CyberWire Daily - The Martin NSA-contractor case. Fileless malware hits banks worldwide. DDoS tools undergo refinement. Ransomware developments. Industry notes.
Episode Date: February 9, 2017In today's podcast we review some updates on the Martin NSA-contractor case. Fileless malware hits banks worldwide. DDoS tools undergo refinement. Researchers take a look at ransomware developments. I...t's been an active week for the cyber sector in mergers, acquisitions, and venture funding. There's a new industry consortium for IoT security, and an autonomous vehicle consortium issues a manifesto for cooperation. Conga CISO Travis Howe shared his thoughts on privacy. The Johns Hopkins University's Joe Carrigan provides tips on third party DNS. And we suggest some good alternatives to doing random stuff. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
We've got an update on the Martin NSA contractor case.
Fileless malware hits banks worldwide.
It's been an active week for the cyber sector in mergers, acquisitions, and venture funding.
There's a new industry consortium for IoT security.
And an autonomous vehicle consortium issues a manifesto for cooperation.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Thursday, February 9, 2017.
A U.S. federal grand jury yesterday released its indictment of former NSA contractor Harold Martin.
He faces 20 counts of stealing classified information, one count for each document named in the indictment.
Classified information he apparently hoarded at his home in Glen Burnie, Maryland, a Baltimore suburb not far from NSA headquarters at Fort Meade.
Charged under the Espionage Act, but not charged with espionage,
Martin is alleged to have had some 50 terabytes of information in his possession.
That characterization might suggest that all the stealing was digital exfiltration,
but he's also reported to have carried home large quantities of paper
records, including handwritten notes, that were also highly classified. The agencies alleged to
have been affected by his activities include the National Security Agency, U.S. Cyber Command,
the Department of Defense, the National Reconnaissance Office, and the Central Intelligence
Agency. The material taken, insofar as prosecutors have characterized it,
sounds like a magpie's collection of stuff that should never have left the confines of Fort Meade,
including everything from NRO space launch information to the identities of covert operatives.
With that said, the indictment doesn't claim that he transferred the information to any third
parties, especially to any foreign intelligence agencies. This would
seem to account for why, although he was indicted under the Espionage Act, Martin wasn't charged
with espionage proper. Each of the counts of the indictment carries a potential sentence of 10
years, which is where the widely reported 200-year sentence comes from. Martin's attorneys haven't
made new public comments since the indictment was opened,
but after his arrest late last year, they indicated that they intended to defend him as a well-intentioned, if misguided, pack rat. 50 terabytes is a pretty big pack.
Mr. Martin will appear before a federal magistrate judge here in Baltimore next Tuesday.
A wave of fileless malware is reported to have infected more than 140 banks in 40 countries.
A bank security team noticed suspicious code inside a domain controller's physical memory,
which aroused their suspicions and sought help.
Kaspersky researchers investigated and found PowerShell scripts within Windows registries.
The attackers, apparently criminals, not state actors,
extracted privileged
credentials with the goal of compromising systems that control ATMs. Fileless attacks,
which embed their code in legitimate tools already present in the victim's environment,
are notably more difficult to detect than more traditional malware infestations.
Such attacks have characterized other high-profile attacks, but have been beyond the reach of more ordinary criminals.
The widespread fileless infestation banks are now coping with may suggest that this particular criminal technique is on its way to commodification.
Online privacy is an ongoing concern, affecting consumers, businesses, and the government.
Travis Howe is Chief Information security officer with Conga,
a company that provides a suite of applications that work with Salesforce.
We checked in with him for his take on privacy. We're just now at the bottom of the large curve
as to what's ahead. I mean, we have the accumulation of, you know, from a citizen
perspective, you know, all the information that Google and the Yahoo's, you know, collect and sell and resell and market, the public information on social media, IoT obviously is a huge component.
But if you take all this data that we talk about, you know, you can literally create a map of a person's life.
life. For those of us who are in the cybersecurity business, you know, what kind of responsibility do you think we have for taking a lead on this stuff, you know, protecting people who maybe
don't know to protect themselves? Awareness. We're coming at a time now where people are
taking attention to it, but they don't really understand what it all means and what the
ramification is. So I think it's really about getting that message out there so that they
can understand what they're signing up for and, you know, what they're sharing.
Do you think with the new administration coming in, the Trump administration,
is that a bit of an inflection point when it comes to this sort of thing?
Yeah, I mean, most definitely. I mean, I think that it's pretty clear that there's a desire to enhance the security of the country. What that means in reflection, you know, goes back to is something that's difficult to get back, and that's trust.
So I think it's going to be a significantly debated topic with the new administration.
I hope we come up with a good solution that doesn't dictate lowering encryption standards or having backdoors.
lowering encryption standards or having backdoors and the impact that that would have to to business and and privacy as a whole for everything that's not related to what they're
looking for so i think and hope that again the new administration gets the right people in place to
you know really understand what that bigger picture and longer term picture looks like and
not just specifically focus on you know the in my in point of view, the scapegoat of encryption.
That's Travis Howe. He's the Chief Information Security Officer with Conga.
There's more industry news this week.
In a cloud security and data leakage prevention play,
Forcepoint has acquired Imperva's SkyFence business.
Accenture has moved further into the U.S. government's cyber market with its acquisition
of privately held Endgame's federal business.
The Endgame unit, which specializes in proactive cyber defense, hunt-as-a-service capabilities,
red-teaming, and cyber operations, will be folded into Accenture Federal Services.
Shares of U.K.-based Sophos have surged following its announcement earlier this week
that it would be acquiring Invincia.
Investors seem to like the acquisition's promise of growth in the U.S. government,
health care, and financial sectors.
Bug bounty shop HackerOne has ridden its successful entry into U.S. Department of Defense business
to a $40 million Series C round.
And Exabeam, specialists in security intelligence, has also attracted a large Series C round,
$30 million, from investors led by Cisco Investments and Lightspeed Venture Partners.
The investors see Exabeam as a Splunk challenger.
Trident Venture Capital Cybersecurity, one of the largest VC firms in the space,
announced yesterday that it had raised $300 million to invest in cyber startups.
The amount is regarded by analysts as indicative of continuing private equity interest in the
sector. Looking for a common theme in recent M&A and VC activity, Light reading thinks it sees one, machine learning.
But the Internet of Things isn't being neglected either.
AT&T, IBM, Nokia, Palo Alto Networks, Symantec, and Trastonic have formed the IoT Cybersecurity Alliance, which is expected to work on end-to-end security for the IoT.
Another consortium, FASTER, for the Future of Automotive Security Technology Research,
has issued a manifesto intended to goad the industry into cooperation on autonomous vehicle safety systems.
FASTER's members include Intel, Uber, and IoT shop AERIS.
And to close out our discussion of the IoT, we return to the story we mentioned the other day,
And to close out our discussion of the IoT, we return to the story we mentioned the other day,
in which a teenager who goes by the nom-de-hack stack-over-flown hacked vigilante-style insecure printers to scare their users straight.
Motherboard has reached him.
He's surprisingly forthcoming.
His motivation? It was like this.
He said, quote,
It was just a night I was bored, to be honest, doing random stuff.
We bowed our eyes. Instead of stuff, he used a demonic caprology.
But of course, we're a family show here.
If you're bored with random stuff, by the way, why not get interested in cybersecurity and space?
And we mean cyberspace meets outer space.
And check out the Cosmic AES Signals in Space Monthly Cybersecurity Briefing.
You'll find it at cosmicaes.com slash newsletter.
Enjoy. on the cutting edge of technology. Here, innovation isn't a buzzword. It's a way of life.
You'll be solving customer challenges faster with agents,
winning with purpose,
and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now?
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies, like Atlassian and Quora,
have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security
questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta
when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1, dollars off. to stay home with her young son. But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel,
Night Bitch is a thought-provoking and wickedly humorous film
from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted
by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping
unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today
to see how a default deny approach can keep your company safe and compliant.
And I'm pleased to be joined once again by Joe Kerrigan.
He's from the Johns Hopkins University Information Security Institute.
Joe, we both have kids.
And when you have kids at home, part of what you have to do is look out for their security when it comes to cyber stuff.
Right.
And, you know, accidentally or on purpose or whatever, sometimes it's a good idea to kind of lock down what they can access on the computer.
I'm thinking specifically of adult content.
Correct, yeah.
And, you know, I don't know what you're doing at our house.
We found a really useful free service called OpenDNS.
OpenDNS.
And there's a number of services like this.
But what they do is they all intercept what's called DNS, which is Dynamic Name System.
And the way DNS works is when you and I are humans, right?
At least I think we are.
Last time I checked.
For example, if you want to go to Google, before your web browser can actually request that page from Google,
it needs to know the IP address that will be handling the request. So it has to go through a process called domain name resolution. And that's handled by DNS
servers. Right. And that's normally handled by your provider. Right. It's normally handled by
your provider. You can also set, there's free and open DNS services out there. Google actually
offers one. Right. So like, for example, with OpenDNS, which got bought by Cisco, they're part of Cisco now.
Right.
What I like about it is it's just kind of a set it and forget it sort of thing. It's
pre-configured to block adult content. You just point your DNS server to them and...
What they have is they have a blacklist of sites that generally people don't want their kids going to. So now when I go into my web browser
and I type in some site that kids shouldn't be going to,
the very first thing that happens still
is a domain name resolution process.
But when my domain name server sees
that I've requested a site that's on the blacklist,
it goes, no, you can't go to that site.
And that's the end of the transaction.
The web browser can't now request the web page because it doesn't know what the IP address of the server that holds the page.
And I also, I mean, this is a good idea in general, I think, for small businesses or
businesses in general. And of course, there are premium versions of it, but I will tell you that
I found out the hard way once sitting with a client in an
edit suite where I went to go to look up something on YouTube and I inadvertently left the Y
out of the word YouTube.
Oh, yes.
And as many of these sites do, they get the words where you mash the-
They get the common typos, yeah.
They get the common typo and boy, it was not YouTube.
And here I was sitting in front of a client and the things
that came up on my computer screen were not flattering i had the exact same thing happen to
me with my boss standing right behind me i was showing him this cool site i just found that i i
mistyped a u where i should have hit an i and a domain name and my my monitor just exploded in
porn it was great.
He just turned around.
He understood that I mistyped it, and he turned around and walked away.
Fortunately, this was back in the days before monitoring,
but I would have had to answer some questions now if I did that.
Yeah, it happens to the best of us.
So this sort of service is a way to kind of protect yourself from it
and maybe make it less likely to happen.
Yes.
All right, Joe Kerrigan, thanks for joining us.
It's my pleasure, Dave. And now a message from Black Cloak. Did you know the easiest way
for cyber criminals to bypass your company's defenses is by targeting your executives and
their families at home? Black Cloak's award-winning digital executive protection platform secures Thank you. Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious,
but also practical and adaptable.
That's where Domo's AI and data products platform
comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable
impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain
insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.