Learn more about your ad choices. Visit megaphone.fm/adchoices
CyberWire Daily
The CyberWire 1.21.16
You're listening to the Cyberwire Network, powered by N2K. Connect to the world with special Turkish Airlines fares. Book your flight before November 30th and take advantage of great deals. Fly to the most exciting destinations with the award-winning airline that flies to more countries than any other. Terms and conditions apply. For more details, visit Turkishairlines.com. Turkish Airlines, widen your world. Hey everybody, Dave here. I want to talk about our sponsor, LegalZoom. You know, I started my first business back in the early 90s and oh, what I would have done to have been able to have the services of an organization like LegalZoom back then. Just getting all of those business ducks in a row, all of that technical stuff, the legal stuff, the registrations of the business, so the taxes, all of those things that you need to go through when you're starting a business, the hard stuff, the stuff that sucks up your time when you just want to get that business launched and out there. Well, LegalZoom has everything you need to launch, run, and protect your business all in one place, and they save you from wasting hours making sense of all that legal stuff. Launch, run, and protect your business to make it official today at LegalZoom.com. You can use promo code Cyber10 to get 10% off any LegalZoom business information product excluding subscriptions and renewals that expires at the end of this year. Get everything you need from setup to success at LegalZoom.com and use promo code Cyber10. That's LegalZoom.com and promo code Cyber10. LegalZoom provides access to independent attorneys and self-service tools. LegalZoom is not a law firm and does not provide legal advice except where authorized through its subsidiary law firm, LegalZ Legal Services, LLC. Ukraine's power grid is hacked again, this time initial suspicions point to crooks and maybe not to states. Turkish patriotic activists hack away at Russian and Iranian sites, cybersecurity companies detail the latest evolution of crimeware kits, Cisco and Intel issue patches, governments around the world warn of and prepare for an escalation of cyber conflict. FireEye buys eyesight partners and cybersecurity startups prepare for growth and IPOs and a swatting hacker cops a plea and heads up the river. I'm Dave Bittner in Baltimore with your Cyberwire summary for Thursday, January 21, 2016. ESET, who's been monitoring events in Ukraine's cyberspace closely since turning up evidence of power grid hacking, reports that utilities in that country have come under fresh attack. This time the incidents display no immediate connection with black energy malware but rather spearfished industry targets with an email vector delivering a malicious XLS file. This seems the researchers suggest and approach more consistent with a criminal group than a state security service. Iranian authorities continue to investigate this week's earlier hacking incident at Kyiv's Buryspiel International Airport. A number of governments around the world see a growing threat of state-on-state cyber combat. The Republic of Korea's President Park warns her country to prepare for a surge of cyber aggression from north of the 38th parallel. Israeli officials think Iran and others will shed such inhibitions as long as cyber attacks are perceived as cost-free. American and Australian authorities work toward even closer cooperation in cyberspace. Patriotic cyber rioting flares again, this time from Turkey as the THT group hits both Russian and Iranian websites to display THT's support for Turkey's Erdogan government. Symantec observes a new criminal campaign affecting small and medium-sized businesses in India, the United Kingdom and the United States. Its low-skilled crime, the hackers are fishing businesses to install two commodity remote Axis Trojans, back-door broit and Trojan non-krat. The motive is theft, the targets are finance departments. IBM's X-Force continues to follow the evolution of Drydex and sees it picking up some redirection tricks from Dyer. Drydex's tricks have this difference, however, where Dyer redirected via a local proxy, Drydex is doing so by local DNS poisoning. Another banking Trojan, Blackmoon, which has been around since 2014 at least, has updated its farming and drive-by injection capabilities. Proofpoint's research breaks down the malware's evolution and notes that it's still concentrating on South Korean targets. Dr. Webb describes a new Linux Trojan, Linux e-coms-1, whose apparent use is system reconnaissance. Such spyware need not stay spyware. See, for example, the transformation of as a cub into mobile banking malware. Kaspersky researchers say as a cub's transition is now complete. The Angler exploit kit continues to display a vexing adaptability. Zscaler notes that it's now coming via music-themed malvertising, so all you hipsters think twice before you decide to dig that crazy beat. And Sophos Labs notes that Angler seems to have rung in the new year by lashing up with crypto-wall ransomware. In patch and update news, Cisco closes vulnerabilities in its modular encoding platform D9036 Software, unified computing system, UCS manager software, and firepower 9,000 series devices. Intel addresses a potentially serious man in the middle in the Intel driver update utility, and Facebook begins with its calling "experimental support" for Android Facebookers to browse using the Tor network. More observers characterize British surveillance policy as moving toward requiring key escrow. In the U.S., some members of the Senate Intelligence Committee seem growingly anxious to move out on crypto-legislation; a proposed national commission to study the issue strikes them as dangerously slow. California legislators follow the example of their New York colleagues and introduce a bill that would require industry to build decrypt-on-demand capabilities into their products and services. The declared motive in California's case is to suppress human trafficking. The New Yorkers are intending to get tough on terrorism. In industry news, today's big story is FireEye's acquisition of eyesight partners for reported $200 million in cash up front, followed by $75 million in cash and equity. Analysts see the acquisition as a play for more cyberintelligence market share, how the market reacts remains to be seen, but FireEye, whose story stock is seen rough sledding over the past couple of weeks, appears to be receiving some favorable buzz from its eyesight announcement. IBM reports $2 billion in annual revenue from its security business. Malware Bice raises $50 million in venture capital from Fidelity. Four Scout joins the unicorns and prepares analysts think, for an initial public offering, as it raises $76 million in its latest funding round. And two Baltimore and D.C. area companies, Tenable and Distill Networks prepare for significant growth by expanding their facilities. In crime and punishment, the hacker who tried to swat Brian Krebs and frame him with a staged heroin delivery is going up the river. Sergei Vovnenko has copped a guilty plea to aggravated identity theft and conspiracy to commit wire fraud. Mr. Vovnenko will be receiving at least a two-year sabbatical from his computer work, courtesy of the Federal Bureau of Prisons. And now, a word from our sponsor, No Before. It's all connected, and we're not talking conspiracy theories. When it comes to InfoSec tools, effective integrations can make or break your security stack, the same should be true for security awareness training. No Before, provider of the world's largest library of security awareness training provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. No Before's security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike and Cisco, 35 vendor integrations and counting. Security Coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real-time coaching campaigns targeting risky users based on those events from your network, endpoint, identity or web security vendors. Then, coach your users at the moment the risky behavior occurs, with contextual security tips delivered via Microsoft Teams, Slack or email. Learn more at nobefore.com/securitycoach, that's nobefore.com/securitycoach, and we thank nobefore for sponsoring our show. We're going to talk about the next few things. What if it didn't have to? Meet Identity Continuity from Strata, the game-changing solution that keeps your business running smoothly no matter what. Whether your cloud IDP crashes or your on-prem system faces a hiccup, identity continuity seamlessly shifts authentication to a secondary or even tertiary IDP, automatically and without disruption. Powered by the Mavericks Identity Orchestration Platform, Identity Continuity uses smart health checks to monitor your IDP's availability and instantly activates failover strategies tailored to your needs. When the coast is clear, it's a seamless switchback. No more downtime, no lost revenue, no frustrated customers, just continuous, secure access to your critical applications every single time. Protect your business from the high costs of IDP outages, with identity continuity from Strata, downtime is a thing of the past. Visit strata.io/cyberwire to learn how Strata's identity continuity can provide seamless enhanced capabilities to your existing identity fabric and receive a free set of AirPods Pro. Joining me is Marcus Roushecker, he's the Cybersecurity Program Manager at the University of Maryland Center for Health and Homeland Security. They're one of our academic and research partners. Marcus, I want to talk about the importance of education in cyber security, but one of the focuses that you have there at CHHS is focusing on law and policy. Why is that an area that you're focusing on? We obviously know that technical ability and technical skill is critical when it comes to cyber security, but we kind of see tech as a tool and we need to know how to use that tool. So, focusing on law and policy really helps us to develop the structure, the frameworks, the basic guidance on how to use that tool, both on a national level within the United States, but also on an international level when we're talking globally. So this is a situation where there are opportunities for people coming out of high school, people looking for careers where they don't necessarily just have to be the computer science kid. Oh, absolutely, yes. And we're seeing this demand for people with the skill set in law and policy more and more. As I said, we have a lot of skill when it comes to technology, but there's a real importance to focusing on some of these legal and policy questions that are out there. Focusing on those issues really helps us fill this knowledge gap where we might not know exactly what the ramifications of any decisions might be that we make, but if we have people who are experts in law and policy of cyber security, those kinds of people can then help answer some of those questions that are out there. And what are some of the specific areas of study that you all are focusing on? Well, there's a ton of questions out there that still need to be developed and you need to be analyzed. They are issues regarding jurisdiction, so simple questions like who's in charge and what are the roles and responsibilities of different stakeholders, questions regarding privacy and versus security, of what is the right balance to attain here, and then what are some of those basic standards and security measures that we should be thinking about implementing? Those are all some of those critical areas that still need a lot of work. So what would your advice be? Let's say we've got someone who's heading towards the end of her high school career. What kind of advice would you give to someone like that who is interested in the law and policy side of cyber? Well, there are several options for someone who's interested. Obviously, one of the ways to approach this area is to apply to law school and go to law school and get a full-fledged law degree. Obviously, then coming out of law school, the person could become a practicing lawyer and could end up at a law firm or with government to work on these kinds of issues in cybersecurity. But there are other pathways as well. There are degree programs that focus on law and policy. They don't require you to go to law school for a full three years. But they also provide those basic skill sets that one would need to address some of these legal and policy issues that are out there. All right, Marcus Rochacker, thanks for joining us. The IT world used to be simpler. You only had to secure and manage environments that you controlled. Then came new technologies and new ways to work. Now employees, apps and networks are everywhere. This means poor visibility, security gaps, and added risk. That's why CloudFlare created the first-ever connectivity cloud. Visit cloudflare.com to protect your business everywhere you do business. This episode is brought to you by JCPenney. The holiday season is here and at JCPenney, everybody gets more. Make for your loved one, designer perfumes from Versace or Carolina Herrera, or the exclusive messy fragrance. For the foodie in your life, a cast-iron Dutch oven or cured coffee maker. Or for the kids, all the toys they love from Disney, Barbie, Lego, and more, JCPenney. Make it count. Shop in store or online. And that's the Cyberwire. We are proudly produced in Maryland by our talented team of editors and producers. I'm Dave Bittner, thanks for listening. And now, a word from our sponsor, NordPass. NordPass is an advanced password manager from the team behind NordVPN, designed to help keep your business safe from data leaks and cyber threats. It gives your IT professionals control over who has access to your company's data and makes it easy for everyone else on your team to use strong passwords. Right now, you can go to www.nordpass.com/cyberwire for 35% off the NordPass Business Yearly Plan. Don't miss out on that. [MUSIC]