Learn more about your ad choices. Visit megaphone.fm/adchoices
CyberWire Daily
The CyberWire 1.15.16
You're listening to the Cyberwire Network, powered by N2K. Connect to the world with special Turkish Airlines fares. Book your flight before November 30th and take advantage of great deals. Fly to the most exciting destinations with the award-winning airline that flies to more countries than any other. Terms and conditions apply. For more details, visit Turkishairlines.com. Turkish Airlines, widen your world. Hey everybody, Dave here. I want to talk about our sponsor, LegalZoom. You know, I started my first business back in the early 90s and oh, what I would have done to have been able to have the services of an organization like LegalZoom back then. Just getting all of those business ducks in a row, all of that technical stuff, the legal stuff, the registrations of the business, so the taxes, all of those things that you need to go through when you're starting a business, the hard stuff, the stuff that sucks up your time when you just want to get that business launched and out there. Well, LegalZoom has everything you need to launch, run, and protect your business all in one place. And they save you from wasting hours making sense of all that legal stuff. Launch, run, and protect your business to make it official today at LegalZoom.com. You can use promo code CYBER10 to get 10% off any LegalZoom business information product excluding subscriptions and renewals that expires at the end of this year. Get everything you need from set up to success at LegalZoom.com and use promo code CYBER10. That's LegalZoom.com and promo code CYBER10. LegalZoom provides access to independent attorneys and self-service tools. LegalZoom is not a law firm and does not provide legal advice except where authorized through its subsidiary law firm, LZ Legal Services, LLC. [music] Looking for the malware that enabled the hack of Ukrainian electrical power substations, DDoS grows an importance as misdirection. ISIS expands its media operations with an online cyber mag and a news service. Researchers find issues with Apple's gatekeeper patching. The Slembunk Android banking Trojan evolves into a more dangerous form. Kaspersky tells us how it used hacking team's docs to find a silver light zero day. Fortune offers a nuanced take on David Chom's proposal to end the crypto wars and Twitter's being sued for permitting ISIS to use its service. I'm Dave Bittner in Baltimore with your Cyberwire summary for Friday, January 15, 2016. The attack on power distribution substations that produced rolling blackouts across western Ukraine late last month is pretty clearly a cyber attack. Breakers were cycled remotely and black energy malware was found in the affected utilities networks. But how the breakers were cycled remains unclear. Black energy, long familiar as an espionage kit, is in all probability not the means the attackers use to take down the grid. Industrial control system security expert Joe Weiss told the cyberwire what investigators should be looking for. Backers were opened in a whole series of substations and that led to somewhere between a three to six hour outage to something like 80,000 customers. That's what we should be focusing on. The hacking questions all have to be in the context of how did that relate to the breakers being opened in the substations. You can hear an extended version of our interview with Joe Weiss on today's cyberwire weekend review. Other analysts continue to warn utilities, especially those engaged in nuclear power generation, to be on their guard. And Corera warns utilities, telecom providers, and others to watch for what it's calling "dark DDoS." By this, they're not implying that there could be a "light DDoS," let us say "ray" as opposed to "Kylo Ren," but rather they're emphasizing the increased use of denial of service as a smokescreen for a more serious attack. Weiss does remain a threat. Akamai, for example, estimates that 2015 saw them increase in frequency by 180 percent, but as usual, it's possible to over-hype any particular incident. A recent case may be found in the New World Hackers New Year's Eve test attack on the BBC. #TangoDown, the name of the op, and skid speak for I/O Triumpeh, claimed 600 gigabytes per second in a test of power, which would indeed be pretty big. The ZDNet observes, quote, "You would think that after such a big bang, someone might have noticed," end quote, but no one did. Tripwire sums up Akamai's findings as "great number, smaller punch." ISIS has launched its own encrypted messaging app, but it continues to focus on information operations. It's offering not only grisly emojis for inspiration across social media, but an online cyber warfare magazine, Kibernetic, published initially in German, and a news service, Amok, that features early distribution of communiques claiming responsibility for attacks. The Slembunk Android banking Trojan discovered last year is proving more persistent and dangerous than initially thought, and it's got a longer attack chain and drive-by infection capability, and according to FireEye, it's being actively used in the wild. Researchers are finding Apple's patch of OS X gatekeeper security feature more porous than users might wish. Other researchers claim they've identified vulnerabilities in Advanced Tech's EKI 1322 serial device server. The flaws may include a backdoor. Kaspersky describes how it used hacking team leaks to discover a vulnerability in Silverlight. E-Week describes Kaspersky's approach as "turning users into honeypots." In news, techs can use "SAN" shares a "D" obfuscation tool, and "Linux Journal" describes what's actually involved in server-hardening. A Staten Island lawmaker would add New York State to the list of jurisdictions seeking to require device manufacturers to be able to decrypt traffic carried by their products. Legal observers think the bill has slim chance of passage and slimmer chance of withstanding the inevitable challenges in court. Elsewhere in the crypto wars, fortune claims that cryptography guru David Chom's pre-vitigrity widely discussed as Chom's contribution to achieving a modus Vivendi between privacy and security has been widely misunderstood. Pre-vitigrity is not Chom Tell's fortune, a backdoored encryption scheme, and he regrets having let earlier reports characterize it as having a backdoor, but rather one that features distributed ten-party control. The cryptography community will no doubt be discussing whether this changes the prevailing dim view of pre-vitigrity. Directory remains skeptical of cybersecurity rules that pass the European Union's Internal Markets Committee. While they must still clear the European Parliament, final passage is widely expected. Consensus among industry observers is that the measures are both expensive and fatally lacking in specificity. Google finds itself under U.S. regulatory and senatorial scrutiny for its handling of student data. Twitter is being sued by the widow of a man Isis murdered in Jordan. She claims Twitter negligently permitted Isis to pass on inspiration and direction to her late husband's murderers. Few legal observers expect the suit to hold up in court, but in the event it does, the case's implications for online communication will be very large. In industry news, App Authority picks up $10 million in Series B Venture funding, IBM buys Iris Analytics in a fraud prevention play, Raytheon and WebSense will call their new combined venture Force Point and will integrate firewall shop Stonesoft recently acquired from Intel into the brand. Sephora presents You're a Granny Pearl. Your grandmother Pearl, she's had 83 years to refine her tastes, which means she's hard to bite for. She has a signature lip, signature car, signature drink, signature scarf, signature color, and she makes it all look effortless, which means gifting her takes maximum effortness. She knows what she likes, but she also has a nose. This holiday don't overthink it. The best fragrance gifts are only at Sephora. And now a word from our sponsor, know before. It's all connected, and we're not talking conspiracy theories. When it comes to InfoSecTools, effective integrations can make or break your security stack. The same should be true for security awareness training. Know before, provider of the world's largest library of security awareness training provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. Know before's security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike, and Cisco, 35 vendor integrations, and counting. Security Coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real-time coaching campaigns targeting risky users based on those events from your network, endpoint, identity, or web security vendors. Then, coach your users at the moment the risky behavior occurs, with contextual security tips delivered via Microsoft Teams, Slack, or email. Learn more at knowbefore.com/securitycoach. That's knowbefore.com/securitycoach. And we thank knowbefore for sponsoring our show. This holiday season, J. Crew is celebrating all of the characters in your lives with a collection full of personality, quality, and charm. From premium Italian wool coats to delicious monogrammable cashmere, there is something for everyone on your gift list. Whether you're shopping for the party hopper or the homebody, the minimalist or the person who has everything, and of course, for yourself. Here's to a holiday with character, shop holiday with character@jcrew.com. Imagine this. Your primary identity provider goes down, whether it's a cloud outage, network issue, or even a cyber attack. Suddenly, your business grinds to a halt. But what if it didn't have to? Meet Identity Continuity from Strata, the game-changing solution that keeps your business running smoothly no matter what. Whether your cloud IDP crashes or your on-prem system faces a hiccup, identity continuity seamlessly shifts authentication to a secondary or even tertiary IDP, automatically and without disruption. Powered by the Mavericks Identity Orchestration Platform, Identity Continuity uses smart health checks to monitor your IDP's availability, and instantly activates failover strategies tailored to your needs. When the coast is clear, it's a seamless switchback. No more downtime, no lost revenue, no frustrated customers, just continuous, secure access to your critical applications every single time. Protect your business from the high costs of IDP outages, with identity continuity from Strata, downtime is a thing of the past. Visit strata.io/cyberwire to learn how Strata's Identity Continuity can provide seamless enhanced capabilities to your existing identity fabric, and receive a free set of AirPods Pro. Joining me is John Patrick, editor of the CyberWire. An exploit is something used to exploit some computer system network or program to accomplish some malicious action. So you're exploiting a system, you're exploiting a vulnerability. If you're using software, data, commands or hardware devices to do something to that system, that ought not to be done to it. And JUZOS was as a noun, as an exploit, that is some particular thing that an attacker can use against a system. That's an exploit. Exploits are often packaged into kits. You're about exploit kits. And some of the exploit kits we read about in the news like Angular, for example, are packaged sets of malware that automate the exploitation of vulnerabilities. And that's very commonly some crimeware web application that enables attacks on unpatched systems. So exploit kits form a very important part of the criminal malware black market. So when we're talking about exploits, very often it is something that has been named, so there's the Angular exploit. There are, it's been pre-packaged, it's something that's easy to use. That's right. There are also name vulnerabilities that can be confused with exploits. But yeah, an exploit is very often named. Some of the names are compelling, some of the names are slightly ridiculous. But everybody who does vulnerability research would love to name their own exploit. So again, just for clarity's sake, what is the difference between a vulnerability and an exploit? An exploit is something that takes advantage of a vulnerability. The vulnerability is the thing that the exploit exploits. The exploit uses to get at you. It's the hole in the system that the attacker uses. The exploit is what it uses to get through that hole. All right, John Petrick, thanks very much. The IT world used to be simpler. You only had to secure and manage environments that you controlled. Some came new technologies and new ways to work. Now employees, apps, and networks are everywhere. This means poor visibility, security gaps, and added risk. That's why CloudFlare created the first-ever connectivity cloud. Visit cloudflare.com to protect your business everywhere you do business. Bud Light knows that there's no better day than game day. With good food, great company, and plenty of cold ones for the tailgate, Bud Light makes football easier to enjoy, especially when your team scores. Bud Light, easy to drink, easy to enjoy. Enjoy responsibly, 21+ Copyright 2024, and has a Bush Bud Light beer, St. Louis, Missouri. And that's the Cyberwire. We are proudly produced in Maryland by our talented team of editors and producers. I'm Dave Bitner, thanks for listening. And now, a word from our sponsor, NordPass. NordPass is an advanced password manager from the team behind NordVPN, designed to help keep your business safe from data leaks and cyber threats. It gives your IT professionals control over who has access to your company's data and makes it easy for everyone else on your team to use strong passwords. Right now, you can go to www.nordpass.com/cyberwire for 35% off the NordPass Business Yearly Plan. Don't miss out on that. [MUSIC]