CyberWire Daily - Word zero-day spreading Dridex. Password reuse bites Amazon third-party sellers. Mirai now mines Bitcoin. WikiLeaks, the ShadowBrokers, and war in Syria. Cyber first use. Crypto wars in Europe. APT10 in India. Penn State prof takes Gödel Prize
Episode Date: April 11, 2017In today's podcast, we hear about how a Word zero-day is spreading the Dridex banking Trojan. Amazon third-party sellers bitten by reused passwords. IBM catches Mirai mining Bitcoins. Symantec discern...s Longhorn tools in WikiLeaks' Vault 7. Tensions over Syria's civil war seem to be behind the Shadow Brokers' return. ISIS is now attempting to recruit women to the Caliphate. Germany considers a cyber first-use doctrine. Crypto wars flare in Europe as French Presidential candidate Macron takes a strong anti-encryption line. The University of Maryland Center for Health and Homeland Security’s Ben Yelin weighs in on the FCC’s rollback of ISP privacy rules. Dario Forte from DF Labs cautions against AI hype. A Penn State professor takes the 2017 Gödel Prize for his work on differential privacy. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K. Amazon third-party sellers are bitten by reused passwords. IBM catches Mirai mining Bitcoins.
Symantec discerns Longhorn tools in WikiLeaks' Vault 7.
Tensions over Syria's civil war seem to be behind the shadow broker's return.
Germany considers a cyber first-use doctrine.
Crypto wars flare in Europe.
And a Penn State professor takes the 2017 Gertl Prize for his work on differential privacy.
I'm Dave Bittner in Baltimore with your CyberWire summary for Tuesday, April 11, 2017.
We begin with a few notes on cybercrime. The zero-day vulnerability in Word that's undergoing exploitation in the wild is now being used to distribute the Drydex banking trojan.
Many hope Microsoft will patch the flaw later today,
but Redmond is still tight-lipped.
Drydex, regarded as a more dangerous bit of malware than most,
had of late been relatively quiescent until yesterday,
when the SANS Institute and others observed a large spike in its distribution.
Over at Amazon, third-party sellers are being hit with a wave of credential theft
that's robbing them of the proceeds of their online sales.
The criminals are said to be exploiting reused passwords
they've purchased in various dark web markets.
We heard from Chris Pearson of secure business network provider ViewPost,
who notes that username and password credentials have been
gossamer against fraud for years. He advises, really seriously and no joke, to move to two-factor
authentication. IBM researchers have discovered a new criminal purpose for the Mirai IoT botnet
malware. It's now been adapted by crooks and set to the CPU-intensive task of Bitcoin mining.
adapted by crooks and set to the CPU-intensive task of Bitcoin mining.
Symantec has picked over recent WikiLeaks dumps and concludes that tools revealed in Vault 7 were used in the Longhorn campaigns,
some 40 incursions into networks of 16 countries.
Again, Vault 7 purports to represent a leak of CIA hacking documents.
Fighting in Syria, especially Assad's horrific use of nerve agent against largely civilian
targets, has considerably heightened tensions between Assad's patron, Russia, and the West.
The U.S. and U.K. are taking a joint hard line toward Russia over Syria.
That hard line is expected to include sanctions and has already included missile strikes against the Syrian regime's military installations.
The conflict has its predictable accompaniment in cyberspace,
particularly in information operations.
The latest Shadow Brokers leaks seems obviously designed to advance Russian interests in Syria.
The Shadow Brokers have long been regarded by close observers
as a sock puppet on the hand of Russian intelligence and security organs.
But many continue to regard the brokers as more mysterious than Muscovite.
Whoever they are, they're very, very disappointed in U.S. President Trump,
and they're sounding more alt-right for the moment than alt-left.
They're also moving in lockstep with Russian diplomacy.
ISIS, which of course is one of the several parties fighting in Syria, seems to have expanded
its recruiting pool. Catalan police have discovered online attempts by ISIS to actively recruit
women.
Germany's newly established independent military cyber force is expected to grow to an end strength of 13,500 by July.
Over the past weekend, Germany's interior minister told the news service ARD that he
wanted the Bundestag to pass legislation that would permit the Bundeswahr to conduct
first strikes in cyberspace in the event of clear, imminent, severe danger.
There's a lot of momentum behind artificial intelligence
and machine learning and cybersecurity these days, so much that it can be
challenging to separate the marketing hype from reality. Dario Forte is founder
and CEO of information security company DF Labs and he offers some insights.
The marketing buzz and the marketing statement during the RSA, people and CISOs and
also security professionals are starting to be concerned about what their role will be after that
automation and machine learning will take over. The good news is that there is the possibility
to balance both needs, meaning that automation machine learning
will be able to relief security people
from their routinary tasks
and or something that actually is time consuming for them
in order to have them focused and concentrated
on real important tasks and real important cyber investigation in this
particular case. We conducted a recent survey on many chief info security officers in the
Fortune 500 space. Some of them is in our advisory board. And we asked several questions about how
they consider automation and machine
learning to solve the current problem.
The first one is that you cannot automate everything, especially in this particular
period.
There are some pieces of the incident response and security operation ecosystem, for example,
that are still requiring human involvement. So, and the reason of it is very simple.
You cannot trust the machine 100% because if the machine is given the wrong input, then the wrong
output is consequential. And the damage that could become from the wrong output could be even worse
than the incident that you are investigating. wrong output could be even worse than the incident
that you are investigating. Make sense? So this is probably one of the most important concerns
to address. And the solution for that is that keeping the human in the loop, so just being
supported by automation and machine learning is at the moment the best direction that CIO and CISOs want to take.
The second concern is that if you rely too much on the machine, especially in data breach and incident response, there are many legal implications.
And should the CISO be asked to go in court to testify, he cannot definitely take a machine
as a support and or expert witness.
So machines are still required to help the humans but not to replace it.
That's Dario Forte from DF Labs.
The crypto wars are flaring again in Europe.
Emmanuel Macron, candidate for the presidency of France
under the banner of the progressive third-party movement On Marche,
makes some very tough promises to undermine widespread encryption should he take office.
He regards the ability to read the encrypted comms of suspected terrorists as essential to the struggle against terrorism,
and he would seek a coordinated EU campaign in which France would play a prominent part.
The Wall Street Journal reports that an attack last July on the Union Bank of India
closely resembled the phishing that compromised the Bangladesh Bank.
The Bangladesh Bank's swift theft is generally attributed to the North Korean-affiliated Lazarus Group.
Congratulations are in order to Penn State's Adam Smith,
professor of computer science and engineering at that university.
He's been awarded the 2017 Gertl Prize for his origination of the concept of differential privacy.
Finally, to all the cyber criminals who may be listening, some news you can use.
If you're under U.S. indictment, don't vacation in countries that have extradition treaties with the U.S.
Spanish police have alleged Kelehos botnet master Pyotr Levashov in custody.
U.S. authorities are dismantling Kelehos and all its works,
and Mr. Levashov is expected to be facing the music stateside at some point after his interrupted holiday in Spain is over.
And in Prague, extradition hearings are beginning for alleged LinkedIn,
Dropbox, and FormSpring breach artist
Evgeny Nikulin.
So if you're on the lam from the feds,
think about visiting, say,
Chad, Sudan, Eritrea,
or North Korea.
That's just a partial list.
Your travel agent should be able to advise you fully.
Fly direct, no stopovers,
and say, Guam.
And happy landings.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together. Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection
across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist
who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking and wickedly humorous film
from Searchlight Pictures. Stream Night Bitch January 24 only on Disney+.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
And I'm pleased to be joined once again by Ben Yellen.
He's a senior law and policy analyst at the University of Maryland Center for Health and Homeland Security.
Ben, of course, a big story that came by recently was Congress overturning the Internet privacy regulations,
allowing ISPs to sell some of our personal data.
Give us the background on this.
Sure. So in October of last year, the Federal Communications Commission promulgated a regulation prohibiting ISPs from selling personal information from their users.
There's this little used device, or at least it was little used until this year, called the Congressional Review Act.
And the way that this works is that Congress has 60 legislative days after a regulation has been published in the Federal Register to express its disapproval.
And if both houses of Congress express disapproval and the president signs it, that regulation is overturned.
And that's what happened here. He's complained to members of Congress and to the Trump administration that such a regulation would put them at a competitive disadvantage compared with what we call edge providers like Google and Facebook.
Those companies are regulated by the Federal Trade Commission.
They face less stringent requirements.
These ISPs are under the authority of the FCC, which has more stringent communications.
are under the authority of the FCC, which has more stringent communications.
I think the proponents are trying to argue just a simple case that there should be uniformity.
My personal opinion is that that argument is not well-founded.
You don't see any sort of effort at trying to develop a uniform policy between what the regulations that exist at the FTC and at the FCC.
One last thing I'll mention is that
the way the congressional review act works once you overturn a regulation under the congressional
review act that agency is prohibited for a statutorily defined period from issuing a
separate regulation that would do the same thing as the previous regulation. In other words, now the FCC,
no matter what happens through the next several years, will not be able to promulgate a similar
regulation because this bill has passed. And it's a huge, huge loss for privacy advocates,
but a major win for the internet service providers.
This one's a real head-scratcher, because who would be for this other than the
ISPs to be able to, you know, make a buck off of selling your personal information?
I mean, I think you answered your own question there. I think what we've seen in the public
opinion polling is, you know, basically what you said. There actually is no real constituent
interest in overturning this regulation. I think it's the industry and they can make all the arguments
they want about how there should be uniformity and privacy regulations. That's fine and good,
but I think it at least appears that the true motivation is to sidestep these FCC regulations
to sell personal information to make a profit for the internet service companies.
All right, Ben Yellen, as always, thanks for explaining it for us.
We'll talk to you again soon.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
solutions that are not only ambitious, but also practical and adaptable. That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses
that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your Thank you.