In today's podcast we review fallout from the Trump-Putin summit. Cyberespionage campaigns resurface in East Asia—at least one of them originates in North Korea. Telefonica sustains a major data breach of Spanish customers' details. Passwords to DVRs are found cached in an IoT search engine. Those DVRs' firmware is also vulnerable to exploitation. The US Census Bureau is asked to provide an overview of measures being taken to secure the 2020 census. David Dufour from Webroot on ransomware in the UK. Guest is James Tabor from MEDIA Protocol on using blockchain technology with online advertising.
Dave Bittner: [00:00:03] Fallout from the Trump-Putin summit. Cyberespionage campaigns resurface in East Asia. At least one of them originates in North Korea. Telefonica sustains a major breach of Spanish customers' details. Passwords to DVRs are found cached in an IOT search engine. Those DVRs' firmware is also vulnerable to exploitation. And the U.S. Census Bureau is asked to provide an overview of measures being taken to secure the 2020 census.
Dave Bittner: [00:00:31] And now a word from our sponsor ObserveIT. What in the world could old '80s technology have in common with insider threat management? Well, visit the ObserveIT booth at Black Hat in Vegas to find out. They're going back to the '80s to reminisce about throwback technology and show you how to take a 21st century approach to your insider threat management strategy. Your Nintendo, floppy disks and OG Macintosh computer will all be there next to your dusty DLP solution to remind why #ThrowbackThursday technology should stay in the past. It's time to go back to the future with ObserveIT for a more complete and modern approach to data loss prevention. Gain visibility and insights into user and file activity instead of simply locking data down with cumbersome tags, limitations and rules. And before you head out, take ObserveIT's quiz on which '80s pop culture icon best represents your insider threat management strategy. Whether you're Han Solo, Tron or Egon from "Ghostbusters," you're a pretty righteous dude. Visit observeit.com/cyberwire and take that quiz today. That's observeit.com/cyberwire. And we thank ObserveIT for sponsoring our show. Major funding for the CyberWire podcast is provided by Cylance.
Dave Bittner: [00:02:11] From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Tuesday, July 17, 2018. The Trump-Putin summit is over, with predictable noises about reduction intentions, scope for cooperation, healthy competition and so on. But observers are baffled by President Trump's choice of the Helsinki meetings to air his now-familiar skepticism of the FBI and other elements of the U.S. intelligence community. He did ask President Putin about Russian information operations during the 2016 U.S. elections, received the foreseeable denial and left it at that, leaving the impression that he sided with Mr. Putin over his own Justice Department.
Dave Bittner: [00:02:48] The impression was strongly reinforced by President Trump's Twitter feed over the weekend and also at the post-summit press conference, where he said, with respect to his having asked President Putin about Russian hacking of U.S. political targets, quote, "President Putin says it's not Russia. I don't see any reason why it would be," end quote. The reason it would be, of course, would be the conclusions the U.S. intelligence community reached that Russian information operations and cyberattacks were and have remained an active threat to the United States. Director of National Intelligence Coats described the activity as, quote, "ongoing pervasive attempts to undermine our democracy," end quote, and emphasized that the intelligence community was clear on that point.
Dave Bittner: [00:03:34] Late this afternoon, President Trump held a press conference in which he said he realizes his remarks in Helsinki require clarification. He didn't mean to say why it would be but rather why it wouldn't be - emphasis in his clarification. So he said he did think the Russians tried to meddle with the election and that he would vigorously defend U.S. elections against the Russians or anyone else. Also, he does have confidence in what the U.S. intelligence community has concluded and that he wants to continue dialogue and negotiation from a position of strength. He said, quote, "I have the strongest respect for our intelligence agencies,'' end quote, and praised both the line workers and the agency's leaders.
Dave Bittner: [00:04:19] Mr. Trump's discussions at the summit are said to have run contrary to the hard-line course on Russian hacking and hybrid warfare his advisers are believed to have recommended to him. His performance has been cast as a game-time decision, according to sources quoted - described by The Washington Post as familiar with the preparations. So the president may well have called an audible in Helsinki. President Putin did acknowledge disagreement over one aspect, at least, of ongoing hybrid warfare. Mr. Putin said, quote, "President Trump's position on Crimea is well-known. He talks about the illegality of the Crimean reintegration to Russia. We have another point of view - that a referendum was held in accordance with international law. For us, it's a closed question," end quote.
Dave Bittner: [00:05:09] President Trump's performance has generally not received good reviews, with reaction across the political spectrum ranging from disappointment to outrage. The president yesterday had already walked back some of his criticism about the intelligence community, saying he had "great confidence in my intelligence people" and emphasizing the importance of establishing better relations between the United States and Russia. Such loosening of tension would appear to be the best possible face to put on meetings. Indeed, the "Give Peace a Chance" take on the summit voiced by Sen. Rand Paul of Kentucky is about the only prominent U.S. support the president's performance has attracted, and that's tepid enough. Congressional Democrats understandably whooped it up this afternoon at a press conference of their own, taking a hard line on Russia that would have done credit to Barry Goldwater. And to be sure, they've got a point.
Dave Bittner: [00:06:04] Thanks to the considerable hype surrounding blockchain-driven cryptocurrencies like bitcoin and Ethereum, there's been a lot of buzz around clever applications of blockchain-distributed ledgers. James Tabor is CEO at MEDIA Protocol, a company that's looking to use the blockchain and smart contracts to try to address many of the shortcomings of the current online advertising ecosystem.
James Tabor: [00:06:28] If you're an advertiser or a content creator, your way of reaching that audience is through these individual platforms. And your money and your content goes in one side, and the audience's data and attention goes in the other, but never the twain really meet. And what we're trying to do with blockchain is bring a degree of transparency not only to, say, the buying and planning purposes but, with MEDIA Protocol, to create a direct-to-consumer relationship. So as a content creator, you would be able to understand who in your network or who in your audience's responsible for that little bit of magic, which is, you know, sharing or actually promoting your content more organically.
Dave Bittner: [00:07:04] How does this address, I guess, what I would describe as a natural tension that's at play right now when it comes to online advertising, which is that while people enjoy having ads targeted to them - they want to see ads that are of things that they're interested in - they're not so happy about all of the tracking that goes on?
James Tabor: [00:07:22] Personally, I think we're not so happy about the - what passes for personalization these days, which actually is not personalized. It's, I'm going to chase you around the internet with a bunch of stuff you either bought or decided you don't really want anymore. Or actually, you're occupying an entirely different headspace. I mean, if I've been looking at sneakers, and I then, let's say, go and read something about my football team, and then it's time to get back to what I was doing - and that could be research on the humanitarian crisis in Darfur - it's not really the best time to just kind of serve me a personalized ad about a pair of sneakers because my headspace has entirely changed.
James Tabor: [00:07:54] I believe that people enjoy being advertised to. But a conversation I was having earlier today, actually - which is really relevant - is that more and more, marketers and brands are trying to create content funnels. So it's not just about getting you straight into a pair of sneakers. It's about getting you into a piece of content about - it could be to do with how you might be exercising. It could be around your favorite sports team. There's plenty of other ways of reaching people, and that is more about relevance.
James Tabor: [00:08:22] You mentioned tracking, and it's not necessarily the tracking that is, per se, the issue. It's the layer of extra partners that's sitting away trying to add or do something to that piece of tracking. And that's come from some interesting tech cycles, where people who don't necessarily understand the market that they're trying to change have come in trying to change it. For a bit of background, I started my career almost 15 years ago, selling billboards. I created a digital out-of-home business when I was at university. I actually then went and sold really big ones for Clear Channel. And when they went into the digital world, I went to commercial rights. And then I spent the last ten years building technology platforms about making advertising data more easy and transparent to kind of buy.
James Tabor: [00:09:05] Now, for us, blockchain has been the missing piece of the puzzle. We've kind of done the analytics pieces and the predictive and then prescriptive analytics. We've always have these edge cases with question. So for us, this smart contract allows us to bring up their clarity. The tracking and the data that we give to people in exchange for interactions can be used to create more relevant content. I think we agree that having some things personalized towards us or made more relevant to us is actually a good thing. But using it as an opportunity to go, hey, hey, Dave, buy this - hey, hey, hey, Dave, buy that - isn't really what we should be using that data for.
Dave Bittner: [00:09:37] Now, what about the security aspects of combating ad fraud? Is this something that use of the blockchain can address?
James Tabor: [00:09:45] You can certainly see there are certainly a number of ways that the blockchain can address this - what constitutes a human? And you can use blockchain to set an agreed bunch of parameters that would make it more likely that that person is a human. Obviously we're not going to be silly enough to say that there's 100 percent certainty that this is going to be a human being, just as - the way you would never say 100 - something's 100-percent not hackable. But you can use the - using the blockchain as this ledger of, I would agree that a - an impression is served when this happens. And this could be maybe IAB says it's one pixel exposed for three seconds. I mean, that's the kind of level you're dealing with when it comes to ad fraud. It could then say that you want someone to be logged in to Chrome, or to use a Facebook Award or a - an email login. And you can set all these different types of parameters, all that they have used the browser in a certain way that means they are less likely to be a bot. That can be written into the smart contract so that the impression could then only be paid for when that criteria is met.
Dave Bittner: [00:10:45] That's James Tabor from MEDIA Protocol.
Dave Bittner: [00:10:49] Trend Micro reports an uptick in reconnaissance by the Andariel Group, a subunit of Pyongyang's Lazarus Group. Andariel's program includes mostly South Korean targets. The threat group is exploiting an ActiveX vulnerability in watering-hole attacks. The activities seem to have been observed in the reconnaissance phase of the overall operation.
Dave Bittner: [00:11:12] Trend Micro is also tracking the reappearance of the Blackgear cyber-espionage actor. Blackgear, which is also known as Topgear and Comnie, seems most interested in Japan, South Korea and Taiwan. It's notable for its deployment of the Protux backdoor and its use of social media as command and control channels.
Dave Bittner: [00:11:33] There's been another data breach that will fall under the European Union's General Data Protection Regulation, the GDPR. Telefonica, one of the world's largest telecommunications companies, has reported a data breach that exposed personal information of millions of Spanish customers. European authorities have been notified, and the investigations have begun. The data was lost through the company's Movistar services, which includes landline, broadband and television.
Dave Bittner: [00:12:01] NewSky Security reports finding passwords for tens of thousands of DVRs manufactured by Dahua. The passwords were cached within search results delivered by ZoomEye, an IoT search engine. The devices are also running old firmware susceptible to a vulnerability that would allow an attacker to establish a TCP connection on a Dahua DVR and deliver a tailored payload through that connection.
Dave Bittner: [00:12:28] Concerns about election and census security are being raised in many quarters of the U.S. The next census, to be held in 2020, will rely far more than any previous constitutionally mandated census on electronic means of data collection. A group of former federal cybersecurity officials have called on the Census Bureau to review its security measures and to provide an overview of that security in a transparent fashion.
Dave Bittner: [00:12:55] To return to yesterday's summit for a moment, President Trump did congratulate President Putin on the country's successful hosting of the World Cup, and President Putin gave him a commemorative soccer ball. Some people, Senator Lindsey Graham of South Carolina among them, have in all apparent seriousness advised that the soccer ball be scanned for bugs. But the soccer ball is probably as innocent as those little portable cooling fans passed out as swag during the Singapore meetings between U.S. and North Korean leaders. So the soccer ball may well be innocent enough, but given that one of the principal objectives of Russian information operations has long been to erode confidence in the policies, views and conclusions of the United States government with respect to information and cyberspace, it seems difficult to regard the summit as anything other than an own goal.
Dave Bittner: [00:13:52] And now a bit about our sponsors at VMware. Their Trust Network for Workspace ONE can help you secure your enterprise with tested best practices. They've got eight critical capabilities to help you protect, detect and remediate. A single open-platform approach, data-loss prevention policies and contextual policies get you started. They'll help you move on to protecting applications, access management and encryption. And they'll round out what they can do for you with micro-segmentation and analytics. VMware's white paper on a comprehensive approach to security across the digital workspace will take you through the details and much more. You'll find it at thecyberwire.com/vmware. See what Workspace ONE can do for your enterprise security - thecyberwire.com/vmware. And we thank VMware for sponsoring our show.
Dave Bittner: [00:14:53] And I'm pleased to be joined once again by David Dufour. He's the senior director of cybersecurity and engineering at Webroot. David, welcome back. We wanted to touch base on ransomware, specifically ransomware in the U.K. That is an area that you all do a good bit of business in. What are you seeing over there?
David Dufour: [00:15:10] Well, you know, it - ransomware's a problem everywhere. And in this case, we did some - as you say, we do have significant business over there, so we did some specific research in the U.K. And we interviewed over 400 IT decision-makers and found that 45 percent of those had suffered some type of ransomware attack. And even more surprisingly, 23 percent of those actually paid the ransom.
Dave Bittner: [00:15:38] Wow. Did they get their stuff back?
David Dufour: [00:15:40] They did. It's a pretty high percentage that are seeing, you know, when they do pay the ransom, they do get their stuff back. But, David, just on that topic - and we've talked about this before, I want to remind people - you should check with your security vendor to make sure any ransomware you may decide to pay for is actually panning out in good quality because you don't want to pay for something if the ransomware is poorly written and you're not going to get your ransomware unencrypted.
Dave Bittner: [00:16:09] Right. There's some ransomware out there where it's not possible to decrypt the - (laughter) decrypt the data.
David Dufour: [00:16:14] Yeah, exactly right. But it - that's - you know, that - I digress on that. But yes, most people are getting, when they pay the ransom - and I'm not advocating do that - but most people are seeing their data unencrypted.
Dave Bittner: [00:16:26] Now, you all saw some other interesting stats with the survey that you did in terms of risk mitigation and recovery processes. What can you share there?
David Dufour: [00:16:35] Well, this is where it gets fun and scary at the same time, and sometimes scary is fun. (Laughter) Eighty-eight percent of the organizations felt like they were better equipped now to deal with ransomware. But (laughter) ironically, only 36 percent of them were doing regular backups and were sure their backups were working. And that's the number-one way for anyone to recover from a ransomware attack...
Dave Bittner: [00:16:57] Wow.
David Dufour: [00:16:57] ...Is to have very solid backups.
Dave Bittner: [00:16:59] That seems like a soberingly small percentage of (laughter) organizations to have backups.
David Dufour: [00:17:06] Well, (laughter) I mean, forget ransomware. That's sobering in general, in this day and age...
Dave Bittner: [00:17:12] Yeah.
David Dufour: [00:17:12] ...That people aren't still doing solid backups.
Dave Bittner: [00:17:15] Wow. What else did you find?
David Dufour: [00:17:17] Staff training, David. At the end of the day, everything boils down to, are you training your staff to make sure you're performing good hygiene, not getting phished, ensuring that people aren't going to expose you? Because people are typically the biggest problem when it comes to exposure to ransomware or any type of cyber threat. And then crisis drills - you know, a lot of organizations don't spend their time going through crisis drills to determine how well they would do if something did happen and how they would recover from it.
Dave Bittner: [00:17:47] Yeah. I heard from an (laughter) organization recently. They were saying that all of their crisis drill manuals were stored on the system. So when stuff got encrypted, they couldn't get to those drills.
David Dufour: [00:18:02] Oh, David. That's (laughter)...
Dave Bittner: [00:18:02] I mean, it's easy to laugh. But it - you know, I mean, it's funny but scary at the same time, like you said at the top of the segment.
David Dufour: [00:18:10] It is. And David, the big thing here - and I think we all experience this running our businesses - it takes time and energy away from our core business. And so you do have to understand the risk you're exposing yourself to and the amount of time, energy and resources you want to commit to it. But I would think you would want to spend some time upfront to understand those risks and either do or don't do things with purpose rather than, you know, running your business on hope because hope isn't really a plan.
Dave Bittner: [00:18:42] Yeah. All right. Well, good advice as always. David Dufour, thanks for joining us.
David Dufour: [00:18:47] Thanks a lot, David. Have a great day.
Dave Bittner: [00:18:53] And that's the CyberWire. For links to all the stories mentioned in today's podcast, check out our daily news brief at thecyberwire.com. Thanks to all of our sponsors for making the CyberWire possible, especially to our sustaining sponsor, Cylance. To find out how Cylance can help protect you using artificial intelligence, visit cylance.com. And Cylance is not just a sponsor. We actually use their products to help protect our systems here at the CyberWire. And thanks to our supporting sponsor VMware, creators of Workspace ONE intelligence. Learn more at vmware.com.
Dave Bittner: [00:19:28] The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technology. Our show is produced by Pratt Street Media with editor John Petrik, social media editor Jennifer Eiben, technical editor Chris Russell, executive editor Peter Kilpe. And I'm Dave Bittner. Thanks for listening.
Copyright © 2019 CyberWire, Inc. All rights reserved. Transcripts are created by the CyberWire Editorial staff. Accuracy may vary. Transcripts can be updated or revised in the future. The authoritative record of this program is the audio record.
ObserveIT is the leading Insider Threat Management solution with approximately 1,700 customers across 87 countries. ObserveIT is the only solution that empowers security teams to detect insider threats, streamline the investigation process, and prevent data exfiltration. Start your free trial of ObserveIT today.
VMware is a global leader in cloud infrastructure and business mobility. Built on VMware's industry-leading virtualization technology, our solutions deliver a new model of IT that is fluid, instant and more secure. Learn more.