Archive.fm

CyberWire Daily

The CyberWire 1.6.16

Duration:
16m
Broadcast on:
06 Jan 2016
Audio Format:
other

Learn more about your ad choices. Visit megaphone.fm/adchoices

you're listening to the cyberwire network powered by N2K this is the energy of electrification available type S high performance variant nearly 500 horsepower and 278 mile EPA range range choose from our complimentary charging packages so you can charge how you want the all-electric Acura ZDX this is the energy of innovation Acura precision crafted performance this your local accurate dealer to lease the all-electric ZDX for three hundred eighty nine dollars a month hey everybody Dave here I want to talk about our sponsor legal zoom you know I started my first business back in the early 90s and oh what I would have done to have been able to have the services of an organization like legal zoom back then just getting all of those business ducks in a row all of that technical stuff the legal stuff the registrations of the business so the taxes all of those things that you need to go through when you're starting a business the hard stuff the stuff that sucks up your time when you just want to get that business launched and out there well legal zoom has everything you need to launch run and protect your business all in one place and they save you from wasting hours making sense of all that legal stuff launch run and protect your business to make it official today at legal zoom calm you can use promo code cyber 10 to get 10% off any legal zoom business information product excluding subscriptions and renewals that expires at the end of this year get everything you need from set up to success at legal zoom dot com and use promo code cyber 10 that's legal zoom dot com and promo code cyber 10 legal zoom provides access to independent attorneys and self-service tools legal zoom is not a law firm and does not provide legal advice except where authorized through its subsidiary law firm LZ legal services LLC in today's podcast as intelligence services increasingly link Russia to the cyber attack on Ukraine's power grid we discussed speculation about possible motives Iran Saudi Arabia and ISIS ramp up their mutually antagonistic postures in cyberspace we have more on M's a soft discovery and description of the JavaScript based ransom where as a service tool ransom 32 and we talk with a cyber wires editor about some of these latest developments I'm Dave Bittner in Baltimore with your cyber wire summary for Wednesday January 6 2016 to most observers and those include according to reports US intelligence services Russia looks like the most likely suspect in December's cyber attack on the Ukrainian power grid that the rolling blackouts were caused by a cyber attack is increasingly clear but how the attack actually worked however remains a matter for investigation as ESET's reports suggest signs point to black energy malware as the toolkit used in the operation black energy was found in affected networks but some industry observers think it's too early to close the case especially since much black energy functionality is not clearly related to a capability to manipulate industrial control systems other utilities around the world reassure stakeholders they've taken precautions against similar attacks the motive for a Russian hack also remains unclear even given ongoing fighting in eastern Ukraine the rolling blackouts don't have an obvious operational purpose some speculate the episode amounts to dissuasion or saber rattling or capability testing in its own bit of dissuasion by the way the US Treasury Department has finalized an announced its system of sanctions for hacking Saudi Arabia and Iran seen poised to escalate their ongoing tension into conflict in cyberspace although neither state has as far as it's known used its full cyber attack capabilities Isis implacably hostile to both Iran and Saudi Arabia has renewed its denunciations of the Saudi regime as tyranny and Saudi soldiers as apostates sheites Christians and Jews come in for their usual share of odium in dash social media Western services are still working out their information operational response Isis hasn't shown much ability to hack but there are no questions about its ability to inspire genius Jordan known for attacks on Kuwaiti and Nepalese sites defaces Ugandan foreign ministry sites with protests of US and Israeli actions in the Middle East in Southeast Asia anonymous takes down Thai police sites to protest death sentences handed down in the case of two murdered tourists the hacktivist collectives sees the suspects is having been railroaded for the sake of Thailand's tourist industry analysts review ransom 32 which M sisoff described earlier this week in regards to ransom 32's JavaScript based ability to affect different operating systems M sisoff CTO Fabian Vosar told the cyberwire quote the way ransom 32 works leads to the logical conclusion that upcoming versions will target multiple OS's whereas most ransomware is confined to a single or a limited number of OS's hair Vosar also thinks ransom 32 is disturbing in its crime where as a service distribution quote you can configure your very own ransomware and buy it from the website he told the cyberwire while this isn't entirely new for malware in general in the ransomware segments specifically it is innovative M sisoff also points out that whoever put ransom 32 together did their crypto homework and got it right that doesn't always happen with crime where whose work is as susceptible to bugs as is legitimate software we see an example of such buggingness with the competing ransomware Linux dot encoder now on its third release and still according to Bitdefender crackable we'll keep an eye on ransom 32 and you should too in other news rapid seven finds issues with Xfinity's home security system and Android patches five security flaws do look to the security of your Android devices shopping black Friday this year make sure you stack 5% cash back on top of those deals with your PayPal debit card is this TV still on sale thank you before you shop pick your monthly category in the app I'm picking tech but you can pick from others like clothing or beauty when you shop you can get 5% cash back on top of the discounts you're already getting in your monthly category up to $1,000 spent it's pretty wild turn black Friday into stack Friday this year with PayPal terms and limits apply c terms PayPal dot com slash rewards pal the PayPal debit MasterCard is issued by the bank or bank NA pursuant to a license by MasterCard International Incorporated and now a word from our sponsor know before it's all connected and we're not talking conspiracy theories when it comes to InfoSec tools effective integrations can make or break your security stack the same should be true for security awareness training know before provider of the world's largest library of security awareness training provides a way to integrate your existing security stack tools to help you strengthen your organization security culture know before's security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft CrowdStrike and Cisco 35 vendor integrations and counting security coach analyzes your security stack alerts to identify events related to any risky security behavior from your users use this information to set up real-time coaching campaigns targeting risky users based on those events from your network endpoint identity or web security vendors then coach your users at the moment the risky behavior occurs with contextual security tips delivered via Microsoft Teams slack or email learn more at know before dot com slash security coach that's know before dot com slash security coach and we thank know before for sponsoring our show this episode is brought to you by JCPenney the holiday season is here and at JCPenney everybody gets more like for your loved one designer perfumes from Versace or Carolina Herrera or the exclusive messy fragrance for the foodie in your life a cast iron Dutch oven or cured coffee maker or for the kids all the toys they love from Disney Barbie Lego and more JCPenney make it count shop in store or online imagine this your primary identity provider goes down whether it's a cloud outage network issue or even a cyber attack suddenly your business grinds to a halt but what if it didn't have to meet identity continuity from strata the game-changing solution that keeps your business running smoothly no matter what whether your cloud IDP crashes or your on-prem system faces a hiccup identity continuity seamlessly shifts authentication to a secondary or even tertiary IDP automatically and without disruption powered by the maverick's identity orchestration platform identity continuity uses smart health checks to monitor your IDP's availability and instantly activates fail over strategies tailored to your needs when the cost is clear it's a seamless switch back no more downtime no lost revenue no frustrated customers just continuous secure access to your critical applications every single time protect your business from the high costs of IDP outages with identity continuity from strata downtime is a thing of the past visit strata.io/cyberwire to learn how strata's identity continuity can provide seamless enhanced capabilities to your existing identity fabric and receive a free set of AirPods Pro I'm joined by John Patrick editor of the cyberwire John once again the situation with the Ukrainian power grid is in today's edition of the cyberwire why attack the Ukrainian power grid why is this a target for Russia power grids can be attacked for all sorts of reasons there military objectives a power grid for example could be the thing that you're using to run your air defense system things like that that doesn't seem to be the case here at all there doesn't seem to be any direct military payoff so speculate about Russian motives and most people think that it was Russian security services are responsible that's the Ukrainian say that and there reports today that US intelligence services are reaching the same conclusion quietly so why would they do it and the best speculation seems to be that it is a form of deterrence kind of dissuasion letting an opponent know that you can hold important things at risk why now well at the beginning of January Ukraine is has been scheduled to start some closer moves towards integration with the European Union so there's that and that certainly is a development that would be unwelcome to the Russians in other news again today we talked about the new ransom 32 exploit why is this one particularly noteworthy it's interesting because an emphasis off is the outfit that found and described the ransomware it's interesting because ransomware hasn't so far been offered under a crime or as a service model on the black market there's plenty of ransomware that's been out there but it hasn't been distributed in this particular way and ransom 32 is it's looks like a turnkey solution and it's something that you can use with relatively little skill so that's interesting it's also dangerous all ransomware is dangerous of course and most people will know that what ransomware does is encrypts a user's files and then asks him for money or her for money so that they can receive the encryption key and and get their files back get the use their files back so they're always dangerous but this is particularly dangerous because the people who wrote the crime where seemed to have done as M so so it says they've done their homework when it comes to encryption they've done it right they say and that may sound simple but as M so soft points out there are a lot of pieces of ransomware that have been buggy and this one seems not to be buggy there is some buggy ransomware in the news today there's a competitor called Linux and coder and it hit its third release and Bitdefender is already saying we can decrypt it we can break it so the criminals are right software have just as many problems as legitimate people are right software it's good to remember that so are we heading towards a point where you know anyone can can spend a few dollars in bitcoins you know run the run-the-rown ransomware program and and profit I don't know that anyone could do it you certainly don't need a lot of technical skill to use these solutions which is why the successful on the black market so you can get these things and use them without being a genius hacker yourself and that's why they're disturbing there's a kind of proliferation going on with them if people want to learn more about the ransom 32 exploit where can they go I would go right to the people who discovered and described it I think you can find out a lot of good information at Msoft calm all right John Patrick once again thanks for joining us the IT world used to be simpler you only had to secure and manage environments that you controlled then came new technologies and new ways to work now employees apps and networks are everywhere this means poor visibility security gaps and added risk that's why cloudflare created the first ever connectivity cloud visit cloudflare.com to protect your business everywhere you do business the Yeti store has so many great gifts we had to hire a catalog engineer to make the most of these next 30 seconds all right folks let's get started with the Eddie French press and Joe Calvin this day's hot for hours in French press 34 ounce for you 64 for the cruise the Eddie French press but next waterproof bags bags and waterproof some merciful waterproof doubles waterproof bag bags for us most of the waters to get a waterproof Yeti bag I smell something cooking all new cast iron skillets made to be passed down like mama's recipes take a steak corned big Thomas Popeye potatoes next level with three sizes Yeti cast iron skillets gear gifts and product experts visit the Yeti store at Cherry Creek North today and that's the cyberwire we are proudly produced in Maryland by our talented team of editors and producers I'm Dave Bitner thanks for listening and now a word from our sponsor NordPass NordPass is an advanced password manager from the team behind Nord VPN designed to help keep your business safe from data leaks and cyber threats it gives your IT professionals control over who has access to your company's data and makes it easy for everyone else on your team to use strong passwords right now you can go to www.nordpass.com/cyberwire for 35% off the NordPass business yearly plan don't miss out on that (gentle music) [BLANK_AUDIO]