The CyberWire Daily Podcast 1.7.16
Dave Bittner: [00:00:04:00] Electrical utilities look to their cyber defenses in the wake of the hack in Ukraine. Malware is being distributed with compromised certificates. Cyber-enabled warranty fraud is increasing. WordPress and Silent Circle issue patches. TimeWarner Cable warns its customers that their accounts may have been compromised. A bit more from Emsisoft on ransomware-as-a-service tool, Ransom32, plus what do you do when your parents get a call from tech support?
Dave Bittner: [00:00:30:08] This CyberWire podcast is made possible by the Johns Hopkins University Information Security Institute, providing the technical foundation and knowledge needed to meet our nation's growing demand for highly skilled professionals in the field of information security, assurance and privacy. Learn more online at isi.jhu.edu.
Dave Bittner: [00:00:53:13] I am Dave Bittner in Baltimore with your CyberWire summary for Thursday January 7th 2016.
Dave Bittner: [00:00:59:18] The Ukrainian rolling blackout, now generally regarded as the work of Russian security organs, prompts electrical utilities worldwide to take stock of their cyber defenses. This is especially true in the United States where such taking stock results in an evergreen discovery. Much of the information attackers would need to stage their attacks is freely available in open sources.
Dave Bittner: [00:01:20:19] Eyesight partner's project grid strike provides an object lesson in the form of proof of concept collection, showing how attackers could develop such intelligence.
Dave Bittner: [00:01:31:10] And while squirrels doubtless have a much larger track record in power disruption, as Tenable points out in a Passcode op-ed, observers look for an increase in cyber attacks on infrastructure in 2016.
Dave Bittner: [00:01:43:19] A report surfaces, attributed to US Coast Guard sources, that a cyber attack on a US port was attempted and thwarted late in 2015.
Dave Bittner: [00:01:53:22] Cyber-rioting resumes in the subcontinent as Indian hacktivists deface Pakistani sites as a memorial tribute to a slain border control officer.
Dave Bittner: [00:02:01:24] Criminals are using compromised certificates to help spread malware infections. Trend Micro warns that Let's Encrypt certificates are being used to facilitate distribution of the Angler exploit kit. Zscaler reports some interesting findings on the information-stealing Trojan Spymel, who's .net executable is "signed with a legitimate Digi-Cert issued certificate."
Dave Bittner: [00:02:23:22] If you've wondered about how criminals monetize identity theft, here's one trending approach discussed by Brian Krebs. The crooks use stolen identities in warranty fraud. They pose as you, gentle customer, tell the vendor that the gizmo you bought isn't working right, then receive a replacement they proceed to fence.
Dave Bittner: [00:02:42:10] TimeWarner Cable is notifying some 320,000 customers that their accounts may have been compromised. Look to your passwords.
Dave Bittner: [00:02:50:13] WordPress issues an update that fixes some security holes. SilentCircle patches an issue in its designed-for-privacy Blackphone.
Dave Bittner: [00:02:58:00] In industry news, speaker manufacturer Harmon International enters the market as it buys automotive cyber security company TowerSec. And investors continue to speculate about which companies may prove acquisition targets in 2016.
Dave Bittner: [00:03:14:06] This CyberWire podcast is brought to you by the Digital Harbor Foundation, a non profit that works with youth and educators to foster learning, creativity, productivity and community through technology education. Learn more at digitalharbor.org.
Dave Bittner: [00:03:34:12] John Petrik is the editor of the CyberWire, and he joins me once again. John, imagine my elderly folks sitting home in their condo, and they're watching Matlock on the TV and suddenly their landline phone rings, and on the other end it's someone claiming to be from tech support, and he's there to tell them that there's a serious problem with their computer but he can fix it online, if only they would give him access to it. Chances are that's not actually tech support right?
John Petrik: [00:04:02:18] Yeah, it's not tech support at all, and let me just say that I really hope you're a more dutiful son with your parents, and I suspect you are, and that you help them out with things like that.
Dave Bittner: [00:04:12:12] I supply endless lifetime unlimited tech support for my parents, thank you very much.
John Petrik: [00:04:17:04] Okay. The general phenomenon you're describing is an instance of what people call social engineering.
Dave Bittner: [00:04:23:13] Okay, so social engineering. Tell me more, what exactly is that?
John Petrik: [00:04:26:03] Social engineering needn't be a scam directed at the elderly and, in fact, usually it's not. It's the way that people often gain access to criminals, opponents, the opposition. It often gains access to a business enterprise or a government agency. So, social engineering is the art of obtaining information illegitimately, by deceiving or manipulating people who have legitimate access to that information.
Dave Bittner: [00:04:47:19] So, someone on the other end of the phone, someone on the other end of the computer, they're convincing you to do something that you shouldn't do and they are quite good at being convincing, yes?
John Petrik: [00:04:58:15] Yes, it's a con, and social engineers are con artists. They are the modern version of the traditional con-man. And it's worth noting that, as from your example, this needn't happen in cyberspace. You know, the social engineer can call you on the phone, on the landline; the social engineer can show up at your place of business pretending to be a delivery man, or someone who would like to use a restroom or something like that. But the idea is to establish some sort of relationship of trust. He wants to get you to have confidence in him or in her. Hence the name con. You know a con artist does that, they exploit your confidence, and they are convincing you to do something that is really not in your best interests to do.
John Petrik: [00:05:36:18] So, to come back to the case of your poor parents, and I am going to talk to them to check that, in fact, you're helping them out with this kind of thing, what the scammer on the other end is going after is some credential, that he wants access to their machine, he wants their passwords. Why would he do that? He might want to steal their identity. He might to rope their machine into a bot net. He might want to do any number of things with them.
Dave Bittner: [00:06:06:11] He might say to them that, you know, "I've vandalized your computer, it's out of warranty, but for the low, low price of 99 dollars I'll fix it right now."
John Petrik: [00:06:13:10] Yes, any kind of scam you can imagine, they could run like that. But what they're after in this case, and what what we're interested in, is getting access to a device, to a system, to a network. And they do that by convincing someone to give up their credentials. There's a very familiar family of scams like this, it's called the Microsoft Tech Support Scam, because typically they say, "We're from Microsoft tech support, and we have detected a problem with your computer. We need access to it. Please give us your credentials and we'll be able to take care of that for you in a jiffy." Now, of course, this isn't Microsoft. Microsoft is not going to call you up and do that. Microsoft knows what it's doing, and it knows that would be very bad practice if they ran tech support that way. So it's not Microsoft, it's some guy sitting in a boiler room somewhere calling people up at random, hoping to get their stuff. They'll call people who own Macs and tell them, you know, "Your Microsoft computer is"--
Dave Bittner: [00:07:11:00] Right.
John Petrik: [00:07:11:04] If you don't own a Microsoft machine, that's a dead giveaway that there's something wrong here.
Dave Bittner: [00:07:15:13] Well, and I suppose part of makes it difficult is that you can't just install an antivirus bit of software and protect yourself, because that's not how they're getting into your system, they're using you. So what's the advice to my elderly parents? What's the advice to our listeners, to have your guard up against these kinds of attacks?
John Petrik: [00:07:37:16] It's the same advice you'd give someone, to be wary of anyone who approaches you with any con, is don't trust the random voice on the other end of the telephone. Don't assume that the person calling you is in fact the person that they say they are. It's unlikely in the extreme that Microsoft tech support is going to call you. It's as unlikely that Microsoft tech support would call you like that, as it is that the widow of a Nigerian prince would have been moved in her heart to ask you for assistance in transferring funds.
Dave Bittner: [00:08:10:00] Yes, to be fair I mean she was very convincing, and I needed the money.
John Petrik: [00:08:14:06] I really need to talk to your parents.
Dave Bittner: [00:08:16:08] Thanks John.
John Petrik: [00:08:17:01] You're welcome.
Dave Bittner: [00:08:17:03] We'll talk again soon.
Dave Bittner: [00:08:20:03] And that's the CyberWire. For links to all of this week's stories along with interviews, our glossary and more, visit thecyberwire.com. The CyberWire podcast is produced by CyberPoint International and their editor is John Petrik. Thanks for listening.