The CyberWire Daily Podcast 5.13.20
Ep 1087 | 5.13.20

More data theft by ransomware. Patch Tuesday notes. Espionage and possible data corruption against COVID-19 researchers. Be a role model for your AI.


Dave Bittner: [00:00:03] Ransomware continues to steal personal information; notes on Patch Tuesday and, please, by all means, patch. The FBI says it's investigating cyber-espionage directed against COVID-19 researchers, and U.S. officials see direct data corruption in espionage; Joe Carrigan with Twitter's response to 5G-related coronavirus conspiracy theories. Our guest is Chris Cochran from Netflix on the importance of personal health and safety. And the AI doesn't really know what to make of us anymore. 

Dave Bittner: [00:00:38]  And now a word from our sponsor, ThreatConnect. Designed by analysts but built for the entire team, ThreatConnect's intelligence-driven security operations platform is the only solution available today with intelligence, automation, analytics and workflows in a single platform. Every day, organizations worldwide use ThreatConnect as the center of their security operations to detect, respond, remediate and automate. With all of your knowledge in one place, enhanced by intelligence, enriched with analytics, driven by workflows, you'll dramatically improve the effectiveness of every member of the team. Want to learn more? Check out their newest e-book, "SOAR Platforms: Everything You Need to Know About Security, Orchestration, Automation, and Response." The book talks about intelligence-driven orchestration, decreasing time to response and remediation with SOAR and ends with a checklist for a complete SOAR solution. Download it at That's And we thank ThreatConnect for sponsoring our show. Funding for this CyberWire podcast is made possible in part by McAfee, security built natively in the cloud for the cloud, to protect the latest, like containers, to empower your change-makers, like developers, and to enable business accelerators, like your teams. Cloud security that accelerates business - it's about time. Go to 

Dave Bittner: [00:02:10]  From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Wednesday, May 13, 2020. Ransomware continues to steal data. BleepingComputer reports that Magellan Health, a large US-managed care and insurance provider, discovered on April 11 that it had been the victim of a ransomware attack. The incident compromised personal data, including names, addresses, employee ID numbers and various details from US W-2 or 1099 tax forms. A letter to affected stakeholders said that no fraud had so far been detected. But, of course, the incident remains under investigation. Magellan said that the ransomware arrived in a phishing email that misrepresented itself as coming from a customer. And speaking of ransomware, yesterday, May 12, was marked by many as the third anniversary of WannaCry's peak, and Interpol declared it Anti-Ransomware Day. Infosecurity Magazine quotes the head of Interpol's cybercrime directorate as saying the agency wants to remind everyone to keep good cyber hygiene and to wash your cyber hands. 

Dave Bittner: [00:03:20]  Yesterday was also Patch Tuesday. Adobe took care of 36 bugs, and Microsoft addressed 111 issues. There's a view in circulation that you should take a wait-and-see approach to applying patches and that in particular, you ought to turn off automatic windows updates. Hang on - one columnist wrote - and wait to see what happens with other people. While in principle, this might make sense under some circumstances for an enterprise that must test patches to ensure the fixes won't affect their systems availability, and even granted that some patches come with problems, it's hard to see why individual users should do the same. One security expert tweeted that the advice amounted to digital anti-vax clickbait. Go ahead and patch. But if you must be selective in your patching, take a look at CISA's list of the ten most exploited vulnerabilities and start with those. 

Dave Bittner: [00:04:14]  A joint warning issued by the US Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency - that's the FBI and CISA, respectively - says the bureau is actively investigating the targeting and compromise of US organizations conducting COVID-19-related research by PRC-affiliated cyber actors and nontraditional collectors. The PRC is, of course, the People's Republic of China. And nontraditional collectors has, in earlier US government advisories, referred to students and researchers already in place at institutions who are being activated to collect. Think of nontraditional collectors as, for the most part, forming a specific kind of internal threat. So the espionage has allegedly moved beyond the password-spraying attack CISA and its UK counterparts, the National Cyber Security Centre, warned against last week. 

Dave Bittner: [00:05:08]  Chris Cochran is threat intelligence and operations lead at Netflix and also co-host of the popular "Hacker Valley Studio" podcast. He joins us with insights on the importance of personal health and safety, especially in these uncertain times. 

Chris Cochran: [00:05:24]  I'm a service-centric person, so I support everyone else's functions and their missions across the company. And so any information from a threat perspective that I can supply to them is what my role is. In my opinion, we're doing a service for the world because a lot of people are stuck inside. They are, you know, hearing things on the news that might not be as, you know, uplifting as it usually is. And so being able to have something to escape into is, I think, really important in this time. So, you know, my family, we sit down, and we watch Netflix just like everyone else. And it's really a good family bonding time to kind of just dive into that world for a bit and get away from everything else that's going on. 

Dave Bittner: [00:06:12]  You are also the host of the "Hacker Valley Studio" podcast. Tell me about that. 

Chris Cochran: [00:06:19]  Yeah, the "Hacker Valley Studio" podcast, that's my passion project. It's literally what I go to bed thinking about and wake up thinking about. We really focus on the human element of cybersecurity. So the persona is the stories behind different products and teams, and it's been amazing. We started last year, and we actually just hit our one-year mark here in April, and we've had some amazing guests on. And it just seems to be growing its own legs, and I couldn't be happier with it. 

Dave Bittner: [00:06:52]  So you say you focus on the human side. What sort of stories are you setting out to tell there? 

Chris Cochran: [00:06:57]  Yeah, so the way we kind of look at our podcast is we look at it 70% sort of personal growth self-help and 30% cybersecurity because it's in my opinion that as cybersecurity professionals, we are truly mental athletes with no off time. There's no offseason for us. And so we want to supply our professionals, the people that are in our community, with knowledge to make themselves better, better in their lives, better in their careers. So all the things that you can think of from leadership ability to, you know, nutrition and fitness to, you know, training, things like that, that's the stuff that we sort of focus on. 

Dave Bittner: [00:07:42]  Now, I think a lot of us find ourselves in the situation we're in these days with the coronavirus and working from home and, you know, being separated from our colleagues and even our loved ones. That takes an emotional toll on us. Do you have any tips, any advice for folks to - how to kind of keep their chins up and keep motivated given these challenging times? 

Chris Cochran: [00:08:07]  Yeah, I would say reach out to people. Definitely stay in communication as you can, whether it's through, you know, people that are in your house or virtually. There are tons of events that are going on online all the time. So find something where you can interact with other human beings because I feel like, you know, now is a time that we can actually build some bonds, even though we're all separated in this current time. So definitely reach out to people, talk to people and just build memories, you know? Hopefully, this doesn't last much longer, but if it does, you know, at least you'll still have people that you can rely on. 

Dave Bittner: [00:08:44]  That's Chris Cochran from Netflix. If you have not yet checked out the "Hacker Valley Studio" podcast, what are you waiting for? It's a good one. Check it out. 

Dave Bittner: [00:08:54]  The Wall Street Journal writes in an exclusive that Iran as well as China is engaged in spying on organizations conducting COVID-19-related research. These efforts have been in progress since January 3, at least, and the damage they may have done could extend to more than simple theft of intellectual property. There appears to be a serious possibility of data corruption in the course of the incursions. Such corruption may have been accidental. It may have been incidental to the attackers' attempts to cover their tracks, like a house burglar who, by cleaning his own fingerprints, causes inadvertent damage to the home, or it may have been intentional. 

Dave Bittner: [00:09:32]  The Journal quotes a US senior official as saying, quote, "it is difficult and sometimes impossible to know what motivates such malfeasance, but any such activity carries with it the risk of triggering accidental disruptive effects," end quote. CNBC notes that research organizations inevitably expand their attack surface as more of their people work from home and that both personal and institutional networks are likely to become targets of cyber-espionage. 

Dave Bittner: [00:10:00]  CNBC does mention the honor-among-thieves point of view, that early in the pandemic took seriously various criminals and state-sponsored threat actors of vows (ph) of their intention to leave medical, emergency and research organizations alone, presumably for the common good. But at this point, it should be safe to say that all that stuff was so much argle-bargle and pixie dust to misdirect the rubes. Attacks on these kinds of organizations have, if anything, risen. 

Dave Bittner: [00:10:30]  And finally, the AI really doesn't know what to make of you nowadays. You're breaking its artificial heart. It's like you don't talk anymore, and that, we hear - because there's not much to do beyond watching your advice shows on daytime TV - is bad for any relationship. Here's a consequence of the pandemic emergency it's been easy to overlook. MIT Technology Review says that artificial intelligence trained on actual human behavior has been suddenly baffled by all of your toilet paper hoarding, your strange hours, your seclusion in your basement, attic, bedroom or other functional garret. It really doesn't know what to make of a population where what was once outlier behavior is now mainstream when the new normal is so, so abnormal, at least from the machine's point of view. 

Dave Bittner: [00:11:17]  This has been particularly evident in applications of AI to retail problems - what to expect people to buy, how likely they are to close a purchase, how consumption patterns inform inventory and so on. A lot more human intervention is required, but many businesses who have deployed AI lack the human resources to supervise the machines. Technology Review finds the upside in all of this, quote, "If we are looking for a silver lining, then now is it time to take stock of those newly-exposed systems and ask how they might be designed better, made more resilient. If machines are to be trusted, we need to watch over them," end quote. Raise them up right. You don't want your AI to grow up sniping butts and throwing rocks at cars. And hey, as good, old Dr. Phil says, we teach people how to treat us. That's as true of the Scarecrow and the Tin Man as it ever was for Dorothy. They weren't AI, were they? No. Maybe the Tin Man was. 

Dave Bittner: [00:12:23]  And now a word from our sponsor, LastPass. LastPass is an award-winning security solution that helps millions of individuals and over 61,000 organizations navigate their online lives easily and securely. Businesses can maximize productivity while still maintaining effortless strong security with LastPass. Security is essential for a remote workforce. LastPass Identity helps make stronger security seamless through integrated single sign-on, password management and multifactor authentication. LastPass Identity enables remote teams to increase security. LastPass can help prevent against the uptick in cyberattacks targeting remote workers through biometric authentication across apps, workstations and VPNs for an additional layer of security across all critical devices. It can help manage user access. Regardless of where or how employees need access, LastPass ensures employees always have secure access to their work applications through single sign-on and password management. It helps your employees securely share. LastPass enables remote employees to securely share passwords across teams in order to securely collaborate and stay on top of critical projects. And it helps maintain control. LastPass enables IT to remain in complete control over which employees are accessing which resources no matter where they're working from. With LastPass Identity, you can keep your remote workforce secure and connected. Visit to learn more. That's And we thank LastPass for sponsoring our show. 

Dave Bittner: [00:14:05]  And joining me once again is Joe Carrigan. He's from the Johns Hopkins University Information Security Institute, also my co-host on the "Hacking Humans" podcast. Joe, great to have you back. 

Joe Carrigan: [00:14:15]  Hi, Dave. 

Dave Bittner: [00:14:16]  Interesting article from The Telegraph, and I know I'm probably going to set you off here. It's titled "Twitter Steps Up Its Fight Back Against 5G Coronavirus Conspiracy Theories." Now, Joe, I love a good conspiracy theory as much as the next guy. Can you unpack what's going on here? 

Joe Carrigan: [00:14:35]  I will say this, Dave, I also love conspiracy theories as well. 

Dave Bittner: [00:14:38]  (Laughter). 

Joe Carrigan: [00:14:39]  I'm a big fan of them so long as they're harmless, right? Like... 

Dave Bittner: [00:14:43]  OK. 

Joe Carrigan: [00:14:44]  ...People being flat-Earthers - OK. People being anti-vaxxers - not OK. 

Dave Bittner: [00:14:48]  (Laughter) Right. 

Joe Carrigan: [00:14:50]  People saying that 5G is the cause of coronavirus - not OK. 

Dave Bittner: [00:14:56]  Yeah. 

Joe Carrigan: [00:14:56]  And that's because it has wound up, causing people to do things like set fire to cellphone masts in the U.K. They've also seen some abuse directed it at the telco engineers in Britain. There is no link between 5G and coronavirus. 

Dave Bittner: [00:15:16]  Right. 

Joe Carrigan: [00:15:16]  It's... 

Dave Bittner: [00:15:17]  Of course not (laughter). 

Joe Carrigan: [00:15:18]  I don't think that is how viruses work. You know, if you look at a map of where 5G and coronavirus are, they're going to overlap because that's where people are. 

Dave Bittner: [00:15:29]  So it's the old correlation is not causation... 

Joe Carrigan: [00:15:31]  Exactly. We're looking at... 

Dave Bittner: [00:15:32]  ...Thinking here. Yeah. 

Joe Carrigan: [00:15:33]  ...Correlation is not causation. There is a correlation between where these are and where these two things coexist, but it is not the cause of the COVID-19 virus. 

Dave Bittner: [00:15:43]  Well, the other thing I wanted to explore here, though, is that these major platforms like Twitter... 

Joe Carrigan: [00:15:48]  Right. 

Dave Bittner: [00:15:49]  ...They're making some attempts to crack down on the spread of this misinformation. 

Joe Carrigan: [00:15:53]  Yeah, that's actually the point of the article, is that Twitter is going to start sending sponsored content to people who post about this conspiracy theory. They're going to start getting information that has been verified by the British government in their promoted tweets. So now if you see a - if you're a Twitter user, like every so many tweets, you'll see a promoted tweet down at the bottom, and it's a tweet that somebody has paid to have you see. And Twitter does an OK job of telling you that it's a promoted tweet. So the British government is verifying this information. And now Twitter is going to say, OK, we're going to show these people who believe the conspiracy theory about 5G and coronavirus this information that the British government has vetted and approved. 

Dave Bittner: [00:16:40]  So trying to counter the misinformation with vetted... 

Joe Carrigan: [00:16:43]  Right. 

Dave Bittner: [00:16:44]  ...Good information. 

Joe Carrigan: [00:16:45]  Yes, exactly. I don't know how effective it's going to be. My earlier example with flat-Earth people, you can show them all the evidence in the world and some of them will not believe any of it. 

Dave Bittner: [00:16:56]  Right. Well, the evidence is just evidence of the cover-up... 

Joe Carrigan: [00:17:00]  Right. 

Dave Bittner: [00:17:00]  ...Not that they're right? 

Joe Carrigan: [00:17:01]  Exactly. A massive... 

Dave Bittner: [00:17:02]  Yeah. 

Joe Carrigan: [00:17:02]  A massive global cover-up involving thousands and thousands and thousands of people, which would be almost impossible to do in and of itself, but, hey, they do it somehow. It's interesting. They quote Guillaume Chaslot, who is a former Google engineer. He actually laid a lot of this at the feet of social media sites and said that their algorithms promote watch time at any cost. If you think about that, Facebook and Twitter and other social media sites are only valuable as long as you're looking at the sites - right? - as long as there's eyeballs on the webpage. This goes back to why I say this is, you know, not a good environment for a political discussion because you are only going to hear things that make you feel good, not things that make you think, which might make you uncomfortable, right? 

Dave Bittner: [00:17:49]  Right. So they're promoting engagement rather... 

Joe Carrigan: [00:17:52]  Exactly. 

Dave Bittner: [00:17:52]  ...Than enrichment, I guess (laughter). 

Joe Carrigan: [00:17:54]  That's right. That's a good way to say it, Dave. They're promoting engagement over enrichment. 

Dave Bittner: [00:17:58]  Yeah. 

Joe Carrigan: [00:17:59]  And something that Chaslot says here, he says people have freedom of speech to say whatever they want, but they shouldn't have freedom to be amplified millions of times. In this case, I'm OK with that, but my problem is - my problem with saying that is that you actually run the risk for some pretty serious censorship down the road. 

Dave Bittner: [00:18:16]  Yeah, so it's interesting that these platforms are sort of dipping their toes in this. I think they recognize that they're getting pushback on this. And even if they don't consider themselves responsible or think that they bear a responsibility, perhaps just the PR part of it - you know... 

Joe Carrigan: [00:18:34]  Right. 

Dave Bittner: [00:18:35]  ...People are getting or having bad feelings about their platforms because of these things, maybe that's enough to make them have some change or at least try some things. 

Joe Carrigan: [00:18:45]  Well, hopefully, it will be. You know, that's the old argument that I hear you and Brian and Jason talking about frequently, is it's just a platform. We let people say whatever they want to say or post whatever they want to post. 

Dave Bittner: [00:18:56]  Right. 

Joe Carrigan: [00:18:56]  I don't know. I think you bear some responsibility to moderate that platform or to curate it in some way, shape or form. 

Dave Bittner: [00:19:06]  All right. Well, it's interesting for sure. I guess, in the meantime, everybody, continue to stay safe out there and please don't... 

Joe Carrigan: [00:19:16]  Don't burn down telephone masts... 

Dave Bittner: [00:19:18]  (Laughter) Please - right. Exactly. Please... 

Joe Carrigan: [00:19:18]  ...Harass engineers. 

Dave Bittner: [00:19:21]  Right. Right. Enjoy the enjoy the enhanced speed of 5G and just let it be that. 

Joe Carrigan: [00:19:27]  Right. Yeah. 

Dave Bittner: [00:19:28]  All right. Joe Carrigan, thanks for joining us. 

Joe Carrigan: [00:19:30]  It's my pleasure, Dave. 

Dave Bittner: [00:19:36]  And that's the CyberWire. For links to all of today's stories, check out our daily briefing at And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for CyberWire Pro. It'll save you time and keep you informed, and it'll whiten your teeth, too. Listen for us on your Alexa smart speaker. 

Dave Bittner: [00:19:56]  Thanks to all of our sponsors for making the CyberWire possible, especially our supporting sponsor ObserveIT, a Proofpoint company and the leading insider threat management platform. Learn more at 

Dave Bittner: [00:20:08]  The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technologies. Our amazing CyberWire team is Elliott Peltzman, Puru Prakash, Stefan Vaziri, Kelsea Bond, Tim Nodar, Joe Carrigan, Carole Theriault, Ben Yelin, Nick Veliky, Gina Johnson, Bennett Moe, Chris Russell, John Petrik, Jennifer Eiben, Rick Howard, Peter Kilpe. And I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.