Learn more about your ad choices. Visit megaphone.fm/adchoices
CyberWire Daily
The CyberWire 1.14.16
[Music] You're listening to the Cyberwire Network, powered by N2K. [Music] This episode is brought to you by GE Healthcare. GE Healthcare sees possibilities through innovation. They are partnering with their customers to fulfill healthcare's greatest potential through groundbreaking medical technology, intelligent devices, and care solutions, just like they have for over 125 years. The technology they're mastering today will help make care more personalized tomorrow. Find out more at GEHealthcare.com. [Music] Hey everybody, Dave here. I want to talk about our sponsor, LegalZoom. You know, I started my first business back in the early '90s, and oh, what I would have done to have been able to have the services of an organization like LegalZoom back then. Just getting all of those business ducks in a row, all of that technical stuff, the legal stuff, the registrations of the business, the taxes, all of those things that you need to go through when you're starting a business, the hard stuff, the stuff that sucks up your time when you just want to get that business launched and out there. Well, LegalZoom has everything you need to launch, run, and protect your business all in one place. And they save you from wasting hours making sense of all that legal stuff. Launch, run, and protect your business to make it official today at LegalZoom.com. You can use promo code Cyber10 to get 10% off any LegalZoom business information product, excluding subscriptions and renewals. That expires at the end of this year. Get everything you need from set up to success at LegalZoom.com and use promo code Cyber10. That's LegalZoom.com and promo code Cyber10. LegalZoom provides access to independent attorneys and self-service tools. LegalZoom is not a law firm and does not provide legal advice except where authorized through its subsidiary law firm, LegalZ Legal Services, LLC. Ukraine's grid hack, coordinated with but not accomplished by black energy malware, looks like a bellwether. Cisco issues three patches, anonymous hacks Nissan, the hacktivists are still on the anti-wailing case. On the anti-ISIS case, not so much. Congressional hearings make some revision to US vositor implementation look likely. The feds are investigating the crackers with attitude for hacking the director of national intelligence and the crackers might do well to stay out of Pittsburgh. The GM and their tough. Trust us, we know. I'm Dave Bitter in Baltimore with your Cyberwire summary for Thursday, January 14, 2016. More consensus emerges on the coordinated cyber attack on electrical utilities in western Ukraine. Sans thinks and others concur that the attack was not directly accomplished by black energy malware, still less through black energy's kill disk module, but that black energy accompanied the operation. An ISC security expert, Joe Weiss, told the cyberwire, quote, "we're still in the process of trying to understand what truly led to the breakers being opened, which is what caused the actual electrical outage. We'll have a full interview with Mr. Weiss in tomorrow's week in review." US officials commenting on the incident offer a tight-jawed warning to expect more attacks like this one on industrial control systems. Other predictors continue to foretell more effective cyber warfare out of ISIS, but so far the terrorist group has shown itself more capable of information operations than of cyber operations narrowly conceived. One disturbing and undoubted capability they're seeking, however, is the ability to use the internet as an aid to finding and murdering journalists and others within ISIS-controlled areas who don't toe the caliphate's line. Anonymous continues to be more active on the "pro-citation" front than the anti-ISIS one. This time the activist collective disrupts Nissan website in order to protest Japanese whaling. Nissan is baffled by the connection since it really feels it has little to do with whales, but even an apparently tangential connection of being based in Japan is enough for protest purposes. Iran makes a minor foray into online propaganda, posting video of detained US Navy personnel, apparently apologizing for what Iran alleges is a violation of its territorial waters. The "crackers with attitude" caper to redirect phone calls to US DNI clappers home over to a "pro-Palestinian" site is now the subject of an investigation. The crackers seem to have exploited a bug in the clapper family service provider, Verizon Fios broadband. Bitdefender explains the cross-site scripting vulnerability that may have exposed eBay users to phishing scams. Ransomware continues to make its usual rounds. Angler and neutrino exploit kits are being used to distribute crypto-wall, and the Rig exploit kit is serving up rhodomont malware. Brian Krebs reports on ransomware's growing effect on users of cloud services. Cyber libertarians as wired calls them once saw Silk Road is the dawn of a new free market untrammeled by government or cartel finagling. That false dawn has faded with Silk Road's eclipse. The dark web's markets have become as seedy and sleazy as the physical black markets they've supplemented. See, for example, the "hell hacking forum" as an example of such sleaze, its denizens go after a breathalyzer vendor. Still, remember, those black markets do behave like markets. Cisco releases three sets of patches, wireless LAN controller software, identity services engine software, and Aeronet 1800 series access points. OpenSSH 7.1P2 is also out with a fix for a flaw that could leak private keys. Bromium's Endpoint Exploit Trends report for 2015 is out. Among the more interesting trends are the increasing sophistication and popularity of exploit kits, the growing market savvy of ransomware purveyors, and the enduringly high return on investment malvertizing delivers. The Internet of Things is going to be expensive to secure analysts think. Some quote a dollar a device as a rule of thumb, and machine-to-machine traffic seems to some poised to take up a big share of roaming connections. The Council on Foreign Relations offers a rundown of the global trend toward a growing government appetite for Internet controller restriction. In the U.K., surveillance policy aspirations seem to be shifting from mandated backdoors toward some sort of decrypt-on-demand regime. In the U.S., this week's Congressional hearings on the Vassanar Agreement appear to auger changes in the cyber export control agreements implementation. Industry wants changes, the Department of Homeland Security is moderately sympathetic to industry, and even the State Department betrays some buyer's remorse. Dambala offers some insight into how it helped Norwegian police take down the author of Megalodon HTTP Crimeware. FBI Director Comey tells cyber criminals to steer clear of the cyber G-men in the Pittsburgh office. Falun Gong supporters challenge Cisco's alleged role in collaborating with Chinese suppression of the group. In industry news, rumor and speculation about mergers and acquisitions continue to affect cybersecurity company's share prices, sometimes regardless of whether the affected companies are themselves the subject of such rumors. Sephora presents You're a Granny Pearl. Your grandmother Pearl, she's had 83 years to refine her tastes, which means she's hard to bite for. She has a signature lip, signature car, signature drink, signature scarf, signature color, and she makes it all look effortless, which means gifting her takes maximum effortness. She knows what she likes, but she also has a nose. This holiday don't overthink it. The best fragrance gifts are only at Sephora. And now a word from our sponsor, No Before. It's all connected, and we're not talking conspiracy theories. When it comes to InfoSec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. No before, provider of the world's largest library of security awareness training provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. No Before's security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike, and Cisco, 35 vendor integrations and counting. Security Coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real-time coaching campaigns targeting risky users based on those events from your network, endpoint identity, or web security vendors. Then coach your users at the moment the risky behavior occurs, with contextual security tips delivered via Microsoft Teams, Slack, or email. Learn more at nobefore.com/securitycoach. That's nobefore.com/securitycoach and we thank no before for sponsoring our show. With Blue Lemon, the real gift happens when they're living in it. When you give the fan favorite everywhere belt bag, the real gift is. And when the ultra soothing rest feel slides are the gift, you're really giving them. This holiday, Blue Blue Lemon makes it easy to give little luxuries that go beyond. Open the moment. Shop now at lululemon.com. Imagine this. Your primary identity provider goes down, whether it's a cloud outage, network issue, or even a cyber attack. Suddenly, your business grinds to a halt. But what if it didn't have to? Meet identity continuity from Strata, the game-changing solution that keeps your business running smoothly no matter what. Whether your cloud IDP crashes or your on-prem system faces a hiccup, identity continuity seamlessly shifts authentication to a secondary or even tertiary IDP, automatically and without disruption. Powered by the Mavericks Identity Orchestration Platform, identity continuity uses smart health checks to monitor your IDP's availability, and instantly activates failover strategies tailored to your needs. When the coast is clear, it's a seamless switchback. No more downtime, no lost revenue, no frustrated customers. Just continuous, secure access to your critical applications every single time. Protect your business from the high costs of IDP outages with identity continuity from Strata. Downtime is a thing of the past. Visit strata.io/cyberwire to learn how Strata's identity continuity can provide seamless, enhanced capabilities to your existing identity fabric and receive a free set of AirPods Pro. Joining me is John Patrick, editor of the Cyberwire. John, we have good days, we have bad days, but in cybersecurity, we have zero days. What is a zero day? It's a bad day. Zero day is an epidemiology. People refer to patients zero. The first person is identified as the victim of a particular disease. A zero day is the day at which a new novel attack comes up. You can have a zero day attack, which involves the first exploitation of some previously unrecognized vulnerability. People often use zero days to refer to the vulnerability itself. You discover a new vulnerability. People will talk about that as a zero day sometimes. There's also zero day malware, and zero day malware is a previously unknown piece of malware for which no detection signature is yet available. So does zero day refer at all to how relatively dangerous a particular exploit is? If something is labeled as a zero date, does that mean this needs your immediate attention? It often does because it's novel, but it's the novelty rather than the severity that makes it a zero day. All right, John Patrick, thanks very much. The IT world used to be simpler. You only had to secure and manage environments that you controlled. Then came new technologies and new ways to work. Now, employees, apps, and networks are everywhere. This means poor visibility, security gaps, and added risk. That's why CloudFlare created the first-ever connectivity cloud. Visit cloudflare.com to protect your business everywhere you do business. This episode is brought to you by Buffalo Trace Distillery. Powerful gets smooth, contained, but never tamed. Proudly going their own way, but never going alone. This is the spirit inside Buffalo Trace Bourbon. Made at Buffalo Trace Distillery, the world's most award-winning distillery. Buffalo Trace is always perfectly untamed. Distilled aged and bottled by Buffalo Trace Distillery, Franklin County, Kentucky, 90 proof, 45% alcohol by volume. Learn more at BuffaloTrace Distillery.com. Please drink responsibly. And that's the Cyberwire. We are proudly produced in Maryland by our talented team of editors and producers. I'm Dave Vittner. Thanks for listening. And now, a word from our sponsor, NordPass. NordPass is an advanced password manager from the team behind NordVPN. Designed to help keep your business safe from data leaks and cyber threats. It gives your IT professionals control over who has access to your company's data and makes it easy for everyone else on your team to use strong passwords. Right now, you can go to www.nordpass.com/cyberwire for 35% off the NordPass business yearly plan. Don't miss out on that.