CyberWire Daily - Updates on the continuing hybrid war in Ukraine. Julian Assange will get another chance to avoid extradition. And Russian privateers find that they’re expendable.
Episode Date: January 24, 2022Updates on the continuing hybrid war in Ukraine. The UK charges Russia with trying to install a puppet in Kyiv. Nominal hacktivists claim an attack against Belarusian railroads. Compromise of Greek pa...rliamentary email accounts reported. Netherlands authorities warn against relaxing your guard against Log4j exploitation. Julian Assange will get another chance to avoid extradition. Rick Howard’s been pondering his reading list. Dinah Davis from Arctic Wolf on securing your smart speakers. And Russian privateers find that they’re expendable. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/15 Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Updates on the continuing hybrid war in Ukraine.
The UK charges Russia with trying to install a puppet in Kiev.
Nominal hacktivists claim an attack against Belarusian railroads.
Compromise of Greek parliamentary email accounts are reported.
Netherlands authorities warn against relaxing your guard against log4j exploitation.
Julian Assange will get another chance to avoid extradition.
Rick Howard's
been pondering his reading list. Dinah Davis from Arctic Wolf on securing your smart speakers.
And Russian privateers find they're expendable.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Monday, January 24th, 2022.
The British government on Saturday accused Moscow of attempting to form a pro-Russian government in Ukraine, Reuters reports. The British Foreign Office identified Yevhen Murayev, a foreign Ukrainian legislator, as the leader Russia was seeking to install in Kiev and said that such machinations would not be tolerated by Her Majesty's government.
Russia's foreign ministry responded,
We urge the Foreign Office to cease these provocative activities, stop spreading nonsense,
and finally concentrate its efforts on studying the history of the Mongol-Tatar yoke.
That Mongol-Tatar yoke is indeed history and so deeply historical as to amount to historical inside baseball, where baseball actually played around Moscow.
The New York Times sees the announcement as of a piece with a more muscular assertion of British interests.
Saturday's announcement followed last Thursday's U.S. sanctions against four Ukrainian nationals,
whom the U.S. Treasury Department identified as working on behalf of Russian intelligence services.
Ukrinform reports that Poland has joined Ukraine in assessing recent cyberattacks against Ukrainian targets as the work of Russian intelligence services.
Ambassador Andrzej Sadados, Poland's permanent
representative to the European Union, was quoted as saying,
According to the information available to us, the cyber attack on Kiev last week,
January 14-15, was carried out by a group of hackers affiliated with the Russian services.
The same group of hackers is responsible for leaking and publishing government correspondence
of Polish government officials. Last summer, the same group of hackers ran a cyber attack on the
German Bundestag ahead of the September elections. It was this group that was involved in the recent
attacks on Ukraine's government portals. Russia has conducted extensive influence operations in connection with its ambitions in Ukraine.
They have tended to represent Ukraine as a threat to Russia,
not only in its policy but also in its growing alignment with NATO
and internal ethnic fissures that Russia argues render the country dangerously unstable.
The U.S. State Department offers a summary and assessment,
a negative assessment, it need hardly be noted,
of recent Russian influence operations.
MIT Technology Review describes how Russian cyberattacks against Ukraine
could have effects that spread to other parts of the world.
There is, of course, the likelihood that Russian retaliation against countries
that have supported Ukraine in the present conflict would take the form of cyberattacks.
But the experience of both NotPetya and WannaCry indicate that cyber effects are difficult to control.
Whether the Russian services lost control of those attacks
or were simply indifferent to the collateral damage they worked.
In both cases, the effects spread well beyond the immediate Ukrainian targets.
The NotPetya attack of 2017 affected shipping and logistics companies worldwide.
The U.S. estimated the global costs inflicted by the pseudo-ransomware incident
at more than $10 billion.
An online Russian-language publication,
Reformation, reports that a group claiming to be a Belarusian hacktivist group has carried out a
cyberattack designed to interfere with rail traffic in Belarus. The attack's nominal purpose
is to interfere with any Russian troop movements in Belarus. The incident is said to have affected
the national railroad's business systems by encrypting data and destroying backups.
The hackers say they'll provide a decryptor upon the release of 50 political prisoners
and a halt to Russian troop deployment in Belarus. Claims of responsibility should be
treated with caution. The incident may be a case of hacktivism, but action by criminals, National Intelligence Services, or Russian provocation can't be ruled out.
NATO is increasing the readiness of forward deployed forces along its eastern flank.
The Guardian notes that a number of members of the alliance have deployed warships to the Baltic for the most part, aircraft and ground forces into the theater.
The European Union has promised 1.2 billion euros in loans and grants to help Ukraine cope with the financial consequences of an invasion.
Sanctions are also under discussion. The U.S. is considering implementing a novel set of sanctions, as the Washington Post calls them,
intended to cripple Russian strategic interests, including its technology sector.
The Hill lists the sectors most likely to be affected,
artificial intelligence, maritime, defense, and civilian aviation sectors.
The sanctions would include strict controls of exports of all microelectronics designed with U.S. software or technology or produced using U.S. equipment.
Last week, Russia denied reports that it had begun evacuating its diplomatic personnel from Ukraine.
But yesterday, the U.S. State Department has directed the families of American diplomats to leave Ukraine
and has given assigned diplomats permission to leave should they so desire.
State is also warning U.S. citizens to avoid travel to Ukraine and Belarus.
The State Department explained its rationale for the action.
There are reports Russia is planning significant military action against Ukraine.
The security conditions, particularly along Ukraine's borders in Russia-occupied Crimea
and in Russia-controlled eastern Ukraine, are unpredictable and can deteriorate with little notice.
Demonstrations, which have turned violent at times, regularly occur throughout Ukraine, including in Kiev.
End quote.
The Cyber Wire's continuing coverage of the crisis in Ukraine can be found on our website.
Media reports say that some 60 email accounts belonging to Greece's parliament
were discovered late last week to have been compromised.
The accounts belong to members, staffers, and journalists covering parliamentary affairs.
As a precautionary measure, parliament's webmail has been suspended while investigation proceeds.
Pursuant to the U.S. Cybersecurity and Infrastructure Security Agency's Binding Operational Directive
22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, CISA last week
added 17 listings to its known
exploited vulnerabilities catalog. Federal agencies have until February 1st to address
the most urgent issues. Log4j vulnerabilities remain a matter of concern. Bleeping Computer
reports that the Dutch National Cybersecurity Center has warned that organizations who may not have sustained particularly serious exploitation of those vulnerabilities shouldn't
let themselves lapse into a false sense of security.
Exploitation is ongoing and expected to continue for the foreseeable future.
The Washington Post says that a British High Court decision rendered today has given WikiLeaks impresario Julian Assange leave to appeal the decision to extradite him to the United States, where he's wanted on charges of violating the Espionage Act.
Mr. Assange remains in Belmarsh Prison while his case is being decided.
And finally, Russia continues to crack down on cyber criminal gangs.
They've functioned as privateers, effectively harassing Russia's adversaries with at least
the tacit consent, possibly the active encouragement of the Kremlin. But privateers
are as expendable as they are deniable, and the Russian cyber underground is feeling the effects of the crackdown. Alleged members of Arevil were arrested more than a week ago, and TASS reported on
Saturday that the FSB arrested the founder and three members of the criminal in-fraud organization.
The founder, Andrei Sergeyevich Novak, TASS points out, is wanted in the U.S. His detention has just been announced.
He's been in custody for two months.
Why the arrests?
Russian authorities may be pointing out that they can render valuable cooperations to Western,
especially American, law enforcement,
and that assistance could be quickly withdrawn should the West continue to make noise about Ukraine,
withdrawn should the West continue to make noise about Ukraine, or the arrests could be disinformation of the deep positioning Russia as an international good citizen. The arrests have
shaken the Russophone underworld, which nonetheless seems a lot more fatalistic than American mobsters
would be in similar circumstances. Digital Shadows has been keeping an eye on the chatter in the criminal fora,
and they emailed us their sense that the mood has shifted.
In 2020, the researchers say, one forum user wrote,
If you're working on the Russian Federation, then they'll hunt you down.
But if you're working on the EU or the US, then nothing will happen.
No one will care until you visit the EU or the US.
End quote.
So stay away from Russian businesses, feed on the Americans and Europeans, and everything will be A-OK.
But that's changed.
One Hood in a position to know recently shared, quote,
If you still continue to firmly believe that if you are in the Russian Federation, then nothing will happen to you,
no matter what you do, this faith will practical questions as criminals consider their plans.
There's no consensus as to whether it's better to go to a Russian or an American prison.
On the one hand, life in an American prison might be easier, but the sentences tend to be longer.
It's best, of course, to stay out of the slammer altogether, but, well, if you've gotta go, you've gotta go.
Do you know the status of your compliance controls right now? Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist. Vanta
brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And it is my pleasure to welcome back to the show Rick Howard.
He is the CyberWire's Chief Security Officer,
our Chief Analyst, and Chief Fellow as well.
Rick, great to have you back.
Hey, Dave.
So here we are. It is 2022,
and I have to say, I don't know about you, but I cannot believe that we are almost through
the first month of 2022. How is that possible? I said, I'm going to get so much done over the
break, and here we are. It's the middle of January. I don't know. But the good news is
that your podcast, CSO Perspectives, is kicking off Season 8.
So what do you have in store for us?
Yeah, well, over the holiday break, I had this epiphany that all of us are students of the cybersecurity game,
and that includes me and you, Dave.
We are students of this game, right?
And one thing that makes the game challenging is that it changes all the time.
There is always something new happening somewhere. Some new attack vector,
like the Log4J vulnerability that we were all dealing with over the holiday break,
or some new policy like President Biden's most recent signing of the National Security
Memorandum, number eight, happened this week, or the latest attack sequence for some cybercrime
adversary group like FIN8. And it's an enormous effort for any one person
to keep up with it all.
And we all have our own methods to try to stay up to date,
like, you know, listening to podcasts,
reading books and technical papers,
following smart people on Twitter,
and, you know, watching YouTube videos.
Yeah, yeah.
I mean, do you have a preferred medium?
Do you find yourself drawn to one over the others?
I do, but I realize that
the way everybody consumes information is deeply personal and tailored to how they like to receive
information. So my way may not be your way, but for me, my two preferred methods are podcasts and
books. Podcasts and audiobooks, by the way, because they are so convenient. If I'm walking the dogs or
doing the laundry or washing the dishes, I'm are so convenient. If I'm walking the dogs or doing
the laundry or washing the dishes, I'm catching up on podcasts or listening to a book.
Now, you know, you and I have known each other for a while now, and I remember some of our first
conversations were about the books that you were reading. You've always been a real big advocate
of reading books, and especially books about cybersecurity. Your work on the
cybersecurity canon project, of course, is noteworthy. I'm wondering if you've noticed a
decline in people talking about taking the time to read actual books. It seems to me like with
everyone being so busy and so many demands on everyone's time, people aren't sitting down with a good book the way they used to.
You know, I think that's true for a lot of people.
But let me try to make the case that you should prioritize taking the time to read or listen to a book.
All right.
So here it is.
It makes your world a bigger, richer environment.
All right.
In other words, it gets you out of your own bubble.
And so let me lay a Confucius quote on you, if you will, and don't be just a bit. All right. Here other words, it gets you out of your own bubble. And so let me lay a
Confucius quote on you, if you will indulge me just a bit. All right. Here's what he said.
No matter how busy you may think you are, you must find time for reading or surrender yourself
to self-chosen ignorance, end quote. Now that's a subtle dig from 500 years BC. All right. So
take that. But, you know, more recently, Mark Twain was a bit more
blunt. He said this, if you don't read, you're not any better than people who can't read. Ouch,
that hurts a little bit. Okay. Fair enough. Fair enough. All right. Well, so what's taking up your
time? What books and podcasts are you recommending that everybody should be reading and listening to?
Well, that, my friend, in the podcast biz is one of our famous teasers. You're going to have to
listen to the first season of A that starts this week on CSL Perspective. So everybody check it
out. I can't believe I walked right into that. All right. Rick Howard, thank you so much for joining us.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker,
more than just a challenge. It's a necessity. That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full
suite of solutions designed to give you total control, stopping unauthorized applications,
securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach
can keep your company safe and compliant.
And I'm pleased to be joined once again by Dinah Davis.
She is the VP of R&D and Operations at Arctic Wolf and also the founder of Code Like a Girl.
Dinah, great to have you back.
Thank you. Very exciting. 2022!
2022, here we come, whether we want it or not, right?
That's right.
too. Here we come, whether we want it or not, right? That's right. So having just come through the holiday season as we did, I think a lot of folks under their Christmas trees or their Hanukkah
bushes or however they get gifts distributed to them by their loved ones have found themselves
with new smart speakers. And with that come some security issues as well. Bring us up to date here, Diana.
What sort of stuff has you concerned from a security point of view?
Yeah.
Well, did you know at least 35% of American households have smart speakers?
Wow.
That was in 2019.
So I suspect that number is higher.
So if you have one, then the things that you want to do are make sure you have the voice recordings deleted often. So I know with both Amazon and Google, you can go in and review your voice recording history and delete it. I went and double checked mine while I was preparing for this, just to see what I had set.
And I,
I was glad that previous me was smart and there,
my voice recordings are deleted immediately,
immediately. They are not kept for any length of time at all.
And that just helps.
Like you don't need them having all those voice recordings of you in their
systems for that long.
Yeah.
Don't link your calendar or your address
book to your smart speaker. And I feel like that's something people would really want to do from a
usability perspective, right? Right. Hey, what do I have? What's on my schedule today? And it can
tell you that. Right. But if you do that, it's very easy for hacks to come in, especially the
address book, and then start sending stuff to your contacts, right?
Phishing emails or other things like that, right? It may ask you for things like passwords to
different things, credit cards when you're shopping, social security numbers. Don't ever
tell them into your smart speaker. You can't be sure that it's only going to be used for the purpose you think it is,
right? And if you tell your smart speaker, anyone could possibly get that information just by asking
it. So you can also turn off the microphone when you aren't using it. I feel like this is one of
those security recommendations that's well- intended but like less useful yeah so like
the whole idea with the smart speaker is it's just there you want to yell at it and it does stuff
right you want it to be the computer from star trek yeah right yeah you don't have to go turn
on the microphone then yell at it and then turn the microphone off but you could consider times
when you may want to turn the microphone off right maybe you could consider times when you may want to turn the microphone off, right?
Maybe you want to turn it off during family dinner,
so it's not like that whole time is being listened to or something like that, right?
Yeah, I could imagine also like just hours of the day.
If you know you're sleeping from certain times of the night, turn it off.
Yeah, exactly, exactly.
Exactly.
And possibly you might even be able to schedule that.
I don't know.
I haven't looked into it.
But Google or Amazon, that'd be a great feature, right?
If you don't have it already.
Turn off purchasing.
So I didn't really realize people did this,
but people add stuff to their Amazon carts and then say buy,
and then it ships it right to their door, like all through the smart speaker. I found this out because I was
watching Borat. Okay. I was watching, I was watching the Borat after show on, on Amazon,
where they, where they like had him in the house with those two guys. And those two guys were
showing him how to use the Alexa.
But I was like, oh, really?
Wow.
Yeah, that makes sense, right?
So, you know, maybe don't have it connected
to your Amazon account that way
because anyone can just start saying what they want.
Especially if you have little kids,
could accidentally have it, not maliciously by your kids.
But even the other day, I had a friend say,
my daughter got my, my three-year-old daughter got my Kindle. And now I have like five books
that I'm going to read that I didn't want, but I guess it's what I'm reading now. And then
one great one is if you're going to leave some of that stuff on like purchasing, you know,
cause you really want it and that's okay. That's your choice, right? Stay on top of your notification emails. So, you know, every time you buy something
on Amazon, you get a message, right? So check those, you know, check those regularly, make sure
you, you look at that kind of stuff and then make sure you're using good wifi-Fi. So like WPA2.
And one big recommendation I have is to use guest Wi-Fi for all your guests,
but also any of your insecure or unsecured IoT devices.
Don't have IoT devices on your network that are not secured in your family's network. So that if something ever happened to compromise them,
they're stuck in
the guest Wi-Fi and not connected to your stuff. Enabling voice recognition can be a really good
idea. And then making it only, setting it so it only responds to the voices it recognizes.
That will help you with the yelling into the window, open the doors.
Right, right, right.
So it only responds to known voices.
Yeah, exactly, exactly.
Yeah, yeah.
So yeah, and then of course, finally,
strong passwords, people, strong passwords.
All right, well, good advice for sure.
Lock down those smart speakers, people.
Dinah Davis, thanks for joining us. And that's the Cyber Wire. For links to all of
today's stories, check out our daily briefing at thecyberwire.com. Don't forget to check out
the Grumpy Old Geeks podcast, where I contribute to a regular segment called Security.
I join Jason and Brian on their show
for a lively discussion of the latest security news every week.
You can find Grumpy Old Geeks
where all the fine podcasts are listed.
The Cyber Wire podcast is proudly produced in Maryland
out of the startup studios of Data Tribe,
where they're co-building the next generation
of cybersecurity teams and technologies.
Our amazing CyberWire team is Elliot Peltzman,
Trey Hester, Brandon Karp, Eliana White,
Puru Prakash, Justin Sabe, Tim Nodar,
Joe Kerrigan, Carol Terrio, Ben Yellen,
Nick Vilecki, Gina Johnson, Bennett Moe,
Chris Russell, John Petrick, Jennifer Iben,
Rick Howard, Peter Kilpie, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Thank you. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com. That's ai.domo.com.