Learn more about your ad choices. Visit megaphone.fm/adchoices
CyberWire Daily
The CyberWire 2.2.16
- You're listening to the Cyberwire Network, powered by N2K. - With the Lulu Lemon, the real gift happens when they're living in it. When you give the fan favorite everywhere belt bag, the real gift is... ...and when the ultra soothing rest feel slides are the gift, you're really giving them... ...this holiday. With this holiday, Lulu Lemon makes it easy to give little luxuries that go beyond. Open the moment. Shop now at lululemon.com. - Hey everybody, Dave here. I want to talk about our sponsor, LegalZoom. You know, I started my first business back in the early '90s... ...and oh, what I would have done to have been able to have the services of an organization... ...like LegalZoom back then. Just getting all of those business ducks in a row... ...all of that technical stuff, the legal stuff, the registrations of the business, the taxes... ...all of those things that you need to go through when you're starting a business... ...the hard stuff, the stuff that sucks up your time... ...when you just want to get that business launched and out there. Well, LegalZoom has everything you need to launch, run, and protect your business... ...all in one place. And they save you from wasting hours making sense of all that legal stuff. Launch, run, and protect your business to make it official today at legalzoom.com. You can use promo code Cyber10 to get 10% off any LegalZoom business information product... ...excluding subscriptions and renewals. That expires at the end of this year. Get everything you need from set up to success at legalzoom.com and use promo code Cyber10. That's legalzoom.com and promo code Cyber10. LegalZoom provides access to independent attorneys and self-service tools. LegalZoom is not a law firm and does not provide legal advice... ...except where authorized through its subsidiary law firm, LZ Legal Services, LLC. Human Security Services point to Russia as the culprit in last year's Boon to Stock Hacks. Sentinel-1 continues to warn against black energy. The U.S. Congress looks at the now closed Juniper back door... ...and doesn't like what it thinks it sees. Fire eye buys and boaters. Bell Aerospace acquires Wavefront. Quick Heel says it's ready for an IPO. And alert logic says it will be ready for its own next year. The cyber sector continues to watch the strange case of Norse... ...and finally we take a look at the sorry wages of cyber crime. I'm Dave Fittner in Baltimore with your Cyberwire summary for Tuesday, February 2nd, 2016. The 2015 breaches of Boon to Stock systems in Berlin, so far unattributed... ...are looking more like a Russian operation. An anonymous source within the Russian security services told Spiegel... ...that the attacks were "clearly attributable to a Russian military intelligence service." Deutchevella cites observers who think the deep game is destabilization of the European Union... ...with the playbook taken from hybrid operations Russia has conducted against Ukraine... ...cyber operations, exploitation of expatriate or ethnic Russian sentiment, and so on. Sentinel-1, having completed, it says, reverse engineering the Black Energy 3 malware kit... ...once everyone to pull their heads out of the sand. A company executive is quoted by the Voice of America as saying... ...this is cyber warfare. We need to wake up and see that this is war. Black Energy still seems an espionage kit... ...and the other observers wonder how it's implicated in what Sentinel-1 and others... ...have called a widespread campaign aimed at disrupting utilities. Has Black Energy acquired some ability to manipulate control systems? This seems to most observers as doubtful... ...or is it being used to harvest operator credentials? More investigation seems clearly in order. The U.S. Congress is turning its attention to the possibility that the encryption issue in Juniper products... ...which Juniper closed last month may have its roots in an NSA-developed encryption algorithm... ...widely suspected of having been constructed with an intentional back door. If that turns out to be the case, it may represent a security own goal. The U.S. government is a big Juniper customer... ...and the gear the feds bought and used apparently has a back door as big as anything sold to other customers. DDoS attacks have become by many accounts the single most common cyber assault on financial services enterprises. HSBC has recovered from last week's incident... ...but the trend looks like an enduring one... ...and not only banks are affected. The Elder Scrolls online game reported a DDoS episode yesterday. Any enterprise that depends for its business on maintaining high levels of internet access for its customers... ...is vulnerable to DDoS. Virtual private server provider Linode publishes a commendably forthright account of the attack it sustained at the end of December... ...including the lessons it learned in response. The motivations for DDoS are generally one of these three. Activists who disapprove of an enterprise or of some cause connected with an enterprise often mount denial of service campaigns... ...relatively easy and inexpensive to mount. DDoS ranks up with website defacements as a common hacktivist tactic. A second common motivation for denial of service attacks is extortion. In the early days of cyber crime denial of service was used to hold online gambling sites up for ransom... ...and there's been some evidence that this form of criminal activity is enjoying an uptick. And finally, the third and in some ways most sophisticated use of DDoS... ...is as misdirection for some other more serious attack. If you can occupy incident responders with a big noisy denial of service campaign... ...they may well overlook, for example, your quieter efforts to gain persistence in their network. In industry news, FireEye makes another acquisition this time of automation shop in Vodus. This is thought to be a play that will improve incident response capabilities. Bell Aerospace enters the cybersecurity market with its purchase of Wavefront. Quick Heel is said to be preparing for an IPO next week... ...and AlertLogic says it's using 2016 to prep going public next year. Norse Corporation's main website is still dark, although its dark matters news page and labs site were online today. Forbes comments on what it calls the chaos left for presumably former employees. Quoting Norse's CTO is rather surprisingly saying he doesn't know whether they're still in business. Forbes also notes the investment KPMG capital made in Norse this past autumn. And CSO offers what it calls a deconstruction of Norse reports on Iranian cyber operations. It sees such reporting as a cautionary tale of what can happen at the intersection of marketing and tendentious analysis. And we conclude with some news on trends from the cyber criminal underground. With the big losses businesses report when they're hacked, aspiring cyber gangsters might imagine that cyber crime is a royal road to riches. But not so. As is usually the case, crime is less lucrative than fantasies of greed suggest. A PONOMON Institute study commissioned by Palo Alto Networks paints a familiar picture of crooks taking the obvious lowball score when they could really earn more money with an actual legitimate job. The comparison with street drug sales is obvious. The retailer runs huge risks with very little prospect of reward. Not that we're encouraging IT departments to hire criminals, or for that matter discouraging them. But really, you'd be much better off working at a help desk than trying to set up as a be hoodied crime lord. The study suggests the typical cyber crook gets a bit less than $29,000 a year for an average of 705 hours of work. Granted, the 705 hours isn't full time, but the pay is still not great. We're reminded of the scene in Donnie Brasko, where Pacino's character is trying to break open a parking meter to get it quarters. The wages are low, and really you're going to break your parents' hearts. So, you want to be a marketer. It's easy. You just have to score a ton of leads and figure out a way to turn them all into customers. Plus, manage a dozen channels, write a million blogs, and launch a hundred campaigns all at once. When that's done, simply make your socials go viral and bring in record profits. No sweat. Okay, fine. It's a lot of sweat. But with HubSpot's AI-powered marketing tools, launching benchmark breaking campaigns is easier than ever. Get started at HubSpot.com/marketers. And now, a word from our sponsor, No Before. It's all connected, and we're not talking conspiracy theories. When it comes to InfoSec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. No Before, provider of the world's largest library of security awareness training, provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. No Before's Security Coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike, and Cisco, 35 vendor integrations and counting. Security Coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real-time coaching campaigns targeting risky users based on those events from your network, endpoint, identity, or web security vendors. Then, coach your users at the moment the risky behavior occurs, with contextual security tips delivered via Microsoft Teams, Slack, or email. Learn more at nobefore.com/securitycoach. That's nobefore.com/securitycoach. And we thank No Before for sponsoring our show. Imagine this. Your primary identity provider goes down, whether it's a cloud outage, network issue, or even a cyber attack. Suddenly, your business grinds to a halt. But what if it didn't have to? Meet Identity Continuity from Strata, the game-changing solution that keeps your business running smoothly no matter what. Whether your cloud IDP crashes or your on-prem system faces a hiccup, identity continuity seamlessly shifts authentication to a secondary or even tertiary IDP, automatically and without disruption. Powered by the Mavericks Identity Orchestration Platform, Identity Continuity uses smart health checks to monitor your IDP's availability and instantly activates failover strategies tailored to your needs. When the coast is clear, it's a seamless switchback. No more downtime, no lost revenue, no frustrated customers. Just continuous, secure access to your critical applications every single time. Protect your business from the high costs of IDP outages. With Identity Continuity from Strata, downtime is a thing of the past. Visit strata.io/cyberwire to learn how Strata's identity continuity can provide seamless enhanced capabilities to your existing identity fabric and receive a free set of AirPods Pro. Join me as John Patrick, editor of the Cyberwire. John, let's talk hacktivism. It comes up in the Cyberwire fairly regularly, so what is hacktivism? Well, you know what hacking is, right? Of course. Well, a hacker is someone who looks for and exploits weaknesses in computer systems or networks, and typically someone who does it illegitimately or illegally. Now, there can be white hat hackers who are legitimate vulnerability researchers, and there can be black hat hackers. Usually when people say hacker, they're typically talking about a black hat. So, what's a hacktivist? There are all kinds of people who take action against computer systems and networks, and they can be distinguished and classified by their motivations. So, for example, a state intelligence service might hack for purposes of espionage. A cyber criminal has obvious criminal motives. What are they doing? They're looking to steal identities. They're looking to steal money. They're looking to extort ransoms, things like that. A hacktivist is someone who isn't motivated by money and who's not directed by a state. So, a true hacktivist is motivated by political or religious or ideological considerations. That's a hacktivist. What's the general view of hacktivists? Are they looked upon as being a force for good or a good force for bad, or does it depend? It depends on what you mean. And if you look around the world, you'll see different hacktivists, riots, cyber riots going on all the time. There's a lot of cyber writing, for example, in South Asia. And you see what people call patriotic hacktivism going on with people swapping hacks between Armenian and Azerbaijan. Describe what you mean by a cyber riot, what is that? A cyber riot is when you have, it's like a riot in physical space, except it's conducted in cyberspace. So, what's a riot like? It's when you've got a lot of disorganized people running around, breaking things, looting, causing disorder. That's a riot. And a cyber riot is doing that in cyberspace. So, if you've got a lot of people, all of a sudden, defacing websites, breaking to databases, things like that, and they're not doing it for any kind of obvious criminal motivation, or for any kind of obvious, under any kind of obvious central state direction, that's probably a cyber riot. And it's blurry, because just as you have people who riot to protest or to break things, you've also inevitably got the people who are running along behind the other rioters looting from stores. The same thing happens in cyber rioting. John Patrick, editor of the Cyber Wire. Thanks for joining us. We'll talk again soon. If the IT world used to be simpler, you only had to secure and manage environments that you controlled. Then came new technologies and new ways to work. Now, employees, apps, and networks are everywhere. This means poor visibility, security gaps, and added risk. That's why CloudFlare created the first-ever connectivity cloud. Visit cloudflare.com to protect your business everywhere you do business. [Music] And that's the Cyber Wire. We are proudly produced in Maryland by our talented team of editors and producers. I'm Dave Vittner. Thanks for listening. [Music] And now, a word from our sponsor NordPass. NordPass is an advanced password manager from the team behind NordVPN. Designed to help keep your business safe from data leaks and cyber threats. It gives your IT professionals control over who has access to your company's data and makes it easy for everyone else on your team to use strong passwords. Right now, you can go to www.nordpass.com/cyberwire for 35% off the NordPass business yearly plan. Don't miss out on that. [Music]