The CyberWire Daily Podcast 2.13.17
Ep 285 | 2.13.17

Cyber attacks reported in the Middle East, from both states and non-state actors. Italy's Foreign Ministry hacked for months in 2016. Cyber and kinetic operations. RSA's Innovation Sandbox.


Dave Bittner: [00:00:03:16] Hamas appears to have improved its cyber attack capabilities. Egypt is believed to be ramping up Internet surveillance. ISIS sympathizers are being targeted with Android malware delivered over Telegram. The US increasingly integrates cyber into kinetic military operations. Russia is suspected of hacking the Italian Foreign Ministry. And in industry news, RSA opens in San Francisco with the annual Innovation Sandbox.

Dave Bittner: [00:00:35:06] Time for a message from one of our sponsors E8 Security and let me ask you a question. Do you fear the unknown? Lots of people do of course, Ghost Face, The Candy Man, stuff like that but we're not talking about those, we're talking about real threats, unknown unknowns lurking in your networks. The people at E8 have a white paper on hunting the unknowns with machine learning and big data analytics that go beyond the old school legacy signature matching and human watch standing. Go to and download their free white paper, Detect, Hunt, Respond. It describes a fresh approach to the old problem of recognizing and containing a threat no one's ever seen before. The known unknowns like Pennywise or pinhead, they're nothing compared to the unknown unknowns out there in the wild. See what E8's got to say about them. and check out that free white paper. And we thank E8 for sponsoring our show.

Dave Bittner: [00:01:38:00] Major funding for the CyberWire podcast is provided by Cylance. I'm Dave Bittner in Baltimore with your CyberWire summary for Monday, February 13th, 2017.

Dave Bittner: [00:01:47:21] Some state-conflict surfaced in cyberspace late last week and over the weekend. Palo Alto Networks reports an increase in activity on the part of the Hamas-associated Gaza Cyber Gang. Phishing campaigns aim at installing spyware in victim computers. The targets are in Israel and various Arab countries. Palo Alto characterizes the campaigns' technical sophistication as relatively high. As so often happens, the attackers inadvertently aroused suspicions with poor proofreading.

Dave Bittner: [00:02:18:17] ISIS sympathizers are being targeted by Android malware delivered over one of the Caliphate's preferred social media, Telegram. The first stage of infection aims at privilege escalation; subsequent stages vary with the attackers' intentions. There's no attribution, but it's also no secret that ISIS's opponents are actively targeting the group.

Dave Bittner: [00:02:39:18] The US Air Force reported to Congress last week on cyber combat operations. Air Force Vice Chief of Staff General Stephen Wilson, in a written report to the US House and Senate Armed Services Committees, said, “The Air Force conducted 4,000 cyber missions against more than 100,000 targets, disrupting adversaries and enabling over 200 high value Individual kill/capture missions.” This is consistent with a broader trend toward full integration of cyber with other military operations by all the American services.

Dave Bittner: [00:03:13:08] Some observers perceive an increase in the Egyptian government's online surveillance and traffic interception efforts. Their conclusions, or suspicions, are that such efforts are principally driven by domestic security concerns.

Dave Bittner: [00:03:25:21] Sources "close to" the Italian government tell the Guardian and Reuters that Italy's Foreign Ministry sustained a four-months-long cyber attack in 2016. Non-classified systems were successfully penetrated; classified systems are said to have resisted compromise. The Russian government is suspected of responsibility, which will surprise few.

Dave Bittner: [00:03:47:21] The CyberWire, of course, is out at RSA 2017, where the highlight of the conference's first day is the annual Innovation Sandbox. A kind of security start-up Olympics, the Innovation Sandbox seeks to select the year's most innovative information security companies and products. RSA solicits applications (and receives a lot of them), and then selects ten finalists to compete before the judges at this annual San Francisco conference. The final presentations are underway. We expect the judges to announce the winner at 4:30 Pacific Time today.

Dave Bittner: [00:04:20:23] The past winners include some impressive names - Sourcefire took the prize at the first Sandbox, back in 2005. They won for their suite of enterprise threat management solutions, from next-generation security platform through advanced malware protection. This Maryland-born unicorn was bought by Cisco in 2013 for $2.7 billion. Imperva, activity monitoring, protection, and risk management specialists, won in 2006. Their 2011 IPO raised $90 million. Yoggie Security Systems was, according to RSA, the inventor of behavior-based blocking technology in the form of a hardware-based computer security solution. They had raised an additional $2.8 million in capital within a year of winning in 2007, and in 2011 they exited in an acquisition by CUPP.

Dave Bittner: [00:05:09:20] In 2009 Alert Enterprise won for its pioneering work in the convergence of logical and physical security. They raised $27 million in two rounds of venture funding after taking top honors at RSA. Altor, 2010's winner, took the prize for virtualization and cloud security solutions. After raising $16 million in two venture funding rounds, they were acquired that same year by Juniper Networks. 2011's winner, Invincea, was in the news last week over its acquisition by Sophos for $100 million. The work that earned them distinction has been in advanced endpoint protection that combines containerization, threat detection, and response. Appthority has continued to go strong since winning in 2012. The app-risk management shop has raised a total of $25.25 million in equity funding since the appearance in the Sandbox.

Dave Bittner: [00:06:03:22] Remotium was recognized in 2013 for its BYOD-enabling mobile security technology. Avast bought them in 2015. In 2014, Red Owl Analytics won for its risk oversight software solutions for compliance and investigations. They've since attracted $21.6 million in equity investment. Waratek's Runtime Application Self-Protection for apps in data center, hybrid or public clouds took the honors in 2015. Headquartered in Dublin, they continue to go strong, with a North American base in Atlanta. And last year Phantom won for its solution addressing diverse threats in complex environments and the scarcity of expert security personnel. Since winning, they've closed $13.5 million in funding from Kleiner Perkins.

Dave Bittner: [00:06:52:23] To make the final ten is itself a pretty big deal; any finalist over the years would be worthy of serious industry and investor attention and this year's class is no different. The 2017's finalists are: Baffle, of Santa Clara, California. The company takes its mission to be "making data breaches irrelevant." Their deep encryption is applied immediately and stays with the data it protects, whether the data is at rest, in motion, or in use. Cato Networks, of Alpharetta, Georgia and Tel Aviv, Israel. They offer a software-defined cloud-based secure enterprise network that connects branch locations, physical and cloud datacenters and mobile users in a secure, optimized network. Claroty, of Tel Aviv and New York. The company provides a single, holistic, secure platform for operational technology, securing such highly valuable and highly sensitive installations as power plants and offshore rigs. Contrast Security, of Los Altos, California. Contrast holds out the promise of self-protecting software, enabled by deep security instrumentation.

Dave Bittner: [00:07:57:10] EN|VEIL, too secure to really tell you where they're from, but to us they look like neighbors from Laurel, say the Johns Hopkins APL. EN|VEIL offers a scalable framework whose homomorphic encryption lets enterprises work on data without ever decrypting it. GreatHorn, of Belmont, Massachusetts. GreatHorn has an "automated policy engine" that comes pre-configured, ready to install to protect an enterprise from highly targeted attacks in realtime: spoofed emails, homograph domain attacks and financial fraud attempts - RedLock, of Hyderabad, India and Menlo Park, California. They offer a platform that makes enterprise security easy, with a cloud-native architecture, workload behavior monitoring and out-of-the-box policy packs and templates. Unify ID, of San Francisco. They combine implicit authentication with machine learning in ways that uniquely identify you, and they promise to make remembering passwords a "thing of the past."

Dave Bittner: [00:08:55:19] Uplevel, of New York. They apply advanced data science to information culled from internal systems and external sources and they use it to deliver automation throughout incident response. And Veriflow, of San Jose, California. Veriflow delivers a solution that serves reliability. Their continuous network verification technology predicts and verifies availability and security, getting ahead of outages and vulnerabilities, whatever their source. Good luck to them all. If recent history is any guide, all ten of the finalists are companies worth watching, and watching closely.

Dave Bittner: [00:09:35:09] Time for a message from our sustaining sponsor Cylance. Are you looking for something beyond legacy security approaches? If you are and really who isn't, you're probably interested in something that protects you at machine speed and that recognizes malware for what it is, no matter how the bad guys have tweaked the binaries or cloaked their malice in the appearance of innocence. Cylance knows malware by its DNA. Their solutions scales easily and it protects your network with minimal updates, less burden on your system resources and limited impact on your network and your users. Find out how Cylance is revolutionizing security with artificial intelligence and machine learning. It may be artificial intelligence but it's real protection. Visit to learn more about the next generation of anti-malware. Cylance, artificial intelligence, real threat prevention. That's And we thank Cylance for sponsoring our show.

Dave Bittner: [00:10:34:08] And I'm pleased to be joined, once again, by Malek Ben Salem, she's the head of our ND at Accenture Technology Labs. Malek you wanted to tell us about data mining and how that may affect privacy. What do we need to know here?

Malek Ben Salem: [00:10:47:04] So data mining is a process of identifying interesting and unknown patterns and discovering new and meaningful insight from data and with the advent of big data and the availability of public databases that collects a lot of data by consumers and that sell that data to other third parties, there's an increased concern about privacy. So new data mining techniques are known as PPDM or Privacy Preserving Data Mining techniques have emerged in order to protect consumer's privacy and those can be classified actually in two different approaches. One tries to hide or protect the sensitive data, the raw sensitive data itself and other techniques focus on protecting the sensitive results or the outcome of the data mining process.

Dave Bittner: [00:11:45:11] I was thinking, organizations that are subject to various regulations and restrictions and so forth because, you know, when I think of data mining, mostly what I think of are organizations who want to know what I'm buying and, what I'm clicking on Amazon and things like that who, you know, seems to me are not at all interested in protecting my privacy when they're mining my data.

Malek Ben Salem: [00:12:09:03] That is true but I think that will change because a lot of the data breachers have not only just their reputational costs for these organizations but they may have a tangible cost in terms of the consumers actually switching to other service providers. So it's in the interest of these organizations, we understand that they need to collect data and they need to use it in order to customize their services or personal lives, their services to their consumers. But they also have an interest in protecting that data if they really want to gain the trust of their clients.

Malek Ben Salem: [00:12:52:06] These techniques vary, so they're not that sophisticated to implement. You can just rely on data distribution whether horizontally or vertically, meaning that you store the data you collect in different places and you segment that data. If we were talking about a relational database, for example, along certain columns or along certain rows, so that the data becomes distributed so that no single party has access to all of the data. Or you can use our new techniques based on cryptography like secure multi-party computation, that can be used also to perform some of these computations on data, although a lot of theoretical progress has been made for several multi-party computational techniques. But when it comes to evaluating communication and computational costs, we haven't made as much out of this.

Dave Bittner: [00:13:55:14] Interesting stuff. Something to keep an eye on. Malek Ben Salem, thanks for joining us.

Dave Bittner: [00:14:02:14] And that's the CyberWire. For links to all of today's stories, interviews, our glossary and more, visit Thanks to all of our sponsors who make the CyberWire possible especially to our sustaining sponsors Cylance. To find out how Cylance can protect you against cyber attacks visit

Dave Bittner: [00:14:19:06] The CyberWire pod-cast is produced by Pratt Street Media, our Editor is John Petrik, our Social Media Editor is Jennifer Eiben, Technical Editor is Chris Russell, Executive Editor is Peter Kilpe and I'm Dave Bittner. Thanks for listening.