In today's podcast, we hear that cryptojacking apps have reappeared in Google Play. A brewer's experience with ransomware shows that victims needn't be helpless in the face of extortion. A look at the black market finds that zero-day vendors have grown a lot scarcer on the ground. Google responds—a little—to concerns about privacy in Chrome login. The US Senate is holding hearings on privacy. Big Tech will be there. And are political campaigns slipping into learned helplessness about cybersecurity? Dr. Charles Clancy from VA Tech’s Hume Center on university spin-offs and partnerships. Guest is Dinah Davis from Code Like a Girl on how men can help increase diversity through mentorship.
Dave Bittner: [00:00:03] Cryptojacking apps reappear in Google Play. A brewer's experience with ransomware shows that victims needn't be helpless in the face of extortion. A look at the black market finds that zero-day vendors have grown a lot scarcer on the ground. Google responds - a little - to concerns about privacy in Chrome login. The U.S. Senate is holding hearings on privacy, and big tech will be there. And are political campaigns slipping into learned helplessness about cybersecurity?
Dave Bittner: [00:00:37] Time to take a moment to tell you about our sponsor, Recorded Future. Recorded Future is the real-time threat intelligence company whose patented technology continuously analyzes the entire web, developing cyber intelligence that gives analysts unmatched insight into emerging threats. At the CyberWire, we subscribe to and profit from Recorded Future's Cyber Daily. As anyone in the industry will tell you, when analytical talent is as scarce says it is today, every enterprise owes it to itself to look into any technology that makes your security teams more productive and your intelligence more comprehensive and timely - because that's what you want, actionable intelligence. So sign up for the Cyber Daily email, where every day you'll receive the top trending indicators Recorded Future captures crossing the web, cyber news, targeted industries, threat actors, exploited vulnerabilities, malware, suspicious IP addresses and much more. Subscribe today and stay a step or two ahead of the threat. Go to recordedfuture.com/intel to subscribe for free threat intelligence updates. That's recordedfuture.com/intel. And we thank Recorded Future for sponsoring our show. Major funding for the CyberWire podcast is provided by Cylance.
Dave Bittner: [00:01:54] From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Wednesday, September 26, 2018. Cryptojacking continues to preoccupy cybercriminals. They've succeeded in restocking Google Play with at least 25 cryptomining apps, according to researchers at security firm Sophos. Google has ejected some of the cryptojackers, but not all. And when they finish the purge, others are likely to take their place. Most of the apps use embedded Coinhive code to mine Monero and use the Coinhive servers, as well, HackRead reports. But there's some variation. At least one of the unwanted apps uses XMRig, and a few of the Coinhive varieties use other servers, probably to avoid tripping warnings.
Dave Bittner: [00:02:42] There are other measures that seem designed to let this malware fly under the detection radar. They limit CPU usage, for one thing, which helps keep the infected device from overheating, its battery from losing its charge suspiciously rapidly. The malicious apps are also observed not to degrade the devices' responsiveness too much, which is another sign that might alert a user to a cryptojacking infection. A lot of the cryptomining apps masquerade as games. Others represent themselves as test prep tools. If you're preparing for the LSAT, the SAT, the ACT, the GRE, the MCAT or even the PSAT, seekest thou else whither, friend.
Dave Bittner: [00:03:25] The runner-up in cybercrime remains ransomware. Scotland's Arran Brewery was hit with a targeted version of Dharma Bip ransomware last week. They declined to pay the ransom and have, they say, recovered. The infection vector was an emailed cover letter accompanying a job application, which is the kind of thing that might happen to any organization and implies no particular negligence. Arran's determination not to pay ransomware was good, as was their evident preparation for resilience in the face of this sort of threat.
Dave Bittner: [00:03:57] A significant part of their response seems to have involved bringing in security consultants to come up with a decryptor. Course, the first step in preparing to survive ransomware is regular secure backup. Arran did better than the city of Atlanta, Ga., which needed some six months to recover and has, even so, left its citizens largely in the dark about what happened and what the remediation cost them.
Dave Bittner: [00:04:23] It's worth noting that the cyber black market functions like a market, responsive to the pressures of supply and demand that operate in legitimate markets. Consider the black market in zero-days, once a thriving trade. But security firm FireEye told Fifth Domain that it's now seeing only a handful of black marketeers selling zero-days in black markets. Two causes seem to lie behind this encouraging development. Bug bounties are inducing black hats and gray hats to put on white hats and enter the legitimate market.
Dave Bittner: [00:04:55] If you can find a zero-day and get paid for disclosing it to the vendor or the user, that's a better and more honest way to make a buck than selling to the Russian mob. And police and prosecutors are getting better at squeezing the black hats. Unscrupulous malware vendors are finding themselves caught, convicted and jailed at higher rates.
Dave Bittner: [00:05:17] In response to user backlash, Google has decided to offer an opt-out for its automatic Chrome login. The incident looks like a misreading of the public mood and a partial walk-back. They're offering opt out, not opt in. The controversial update to Chrome 64 automatically logs users into the browser whenever they're logged into any other Google service. TechCrunch notes that concerns are that a user's browser history would be automatically folded in with other aspects of a user's Google identity. Google says that won't happen, but people have not been happy.
Dave Bittner: [00:05:54] Dinah Davis is vice president of research and development at Arctic Wolf Networks, and she's founder of code.likeagirl.io. She joins me to discuss a recently published "Code Like a Girl" article written by Glenn Block, titled, "Men: Want to Increase Diversity in Tech? Be a Mentor."
Dinah Davis: [00:06:13] You know, reaching out and actively trying to be a mentor for women, women of color, all kinds of people. And he talks in this article about how he's done that, and how it's benefited him and, you know, talks to some of the women who have, like, benefited from it, as well.
Dave Bittner: [00:06:32] Yeah. I mean, I think it's a really interesting point, and I think maybe one that we don't think of very often. Certainly, there's no shortage of stories about the women who sort of were the trailblazers when it comes to women in tech and have been - and the importance of mentoring. They talk about how important it was for them to have good mentors. But then also I think, you know, women mentoring other women, those stories you hear pretty often, but not so much the stories of men intentionally mentoring women.
Dinah Davis: [00:07:01] Exactly. I love, like, that he just puts in, like, this side note in his article that it's, like, also vital for women to mentor men, as covered in this post, which is another, a separate post from Rachel Appel. So he's bringing that aspect in, too, right? Like, that changes diversity, as well. If you're, you know, if you're having mean look to women in a place of leadership and mentorship, it changes the dynamic.
Dinah Davis: [00:07:29] And also, like, you know, if you see that, other people see that, that's like, oh, yeah - that should be the norm. Men can mentor women. Women can mentor men. We can do it, you know, within the same sex. It doesn't matter. But, like, making those things the norm is what's so important, right?
Dave Bittner: [00:07:46] Yeah. And I think also just the notion of having someone with authority, someone with, you know, status within a company, being able to lead that new person around, introduce them, make connections, I think it has an amplification factor to it.
Dinah Davis: [00:08:03] It totally does. So, like, I'll share one story from this article. You can read the article for more details. But, one day he got this message from a lady that he'd been mentoring. And she said, I have some news. I was extended a job offer, and accepted it, for a product manager position. Our calls definitely helped me influence landing that offer. And about four months before, they'd met on a Slack channel. I think there's, like, a mentorship Slack channel that he's a part of.
Dinah Davis: [00:08:34] And they chatted on Slack. They chatted on Zoom. They never met in person, but they talked about product management and her goals in product management. That helped her get more confidence when looking for a job and knowing what to do. It made a huge difference for her. So there's, like, one thing, where, like, even if that was the only person he mentored, he made an impact. But he's doing this with multiple women.
Dinah Davis: [00:08:59] And the other great part of this article is he talks about how to get started. Right? So you might want to help, and you just, like, have no idea. You don't want to just walk up to some random woman and say, hey, can I mentor you?
Dave Bittner: [00:09:10] Right.
Dinah Davis: [00:09:11] Because that wouldn't be awkward at all. Right?
Dave Bittner: [00:09:14] Yeah. (Laughter).
Dinah Davis: [00:09:14] (Laughter). So he's like, here's - you know, there's groups, right? You can join women who code, mind a product, Slack channels. They're out there. "Code Like a Girl" has a Slack channel. We also have a Facebook group you can join and find people and just, you know, when people are asking questions, you start answering them and building relationships with them, right? So I like that he didn't just say, hey, you should do this, but he said, hey, you should do this and here's some tips on how you can.
Dave Bittner: [00:09:41] Right. All right. Well, the article, it's on code.likeagirl.io, and it's, "Men: Want to Increase Diversity in Tech? Be a Mentor." Check it out. As always, Dinah Davis, thanks for joining us.
Dave Bittner: [00:09:54] The U.S. Senate is holding hearings today on privacy, and big tech, which fears an American GDPR, is taking them seriously. Google, represented by an empty chair at the last round of hearings where the senators heard from both Facebook and Twitter, will be there this time. And a sufficiently senior executive will be there to represent Mountain View. The company's chief privacy officer Keith Enright will appear.
Dave Bittner: [00:10:19] In a prepared statement released in advance of the Senate Commerce Committee, Enright said, in part, quote, "we acknowledge that we have made mistakes in the past from which we have learned and improved our robust privacy program," end quote. He also said, CRN reports, quote, "with advertising, as with all our products, users trust us to keep their personal information confidential and under their control. We do not sell personal information, period," end quote.
Dave Bittner: [00:10:48] Other companies testifying include Amazon, AT&T and Apple. Amazon intends to make it clear that regulation comes with costs. Their prepared remarks note that GDPR, quote, "required us to divert significant resources to administrative and record keeping tasks and away from inventing new features for customers," end quote. Twitter will be there, too, urging that we get together to develop a robust privacy framework that protects individual rights while preserving the freedom to innovate.
Dave Bittner: [00:11:20] Concerns about a U.S. version of GDPR aren't idle. Breaches, extensive data collection and privacy concerns have increased congressional appetite for regulation. As Senate Commerce Committee chair John Thune, a Republican of South Dakota, told The Hill, the lawmakers are interested in seeing how consumer protection might best be made a matter of law, especially since it seems that industry may be proving itself incapable of self-regulation. The executive departments are also looking in that direction. Commerce, in particular, is looking into lessons that GDPR might hold for privacy regulation on this side of the Atlantic. Justice is also holding its own listening campaign with a view to formulating a position on consumer protection online.
Dave Bittner: [00:12:07] As U.S. midterm elections approach, state and federal officials are talking and seem to be doing a great deal about securing voting systems. The political campaigns themselves, however, seem to be a different kettle of fish, according to a story in The Olympian. A lot of them appear to be sliding into learned helplessness about their own data and communications. It's difficult and expensive to secure things so maybe they should hope for the best. Expect some doxing, unwelcome and forced transparency, at least as the campaigns enter their endgames.
Dave Bittner: [00:12:47] Now a moment to tell you about our sponsor, ObserveIT. It's 2018. Traditional data loss prevention tools aren't cutting it anymore. They're too difficult to deploy, too time-consuming to maintain and too heavy on the endpoint. They are high-maintenance and require endless fine tuning. It's time to take a more modern approach. With ObserveIT, you can detect insider threats, investigate incidents quickly and prevent data loss. With its lightweight agent and out-of-the-box insider threat library, ObserveIT is quick to deploy and far more effective at stopping data from leaving your organization. That's because ObserveIT focuses on user behavior. It's built to detect and respond to insider threats, and it's extremely difficult even for the most technical users to bypass. Bring your data-loss prevention strategy into the modern era with ObserveIT. Learn more at observeit.com/cyberwire. That's observeit.com/cyberwire. And we thank ObserveIT for sponsoring our show.
Dave Bittner: [00:13:57] And I'm pleased to be joined once again by Dr. Charles Clancy. He's the executive director of the Hume Center for National Security and Technology at Virginia Tech. Dr. Clancy, welcome back. I saw a story come by recently about Virginia Tech partnering with a startup called DeepSig involved with protecting wireless devices. Can you sort of walk us through? How does a company that spins off from a university like Virginia Tech, how does that process work?
Charles Clancy: [00:14:26] So this particular company was based around the Ph.D. dissertation of one of my students, and it's some really interesting research. Basically, what he showed in his dissertation is that the whole concept of software-defined radio, where you essentially take the different functions of a wireless device and map them into software blocks and wire them together much in the same way that you would wire together analog circuits in an analog radio, was sort of unnecessarily constraining.
Charles Clancy: [00:14:59] And, basically, what he showed is that you could train a deep learning neural network to do that same task, and not only would it perform the task better, but it would do so with significantly increased efficiency over the traditional algorithms. And the applications in the space are significant, from sophisticated spectrum-sensing technologies, to building wireless communications systems on the fly that are uniquely tailored for their RF environment. This particular project that we're collaborating on now is focused on using these same techniques to recognize anomalies in that wireless environment and being able to use that to inform some sort of cybersecurity sensor.
Dave Bittner: [00:15:37] And so can you describe to us the importance for the university to support these startups? I mean, as part of the overall ecosystem, this is a nurturing function that the university has?
Charles Clancy: [00:15:51] Exactly. So there's a couple different ways to think about university research. Oftentimes, university research will just end in the publication of a paper at a conference or a journal. We often try to find other customers for that technology, whether it's the government agencies that may have funded the work, or identify ways that we can spin those off into startup companies.
Charles Clancy: [00:16:14] And it's not so much about potential royalties for the university - because pretty much every university loses money on their licensing arm - but it's about getting that technology out in the world and having it make a difference both in terms of impacting the field but also supporting economic development for the region.
Dave Bittner: [00:16:31] Dr. Charles Clancy, thanks for joining us.
Charles Clancy: [00:16:33] Thanks a lot.
Dave Bittner: [00:16:37] And that's the CyberWire. For links to all the stories mentioned in today's podcast, check out our daily news brief at thecyberwire.com. Thanks to all of our sponsors for making the CyberWire possible, especially to our sustaining sponsor, Cylance. To find out how Cylance can help protect you using artificial intelligence, visit cylance.com. And Cylance is not just a sponsor. We actually use their products to help protect our systems here at the CyberWire. And thanks to our supporting sponsor, VMware, creators of Workspace ONE Intelligence. Learn more at vmware.com.
Dave Bittner: [00:17:12] The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technology. Our CyberWire editor is John Petrik. Social media editor, Jennifer Eiben. Technical editor, Chris Russell. Executive editor, Peter Kilpe. And I'm Dave Bittner. Thanks for listening.
Copyright © 2019 CyberWire, Inc. All rights reserved. Transcripts are created by the CyberWire Editorial staff. Accuracy may vary. Transcripts can be updated or revised in the future. The authoritative record of this program is the audio record.
Get trending information on hackers, exploits, and vulnerabilities every day for FREE with the Recorded Future Cyber Daily. Sign up now.
ObserveIT is the leading Insider Threat Management solution with approximately 1,700 customers across 87 countries. ObserveIT is the only solution that empowers security teams to detect insider threats, streamline the investigation process, and prevent data exfiltration. Start your free trial of ObserveIT today.