The CyberWire Daily Podcast 4.16.18
Ep 578 | 4.16.18

Info ops follow airstrikes, to be followed by sanctions. Expect cyberattacks and reprisals, with a chance of kompromat.


Dave Bittner: [00:00:03:19] RSA opens with ten rising stars in its annual Innovation Sandbox. US, British, and French coordinated strikes against Syrian chemical warfare targets prompt Russian information ops and warnings from Britain that the UK will retaliate against any cyberattacks against infrastructure. And charges are filed against an alleged Reveton ransomware money launderer.

Dave Bittner: [00:00:31:12] Time to share some words from our sponsor Cylance. Are you headed to RSA? Don't forget to look up Cylance while you're there. Drop by booth 3911 in the North Hall and meet up with their expert professional services staff or attend one of their featured conference sessions. If you're in a festive mood, you can connect with them at the Digital Shadows Security Leaders party. Wherever you make your connection, they look forward to talking with you. You can ask them about AI and machine learning or ask about their industry-leading research into threat actors who threaten our power grid. You can learn more about their presence at RSA by searching "Join Cylance at RSA conference 2018." And we thank Cylance for sponsoring the CyberWire. That's "Join Cylance at RSA conference 2018," and be sure to connect with the company that's making a difference in security. And we thank Cylance for sponsoring our show.

Dave Bittner: [00:01:30:06] Major funding for the CyberWire podcast is provided by Cylance. I'm Dave Bittner coming to you this week from San Francisco, the city by the other bay, here at the 2018 RSA Conference, with your CyberWire summary for Monday, April 16th, 2018.

Dave Bittner: [00:01:46:00] The RSA conference begins today with the customary preliminaries, including the first rounds of off-site meetings hosted by companies and associations. And as a quick note to kick off the week, our publication and production schedule may be a little different through Friday, our time zone is in San Francisco, but our circadian rhythm is in Baltimore. As, with apologies to Tony Bennett, are our hearts.

Dave Bittner: [00:02:09:21] The major event today at the Moscone Center, of course, is the annual Innovation Sandbox. Ten finalists will compete for this year's honors, with final pitches and voting taking place early this afternoon. The companies who will compete for top honors include Alcavio.

Dave Bittner: [00:02:25:19] The news continues elsewhere, of course, with kinetic action stoking information operations and putting contending powers on high alert for more directly damaging cyber offensives.

Dave Bittner: [00:02:36:18] Strikes against Syrian chemical weapons facilities over the weekend are influencing Western countries' calculations of the likelihood of Russian cyber retaliation. The closely coordinated strikes, carried out over a ten-minute period at 4:00 AM Saturday, local time, by US, British, and French forces operating in the region, were an attempt to cripple the Syrian government's chemical warfare capabilities and punish the regime for its recent use of them against Syrian civilians in the city of Douma. The strikes were also a warning to Russia, which is the Assad regime's principal international support, as well as to Iran, which has its own investment in the Syrian civil war.

Dave Bittner: [00:03:15:23] The first Russian responses to the strikes have been information operations, both online and published sympathetic media outlets following government lines in Syria, Russia, and Iran. Media in Russia, Syria, and Iran have generally denied that Syria conducted chemical strikes, that Russia altered or removed evidence of such strikes, that the 105 missiles fired were mostly intercepted, which on the basis of battle damage assessment photographs the US released seems clearly false, that the attacks, while unsuccessful, will produce a refugee crisis and that, of course, the strikes are simply malign American aggression.

Dave Bittner: [00:03:54:03] The US Department of Defense Saturday reported a large increase in Russian trolling, quoting a figure of 2000%. This should probably be read as "a big increase in information operations" dressed up in some possibly exaggerated quantification. In fairness to the official Russian organs, we quote Sputnik: "2000% compared to what?" Still, a lot of action and plenty of trolls by any reasonable estimation.

Dave Bittner: [00:04:21:13] Prime Minister May has been briefed on the likelihood that leading British public figures, including members of the Cabinet and other Members of Parliament, will be attacked through release of scurrilous material, "kompromat."

Dave Bittner: [00:04:34:09] Germany's Foreign Minister, Heiko Maas, this weekend reiterated his government's attribution of cyberattacks on his Ministry's networks to Russia. Speaking to ZDF, he said, “We had an attack on the Foreign Ministry where we have to assume that it stemmed from Russia. We can’t just wish all that away. And I think it’s not only reasonable but necessary to point out we do not view those as constructive contributions.” Those were comments that he made to Reuters. The US, also preparing for cyberattacks, is expected to impose further sanctions on Russian companies sometime today.

Dave Bittner: [00:05:11:09] As we explore the show floor at the RSA conference this week, countless companies will be vying for our attention hoping to convince us that their solutions outshine their competitors and are something that we simply cannot live without.

Dave Bittner: [00:05:24:22] Paul Martini is CEO at iBoss Cyber Security where they provide a web gateway as a service, and we checked in with him for his thoughts on the cyber security marketplace and the ongoing shift to the cloud.

Paul Martini: [00:05:37:14] You know, it's a very crowded market. I think it's a crowded market for a reason. Cybersecurity's a very important aspect of society with state and nation warfare and cyber warfare and everything else. Everybody is trying to find the silver bullet. I think the reality is there is no silver bullet when it comes to cyber security, just like there is no silver bullet to anything in life including seatbelts and airbags that are not going to definitively prevent a death in an accident.

Paul Martini: [00:06:05:09] But the thing in this market is to look at ways to collaborate and to get complimentary technologies delivered in such a way that, together, they can deliver overall better efficacy and better protection to end users as well as simplify the job and the workload for IT professionals.

Dave Bittner: [00:06:24:19] So, do you think this is an industry that is ripe for consolidation?

Paul Martini: [00:06:29:13] Yeah, absolutely. And it's more than just a consolidation of mergers and acquisitions of companies. I think the consolidation will happen through the platform providers that enable these technologies to be delivered to the end user or to the IT administrators in a very simple way.

Dave Bittner: [00:06:48:09] Now, we certainly hear a lot of talk these days about third party risk. What do you say to folks who push back? You know, there's that saying, "I want my servers where I can see them." What do you say to folks who are hesitant to collaborate with outsiders?

Paul Martini: [00:07:04:17] Yeah. You know, I think, especially when it comes to appliances or virtual equipment where an IT administrator or security admin wants to see the server, the reality is you can't say the same thing about the employee. So, you can't ask the employee to just sit in the office within the four walls that has all the perimeter defense for that employee. They're going to go home and you're not going to see them. The difference being that they're going to be on their laptop or on their phone accessing Office 365 or accessing other cloud applications or business applications and then fall outside of your control.

Paul Martini: [00:07:40:05] So, the shift to the cloud, because the applications have moved there, have nothing to do with cyber security. And that shift in momentum is happening regardless of whether cyber security wants to catch up or not because it's easy to consume, easy to use and allows all of these vendors, some of which may not even be in the cyber security space at all, to deliver value to a business. And so, really, the job of the cyber security industry or a cyber company is to see how we can apply the same needed cyber security in a different world, in a world that you don't see the servers and you don't see the applications because the world is moving to the cloud regardless of your cyber security.

Dave Bittner: [00:08:22:04] That's Paul Martini from iBoss Cyber Security.

Dave Bittner: [00:08:27:03] And, finally, at the end of last week a Microsoft engineer entered a plea of not-guilty before a Federal judge in Florida. Raymond Uadiale, 41, faces charges of conspiracy and money laundering. He's alleged to have been involved with the Reveton ransomware gang, famous for having used the FBI logo in its scare screens, and is said to have laundered money paid by ransomware victims.

Dave Bittner: [00:08:55:19] And now, a bit about our sponsors at VMware. Their trust network for Workspace ONE can help you secure your enterprise with tested best practices. They've got eight critical capabilities to help you protect, detect and remediate. A single open platform approach, data loss prevention policies and contextual polices get you started. They'll help you move on to protecting applications, access management and encryption. And they'll round out what they can do for you with micro-segmentation and analytics. VMware's white paper on a comprehensive approach to security across the digital workspace will take you through the details and more. You'll find it at the See what Workspace ONE can do for your enterprise security. And we thank VMware for sponsoring the CyberWire.

Dave Bittner: [00:09:56:12] And joining me once again is Emily Wilson. She's the Director of Analysis at Terbium Labs. Emily, welcome back. We are heading into conference season here. As we record this, we are just heading into the RSA conference. You've been attending several conferences already this year, so we thought we'd go through some tips and guidance for folks who may be heading off to some of the big shows.

Emily Wilson: [00:10:18:10] Yes. Conference season is upon us. We are all booking flights and checking schedules and coming to terms with the fact that we're going to have to go to Las Vegas at least once. There are a few things that I would recommend for people, and these may sound obvious. The first one is be realistic about how many talks you can actually go to back-to-back and how much time you're going to need to catch up with people in between. Not all of these conferences are well-scheduled for taking breaks and actually taking the time to network, and I think, if you're trying to cram in every single talk, especially if you are running between different buildings of the Moscone Center or whatever campus you're on, it's just not going to work.

Dave Bittner: [00:10:58:02] I think you also need time to digest in between. You know, take it in, let it settle sometimes.

Emily Wilson: [00:11:03:06] I think that's important, and you should figure out what works best for you. If you're going to take notes and then type them up later, if you need to digest with yourself or with your colleagues immediately after each talk, know yourself and don't try to bend your strength and weaknesses too much around a conference.

Dave Bittner: [00:11:21:23] You and I often talk about diversity issues and I'm curious, for someone heading off, if maybe this is their first time at one of these big shows. If I'm a young woman heading to a show, do I need to have my defenses up? What should I be prepared for?

Emily Wilson: [00:11:35:10] That's a loaded question. I would say a couple of things. I was recently at a conference that had exclusively female speakers and 50% of those were women of color and 10 to 12% were trans and non-binary and that's just one example of this is not that hard to do. I think saying "It's hard because it's tech" or "It's hard because it's security," that just tells me it's not a priority for you, and it should be a priority because I think all of us walk into any space, a conference or anything else, and we want to see people who look like us there, and if we don't, what does that mean and is it worth our time to stay?

Dave Bittner: [00:12:18:10] But I think it's important, when you talk about feedback, there's that old saying that you get more flies with sugar than vinegar. I think positive framing of constructive criticism, do you think that's the better way to go?

Emily Wilson: [00:12:32:16] I do. I think if you approach someone in frustration, they're going to get defensive just as any of the rest of us would if someone came up to us frustrated. I think there is space for having an open and constructive dialogue about this and saying, "Hey, I'd like to help. I'm curious how you went about. I'm curious what your plans are for next year," because there are so many incredible people out there who, whether we're talking about diversity and race or gender, background, age, career path, experiences, there is so much to tap into in this community and I think we should be taking advantage of it.

Dave Bittner: [00:13:10:02] All right. Emily Wilson, thanks for joining us.

Dave Bittner: [00:13:14:19] And that's the CyberWire. Thanks to all of our sponsors for making the CyberWire possible, especially to our sustaining sponsor Cylance. To find out how Cylance can help protect you through the use of artificial intelligence, visit And thanks to our supporting sponsor VMware, creators of Workspace ONE Intelligence. Learn more at

Dave Bittner: [00:13:36:20] The CyberWire podcast is proudly produced in Maryland out of the start up studios of DataTribe, where they're co-building the next generation of cyber security teams and technology. Our show is produced by Pratt Street Media with editor John Petrik, social media Jennifer Eiben, technical editor Chris Russell, executive editor Peter Kilpe, and I'm Dave Bittner. Thanks for listening.