Shade shuts down. CLOP hits pharma. Medical research firm breached. The pain caused by disinformation. Mr. Kim goes downy ocean?
Shade ransomware operators closed down or so they say A. Us Pharmaceutical Company is the victim of KLOPP ransomware and to Chinese medical research firm is breached by cybercriminals centralized versus decentralized approaches to contact tracing a GDP. Our assistant site proves leaky disinformation breeds misinformation. Which breeds folly that brings misery? Ben Yellen tracks responses to the earned it act. Our guest is Katie. Errington CISCO FOR Assistant Secretary for defence acquisition on the cybersecurity maturity model certification and. Mr Kim seems to be Chilean Danny Ocean. It's time to take a moment to tell you about our sponsor recorded future if you haven't already done so take a look at recorded future cyber daily we look at it. The cyber wire staff subscribes and consults it daily the web is rich with indicators warnings but it's nearly impossible to collect them by eyeballing the Internet yourself no matter how many analysts you might have on staff and we're betting that however many you have you haven't got enough recorded future. Does the hard work for you. By automatically collecting an organizing the entire web. Identify new vulnerabilities and emerging threat indicators sign up for the cyber daily email to get the top trending technical indicators crossing the Web Cyber News Targeted Industries? Thread actors exploited Vulnerabilities malware and suspicious. Ip addresses subscribed today and stay ahead of the cyber attacks go to recorded future dot com slash cyber wire to subscribe for free threat intelligence updates from recorded future and we thank recorded future for sponsoring our show funding for this cyber wire. Podcast is made possible in part by McAfee security built natively in the cloud for the cloud to protect the latest like containers to empower your change makers like developers and to enable business accelerators like your team's piled security. That accelerates business. It's about time go to McAfee DOT com slash time run the cyber wire studios at data tribe. I'm Dave Bittner with your cyber wire summary for Tuesday April Twenty Eighth. Two thousand twenty the operators of these shade ransomware also known as Troll dish. Say they've closed up shop in that they regret the harm. They've done as an earnest of their good faith. They've released Z. Denied reports seven hundred fifty thousand decryption keys and expressed the hope that they're victims might use the keys to recover some of their data researchers and Kaspersky have looked at the keys and said that they're genuine. Why the gang behind shade one of the oldest not the most consistently successful ransomware strains decided to shut operations is unclear. Bleeping computer points out that shade unlike many gangs didn't shun Russian or Ukrainian targets and in fact was most active in those two countries. One always suspects that feeling. The hot breath of the law on your neck is a more effective. Goad the promptings of a troubled conscience on the other hand. If that's the case why bother released the keys in another ransomware incident pharmaceutical company executive farm has disclosed that it was the victim of a ransomware attack in March. The attackers compromised an encrypted personal data belonging to employees of executive farm as well as information concerning employees of Parixel that was also maintained on executive farm servers. Tech crunch confirmed that KLOPP ransomware was specifically involved. No descriptors are yet available for KLOPP and the gang has begun to publish the stolen data on dark website. Hackery reports that security firm. Cybele says it's found evidence that the Biomedical Company. Weighing medical has hacked and that some of its stolen data are now for sale in the dark web cycles report says that a threat actor going by the name Theo. Time who claim Simul deems credible is asking for bitcoin for weighing data. The stolen information is said to include users technology and knowledge for Kovic nineteen experiments information weighing medical. Gained a degree of fame or notoriety for its strong claims reported by venture beat and others that it has a method of using C. T. Scans to detect Kovic nineteen infections and that their technology has a ninety seven percent accuracy rate the US Centers for Disease Control and Prevention recommend against using either C. T. Scans or x rays for Kovic Nineteen diagnosis as do radiological professional organizations in Canada New Zealand. The US and Australia apple and Google are rolling out there. Decentralized contact tracing APP and it's found favor in some places Germany among them. Britain's National Health Service will not be using it however the NHS is pursuing its own system that will also use Bluetooth low energy signals as a proxy for close approaches to possible sources of infection but the BBC says NHS wants the data centralized the better to adapt them to closer management of the pandemic. According to the New Statesman the British health agency has brought in. Us Big data company pollen tear to help them develop their preferred alternative. Gdp are dot e you a proton run site co funded by the European Union that offers pointers about GDP compliance was found by pen test partners to be leaking data. It is now secured. It was dot git repository if your work touches the federal government sector. You should be well aware of the cybersecurity. Maturity Model certification the C. M. M. C. Katie. Arrington is so for Assistant Secretary for defence acquisition at the US. Department of Defense accumulatively. We're losing about six hundred billion dollars a year in the US to cyber espionage IP Loss Then straight cyber espionage and so we knew we had to do something different and we had In two thousand fourteen President Obama signed in special publication. Eight hundred dash one seventy one are one and it was directed that all department of Defense contracts that had cu I controlled classified information Had to be a testing to doing these hundred and ten controls in that Guideline and so we just needed a way to create You know get companies a prepared for the data that they'd be receiving and to have an auditable trackable way to do that Understanding the resourcing within the DOD so we understood. Clearly that this needed to be outside. The government Something that companies much like an Ice Oh certification and we could then make sure that everybody had the critical thinking skills behind fiber that are needed to defend themselves in this This industrial age. And where do we stand today when it comes to the rollout so the roll out We put the model out in January of two thousand twenty the accreditation body that is actually the ones that certify the auditors they are working on the training in curriculum programs. We are still on target to rule out some are F is in June with the EMC in it. That you know. We're in the process of the rule. Change to the deeper rule. So we're still on target I'm not gonNA pretend and say that. Kobe nineteen hasn't had a impact as the training for those you know this. Emc that's what's really struggling because we did When we originally set it up it was a fifty fifty split. Fifty percent of the education and the training was online in fifty percent was in person. We have the training and curriculum. I just don't know how we can Modify quickly enough to execute In early May. That's the only Caveat that we have right now and what has the response been overall to the folks at this is going to affect? How were they reacting to it in the beginning A little bit of you know why Now it's Widely accepted that. This is the path forward That everybody needs to have cyber hygiene and that everyone needs to have some critical thinking skills behind it so we've actually had an overwhelming response Moving forward everyone needs cybersecurity. And and you know Kogo. Nineteen has shown us that You know the the world the nation our culture The way we deal with each other has changed. There's anything positive to me made out of this. It's the heightened awareness of why the EMC was desperately needed. And you know what impact cyber has on. On Day to day life it's been a resounding Effort at that maturation now during this horrible time in our country and our our world history. That's Katie Errington. She's so for Assistant Secretary. For defence acquisition state run disinformation can gain surprising amplification when it finds an audience. The Chinese Communist. Party's claims that Kovic nineteen was brought to Wuhan in October a US service members participating in the World Military Games a kind of goodwill Olympics among the world's military services have been widely broadcast by Chinese officials statements often in the form of a call for investigation sometimes with the suggestion that the virus was an American bioweapon. Us Secretary of Defense. Esper- calls the allegation completely ridiculous and irresponsible. And we're with him on that but not everybody is and everybody in. This case includes some youtubers. Cnn reports that one US Army reservist who participated in the Games has been called out as the source of infection and is receiving all the hostile attention. One would expect the charge that the reservist is the patient zero of the infection and the prime mover in. The pandemic is of course absurd. But that hasn't prevented youtubers from pushing it. Acting in effect as a kind of cyber mob prominent among the youtubers flagging the story is a gentleman whom we will not name. Cnn calls a misinformation broker but who describes himself as investigative journalist? He's propounded numerous conspiracy theories in the past to the extent that Google has stopped running ads on his channel. He is as he would put it only asking questions but the questions are specific and damaging especially to the reservists who has nothing to do with the virus at all and is being mobbed for it. False suggestion is a form of false witness. But Hey they're just asking questions right. Finally it now seems likely that rumors of North Korean leader Kim Jong UN's death or incapacitation are false. The Washington Post Cites. Us and South Korean sources. That suggest Mr Kim and his private trainer in one son on the Korean East Coast. The rumors had prompted and will no doubt continue to prompt speculation about the future of the North Korean regime jockeying for succession and so on but Mr Kim's father and grandfather were similarly content to let unfounded accounts of their death. Circulate that may be the case with Young's current leader. One son is in some sources being described as a seaside resort but in truth the port city might be more Perth amboise or even Port Elizabeth than it is Ashbury Park but assume it's DPRK ashbury park or ocean city. Let's Mr Kim Up to enjoying the boardwalk little miniature golf ab skibo. Hey we're just asking questions and now a word from our sponsor last pass last passes an award-winning security solution. That helps millions of individuals and over sixty one thousand organizations navigate their online lives easily and securely businesses can maximize productivity while still maintaining effortless strong security with last pass. Security is essential for a remote workforce last past identity helps make stronger security seamless through integrated single sign on Password Management and multi factor authentication last pass identity enables remote teams to increase security. Last pass can help prevent against the uptick in cyber attacks targeting remote workers through biometric authentication across APPs workstations and VPN's for an additional layer of security across all critical devices. It can help manage user access regardless of where or how employees need access last Passan's shores employees always have secure access to their work applications through single sign on and Password Management. It helps your employees securely share last pass enables remote employees to securely share passwords across teams in order to securely collaborate and stay on top of critical projects and it helps maintain control last pass enables it to remain in complete control over which employees are accessing which resources no matter where they're working from with last pass identity. You can keep your remote workforce secure and connected visit last pass dot com to learn more. That's last pass dot com and we thank last pass for sponsoring our show and joining me. Once again. Is Ben Yellen. He is from the University of Maryland Center for Health and Homeland Security. Also my co host on the caveat podcast Ben Great to have you back interesting Article Came by from Mash -able And this is something you and I have been talking about quite a bit over on caveat and that is the earned act which is Something making its way through Congress but It's gotten a response from the folks who make the signal APP which is end to end encryption Communications APP allows you to text and have audio conversations and video and so forth They're saying they may pull out of the US market. If this earn it act goes through a help us understand what's going on here. Sure so the earned act was introduced in the United States Senate. And you know you and I love Legislative acronyms eliminating abusive and rampant neglect of interactive technologies. Act of Twenty Twenty. They even included the word. It the acronym so that high praise absolutely. The bill has a bipartisan sponsors. And it basically is a way to make companies comply with best practices in terms of encryption based on the recommendations of a government-appointed commission. Now the way they will try to enforce these best practices is to remove the protections under section two thirty of the communications decency. Act as your listeners. Know and we've talked about the caveat that act as shields companies from liability based on what the users post on those applications or services if the earn it acts were to be an accidental law and the commission put together regulations that were critical of end to end. Encryption services like signal then signal could be subject to a number of lawsuits under section two thirty of the Communications Decency Act and what signal is saying is it would not be worth it for us to do business within the United States if we were subject to those lawsuits I think their fear is certainly a legitimate one. The commission is largely going to be at the direction of the attorney. General the Attorney General of the United States. William bar is a foremost One of the foremost critics of end to end encryption encryption generally he supports a back door for the government to access information he has his legitimate reasons behind it. This bill is intended to curb child abuse. Child pornography those types of things But he is very hostile to the concept of encryption and if he has his hand in putting these regulations together you know this is likely going to be something that signal will choose not to comply with because it would go against the mission of their messaging service and if they fail to comply they would be subjecting themselves to legal liability and would have to leave the market And they let their their users know about this In a long blog post basically said. Look if you enjoy our application you better start making some calls to your senators Right now this. Has BIPARTISAN SUPPORT? There is a lot of opposition among privacy groups. And we need you are users to make your voice heard to tell your members of Congress that you value our service value end to end encryption and you think earn it act is gonNA undermine that surface well in a lot of folks Make the point which which I think is correct. That encryption is is not exotic so if we're trying to protect ourselves from bad guys there's nothing keeping a bad guy from going off. Shore of the United States and finding some encryption some end to end encrypted APP. That's available somewhere else and making use of it right. And in that sense the sort of introduced a perverse incentive for people to use overseas applications applications. That you know aren't headquartered in the United States because as you say this. This encryption is going to excess. It's just whether you know. The commission rights into regulation that this type of encryption doesn't comply with the Commission's best practices and thus companies are going to be subjected to this flood of lawsuits. So I think you're right that any bad guy could find encrypted application. There are a lot of them out there especially those that originate outside of the United States. I think that's a large purpose for such widespread opposition to this piece of legislation in Congress. And I actually just commenting on that. Opposition it's interesting because for people who don't know a lot about digital privacy when you read the Plain Language of this act. It seems like a no brainer. You know we're trying to protect against child exploitation. Let's put best practices in place to ensure that you know the government can get bad guys if it needs to. So it's good that the that these privacy groups And you know some of these applications like signal that have a loyal user. Base are are getting their voices heard on this matter. I isn't it sort of That phrase best practices. Isn't that a bit loaded in this case it? Is You know. Best Practices as consultant. Speak so you know I'm always. I'm always wary of fat term. They're using best practices but when you're threatening to remove a liability shield not really best practices. It's more like do this year. Get sued so that's company Nice Company. You've got here abuse. Shame if anything were to happen to it exactly. Yeah like this is a good idea for you. It will be good idea for engage in these practices. Not You're going to be sued at business if you don't comply so yeah definitely is a loaded term all right. We'll bend yell and thanks for joining us. Thank you dave. And that's the cyber wire links to all of today's stories. Check out our daily briefing at the cyber wire dot com and for professionals in cybersecurity leaders. Who WANT TO STAY. Abreast of this rapidly evolving field sign up for Cyber Wipro. It'll save you time and keep you informed. Listen for us on your Alexis. Smart Speaker to thanks to all of our sponsors for making the cyber wire possible especially are supporting sponsor observed approved point company and the leading insider threat management platform learn more at observant dot com cyber wire. Podcast is proudly produced in Maryland out of the startup studios of data tribe with their CO building. The next generation of cybersecurity teams and technologies are amazing. Cyber wire team is Elliott Peltzman Peru precaut- Stefan vizier. Kelsey bond. Tim No Dr Joe. Kerrigan Herald. -Tario Ben Yellen Nick Valenti Gina Johnson Bennett Mobile Chris Russell John Patrick Jefferson. Rick Howard. Peter Kilby I'm Dave Bittner. Thanks for listening so you back here tomorrow.