CyberWire Daily - Twitter: hackers got a few accounts’ DMs. French policy toward Huawei hardens. Crooks against British sport. You and your boss should talk more.
Episode Date: July 23, 2020Twitter updates the news of last week’s incident: the attackers seem to have accessed some direct messages. France’s partial permission for Huawei to operate in that country now looks like a ban w...ith a 2028 deadline. A quiet cryptominer. The cyber threat to British sport. Awais Rashid from the University of Bristol on cyber security and remote working. John Ford from IronNet Cybersecurity with updated 2020 predictions and cyber priorities. And bosses and employees see things differently, cyberwise. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/142 Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents, winning with purpose,
and showing the world what AI was meant to be. Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more. Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected. Thank you. Now at a special discount for our listeners. Today, get 20% off your Delete Me plan
when you go to joindeleteme.com slash N2K
and use promo code N2K at checkout.
The only way to get 20% off
is to go to joindeleteme.com slash N2K
and enter code N2K at checkout.
That's joindeleteme.com slash n2k code n2k. Beijing is said to be behind recent cyber campaigns against India and Hong Kong.
France's partial permission for Huawei to operate in that country now looks like a ban with a 2028 deadline.
A quiet crypto miner.
The cyber threat to British sport.
Awais Rashid from the University of Bristol on cybersecurity and remote working.
John Ford from IronNet cybersecurity with updated 2020 predictions and cyber priorities.
And when it comes to cyber, bosses and employees see things differently.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Thursday, July 23, 2020.
Twitter has updated its account of last week's account hijacking incident.
Quote, we believe that for up to 36 of the 130 targeted accounts, the attackers access the DM
inbox, including one elected official in the Netherlands. To date, we have no indication
that any other former or current elected official had their DMs accessed.
Tripwire thinks the Dutch elected official was Geert Wilders, who confirmed to Yahoo that he was indeed the one affected.
He's now regained control of his account.
Reading between the lines, as Graham Cluley puts it in his piece for Tripwire's State of Security,
between the lines, as Graham Cluley puts it in his piece for Tripwire's State of Security,
Twitter's mention of the elected official in the Netherlands is seen as a slandicular reassurance from the House of Dorsey that the direct messages of former U.S. President Obama and presumptive U.S.
Democratic presidential candidate Biden are safe and secure, whatever nonsense might have been
tweeted out during the period of high-profile account hijacking.
Krebs on Security believes at least two of the New York Times' sources in last week's story
on those responsible for the Twitter hack weren't hemi-semi-demi-innocent collectors
of original gangster usernames, but were themselves active resellers in the underground OG black market.
active resellers in the underground OG black market.
France had earlier this year announced that it intended to permit Huawei equipment into non-critical portions of its telecommunications infrastructure, and that policy was widely seen
as a win for Huawei, which appeared to have successfully got the French government over a
barrel, but not so fast. Reuters reports that this apparently
permissive decision in fact amounted to a policy of eliminating Huawei from French infrastructure
by 2028, which, while giving Shenzhen a somewhat longer runway than it was allowed by a recent UK
decision, amounts to the closing of another major market. Security researchers at Cisco Talos described the low-key, unobtrusive workings of the Prometai
botnet quietly mining Monero since this March.
Prometai is unlikely to escape the notice of defenders who are on the watch for the
kind of activity it exhibits, but the researchers think that most end-users probably wouldn't
be aware of an attack.
Prometai exhibits several features of the MITRE ATT&CK framework,
most notably T1089, disabling security tools,
T1105, remote file copy,
T1027, obfuscation files or information,
T1086, PowerShell,
T1035, PowerShell, T1035, Service Execution, T1036, Masquerading, and T1090,
Connection Proxy. So here's a question. Why should you care if some hoods installs a crypto miner
on your devices? It's no skin off your nose, right? Actually, no, and here's the skin. There's a drain on computing power and its
attendant degradation of system performance. More seriously, in this case, is the botnet's
harvesting and validation of credentials, which it uses primarily to move laterally across networks.
That's bad enough, but consider the aftermarket value of the stolen credentials themselves in
the criminal-to-criminal market,
and that alone should be enough to make anyone want to up their game against Prometi.
The UK's National Cyber Security Centre has published an assessment of the cyber threat to sports,
important because, quote,
Sport is central to British life.
It provides massive health, social and economic benefits to the nation,
contributing to over £37 billion to the UK economy each year.
End quote.
This makes the sector attractive to attackers.
Crooks like it on the Willie Sutton-esque grounds that that's where the money is,
and nation-states might be drawn to it because, well, if they wished Britain ill,
they might sap its morale by attacking football, cricket, dog racing, and so on.
As it is, however, the report concentrates on the former, its crime that the world of sport should be concerned with.
The three trends NCSC discerns are, first, business email compromise.
are first, business email compromise,
next, cyber-enabled fraud,
that is, things like mandate fraud,
CEO fraud, conveyancing fraud,
and invoice fraud,
and finally, of course, ransomware.
Which is to say that sport in the UK is susceptible to much the same sorts of cybercrime
that afflict other businesses,
from the physician's practice to the local realtor,
from the bank to the oil company.
Among the capers reported are an attack that interfered with a Premier League football,
that is, soccer, as we translate for our North American listeners,
transfer, that is, a trade, as it's generally called on this side of the Atlantic,
various ransomware incidents, and an attack that disabled turnstiles to keep supporters,
that is what we Americans call fans, out of a stadium.
The last name turnstile hack is particularly interesting as an example of a disabling Internet of Things attack.
The NCSC's report is worth a look in any case for its accessible explanations of the threats
and its common sense recommendations for improving security. Small businesses in particular might profit from a reading. No nation-state hacks
reported? Well, sure. In general, sport probably isn't going to be of much interest to espionage
services, and the NCSC report doesn't mention any. But there's a track record even here of
some nation-state activity. Remember
Russian acts against anti-doping authorities and laboratories and against targets associated with
the last round of Olympic Games, when Russian athletes were widely disqualified when they were
found taking performance-enhancing drugs. With 2020 more than halfway over, and some would say, thank goodness,
it's worth remembering that back in January, we spoke with many cybersecurity professionals
who looked in their crystal balls and shared their predictions for what 2020 might bring.
Looking back, knowing what we know now, those predictions were just plain adorable.
John Ford is Senior Security Strategist at IronNet Cybersecurity, and he joins us with updated 2020 predictions, as well as why it's
important to adjust our focus and be flexible when talking about our cyber priorities.
2020 was already going to be an interesting year, given the fact that it's an election year.
So, you know, we fully anticipated, you know, cyber events as we got closer to the election related to the campaigns, you know, voting systems, if you will, right?
You know, but COVID put that into a very different, you know, gear in the car, if you will.
And it's changed the landscape uh significantly and how so
so for one we still have uh those same campaigns going on you know that you would have in the
election year but now we've added to it in a couple of different uh arenas like one you know
now we have you know people both private sector and public sector, scrambling to, how do I secure this remote workforce?
And I don't know how long I'm going to need it for.
So we have that scenario.
And then we have a couple of other scenarios.
Our adversaries obviously want to take advantage of this, right?
And it's something I call, I was having a conversation the other day with somebody.
It's Space Race 2.0. You know, United States and China, collectively, I think there's about
nine companies between the two countries that are really actively pursuing a vaccine. And this is
very, very similar to, you know, what we saw in the Space Race, right, where it's not just a matter
of national pride, it's a, you know, it could become an economic boom
for, you know, for whichever country is first to market.
And there's a diplomatic component
that goes along with it as well,
because, you know, who's first to the market
kind of gets to dictate who gets the vaccine, right?
And you can do a lot with diplomatic relations
that, you know, are masked by the humanitarian component that
you want to share.
But so those, you know, what the result is, those companies that are developing those
vaccines, you know, we already know that they're way under, you know, they're very much under
attack right now.
It's going to be a very interesting year from that perspective.
And I wouldn't be surprised, and this is, you know, just my own thinking, but I really wouldn't be surprised if we saw something closer to the election where
one nation or another announces, you know, hey, we're very close to coming out with a vaccine.
You know, it just wouldn't shock me. If I'm an organization out there looking to protect myself,
how do I calibrate my efforts against the the folks that are coming
at me you know from nation states from uh from online organized crime i mean how do i set the
standard or my own understanding of what they're capable of well in isolation you can't because
you know it's been proven time and time again, most private sector companies, even the best of the best,
don't have, you know, the tools, talent, and resources,
really, to defend against a nation state like China.
We need some sort of a force multiplier to join forces
within our sector and not compete, but to say,
hey, you know, within this sector, we have 10 companies,
and we're leveraging the resources of all 10 to defend against that nation state adversary.
And in that model, if we're participating with government entities as well, then we have a chance.
Right. But today's model, it's just a matter of time.
That's John Ford from IronNet Cybersecurity.
cybersecurity. PwC has published the results of a survey it took a week and a half ago to assess the state of cybersecurity awareness in businesses. As one might expect, the results showed that the
leader's perceptions differed significantly from those of the lead. The PwC survey concludes,
quote, the communication and training they offer on cybersecurity and cyber acumen
aren't resonating with employees. Most workers have little awareness of how their employers
are protecting them or their company from hackers, ransomware, phishing, or other attacks.
In some cases, employees are even flouting security rules by downloading unsecure apps
or sharing their work device with family members. Among other recommendations, the report suggests that companies stress the personal implications of security to their employees.
That is, don't tell them about how a data breach could hurt the business.
Instead, tell them how it could hurt them through identity theft.
We might put it this way.
If you're in the habit of saying things like,
now that we provided training, I don't want to hear that anyone has clicked a phishing link in an email.
Well, it will work in this sense.
You won't hear it.
Remember, friends, bad news isn't like good wine.
It doesn't improve with age.
Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes!
Yes!
Yes!
With savings of up to 40% on Transat South packages's easy to say so long to winter visit transat.com or contact your marlin travel professional for
details conditions apply air transat travel moves us do you know the status of your compliance
controls right now like right now we know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks. have continuous visibility into their controls with Vanta. Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Clear your schedule for you time with a handcrafted espresso beverage from Starbucks.
Savor the new small and mighty Cortado.
Cozy up with the familiar flavors of pistachio.
Or shake up your mood with an iced brown sugar oat shaken espresso.
Whatever you choose, your espresso will be handcrafted with care at Starbucks. And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform Thank you. Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And joining me once again is Professor Awais Rashid.
He's a professor of cybersecurity at Bristol University.
Awais, it's great to have you back.
I want to touch today on cybersecurity and remote working,
which of course is top of mind
for lots of folks these days as we make our way through the global pandemic. What can you offer
on that topic for us today? We've all worked from home at different points in time. In many jobs,
people can sometimes stay and work remotely, and some people work more often remotely than others.
you know stay and and work remotely and some people work sort of more often remotely than others but the present pandemic what it has done is it has led to many many people and whole
organizations working working remotely and that that brings to the fore the importance of cyber
security and also consideration of the security and privacy properties of the platforms that we are using
to conduct our work from home. And it's not just the platforms. There is all sorts of other
complicated issues that, for example, organizations need to consider, because in some cases,
employees will have devices that are given to them from their workplace. But in other cases,
because of the way the lockdown and the pandemic unfolded, that wasn't always possible for organizations to do.
And especially in smaller organizations, that may not have been the case in any way possible.
And the next result of that is that people may be actually using shared devices that they shared with other family members.
They may also be working in settings where they are actually in shared houses or in shared spaces and so on.
So there is a lot of these considerations that
previously where we could consider that employees will be in a workplace, there will be particular
security policies in place with regards to that workplace. That doesn't necessarily apply. We are
effectively in this kind of a virtual workplace setting and the security teams in organizations
as well as at the more strategy level organizations need to consider
what does that mean for the cybersecurity of the organization as a whole. The employees also need
to consider as to what that means in terms of their responsibility. But critically, very important
to consider, you know, what is feasible and feasible in terms of secure ways of working in
this kind of setting. You know, as we settle in with this, you know, being a couple months in now,
I suppose there's an issue too that people make adjustments to their home setup.
They could get a new computer or get a new router or add new devices
or their kids could get new devices.
I suppose it's harder for the folks who are in charge of security for an organization to keep
track of just from an inventory point of view of what's accessing what. Yes, absolutely. And
normally when you are in a workplace, you have a set of devices that you have procured, you have
deployed, you have given to your employees. And I go back to my very early example that in this
case, people may actually be working from shared devices that are personal devices that they share with other family members. They may be sitting in kind of shared settings.
But also, what about the security hygiene of those devices? Because on a corporate network,
for example, you may be running various types of security tools that may be monitoring, for example,
for malware, for viruses, and other types of issues, that is not necessarily happening
in a remote work setting.
Of course, we can require
that people sort of log into organizational systems
using VPNs,
but that only guarantees the security of that link.
That does not necessarily guarantee the security
of the kind of wider network
in which that device is actually in place
in the first instance.
And then of course,
VPNs interfere with some of the services.
For example, we are recording this session today without a VPN because it interferes
with the recording and so on.
So it's not, but that's a very practical example, right?
So, you know, when you are, and for example, in our own work, you know, we've been trying
to run labs with students remotely.
And actually the routers in some cases interfere with the kind of devices that we had given them to use for their lab work.
So it's not a simple scenario anymore where your IT systems are completely or largely within your control.
And you can make sure that particular security policies are enforced, particular security properties are in place, particular countermeasures are in place.
And this leads to a really, really interesting question as to how do we actually ensure cybersecurity for organizations which effectively are now operating in a virtual organization setting with their employees distributed all over the place. Yeah. All right. Well, it's an ongoing, interesting
issue to get your arms around. Awais Rashid,
thanks for joining us.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com. And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
and keep you informed.
Listen for us on your Alexa smart speaker, too.
The Cyber Wire podcast is proudly produced in Maryland out of the startup studios of DataTribe,
where they're co-building the next generation
of cybersecurity teams and technologies.
Our amazing Cyber Wire team is Elliot Peltzman,
Puru Prakash, Stefan Vaziri, Kelsey Vaughn,
Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen,
Nick Vilecki, Gina Johnson, Bennett Moe,
Chris Russell, John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie, Ben Yellen, Nick Vilecki, Gina Johnson, Bennett Moe, Chris Russell,
John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie, and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow.
Thank you. that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps
tailored to your role.
Data is hard.
Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.