Opium, United States, Mr Sherman Hopkins discussed on The CyberWire
For Wednesday December eleventh twenty nineteen Iranian officials. Say they've stopped a very big cyber attack. US News News reports. But Tehran didn't call out the nation responsible or say what attack they were referring to the New York Times independently reports that the breach and exposure hoosier of fifteen million Iranian bank debit cards followed. Last month's unrest in that country the number of accounts involved amounts to a fifth of the country's population appellation Iran's information telecommunications minister denied that the nation's banking systems computers had been breached and said that the incident was the result of an insider under threat what he described as a disgruntled contractor who had used his access to the accounts to expose them in extortion caper the Times notes speculation speculation that an unnamed nation state adversary was behind the data theft the presumed goal of a nation state would be to induce more instability into in Iranian society the already under stress induced by international sanctions messages that represented themselves as being from the attackers were distributed over telegram with the initial initial communique reading. We will burn the reputation of their banks the same way we torched their banks. The burning is an allusion to the damage done to some seven hundred thirty banks during last month's rioting so the stolen paycard data remains for now under investigation security firm cyber reason today outlined a new use for trick bought spreading anchor malware against a select set of targets sentinel labs which has been tracking related. Activity reported reported yesterday afternoon. That the trick about criminal enterprise is now supplying. North Korea's Lazarus Group criminal groups have worked with State Intelligence and security agencies before but this transnational collaboration is relatively unusual. The more common pattern the one observed in Russia where gangs operate at the the suffering of the state under the tacit understanding that they'll leave certain potential usually domestic victims alone and that they'll undertake occasional tasks as the organs. Correct the trick. Cooperation seems closer to a conventional business arrangement than it does to a protection racket trick. Bond has been adept at both both code injection and quiet harvesting of desktop credentials threat post warns that banks especially should look to their defenses. The Lazarus Group has long been involved solved financial crime as it meets tasking to redress North Korea's chronic sanctions induced shortfalls and trick. Bought began its career as financially focused focused malware as the United Kingdom prepares for tomorrow's election business insiders sites experts. Who See disinformation circulated via WHATSAPP as a problem for voters concern about the potential for foreign meddling remains high but not all mendacity comes from abroad? The New York Times notes that that supporters of the two largest political parties labour and the Conservatives have themselves apparently learned from the Russian disinformation playbook operating misleading sites. It's trading in leaked documents and fomenting malicious rumours. What's new of course is that this is being done over the Internet as opposed to the coffee houses and newspapers I that would have been? It's vehicles say the late eighteenth century the US Senate judiciary. Committee's hearings on encryption policy opened today observers versus the balance in the Crypto wars tilting against end to end encryption facebook is hanging tough for the pro encryption side but the Telegraph thinks. The social network is now. I WANNA fight. It will find it difficult to win. That fight is proceeding on both sides of the Atlantic and those in favor of limiting the reach and effectiveness of encryption typically law enforcement agencies who see their work as a contribution to what former FBI director James Comey called ordered. Liberty have gained momentum by arguing that while L. Privacy is all well and good. Encryption has too often played a role in enabling child abuse and human trafficking back in two thousand fifteen. The opium breach captured Richard the attention of the security community and the public at large for both its size and the scope of information taken in the years since the opium breach served as a case study study for those monitoring. The information gathered from the victims. Kevin Lancaster is general manager of security. Solutions that Cassia and CEO of ID the agent. He was among those who were brought into remediate the breach from the outset. When you have an incident breach the first focus? The first goal was always as you know. Identify what happened. What was extracted and then normalizing insecure right so you want to really respond quickly and understand what happened? It's it's always chaotic when you're dealing with an incident but something of that magnitude it's polarized compounded by the fact it's US federal government and it's is GonNa make the news just about every corner of the globe so there's always that very worse just it's really intense. Then you get into program launch and you often you do you reserve eight hundred numbers and notifications for those that were impacted by the incident but began because of the enormity and how much speculation there was the government opium and others decided to release the call center hundred numbers and so we went from really strong response. Times maybe two three or four minutes in the call center to something like three hours four hours as we're recording this We're coming up on twenty twenty and the opium breach happened back in Twenty fifteen so I think it's it's sort of unique in that we have the ability to have that distance in the rear view mirror between now and when it happened. What are some of the? Take homes for you now that you've had time to take it all in to To analyze what has happened in your own. Mind when you look back on it. What are some of lessons you take away from it most of the the large salacious breaches that you have out there and when you're dealing with they very persistent well-funded adversary? Most Salaam could have been mitigated with layers right adding in multi factor to access your. Oh three sixty five so I think part of the takeaway is that you know. Maybe it's maybe was a funding challenge for opium Fed governor in particular their bare minimums that they could have been doing five years ago. Birmingham's at organizations could be doing today to mitigate seventy eighty percent of the attacks that they see on daily basis and so what are the disconcerting things. And all. This is that you still see statistics out there about seventy five. Eighty percent of people still use the same or derivation of the same password written written the broader population before five percent of the broader population. You're using a password manager or some type of multi factor in every single and in any thin- they signed into so just tells you that we still have a long way to go to make these bare minimums standards that is I think part of the positive device products out of some of these incidents looking the nist is coming out with these frameworks and their statements on passwords and password usage complexities. I think looking back. It's like well. That was five years ago. A lot of things have changed. A lot of things haven't changed and so there's good and bat against in hindsight that's Kevin Lancaster he's general manager of security solutions at Cassia and CEO of idea agent the city of Pensacola. It's a Colo confirmed yesterday that the cyber attack it's sustained was indeed a ransomware incident W. E. A. R. TV reports. That's what it looked like at first and in the US at any rate state and local governments have become favorite targets of ransomware nor should tribal governments be forgotten either the eastern band of the Cherokee nation nation also sustained a ransomware attack according to the Charlotte Observer. One that hit sometime Monday. Tribal authorities say they've contained the infestation but that they've also powered down their servers pending a full recovery services are being restored as soon as that becomes possible. Cherokee police have one suspect in custody city in a speech posted on facebook principal chief. Richard SNEAD's said that a member of the tribe employed by the tribal government is believed to have carried out the attack. Chiefs need declared a state of emergency for the eastern band which is also working with the FBI and other federal agencies. They're treating the incident as an an act of domestic terrorism. Yesterday was patched Tuesday and Microsoft issued sixteen security updates. Three of which closed remote Code Execution Vulnerabilities Abilities. It's also the end for real and forever of support for windows. Seven and Microsoft says it's going to display a big full screen message to the dead enders. Here's on January. Fifteenth your windows. Seven P C is out of support read and he'd did enders. Adobe also patched fixing fixing seventeen issues and photoshop reader and brackets and Google updated chrome as it begins rolling out a feature that will warn users if they've got an exposed password word and finally remember the case last year of the guy who attempted to seize control of the domain name do it for state at gunpoint and was thwarted when when he himself was shot in the bungled attempt to make the legitimate owner transferred. The rights to a different go daddy account Mr Sherman Hopkins. Junior of Cedar Rapids Opens Iowa pistol whipped and then wounded the domain owner but in the ensuing tussle the victim Ethan. Do got the gun. Away from Mr Hopkins and in turn shot him. Both men have recovered. and Mr Hopkins is now a guest of the correctional system as you might imagine. Mr Hopkins was not the mastermind behind the idea. No that would have been his cousin Mr Rossi Laura. Theo Adams the second known as Polo Mr Adams in Iowa state alumnus and proprietor later of influencers site devoted to Keg our culture around the university belt his own enterprise would be more successful if only it had the slogan do it for state imbedded in its domain any who the US attorney for the northern district of Iowa on Monday announced that Mr Adams would serve fourteen years on on one count of conspiracy to interfere with commerce by force threats and violence. Well if you've got to do time it would for state. It's time to take a moment to tell you about. Our sponsor recorded future recorded future is the real time threat. Intelligence Company company whose patented technology continuously analyzes the entire web develop information security intelligence gives analysts unmatched insight into emerging threats and when analytical talent is as scarce and pricey as it is today every enterprise can benefit from technology that makes your security teams more productive give than ever. We hear the cyber wire have long been subscribers to record future cyber daily and if it helps us confident it will help you to subscribe today. A. And stay a step or two ahead of the threat go to recorded future dot com slash cyber wire to subscribe for free threat intelligence updates from recorded future. That's that's recorded future dot com slash cyber wire and we thank recorded future for sponsoring our show.