In today's podcast we hear about trends in phishing, ransomware, and distributed denial-of-service—and none of those trends are particularly good. We hear why some ransomware may keep coming back after it's been removed. US bank regulators warn financial institutions to mind their security manners in the wake of the SWIFT-related fraudulent transfers, and investigation into the Bangladesh Bank hack still point toward Pyongyang (with a slight nod in the direction of Shanghai. The FBI is actively stinging potential jihadists, and Singapore gets ready to wean its civil servants from the Internet at work. And we welcome our newest research partner, Dr. Charles Clancy from Virginia Tech's Hume Center.
Dave Bittner: [00:00:03:17] Phishing, ransomware, and the state of the Internet. Why some malware comes up again even after cleaning. Investigations into the Bangladesh Bank hack continue, with attention centering on North Korea, and with some suspicion that the DPRK may have bought some access from moonlighters in Shanghai Another acquisition in the cyber sector, and no-one's immune from a tight labor market. Singapore will restrict civil servants' Internet access next year, and wants to keep official email out of private channels. The FBI continues its investigation into alleged public-private email co-mingling, and various strains of jihad and counter-jihad cross paths online.
Dave Bittner: [00:00:43:19] Today's podcast is made possible by ThreatConnect. Join their free webinar and learn how security incidents happen at the seams between tools and teams, and how you can unite your people, processes and technologies behind an intelligence-driven defense. Sign up today at threatconnect.com/webinar.
Dave Bittner: [00:01:06:07] I'm Dave Bittner in Baltimore, with your CyberWire summary for Wednesday, June 8th, 2016.
Dave Bittner: [00:01:11:24] Bogus Apple domains are the source of several phishing expeditions targeting users in the UK and China. FireEye says the phishers are after Apple IDs and passwords.
Dave Bittner: [00:01:22:06] Another phishing campaign is out to double-tap victims of the Mount Gox cryptocurrency exchange collapse. If you lost money in Mount Gox, Cyren warns, expect to be phished from the notorious Kraken Exchange.
Dave Bittner: [00:01:36:13] Locky and TeslaCrypt ransomware are being overtaken by a crimeware dark horse called “Crysis.” ESET researchers report that Crysis is unusual in that it seems largely agnostic with respect to file extensions. Most crypto ransomware picks our certain extensions for encryption, but Crysis goes after pretty much everything.
Dave Bittner: [00:01:56:11] BlackShades is also still out there, as ransomware attacks show no signs of abating. BlackShades, as Trend Micro notes, accepts ransom by Paypal and taunts security researchers with sub-literate boasting embedded in its code. BlackShades’ victims are still mostly English and Russian speakers.
Dave Bittner: [00:02:15:07] SecureWorks offers an explanation for the apparent recurrence of some malware in cleaned systems. Some attack code exploits BITS, a native Windows tool used to retrieve updates.
Dave Bittner: [00:02:26:18] The Bangladesh Bank hack still looks to many like a North Korean job, although there are some suggestions that the attackers may have bought some of their access from moonlighting hackers who have day jobs in China’s People's Liberation Army. F-Secure’s Mikko Hypponen notes that the cool billion the thieves almost got away with would have solved a lot of budget problems for the DPRK, which runs on about $4 billion a year. Whoever was behind the fraud, the theft may well have been enabled by compromised and lousy passwords. Not as bad as "dadada," perhaps, but not much better. We hear there’s this guy who was using dadada for his LinkedIn and Pinterest accounts, if you can believe it…
Dave Bittner: [00:03:06:10] In any case, US bank regulators have joined the international chorus of financial system minders telling banks to up their security game. The Federal Financial Institutions Examination Council (FFIEC), which numbers among its members the Federal Reserve, the Federal Deposit Insurance Corporation, and the Comptroller of the Currency, didn’t issue any new rules, but advised banks to review their risk management practices and their controls over payment networks. So the warning amounts to a stern counsel to mind your compliance and your best practices lest you sustain scrutiny from regulators, which of course you will.
Dave Bittner: [00:03:42:15] This week sees a number of trend reports. The New York Times points with alarm to the well-known state-driven market for zero-days, and the afore-mentioned Mikko Hypponen observes that the notorious difficulties of attribution make cyber weaponry perfect for the sort of semi-deniable hybrid war being waged in many parts of the world today.
Dave Bittner: [00:04:03:01] Akamai’s quarterly State of the Internet report sees a continuing rise in distributed denial-of-service attacks, and observes that many of these are using stresser/booter-based botnets. DDoS remains cheap, and it remains an effective misdirection technique to mask other attacks. Akamai also reports that account takeover attacks are particularly targeting financial and entertainment verticals.
Dave Bittner: [00:04:26:11] In industry news, Fortinet announces its acquisition of AccelOps, the Silicon Valley security information and event management shop. Fortinet sees the acquisition as a play to move security intelligence to the cloud.
Dave Bittner: [00:04:40:02] And US Cyber Command isn’t immune to a tight labor market. Major General Paul Nakasone, commander of its National Mission Force, says that while recruiting is fine, retention is proving more challenging.
Dave Bittner: [00:04:52:03] Elsewhere in the US, the Intelligence Advanced Research Projects Agency, IARPA (the IC’s homegrown version of DARPA) is soliciting ideas for innovative and deceptive approaches to cyber security.
Dave Bittner: [00:05:04:24] Looking at cybersecurity research more generally, the CyberWire is pleased today to welcome its newest research partner, Virginia Tech’s Hume Center. We spoke with the Hume Center’s Director, Charles Clancy, about his organization and its research interests. We'll hear from him after the break.
Dave Bittner: [00:05:20:15] Singapore is going to restrict its civil servants’ Internet access dramatically, hoping thereby to reduce its government's vulnerability to phishing, waterholing, and so on. They can say adieu to freely surfing the web by May of next year. Such surfing, we note, isn’t necessarily or even usually frivolous - there are lots of important business reasons to maintain access to the Internet. It’s interesting that one of the tech-savviest governments on the planet is working toward this kind of separation. Civil servants will still be able to access the web from private devices, as long as those endpoints have no access to government email. The government will provide dedicated and closely controlled terminals for those personnel whose work requires Internet access.
Dave Bittner: [00:06:03:18] In the US, the FBI’s investigation of some American government officials’ use of personal servers that may or may not have co-mingled personal and government emails continues, but behind a discreet investigatory veil of secrecy. Some civil servants are said to have received partial immunity.
Dave Bittner: [00:06:21:03] And finally, as anti-ISIS jihadis from Iran's Revolutionary Guard take to online media to tweak the self-declared Caliphate, the FBI Director warns that those who flirt with jihad risk arrest. The Bureau has apparently expanded its use of sting operations to net aspiring terrorists, so surfers beware, and stay clear of that guy from the Revolutionary Guard. He calls himself "Abu Azrael," - that’s “Father of Azrael.” Azrael, our stringers tell us, would be the Angel of Death, so Abu Azrael must be a dangerous guy. In any case he seems to act as ruthlessly as his enemies.
Dave Bittner: [00:07:03:21] Today's podcast is made possible by E8 Security - detect, hunt, respond. E8 security is transforming the effectiveness of enterprise security teams. Read their informative white paper, a unified use case for preventing unknown security threats, at E8 security.com/dhr.
Dave Bittner: [00:07:29:14] And it's my pleasure today to introduce our newest academic and research partner. Dr. Charles Clancy is the director of the Hume Center for National Security and Technology - they're part of Virginia Tech. Dr. Clancy, welcome to The CyberWire.
Dr. Charles Clancy: [00:07:42:16] Thanks. It's great to be here.
Dave Bittner: [00:07:44:10] Just by way of introduction, could you tell us a little bit more about yourself and the kind of research that goes on there at the Hume Center?
Dr. Charles Clancy: [00:07:51:02] Certainly. The Hume Center at Virginia Tech was established in 2010, really to try and help bridge the gap between students who are interested in careers in national security, and a growing demand by employers, both in the federal government and in industry, for students who are really interested and understand the world of national security. Given that security is an increasing challenge to our nation, it's a key focus that much of the curriculum that we've developed in the student-oriented programs that we have unveiled over the last few years.
Dave Bittner: [00:08:24:10] What are the particular areas of research that you are interested in personally?
Dr. Charles Clancy: [00:08:28:19] Personally, my research has historically been in wireless security. I've done a lot of work in cellular, and as the Internet-of-things becomes a key part of cellular, doing a lot of work in the Internet-of-things and security challenges for the Internet-of-things.
Dave Bittner: [00:08:41:10] All right. Well, we look forward to talking to you, as time goes on, and learn about some of the interesting things that you all are working on there. Thanks for joining us.
Dave Bittner: [00:08:51:21] And that's The CyberWire. For links to all of today's stories, along with interviews, our glossary and more, visit thecyberwire.com. Thanks to all of our sponsors, who make The CyberWire possible. If you'd like to place your product, service, or solution in front of people who'll want it, you'll find few better places to do that than the CyberWire. Visit thecyberwire.com/sponsors and find out how to sponsor our podcast or Daily News Brief. The CyberWire podcast is produced by Pratt Street Media. The editor is John Petrik; I'm Dave Bittner. Thanks for listening.
Copyright © 2020 CyberWire, Inc. All rights reserved. Transcripts are created by the CyberWire Editorial staff. Accuracy may vary. Transcripts can be updated or revised in the future. The authoritative record of this program is the audio record.
Security incidents happen at the seams, between tools and teams. Unite your people, processes, and technologies behind an intelligence-driven defense. Attend this ThreatConnect webinar to learn how.
Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the NSA, FBI and more. Register with promo code cyberwire50 for half off your admission (Regular price $250)