Learn more about your ad choices. Visit megaphone.fm/adchoices
CyberWire Daily
The CyberWire 1.22.16
You're listening to the Cyberwire Network, powered by N2K. Connect to the world with special Turkish Airlines fares. Book your flight before November 30th and take advantage of great deals. Fly to the most exciting destinations with the award-winning airline that flies to more countries than any other. Terms and conditions apply. For more details, visit Turkishairlines.com. Turkish Airlines, widen your world. Hey everybody, Dave here. I want to talk about our sponsor, LegalZoom. You know, I started my first business back in the early 90s and oh, what I would have done to have been able to have the services of an organization like LegalZoom back then. Just getting all of those business ducks in a row, all of that technical stuff, the legal stuff, the registrations of the business, so the taxes, all of those things that you need to go through when you're starting a business, the hard stuff, the stuff that sucks up your time when you just want to get that business launched and out there. Well, LegalZoom has everything you need to launch, run, and protect your business all in one place, and they save you from wasting hours making sense of all that legal stuff. Launch, run, and protect your business to make it official today at LegalZoom.com. You can use promo code Cyber10 to get 10% off any LegalZoom business information product excluding subscriptions and renewals that expires at the end of this year. Get everything you need from setup to success at LegalZoom.com and use promo code Cyber10. That's LegalZoom.com and promo code Cyber10. LegalZoom provides access to independent attorneys and self-service tools. LegalZoom is not a law firm and does not provide legal advice except where authorized through its subsidiary law firm, LegalZ Legal Services, LLC. An aircraft component supplier in Austria is victimized by cyber fraud. NATO looks to its ISIS counter-messaging and acknowledges it's got some work to do. A trusted partner betrays its trust. NSA stakes out a pro-encryption position and AT&T declares neutrality in the crypto wars. We get an object lesson in how not to patch a back door, a hint, Batman's not inherently more secure than black widow. And finally, what in the world's going on with Find My iPhone apps in Atlanta? I'd Dave Bittner in Baltimore with your Cyberwire summary for Friday, January 22nd, 2016. Most cyber attacks on aerospace targets have aimed at intellectual property theft, not so in one disclose this week. This time it's direct theft of money. Austria's FACCAG, an aircraft parts manufacturer that supplies both Boeing and Airbus, reports losing $54 million to cyber criminals. FACC says its accounting department was apparently targeted, that its system security wasn't compromised, and that the loss involved an outflow of liquid funds. Others read this as signaling the likelihood that the company was the victim of a socially engineered fraudulent wire transfer. A criminal investigation is in progress. The most recent wave of cyber attacks against Ukrainian power distribution system seems unconnected with December's rolling blackouts. The current attempts aren't accompanied by black energy malware, and observers are less quick to point to the Russian government as the likely culprit. But the Russian government remains the prime suspect in both the December hacks and this past week's incident at Kiev's Barispiel International Airport. Tech support scams are depressingly familiar, but they're usually not executed by authorized resellers of the companies whose tech support is being spoofed. That however appears to have happened this week, as malware bites uncovered the actors behind a semantic-themed scam. Investigation of a scam alert identified Silurian tech support and authorized semantic partner as the outfit pushing its services through bogus scare messages and interactions that even included the notorious, "Let our technician take control of your machine, come on." Malware bites promptly reported their findings to a horrified semantic, which swiftly moved to end its relationship with Silurian. As reported by CRN, semantic has said, "While we can't say conclusively who was behind this particular scam, we can confirm that this particular site has been taken down and that we are also in the process of terminating our partner agreement with Silurian after identifying any abuse of the Norton or Semantic brand, we pursue our rights and defend our intellectual property and where necessary will work with law enforcement." U.S. voter databases are still circulating on the dark web. The data they include strongly suggest they were stolen from campaign consulting firms. On the policy and legislative fronts, it seems likely that the U.S.-EU safe harbor arrangements will expire before a new agreement can be worked out. These doing transatlantic business are looking closely at how expiration will affect compliance and risk management. NATO leaders, notably U.S. Defense Secretary Carter, say they're working harder at counter ISIS information operations, but also acknowledge that they're playing catch-up in the war for the hearts and minds of the disaffected. In the crypto wars continue, U.S. NSA director Roger says, "Incription is here to stay and appears to stake out a position in contrast to that of cryptoskeptical FBI director Comey. Director Comey, of course, has been advocating a search for a technical fix that would enable decryption on demand or some equivalent aid to criminal and security investigation. From the industry side, AT&T declines to join Apple and others in opposing any government attempt to limit or weaken encryption. It's not industry's call, says AT&T CEO Stevenson. In crime and punishment, Igor Dubavoy pled guilty to conspiracy to commit wire fraud in a U.S. federal court. Dubavoy was implicated in an insider stock trading scheme that depended on hacking corporate networks to obtain early copies of press releases. Prosecutors say the illicit trades netted some $100 million. For reasons no one can explain, an Atlantic couple is having to deal with irate people showing up at their doorstep to demand their lost iPhones back. And my iPhone apps are steering people to an utterly innocent address. Sometimes the phone owners bring the cops with them. The couple says that a polite explanation usually works, but not always. Anyone have any ideas? In industry news, analysts look at fire-eyes prospects and wonder how it will weather challenges from rival Palo Alto, especially given Palo Alto's recent collaboration with Proofpoint. And finally, the story of a backdoor in AMX Harmon's NX1200, a programmable device used to control audio-visual and building systems, offers an instructive cautionary tale concerning patches. SEC consult found the backdoor, which includes packet-sniffing functionality, last March. They disclosed it to AMX Harmon, which pushed out a fix. That fix, however, seems to have amounted to nothing more than changing the backdoor's password. And going from black widow to "I am Batman" really didn't represent a security upgrade. After all, few would regard DC as inherently more secure than Marvel, or are we missing something? It's all connected. And we're not talking conspiracy theories. When it comes to InfoSec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. No Before, provider of the world's largest library of security awareness training, provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. No Before's Security Coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike, and Cisco, 35 vendor integrations and counting. Security Coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real-time coaching campaigns targeting risky users based on those events from your network, endpoint, identity, or web security vendors. Then, coach your users at the moment the risky behavior occurs, with contextual security tips delivered via Microsoft Teams, Slack, or email. And more at nobefore.com/securitycoach that's nobefore.com/securitycoach. And we thank No Before for sponsoring our show. This episode is brought to you by JC Penney. The holiday season is here, and at JC Penney, everybody gets more. Like for your loved one, designer perfumes from Versace or Carolina Herrera or the exclusive messy fragrance, for the foodie in your life, a cast iron dutch oven, or a cured coffee maker. Or for the kids, all the toys they love from Disney, Barbie, Lego, and more. JC Penney, make it count, shop in store or online. Imagine this. Your primary identity provider goes down, whether it's a cloud outage, network issue, or even a cyber attack. Suddenly, your business grinds to a halt. But what if it didn't have to? Meet identity continuity from Strata, the game-changing solution that keeps your business running smoothly no matter what. Whether your cloud IDP crashes or your on-prem system faces a hiccup, identity continuity seamlessly shifts authentication to a secondary or even tertiary IDP, automatically and without disruption. Powered by the Mavericks Identity Orchestration Platform, identity continuity uses smart health checks to monitor your IDP's availability and instantly activates failover strategies tailored to your needs. When the coast is clear, it's a seamless switchback. No more downtime, no lost revenue, no frustrated customers. Just continuous, secure access to your critical applications every single time. Visit your business from the high costs of IDP outages. With identity continuity from Strata, downtime is a thing of the past. Visit strata.io/cyberwire to learn how Strata's identity continuity can provide seamless enhanced capabilities to your existing identity fabric and receive a free set of AirPods Pro. Joining me is John Patrick, Editor of the Cyberwire. John, what is going on in the market? We're seeing generally long-term a lot of investor interest in the cybersecurity sector. We've seen in the last couple of weeks some corrections downward. And that, of course, is to be expected when you've got a dynamic sector like cybersecurity when you've got one that's highly speculative and one that's populated with a lot of storage stocks. Yeah, let's clarify that. For our listeners, what exactly is a story stock? A story stock. A story stock is a stock whose value reflects future potential as opposed to assets and income. So you invest in a story stock fundamentally because you buy the story. You'll like the story it tells about the prospects of big future returns on investment. That doesn't mean that investors and story stocks are suckers, that they're often very savvy investors and they look for a good story. And if the story is compelling enough, it may well bear itself out in the future. Right now in our sector, FireEye is a good example of a story stock. So you're betting on the notion that the story is going to have a happy ending? That's right. How about unicorns? A unicorn is a startup that's valued at $1 billion or more. And this is mostly a U.S. term, for example, as a tradition in Canada of calling stocks like that, novels. But it's a unicorn is spread throughout the investing world too. So if you have a startup that's valued at more than a billion, you've got a unicorn. And why unicorn? Think about unicorns. They're rare, they're desirable, they're benign, they're nice. Everybody likes unicorns. A little bit magical, perhaps? A little bit magical. And right now we've got unicorns in our sector in Tanium. And as of the stories out today, Forescout has attracted enough venture interest that it's joined the ranks of the unicorn. So what are analysts forecasting for 2016? Again, they're looking at generally an optimistic outlook for cybersecurity stocks. And they're also looking for more mergers and acquisitions. All right, John Petrich, thanks for joining us. The IT world used to be simpler. You only had to secure and manage environments that you controlled. Then came new technologies and new ways to work. Now employees, apps and networks are everywhere. This means poor visibility, security gaps and added risk. That's why CloudFlare created the first ever connectivity cloud. Visit cloudflare.com to protect your business everywhere you do business. The Yeti store has so many great gifts, we had to hire a catal auctioneer to make the most of these next 30 seconds. All right, folks, let's get started with the Eddie French Pres and George Calvin. The United States high for hours in a French press, 34 ounce for you, 64 for the cruise, the Eddie French press, mixed waterproof bags, bags and waterproofs, immersible waterproof doubles, waterproof bag bags, more as most of the waters to get a waterproof Yeti bag. Do I smell something, cooking? I don't know, cast iron skillets made to be passed down like mama's recipes. Take a steak, corn, big cottage, pot pie, potatoes, and next level with 3 sizes of Yeti cast iron skillets. Gear gifts and product experts, visit the Yeti store at Cherry Creek North today. And that's the Cyberwire. We are proudly produced in Maryland by our talented team of editors and producers. I'm Dave Vittner, thanks for listening. And now, a word from our sponsor NordPass. NordPass is an advanced password manager from the team behind NordVPN, designed to help keep your business safe from data leaks and cyber threats. It gives your IT professionals control over who has access to your company's data and makes it easy for everyone else on your team to use strong passwords. Right now, you can go to www.nordpass.com/cyberwire for 35% off the NordPass Business Yearly Plan. Don't miss out on that. [MUSIC]