CyberWire Daily - WannaCry aftershocks. Influence ops and data corruption. Samba patched. Biometrics and impersonation. GDPR approaches. US legislation update.
Episode Date: May 26, 2017In today's podcast we hear that bogus WannaCry remediation apps are cumbering the PlayStore—don't be taken in. More on the complexities of WannaCry attribution. An EternalRocks worm may have been wi...thdrawn by its authors. Citizen Lab finds evidence that influence operations against targets in almost forty countries are now corrupting data. Vietnam does some cyber snarling at the Philippines over the South China Sea. Samba gets a patch as observers fear emergence of a worm. Biometrics and impersonation—experts advise complexity. GDPR is just one year away, but preparation still lags. Dinah Davis from Arctic Wolf shares her story of founding Code Like a Girl. Malek Ben Salem from Accenture Labs describes self sustaining enterprises. And two noteworthy pieces of legislation are introduced into the US House and Senate. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Bogus WannaCry remediation apps are hitting the Play Store.
More on the complexities of WannaCry attribution,
and Eternal Rock's worm may have been withdrawn by its authors.
Citizen Lab finds evidence that influence operations against targets in almost 40 countries are now corrupting data.
Samba gets a patch as observers fear emergence of a worm.
Biometrics and impersonation.
Experts advise complexity.
GDPR is just one year away, but preparation still lags.
We hear from the founder of Code Like a Girl.
And two noteworthy
pieces of legislation are introduced into the U.S. House and Senate.
I'm Dave Bittner in Baltimore with your CyberWire summary for Friday, May 26, 2017.
Observers have come to regard WannaCry as the campaign that brought ransomware to the attention of ordinary, individual users,
as opposed to the enterprises that have suffered ransomware infestations in the past.
One sign of this common touch are the bogus WannaCry remedies currently gurgling around Google's Android Play Store.
Don't bite. They won't help you, and they're at best going to wind up as unwanted software.
At worst, they're quite malicious.
Symantec has stuck with its attribution of WannaCry to the Lazarus Group and the Lazarus Group to North Korea.
Critics have emphasized the circumstantial character of the attribution
and point to other bits of evidence that suggest other explanations.
Flashpoint linguists think the authors of
WannaCry spoke Chinese and English. They point out that this doesn't constitute attribution
and isn't inconsistent with Symantec's linkage of the ransomware campaign to North Korea.
It's additional circumstantial evidence that eventually may contribute to an understanding
of WannaCry's origins. It's also worth noting, as Flashpoint itself emphasizes,
that there's a large Chinese diaspora,
and an awful lot of people in many places who are fairly fluent in English.
A point they do make is that it seems the authors of the ransomware
pass its natural language messages through Google Translate a few times.
Whether that's designed to clarify or obfuscate is unclear.
It could go either way.
A worm that exploited Eternal Rock's vulnerabilities
and that seemed to be quietly staging future attacks
may have been pulled by its creators, according to researchers at Croatia's CERT.
Good news, maybe, but crying victory would be premature.
Influence operations targeting the elections of France and the U.S. centered on
leaked emails. Some are reckoned to have been damaging, like those affecting the U.S. Democratic
National Committee, while others are thought to have had negligible effect, like the emails taken
from French President Emmanuel Macron's En Marche. But in those cases, there were few suggestions,
even from the victims, that the stolen emails had been faked or tampered with to make the targets of the influence operations look worse than they otherwise would.
That may no longer be holding true.
A study by the University of Toronto's Citizen Lab finds leaked emails belonging to a Russian journalist and critic of the government were doctored to discredit the opposition.
and critic of the government, were doctored to discredit the opposition.
Their investigation also led them to a large phishing campaign against more than 200 high-profile targets in 39 countries.
Citizen Lab is reticent about attribution,
but says there's clear overlap between what they're seeing
and evidence others have presented concerning Russian-affiliated threat actors.
So, while Mr. Podesta may have said all the stuff in those emails,
in the future, caveat lector,
data corruption may become as much a part of the information operations playbook
as data theft currently does.
Reuters reports that hackers acting apparently on behalf of the government of Vietnam
are attacking Philippine targets.
The larger issue is the dispute over sovereign rights in the South China Sea.
This week, Samba, the popular Linux file-sharing system, was found to have a bug that's apparently
endured for some seven years.
The Samba team patched it Wednesday, and users are urged to apply the patch.
Samba is also a significant component in a number of network-attached storage servers. The vulnerability has drawn inevitable comparisons to WannaCry.
We heard from security firm Cyfort's Nick Biligorski. He said, quote,
think of it as eternal blue for Linux, affecting all versions of Samba for the past seven years
since 2010, end quote. While there were few signs of exploitation in the wild, Samba has come under
attack in the recent past, and Biligorsky thinks there's some risk of a new worm appearing.
A proof of concept is already on Metasploit. I think at this point attackers are already
developing ways to weaponize ransomware or other malware with this.
You may have seen reports that a proof of concept unlocking of Samsung Galaxy S8's biometrics has been achieved with a camera, a contact lens, and a printer.
The demo comes courtesy of Germany's Chaos Computer Club.
It's like a sophisticated version of the old gummy bear fingerprint hack, but it points out that simple biometrics aren't necessarily the panacea we might hope for in authentication and identity management.
The countdown to GDPR this week entered its final year.
The new European Union privacy rules take effect in mid-spring 2018.
They'll affect enterprises worldwide.
Studies continue to suggest that few are prepared, and time is running out.
There are two new proposed bills introduced in the U.S. Congress that bear watching.
A revised draft of the Active Cyber Defense Certainty Act,
what people are calling the Hack Back Law, is out.
This one includes both mandatory notification and permission for victims
to recover or destroy stolen data on the attacker's systems.
It seems likely that the bill will undergo further revision before
it leaves the House, but U.S. representatives are clearly in a mood to consider a return to
Mark and Reprisal. And in the U.S. Senate, the Department of Homeland Security is the intended
beneficiary of the Hack DHS Act. Senators Hassan of New Hampshire and Portman of Ohio introduced
the bipartisan measure today with the intention of establishing
a pilot bug bounty program for the Department of Homeland Security.
The senators point out that since DHS is responsible for securing the.gov domain,
they have hopes that this could do for the federal government as a whole
what the Hack the Pentagon has begun to do to help secure the Department of Defense. challenges faster with agents, winning with purpose, and showing the world what AI was
meant to be. Let's create the agent-first future together. Head to salesforce.com slash careers
to learn more. Do you know the status of your compliance controls right now? Like, right now?
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks. But get this,
more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls
with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30
frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting, and helps you get security questionnaires done five times faster
with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com
slash cyber. That's vanta.com slash cyber for $1,000 off.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist
who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel,
Night Bitch is a thought-provoking and wickedly
humorous film from Searchlight Pictures. Stream Night Bitch January 24 only on Disney+.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of
solutions designed to give you total control, stopping unauthorized applications, securing
sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com
today to see how a default-deny approach can keep your company safe and securely. Visit ThreatLocker.com today to see how a default deny approach can
keep your company safe and compliant. And I'm pleased to be joined once again by Malek Ben-Salem.
She's the Senior Manager of Security and R&D at Accenture Labs.
You wanted to share some information that Accenture has put together, sort of a vision statement about self-sustaining enterprises. What do we need to know about that?
Yeah, so doing business today in this new digital ecosystem is different, right? We notice a lot of trends that are increasing the security challenges that
companies have to address. For example, the proliferation of insecure devices, the blur of
the physical and the personal and professional lives, the blur of physical also and digital
is another trend. And then the third trend is the weaponization
of the internet. All of these trends basically are raising new challenges for companies.
So we came up with this concept of a self-sustaining enterprise where self-sustaining
here refers to sustaining the business itself, but also being resilient about protecting that business and addressing security
threats. And what we advocate for is really understanding and assessing trust in a different
way in this new ecosystem. So when you're doing business in this environment and dealing with,
you know, third parties, partners, vendors, etc, you can think of this as physically as your own neighborhood
and visitors are coming and leaving.
So who do you trust in that neighborhood, right?
If somebody knocks on your door, do you trust that person?
Do you let them in?
Do you ask them for credentials?
What do you do?
And similarly, when you have a business, right,
you have all of these devices connecting to your network, whether they're personal or professional devices, meaning that they're owned by the company.
Do you trust those devices connecting to your network?
What do you do if an insecure device tries to access some of your assets?
How do you assess how much you trust that device?
We are encouraging our clients to think about trust-based authentication and assess that level
of trust based on the identity that the device proclaims through its own attestation, based on
the degree of control that the enterprise has over that device.
So whether it's a corporate device or a third party device, or it's a device owned by a person.
And there are several factors that can help with that trust assessment, including
what's the exposure to that unknown device? Or if the unknown device is added to that neighborhood,
can it be used to attack other devices? That could be used not only to assess that trust,
but also to build a persistent identity for that device. And when you can track or have that
persistent identity, then you can be more confident in the authentication decisions that you make for that
device. I see. All right. Interesting stuff as always. Malik Ben Salem, thanks for joining us.
And now a message from Black Cloak. Did you know the executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover
they've already been breached. Protect your executives and their families 24-7, 365,
with Black Cloak. Learn more at blackcloak.io.
My guest today is Dinah Davis.
She's the director of R&D at Arctic Wolf Networks and founder of Code Like a Girl,
an online community that aims to break down the perception that women aren't able to thrive in tech.
She started Code Like a Girl in part out of frustration.
I was doing a lot of blogging about women in tech. She started Code Like a Girl in part out of frustration. I was doing a lot of blogging about women in tech and I couldn't find a publication that would take my work or that
was really interested in it or fit. And as I was thinking about that, I was thinking, wow,
right now the impact of me is just me, but what if it was the impact of all the voices of all the women in tech?
And so I thought if I created a publication, I could bring all those voices together and then
try to amplify them. So more people would hear them. So the impact would be bigger.
And so in January of 2016, I created a publication and it took off. It was been a lot of work,
created a publication, and it took off.
It's been a lot of work, hard work, but zero followers on day one, 2016,
and today we have over 23,000 followers.
What is the typical types of things that we might expect to find on Code Like a Girl?
There's actually quite a large range. We have a technical section.
There's people's experiences being a woman in tech. There is kid career advice. There's a whole section on getting kids involved in tech, especially young girls and how to promote that. And we also have a focus on role models. So there's a whole page on articles about role models because I think they're one of the key things to changing the view of women in tech and getting more girls and women involved in it.
But by day, you are director of R&D at Arctic Wolf Networks.
What was your experience like coming up in the tech world?
I mean, it was pretty typical.
I remember being in a computer science class in my university, and my university was seven
to one women to men.
It just happened to be a school where there was a lot of teachers and that kind of stuff,
and we had a lot of women.
But I walked into that computer science class, and there was 60 guys and two women,
and I was one of the two women.
So even in a university where it was completely flipped like that,
the computer science was still dominated
by men. So that has been pretty typical. I'm usually the only girl, one of the only girls
on a team. And that hasn't bothered me terribly much. I wish that there was always more women
there, but I just kind of, at the beginning of my career, just took it as it was. And then I had a really bad experience.
And I decided that I didn't really want to stay quiet anymore.
Early in my career, I was a little bit afraid of speaking up that it might impact my career in a bad way.
After that experience, I thought, I don't want other women to be going through this, too.
I'm not going to be quiet anymore.
And if a company is not okay with me speaking up about these things, then I don't want to work there. What kind of bad experience did you have?
Oh, I just had a terrible boss that was very misogynistic. And he was a bully. He was a bully
to more than just me, but it really just wasn't fun. I didn't stay there very long. And I have
since found much better employers and Arctic Wolf is fantastic.
I love working here.
We have a female founder and a male founder.
It gives a really awesome perspective.
You have kind of a yin-yang situation there.
Their personalities are different, so they complement each other.
Plus, I'm working in security again, which I love.
There's certainly a shortage of women throughout tech and in cybersecurity specifically. We don't
do a terribly good job of retaining women who do enter our community. And then even as things
filter up, there are even fewer women up in the C-suite. First of all, what's the importance of
having women represented at that level? And
what can we do to improve the situation? Yeah, I mean, there's lots of studies out there that
you can find that shows that if your C-suite or your board, or just generally your leadership team
is more diverse, the company actually performs better. So really, it's there in the numbers and
the money. And I just think different
people from different backgrounds, different genders give different perspectives and you see
more so you can react better to changes in the market. You get more diversity of thought,
both from, and it's not just women, it's like diversity of culture, background, gender,
it's all important. But the more diversity
you have there, the better you can react to when things change in the market. You have more ideas,
more experiences to draw from than the single narrative that, you know, the older white male has.
And so what kinds of things do you think companies can do to better provide a good work environment for women and to retain
them? There's a fantastic article written recently on our blog, and the woman said,
I don't want to feel like I'm a minority, but I want to be supported when I am. And for me,
that hit it right there. I don't want to feel like I'm somebody
who's different. I just want to be treated the same as everyone else. But if there's a problem,
I want to be supported. It's called I'm a woman in tech. And this is what I want in a company
by Leah Mitchell. And she really describes it. Well, I have to I have to hand it to her.
She articulated what what women in tech want and I think what most minority groups
want in tech. So what do you credit with the success of Code Like a Girl? What do you think
is the reason that it's resonated so well? I think what resonates with them is that it's
their stories. These are real stories. These aren't studies. These are things that people have experienced or their
advice from real people who are in the industry. You get to find out about role models and people
you look up to and they write about what they've learned and how they did things. To me, this has
been about building a community to support other women in tech and then using that community to
raise awareness
to people who are outside it.
That's Dinah Davis from Code Like a Girl.
The website is code.likeagirl.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.