and networks,
and they can be distinguished and classified by their motivations.
So, for example, a state intelligence service
might hack for purposes of espionage.
A cyber criminal has obvious criminal
motives. What are they doing? They're looking to steal identities. They're looking to steal money.
They're looking to extort ransoms, things like that. A hacktivist is someone who isn't motivated
by money and who's not directed by a state. So a true hacktivist is motivated by political or
religious or ideological considerations.
That's a hacktivist. What's the general view of hacktivists?
Are they looked upon as being a force for good or a good force for bad, or does it depend?
It depends on what you mean.
And if you look around the world, you'll see different hacktivist riots, cyber riots going on all the time.
There's a lot of cyber rioting, for example, in South Asia.
And you see what people call patriotic hacktivism going on with people swapping hacks between Armenian and Azerbaijani.
Describe to me what you mean by a cyber riot. What is that?
A cyber riot is when you have, it's like a riot in physical space except it's conducted in cyberspace.
Cyber riot is when you have, it's like a riot in physical space, except it's conducted in cyberspace.
So what's a riot like?
It's when you've got a lot of disorganized people running around, breaking things, looting, causing disorder.
That's a riot.
And a cyber riot is doing that in cyberspace.
So if you've got a lot of people all of a sudden defacing websites, breaking into databases, things like that, and they're not doing it for any kind of obvious criminal motivation
or for any kind of obvious, under any kind of obvious central state direction,
that's probably a cyber riot.
And it's blurry because just as you have people who riot to protest or to break things,
you've also inevitably got the people who are running along behind the other rioters looting from stores.
The same thing happens in cyber rioting.
John Petrick, editor of the Cyber Wire.
Thanks for joining us.
We'll talk again soon.
And now a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk. In fact, over one-third of new members
discover they've already been breached. Protect your executives and their families 24-7, 365
with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Thank you. and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare,
and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps
tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com Learn more at ai.domo.com.
That's ai.domo.com.