The CyberWire Daily Podcast 2.11.21
Ep 1268 | 2.11.21

Spyware in the Subcontinent. Notes on cyber fraud, cyber theft, and ransomware. The US gets a chief to lead response to Solorigate. Updates on the Florida water system cybersabotage.


Dave Bittner: You may have heard mention about spacks in the news a lot lately. What's a spack, you say? Well, tune in on Monday when we will bring back one of our favorite episodes from this past year about a cybersecurity spack. And be sure to listen to the end to hear a new interview with one of the original guests.

Dave Bittner: Spyware in the subcontinent. Some crooks auction stolen game source code, while others bilk food delivery services. Emotet survived its takedown. Ransomware developments. The U.S. now has a point person for Solorigate investigation and response. Andrea Little Limbago from Interos on her participation in the National Security Institute at George Mason University. Our guest is Chris Cochran from "Hacker Valley Studio" with a preview of their Black excellence in cyber podcast. And there's no attribution yet in the Oldsmar, Fla., water system cyber sabotage, but it's increasingly clear that the utility wasn't a hard target. 

Dave Bittner: From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Thursday, February 11, 2021. 

Dave Bittner: Security firm Lookout reports two new strains of Android spyware, Hornbill and SunBird, in use by the pro-Indian Confucius APT, active in the ongoing, long-running conflict between India and Pakistan. 

Dave Bittner: Lookout thinks that both Hornbill and SunBird are interesting for their intense focus on exfiltrating a target's communications via WhatsApp. Both surveillance tools abused Android accessibility services in ways that obviated any need for root access. 

Dave Bittner: SunBird also records any calls the victim might make through WhatsApp voice-over-IP service, exfiltrates data from applications like BlackBerry Messenger and may also be able to execute commands on the affected device. 

Dave Bittner: Turning from cyber-espionage to cybercrime, the crooks who claim responsibility for hacking CD Projekt Red say they're going to auction the stolen source code for The Witcher and Cyberpunk 2077 for millions in a dark web market, The Verge reports

Dave Bittner: Sift's Digital Trust and Safety Architects report more evidence that delivery services have become attractive targets for online fraud. Criminals are advertising on Telegram, offering to use stolen payment information to buy food at a discount for diners whose consciences are apparently untroubled by their complicity in theft. Sift says that fraud rates among restaurant apps and food delivery services increased 14% from Q3 to Q4 in 2020. Merchants are most affected. They lose the food and then have to refund the bilked owners of the payment accounts used in the fraud. 

Dave Bittner: The food delivery scam market is just one aspect of pandemic-driven cybercrime. Researchers at security company Akamai this morning released a new study of the underground as it's been shaped by COVID-19. Shopping scams came first as people sheltered in place and bought more of their essentials online. These were soon accompanied by credential-phishing campaigns and now, more recently, vaccination scams. The U.K.'s National Health Service has been warning of the vaccine-related fraud ever since methods of immunization began serious development. 

Dave Bittner: The Egregor ransomware gang has adopted some new techniques. Morphisec researchers think that Egregor, one of the early adopters of the criminal method of both encrypting and stealing data, a tactic that's now become routine, is again on the leading edge of change in criminal tactics. The researchers say, quote, "as can be seen from the latest waves of ransomware campaigns, extortion, human-operated propagation, exploitation of VPN applications and meteoric encryption are a landmark change in the current attack landscape," end quote. 

Dave Bittner: U.S. President Biden placed a single official in charge of investigating and coordinating the remediation of the SolarWinds supply chain compromise and other associated cyber-espionage activity generally attributed to Russian intelligence operators. The Wall Street Journal reports that the task has been handed to Anne Neuberger. Neuberger, now serving on the National Security Council, until recently had served as the first head of NSA's Cybersecurity Directorate. 

Dave Bittner: As many foresaw, Emotet has proven resilient in the face of law enforcement takedowns. Check Point says the malware held on to the top spot for crimeware in the month of January. 

Dave Bittner: Investigation into the Oldsmar, Fla., water treatment system cyber sabotage continues. There's no word yet on attribution, and the intrusion looks more elementary than ever. CNN quotes the Pinellas County sheriff as confirming that the attacker got in through TeamViewer. The utility was no longer using TeamViewer and hadn't done so for about six months, but the software had been left on the utility's network. And as the AP noted, apparently every employee shared the same TeamViewer password. 

Dave Bittner: Understandably, people far, far outside the range of the water treatment sabotage incident have been worried about the safety of their local water supply. A Cybersecurity Advisory for Public Water Suppliers from the Massachusetts Department of Environmental Protection provides not only reassurance for the state's consumers, but a useful summary of how utilities can mitigate the risk of cyber sabotage. Their advice is more of the sensible council on cyber hygiene and good security practices; restricting remote connections to SCADA systems, use one-way devices for remote monitoring, use a firewall and two-factor authentication, keep systems patched and up-to-date and consider using a virtual private network. 

Dave Bittner: So there's no attribution of the Oldsmar cyber sabotage in sight. The Washington Post's Ellen Nakashima, covering former CISA director Chris Krebs' testimony before a House Homeland Security hearing yesterday tweets that Krebs suggested the possibility of a disgruntled insider. In later remarks, Krebs clarifies, quote, "It's possible that this was an insider or a disgruntled employee. It's also possible that it's a foreign actor. But we should not jump to a conclusion that it's a sophisticated adversary" - end quote. So there's a range of possible threat actors and public attribution at this point hasn't gone beyond a priori speculation or even, as DomainTools' logician and ICS security maven Joe Slowik points out, mere tautology: "'A or not A' isn't terribly helpful at the moment - we can infer some aspects on the entity responsible based on limited technical details, but still far removed from any clear assignment of blame.”

Dave Bittner: And finally, speaking of attribution, while this will probably have confused few but better safe than sorry - better clear than confused - it's therefore perhaps worth noting that when Florida public officials say that the GRU water system cannot be accessed remotely, as Gainesville Mayor Lauren Poe did on Facebook, they mean the Gainesville regional utilities, which serve the Northern Florida university town. They don't mean the Russian military intelligence service, that GRU. Mayor Poe added, rest assured, water security and cybersecurity are a top priority of the GRU water system. Oldsmar is down near Tampa, about a two-hour drive from Gainesville. So the mayor's statement is reassurance to the jittery, not an acknowledgement of any connection to the Oldsmar sabotage. There is no such connection, and no one said the GRU pwned Florida water supplies. 

Dave Bittner: Chris Cochran and Ron Eddings are co-hosts of the "Hacker Valley Studio" podcast, and this week, they've released a special edition of their show titled "We Are Here: Black Excellence in Cyber." To learn more about the project, I caught up with Chris Cochran. 

Chris Cochran: So, originally, we had this idea for a framework for excellence just across the board. Ron and I, we do think weeks about twice a year where we sit and we think and we strategize. We think about how we want to make an impact with our business but also how we're going to make an impact for society and help people. And we came up with this framework called EXIST, and it's an acronym. E-X is explore. So how do you explore new worlds within cybersecurity? How do you explore new worlds within hobbies or sports? And then you move from explore to immerse. One of the best ways to learn any language is immersion. If you want to learn a foreign language, you would go to that country and live there for any appreciable amount of time and you'd learn so quickly. But you move from immersion to practicing or study. That's the S. So you go from immersion, just being around the ideologies, the artifacts and the imagery to moving into learning. What are the tools? What are the courses? What are the books, the instructors, the mentors that you could have to become great at this thing? And then ultimately you go to T, which is translate or transform. How do you apply it? How do you teach the youth? How do you teach your peers? How do you innovate or invent or up level whatever it is that you're - the world that you've entered into? 

Chris Cochran: And so we started playing around with this idea and just around the same time we started talking to other Black cybersecurity professionals. And it just so happens that, you know, now we are in Black History Month, and we - just all these ideas just came together. And we decided that it was time to put out "We Are Here." And really what it's all about is just representation in cybersecurity. 

Dave Bittner: And so what can we expect? What are we going to hear in the special? 

Chris Cochran: Yeah, in this special, it's three parts. The first part is your usual interview with "Hacker Valley Studio" but with a slight twist and turn. It's with Patrice Washington. And it's actually already out. And also part two is out as well. That's with AJ Yawn. He's a founder and CEO of a cybersecurity company. Kelvin Coleman - he's the executive director of the National Security Alliance. Charles Nwatu - he's a good friend and engineering manager at Netflix. Tia Hopkins - founder of EmpowHer and also an architecture VP. And, of course, my good co-host, Ron Eddings. That's going to be the big feature for this project. It's about an hour and a half long of a discussion. We go through the EXIST framework and really just talk about Black excellence because when we were young, we didn't really have a lot of idols to look up to. We didn't have a lot of examples of the path on how do we go through this world of technology, this world of cybersecurity? And so we wanted to say that we are here and we want to inspire the youth and the people that are transitioning into cybersecurity today. 

Dave Bittner: In your estimation, I mean, where do we find ourselves today? What is the state of things when it comes to folks who've traditionally been underrepresented in the space? Are we on a path where things are getting better? 

Chris Cochran: I believe things are getting better. There are a lot of organizations and a lot of people putting in a lot of work in order to make things better. But I do feel like there's a lot more that we can all do. From an allyship perspective, from a practitioner's perspective, we can always do more to bring more diversity to all fields across the world. 

Chris Cochran: But I really wholeheartedly believe that cybersecurity is an avenue for socioeconomic equality. And that's one thing that people have been talking about for a long, long time. And because I'm a cybersecurity professional, I feel like that's one of the ways that I can give back is to first expose cybersecurity to folks in those socioeconomic statuses and then be able to help shepherd them into this path and be able to solve problems that we haven't even thought of. 

Dave Bittner: So who are you targeting here? Who should listen to this special? 

Chris Cochran: So that was an interesting thing as we were pulling this all together because we really wanted to hit three audiences. We wanted to hit the audience that doesn't even know cybersecurity is a path for them to take. We wanted to hit the folks that are already practicing and thinking of ways to enrich the youth, to enrich other people, to bring the community together but then also the allies of the Black community, the folks that helped support Black excellence and bring things to another level. 

Dave Bittner: What have you taken away from the experience yourself, going through the process of putting this special together? What are the takeaways for you? 

Chris Cochran: I would say the biggest takeaway is that even though I'm one of the people that is trying to pull this project together, I'm still in awe of the conversations that we had, the experiences that other people just like me have had. And I learned a lot. I learned a lot during this project. And I really hope that all other people learn as well, just as I have from these incredible individuals. 

Dave Bittner: What's the best way to find the special? Where can we find it online? 

Chris Cochran: Easily - just go to It's right there. It'll be the first thing you see. 

Dave Bittner: All right. It's - "We Are Here: Black Excellence in Cyber." Chris Cochran, thanks so much for joining us. 

Chris Cochran: Thank you. 

Dave Bittner: And I'm pleased to be joined once again by Andrea Little Limbago. She's the vice president of research and analysis at Interos. 

Dave Bittner: Andrea, I want to touch on something that you are involved with. This is the National Security Institute. You are a senior fellow and program lead there in the emerging technology working group. I wanted to get a little overview as to what that's all about, what sort of things you're up to there. 

Andrea Little Limbago: Yeah, no, thanks. And I appreciate you taking the time to help highlight some of the work. So I think it's really interesting. So National Security Institute was founded by Jamil Jaffer, and it's based out of George Mason University. And so in many ways, you can think of it as a startup think tank. If that - you know, on one hand, that could be - kind of sounds like an oxymoron. But it is what... 


Andrea Little Limbago: That's really what is being crafted and created out of George Mason. So that alone is exciting, and it maintains a foothold within academia. And so one of the benefits that I see of that is that it brings in a lot of experts, but those experts also can interact with the students. And, you know, for me, really focusing on not just getting the work out there of great experts, but also, you know, helping build that next generation is really important. 

Andrea Little Limbago: The other component - in addition to the thought leadership and the educational component for students, what also is great about it is it's bipartisan. And they're really - the mission is focused on finding ways for how the U.S. can lead as part of an engaged member of the global community. So we've seen, you know, for several years, more of a retraction of the United States away from the global arena on many of the various forums from the Paris Accords to the U.N. to, recently, the World Health Organization. But how can the U.S. regain more of a global engaged footprint? But on top of that, you know, for the purposes of helping not only our own democracy, but really in leading by example. 

Andrea Little Limbago: And so I love that it's bipartisan in that regard because that - national security should be bipartisan. And very often, I think we - you see too much of these security issues, you know, hyperpoliticized. And that's the environment that we live in. And it's really great to be talking to some of these really great national security experts on areas in a bipartisan way and coming to very similar - or coming to consensus on recommendations and so forth. And so what NSI does is it holds a variety of - they've had a couple - they've had a whole group of webinars or podcasts - both of them actually - that address this. I'd recommend people go to their website and take a look because there are some - they bring in some really, really interesting speakers that I don't think you can hear elsewhere. 

Andrea Little Limbago: And it's in a bipartisan way to push forth, a greater role for the U.S. in national security, but also with a big focus on emerging tech and cyber. And that's the area that I work in. I co-lead the group with Megan Brown. And we're really focused on what policies and strategies should the U.S. pursue in the realm of emerging tech and cyber to, you know, push forth and help create greater security and privacy not only, you know, for our own national security but for the national security and well-being of other democracies and to help those, you know, that are trying to push back against some of the dictatorships and, really, what the U.S. role should be. You know, it's one of those interesting questions that I think, you know, is on everyone's mind right now - you know, what is the role of the United States, you know, into the future? And so we're trying to help shape what it could look like in a way that is bipartisan and supports democracy. 

Dave Bittner: Yeah. I mean, I think it's - the notion of bipartisan collaboration in good faith, you know, we're so bombarded with the opposite of that these days, I suppose, in political discourse in particular, so it must be a bit of a breath of fresh air to have folks coming together - may come from different directions but have similar goals in mind. 

Andrea Little Limbago: Absolutely. I say it's absolutely refreshing. It's - yeah. It's really - it's wonderful. It's - you know, it's a good opportunity to hear from people that - you may not always come together as well. I mean, that's where the other component - there's the bipartisan component that too often we see the politicization of it all. But also, you know, we've got the private sector, public sector that sometimes, you know, works together well, sometimes doesn't. And so we intentionally bring together people from both of those backgrounds to bring their perspectives because, really, you know, it has to be - you know, it's a whole society effort that we're going to need to, you know, push back on the backsliding of democracy across the globe to help ensure the U.S. has, you know, enhanced and improved national security as we, you know, continue on in this digital revolution. 

Andrea Little Limbago: And, you know, so many of our policies and strategies just are still not in tune with the rapid pace of technological change. And, you know, given that, we're going to need the private sector to be on board. You need the public sector to help provide those guardrails - you know, try and create the guardrails so that both aren't overreaching. You know, the two big areas that we have focused on this year, we're - was on the role of emerging technologies but also on the role of China. And, you know, the two overlap a decent amount, but it really is looking at, you know, what is this new future that's emerging and how - you know, what should the posture be for the United States? And, you know, how can the United States pursue policies that inspire others, especially in the realm of democracy - to help, you know, inspire those, you know, underlying values in enhancing national security? 

Andrea Little Limbago: And it's - I think it's a really important mission. And I think that the work that comes out is really interesting. It's - you know, there are white papers on the future of the Arctic. There's one that, you know, I'm working on with Lori Gordon on supply chains that's coming out soon. There was one earlier on Section 230, which is the big discussion right now about, you know, the role of tech companies and whether they should be - they're, you know, moderating speech. So all these have big tech and cyber implications but obviously also national security and societal implications as well. 

Andrea Little Limbago: So we bring in the fellows writ large - you know, I think it's close to a hundred fellows now - from all areas of national security. And that's what makes it really exciting. You know, it's an increasingly diverse group of scholars, academics, policy leaders, tech leaders and, you know, bringing those minds together to try and figure out the path ahead and make recommendations. And that, I would say, is also one area that we really try and focus on is, you know, not just highlighting what the challenges are, but making concrete recommendations in the papers that we produce. And you can only go so far with sort of characterizing what the problem is. We need to - we need solutions. And so that's - we try and make some... 

Dave Bittner: Right. 

Andrea Little Limbago: ...Recommendations for that as well. 

Dave Bittner: All right. Well, Andrea Little Limbago, thanks for joining us. 

Andrea Little Limbago: Great. Thanks for having me. 

Dave Bittner: Thanks to all of our sponsors for making the CyberWire possible. 

Dave Bittner: And that's the CyberWire. For links to all of today's stories, check out our daily briefing at And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for CyberWire Pro. It'll save you time and keep you informed. Go forth and be fabulous. Listen for us on your Alexa smart speaker, too. 

Dave Bittner: The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technologies. Our amazing CyberWire team is Elliott Peltzman, Puru Prakash, Kelsea Bond, Tim Nodar, Joe Carrigan, Carole Theriault, Ben Yelin, Nick Veliky, Gina Johnson, Bennett Moe, Chris Russell, John Petrik, Jennifer Eiben, Rick Howard, Peter Kilpe, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.