CyberWire Daily - Trump-Putin summit. East Asian cyberespionage campaigns. Vulnerable DVRs. Concern about census security.
Episode Date: July 17, 2018In today's podcast we review fallout from the Trump-Putin summit. Cyberespionage campaigns resurface in East Asia—at least one of them originates in North Korea. Telefonica sustains a major data bre...ach of Spanish customers' details. Passwords to DVRs are found cached in an IoT search engine. Those DVRs' firmware is also vulnerable to exploitation. The US Census Bureau is asked to provide an overview of measures being taken to secure the 2020 census. David Dufour from Webroot on ransomware in the UK. Guest is James Tabor from MEDIA Protocol on using blockchain technology with online advertising.  For links to all of the stories mentioned in today's podcast, check out our CyberWire daily news brief - https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_17.html Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Fallout from the Trump-Putin summit.
Cyber espionage campaigns resurface in East Asia.
At least one of them originates in North Korea.
Telefonica sustains a major breach of Spanish customers' details.
Passwords to DVRs are found cached in an IoT search engine.
Those DVRs' firmware is also vulnerable to exploitation.
And the U.S. Census Bureau is asked to provide an overview of measures being taken to secure the 2020 census.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Tuesday,
July 17, 2018. The Trump-Putin summit is over, with predictable noises about reduction in tensions, scope for cooperation, healthy competition, and so on.
But observers are baffled by President Trump's choice of the Helsinki meetings to air his now-familiar skepticism of the FBI and other elements of the U.S. intelligence community.
community. He did ask President Putin about Russian information operations during the 2016 U.S. elections, received the foreseeable denial, and left it at that, leaving the impression that
he sided with Mr. Putin over his own Justice Department. The impression was strongly reinforced
by President Trump's Twitter feed over the weekend, and also at the post-summit press conference,
where he said, with respect to his having asked President Putin
about Russian hacking of U.S. political targets,
quote, President Putin says it's not Russia.
I don't see any reason why it would be, end quote.
The reason it would be, of course, would be the conclusions
the U.S. intelligence community reached
that Russian information operations and cyber attacks were
and have remained an active threat to the United States. Director of National Intelligence Coats
described the activity as, quote, ongoing pervasive attempts to undermine our democracy,
end quote, and emphasized that the intelligence community was clear on that point.
Late this afternoon, President Trump held a press conference
in which he said he realizes his remarks in Helsinki require clarification.
He didn't mean to say why it would be, but rather why it wouldn't be.
Emphasis in his clarification.
So he said he did think the Russians tried to meddle with the election
and that he would vigorously defend U.S. elections against the Russians or anyone else. He said, quote,
I have the strongest respect for our intelligence agencies, end quote,
and praised both the line workers and the agency's leaders.
Mr. Trump's discussions at the summit are said to have run contrary to the hardline course on
Russian hacking and hybrid warfare his advisers are believed to have recommended to him.
His performance has been cast as a game-time decision, according to sources quoted described
by the Washington Post as familiar with the preparations.
So the president may well have called an audible in Helsinki.
President Putin did acknowledge disagreement over one aspect, at least,
of ongoing hybrid warfare.
Mr. Putin said, quote,
President Trump's position on Crimea is well known.
He talks about the illegality of the Crimean reintegration to Russia.
We have another point of view,
that a referendum was held in accordance with international law.
For us, it's a closed question.
End quote.
President Trump's performance has generally not received good reviews,
with reaction across the political spectrum ranging from disappointment to outrage.
The president yesterday had already walked back some of his criticism about the intelligence
community, saying he had great confidence in my intelligence people and emphasizing
the importance of establishing better relations between the United States and Russia.
Such loosening of tension would appear to be the best possible face to put on meetings.
Indeed, the give peace a chance take on the summit, voiced by Senator Rand Paul of Kentucky,
is about the only prominent U.S. support the president's performance has attracted,
and that's tepid enough. Congressional Democrats understandably whooped it up this afternoon at a
press conference of their own, taking a hard line on Russia that would have done credit to Barry Goldwater,
and to be sure, they've got a point.
Thanks to the considerable hype surrounding blockchain-driven cryptocurrencies like
Bitcoin and Ethereum, there's been a lot of buzz around clever applications of blockchain
distributed ledgers. James Tabor is CEO at Media Protocol,
a company that's looking to use the blockchain and smart contracts
to try to address many of the shortcomings
of the current online advertising ecosystem.
If you're an advertiser or a content creator,
your way of reaching that audience is through these individual platforms
and your money and your content goes in one side and
the audience's data and attention goes in the other but never the twain really meet and what
we're trying to do with blockchain is bring a degree of transparency not only to say the buying
and planning purposes but with media protocol to create a direct consumer relationship so as a
content creator you would be able to understand who in your network or who in your audience is responsible for that little bit of magic, which is sharing
or actually promoting your content more organically. How does this address, I guess,
what I would describe as a natural tension that's at play right now when it comes to online
advertising, which is that while people enjoy having ads targeted to them, they want to see
ads that are of things that they're interested in.
They're not so happy about all of the tracking that goes on.
Personally, I think we're not so happy about what passes for personalization these days, which actually is not personalized.
It's either going to chase you around the Internet with a bunch of stuff you've either bought or decided you don't really want anymore,
or actually you're occupying an entirely different headspace. I mean, if I've been looking at sneakers, and I then, let's say, go and read
something about my football team, and then it's time to get back to what I was doing, and that
could be researching the humanitarian crisis in Darfur, it's not really the best time just to kind
of serve me a personalized ad about a pair of sneakers, because my headspace is entirely changed.
I believe that people enjoy being advertised to, But a conversation I was having earlier today, actually, which is really relevant,
is that more and more marketers and brands are trying to create content funnels. So it's not
just about getting you straight into a pair of sneakers. It's about getting you into a piece
of content about it could be to do with how you might be exercising. It could be around your favorite sports team.
There's plenty of other ways of reaching people.
And that is more about relevance.
And you mentioned tracking.
And it's not necessarily the tracking that is, per se, the issue.
It's the layer of extra partners that sit in a way, try to add or do something to that
piece of tracking.
And that's come from some interesting tech cycles
where people who don't necessarily understand the market
that they're trying to change
have come in trying to change it.
For a bit of background, I started my career
almost 15 years ago selling billboards.
I created a digital at-home business
when I was at university.
I actually then went and sold really big ones
to Clear Channel.
And then I went into the digital world
and I went to commercial rights. And then I went into the digital world and I went into commercial rights.
And then I spent the last 10 years building technology platforms about making advertising
data more easy and transparent to plan and buy.
Now for us, blockchain has been the missing piece of the puzzle.
We've kind of done the analytics pieces and the predictive and then prescriptive analytics.
We always had these edge cases with question marks.
So for us, the smart contract allows us to bring that clarity. The tracking and the data that we give to people in exchange for interactions can be used to create more relevant content.
I think we agree that having some things personalized towards us or made more relevant to us is actually a good thing.
But using it as an opportunity to go, hey, hey, Dave, buy this.
Hey, hey, hey, Dave, buy that, isn't really what we should be using that data for.
Now, what about the security aspects of combating ad fraud? Is this something that use of the blockchain can address? You can certainly see there are certainly a number of
ways that the blockchain can address this. What constitutes a human? And you can use blockchain to
set an agreed bunch of parameters that would make it more likely that that person is a human.
Obviously, we're not going to be silly enough to say
that there's 100% certainty that this is going to be a human being,
just as there's a way you would never say something's 100% not hackable.
But you can use the blockchain as this ledger of,
I would agree that an impression is served when this happens.
And this could be, IAB says it's one
pixel exposed for three seconds I mean that's the kind of level you're dealing with before it becomes
ad fraud it could then say that you want someone to be logged into chrome or to use a facebook
or an email login and you can set all these different types of parameters or that they have
used the browser in a certain way that means they are less likely to be a bot. That can be written into the smart contract so that an impression could
then only be paid for when that criteria is met. That's James Tabor from Media Protocol.
Trend Micro reports an uptick in reconnaissance by the Andariel Group, a subunit of Pyongyang's Lazarus Group.
Andaryal's program includes mostly South Korean targets.
The threat group is exploiting an active ex-vulnerability in watering hole attacks.
The activities seem to have been observed in the reconnaissance phase of the overall operation.
Trend Micro is also tracking the reappearance of the Blackgear cyber espionage actor.
Blackgear, which is also known as Topgear and Comni, seems most interested in Japan, South Korea and Taiwan.
It's notable for its deployment of the Protux backdoor and its use of social media as command and control channels.
There's been another data breach that will fall under the European Union's General Data
Protection Regulation, the GDPR. Telefonica, one of the world's largest telecommunications companies,
has reported a data breach that exposed personal information of millions of Spanish customers.
European authorities have been notified and the investigations have begun. The data was lost
through the company's Movistar services,
which includes landline, broadband, and television.
New Sky Security reports finding passwords for tens of thousands of DVRs manufactured by Dahua.
The passwords were cached within search results delivered by ZoomEye, an IoT search engine.
The devices are also running old firmware,
susceptible to a vulnerability that would allow an attacker
to establish a TCP connection on a Dahua DVR
and deliver a tailored payload through that connection.
Concerns about election and census security
are being raised in many quarters of the U.S.
The next census, to be held in 2020,
will rely far more than any previous constitutionally mandated census on electronic means of data collection.
A group of former federal cybersecurity officials have called on the Census Bureau to review its
security measures and to provide an overview of that security in a transparent fashion.
To return to yesterday's summit for a moment,
President Trump did congratulate President Putin
on the country's successful hosting of the World Cup,
and President Putin gave him a commemorative soccer ball.
Some people, Senator Lindsey Graham of South Carolina among them,
have in all apparent seriousness advised that the soccer ball be scanned for bugs.
have in all apparent seriousness advised that the soccer ball be scanned for bugs.
But the soccer ball is probably as innocent as those little portable cooling fans passed out as swag during the Singapore meetings between U.S. and North Korean leaders.
So the soccer ball may well be innocent enough,
but given that one of the principal objectives of Russian information operations
has long been to erode confidence in the policies,
views, and conclusions of the United States government with respect to information and
cyberspace, it seems difficult to regard the summit as anything other than an own goal.
Calling all sellers. Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents, winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks. But get this,
more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls
with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30
frameworks like SOC 2 and ISO 27001. They also centralize key workflows like policies, access
reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to
bypass your company's
defenses is by targeting your executives and their families at home? Black Cloak's award-winning
digital executive protection platform secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact, over
one-third of new members discover
they've already been breached. Protect your executives and their families 24-7, 365,
with Black Cloak. Learn more at blackcloak.io.
And I'm pleased to be joined once again by David DeFore.
He's the Senior Director of Cybersecurity and Engineering at Webroot.
David, welcome back.
We wanted to touch base on ransomware, specifically ransomware in the UK.
That is an area that you all do a good bit of business in.
What are you seeing over there?
Well, you know, ransomware is a problem everywhere.
What are you seeing over there?
Well, you know, ransomware is a problem everywhere.
And in this case, we did some, as you say, we do have a significant business over there.
So we did some specific research in the UK.
And we interviewed over 400 IT decision makers and found that 45% of those had suffered some type of ransomware attack.
And even more surprisingly, 23% of those
actually paid the ransom. Wow. Did they get their stuff back?
They did. It's a pretty high percentage that are seeing, you know, when they do pay the ransom,
they do do get their stuff back. But David, just on that topic, and we've talked about this before,
I want to remind people, you should check with your security vendor to make sure any ransomware you may decide to pay for is actually panning out in good quality because you don't want to pay for something if the ransomware is poorly written and you're not going to get your ransomware unencrypted.
Right. There's some ransomware out there where it's not possible to decrypt the data. Yeah, exactly right. But I digress on that. But yes, most people are getting when they pay
the ransom, and I'm not advocating do that, but most people are seeing their data unencrypted.
Now, you all saw some other interesting stats with the survey that you did in terms of risk
mitigation and recovery processes. what can you share there?
Well, this is where it gets fun and scary at the same time, and sometimes scary is fun.
Eighty-eight percent of the organizations felt like they were better equipped now to deal with ransomware.
But ironically, only 36 percent of them were doing regular backups and were sure their backups were working.
And that's the number one way for anyone to recover from a ransomware attack is to have very solid backups. That seems like a
soberingly small percentage of organizations to have backups. Well, I mean, forget ransomware.
That's sobering in general in this day and age that people aren't still doing solid backups.
Wow. What else did you find?
Staff training, David, at the end of the day, everything boils down to,
are you training your staff to make sure you're, you're performing good hygiene, not getting fished,
ensuring that, that people aren't going to expose you because people are typically the biggest
problem. Um, when it comes to exposure to
ransomware, any type of cyber threat. And then crisis drills. You know, a lot of organizations
don't spend their time going through crisis drills to determine how well they would do if
something did happen and how they would recover from it. Yeah, I heard from an organization
recently. They were saying that all of their crisis drill manuals were stored on the system.
So when stuff got encrypted, they couldn't get to those drills.
Oh, David.
I mean, it's easy to laugh, but, you know, I mean, it's it's it's funny, but scary at the same time.
Like you said at the at the top of the segment.
It is. And David, the big thing here, and I think we all experience this running our
businesses, it takes time and energy away from our core business. And so you do have to understand
the risk you're exposing yourself to and the amount of time, energy and resources you want
to commit to it. But I would think you would want to spend some time up front to understand those risks and either do or
don't do things with purpose rather than, you know, running your business on hope because hope isn't
really a plan. Yeah. All right. Well, good advice as always. David DeFore, thanks for joining us.
Thanks a lot, David. Have a great day.
Thank you. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant. And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com. And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field sign up for CyberWire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTribe,
where they're co-building the next generation of cybersecurity teams and technologies.
Our amazing CyberWire team is Elliot Peltzman, Puru Prakash, Stefan Vaziri, Kelsey Vaughn, Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen, Nick Volecki, Gina Johnson, Bennett Moe, Chris Russell, John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie, and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow. Thank you. Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate
your data workflows, helping you gain insights, receive alerts, and act with ease through guided
apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.