We run through some of the high points of May's Patch Tuesday. We get updates on Viking Horde Android malware and Bucbi ransomware. Venture capital seeks out IoT security investments as Pwnie Express and Bayshore Networks attract funding. Quintessence Labs' Dr. Vikram Sharma explains emerging quantum technologies. And IBM will train Watson to deal with cyber security issues.
Dave Bittner: [00:00:00:00] We run through some of the high points of May's Patch Tuesday. Updates on Viking Horde Android malware and Bucbi ransomware. Venture capital seeks out IoT security investments as Pwnie Express and Bayshore Networks attract funding. QuintessenceLabs', Dr. Vikram Sharma, explains emerging quantum technologies. And IBM will train Watson to deal with cybersecurity issues.
Dave Bittner: [00:00:24:20] This CyberWire podcast is brought to you by Recorded Future, the real-time threat intelligence company whose patented web intelligence engine continuously analyses the entire web to give information security analysts unmatched insight into emerging threats. Sign up for free daily threat intel updates at recordedfuture.com/intel.
Dave Bittner: [00:00:48:23] I'm Dave Bittner in Baltimore with your CyberWire summary for Wednesday, May 11th, 2016.
Dave Bittner: [00:00:54:19] Yesterday was Patch Tuesday and both Microsoft and Adobe addressed vulnerabilities in their products. Microsoft issued a healthy round of 16 fixes. Redmond rates half of them "critical," the others "important." The critical patches include upgrades to Microsoft's old, familiar Internet Explorer browser, the company's new browser Edge, the JScript and VBScript scripting engines in Windows, Microsoft Office, Microsoft Graphics Component, Windows Journal, and Windows Shell. Several of the vulnerabilities addressed represent zero-days that have been exploited in the wild. Adobe's patches included fixes to its PDF Reader and Cold Fusion products. The company also indicated that another upgrade to Flash Player will be out later this week. Sound patch management is, of course, one of the most important security best practices out there. So go easy on your sys admins this week, they'll be busy.
Dave Bittner: [00:01:48:20] At least one of the zero-days Microsoft fixed this month has been actively exploited in targeted attacks against South Korean enterprises. The vulnerability: CVE-2016-0189, is a remote-code execution flaw in Internet Explorer. Researchers at Symantec think the exploit may have been delivered by either spearphishing or waterholing. The campaign is thought to represent espionage, although both attribution and the actual payload the exploit dropped on compromised machines remain unclear.
Dave Bittner: [00:02:19:07] One enterprise in the Republic of Korea that appears to have sustained a successful attack late last month is Hanjin Heavy Industries. The manufacturing conglomerate builds, among other products, warships, and is a significant South Korean defense contractor. The Republic of Korea's Defense Security Command dates the incident to April 20 and says it's investigating. There's no attribution, yet, but signs point, as they usually do on the peninsula, to North Korea.
Dave Bittner: [00:02:46:13] Google has purged the known "Viking Horde" bot-forming malware from its Play Store. Check Point identified a number of compromised apps in the Store. These included "Viking Jump," a gaming app, and other apps called "Parrot Copter WiFi Plus," "Memory Booster," and "Simple 2048." According to Check Point, Viking Jump alone received 50,000 to 100,000 downloads.
Dave Bittner: [00:03:10:12] Bucbi ransomware, as we've noted, is back. Bucbi faded from the scene relatively soon after its discovery in 2014, but it's returned. And now it features a novel and troubling infection mechanism: its controllers are installing it by brute-forcing Remote Desktop Protocol passwords. Most ransomware has previously spread through the email-attachment or compromised website vectors. Palo Alto researchers who are following Bucbi say its controllers are using a brute-forcing utility called "RDP Brute," and that they began their campaign by attacking point-of-sale systems. The ransom demanded from Bucbi is 5 Bitcoin, which amounts to a bit more than $2,300. The extortionists somewhat implausibly identify themselves as the "Ukrainian Right Sector." This is the name of an actual Ukrainian nationalist group that's strongly opposed to Russian activity in their country, but this self-identification seems as likely as not to be a false flag. Researchers think they discern a Russian provenance for some of the tools used. While that's not decisive in attribution, tools are traded and re-purposed and Russian cyber criminality can be difficult to distinguish from its Ukrainian neighbors, still finding Ukrainian nationalists at the root of a cyber crimewave strikes some observers as too pat for plausibility, especially when one asks, "Who stands to gain from this?"
Dave Bittner: [00:04:31:14] In industry news, despite the rumored difficulty security start-ups are said to be having attracting venture capital, money seem available for Internet-of-Things security players. Pwnie Express announced today that it's received $12.9 million in Series B funding from Ascent Venture Partners and others to fund the company’s push into Internet-of-Things security. The company plans to move new Bring Your Own Device, rogue-device-detection, and IoT solutions to market. Pwnie Express also announced the appointment of three executives to lead this effort: CFO, Kasha Gauthier; Vice President of Sales and Service, Bo Thurmond; and Vice President of Marketing, Dimitri Vlachos .
Dave Bittner: [00:05:11:22] The other firm attracting venture investment this week is Bayshore Networks, which raised $6.6 million in Series A funding from Trident Capital Cybersecurity and existing angel investors. Bayshore's offerings will center on security for the industrial Internet-of-Things.
Dave Bittner: [00:05:29:12] And finally, in the field of artificial intelligence, IBM is turning Watson, their question answering computer system, against problems in cyber security. Those problems prominently include, but aren't limited to, the challenges posed by cybercrime. You may recall that Microsoft's AI chatbot, Tay, was grounded earlier this year for picking up a bit of a potty mouth and a whole lot of attitude from the humans she was hanging out with. Watson will be exposed to a better sort of influence: IBM has engaged eight universities to help train their artificial intelligent Jeopardy-winner to know a cyber threat when it sees one. So, to play along with Watson's Jeopardy theme - "This is how you'll hear our interview with IBM's Caleb Barlow, on how he envisions Watson contributing to cyber security." "What is – tune in to tomorrow's CyberWire podcast."
Dave Bittner: [00:06:25:12] This CyberWire podcast is brought to you by Recorded Future, the real-time threat intelligence company whose patented web intelligence engine continuously analyses the entire web to give information security analysts unmatched insight into emerging threats. Sign up for free daily threat intel updates at recordedfuture.com/intel.
Dave Bittner: [00:06:49:19] And I'm joined by Doctor Vikram Sharma, he's from QuintessenceLabs, one of our academic and research partners. I want to talk today about quantum technology. To start off, can you just give us an overview, what are we talking about when we're talking about quantum technology?
Dr. Vikram Sharma: [00:07:03:15] Quantum technology covers a whole range of new applications that we might find over the coming years, which source from harnessing unique quantum effects. Within that context you have, of course, the potential advent of quantum computing, which, once it's out to commercial or useful scale, will allow us to tap into a whole range of problems that today's, even supercomputers, find intractable.
Dave Bittner: [00:07:36:21] So, when I talk to people, particularly when I talk to people who are working with encryption, quantum computing is something that makes them a little bit nervous. They talk about that we have these unbreakable encryption schemes, except for quantum.
Dr. Vikram Sharma: [00:07:49:17] Well, that's actually a very interesting question, Dave. As we look into some of the problems that quantum computers will be well prepared to solve, we see that some of the underlying algorithms, which are used for security today, could potentially be under threat, that's because the quantum computers are able to solve the problems which are at the root of security for those algorithms, very, very rapidly.
Dave Bittner: [00:08:21:05] That's the threat, what are the opportunities that are available to us when it comes to quantum technology?
Dr. Vikram Sharma: [00:08:26:21] Well, there is the area of quantum key distribution which is not a new field in and of itself, it was first conceived over 30 years ago by a couple of folks at IBM and this offers us the promise of being able to transport keys securely between two locations in such a way that, if there was any eavesdropping on that key material that's being transported between the two locations, that eavesdropping would be visible, because at the quantum level, if you look at anything, you disturb it.
Dave Bittner: [00:09:03:06] The old Heisenberg Uncertainty Principle. Vikram Sharma, thanks for joining us today, and don't forget if you have a question for one of our research partners, you can send them in at firstname.lastname@example.org.
Dave Bittner: [00:09:17:14] And that's the CyberWire. For links to all of today's stories, along with interviews, our glossary, and more, visit thecyberwire.com. Thanks to all of our sponsors who make the CyberWire possible. And if you're interested in reaching a global audience of security influencers and decision-makers, well, you've come to the right shop. Visit thecyberwire.com/sponsors to learn more. Don't forget to review us on iTunes, like us on Facebook and follow us on Twitter. The CyberWire podcast is produced by Pratt Street Media. The editor is John Petrik. I'm Dave Bittner. Thanks for listening.
Copyright © 2020 CyberWire, Inc. All rights reserved. Transcripts are created by the CyberWire Editorial staff. Accuracy may vary. Transcripts can be updated or revised in the future. The authoritative record of this program is the audio record.
Get trending information on hackers, exploits, and vulnerabilities every day for FREE with the Recorded Future Cyber Daily. Sign up now.
The Johns Hopkins University Information Security Institute provides the technical foundation and knowledge needed to meet our nation's growing demand for highly skilled professionals in the fields of information security and information assurance.