Credential stuffing attacks and data breaches. Coronavirus-themed phishbait is an international problem. Super Tuesday security post mortems. Huawei agonistes.
Prudential stuffing affects J. crew and TESCO. Customers T. mobile discloses a data breach 'em Court works to recover from a ransomware infestation corona virus themed emails. Remain Common Fish Bait. It's an international problem. Us authorities are pleased with how election security on Super Tuesday went but some local governments are recovering from self inflicted wounds and there's more unofficial us suspicion of Warwick and now a word from our sponsor extra hop securing modern business network detection and response about native is a Buzzword also a direction IDC predicts that seventy percent of enterprise applications will be developed cloud native by twenty twenty one. It's time for security teams to adopt the same agility and speed as their devops counterparts. So they can. Secure Multi cloud deployments and Enterprise. Iot At scale extra helps organizations like Home Depot and wizards of the coast detect threats inside their hybrid cloud environments up to ninety five percent faster and respond sixty percent more efficiently investigate an attack with extra in the full product demo of cloud native network detection and Response Available online at extra dot com slash cyber. That's extra hop dot com slash cyber and we thank extra for sponsoring our show funding for this cyber wire. Podcast is made possible in part by McAfee security built natively in the cloud for the cloud to protect the latest containers to empower your change makers like developers and to enable business accelerators like your team's piled security. That accelerates business. It's about time go to McAfee dot com slash time from the cyber wire studios at data tribe. I'm Elliot peltzman filling in for Dave bittner with your cyber wire summary for Thursday march fifth twenty twenty. Today's news include several disclosures of data breaches and ransomware attacks. First clothing retailer. J. Crew has warned affected customers that sustained a data breach in April of Twenty nineteen. The store has disabled an unknown number of accounts that were exposed in the attack. It's asked the affected customers to contact customer care to restore those accounts. Bleeping computer's says the incident was a credential stuffing attack in credential stuffing attacks. The bad actors use big collections of username and password combinations which they try against targeted accounts. Sometimes they get hits. The tactic works because people tend to use the same user names and passwords across multiple accounts. If one account is compromised the credentials can be tried elsewhere. There's a thriving underworld market for stolen credentials and credentials stuffing is a big reason. Why that particular crime pays. In addition to writing affected customers. J. Crew has also notified California's Attorney General Tech Crunch Wonders. Why it took. J. Crew almost a year to disclose the breach. A spokesman told the news outlet that routine web scanning detected improper access and customers were quote promptly notified and quote. There's some vagueness there. It's not clear for example when the scanning took place or win the anomalies were detected. Credential stuffing has also bothered consumers in the UK. The Big British supermarket chain. Tesco has responded to a credential stuffing campaign against shoppers. Who use its loyalty cards by reissuing? Some six hundred thousand new cards to its customers. Tesco told the BBC that its own systems had not been breached but that customer loyalty accounts had been back in the US Connecticut headquartered industrial conglomerate M core has disclosed that. It sustained a ransomware attack. This specific strain involved is real. Amcor says it's investigating but that operations continue and there appears to have been no data-breach and mobile carrier t mobile has warned customers that an attack on its email provider resulted in the compromise of a relatively small number of employees email accounts this is of concern to customers because some of the employees emails that could have been accessed by the attackers contained customer information. That information might have included. T mobile said quote customer names and addresses phone numbers account numbers rate plans and features and billing information end quote credit card and social security numbers. Were not the company added at risk. They've closed the breach and are working with federal law enforcement to investigate historically SEASO's have turned to the government and said defend us from other countries that want to wage war on a country. But how do you defend against a country that wants to wage war against a business joining us as bill? Har- see so at secure off. Who spoke with Dave about the New Challenges? Seaso's face helping businesses stay ahead of these threats. The world of bringing systems people companies online into a digital environment that has no gates. No controls has a pathway from anywhere to anywhere in milliseconds. And if if you think sort of historically or even currently an ICBM takes thirty to thirty five minutes to make it from Russia to the US Right now you onto dos attack in milliseconds and now it's encrypted technology so with everything going to SSL you have nice private communications between some point somewhere and the targets are after today with the attack that we see Equifax Marriott opium anthem. None of that data showed up on the dark web for sale. And that's because you know somebody nation state and I think it was yesterday. The they charge the the P. L. A. With The equifax hack. They're looking for massive amounts of data. They need as much data as they can because then they can start. They can quite comfortably sitting in a secure facility somewhere in China or Russia wherever it is start running analysis on who would be a good attack or good target who would be a good victim. Who could they turn? And it doesn't have to be that typical one where you're looking for the one person that has access to everything you can. Now look for somebody who has access to someone who has access to someone who has access and you know in sorta going down the line. So it's it's a it's a really really messy place. The there were sitting right now. You know I've heard folks say that. Imagine it had the Sony breach in a physical breach. Had you know a a nation state Broken in rifled through the file cabinets and taking things back to their country We'd be talking about a different situation in terms of how we would describe that or label that You know could be considered not just espionage. Perhaps an act of war. How do we contend with that? How do we contend with that difference? That in the end it seems to me like the results are the same. The the the bad guys have your information. They have your data. What's the responsibility of our nation to help? Protect us against these things That is that is a really good question. Because it extends I think farther than just stealing information you know a DOS attack takes people take systems out causes economic disruption well the USO had isolation right friends to the north friends to the south and historically if you look at something like Britain Britain had the Rif they had the anti aircraft guns. They had Boats in the Water. Patrolling the shores. And that's how they defended so you know. Planes came over tried to carpet bomb the citizens of the factories or destroy the the economy. They had a defence against it. And right now we don't And the problem with that is to bring in. Defense creates a lack of privacy For lack of a better way to put it but to try and put up those barriers to try and put geopolitical barriers on Internet. Is it does work. We know it doesn't work. There is a responsibility. I believe by the government to provide some sort of protection. What that is. I'm not sure yet. What about coming at this from the other direction? I I think These days particularly with ransomware attack sometimes You'll see organizations who've fallen victims of these things will they'll stand in front of the microphone in the cameras and they'll throw their arms up and they'll say well there's nothing we could do. This was a nation state attack. And it's sort of if nothing else. It's a rhetorical. Get Out of jail. Free Card Yeah It's a tough one. It is very much a telephone because a nation state attack is not predicated on making money. Right ransomware Or typical ransomware. Where they're looking to get bitcoin out of it and make some money out of it. That's an economic ground. And if you stop paying ransomware ransomware goes away because it's no longer profitable so it is a bit of a get out of jail free card because if the if someone points back and says hey nation state attack will what can I do. I think eventually that's going to wear thin. I think we're going to have to start looking at ways to protect people and that's ultimately I think what it is because they need the people. They need those user identities they need to pass credentials. They need people to do things. So we're moving to a place where I've for a long time. Said there's no longer a work life balance their simply balanced life because a mobile phones because of telecommuting companies are going to have to start finding ways to extend the security that they have at the office to the person not to the building not to the physical location but to the person always at all times because even that person that works in. The factory is going to have a mobile phone. They're going to walk into the factory with the mobile phone. And unless they're dumping them off at the door and Verde gating caging place. They're walking in there with electronic device. That is a potential attack point. So they're going to have to find ways to start extending it and I think it will become a business or an enterprise Piece almost like a benefit. Like Kinda like insurance you know. We're we're giving you insurance to help you with your health. We're giving you dental insurance and vision insurance and we're going to give you digital security. We're GONNA SOMETHING. There'll be a way of form of doing that. We see that companies like Z. Scaler that that do the always on. Tak- with wherever you go but I think it will go beyond that it'll get to a point where there's a balance is different profile because everybody has different identities. Everybody's got a work Dandy. They've got personal entity probably have two or three personally entities. I think we're going to start seeing these enterprises in an effort to protect themselves. Extend the protection to their individuals at all times. That's bill harm from secure off. Criminals continue to use corona virus stories as fish bait in a tax on businesses. The Wall Street Journal writes citing research by proof point sometimes the approach is straightforward fishing as it is in cases of a bogus email purporting to originate with the World Health Organization. At other times it can involve business email compromise as in cases that show phony invoices for large purchases of face masks from medical supply companies. It's an international problem for observed in Japan. According to Reuters even Russian President Putin is taking note and blaming foreign rumor mongers and similar assorted no good knicks. Russia's Internet Authority Russ comments or has been blocking bogus stories on E. Kentucky and facebook the Super Tuesday primaries in the US went off without hacking or evidence of effective disinformation and Bloomberg reports that NSA Director Nakasone told Congress yesterday that superior preparation on the defenders part made the difference. He compared this week smooth defensive performance to what he saw in two thousand eighteen. The two thousand eighteen midterm elections didn't go off badly but in comparison to this week's operation the twenty eighteen security measures were general. Nakasone said like a pickup game out. In the Golden State Los Angeles County did stumble badly with its new voting machines. Long delays induced by malfunctioning machines produced. What the Los Angeles Times called in ugly debut for the county's new three hundred million dollar voting system and quote voters are reported to have been standing around the polling places for two hours or more while poll workers tried to get the machines running or else get back ballot into the voters hands other election. Authorities who have adopted similar devices are reviewing their plans. The problems in and around the city of angels were it should be noted the result of technical and organisational mishaps mistakes not the work of hackers or other meddlers executives from Nokia and Ericsson the European hardware manufacturers the US government has suggested would be attractive and more secure alternatives to China's waterway expressed their support this week for US laws. That would push the Chinese manufacturer out of Five G. Infrastructure The Washington Post reports while way executives also attended the hearings on their own but weren't invited to testify while always preferred solution. They say is transparency on everyone's part and the company's executives believe that a fair reading of everything they've done for security would set. Everyone's mind at ease and speaking of Alway- Reuters reports that yesterday in attorney for the company entered a plea of not guilty to racketeering charges at an arraignment in a US District Court in Brooklyn New York. The company also said they might have to ask for delays in the proceedings as the corona viruses. Making it difficult for their legal staff to travel the racketeering charges are directly related to the company's alleged theft of intellectual property from US firms. And now a word from our sponsor observed a proof point company the greatest threat to businesses. Today isn't the outsider trying to get in. It's the people you trust the ones who already have the keys. Your employees contractors and privileged users sixty percent of online attacks carried out by insiders to stop these insider threats. You need to see what users are doing. Before an incident occurs observe it enables security teams to detect risky user activity investigate incidents in minutes and effectively respond with observant. You'll know the whole story. It your free trial at observant dot com slash cyber wire that's observed dot com slash cyber wire and we thank observant for sponsoring our show and joining me. Once again is Mike Benjamin. He's the head of Black Lotus labs at centurylink. Mike it's always great to have you back You and your team have been doing some research on Nanna core and you've got some stuff you want to share with us today What do you have for us? Yeah thanks Dave. So non-core a as many people wear it's somewhat commodity rat and has many of the remote access Trojan features you'd expect key loggers Password stealers file X. Fill on nothing. Really particularly unique in that space are feeling was recently that a lot of folks have dropped off their visibility into it because most desktop Manta virus does a really good job of checking the binary install and stopping it however what we like to do is go hunt these things in a more Internet wide scale and we found a pretty wide install base of people both trying to deliver and having it actively installed with call backs across the Internet. So what we went and did is ultimately try to validate whether running how they're running and then look for the install base. Of course you know. We like to notify people there infections but really the the messages that Nanna Corazza rat is not something that we should be ignoring. There's always a hosted infrastructure. That does not have that. Adequate update does not have that adequate. Catch an employee's out how to bypass anti virus or somebody's home doesn't have an installed and so things like non-core other rats really are still a threat for stealing information from people on a day to day basis and is there any particular sector that they're focused on so is interesting. The install base that we saw was heavy across broadband providers Funny enough the two biggest broadband providers were in the US Russia But also you know big populations of people in both those places and so our belief was that they were targeting more people on the smaller end of the business spectrum larger businesses. Doing a better job. At protecting these things as well as some home users looking to be more opportunistic around US impossible to banking sites and other things. So what are your recommendations for folks to best protect themselves against non-core realistically Best Practices. Make sure that you've got some sort of endpoint agent locking things from running. That shouldn't be running or even being on the file system. That shouldn't be there. Nancy thankfully is relatively easy to protect from that perspective. But also don't click links. Don't download things nothing particularly sophisticated from a protection perspective. I will note one interesting thing that we found. During the analysis a really odd statistical concentration of communicable called back to Nigeria and so ultimately looking at the geography of where you've got traffic going can really yield some interesting things and just about any environment. Yeah that is interesting all right. Well Mike Benjamin. Thanks for joining us. And that's the cyber wire for links to all of today's stories. Check out our daily briefing at the cyber wire dot com and for professionals in cybersecurity leaders. That want to stay abreast of this rapidly evolving field sign up for cyber wire pro. It will save you time and keep you informed look for us on your Alexa Smart Speaker to thanks to all of our supporters for making cyber wire possible especially supporting sponsor observe it approved point company and the leading insider threat management platform learn more at observant dot com cyber wire. Podcast is proudly produced in Maryland out of the startup studios of data tribe. Where they're co- building the next generation of cybersecurity teams and technology are amazing. Cyber wire team is Peru precaut- Stefan vizier. Kelsey bond. Tim No Dr Joe Kerrigan Carol. -Tario then Yellen Nick Veliky Gina Johnson. Bennett Mo- Chris Russell. John Patrick Jennifer Ibon. Rick Howard Peter. Kilby and I'm Elliot peltzman filling in for regular host Dave bittner. We'll be back tomorrow as always thanks for listening.