CyberWire Daily - Two new things to worry about: how long it takes to read the fine print, and bed bug disinformation.
Episode Date: October 24, 2023DDoS activity during the Hamas-Israeli war. Insurance firm reports cyber incident. Recent arrests in cybercrime sweeps. Ukrainian hacktivist auxiliaries compromise customer data at Russia's Alfa Bank.... How long does it take to read the fine print? Ann Johnson from Afternoon Cyber Tea talks with Noopur Davis from Comcast about building secure tech from the start. Antonio Sanchez of Fortra shares cybersecurity challenges for enterprises including why having too many tools creates too much complexity. And hey, Marianne–don’t let the bedbugs bite. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/203 Selected reading. Cyber attacks in the Israel-Hamas war (The Cloudflare Blog) China's crackdown on cyber scams in Southeast Asia ensnares thousands but leaves the networks intact (AP News) 12 people arrested for bank malware scam, youngest being just 17 (The Independent Singapore News) Spain arrests 34 cybercriminals who stole data of 4 million people (BleepingComputer) Police Disrupt Ragnar Locker Ransomware Group (Infosecurity Magazine) Ragnar Locker Ransomware Boss Arrested in Paris (Dark Reading) E-Root marketplace credential-selling admin extradited to US (Register) Ukraine security services involved in hack of Russia’s largest private bank (Record) NordVPN study: Privacy policy awareness (NordVPN) Russia spread bedbug panic in France, intelligence services suspect (The Telegraph) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
DDoS activity during the Hamas-Israeli war.
An insurance firm suffers a cyber incident.
Recent arrests in cybercrime sweeps.
Ukrainian hacktivist auxiliaries compromise customer data at Russia's Alfa Bank.
How long does it take to read the fine print?
Microsoft's Anne Johnson from Afternoon Cyber Tea speaks with Nuper Davis about building secure tech from the start.
Our guest is Antonio Sanchez of Fortra on the challenges of having too many tools.
And hey, Mario, don't let the bedbugs bite.
I'm Dave Bittner with your CyberWire Intel briefing for Tuesday, October 24th, 2023.
Cloudflare has published an overview of distributed denial-of-service attacks during the Hamas-Israeli war.
Attacks against Israeli targets dwarfed attacks against Palestinian websites by a factor of 10.
The firm's observations showed negligible DDoS activity against Israeli sites in the weeks preceding the war,
but with a sharp spike on
the morning of October 7th when Hamas began its attacks. That activity peaked on October 8th,
falling off until another surge on the 20th. The initial attacks targeted websites that provided
critical information and alerts to civilians on rocket attacks. Since then, the attacks have concentrated on news and media sites,
with some 56% of DDoS operations targeting these.
Cloudflare sees that pattern of target selection as representing an emerging style of hybrid war.
The firm observed,
We saw the same trends when Russia attacked Ukraine.
Ukrainian media and broadcasting websites were highly targeted.
The war on the ground is often accompanied by cyber attacks on websites that provide crucial information for civilians.
After news media in frequency of targeting came the software sector at 34%,
followed by financial services with government administration websites placing fourth.
DDoS against Palestinian sites also surged after Hamas's initial attacks,
although not nearly with the volume that was directed against Israeli sites.
In this case, however, the most targeted sector was financial services,
with almost 76% of attacks directed against banks. The internet industry came in
second, sustaining 24% of DDoS activity. Media production websites came in a very distant third,
with less than a percentage point. So, again, DDoS and defacement of vulnerable websites
seems to have become the defining elements of wartime hacktivism.
seems to have become the defining elements of wartime hacktivism.
We're going to take a moment to look at some high-profile arrests of alleged cybercriminals around the world.
The Associated Press reports that China's Ministry of Public Security
has brought back several thousand of the country's citizens
who were working for Chinese cybercriminal syndicates in Myanmar.
Many of those brought to book were forced to work for the gangs,
and it's unclear how they'll be dealt with by the Chinese justice system.
According to The Independent,
Singapore have arrested 12 people between the ages of 17 and 40
for alleged involvement in social media scams.
The Spanish National Police have arrested 34 suspected members of a cyber criminal operation that ran a wide variety of scams. The Spanish National Police have arrested 34 suspected members of a cyber
criminal operation that ran a wide variety of scams. Bleeping Computer reports that 16 raids
across five cities led to the seizure of firearms and hand weapons, four high-end cars, 80,000 euros
in cash, and computers hosting a database with information on 4 million people.
The Register reports that a 31-year-old Moldovan man who allegedly ran the cybercriminal marketplace
eRoot has been extradited from the UK to the US to stand trial for charges of conspiracy to commit
access device and computer fraud, wire fraud conspiracy, money laundering conspiracy,
access device fraud, and computer fraud. And finally, Europol has released details of that
international operation that disrupted the Ragnar Lager ransomware gang. Europol says,
in an action carried out between the 16th and 20th of October, searches were conducted in
Czechia, Spain, and Latvia. The key target of
this malicious ransomware strain was arrested in Paris, France on the 16th of October, and his home
in Chechia was searched. Five suspects were interviewed in Spain and Latvia in the following
days. At the end of the action week, the main perpetrator, suspected of being a developer of
the Ragnar Group,
has been brought in front of the examining magistrates of the Paris Judicial Court.
The ransomware's infrastructure was also seized in the Netherlands, Germany, and Sweden,
and the associated data leak website on Tor was taken down in Sweden.
TASS says it never happened, but apparently, no, it actually did.
Alfa Bank, Russia's largest private bank, was hit by Ukrainian hacktivist auxiliaries working in cooperation with the SBU.
The record confirmed the attack with the SBU.
Alfa Bank is controlled by oligarch Mikhail Fridman, himself under U.S. and EU sanctions in connection with his role in Russia's war economy,
the SBU sees such hacktivism as a contribution to its intelligence collection effort.
Do you read all those EULAs, all those privacy policies that pop up all around you?
Well, don't tell anyone, but not all of us do either.
It turns out there is a kind of rationality on your side,
dear listener. NordVPN sent us a study this morning in which they calculated how much time it would take the regular Joe, the ordinary Jane, to read all that stuff. After a pious bow in the
direction of knowing what you've agreed to, NordVPN says, the average privacy policy in the U.S. consists of 6,938 words.
A person reads approximately 238 words per minute, which means it would take a little over 29 minutes
to read an average privacy policy. So if you read the privacy policy of the 20 most visited U.S.
websites, that would take you about nine hours. If you read the
policies of the 98 or so sites the average person visits in a month, that would take you a full work
week. The American philosopher Tom Waits once sang, the large print giveth, the small print taketh
away. A lot of what it takes away is time. And finally, were you a little baffled by the recent furor
over Parisian bedbugs? Our European desk was. Come on, they said, worrying about a few bugs is the
kind of thing you'd expect from les anglo-saxons, not from worldly Parisians. It turns out that
there's a story behind the story. The recent overreaction in France and elsewhere to reports of a bedbug infestation
may in significant part be due to the planting and amplification of bogus news stories by Russian trolls.
The Telegraph reports that French intelligence services have traced the craze to Russian doppelganger trolling,
fake articles that misrepresented themselves
as having been prepared by trusted news outlets
were circulated in social media.
Case zero of this cognitive infestation
seems to have been a bogus article
said to have appeared in the regional newspaper Le Montaigne,
which claimed falsely that the bugs were surging
because the French
government's embargo on Russian chemical imports had deprived France of effective pesticides.
Other phony articles of similar nature were misattributed to the left-wing paper Libération
and the right-wing paper Le Figaro. They're all forgeries and hocum. The bedbugs were never a big deal, and in any case,
they were around long before France imposed any wartime embargoes on Russia. It's Russian
disinformation. The campaign seems to have been opportunistic. The trolls saw some stories about
bedbugs and decided to pick up the meme and run for daylight. So the bedbugs have gone to war.
Coming up after the break,
Microsoft's Anne Johnson from Afternoon Cyber Tea
speaks with Nuper Davis
about building secure tech from the start.
Our guest is Antonio Sanchez from Fortra
on the challenges of having too many tools.
Stick around.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
It's a common refrain to hear CISOs lamenting the number of security tools they've accumulated over
time and the complexity that means they have to manage. Antonio Sanchez is Principal
Cybersecurity Evangelist at Fortra, and I spoke with him about the challenges enterprises face
when they've got too many tools. Tool complexity is definitely one of the top issues that we hear
from CISOs. They get into this predicament because it seems like, I don't know, every year, maybe
every couple of years, there's a new attack vector or a new vector that's out there that
maybe wasn't used before for whatever reason in the IT industry.
And now it's being used.
And whenever something new is being used or leveraged by the IT industry, typically the criminal actors, the bad actors, figure out that they can also leverage whatever the new
technology is, the new innovation is, to be able to exploit it for their own nefarious purposes.
The cloud is a great example of that. Ten years ago, actually longer than that, but once upon a
time, the world was entirely on-premise. You had
your servers in a server closet, you had your storage space in a storage closet, things like
iSCSI disks and Fiber Channel disks, and all of that stuff lived behind four walls in a data
center, maybe got replicated somewhere else. And now with the rise of the cloud over the past several years, a lot of that stuff doesn't live inside those four walls. It lives in somebody else's four walls. And so it's a new footprint that is now available for the IT industry, but it's also available for the bad guys, the bad actors, the criminal actors to be able to exploit as well.
So for every new innovation that's out there, there's a new attack vector.
For every new attack vector, there's a new tool.
And for every tool that you purchase or an organization purchases to address that new attack vector, you end up with tons of tools. In fact, it's not uncommon for us to hear organizations with 50, 60, 70,
even over 100 tools. Bigger organization, usually the more tools in house. And somebody's got to
make all that stuff work together. And how do they typically go about that? I mean, it seems to me
like that's a lot of balls to have in the air at the same time. It is a lot of balls to have in the air at the same time. And what we hear time and time again is that some of the time, the complexity is
so great that they'll only be using maybe two to 5% of that tool's capability. So there's a lot of
unused value from that tool. And now you multiply that by 20, 30, 40, 50, even 100 tools. I mean, that's a lot
of expense for not a lot of value being brought back in. Because in many cases, the tools don't
actually talk to each other. The tools don't share information back and forth. A lot of times you
have to go to one tool to get insights, and then you have to correlate those insights from another
tool and take action on yet another tool. So there's several tools that have to be used in order to be able to
take some sort of, and then you have to have somebody that knows how to use all of those
tools and make heads or tails out of all of them as well. So it's a patchwork of stuff for sure.
Is there a reticence to retire a tool that's been in service for a
while? Are people afraid that if I get rid of this tool, then a breach happens where that tool
may have been the thing that could have prevented it, then I'm in a heap of trouble?
It's difficult to sunset a tool that you yourself were responsible for its initial purchase or procurement or rollout
it becomes a sensitive a sensitive topic a sensitive subject because like wait a minute
i made the decision to spend whatever it was a hundred thousand half a million a million dollars
on this tool or on these on this set of tools to be able to improve the security posture of the
organization.
And it didn't quite work out.
I mean, that's a hard pill for some people to swallow.
So they'd kind of, in some cases, would rather deal with the complexity to try and save face.
What we tend to find a lot, though, is that organizations that are in new leadership will
kind of take that inventory of saying, we have all of these tools, do we really need everything? And then they'll
kind of take an honest look at the tech stack of the organization and say, yeah, well, we probably
don't need everything, so let's make some decisions that are going to be best for the
organization for the long haul. Is that really a good way to come at this, to establish some sort of cadence for taking a look
and evaluating whether or not indeed you need all of the tools that you've signed up for?
Nowadays, there's a lot of tools that have a lot of overlapping capability.
And the hard part is trying to understand is what am I using this tool for?
And is the use case that I have for this tool something that can be done with something else such that I can retire it?
At the end of the day, organizations constantly have to evolve their security strategy.
And as part of that, they have to take an honest look at themselves and say, is there something that we can look at, some
sort of a framework we can look at of all the things that we use, of all the things
that we need, of all the use cases we have out there, and then figure out, is there something
else within our arsenal, or should we start looking at an investment in something that
maybe allows us to be able to retire a large portion of them?
So many of the CISOs that we talk to nowadays have goals where in the next two to three years,
they want to reduce their tech stack by, in some cases, 50%, even as high as 80% of what we see,
where they just want to have a handful of partners to be able to move forward with
because they're trying to simplify their organization and simplify, reduce complexity within their organization.
You know, along with that, I think a lot of folks have trouble with their patching programs,
of trying to come up with a reasonable way to take care of patching in a reasonable amount of time,
but still not introduce friction for their users. Do you have any thoughts with that?
but still not introduce friction for their users.
Do you have any thoughts with that?
Absolutely.
Well, that's one of the insights that typically you get with a whole bunch of tools is saying,
okay, we've got a vulnerability management program.
We have a tool that we use to tell us what are the vulnerabilities that are out there,
what are the critical ones that are out there, which ones affect us that are out there. Because I think we're up to like 20,000 vulnerabilities this year, something like that, some ridiculous
number again.
And you can't do all of them.
So you need to have some context around which are the ones that are important to us as an
organization to keep our security posture where it needs to be.
And in many cases, the action, in most cases, the action item is, well, we have to do patching.
We have to patch this server. We have to patch this server.
We have to patch whatever it is that we have out there.
And you have to be disciplined about ensuring that you're able to patch when you need to patch, whether that's a recurring schedule where you do multiple patches at once or something that's critical that you have to do an out-of-cycle patch.
something that's critical that you have to do an out-of-cycle patch. But maintaining a strong disciplined patching program is one of the, what I call the basic blocking and tackling things that
an organization can do to reduce the attack footprint of the organization. It's easy to say,
but it's hard to do because in many cases, patching is just one of those things that tends to get deprioritized
for more critical type projects.
That's Antonio Sanchez from Fortra.
Microsoft's Anne Johnson is host of the Afternoon Cyber Tea podcast.
And in today's episode, we get a segment of her conversation with Nuper Davis about building secure tech from the start.
Today, I am joined by Nuper Davis, Executive Vice President and Chief Information Security and Product Privacy Officer at Comcast. Nupur is responsible for overseeing the full range of cybersecurity and product privacy functions for all Comcast cable businesses, including all products and services delivered to residential and business customers.
business customers. Secure by design and secure coding is such an important and overlooked and undervalued part of cybersecurity often. People don't talk about it, right? So knowing you have
that background gives you such a unique perspective that others candidly don't have.
It does. You know, I do find that having that background helps in so many other areas of security. If you sort of know, hey,
this kind of action that you take as you're designing a system or as you're building a system
or as you're writing the code, these are the type of vulnerabilities and issues that can lead to.
Then let's say you are confronted by a network vulnerability or a
configuration vulnerability or some other, you sort of like go back to that mind map
and you kind of go, I sort of maybe know how this can happen. And knowing how something could possibly happen, I think, gives you a better chance of being able to respond to it.
I'm not saying you're right 100% of the time. You never are.
But I think you have a slightly better chance of knowing what might be the cause.
We can't go any further until we talk about data, artificial intelligence, and specifically generative AI and security.
So what's your point of view, Nupur?
How are you thinking about generative AI and security?
What are some of the early use cases you're excited about?
And what do you think this innovation is going to do for the industry?
So you've asked a question that is really near and dear.
the industry. So you've asked, you know, a question that is really near and dear. So we have, in our security program, we have three North Stars. And, you know, North Stars, you know, I talked about
our mission. North Stars are our kind of long-term view of success. And our very first one is Build
Security In. And, you know, this is, again, biased. That's my background. That's what we started.
And, you know, that program is, you know, in its seventh year and probably one of our
most mature North Stars.
Our second North Star is around a zero trust environment.
You know, we're probably in about halfway through that journey.
And then our third is around data.
And then our third is around data.
And, you know, we have struggled with this how do you make sense of all of that?
And yes, you know, there seems and there are other ways of analyzing it, but, you know,
they're very expensive. You can't do long-term analysis with them. So we spent years
building a security data fabric. And it's sort of changed the way we do security, I have to tell you.
It's just, again, still learning, still growing. It's a journey, not a destination. But what the fabric lets us do is we bring in information from all of these sensors.
We enrich that with other enterprise and other intelligence, like, for example, organizational hierarchies, asset systems, authentication systems, badging systems, right? You bring
all of this data together with your security data. Suddenly, you can ask questions that you
didn't dare to ask before. So we use that fabric for everything from continuous controls compliance to machine learning models
that will do behavioral analysis and detection
and everything in between.
That's Anne Johnson from the Afternoon Cyber Tea podcast,
which you can find right here on the Cyber Wire network,
speaking with Nper Davis.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total
control, stopping unauthorized applications, securing sensitive data, and ensuring your
organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default
deny approach can keep your company safe and compliant. could get 1% cash back. Great. That's 1% closer to being part of the 1%.
Maybe, but definitely 100% closer
to getting 1% cash back with TD Direct Investing.
Conditions apply.
Offer ends January 31st, 2025.
Visit td.com slash dioffer to learn more. And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
You can email us at cyberwire at n2k.com. Your feedback
helps us ensure we're delivering the information and insights that help keep you a step ahead in
the rapidly changing world of cybersecurity. We're privileged that N2K and podcasts like
The Cyber Wire are part of the daily intelligence routine of many of the most influential leaders
and operators in the public and private sector, as well as the critical security teams supporting the Fortune 500 and many of the world's preeminent intelligence
and law enforcement agencies. N2K Strategic Workforce Intelligence optimizes the value of
your biggest investment, your people. We make you smarter about your team while making your team
smarter. Learn more at n2k.com. This episode was produced by Liz Ervin
and senior producer Jennifer Iben.
Our mixer is Trey Hester
with original music by Elliot Peltzman.
Show was written by our editorial staff.
Our executive editor is Peter Kilby
and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role. Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.