CyberWire Daily - Threat actors were able to see Microsoft source code repositories. Zyxel closes a backdoor. Kawasaki discloses data exposure. Slack’s troubles. Julian Assange escapes extradition to the US.
Episode Date: January 4, 2021Updates on the spreading consequences of Solorigate, including Microsoft’s disclosure that threat actors gained access to source code repositories. A hard-coded backdoor is found in Zyxel firewalls ...and VPNs. Kawasaki Heavy Industries says parties unknown accessed sensitive corporate information. Slack has been having troubles today. Andrea Little Limbago from Interos on democracies aligning against global techno-dictators. Our guest is Drew Daniels from Druva with a look at the true value of data. And a British court declines to extradite WikiLeaks’ Julian Assange to the United States. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/1 Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Updates on the spreading consequences of Soloragate,
including Microsoft's disclosure that threat actors gained access
to source code repositories.
A hard-coded backdoor is found
in ZEISSEL firewalls and VPNs.
Kawasaki Heavy Industries says
parties unknown accessed
sensitive corporate information.
Slack has been having troubles today.
Andrea Little-Limbago from Interos
on democracies aligning
against global techno-dictators.
Our guest is Drew Daniels from Druva with a look at the true value of data. And a British court declines to
extradite WikiLeaks' Julian Assange to the United States.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Monday, January 4th, 2021.
Microsoft last week updated its account of Soloragate,
the large cyber espionage campaign,
generally attributed to Russia's SVR.
Redman says the threat actors gained access to several of the company's source code repositories.
The intrusion is believed to have been limited
to inspection of the code.
Microsoft reports that it found no evidence
that any code had been altered,
that it's contained and remediated the infestations it found, and that the company's
assume-breach approach to security limited the damage. CISA has directed all federal organizations
to upgrade their SolarWinds Orion instances to the latest version. The agency had earlier told
them to hold off on updating their software
until it had an opportunity to assess the effectiveness and the effects of the upgrade.
It's now done so, and it's determined that SolarWinds has fixed the vulnerabilities in Orion
and that agencies should move to the new software promptly.
The New York Times review of the Soloragate affair puts the tally of affected networks,
both government and corporate, at upwards of 250.
The campaign is thought to have succeeded in part because it was staged through servers in the U.S.
at the time when NSA and U.S. Cyber Command were focused on election security
and their own penetration of hostile infrastructure.
The cyber espionage is unusually troubling because the persistence it established
could amount to battlespace preparation for future destructive attacks.
Researchers at the Dutch firm iControl have found a hard-coded admin backdoor
on ZyZil firewalls and VPN gateways.
ZDNet reports that more than 100,000 users are affected.
ZyZle's security advisory says that patches are available for affected products
in its ATP-USG, USG Flex, and VPN series.
A fix for the NXC series is expected in April.
Users are advised to apply the available patch.
ZEISEL describes the backdoor as follows,
A hard-coded credential vulnerability was identified in the ZYFWP user account
in some ZEISEL firewalls and AP controllers.
The account was designed to deliver automatic firmware updates
to connected access points through FTP.
to deliver automatic firmware updates to connected access points through FTP.
The downside of this is obvious, and the vulnerability is readily exploited by IoT botnets set up for password attack. So do patch. Vulnerable systems are readily accessible.
Any prospective attackers apparently do not need any other prior access to them.
not need any other prior access to them. Kawasaki Heavy Industries disclosed last week that its networks had been subjected to unauthorized access by external parties unknown.
The Tokyo-headquartered industrial conglomerate says that sensitive corporate information was
exposed, but that no personal data were at risk. Reports in the Japan Times suggest that the
information compromised was
related to defense programs, but beyond that, little is publicly known about the incident.
The intrusions were first detected in June. The company says that it had completed remediation
by early December. The first work week of the new year got off to an unpleasant start with respect to the widely used business collaboration tool Slack.
Slack users began to experience outages around 10 o'clock this morning, and at 11.30 the platform declared that it was a general outage.
Something's not quite right, was the understated notification posted to the company's status page.
Shortly before noon, Slack amplified, writing,
status page. Shortly before noon, Slack amplified, writing,
There are no changes to report as of yet. We're still all hands on deck and continuing to dig in on our side. We'll continue to share updates every 30 minutes until the incident has been downgraded.
Around 12.30 Eastern Time, Slack said that users had begun to see an improvement in service.
A system refresh is apparently having good effect, but the company
remains cautious about declaring victory. In the UK, the Westminster Magistrates Court has
blocked extradition of WikiLeaks impresario Julian Assange to the US. TechCrunch reports
that Judge Vanessa Bereitzer denied the US request on the grounds that sending Mr. Assange to the U.S. would be
sufficiently oppressive to drive him to suicide, and that his intelligence and resourcefulness
would make it unacceptably likely that he would be able to evade suicide prevention measures.
The decision represents this as more of a judgment of the accused's psychological and
emotional state than a finding of inordinate harshness in the U.S.
justice system. Mr. Assange faces 17 counts of violating the U.S. Espionage Act and one count
involving unauthorized access to a computer system. The U.S. has 14 days to appeal and has
announced its intention of filing additional charges against Mr. Assange. The New York Times notes that the judge did not find bad faith in the U.S. extradition request.
And the Washington Post says that Judge Bereitzer's rejection of claims
that the charges amounted to a violation of free speech guarantees
amounted to a partial win for the U.S.,
which show no disposition to abandon the case against Mr. Assange.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster
with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
off. the first to know what's going on and what that means for you and for Canada. This situation has changed very quickly. Helping make sense of the world when it matters most. Stay in the know.
Download the free CBC News app or visit cbcnews.ca.
And now a message from Black Cloak. Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
Drew Daniels is CIO and CISO at data protection and security company Druva.
They recently published the 2020 edition of their value of data report.
And Drew Daniels joins us to discuss their findings.
Drew, welcome to the Cyber Wire.
Thank you. I'm happy to be here.
So, Drew, I mean, let's start with some basic stuff here.
This is the inaugural year of your Value of Data report.
What prompted the creation of it?
Well, I think there was a number of things that we looked at in this.
When we were thinking about this report, we knew that everybody was experiencing this pandemic and that it was clear to us that
they may not know where their data is or how it's being used. And I think that the other thing that
we learned from this survey is that many companies struggle to know what is the critical data that
they have. Well, let's go through the report together.
I mean, what were some of the key insights that caught your attention?
You know, as a security professional who's been doing this for a long time,
there weren't a lot of things that really caught me off guard.
Being what I have to do, you know, kind of being the paranoid slash person that is looking at kind of the risks out there, a lot of the things that I saw, it was more encouraging to see that other people are starting to see those things.
in the report, numerous respondents mentioned that in a lot of ways, they don't know what their critical data is. They don't know where it resides. A lot of them, you know, and I certainly struggle
with this as well as on the CIO side of my responsibilities, is we went from having an
office where we could have shared infrastructure and we could have, you know, meeting rooms where people get together and collaborate to having all of these kind of
remote endpoints with one person in them and kind of figuring out that collaboration and how we do
data sharing and how we gain access to the data, how we protect that data. These were all things that, you know, I was
thinking about and the survey sort of shared that other people were thinking that as well.
One of the things that you mentioned in the report is this notion of data agility.
Can you define for us, you know, what does that mean in this context and why is it important?
So from my perspective, and I think that each of the respondents probably had a color to perspective that may be different.
To me, you know, now that you have kind of data portability, you have data everywhere, you need to know how to get that data backed up so that you can protect it.
You know, one of the things that I always struggle with as a security professional is, you know,
just the amounts of data and how it's stored.
You know, I'm sure every respondent thought about this,
and you probably do as well.
I mean, what's all the data that you have on your laptop
that you probably don't need anymore, that you should probably delete?
When I'm thinking about how I protect data,
how do I sort through and sift through all of that data?
So data agility to me is making sure that the right people have the right data in the right context so that as that data shifts, as it grows, as it changes, as it becomes more critical or more sensitive,
I can maintain a track on where that data is and how it's being used so that should that data become at risk to being exposed,
I can make and change things to protect that data, protect that resource.
And I think that's where the agility comes in.
Drew Daniels is CIO and CISO at Druva.
Drew, thanks so much for joining us.
Absolutely. Thank you very much. It's been fun.
Cyber threats are evolving every second, and staying ahead is more than just a challenge. It's a necessity. Thank you. give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company
safe and compliant. And joining me once again is Andrea Little-Limbago.
She's the Vice President of Research and Analysis at Interos.
It's great to have you back.
I wanted to touch today on what I'm sensing is some, I guess, some pushback from governments when it comes to
some of these big social networks, some of the big tech companies. I wanted to get your take
on this. What are you tracking? Yeah, I think there definitely is. And that's, you know,
on the one hand, we've seen the tech lash starting to grow in the United States. And so that's
pushing the governments. And that actually is occurring in many democracies, given the widespread disinformation and various
data sharing scandals and so forth.
And so governments are, democratic governments are starting to push back on that.
And what they've really been doing, you know, for a while has been more piecemeal approaches,
not just to big tech, but just to the broader range of insecurities through the Internet
and everything from cyber attacks to concerns over government access to data in certain countries and so forth.
And so what we're seeing is that as both the social media or the social network companies
on top of the techno dictators together have basically been a driving force in shaping the internet.
The democratic governments are finally
getting their head out of the sand
and trying to push back and help
and push forth some policies and regulations
to rein that in a bit.
And so it's going to be a balance.
And we're really in the very nascent stages of that.
And one example of it is
United Kingdom earlier this year
announced an initiative to do a 10-democracy pack for 5G networks.
And so with that, what they're arguing is to have basically a pack of 10 democracies focus on trusted software and hardware within the broader 5G networks.
And by trusted, really what that means are, you know, are companies that are national champions within democracies. And then they have not had this sort of the wide range
security concerns that we've seen elsewhere. And so that's, you know, just one example
that we're seeing of the democracies. Australia, Japan, and India are focusing on a supply chain
alliance, which has a huge technology component to it as well. And so that's where we're really
just starting to see some of these start to pick up. And so that's where we're really just starting to see
some of these start to pick up.
And, you know, the interesting thing is,
I really do think that COVID-19 has accelerated some of this.
And so some of these trends,
they were under the surface already and starting to emerge,
but COVID-19 has accelerated,
just like has disrupted and upended every aspect of our life.
It has done so as well in the realm of tech
alliances among democracies as well. You know, you use the term techno-dictators. That's new to me.
How do you define that? Yeah, that's a good question. And there are a couple different
terms, techno-dictators or digital authoritarians. And so it really is the use by generally
authoritarian governments, but I will say that some democracies are starting to borrow from their playbook,
of trying to get complete control of information both within their own national sovereign borders,
but also using the Internet through various means, cyber attacks, disinformation, censorship,
to also push forth their own incentives and their own narrative globally.
also push forth their own incentives and their own narrative globally.
And it's a wide variety of tools, but it's really how the dictators have leveraged technology and largely the internet, but also moving into the areas of AI and how they've been
using bots over time.
So it's really across the realm of all these emerging technologies, how authoritarians
have really jumped on those technologies to use
them for their own purposes. And, you know, like all technologies, they can be used for good or bad.
And the techno dictators, I would argue, are the ones that are using them to suppress
civil liberties, inherent freedoms, controlling people with or controlling information access
within their borders and externally, and then using it even as a tool of foreign policy.
And that's where we're seeing those, you're seeing those kind of countries are starting to have more and more power.
And towards the end of 2019, autocracies had a greater share of GDP than democracies for the first time since 1900.
And so there's an economic clout behind it as well.
And that's what I think makes it even more so disconcerting and worrisome.
And it's why it's nice to see finally the democracies are starting to move away from
some piecemeal approaches that aren't working and realizing, again, the benefits of collective
security.
And how is that playing out?
Are there some specific ways that you're seeing the democracies teaming up here?
Yeah, and I would say, again say it's very, very nascent.
It's the UK initiative, some of the Asian supply chain initiative.
In the United States, the Department of State has introduced the Clean Tech Initiative.
That's received both some, has some proponents and opponents.
So it's really becoming a broad discussion.
And we'll see.
I wish I could say there was this really great initiative that just came out, but we're not there yet.
But we're starting, at least the discussions that haven't been held are starting to be held.
And especially at a time when democracy has been on the decline for over a decade, it's nice to see.
It's one area.
It's a little bit of hope that they're starting to have some of these discussions.
And so we'll see what happens over the next few years.
It's a little bit of hope that they're starting to have some of these discussions.
And so we'll see what happens over the next few years.
And I think that depending on U.S. and EU relations, but also seeing some partnerships with India and Australia, South Korea, Australia, there is a growing sense and awareness of the growing power of also, you know, of the Chinese model that's spreading.
But, you know, the democracies are starting to realize that there needs to be some form of government involvement
to determine and help shape the future of the internet
and of, you know, basically, you know, of societies at this point,
of the digital revolution.
And whether you want to be in the mold of techno-dictators,
whereas the government's having control, where the national champions basically act at the whims
of the government and the data can be accessed there, or on this emerging techno-democracies
and some of these tech alliances that are starting to be discussed that are focused much more so on
trusted networks, on the security and privacy that's going to be foundational and is foundational to human rights, civil liberties, and democracy.
And so those are the different models being discussed.
It's well past time that the democracies are starting to step in, and we'll see what happens with that.
But it's nice to see finally some pushback because it has been quite some time
where this other model has basically gone without any kind of counterweight.
All right. Well, Andrea Little-Limbongo, thanks for joining us.
Great. Thank you so much.
And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field,
sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
It can bring home the bacon and fry it up in a pan.
Listen for us on your Alexa smart speaker, too.
Don't forget to check out the Grumpy Old Geeks podcast,
where I contribute to a regular segment called Security.
I join Jason and Brian on their show for a lively discussion of the latest security news every week.
You can find Grumpy Old Geeks where all the fine podcasts are listed.
And check out the Recorded Future podcast, which I also host.
The subject there is threat intelligence.
And every week we talk to interesting people about timely cybersecurity topics.
That's at recordedfuture.com slash podcast.
The Cyber Wire podcast is proudly produced in Maryland out of the startup studios of Data Tribe,
where they're co-building the next generation of cybersecurity teams and technologies. Our amazing CyberWire team is Elliot Peltzman, Haru Prakash, Stefan Vaziri, Kelsey Bond,
Tim Nodar, Joe Kerrigan, Harold Terrio, Ben Yellen, Nick Volecki, Gina Johnson, Bennett Moe,
Chris Russell, John Petrick, Jennifer Iben, Rick Howard, Peter Kilby, and I'm Dave Bittner.
Thanks for listening. Happy New Year.
We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, Thank you. that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps
tailored to your role.
Data is hard.
Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.