CyberWire Daily - The CyberWire Daily Podcast 2.4.16
Episode Date: February 4, 2016The Emissary Trojan evolves. An active campaign hits WordPress sites with the Nuclear exploit kit. A patch for Chromodo is coming. A former Norse insider disputes negative accounts of the company's bu...siness. Studies of trends in cyber conflict. Google moves against online radicalization. Card skimmers and malware-serving invoices. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
The emissary Trojan evolves,
apparently in response to being tracked by threat intelligence jobs.
An active campaign is hitting WordPress sites with a nuclear exploit kit.
Komodo is working on a patch for Chromodo.
A former Norse insider disputes negative accounts of the company's business.
Analysts offer their sense of the trends in cyber conflict,
with particular attention to the U.S., Russia, and China.
Google makes tentative moves against online radicalization.
And we look at the state of card skimmers and malware-serving email invoices.
This is John Petrick, the CyberWire's editor in Baltimore, filling in for Dave Bittner
with your CyberWire Daily Podcast for Thursday, February 4th, 2016.
Palo Alto Networks has been keeping an eye on Operation Lotus Blossom,
an attack campaign using the emissary Trojan.
Since publishing a report on Lotus Blossom late last year,
Palo Alto has noticed that emissary is morphing,
apparently in an attempt to avoid detection and analysis,
and it's doing so at a faster clip than before.
Used almost entirely against targets in Taiwan and Hong Kong,
the evolution of this remote-access Trojan suggests strongly
that the authors of sophisticated malware are tracking threat intelligence,
the better to evade defenses.
A large and active campaign to install the nuclear exploit kit's
backdoor data Andromeda payload is afflicting WordPress sites this week.
Sucuri detected the uptick in infections.
Apparently, the attack code redirects traffic initially to domains that seem to host ads,
then, after this initial misdirection, onto the nuclear kit itself.
Backdoor.andromeda, known since 2014, has been used to steal data or to execute code on victim machines.
WordPress issued a security update earlier this week, and while it's not yet clear the patch
would fend off the Neutrino campaign, users would be wise to apply the update in any case.
In other patching news, Komodo says it's working on a fix for problems recently disclosed in its
Kromodo browser, and an update is expected from them next week.
In industry news, Skybox Security and eSentire both raise significant amounts of new funding.
Cisco is buying the IoT shop Jasper Technologies for a reported $1.4 billion.
Apple hires, or at least acquires, it's not entirely clear which.
The Legbacore researchers have found the OSX
Thunderstrike vulnerability last year.
And we continue to follow the fate of Norse Corporation.
Its recently departed CEO, Sam Glines, has a long letter out,
published in CSO's Salted Hash blog,
in which he defends Norse's integrity and challenges
much of the speculation that surrounded the company
and its products this week.
Threat trend watchers will doubtless read with interest CrowdStrike's global threat report
just released. The report sees an increase in nation-state cyber conflict, more criminal resort
to extortion in its various forms, and an increase in hacktivism matched by greater censorship and
response. This last trend, CrowdStrike suggests,
will be most pronounced in the Middle East.
National intelligence budgets and strategy documents
are also out for the U.S., Russia, and China.
The U.S. Department of Defense has asked for some $7 billion
to support cyber capabilities in 2017.
Russia, which correctly sees itself as not exactly
an American cyber good graces,
responds with plans to spend the equivalent of $250 million on cyber offense alone.
Moscow also takes time to point out to the world that it has some of the best hackers going.
And scrutiny of China's five-year plan suggests to analysts that agriculture and alternative energy will be the two economic sectors of particular interest to the PLA over the next few years.
The big issue for many security and diplomatic services, of course, is what to do about ISIS messaging.
That ISIS messaging continues to inspire recruits, as evident in arrests from Kansas to Dortmund,
but what to do about that inspiration in terms of information operation remains very much up in the air.
Saudi Arabia is standing up an effort to monitor radicalization in social media.
Israel offers intelligence cooperation to other nations who are seriously interested in opposing ISIS. And the U.S. Secretary of State makes a controversial foray into lay theology,
denouncing the caliphate's adherence as a bunch of apostates. From Silicon Valley, however,
we see some stirrings of
contributions from the private sector. Google is said to be planning to display anti-radicalization
and counterterrorism messages, along with search results whose terms suggest that the
searcher might have an interest in joining ISIS. Privacy Shield is replacing the former
U.S.-EU safe harbor agreement, but the EU says businesses should realize that full details
won't be worked out until April.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Cyber threats are evolving every second, and staying ahead is more than just a challenge. Thank you. give you total control, stopping unauthorized applications, securing sensitive data, and
ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company
safe and compliant.
Black Energy continues to prompt concerns about the security of utilities.
And we hear from a policy expert on what's involved in securing critical infrastructure.
I'm joined by Marcus Roshecker.
He's a cybersecurity program manager at the University of Maryland Center for Health and Homeland Security.
They're one of our academic and research partners. We've had a lot of stories on the Cyber Wire lately about the cyber threat to critical infrastructure, particularly with the recent
attack on the power systems in Ukraine. In your view, how serious a threat is this?
Certainly a very serious issue. The events in Ukraine are significant because it marked the
first time that a cyber attack was successful in shutting down power on a power grid. Here in the
United States, we're obviously also very concerned about a successful cyber attack against critical
infrastructure. But the good news is that according to experts in the field, it seems that the likelihood of a successful cyber attack against their critical infrastructure sector, especially the power grid, is low in this country.
But that doesn't mean that we don't have to be concerned.
Obviously, the consequences of a successful attack would be severe, both in terms of national security impacts, economic impacts, but also basic
public safety and health impacts. All of these issues are so important and so critical to deal
with that we can't take our eye off the ball here. So both here in the United States and globally,
what makes critical infrastructure an attractive target for attackers?
I think critical infrastructure is an attractive target to hackers
simply because of the consequences that could result from a successful attack.
There are national security implications, there are severe economic implications,
and there are basic public safety and health implications
should a cyber attack on a critical infrastructure be successful.
Marcus Roschekker from the University of of Maryland Center for Health and Homeland Security.
Thanks for joining us.
To return to cybercrime, you've heard, of course, of card skimmers, those devices attached
for the most part to self-service point-of-sale terminals like gas pumps or supermarket express
checkout lines.
Criminals use the skimmers to harvest payment card information.
You may have wondered what they look like, and you may have imagined that they'd be easy to recognize.
Well, as to what they look like, Krebs on Security has a photo up that shows a skimmer removed from, Krebs says, a Safeway store in Maryland.
It's pretty plausible looking to our eyes.
And as far as gas station pump skimmers are concerned, they're even more insidious, harder to detect because they're usually mounted internally to the pump.
So how do the crooks get into the pump, you may ask?
With a gas pump universal key.
These are readily available online, they don't cost much, and they're easy to purchase legitimately.
If you run a gas station, a smart deputy sheriff gave us this advice about an easy way to protect
your customers.
Use a padlock on your pumps.
Finally, in what's surely in the running for the title of least convincing malware-bearing spam ever, someone's sending Marks in the UK an invoice bearing the Drydex banking trojan.
So far, so familiar. But the invoice itself? It's a bill for hiring a toilet.
Okay, well, this isn't perhaps as obviously off the mark as other questions or
come-ons we've heard like, are you sure you didn't get married? Or really, are you certain you've
never visited Antarctica? Or even the Prince of Poirier has been moved by the spirits to leave
his considerable fortune to you if you act now. We do think you'd be likely to remember if you'd
rented a toilet. So don't please open this sort of thing,
even out of curiosity. Happy emailing and stay safe.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your executives and their families at home? Black Cloak's award-winning
digital executive protection platform secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact, over
one-third of new members discover they've already
been breached. Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Thank you. that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps
tailored to your role.
Data is hard.
Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.