The CyberWire Daily Podcast 1.14.16

Dave Bittner: [00:00:03:17] Ukraine's grid hack, coordinated with but not accomplished by BlackEnergy malware, looks like a bellwether. Cisco issues three patches. Anonymous hacks Nissan. The hacktivists are still on the anti-whaling case. On the anti-ISIS case? Not so much. Congressional hearings make some revision to US Wassenaar implementation look likely. The Feds are investigating the Crackas with Attitude for hacking the Director of National Intelligence. And the Crackas might do well to stay out of Pittsburgh - the G-men there are tough. Trust us, we know.

Dave Bittner: [00:00:34:14] This CyberWire podcast is made possible by the Johns Hopkins University Information Security Institute, providing the technical foundation and knowledge needed to meet our nation's growing demand for highly skilled professionals in the field of information security, assurance and privacy. Learn more online at isi.jhu.edu.

Dave Bittner: [00:00:57:13] I'm Dave Bittner, in Baltimore, with your CyberWire summary for Thursday January the 14th, 2016.

Dave Bittner: [00:01:03:03] More consensus emerges on the coordinated cyber attack on electrical utilities in Western Ukraine. SANS thinks, and others concur, that the attack was not directly accomplished by BlackEnergy malware, still less through BlackEnergy's Killdisk module, but that BlackEnergy accompanied the operation. An ISC security expert, Joe Weiss, told the CyberWire, "we're still in the process of trying to understand what truly led to the breakers being opened, which is what caused the actual electrical outage." We'll have a full interview with Mr. Weiss in tomorrow's Week in Review.

Dave Bittner: [00:01:34:23] US officials commenting on the incident offer a tight-jawed warning to expect more attacks like this one on industrial control systems.

Dave Bittner: [00:01:42:07] Other predictors continue to foretell more effective cyber warfare out of ISIS but so far the terrorist group has shown itself more capable of information operations than of cyber operations narrowly conceived. One disturbing and undoubted capability they're seeking, however, is the ability to use the Internet as an aid to finding and murdering journalists and others within ISIS-controlled areas who don't toe the Caliphate's line.

Dave Bittner: [00:02:06:06] Anonymous continues to be more active on the pro-cetacean front than the anti-ISIS one. This time the hacktivist collective disrupts Nissan websites in order to protest Japanese whaling. Nissan is baffled by the connection since it really feels it has little to do with whales, but even an apparently tangential connection of being based in Japan is enough for protest purposes.

Dave Bittner: [00:02:26:12] Iran makes a minor foray into online propaganda, posting video of detained US Navy personnel apparently apologizing for what Iran alleges is a violation of its territorial waters.

Dave Bittner: [00:02:37:19] The Crackas-with-Attitude caper to redirect phone calls to US DNI Clapper's home over to a pro-Palestinian site is now the subject of an investigation. The Crackas seem to have exploited a bug in the Clapper family's service provider, Verizon FIOS Broadband.

Dave Bittner: [00:02:54:15] Bitdefender explains the cross-site scripting vulnerability that may have exposed eBay users to phishing scams.

Dave Bittner: [00:03:02:01] Ransomware continues to make its usual rounds. Angler and Neutrino exploit kits are being used to distribute CryptoWall and the Rig exploit kit is serving up Radamant malware. Brain Krebs reports on ransomware's growing effect on users of cloud services.

Dave Bittner: [00:03:17:08] Cyber-libertarians, as Wired calls them, once saw SilkRoad as the dawn of a new free market, untrammeled by government or cartel finagling. That false dawn has faded, with SilkRoad's eclipse. The dark web's markets have become as seedy and sleazy as the physical black markets they've supplemented. See, for example, the Hell Hacking Forum as an example of such sleaze. Its denizens go after a breathalyzer vendor. Still, remember, those black markets do behave like markets.

Dave Bittner: [00:03:46:19] Cisco releases three sets of patches: Wireless LAN Controller software, Identity Services Engine software, and Aironet 1800 Series Access Points. OpenSSH 7.1p2 is also out, with a fix for a flaw that could leak private keys.

Dave Bittner: [00:04:03:00] Bromium's "Endpoint Exploit Trends Report" for 2015 is out. Among the more interesting trends are the increasing sophistication and popularity of exploit kits, the growing market savvy of ransomware purveyors and the enduringly high return on investment malvertising delivers.

Dave Bittner: [00:04:20:08] The Internet-of-things is going to be expensive to secure, analysts think. Some quote a dollar a device as a rule of thumb. And machine to machine traffic seems, to some, poised to take up a big share of roaming connections.

Dave Bittner: [00:04:33:17] The Council on Foreign Relations offers a rundown of the global trend toward a growing government appetite for Internet control or restriction. In the UK surveillance policy aspirations seem to be shifting from mandated backdoors toward some sort of decrypt-on-demand regime. In the US, this week's Congressional hearings on the Wassenaar Agreement appear to augur changes in the cyber export control agreement's implementation. Industry wants changes, the Department of Homeland Security is moderately sympathetic to industry, and even the State Department betrays some buyer's remorse.

Dave Bittner: [00:05:05:23] Damballa offers some insight into how it helped Norwegian police take down the author of MegalodonHTTP crimeware. FBI Director, Comey, tells cyber criminals to steer clear of the cyber G-men in the Pittsburgh office. Falun Gong supporters challenge Cisco's alleged role in collaborating with Chinese suppression of the group.

Dave Bittner: [00:05:25:09] In industry news, rumor and speculation about mergers and acquisitions continue to affect cyber security company share prices, sometimes regardless of whether the affected companies are themselves the subject of such rumors.

Dave Bittner: [00:05:40:01] This CyberWire podcast is brought to you through the generous support of Betamore, an award-winning coworking space, incubator, and campus for technology and entrepreneurship located in the Federal Hill neighborhood of downtown Baltimore. Learn more at Betamore.com.

Dave Bittner: [00:06:00:09] Joining me is John Petrik, editor of the CyberWire. John, we have good days, we have bad days, but in cyber security we have zero-days. What is a zero-day?

John Petrik: [00:06:08:18] It's a kind of bad day. In epidemiology, people refer to patient zero - the first person who's identified as the victim of a particular disease. Zero-day is the day at which a new, novel attack comes up. You can have a zero-day attack, which involves the first exploitation of some previously unrecognized vulnerability, and people will often use zero-day to refer to the vulnerability itself. You discover a new vulnerability, people will talk about that as a zero-day sometimes. There's also zero-day malware - a previously unknown piece of malware for which no detection signature is yet available.

Dave Bittner: [00:06:47:18] So does zero-day refer at all to how relatively dangerous a particular exploit is? If something is labeled as a zero-day, does that mean this needs your immediate attention?

John Petrik: [00:07:00:08] It often does because it's novel, but it's the novelty rather than the severity that makes it a zero-day.

Dave Bittner: [00:07:06:01] Alright, John Petrik, thanks very much.

Dave Bittner: [00:07:10:23] And that's the CyberWire. For links to all of this week's stories, along with interviews, our glossary and more, visit the CyberWire.com. The CyberWire podcast is produced by CyberPoint International and our editor is John Petrik. Thanks for listening.