CyberWire Daily - The CyberWire Daily Podcast 2.11.16
Episode Date: February 11, 2016In today's podcast, we look at a variety of threats to taxpayers during the run-up to April 15. Ransomware continues its spread, now with UmbreCrypt, a CrypBoss variant. Cisco and SAP both issue signi...ficant patches. Anonymous refines its target list, and White Team vigilantes go after LizardSquad. VTech revises its terms and conditions (but this may not solve toy privacy issues). And we hear from the Johns Hopkins University's Joe Carrigan, who takes us through the privacy implications of some high-profile data breaches. http://thecyberwire.com Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K. 15th. Bogus Android security apps target users in China. A new ransomware variant appears.
More on the doxing of the FBI and Department of Homeland Security. There's a new approach
to installing pay card skimmers. Anonymous hits three new targets. Vigilantes go after
Lizard Squad, and a toy maker hides behind its terms and conditions.
This is John Petrick, the CyberWire's editor in Baltimore,
filling in for Dave Bittner with your CyberWire Daily podcast for Thursday, February 11, 2016.
Tax issues headline recent cyber threat news.
In the U.S., the Internal Revenue Service reports that somewhat more than 100,000 taxpayers' e-file credentials have been the targets of an attempted compromise. The incident,
the IRS says, was an automated attack on its electronic filing PIN application. The service
says it detected and contained the attack without any loss of personal data and that its notifying
taxpayers whose e-file accounts were prospected by the
attackers. Palo Alto Networks warns that tax-themed phishing email is distributing the NanoCore
remote-access Trojan. NanoCore is a commodity bit of crimeware that was, according to Symantec
researchers, first released in late 2013. It's said to have been most often seen in attacks
against energy sector targets. Cheap, easy to deploy, and appealing to opportunistic criminals,
the RAT has been widely circulated since last year.
NanoCore is modular, and Palo Alto summarizes its premium plug-ins functionality in a list.
Key logging and password recovery, stress testing or denial of service,
downloading, execution, or other software installation,
remote CLI and UI, registry editing, SOX proxy, firewall modification, and finally webcam and audio controls. It's worth noting that this campaign isn't confined to North America.
Phishing emails have been observed in Western Europe and Asia as well. What's new here is what
Palo Alto calls the installation of, quote,
full-featured rat implants, unquote.
What's not new is that it's phishing.
As always, users should be on their guard
against plausibly themed emails
when words like attention, urgent attention,
and your taxes appear in a subject line.
Well, then, caveat lector.
NCR warns that it's found some external card skimmers installed on NCR-built ATMs
and also on machines manufactured by Diebold.
Many card skimmers, particularly those in use of gas pumps,
are internally installed to swipe card info at the bezel.
But this new breed attaches instead to network communication cables external to the ATM itself.
NCR advises those installing ATMs not to leave these cables exposed.
And Brian Krebs advises ATM users to move on to a different machine
if something looks not quite right about the one they're about to use.
He's got photos of compromised cables up on his blog.
There's more patch news out today.
SAP has patched a problem in its manufacturing integration
and intelligence industrial control system product.
Cross-site scripting and missing authentication are among the likelier possible exploits foreclosed by the patch.
Cisco has clapped a stopper over a buffer overflow vulnerability in its ASA software.
This flaw could be exploited for remote code execution.
SANS reports there's active scanning for the vulnerability in the wild.
It's a critical patch, and administrators should apply
it as soon as possible. Investigation into doxing at the U.S. Departments of Justice and Homeland
Security continues. It seems likely that the attacker's point of entry was a compromised
staffer account used to socially engineer an agency help desk. Those responsible, now going
by the name the.govs and probably tweeting a bit too cheekily and often for their continued
anonymity, have posted their take on Cryptob crypto bin which according to tripwire has since become
much less accessible to searches like so worried about my sister you're engaged you cannot marry
a murderer i was sick but i am here returning healed. Returning to W Network and Stack TV.
The West Side Ripper is back.
If you're not killing these people, then who is?
That's what I want to know.
Starring Kaley Cuoco and Chris Messina.
The only investigating I'm doing these days is who shit their pants.
Killer messaged you yesterday?
This is so dangerous. I got to get out of this.
Based on a true story.
New season premieres Monday at 9 Eastern and Pacific.
Only on W.
Stream on Stack TV.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatL are evolving every second, and staying ahead is more than just a challenge. It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
sensitive data and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant.
With doxing and tax fraud scams in the news,
it's worth considering what's at risk if someone gets a hold of some crucial bit of personally identifying information,
like a social security number.
The Cyber Warrior spoke to the Johns Hopkins University's Joe Kerrigan about the implications of such a compromise.
Joining me is Joe Kerrigan from Johns Hopkins Information Security Institute.
They're one of our academic and research partners.
Joe, we talk a lot about securing our information,
and one of the best things you can do to secure your information
is choose what information you want to share with someone.
Absolutely. That's 100% correct.
So in a health care situation, very often I'll go and I'll visit a doctor,
and they'll ask me to give them my social security number.
You say, not so fast.
Exactly.
I never give them my Social Security number when they ask for it.
They really don't need it to provide you the health care you need.
I had an experience this past summer where my wife was in for a procedure.
They asked for my Social Security number as the insured person,
and I said, no, I'm not giving you my social security number because you're a hospital.
And I know what your network's like.
So you're saying hospitals have a history of being insecure.
Yeah.
There's a lot of issues that are unique to health care and hospitals that make it so that that's not a place where I'm comfortable having my Social Security number stored.
Let's say it that way.
Okay.
So the person at check-in said, we're going to need this Social Security number in the event that there's some kind of mix-up with the insurance company.
And if you don't provide that to us, that's going to be a bigger hassle to you down the road.
I said, I'll take the hassle now.
I'll take that hassle because that's a different hassle than trying to clean up an identity theft problem.
Over the years, the Social Security number has become a more important piece of information.
I remember back when I was in college, our Social Security numbers were on our student ID cards.
It was everywhere, and nobody really worried about it.
Why have social security numbers become something to protect as of late?
You need four pieces of information to open a credit card in someone's name.
You need their name, their address, their date of birth, and their social security number.
You think about when you were in college, when I was in college,
in order to get that information from somebody, I pretty much had to know them.
The internet wasn't as open as it is now.
We were using it.
But it wasn't what it is today.
It wasn't as widespread.
So your social security number was relatively private at that point in time.
Now I can download thousands of people's social security numbers.
And not only their social security numbers, but all their identifying information from some breach somewhere and just wholesale just go around exploiting that information and stealing identities, opening bank accounts and credit cards and other people's names.
So it's really a matter of the ease at which all that vast amount of information can be accessible compared to how it used to be.
Exactly.
Now we can get to that amount of information, huge amounts of information, at very low cost.
All right.
Joe Kerrigan, thanks for joining us.
My pleasure.
Anonymous is back with some new but foreseeable target sets.
Recognizing that there are greater threats out there to the commonweal than the civil
servants of York County, Pennsylvania, the hacktivist collectum goes after three new
targets.
the civil servants of York County, Pennsylvania, the hacktivist collectum goes after three new targets. North Korea, to protest the DPRK's presumably easily militarized satellite launch.
Saudi Arabia, to protest various human rights issues and to demand the kingdom's exclusion
from the Olympics until it makes progress in the way it treats its subjects. And South Africa,
where a job portal is attacked to protest child labor practices. In other hacktivist news, white team vigilantes struggle with Lizard Squad,
contesting control over a network of compromised home routers.
In fairness to Lizard Squad, characterizing that loose group as hacktivist is perhaps at this point misleading,
given its steadily increasing participation in criminal black markets.
According to Forbes, white team, which is a bit less communicative than its opposition,
says that it hasn't been in any particular trouble with law enforcement. But it's worth noting that,
in many jurisdictions, including those in the U.S. and the U.K., such vigilante hacktivism is against
the law. Finally, you may recall the hacking of Toymaker VTech and the attendant privacy issues
to which its customers were exposed. Part of the company's response is apparently to have been to revise its terms and conditions of use. Security blogger Troy Hunt close reads these and
finds this text down in section 7 where VTech addresses limitation of liability and we quote,
you acknowledge and agree that any information you send or receive during your use of the site
may not be secure and may be intercepted or later acquired by unauthorized parties, unquote. One And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home,
your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families
24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Thank you. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com. That's ai.domo.com.