Learn more about your ad choices. Visit megaphone.fm/adchoices
you're listening to the cyberwire network powered by N2k this is the energy of electrification available type S high performance variant nearly 500 horsepower and 278 mile EPA range range choose from our complimentary charging packages so you can charge how you want the all-electric Acura ZDX this is the energy of innovation Acura precision crafted performance this your local accurate dealer to lease the all-electric ZDX for three hundred eighty nine dollars a month hey everybody Dave here I want to talk about our sponsor legal zoom you know I started my first business back in the early 90s and oh what I would have done to have been able to have the services of an organization like legal zoom back then just getting all of those business ducks in a row all of that technical stuff the legal stuff the registrations of the business so the taxes all of those things that you need to go through when you're starting a business the hard stuff the stuff that sucks up your time when you just want to get that business launched and out there well legal zoom has everything you need to launch run and protect your business all in one place and they save you from wasting hours making sense of all that legal stuff launch run and protect your business to make it official today at legal zoom calm you can use promo code cyber 10 to get 10% off any legal zoom business information product excluding subscriptions and renewals that expires at the end of this year get everything you need from set up to success at legal zoom calm and use promo code cyber 10 that's legal zoom calm and promo code cyber 10 legal zoom provides access to independent attorneys and self-service tools legal zoom is not a law firm and does not provide legal advice except where authorized through its subsidiary law firm LZ legal services LLC mounting evidence of a Russian cyber attack on Ukraine's power grid the hunt for Jihadi John activist response to recent Saudi executions and we talk with the cyber wires editor about the latest in power grid hacking I'm Dave Bittner in Baltimore with your cyberwire summary for Tuesday January 5th 2016 late December cyber attack on a Ukrainian electrical utility has been linked to a variant of the black energy Trojan long disseminated by the sandworm threat actors the attack produced rolling blackouts in Western Ukraine but ESET researchers believe the operations sought to affect a much wider area than a single oblast they found the malware in at least two other utilities networks the attack was accompanied by a flood of calls to utility support centers effectively distracting responders through misdirection and some telephony denial of service black energy includes modules that establish persistence and can if so desired destroy files Ukraine's SBU security service unambiguously blames Russia for the operation the Kremlin has not commented and Western observers tend to agree the nature of the hack the ongoing tension between Ukraine and Russia and the absence of an obvious criminal motive strongly suggest state activity coming after revelation of Iranian reconnaissance of a small New York state dams control system this attack heightens concerns about the cyber vulnerabilities of physical infrastructure observers are calling the attack on Ukraine's electrical utilities the first case of the physical effects they've long predicted and long feared hackers deduced the Saudi Ministry of Defense to protest a leading Shiite clerics execution Iranian media generally sympathetic to protesters says the hackers are Saudi Shiites as authorities hunt for jihadi John the latest murderous online face of ISIS the case for dashes effective use of crypto increasingly strikes observers as weak PlayStation succumbed to a DDoS attack last night responsibility claimed again by the Phantom Squad skids M sis soft finds new Java based ransomware ransom 32 it's evasive and works across several operating systems Cisco discloses on the basis of research bison active that jabber is vulnerable to man in the middle attacks no patcher workarounds are yet available so use it with caution this episode is brought to you by JC penny holiday season is here and it JC penny everybody gets more like for your loved one designer perfumes from Versace or Carolina Herrera or the exclusive messy fragrance for the foodie in your life a cast iron Dutch oven or cured coffee maker or for the kids all the toys they love from Disney Barbie lego and more JC penny make it count shop in store or online and now a word from our sponsor no before it's all connected and we're not talking conspiracy theories when it comes to infosec tools effective integrations can make or break your security stack the same should be true for security awareness training no before provider of the world's largest library of security awareness training provides a way to integrate your existing security stack tools to help you strengthen your organization security culture no before security coach uses standard API's to quickly and easily integrate with your existing security products from vendors like Microsoft CrowdStrike and Cisco 35 vendor integrations and counting security coach analyzes your security stack alerts to identify events related to any risky security behavior from your users use this information to set up real-time coaching campaigns targeting risky users based on those events from your network endpoint identity or web security vendors then coach your users at the moment the risky behavior occurs with contextual security tips delivered via Microsoft Teams slack or email learn more at no before dot com slash security coach that's no before dot com slash security coach and we thank no before for sponsoring our show shopping black Friday this year make sure you stack 5% cashback on top of those deals with your PayPal debit card is this TV still in sale thank you before you shop pick your monthly category in the app I'm picking tech but you can pick from others like clothing or beauty when you shop you can get 5% cashback on top of the discounts you're already getting in your monthly category up to a thousand dollars spent it's pretty wild turn black Friday into stack Friday this year with PayPal terms and limits apply see terms PayPal dot com slash rewards pal the PayPal debit master card is issued by the bank or bank NA pursuant to a license by MasterCard International Incorporated imagine this your primary identity provider goes down whether it's a cloud outage network issue or even a cyber attack suddenly your business grinds to a halt but what if it didn't have to meet identity continuity from strata the game-changing solution that keeps your business running smoothly no matter what whether your cloud IDP crashes or your on-prem system faces a hiccup identity continuity seamlessly shifts authentication to a secondary or even tertiary IDP automatically and without disruption powered by the maverick's identity orchestration platform identity continuity uses smart health checks to monitor your IDP's availability and instantly activates fail over strategies tailored to your needs when the coast is clear it's a seamless switch back no more downtime no lost revenue no frustrated customers just continuous secure access to your critical applications every single time protect your business from the high costs of IDP outages with identity continuity from strata downtime is a thing of the past visit strata.io/cyberwire to learn how strata's identity continuity can provide seamless enhanced capabilities to your existing identity fabric and receive a free set of AirPods Pro and I'm joined by John Patrick who's the editor of the cyberwire John it ever since 9/11 we've heard warnings of threats to our infrastructure in the past week or so we've seen a couple of threats to infrastructure around the world the situation with the dam in New York state which will get to in a minute but I'm particularly interested in the attack of the power plants that happened in Ukraine what can you tell us about that I think the first thing to say is that we need to keep this in perspective as the defense of electrical Peter W. Singer's fond of pointing out we have orders of magnitude more squirrel induced power failures than we do cyber attack induced power failures so we need to keep it in perspective so what exactly happened in Ukraine at the end of December right around Christmas the region around the western Ukrainian city of Ivano from Kiefsk started experiencing rolling blackouts it's now come to light as announced by the Ukrainian security services that this was a cyber attack that the rolling blackouts were caused by a cyber attack that the Ukrainians claim was mounted by Russian authorities by Russian security services and they apparently did that by installing malware called black energy now the black energy malware has been fairly well known since about 2007 but it's interesting because this time it's being used to install problems with control systems it is by the way a problem with the grid with power distribution system not a destructive physical attack on power generation itself but rather with power distribution so this is interesting in troubling for a couple of reasons mainly because you have someone who is finally using a cyber attack to bring about a real physical effect that is blackouts in a power grid so what else can you tell me about this black energy malware it's got a few capabilities one of the more interesting ones is that it is capable of destroying files that apparently it looks for files with certain extensions you can select the file extension and it will destroy those files did this attack occur in isolation no there were some other things that were going on and you often find certain forms of activity being conducted in conjunction with cyber attacks as a form of what magicians would call misdirections or as a form of what military technicians would call a faint so in this case you had while the attack was going on a very large number of telephone calls being made to the service centers of the affected Ukrainian utilities and these had the cut effect of pulling responders away from the actual problem that was going on with the grid itself so let's talk about the dam in New York state it doesn't seem like there's any direct relation between the two of them it's just a coincidence that these two attacks happened within about a week of each other it is a coincidence that the New York state incident and by the way that's a very small dam so that we're not talking about a hydroelectric power generating station we're talking about the kind of small dam on a small stream that's used for flood control something like that that the Rhine New York is a town in Westchester County it's on Long Island Sound it's got this sluggish stream running through it the dam is there to prevent flooding fairly old dam very small so what's disturbing about that is that it showed that in this case apparently Iranian authorities Iranian operators were able to get access to the control system of that dam now it's a very minor thing not a very dangerous thing but it's troubling on two levels one that they could do it and two that apparently the federal authorities who found out about it didn't promptly share the information with the people in Westchester County who were cooperating with them in information sharing all right John Patrick once again thanks for joining us the IT world used to be simpler you only had to secure and manage environments that you controlled then came new technologies and new ways to work now employees apps and networks are everywhere this means poor visibility security gaps and added risk that's why cloud flare created the first ever connectivity cloud is a cloud flare calm to protect your business everywhere you do business the Yeti store has so many great gifts we had to hire a cattle auctioneer to make the most of these next 30 seconds all right folks let's get started with the Eddie French press and George however this day's hot for ours in French press 34 ounce for you 64 for the cruise the Eddie French press but next waterproof bags bags and waterproof some merciful waterproof doubles waterproof bag bags or as most of the waters to get a waterproof Yeti bag I smell something cooking all new cast iron skillets made to be passed down like mama's recipes take a steak corn big college pot pie potatoes next level with three sizes Yeti cast iron skillets gear gifts and product experts visit the Yeti store at Cherry Creek North today and that's the Cyberwire we are proudly produced in Maryland by our talented team of editors and producers I'm Dave Bitner thanks for listening and now a word from our sponsor NordPass NordPass is an advanced password manager from the team behind Nord VPN designed to help keep your business safe from data leaks and cyber threats it gives your IT professionals control over who has access to your company's data and makes it easy for everyone else on your team to use strong passwords right now you can go to www.nordpass.com/cyberwire for 35% off the NordPass business yearly plan don't miss out on that (soft music) [BLANK_AUDIO]