Learn more about your ad choices. Visit megaphone.fm/adchoices
CyberWire Daily
The CyberWire 1.27.16
you're listening to the cyberwire network powered by N2K this is the energy of electrification available type S high performance variant nearly 500 horsepower and 278 mile EPA range range choose from our complimentary charging packages so you can charge how you want the all-electric Acura ZDX this is the energy of innovation Acura precision crafted performance this your local accurate dealer to lease the all-electric ZDX for three hundred eighty nine dollars a month hey everybody Dave here I want to talk about our sponsor legal zoom you know I started my first business back in the early 90s and oh what I would have done to have been able to have the services of an organization like legal zoom back then just getting all of those business ducks in a row all of that technical stuff the legal stuff the registrations of the business so the taxes all of those things that you need to go through when you're starting a business the hard stuff the stuff that sucks up your time when you just want to get that business launched and out there well legal zoom has everything you need to launch run and protect your business all in one place and they save you from wasting hours making sense of all that legal stuff launch run and protect your business to make it official today at legal zoom calm you can use promo code cyber 10 to get 10% off any legal zoom business information product excluding subscriptions and renewals that expires at the end of this year get everything you need from set up to success at legal zoom dot com and use promo code cyber 10 that's legal zoom dot com and promo code cyber 10 legal zoom provides access to independent attorneys and self-service tools legal zoom is not a law firm and does not provide legal advice except where authorized through its subsidiary law firm LZ legal services LLC more utility hacking this time in Israel al-Qaeda takes a sorry information operations page from the rival Isis playbook at least two cyber reconnaissance campaigns are reported in progress shaky Wi-Fi security affects info sharing and IOT products business email compromise hits a Belgian bank and threat intelligence providers talk about what can be learned from watching the dark web France seeks legal reach into data held in foreign servers China's PLA goes Sun Su on cyber deterrence and legislators in New York and California display an urge to weaken encryption I'm Dave Fittner in Baltimore with your cyberwire summary for Wednesday January 27 2016 Israeli officials said yesterday that the country's electrical grid came under cyber attack this week energy minister Steinitz called the attack severe but said it was being successfully mitigated details are scarce but it appears computers and the utilities networks were infected with malware and that response teams isolated the infected machines to prevent the malware spread electrical power seems not to have been disrupted but efforts at defense and mitigation are continuing there's been no public attribution of this attempt on the Israeli grid but the incident is likely to increase security worries and utilities worldwide especially since it follows closely on the heels of the attack on power distribution in Ukraine utilities in Western Europe have already identified cyber security as their top investment priority for 2016 from North Africa al-Qaeda in the Islamic Maghreb releases a video of a Swiss nun kidnapped in Mali to warn unbelievers to stay clear of Islamic territory in this al-Qaeda is taking a page from rival ISIS's information operations playbook demonstrations of resolution against the infidel as a way of displaying zeal power and inspiration Palo Alto networks describes a new campaign by the Chinese ATP group Kodoso sometimes spelled with zeros substituted for the letter O and also known as the Sunshop group best known for compromising a portion of Forbes's website Kodoso appears engaged in espionage against targets in the telecommunications tech legal services education and manufacturing sectors Kodoso is still using spearfishing and watering holes to gain access but this time it appears to be going after servers as opposed to endpoints Symantec reports seeing a different campaign in the wild this one said to have infected some 3500 servers worldwide involves an injection code attack and appears to represent reconnaissance and possibly battle space preparations for some future more damaging attack the attackers appear to be collecting SC magazine says page title URL refer shockwave flash version user language monitor resolution and host IP address core security reports multiple vulnerabilities in Lenovo's share IT product Lenovo's now patch them some vulnerabilities involved an easily guessed default Wi-Fi password but password was one two three four five six seven eight other vendors have seen comparable problems with Wi-Fi passwords Sophos reports Wi-Fi security issues with home routers and smart doorbells businesses wonder whether cyber crime will increasingly come to be regarded as a cost of doing business the way retailers regard predictable inventory shrinkage US hamburger chain Wendy's is investigating a possible pay card breach that might well be seen as a risk comparable to shrinkage but it's hard to take that view of the large losses fraudulent fund transfers impose Belgians crilon bank reports losing 70 million euros that's nearly seventy six million dollars to a business email compromise scam such scams operate by gaining executive credentials observing behavior on a targeted network and then sending plausible looking emails instructing employees to transfer money to an account controlled by the criminals in industry news her majesty's government continues to push programs that would support incubation of British cyber security startups threat stream makes a case for hanging out in the creepier precincts of the dark web with a view to doping out cyber criminals next move they also tell v3 how they keep an eye out for data stolen from customers often the first indication that a customer's been compromised the cyberwire spoke with threat intelligence company threat connect about how understanding the threat can help enterprise security if you can gain an understanding of the threats or adversaries that wish to do harm to your network and through various means and for various reasons that you can better defend against them and not just that the tactical level of matching in the sound that you can also understand the adversaries better grow your understanding of them so that you can better place your defenses to their capabilities and better predict or be better positioned to react to their capabilities as well that's threat connects Andy Pendergast threat connect recently launched a new version of their platform you can learn more at threat connect dot com in policy news france moves to gain more investigative access to data held in foreign servers u_s_ state legislatures notably those in new york in california continued to moot restrictions on smartphone encryption wired says these proposed encryption bands make zero sense because of cyberspace's inherent lack of borders quote an idea roughly as practical as policing undocumented birds crossing the mexican border and quote but about the larger effect such gestures could have we don't know migratory bird policing aside state laws whether well conceived or ill-conceived have played an outsized role in american policy development in the past consider the role of california law indeed of los angeles county law in shaping automotive environmental standards or the place delaware occupies in business law so good ideas bad ideas or just politicians posturing what goes on in the state houses isn't necessarily just for the birds with lululemon the real gift happens when they're living in it when you give them the cosia scuba matching set the real gift is this and this this holiday lululemon makes it easy to give a gift that goes beyond open the moment shop now at lululemon dot com and now a word from our sponsor no before it's all connected and we're not talking conspiracy theories when it comes to info sec tools effective integrations can make or break your security stack the same should be true for security awareness training no before provider of the world's largest library of security awareness training provides a way to integrate your existing security stack tools to help you strengthen your organization security culture no before's security coach uses standard a p i's to quickly and easily integrate with your existing security products from vendors like microsoft crowd strike in sisco thirty five vendor integrations and counting security coach analyzes your security stack alerts to identify events related to any risky security behavior from your users use this information to set up real-time coaching campaigns targeting risky users based on those events from your network and point identity or web security vendors then coach your users at the moment the risky behavior occurs with contextual security tips delivered via microsoft teams slack or email learn more at no before dot com slash security coach that's no before dot com slash security coach and we thank no before for sponsoring our show did you just call your boss mom thanks mom what did you get your pants caught in an escalator oh no did you accidentally pick up someone else's kid from school wait a minute you're not Casey then you need teriyaki madness it's marinated grilled meat and fresh walk tossed veggies over steaming rice with addicting teriyaki sauce and it's so delicious it fixes everything teriyaki madness crazy delicious find a location near you at teriyaki madness dot com imagine this your primary identity provider goes down whether it's a cloud outage network issue or even a cyber attack suddenly your business grinds to a halt but what if it didn't have to meet identity continuity from strata the game changing solution that keeps your business running smoothly no matter what whether your cloud IDP crashes or your on-prem system faces a hiccup identity continuity seamlessly shifts authentication to a secondary or even tertiary IDP automatically and without disruption powered by the maverick's identity orchestration platform identity continuity uses smart health checks to monitor your IDP's availability and instantly activates failover strategies tailored to your needs when the coast is clear it's a seamless switchback no more downtime no lost revenue no frustrated customers just continuous secure access to your critical applications every single time protect your business from the high costs of IDP outages with identity continuity from strata downtime is a thing of the past visit strata.io/cyberwire to learn how strata's identity continuity can provide seamless enhanced capabilities to your existing identity fabric and receive a free set of AirPods Pro once again joining me is marcus rawsecker cyber security program manager at the university of Maryland center for health and homeland security they are one of our academic and research partners marcus cyber warfare with the situation recently in ukraine with their power grid being attacked the question comes up is that a incident of cyber warfare? well that's a really important question and it's not one that's easily answered what constitutes an active war on cyberspace what constitutes use of force and cyberspace it always seems to depend on who's asking question and who's answering the question in the real world in the physical world i think it's very easy to determine what constitutes use of force and what might even amount to an act of war but when we're talking cyberspace it's a lot more difficult when we don't have any physical consequences from a cyber attack i think generally experts would agree that we haven't seen an act of war or what would amount to an act of war um or use of force even when it comes to cyberspace but in the instance of the ukraine um we did see some physical consequences resulting from a cyber attack an argument could be made that uh this was a use of force and potentially even an act of war but that's something that legal experts and international experts are going to be debating and in the cyberspace i mean it's even harder to know uh often who is the pro who's the party attacking us exactly that's what makes cyber warfare so difficult because there's this whole problem of attribution uh again in the real world it's pretty easy to see who's attacking you uh when you see the troops crossing the border or the planes coming into your airspace but in cyberspace it's often very difficult to determine accurately who is doing the cyber attack and where it's coming from and who's behind it and where does international law stand on this has it caught up to cyber warfare well there's been a lot of discussion about among international law experts when it comes to cyber warfare we have seen that international legal experts are applying existing law like the united nations charter to cyberspace there's a general agreement that international law does apply to cyberspace and then you have other legal experts um we've gotten together to create documents like the tolling manual uh which kind of outline how these legal experts uh see the international law applying to cyberspace and how international law applies to cyber warfare all right mark is raw checker thanks for joining us [Music] the it world used to be simpler you only had to secure and manage environments that you controlled then came new technologies and new ways to work now employees apps and networks are everywhere this means poor visibility security gaps and added risk that's why cloud flare created the first ever connectivity cloud visit cloud flare dot com to protect your business everywhere you do business when you're ready to pop the question the last thing you want to do a second guess the ring at blunile.com you can design a one-of-a-kind ring with the ease and convenience of shopping online choose your diamond and setting when you found the one you'll get it delivered right to your door go to blunile.com and use promo code spotify to get 50 dollars off your purchase of 500 dollars or more that's code spotify at blunile.com for 50 dollars off your purchase blunile.com code spotify and that's the cyber wire we are proudly produced in maryland by our talented team of editors and producers i'm dave vittner thanks for listening and now a word from our sponsor NordPass NordPass is an advanced password manager from the team behind Nord VPN designed to help keep your business safe from data leaks and cyber threats it gives your IT professionals control over who has access to your company's data and makes it easy for everyone else on your team to use strong passwords right now you can go to www.nordpass.com/cyberwire for 35% off the NordPass business yearly plan don't miss out on that