In today's podcast we look quickly at the current state of the cyber war between the US and ISIS. Anonymous is out to punish banks with DDoS for "crimes against humanity," and criminals continue to hone their ransomware game. The US security clearance system seems set to move toward FICO-like scoring. Joe Carrigan from Johns Hopkins University explains why medical records are so valuable on the cyber black market. Bob Hansmann from Forcepoint returns for more findings from their 2016 threat report. And Satoshi Nakamoto seems as airborne as ever.
Dave Bittner: [00:00:03:15] US Cyber Command is said to be enjoying success against ISIS finances and command-and-control. ISIS sympathizers hit back online with more attempts at inspiration. Anonymous launches a DDoS campaign against the Bank of Greece. The Hacktivist Collective vows to punish the world's financial institutions for what it characterizes as their "crimes against humanity." And a US magistrate tells a California woman to let the FBI use her fingerprints to unlock an iPhone; it's a search warrant in a drug case.
Dave Bittner: [00:00:34:16] This CyberWire podcast is made possible by Cylance, offering cybersecurity products and services that are redefining the standard for enterprise endpoint security. Learn more at cylance.com.
Dave Bittner: [00:00:51:06] I'm Dave Bittner in Baltimore with your CyberWire summary for Tuesday, May 3rd, 2016.
Dave Bittner: [00:00:56:24] The US cyber offensive against ISIS continues to report inroads against the terrorist group's finances and command-and-control apparatus. These are targets Cyber Command is well equipped to hit. ISIS's information ops reach will be harder to shorten. Hacktivists who find inspiration in these self-proclaimed Caliphate's online murders have called for death to US drone pilots, but, as its physical territory shrinks ISIS will continue to seek to expand its footprint in cyberspace.
Dave Bittner: [00:01:26:00] Anonymous has hit the Bank of Greece with a distributed denial-of-service campaign. The hacktivist collective is calling it, curiously, OpIcarus, where one might think OpDaedalus or OpHermes might be better since Icarus, after all, crashed after soaring too close to Helios. The goal of OpIcarus is to force the world's financial institutions to atone for what Anonymous characterized as banker's crimes against humanity. Some of the bank's services were off line for about six hours, according to Hack Read. Greece is said to be just the first, a video warns that banks in Bangladesh, Brazil, China, Iran, Pakistan, the US, and the European Union are also in the crosshairs.
Dave Bittner: [00:02:08:08] DDoS may be a preferred hacktivist attack method, but ransomware continues to hold its place in the criminal underworld. New techniques and variants aim to stay ahead of the defenders. According to Avira, Locky is now encrypting its command-and-control communication to make it more difficult for defenders to sinkhole the criminal sites. Proofpoint notes that about 24% of all emails found with malicious attachments in the first quarter of this year were distributing Locky. The runner up was the Dridex banking Trojan, which itself is increasingly being adapted to serve ransomware attacks. There's no need to look far to explain ransomware's popularity, Willie Sutton could have answered that question, there's a widespread perception in the underworld that cyber extortion offers easy money.
Dave Bittner: [00:02:53:21] On Monday's show we heard from Forcepoint's Bob Hansmann, who shared highlights from their recently published threat report. We continue our discussion today starting with the threat of what he calls accidental insiders.
Bob Hansmann: [00:03:05:05] On the insider threat the accidental insider could be somebody who has simply fallen for a social engineering type of attack, so that they've been part of an external attack, but, there's also the cases where they do a reply all, they post information they don't realize is sensitive to their Facebook account, somebody who posted that, "Hey, our company did really great this quarter," and yet the financial earnings have not been reported yet and so there's legal consequences. We also saw a case a couple of years ago where an employee was doing a regular process, sending tax information out to citizens of a city, but they failed to test the process, and in the end sent everybody's personal information and tax details to the next person on the list, because the email merge process was off by one, and they never tested it and ended up exposing everybody's information to everybody in town.
Dave Bittner: [00:03:59:01] We also discussed the inevitable tension between IT and employees who just want to get their work done. Hansmann suggests that IT departments be mindful of their attitude.
Bob Hansmann: [00:04:09:09] IT has developed this reputation as the department of no: no, you can't do that; no, that's got some problems; we haven't looked into that; we don't have time for that. That's where we have shadow IT, people are adopting their own technology. Sometimes it's because there isn't an official solution, often it's simply because nobody wants to ask IT; if you ask IT you'll be told no. It's better to just go ahead, get a third party service, use it and ask forgiveness later, at least we can get our jobs done. So, IT needs to become more proactive, they need to start being polite when people call and ask, "hey, I want to share a large file," instead of saying "ugh, we've had that for three years why isn't anybody using this? Let me show you where it's at," instead they should say something like, "you know, I'm glad you asked," and deliver it in a more positive tone and become an assistant, to help departments get their jobs done, not that department that, "ooh, if I've got a problem I'll call them, otherwise try and keep them out of your business."
Dave Bittner: [00:05:10:00] That's Bob Hansmann from Forcepoint. Their website is forcepoint.com.
Dave Bittner: [00:05:16:01] The US security clearance system may soon undergo a significant shift moving toward a "FICO-like" insider threat scoring system, that score would be based on a number of factors, among which, the social media activity of cleared personnel would figure prominently. Another feature of the emerging security system would be continuous monitoring of government networks and users. Nextgov quotes the director of the Defense Security Service as calling the amount of illicit adult material "just unbelievable." And by illicit he means clearly illegal.
Dave Bittner: [00:05:48:08] A US magistrate judge has ordered a woman to let the FBI unlock her iPhone using her fingerprints, pursuant to a search warrant. A development that will surely raise issues both biometric and Constitutional.
Dave Bittner: [00:06:01:11] And finally, where's Satoshi? The elusive inventor of Bitcoin seems to have been sighted less frequently than Sasquatch. Errata Security outlines how it's possible for anyone to claim to be Satoshi Nakamoto. Read through the post at blog.erratasec.com and judge for yourself.
Dave Bittner: [00:06:24:09] This CyberWire podcast is made possible by Wide Angle Youth Media, a non-profit that provides free media education to Baltimore youth to tell their own stories and become civic leaders. Learn, watch and connect at wideanglemedia.org.
Dave Bittner: [00:06:44:06] Once again I'm joined by Joe Carrigan from the Johns Hopkins University Information Security Institute, one of our academic and research partners. Joe, I read recently something that was interesting in an article, they were saying that medical records information is particularly valuable, because, unlike a credit card, your medical records cannot be reset?
Joe Carrigan: [00:07:03:12] Right, what the medical record contains that is particularly valuable is all of your personally identifiable information that is necessary to steal your identity. It contains your name, your address, your date of birth, your social security number in many cases, other information as well that could be used to verify your identity. Additionally, there's also a more sinister aspect to this, and that is, if you have something in your medical record that you don't want being made public, that actually provides an opportunity to extort you to keep that information private, and the prime example of this is if someone is HIV positive and they just don't want that information to be made public.
Dave Bittner: [00:07:45:06] And, of course, the most valuable information is that the hospital has about the patients themselves, and that's where the ransomware comes in, in the medical facilities themselves.
Joe Carrigan: [00:07:54:19] Right, that's where the information is most useful is when the patient and the practitioner need to access it to diagnose or to treat the patient, so that's why we're seeing this increase in ransomware. It's because these malicious actors know that the biggest value of this information is when the practitioners can access it to treat the patient, and if they can't do that then they might be willing to pay a large price to get the information back.
Dave Bittner: [00:08:20:07] Right, there we're talking literally about life and death situations, potentially.
Joe Carrigan: [00:08:24:12] That's right.
Dave Bittner: [00:08:25:02] And so we've seen, on several cases, it's easiest for the hospitals to simply pay the ransomware.
Joe Carrigan: [00:08:30:07] That's what happens.
Dave Bittner: [00:08:31:01] Yes, interesting also that when they pay the records get unlocked.
Joe Carrigan: [00:08:34:17] Well that's right, that's almost what has to happen, because the malicious actors almost have to unlock the files or else the ransomware business model doesn't work, because people realize, okay, now I'm in a hole because my data has been encrypted, but I'm not going to deepen that hole by paying some money to somebody who's not going to unlock my files.
Dave Bittner: [00:08:54:03] Right, and, of course, the lesson is, always have recent backups of your files.
Joe Carrigan: [00:08:59:04] That's right, the first four rules of owning a computer are back up, back up, back up and back up.
Dave Bittner: [00:09:03:16] Alright. Joe, thanks again for joining us.
Joe Carrigan: [00:09:07:00] My pleasure.
Dave Bittner: [00:09:10:08] And that's the CyberWire. For links to all of today's stories, along with interviews, our glossary and more, visit thecyberwire.com. Thanks to all of our sponsors who make the CyberWire possible. And if you are interested in reaching a global audience of security influencers and decision makers, well, you've come to the right shop. Visit thecyberwire.com/sponsors to learn more. Don't forget to review us on iTunes, like us on Facebook and follow us on Twitter. You might even get a heartfelt thank you right here on the show, I'm looking at you Jeremy Landry.
Dave Bittner: [00:09:39:11] The CyberWire podcast is produced by Pratt Street Media. Our editor is John Petrik and I am Satoshi! Okay, no, really, I'm still Dave Bittner. Thanks for listening, good night Mr. Nakamoto, wherever you are.
Copyright © 2020 CyberWire, Inc. All rights reserved. Transcripts are created by the CyberWire Editorial staff. Accuracy may vary. Transcripts can be updated or revised in the future. The authoritative record of this program is the audio record.
Cylance is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over 4 million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.
Wide Angle Youth Media is a non-profit that provides free media education to Baltimore youth to tell their own stories and become civic leaders. Learn, watch, and connect at wideanglemedia.org.