CyberWire Daily - The CyberWire Daily Podcast 2.10.16
Episode Date: February 10, 2016In today's podcast, we consider a possible shift in China's cyber espionage interests. Ransomware continues to spread indiscriminately. Analysts look at cyber company stock prices, and VCs continue to... invest in the sector. The US President's budget is out, and analyzed—there's a lot of funding for cyber security. The White House issues a "National Cyber Security Action Plan." And we hear from the Johns Hopkins University’s Joe Carrigan, who takes us through the privacy implications of some high-profile data breaches. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. back. If you're not killing these people, then who is? That's what I want to know. Starring Kaley Cuoco and Chris Messina. The only investigating I'm doing these days is who
shit their pants. Killer messaged you yesterday? This is so dangerous. I got to get out of this.
Based on a true story. New season premieres Monday at 9 Eastern and Pacific. Only on W.
Stream on Stack TV. Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash N2K and use promo code N2K at checkout. The only way to get 20% off is to go to joindeleteme.com slash N2K and enter code
N2K at checkout. That's joindeleteme.com slash N2K, code N2K. Investigation into FBI and Department of Homeland Security doxing continues. A cyber gang may have manipulated a regional currency exchange in Russia.
Some cyber story stocks recover a bit in a down market, and venture interest in the sector remains high.
Yesterday was patched Tuesday. We go over that.
The proposed U.S. federal budget includes a lot of spending on cyber,
and the White House announces a national cybersecurity action plan.
This is John Petrick, the CyberWire's editor in Baltimore, filling in for Dave Bittner with your CyberWire Daily Podcast for Wednesday, February 10th, 2016. Nation-state hacking continues to
royal international relations. China, in what Kaspersky
thinks is a pivot toward Russian target sets, possibly inspired by Sino-American cyber negotiations,
appears to be going after more Russian enterprises. In any case, Russia's apparently seeing a lot more
Chinese-speaking APTs nowadays. For all that apparent pivot, U.S. Director of National
Intelligence Clapper says Chinese cyber espionage against American targets continues unabated.
He characterizes the data theft as a hemorrhage.
Investigation into the doxing of the U.S. FBI and Department of Homeland Security continues, but without so far too much information about either damage or attribution.
Motherboard seems to have a source among those responsible, but little is known about them beyond their public adherence to Palestinian causes.
Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools. And a spa. And endless snacks. Yes! Yes! Yes! Transat. Travel moves us.
Do you know the status of your compliance controls right now?
Like, right now?
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting, and helps you get security
questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta
when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1, dollars off. puts her career on hold to stay home with her young son. But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel,
Night Bitch is a thought-provoking and wickedly humorous film
from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
Cyber threats are evolving every second, and staying ahead is more than just a challenge
it's a necessity that's why we're thrilled to partner with threat locker the cyber security
solution trusted by businesses worldwide threat locker is a full suite of solutions designed to
give you total control stopping unauthorized applications, securing sensitive data, and
ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company
safe and compliant.
The Cyber Warrior recently spoke with Joe Kerrigan of the Johns Hopkins University's Information Security Institute
about the implications of such breaches for privacy.
Here's what he had to say.
Once again, I'm joined by Joe Kerrigan
from Johns Hopkins Information Security Institute.
They're one of our academic and research partners. Joe, we see an endless stream of data breaches, some of the famous
ones like OPM and Target. Is giving up our privacy, is that just a cost of being online
these days in the digital age? A cost of being online, I don't know. Cost of doing business
with people, probably. Think about the Office of Personnel Management breach. This is something that people really didn't expect to have happen to them.
This is all their information when they apply for a security clearance.
They'd expect that information to be secure, and it just wasn't.
With Target, you're talking about the breach of credit card information.
That's not so damaging.
The credit cards can be replaced.
But then you start talking about Anthem Health when they got breached and all the personal information. That's much more damaging. The credit cards can be replaced. But then you start talking about like Anthem Health when they got breached and all the personal information. That's much more damaging.
Those kind of breaches, OPM, healthcare information getting leaked out because healthcare information
generally contains all the information I need to steal someone's identity. I thought something
that was interesting that happened right after the breach of OPM was made public was the
breach of Ashley Madison was made public.
Right.
And if I was the intelligence agency that had all of the OPM records,
I would be doing everything I could to get a hold of all the Ashley Madison records
and to find the intersection of those two record sets.
Why?
Because that is your high-value intelligence target right there.
This is people who I know have security clearances.
There was a story that came out that said there were.
There were about 14,000 matches.
Wow.
What's really important is that you have a secret that's exploitable,
that someone can say,
if you don't give me this classified information,
I'm going to let your wife know that you had a Ashley Madison account.
That makes the person vulnerable, and that might cost them their clearance.
All right.
Joe Kerrigan, thanks for joining us.
Returning to cybercrime news, the Russian hackers behind a wave of ATM heists are now thought to have been responsible for exchange rate manipulation at a Russian regional bank last year. The group, thought to be the gang known as
Mattel, seems to have gained access to trading system terminals at EnergoBank. This enabled
them to manipulate the bank's ruble-dollar exchange rates for their profit. It's worth
noting that this hack was local and didn't involve manipulation of global exchange rates or currency
trading as a whole. Ransomware, that is, crypto wall and its sisters in crime, continues to plague
businesses, particularly small and mid-sized firms. Compromised websites are serving up both
crypto wall and the anchor exploit kit. Heimdall says the sites are, quote, scattering the malware,
which seems a fair characterization of the indiscriminate way such commodity crimeware
is spreading. Law firms find themselves being targeted by Skype malware, the T9000 backdoor
described recently by Palo Alto Networks. The attacker's aim appears to be to establish
persistence in attorneys' networks with a view to harvesting sensitive information.
Some observers are calling the campaign a criminal form of e-discovery. Yesterday,
of course, was Patch Tuesday. Adobe, Google, and Microsoft all issued fixes. Microsoft alone
published 13 patches,
six of them for critical remote code execution vulnerabilities. There's considerable investor
news today about the cyber sector. Analysts look at recently depressed share prices of
cybersecurity firms, and most of them chalked a drop up to a mixture of general market nerves,
some specific disappointing notes, and above all, collateral damage from a pullback in related IT sectors.
There are, however, some encouraging signs.
FireEye, the story stock whose price drops have attracted considerable attention over recent weeks,
is up sharply as we speak.
Seeking Alpha attributes the rise to a pre-earnings upgrade by BTIG,
and also to analysts' sense that the company is turning around both cash flow and cost control.
A number of unicorns, demi-unicorns, and aspiring unicorns also continue to draw strong support
from venture capitalists. Hexadite attracts $8 million in Series A funding. Tenable Network
Security pulls in a $250 million Series B round. Tanium gets $120 million, and Cloudflare nets
$110 million. Fireglass emerges from stealth, and CodeDX is rumored to be an acquisition target.
The venture capital tracker CB Insights says that 332 cybersecurity firms received funding
last year, and there's a great deal of money being chased.
Estimates of the expanding global market for cyber range from $75 billion in 2015 to $170 billion by 2020. In policy and legislative
news, the pending Snoopers Charter in the UK receives mixed, but perhaps unexpectedly positive,
reviews for its balancing of privacy and security. And in the UK, current counter-extremism measures
raise worries about profiling. It's unclear whether those worries will outweigh concerns over the threat radicalization is seen to pose, particularly radicalization of the young.
Moving back to the U.S., despite reports that the FBI has still been unable to unlock a phone
associated with the San Bernardino jihadist massacre, and despite an ISIS video that uses
clips of Edward Snowden to boost ISIS sympathizers' awareness of the importance of encryption,
congressional appetite for restricting encryption appears to be waning a bit.
Senator McCain remains a bit of a backdoor hawk, but there is a newly introduced bipartisan bill
before the House that would preempt the states from doing anything to weaken encryption.
Both New York and California state legislators have recently proposed such laws,
and the House measure seems to be a response to those moves. The President's budget, that is the draft spending the Executive is proposing to
Congress, has now been out long enough for analysts to pore over. They deploy their usual hermeneutical
skills in close reading the document, and they see big increases in cyber spending across federal
agencies. Of particular note are strong support for cyber and defense science and technology
spending plans, new funds to bring U.S. Cyber Command fully into battery, and an increase in
funding for military cyber training. The White House has also proposed a national cybersecurity
action plan and done so to generally favorable reviews. The White House describes the plan as
bold, but the observers alike it see rather sensible continuity with
past administrations, a commitment to modernization of IT systems, a new federal CISO position,
and some common sense user education. Sometimes you don't have to be bold to do some good.
Finally, dost thou dwell in Hearthstone? Have a care, sirrah, lest thy churlish greed run thee
into darkness deep.
And on reflection, that news would have sounded funnier if my accent were more Jersey than New Jersey,
but then you've got to play the hand you're dealt.
Anyway, it seems someone's written a cheat that claims to enable players of the online fantasy game Hearthstone to break the rules by enabling them to spin gold and other valuables out of nothing.
In fact, the cheat's just malware.
So if you break the rules, you infect your device.
So come on, wizards.
Any archmages worth their staff should have seen that one coming.
Barlots.
Forget about it.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk. Thank you. Learn more at blackcloak.io. Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data
into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare,
and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps
tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com Learn more at ai.domo.com.
That's ai.domo.com.