US Executive Orders against TikTok, WeChat. Chimera takes chip IP. Intel data leaked. Texting Rewards for Justice. Coordinated inauthenticity. Magecarts homoglyph attacks.
Everybody Dave here with an exciting announcement. We are pretty thrilled to tell you about the launch of our new newsletter. It's called creating connections and it's focused on connecting women in the cybersecurity field all across the globe. The official launch date is August third and we will continue publishing monthly on the first Monday of every month brought to you by the women in the industry our very own ladies here at the cyber wire, you are invited to join our League of Cyber Women and create lasting connections learn more and subscribe at the cyber wire dot com slash CC subscribe. That's the cyber wire dot com slash CC subscribe. President trump issues, executive orders, restricting TIKTOK, and we chat in the US. A Chinese AP. T has been active in industrial espionage against Taiwan semiconductor. Industry Intel sustains a leak of sensitive company intellectual property rewards for justice communicated to Russian and Iranian individuals by text message who were naked in authenticity from Romanian actors. Probably, criminals made card moves to Hoaglund attacks Craig Williams from Cisco, Talos on ransomware campaigns making use of maize and snake malware. Our guest is Monica Ruiz from the Hewlett Foundation Cyber, initiative on the potential for volunteers, cyber workforce, and sorry meade there are limits to telework. and. Now a word from our sponsor extra securing modern business with cloud native network detection and response. The massive shift to remote work has the reality of work on its head with cloud and multi cloud adoption comprehensive visibility is more important than ever but in order to protect your business, you need more than unified visibility you need intelligence response workflows. So teams can collaborate easily an act quickly. Extra hop helps organizations like wizards of the coast detect threats up to ninety five percent faster as John crease senior it engineer puts it quote extra hop is helping US accelerate cloud adoption by ensuring our workloads our secure. See. How it works in the full product demo free and no forms required at extra hop dot com slash cyber. That's extra hop dot com slash cyber, and we thank extra for sponsoring our show. Funding for this cyber wire podcast is made possible in part by last pass. Last passes an award-winning security solution that helps millions of individuals over seventy thousand organizations navigate their online lives easily and securely businesses can maximize productivity while still maintaining. Strong security with last pass. Last past can minimize risk and give your it team up breakthrough integrated single sign on password management and multi factor authentication solution. From the cyber wire studios at data tribe I'm Dave Bittner with your cyber wires summary for Friday August seventh twenty twenty. US President Trump yesterday issued two executive orders that impose new limitations on Chinese own social media, APPS Tiktok, and we chat. We chat is a subsidiary of ten cent tick tock of Bite dance and both parent companies are mentioned in the orders. The Wall Street Journal summarizes the effect of the orders as prohibiting anyone in the United States or subject to US jurisdiction from conducting transactions with the owners of the two services, the ban will become effective forty five days from the date of the executive orders, which unless we've miscounted puts the deadline on September twentieth. This could prevent US citizens from downloading the APPs from such sources as Google play or the apple store, and also puts a deadline on Microsoft's possible acquisition of Tiktok. Both executive orders stated as an official finding that quote additional steps must be taken to deal with the national emergency with respect to the information and communications technology and services. Supply chain declared an executive order thirteen, eight, seventy, three, of May Fifteenth two, thousand, nineteen securing the information and communications technology and services supply chain and quote. Both of the APPs represent a threat because they automatically capture vast amounts of information from their users and the data they collect are in principle accessible to the Chinese Communist, party and Chinese government intelligence. Both social platforms, the orders say actively censored domestic dissent in China and TIKTOK has been active in spreading covid nineteen disinformation on behalf of the Chinese government. The order affecting we chat in aside sites restrictions, India, and Australia have placed on the APP as an indication that the US isn't alone in seeing a problem with Chinese data collection practices. The Secretary of Commerce will be in charge of implementation and enforcement. TIKTOK which has moved data formerly held in US servers to servers in Ireland objected to the executive order in a strongly worded statement issued this morning the company sees what it views as a lack of due process. As most objectionable quote we are shocked by the recent executive order which was issued without any due process for nearly a year we have sought to engage with the US government in good faith to provide a constructive solution to the concerns that have been expressed. What we encountered instead was that the US administration paid no attention to facts dictated terms of an agreement without going through standard legal processes and tried to insert itself into negotiations between private businesses and quote. The statement also includes an explicit denial of the specific accusations of the order quote we have made clear that Tiktok has never shared user data with the Chinese government nor censored content at its request and quote. And of course, the statement urges all of the American users and creators who've been engaged with Tiktok to write their elected representatives. We've found no comparable statement from we chat. At black hat yesterday researchers at security firm site craft described Chinese Government Threat Group CHAMARA that successfully targeted Taiwan semiconductor industry, or pillaged. The industry as wired puts it. Their goal was source code, chip designs, software development kits, and similar intellectual property. Sight craft calls the action against chip manufacturers operations skeleton key after its use of skeleton key injector, which implanted a skeleton key into domain controllers, servers to enable persistence and continuous lateral movement. Its ability to make direct SIS calls enabled it to bypass security systems additionally by making direct six calls the malware could bypass security systems dependent on API. The operators principal remote access Trojan was cobalt strike used to establish a back door into victim systems for exfiltration trump uses what site craft called an old and patched version of Rar. There was also a significant loss of Ip from California based Intel Company has suffered a breach that costed twenty gigabytes of sensitive corporate intellectual property from Intel x confidential lake cyber scoops says Intel's investigating but that a corporate representative said quote, we believe in individual with access downloaded and shared this data in quote. The data dump was announced in a tweet by an IT consultant who goes by the handle tilly thirteen twelve Katamon Hashtag blm. Tilly Thirteen twelve cotton blm software engineer based in Switzerland has some role in the incident discoverer leaker security researcher or middle person. But exactly what is in clear according to ars? Technica Tilly Thirteen twelve Katamon promise that there would be more leaks to come. Security Week says that the same person has been connected with other earlier leaks proprietary source code from well known companies including Microsoft Adobe Disney and Nintendo to name a few. Most of the information, tilly thirteen twelve Kauffman said comes from improperly configured or exposed devops infrastructure. Much of the incident has called the material lost classified or confidential or secret. Some clarification is in order the information is corporate proprietary and sensitive, but not apparently classified in the formal governmental sense. The US State Department reward being offered for information concerning attempts to hack US elections has been communicated in some surprising places. Reuters reports the text messages communicating the offer and linked to rewards for justice have been turning up in Iranian and Russian devices who sent the texts isn't clear but there speculation that the messaging was done on behalf of the US government US cyber, command referred writers to the State Department and State, had nothing to say. According to The Washington, Post facebook has disabled a Romanian network that was sending authentic messages expressing implausible support for president trump one would have to be naive indeed to uncritically swallow report that former President Obama and former first lady Michelle Obama had thrown their wholehearted support to the reelection of president trump. The motivation is as likely to be financial fraud as it is influence. malware bytes, reports, and ongoing series of Hamas attacks, which substitutes similar characters into familiar domain names. The activity appears linked to major cart and it shows the gang evolving to take advantage of similarities among Turkish, Cyrillic and other international character sets with the to us more familiar Roman letters. And finally as remote work increasingly looks likely to become an important part of the new normal. The US National Security Agency has said that it's expanding its telework capabilities with the twenty twenty one adoption of. Microsoft. Office three, sixty, five to support unclassified work FCW. Reports. But to rumors that NSA is going to open up its top secret cloud to remote work the agencies Ao Gregory Smith Berger said No. That's just not a thing and why not? Because come on friends, there's just some kinds of work that you can't phone in. And now a word from our sponsor, observe it with distributed workforce becoming the new norm. Many organizations are forced to learn how to manage mission critical functions remotely, which brings a unique set of insider threat challenges to the four whether it's careless users, disgruntled employees or third party contractors. Insiders have access to sensitive data on networks that are likely less secure, introducing new risks to. Your Business. To protect against these new threats proof points observant insider threat management solution empower security teams to identify user risk protect from data exfiltration and accelerate incident response. So you can better protect your organization from insider risk get your free trial at observance dot com slash cyber wire that's observe it dot com slash cyber wire and we thank observe it for sponsoring our show. My guest today is Monica Louise. She's a cyber initiative and Special Projects Fellow at the William and Flora Hewlett Foundation who are financial supporters of the cyber wire. Our conversation explores the notion of a common volunteer cyber workforce. The idea that citizens with expertise and cybersecurity could volunteer or be called upon to respond to cyber incidents much the same way of volunteer firefighter brigade functions some suggest it could be modeled after the old merchant marine where civilians with specific expertise could be temporarily called in by their government to support the common. Good. One of the things that I often time say when I explained this constant cyber volunteer units, the fact that they are complex challenges in Cyber Defense. So you know, we have resources and talents constraints in the public sector, we have competitive private sector salaries that impede government recruitment, retention, and we have four cyber hygiene or awareness in our societies, and so all of those realities that have existed for years have really brought to bear the need to integrate outside talent into public sector cyber defense. You know when I think about volunteer organizations in communities, there's. Several things that come to mind. I think of volunteer firemen I, think of things like the National Guard, which isn't a volunteer necessarily but I, also think of things like the the ham radio operators who come in times of say there's a hurricane or something like that they they step up and provide communications are are any of those models along the lines of the possibilities here with cyber. Yes, I think. So Dave and just to add two more models to that for example, we have the the seventeenth century. US minute right were civilian colonists who formed militias during the American Revolutionary War and there were known as being ready at a minute's notice or you have the civil air patrol that was created in nineteen forty two. That was initiated by roughly a hundred and fifty thousand aviation enthusiast who convinced the government to incorporate the formerly and so all the models that you just made reference to in these to pass examples that I just said really goes to the to the root of all this, which is you know someone. Need to serve their country and appealing to someone sense of duty and I do think that applies in cyber context if you are an individual that has the skill sets and you want to help. There needs to be a way to allow you to do that and I. Think an example of that was, for example, in two thousand, twelve falling hurricane sandy more than nine hundred people from New York startup community signed up to coordinate efforts online but a lack of a framework really prevented them from getting involved and being more affected than their efforts and so I think the overlying. The common denominator in all of the examples we just made reference to is appealing to someone sense of duty and building the infrastructure for them to be able to be operationalized for the good. Are there any examples out there of communities that are already doing this some some good samples that you can build on sure and so I. Really extensive we about the Estonian Defensive Cyber Defense Unit. So that's more of an international model but it's probably best to to highlight some of the models that have already been put in place in the US context, and so one of the earliest ones that I found that shares many similarities with the Estonian Defensive Cyber Defense Unit is the Michigan Cyber civilian, corps that was created in two thousand thirteen and this model is essentially A. Group of train civilian technical experts who volunteer to provide rapid response assistance to the state. Of Michigan in the event of a critical cyber incident and its mission is essentially to provide mutual aid in the event this incidents at all levels of government education and business organizations, and so that's one of the models that has really informed what other states are doing You also have the Ohio Cyber Reserve which was created in two thousand nineteen, and what was interesting about Hieaux oh did is that they set up the Cyber Collaboration Committee to determine what the state needed in were improve it cybersecurity training. And it was interesting because this mapped the current cyber security gaps in the state so that then the Ohio cybersurfers can can help serve as an extended response capability to fill those gaps. Can you point us in the direction of some resources if folks want to see what's available in their community or take a leadership role, try to get things started a good place for them to find out how to go about doing that. Sure So I would recommend individuals to contact their national guard offices. One of the issues that I've been researching is. Essentially, having the national guards serve as that vehicle that integrates outside talent given that it's uniquely positioned to do so because it has dual constitutional authorities and so I've seen a couple of states start using their national guard to start building these modeled. So depending on what state you're in contact, your National Guard learn whether they are also exploring these options and how you can get involved. Cyber threats are ongoing and increasing specially as Kobe forces, everyone into virtual settings, and so the three takeaways that I would love to leave everyone with one. To tap into diverse civilian talent. Second is that we need to find a way to integrate that talent for societal benefit and third is that we need to focus on the long term of these efforts. So training and cyber education and I do think cyber civilian units are uniquely positioned to address those three needs that just lead up. Our thanks to Monica Louise From Hewlett Foundation for joining us. There's an extended version of our interview available on cyber wire pro check out on our website, the cyber wire dot com. Everybody Dave here. As you know, we've been fortunate to have build a pretty influential audience over the years security leaders across the globe trust us and depend on us every day to deliver the news and analysis they need to do their jobs. And that's also why so many top security companies and hot startups trust us to connect them to the decision makers and influencers to help get the word out about their brand and fill their sales funnels. We've got lots of great sponsorship opportunities that can help you get the word out to. Just visit the cyber wire dot com slash sponsorship to learn more and connect with us. That's the cyber wire dot com slash sponsorship ex. And pleased to be joined. Once again by Craig Williams, he is the head of Talos outreach at Cisco Craig always great to have you back you and your team have been tracking some ransomware campaigns that have been making use of. The maze and the snake malware can you give us some insights? What's going on here? Yeah. So this is just one of the trends that are I are team has been tracking. You know across the Internet Cross data that they have ability to monitor, and it's it's something we became more and more concerned about due to the recent pandemic because we know a lot of people are working from home. Right, and so just a to the meat of it. Really what's happening is we're seeing attackers compromised systems, but instead of immediately deploying ransomware many are doing reconnaissance waiting. And if you think about it does make some sense rate if you think about. The way businesses are right now they may have security on the endpoint or limit the things at the end points can access. However, you know maybe in thirty days six months, ninety days. They may go back into the office they may reconnect those machines they may remove some of the security restrictions to help business, and so these attackers are not just immediately to point ransomware there some additional reconnaissance they're collecting credentials, they're collecting data, and then you know thirty days in the future or whatever you whatever flu attackers both there then deploying pointing the ransomware and then ensuring that can cause the most damage possible. That's fascinating. So the notion being here that if I'm able to hit your computer while you're working at home, let's say your laptop at some point odds are you may. Go back to the office reconnect to that corporate network is that is that what we're tracking here well, that's our concern right This isn't necessarily a new thing, but we're definitely seeing an increase of it. Now, that could be due to the fact that. Kobe nineteen Louis or to simply more effective. Right. That could account for it, but I'm also concerned with the attackers could be making more of a push towards getting into those. Data centers a little bit more effectively by collecting more information ahead of time, and so I think this is something that we need to make sure that our teams and security response teams are looking for you know look for people compromising the points. Assume. Credentials may be compromised a little bit more often than usual maybe even up your rotation a little bit. If you have the ability to do that, you know it's definitely something people need to worry about and if you don't have visibility onto the employment at something you need to start considering. Does does this reflect a an increase in the professionalism of these actors this? Their ability to to have more patience here to to bide their time. I think it does you know I don't know that that's necessarily a recent thing I think this has been going on for a while but I think the way that the lures are becoming more effective. The way that users are working from home. The way that security policies may have to be modified to facilitate working from home are definitely going to combine to make industry more vulnerable. So, as folks planning for their workers who come back to the office to re-engage to plug those systems back in connect to that corporate Wifi, what sort of things should be top of mind why segmentation is key right if there's no reason for users to be able to connect to certain machines that are sensitive, right like your backup servers don't let them right setup the access restrictions you need to prevent that from happening and even go one step further and try and make sure you have visibility into what's going on in the points. All right. Well, Craig. Williams Thanks for joining us. Thank you. And that's the cyber wire. Or links to all today's stories. Check out our daily briefing at the cyber wired dot com and for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field sign up for cyber pro. It'll save you time and keep you informed listen for us on your Alexa Smart Speaker to thanks to all of our sponsors for making cyber wire possible especially are supporting sponsor proof points observant the leaving people centric insider threat management solution learn more at observe it dot. com. Don't forget to check out this week's research, Saturday and my conversation with Kareem Logic and Johanna. So Rick from the Sans. Technology Institute, we're going to be talking about their research on the cyber bunker criminal gang. It's a fun one that's research Saturday. Check it out. The cyber wire podcast is proudly produced in Maryland out of the startup studios of data tribe were there co building the next generation of cybersecurity teams and technologies are amazing. Cyber wire team is Elliott Peltzman Peru precaut- STEPHENVILLE's Eerie Kelsey Bond Tim no Dr Joe Kerrigan Carol -Tario Ben Yellen Veliky Jana Johnson. Bennett. Mo- Chris Russell John Patrick Jennifer Ivan Rick Howard heater kilby and I'm Dave Bittner. Thanks for listening. We'll see you back here next week.