The CyberWire Daily Podcast 1.21.16
Ep 19 | 1.21.16

The CyberWire Daily Podcast 1.21.16


Dave Bittner: [00:00:03:01] Ukraine's power grid is hacked again, this time initial suspicions point to crooks and maybe not to states. Turkish patriotic hacktivists hack away at Russian and Iranian sites. Cybersecurity companies detail the latest evolution of crimeware kits. Cisco and Intel issue patches. Governments around the world warn of, and prepare for, an escalation of cyber conflict. FireEye buys iSIGHT partners, and cybersecurity startups prepare for growth (and IPOs). And a swatting hacker cops a plea and heads up the river.

Dave Bittner: [00:00:36:04] This CyberWire podcast is made possible by the Johns Hopkins University Information Security Institute, providing the technical foundation and knowledge needed to meet our nation's growing demand for highly-skilled professionals in the field of information security, assurance and privacy. Learn more online at

Dave Bittner: [00:00:59:00] I’m Dave Bittner in Baltimore with your CyberWire summary for Thursday, January 21st, 2016.

Dave Bittner: [00:01:05:02] ESET, who's been monitoring events in Ukraine's cyberspace closely since turning up evidence of power grid hacking, reports that utilities in that country have come under fresh attack. This time the incidents display no immediate connection with BlackEnergy malware, but rather spear phished industry targets with an email vector delivering a malicious xls file. This seems, the researchers suggest, an approach more consistent with a criminal group than a state security service. Ukrainian authorities continue to investigate this week's earlier hacking incident at Kyiv's Boryspil International Airport.

Dave Bittner: [00:01:37:15] A number of governments around the world see a growing threat of state-on-state cyber combat. The Republic of Korea's President Park warns her country to prepare for a surge of cyber aggression from north of the 38th parallel. Israeli officials think Iran and others will shed such inhibitions as long as cyber attacks are perceived as cost-free. American and Australian authorities work toward even closer cooperation in cyberspace.

Dave Bittner: [00:02:02:04] Patriotic cyber rioting flares again, this time from Turkey, as the THT group hits both Russian and Iranian websites to display THT's support for Turkey's Erdoğan government.

Dave Bittner: [00:02:13:14] Symantec observes a new criminal campaign affecting small and medium-sized businesses in India, the United Kingdom, and the United States. It's low-skilled crime: the hackers are phishing businesses to install two commodity remote-access Trojans: Backdoor.Breut and Trojan.Nancrat. The motive is theft; the targets are finance departments.

Dave Bittner: [00:02:33:20] IBM's X-Force continues to follow the evolution of Dridex, and sees it picking up some redirection tricks from Dyre. Dridex's tricks have this difference, however: where Dyre redirected via a local proxy, Dridex is doing so by local DNS poisoning.

Dave Bittner: [00:02:49:09] Another banking Trojan, Blackmoon, which has been around since 2014 at least, has updated its pharming and drive-by injection capabilities. Proofpoint's research breaks down the malware's evolution and notes that it's still concentrating on South Korean targets.

Dave Bittner: [00:03:04:08] Dr. Web describes a new Linux Trojan, "Linux.Ecoms.1," whose apparent use is system reconnaissance.

Dave Bittner: [00:03:11:17] Such spyware need not stay spyware. See, for example, the transformation of Asacub into mobile banking malware. Kaspersky researchers say Asacub's "transition" is now complete.

Dave Bittner: [00:03:24:02] The Angler exploit kit continues to display a vexing adaptability. Zscaler notes that it's now coming via music-themed malvertising (so, all you hipsters, think twice before you decide to dig that crazy beat). And SophosLabs says that Angler seems to have rung in the new year by lashing up with CryptoWall ransomware.

Dave Bittner: [00:03:42:24] In patch and update news, Cisco closes vulnerabilities in its Modular Encoding Platform D9036 software, Unified Computing System (UCS) Manager software, and Firepower 9000 Series devices. Intel addresses a potentially serious man-in-the-middle in the Intel Driver Update Utility. And Facebook begins what it's calling "experimental support" for Android Facebookers to browse using the Tor network.

Dave Bittner: [00:04:08:23] More observers characterize British surveillance policy as moving toward requiring key escrow. In the US, some members of the Senate Intelligence Committee seem growingly anxious to move out on crypto legislation. A proposed national commission to study the issue strikes them as dangerously slow.

Dave Bittner: [00:04:25:19] California legislators follow the example of their New York colleagues and introduce a Bill that would require industry to build decrypt-on-demand capabilities into their products and services. The declared motive in California's case is to suppress human trafficking; the New Yorkers are intending to get tough on terrorism.

Dave Bittner: [00:04:42:11] In industry news, today's big story is FireEye's acquisition of iSIGHT Partners for a reported $200 million in cash up front, followed by $75 million in cash and equity. Analysts see the acquisition as a play for more cyber intelligence market share. How the market reacts remains to be seen, but FireEye, whose story stock has seen rough sledding over the past couple of weeks, appears to be receiving some favorable buzz from its iSIGHT announcement.

Dave Bittner: [00:05:08:13] IBM reports $2 billion in annual revenue from its security business. Malwarebytes raises $50 million in venture capital from Fidelity. ForeScout joins the unicorns (and prepares, analysts think, for an initial public offering) as it raises $76 million in its latest funding round. And two Baltimore and DC area companies, Tenable and Distil Networks, prepare for significant growth by expanding their facilities.

Dave Bittner: [00:05:33:16] In crime and punishment, the hacker who tried to swat Brian Krebs and frame him with a staged heroin delivery is going up the river. Sergey Vovnenko has copped a guilty plea to aggravated identity theft and conspiracy to commit wire fraud. Mr. Vovnenko will be receiving at least a two-year sabbatical from his computer work, courtesy of the Federal Bureau of Prisons.

Dave Bittner: [00:05:56:22] This CyberWire podcast is made possible by the generous support of Recorded Future, the real-time threat intelligence company whose patented web intelligence engine continuously analyzes the entire web to help information security analyst stay ahead of cyber attacks. Learn more at

Dave Bittner: [00:06:19:08] Joining me is Markus Rauschecker. He's the Cybersecurity Program Manager at the University of Maryland Center for Health and Homeland Security, they're one of our academic and research partners. Markus, I want to talk about the importance of education in cyber security but one of the focuses that you have there at CHHS is focusing on law and policy. Why is that an area that you're focusing on?

Markus Rauschecker: [00:06:40:20] We obviously know that technical ability and technical skill is critical when it comes to cyber security, but we see tech as a tool and we need to know how to use that tool. Focusing on law and policy really helps us to develop the structure, the frameworks and the basic guidance on how to use that tool, both on a national level within the United States but also on an international level when we're talking globally.

Dave Bittner: [00:07:05:19] So this is a situation where there are opportunities for people coming out of high school, people looking for careers where they don't necessarily just have to be the computer science kid?

Markus Rauschecker: [00:07:16:08] Absolutely, yes. And we're seeing this demand for people with this skillset in law and policy more and more. As I said, we have a lot of skill when it comes to technology but there's a real importance to focusing on some of these legal and policy questions that are out there. Focusing on those issues really helps us fill this knowledge gap where we might not know exactly what the ramifications of any decisions might be that we make, but if we have people who are experts in law and policy of cyber security, those kinds of people can then help answer some of those questions that are out there.

Dave Bittner: [00:07:53:08] And what are some of the specific areas of study that you all are focusing on?

Markus Rauschecker: [00:07:57:12] There's a ton of questions out there that still need to be developed and need to be analyzed. There are issues regarding jurisdictions, so simple questions like, "Who's in charge?" and "What are the roles and responsibilities of different stakeholders?" Questions regarding privacy versus security. "What is the right balance to attain here?" And then, "What are some of those basic standards and security measures that we should be thinking about implementing?" Those are all some of those critical areas that still need all lot of work.

Dave Bittner: [00:08:33:10] What would your advice be? Let's say we've got someone who's heading towards the end of her high school career, what kind of advice would you give to someone like that who is interested in the law and policy side of cyber?

Markus Rauschecker: [00:08:45:02] There are several options for someone who's interested. Obviously one of the ways to approach this area is to apply to law school and go to law school and get a full fledged law degree. Coming out of law school the person could become a practicing lawyer and could end up at a law firm or with government to work on these kinds of issues in cyber security. There are other pathways as well, there are degree programs that focus on law and policy but don't require you to go to law school for a full three years. They also provide those basic skillsets that one would need to address some of these legal and policy issues that are out there.

Dave Bittner: [00:09:30:10] Alright, Markus Rauschecker, thanks for joining us.

Dave Bittner: [00:09:35:06] And that's the CyberWire. For links to all of today's stories, along with interviews, our glossary, and more, visit The CyberWire podcast is produced by CyberPoint International, and our editor is John Petrik. Thanks for listening.