CyberWire Daily - TrickBot’s return is interrupted. Election rumor control. Supply chain security. Securing the Olympics. NSS Labs closes down.
Episode Date: October 21, 2020TrickBot came back, but so did its nemesis from Redmond--Microsoft and its partners have taken down most of the new infrastructure the gang reestablished. CISA publishes election rumor control. The Cy...berspace Solarium Commission has a white paper on supply chain security. Japan says it will take steps to secure next summer’s Olympics. Joe Carrigan takes issue with Twitter and Facebook limiting the spread of published news stories. Our guest is Carolyn Crandall from Attivo with a look at the market for cyber deception tools. And a familiar name exits the industry. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/204 Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
TrickBot came back, but so did its nemesis from Redmond.
Microsoft and its partners have taken down most of the new infrastructure the gang reestablished.
CISA publishes election rumor control.
The Cyberspace Solarium Commission has a white paper on supply chain security.
Japan says it'll take steps to secure next summer's Olympics.
Joe Kerrigan takes issue with Twitter and Facebook limiting the spread
of published news stories. Our guest is Carolyn Crandall from Motivo with a look at the market
for cyber deception tools. And a familiar name exits the industry.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Wednesday, October 21st, 2020.
TrickBot's infrastructure proved resilient enough to stage a partial recovery from last week's government and industry takedowns.
Dark Reading and others have reported,
but this isn't a short one-time campaign, and the efforts to take down TrickBot have proven at least as determined to hit the gang's business as the gang itself has been to stay up and operating.
business as the gang itself has been to stay up and operating. Security Week wrote that threat intelligence shop Intel 471 found that many of the new servers TrickBot's masters had re-established
were not responding to bot requests. There's a reason for that. Microsoft late yesterday
published an update on its efforts against the botnet, which it described as following a persistent and layered approach.
Redmond identified 59 new servers established by TrickBot's operators
and by yesterday had taken down all but one of them.
TrickBot may be back again,
but governments and companies will be watching for it.
The U.S. Cybersecurity and Infrastructure Security Agency
has established a rumor control page for 2020 election security.
The page identifies nine myths and offers a debunking of each, covering topics such as voter registration databases, website outages and defacements, mail-in ballots, and other misinformation that's making the rounds.
misinformation that's making the rounds.
It's worth a look and perhaps useful to send around to those friends and relatives who just can't resist forwarding the latest conspiracy theory memes.
So keep calm and keep on, as rumor control sites traditionally say.
ABC News quotes senior leaders at the Department of Homeland Security
who counsel patience as well as vigilance.
The U.S. Cyberspace Solarium Commission's
White Paper on Supply Chain Security
sees China as the principal threat.
Quote,
Dependency on China and other adversary countries
for some of our most critical supply chains
threatens to undermine the trustworthiness
of critical technologies and components
that constitute and connect to cyberspace. This dependency also risks impairing the availability It outlines five pillars in its proposed approach to supply chain security, a mix of ensuring domestic
supplies and providing accurate, actionable intelligence on threats to supply chains.
First, the Commission recommends identifying key technologies and equipment through government
reviews and public-private partnerships to identify risk. Second, ensuring minimum viable
manufacturing capacity through both strategic investment and the creation of economic clusters.
Third, protecting supply chains from compromise through better intelligence, information sharing, and product testing.
Fourth, stimulating a domestic market through targeted infrastructure investment
and ensuring the ability of firms to offer products in the United States similar to those offered in foreign markets.
And fifth, ensuring global competitiveness of trusted supply chains,
including American and partner companies, in the face of Chinese anti-competitive behavior in global markets.
So, pillars one and three concentrate on intelligence,
pillars two and four support development and maintenance of strong domestic market,
and the fifth pillar supports closer ties with allied countries' producers.
Japanese authorities and organizers of the Tokyo Olympic Games, now postponed to next summer,
say that they intend to increase their vigilance in response to British and American reports
that Russian intelligence services were preparing to interfere with the games. Reuters reports that the organizers say any such interference had no effect.
And finally, we close with some industry news. NSS Labs, the well-known specialist in security
technology testing, has ceased operations. Security Week points out that NSS has since
last year been owned by private equity shop
Consecutive Incorporated. Some good people worked at NSS Labs, and now would be a good time to reach
out to them if you're looking for cyber talent. Such talent is famously scarce, and there are now
some solid operators on the job market. challenges faster with agents, winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks. But get this,
more than 8,000 companies like Atlassian and Quora have continuous visibility into their
controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30
frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting, and helps you get security questionnaires done five times faster
with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to
vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
Carolyn Crandall is Chief Deception Officer from Ativo Networks,
a provider of deception technology.
I caught up with her recently for an overview of what exactly we're talking about when we refer to deception technology,
how it differs from traditional honeypots, and where she thinks things are headed.
We worked with a company called Deceptive Defense.
Its founder is Kevin Fiscus, and we wanted somebody to run an independent study, right?
We didn't just want to have something provided with a vendor where they reiterated what we were saying.
And so they used a combination of industry information so using things like from
ponemon institute and mandiant and other well-known reputable organizations that have done
a lot of research on the core data and then what we did is we merged those things together along
with actual customer experiences to be able to quantify what those benefits might be.
And so taking those pieces,
we then started to break it down because it's one thing to produce a number,
it's another thing to produce the methodology behind it.
And we set up a structure
so people could follow us through things like,
okay, well, breach avoidance and data breach savings,
what does that look like?
And how do you come up to the numbers?
And same thing with the SOC side of things. What inefficiencies do you address and make better?
And we boiled those down into being able to articulate savings that reflected a 51%
savings and reduction of breach costs and SOC efficiency savings of about 32%.
Well, I mean, let's dig into just some of the specifics of what you found here and what
you believe the impact will be.
What were some of the things that really struck you?
Yeah, you know, it's interesting on the data breach side things.
I mean, obviously, you have to have had a breach.
And so some people go, well, you know, how do I leverage or use that?
And although I think it's useful, again, as you pull the pieces apart to go, okay, what was the main catalyst for the breach savings?
And that's associated with reduction in dwell time, the amount of time it takes to detect an attacker.
And there are different stats that show just the time to detect and then the time to detect and to remediate.
to detect and then the time to detect and to remediate. And whichever number you use,
you can bring that down to a 90 to 97% reduction
in dwell time.
And so being able to get people to think about
being able to respond more quickly
to attacks that may have bypassed a prevention defense
or the endpoint defenses.
And even that in itself is an interesting discussion
because if you think a lot about the endpoint technologies that are there today, they're
really focused on preventing that initial compromise, but they don't really kick in as
well when the attacker starts to move laterally off the endpoint. And so when we look at the value
of deception technology and what Ativo does as a company, it's to prevent
the attacker from getting off of the endpoint. And in that action, when they do, we're going to be
able to set up traps, lures, misdirections with deceptive technologies that will reveal that
attacker very quickly. As an alternative, you would weigh that against waiting for the attack
to try to detonate malware or take in
action where the exploit triggers an alarm. And again, assuming that it triggers an alarm. And so
there are some direct correlations to the amount of time it takes to be able to detect that adversary
to the amount of mess that that attacker can make and the damages that they can cause. And so
I think that's the big takeaway on the breach savings is that early detection has a lot of benefits,
especially when that detection is actionable.
That's Carolyn Crandall from Ativo Networks.
Cyber threats are evolving every second Thank you. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant. And joining me once again is Joe Kerrigan.
He's from the Johns Hopkins University Information Security Institute and also my co-host over on the Hacking Humans podcast.
Joe, great to have you back.
Hi, Dave.
You know, we've seen some interesting movements from some of these big social media platforms,
particularly as we've been getting closer and closer to the election. And as we record this
and air this, we are days away from said election. For example, we've seen Twitter,
you know, putting some tags on some of the president's tweets when they've determined
that there could be some, you know, potentially dangerous and misleading information when it comes
to medical information or things like that. They don't delete the tweets, but they say, hey, you
know, we're just tagging this so you know that maybe you should take an alternative look at this
if this is something you're interested in.
And here's a link with some other information in it.
Right, right, exactly. This whole thing kind of came to a bit of a head recently when both Twitter and Facebook kind of put the brakes on a breaking story from the New York Post.
Right.
Post that had some potentially damaging October surprise kind of information about presidential candidate and former Vice President Joe Biden, his son, the Ukrainian story. So putting aside
the politics of the story itself, you've got some thoughts on this action itself,
what Facebook and Twitter have done here.
That's right.
I want to be clear about this.
I'm not upset that they're holding back a story from one political party or that benefits
one political party or another or from one side of the political spectrum.
My concern is that they're holding back a story from a news outlet and not letting users
share this story on their platform.
Or when they do let them share it, in Facebook's case, they demote it in the algorithm that
they use to provide information that shows up on your feed.
So a lot fewer people are going to see it when you post it.
Twitter said, we're not going to do it because this post contains material that was obtained via hacking.
Well, it's interesting to me, you know, you mentioned the word censorship.
And, you know, these are private companies.
These are private companies. You're right.
Censorship has to do with the government controlling what you can and cannot see.
So this is a private company deciding how they want their platform used,
how they want things spread on
their privately owned platform. So isn't that within their right to do so? And in this age of
things spreading around at the speed of light, which is something we complain about a lot,
especially when it comes to disinformation,
maybe it's a good thing that they're pumping the brakes here.
Yeah, I think what needs to happen
is there needs to be some kind of statement
from government, from regulators here
that says what Facebook is
and what social media companies are like Twitter.
There's the big question of,
are they a platform or are they a publisher, right? Here, they're behaving very much like a publisher where they're limiting what goes
on the page. Now, a platform, you think of a platform like the phone company. The phone company
is not held liable for misinformation spread across the phone lines because of the nature of
the phone company. And should we treat social media platforms like that or should
we treat them like publishers who are responsible for their content now it's a very different
situation with a phone call and with a with a social media platform when i pick up my phone
i can only call one two three people it takes a lot a lot of time for me to do that there's a
physical limiting factor there that's not existent on these social media platforms, right?
Right.
So I think there needs to be some kind of statement from regulators about this.
And this is one of the big reasons I say over and over and over again, don't get your political news from Facebook or Twitter or any social media platform.
You're already in an echo chamber, and now they're controlling that echo
chamber and what you hear and you see. You're going to have to take it upon yourself, good
citizen, to go out to these sources that you should be reading from and look at them yourself.
You're not going to be able to get your news. I don't think you should even try to get your news
from Facebook or Twitter. Yeah. Yeah. I mean, I guess coming at it from another side,
it seems to me that if these platforms
have reason to believe that this news story
is being put out there
and it's not being done in good faith,
you know, this isn't a situation
where the New York Times, the Washington Post,
the LA Times, the, you know,
half a dozen of the big newspapers of the world
simultaneously come
out with, are in agreement about any particular story. You know, this is a tabloid newspaper
who, known for such headlines as Bezos exposes pecker and headless body and topless bar.
Well, yeah. So I guess I'm saying as long as it's labeled, it's not like if you're interested in
this story, you couldn't go to the New York Post's site to find it. I guess I don't have a problem
with these platforms saying we're going to pause here until more people look into this because there's a high likelihood in our opinion that this story is not being shared in good faith.
So we're not going to let it – we know what happens when a story like this goes out.
We know better than anybody what happens when a story like this goes out, which is that it explodes and spreads around the world. And there's that old saying from Mark Twain about how a lie spreads around the world while
the truth is still tying its shoes.
So we can't have it both ways.
You know, we complain about these platforms.
And that's the difficulty here, right?
Right, absolutely.
And to your point about what are they?
Are they a platform?
Are they publishers?
I think it's difficult. These are difficult fits and starts that we're going through to try to
figure out how we're going to deal with this stuff and what's in our best interest, both as a nation
and around the globe. Yeah, agreed. I think I'm going to change my profile pic to just
big words and say, don't get your political news here.
All right.
Well, this too will play out, right?
I mean, it's going to be interesting to see both from a regulatory point of view, from just establishing norms, both socially and within the publishing industry.
We're all watching this play out in real time, and it's fascinating.
Pay attention, everybody.
All right, Joe Kerrigan, thanks for joining us.
My pleasure, Dave.
And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field,
sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
It's a floor wax and a dessert topping.
Listen for us on your Alexa smart speaker too.
The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTribe,
where they're co-building the next generation
of cybersecurity teams and technologies.
Our amazing CyberWire team is Elliot Peltzman,
Puru Prakash, Stefan Vaziri, Kelsey Bond, Tim Nodar,
Joe Kerrigan, Carol Terrio,
Ben Yellen, Nick Valecki, Gina Johnson,
Bennett Moe, Chris Russell, John Petrick,
Jennifer Iben, Rick Howard,
Peter Kilpie, and I'm Dave Bittner.
Thanks for listening. We'll see you back here
tomorrow. Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI
and data products platform comes in. With Domo, you can channel AI and data into innovative uses
that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to Thank you.