Learn more about your ad choices. Visit megaphone.fm/adchoices
CyberWire Daily
The CyberWire 1.28.16
You're listening to the Cyberwire Network, powered by N2K. With Lulu Lemon, the real gift happens when they're living in it. When you give them the softest loungewear set, the real gift is this. And this. This holiday, Lulu Lemon makes it easy to give a gift that goes beyond. Open the moment, shop now at lululemon.com. Hey everybody, Dave here. I want to talk about our sponsor, LegalZoom. I started my first business back in the early 90s, and oh, what I would have done to have been able to have the services of an organization like LegalZoom back then. Just getting all of those business ducks in a row, all of that technical stuff, the legal stuff, the registrations of the business, the taxes, all of those things that you need to go through when you're starting a business, the hard stuff, the stuff that sucks up your time when you just want to get that business launched and out there. Well, LegalZoom has everything you need to launch, run, and protect your business all in one place. And they save you from wasting hours making sense of all that legal stuff. Launch, run, and protect your business to make it official today at LegalZoom.com. You can use promo code CYBER10 to get 10% off any LegalZoom business information product excluding subscriptions and renewals that expires at the end of this year. Get everything you need from setup to success at legalzoom.com and use promo code CYBER10 that's legalzoom.com and promo code CYBER10. LegalZoom provides access to independent attorneys and self-service tools. LegalZoom is not a law firm and does not provide legal advice except where authorized through its subsidiary law firm, LZ Legal Services, LLC. Israel Utility Attack looks like ransomware, update on Ukraine grid hack, ISIS information ops continue to look better than attacking, but the cyber caliphate isn't giving up. They say they're going to take down Google. Dodgey apps for both Apple and Android appear, one from Apple. Oracle starts down the path of retiring Java browser plugins. Congress wants answers on Juniper's back-door screen OS and gives federal agencies two weeks to come up with them. I'm Dave Bittner in Baltimore with your Cyberwire summary for Thursday, January 28, 2016. Yesterday's attack on the Israeli power grid turns out to amount to less than at first thought. The group attacked the Israel Electric Authority is a regulatory body whose network is quite unconnected to utilities networks, still less connected to control systems. The attack seems to have been real enough, but it also appears to have amounted to spearfishing with ransomware payloads, and that, of course, would account for why there was no effect on power distribution. The Ukrainian power grid hack remains both interesting and complicated. Reuters reports that another unnamed utility was compromised back in October, and that the attackers were able to gain access by exploiting users' naivete about phishing, and by utility network operators' willingness to connect control systems they ought by policy to have left air-gapped. The Black Energy III malware dropped by phishing payloads still does not strike investigators as directly implicated in control system manipulation, but researchers at Sentinel-1 have determined that Black Energy did include a network sniffer. A Ukrainian telecoms engineer has told the register that attribution of the attack to Russia is a provocation, a put-up job by Ukraine's government to whip up popular anger against its large and menacing neighbor, ESET, which did much of the initial investigation of the incident when asked about the attribution points out sensibly that attribution is a slow and difficult process. While the association of Black Energy with Russian threat actors is fairly well established, evidence of Russian responsibility for the attack remains circumstantial, but one would have to note that evidence of Ukrainian provocation is less than circumstantial, resting as it does largely on the theoretical possibility. The grid hack continues to alarm those who concern themselves with industrial control systems. There's much talk of the risks involved in networking such systems. And to take one expert's opinion, Rob Joyce, chief of the U.S. NSA's tailored access operations, also known as TAO, yesterday told a conference in San Francisco that, quote, "skate a security is something that keeps me up at night," end quote. He commended the problem to industry and academic researchers. The ISIS-affiliated cyber-caliphate is reported to be working on an unspecified attack against Google. Elsewhere on the ISIS cyber-front, the alleged security capabilities of the Al-Rawi messaging app, discussed recently by the Ghost Security Group, are now pretty conclusively debunked. Not even ghost security seems to believe the amount too much. So far, then, ISIS's cyber capabilities remain more aspirational than actual. Their information operation capabilities, on the other hand, remain very real. Retired U.S. Army Lieutenant General Jim Dubik argues in an Army magazine opinion piece that winning against ISIS will require defeating the group's narrative. U.S. Secretary of Defense Carter has given cyber-command marching orders to increase its operations against ISIS, and a passcode poll shows sentiment among influencers now running narrowly in favor of nudging tech companies to do more to impede ISIS messaging. In other cyber-risk news, fire eye warns that JS Patch, an open-source hot-patching tool available to apps in the Apple App Store, is vulnerable to exploitation. JS Patch could allow malicious actors to work around the review protections built into the Apple Store's walled garden. Oracle announces that it will deprecate the notoriously risky Java browser plug-in with Java version 9, and will remove it entirely in a subsequent release. Heimdall warns of a renewed "Vigorous Crypto Wall 4.0" campaign, and suggests that it might be preparing the way for a more dangerous Crypto Wall 5.0 ransomware effort. Bleeping Computer reports discovery of a new ransomware strain, 7 EV3N, will also call it 7, which is demanding a fairly pricey ransom, 13 Bitcoin, which comes to about $5,000. Symantec describes a new strain of Android ransomware, Android Lockdroid E, which uses click-jacking to acquire admin privileges on the targeted machine. The malware is available as an app, but not one is happy to note from the Google App Store, so Android users be aware of downloading dodgy apps from third-party stores or torrent sites. Members of Congress appear to have lost patience with U.S. executive agency's failure to account for and report on their vulnerability to compromise through the back door in Juniper Network's ScreenOS, the House Oversight and Government Reform Subcommittee on Information Technology wants answers within two weeks. The Subcommittee Chair, Texas Republican Representative William Herd, takes to the Wall Street Journal's op-ed page to call the vulnerability "the breach you haven't heard of," end quote, Homeland Security and other departments are investigating. Another rogue Google extension, iCalc, poses as a calculator app, but in fact says researchers at Malwarebytes, install spyware on unwary users' devices. In a minor cruel twist, it doesn't even function as a calculator. I mean, come on, criminals, really? The 2024 Subaru Share the Love event is going on now through January 2nd. Over the last 16 years, Subaru and its retailers have supported nearly 2,300 hometown charities, giving back to local communities. When you buy or lease a new Subaru from now until January 2nd, Subaru and its retailers will donate a minimum of $300 to charity. Support a great cause today at Subaru.com/share. And now, a word from our sponsor, know before. It's all connected, and we're not talking conspiracy theories. When it comes to infosec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. Know before, provider of the world's largest library of security awareness training provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. Know before's security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike and Cisco, 35 vendor integrations and counting. Security coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real-time coaching campaigns targeting risky users based on those events from your network, endpoint, identity or web security vendors. Then, coach your users at the moment the risky behavior occurs with contextual security tips delivered via Microsoft Teams, Slack or email. Learn more at knowbefore.com/securitycoach that's knowbefore.com/securitycoach. And we thank know before for sponsoring our show. This episode is brought to you by Etsy. Oh. Hear that? Okay. Thank you. Etsy knows these aren't the sounds of holiday gifting. Well, not the ones you're hoping for. You want squeals of delight. Happy tears. How to chew. And spontaneously written songs of joy. I am so happy. Oh yeah. Oh yeah. Oh yeah. Um, okay. The song needs a bit of work. Anyway, to get those reactions, make sure everyone on your list feels heard with handmade handpicked and designed gifts from small shops on Etsy. Gifts like personalized jewelry, custom artwork, cozy style items, vintage pieces and home decor to celebrate all of your favorite people and their specific kind of special. For original gifts that say I get you, Etsy has it. In this, your primary identity provider goes down, whether it's a cloud outage, network issue or even a cyber attack. Suddenly, your business grinds to a halt. But what if it didn't have to meet identity continuity from Strata? The game changing solution that keeps your business running smoothly no matter what. Whether your cloud IDP crashes or your on-prem system faces a hiccup, identity continuity seamlessly shifts authentication to a secondary or even tertiary IDP, automatically and without disruption. Powered by the Mavericks Identity Orchestration Platform, identity continuity uses smart health checks to monitor your IDPs availability and instantly activates failover strategies tailored to your needs. When the coast is clear, it's a seamless switchback. No more downtime, no lost revenue, no frustrated customers, just continuous, secure access to your critical applications every single time. Protect your business from the high costs of IDP outages. With identity continuity from Strata, downtime is a thing of the past. Visit strata.io/cyberwire to learn how Strata's identity continuity can provide seamless enhanced capabilities to your existing identity fabric and receive a free set of AirPods Pro. Joining me is John Patrick, editor of the Cyberwire, John, in the global arena. What makes the US-China relationship so challenging? There's nothing mysterious really about why it's challenging. You have two countries that aren't -- they're not enemies. They're not adversaries in that sense. They're huge trading partners with one another. It's difficult to imagine the Chinese or the American economies without one another. They have diplomatic relations with one another. They're all kinds of exchanges between the two countries. There are all sorts of relationships there, but there's also this fraught competition, so they're competitors who depend upon each other, and that makes for a difficult relationship. What are the Chinese capabilities in cyberspace? If you look at things that the US Cyber Command has published recently, there's a lot of talk about the United States facing a peer competitor, a technological peer competitor in cyberspace. Peer competitor is an interesting term. The last peer competitor we had in general military terms was the Soviet Union. That since the Soviet Union went away, the United States really hasn't had a clear peer competitor, so a peer competitor is somebody who has about the same kinds of capabilities that you have and can do many of the same things you can do. The People's Liberation Army and its third department specifically, which is responsible for cyber, certainly has capabilities or analogous to those that the US Cyber Command has. This goes beyond just your run-of-the-mill spy versus spy espionage. It does, that the Chinese have explicitly avowed that they have an offensive cyber capability. That's a declared capability. They declared that last year formally, so they want people to know that, and there's ever a reason to think. There's no reason to think that they don't have that capability. They surely do. That kind of capability is more than just the modernized version of old signals intelligence. This is the ability to damage systems to manipulate information, to do all the sorts of things that we associate with offensive cyber operations. And what is the United States doing in terms of deterrence? For deterrence the work, and deterrence is a concept that really has its own historically in the Cold War, it's nuclear deterrence is where all these concepts develop. So what you have, if you've got deterrence, is you fundamentally have two rational actors who are competing with each other, and each one is able to hold something vital of the others at risk, whether it be a capability, whether it be their people, whatever it is that they value, you hold it at risk. And the basic idea is that you're telling the opponent, I have this capability. And if you use your similar capability against me, expect retaliation, or if you do these certain things, you can expect us to do this. And the goal is that they won't do it, that both sides will be deterred from acting this way. And it's not clear yet how well that will work out in cyberspace, or even if it works out to wall in cyberspace. All right, John Petrich, thanks for joining us. The IT world used to be simpler. You only had to secure and manage environments that you controlled. Some came new technologies and new ways to work. Now employees, apps, and networks are everywhere. This means poor visibility, security gaps, and added risk. That's why CloudFlare created the first-ever connectivity cloud. Visit cloudflare.com to protect your business everywhere you do business. So you want to be a marketer. It's easy. You just have to score a ton of leads and figure out a way to turn them all into customers. Plus, manage a dozen channels, write a million blogs, and launch 100 campaigns all at once. When that's done, simply make your socials go viral and bring in record profits. No sweat. Okay, fine. It's a lot of sweat. But with HubSpot's AI-powered marketing tools, launching benchmark-breaking campaigns is easier than ever. Get started at HubSpot.com/marketers. And that's the CyberWire. We are proudly produced in Maryland by our talented team of editors and producers. I'm Dave Bittner. Thanks for listening. And now, a word from our sponsor NordPass. NordPass is an advanced password manager from the team behind NordVPN, designed to help keep your business safe from data leaks and cyber threats. It gives your IT professionals control over who has access to your company's data and makes it easy for everyone else on your team to use strong passwords. Right now, you can go to www.nordpass.com/cyberwire for 35% off the NordPass Business Yearly Plan. Don't miss out on that. [MUSIC]