BEC attack pulls millions from car parts company. Wikipedia DDoS. NERC and FERC on grid hacking. Trolling Pyongyang. Mike Hammer goes to the DMV.
Hey everybody Dave here with a quick reminder that if you enjoy our podcasts there are a number of ways you can help support us you can't of course contribute directly via our the Patriots page and we thank all of you who continue to do that. You can let our sponsors no you heard about them on the cyber wire which helps them know they're getting good value from their ads and you can help spread the word to your friends and co-workers to introduce them to the cyber wire and share that it's something you consider a valuable part of your day we do appreciate all of the support and here's today's show a big email scam extracts more than thirty seven million dollars from a major automotive parts supplier supplier wikipedia suffers diaz attack in Europe and the Middle East Nurk and Burke get to work through may really be bill bug and that's attribution not Kamala Devi was. US Cyber Command trolling North Korea on the DPRK's National Day and what does the Department of motor vehicles do with all the data they collect on drivers drivers in some US states. It seems they sell it to private is. It's time to take a moment to tell you about our sponsor. Recorded future record futures the Real Time Threat Intelligence Company whose patented technology continuously analyzes the entire web developing cyber intelligence that gives analysts unmatched insight into emerging threats at the cyber wire we subscribe to and profit from recorded waited futures cyber daily as anyone in the industry will tell you when analytical talent is scarce as it is today every enterprise owes it to itself to look into any technology that makes your security teams more productive and your intelligence more comprehensive and timely because that's what you want actionable intelligence sign up for the cyber daily the email and every day you'll receive the top trending indicators recorded future captures crossing the web cyber news targeted industries threat actors exploited vulnerabilities malware unsuspicious. Ip addresses subscribed today in stay a step or two ahead of the threat go to recorded future dot com slash cyber wire to subscribe for free threat intelligence intelligence updates. That's recorded future dot com slash cyber wire and we thank recorded future for sponsoring our show funding for this cyber wire podcast is made possible in part by bug crowd connecting organizations with the top security researchers pen testers and white hat hackers. Akers in the world to identify ten times more vulnerabilities than scanners or traditional pen tests learn more about how their award winning platform provides actionable insights like remediation the advice to help fix faster while methodology driven assessments ensure compliance needs are met at bug crowd dot com from cyber wire studios studios at data tribe. I'm Dave Vitner with your cyber wire summary for Monday September ninth twenty nineteen at the end of last week Toyota Sukkot Corporation and automobile component manufacturer and a member of the Toyota Group disclosed that a European subsidiary lost more than thirty seven million dollars allers when it fell for a business email compromise attack the incident itself took place on August fourteenth Toyota Bush Aku has said in its disclosure that the loss occurred when the company followed quote fraudulent payment directions from militias third party end quote the loss was a heavy one and it highlights the risk of business email email compromise even to well established companies that can be expected to have sound procedures in place little more than these bare facts are known at this time. Toyota Bush Aku says it's inhibited from saying more because of its participation in the ongoing police investigations it does say it's working to recover the funds its subsidiary lost and asks for everyone's understanding. Its decision not to offer more information. At this time also over the weekend end wikipedia sustained a cyber attack that took it offline and several countries computing caused the outage the result of a large distributed denial of service attack affecting affecting Europe and the Middle East the wicked media foundation said Saturday that bad faith actors of the sort it tends to attract where responsible wikipedia is working to restore normal operations the foundation declined in its post to speculate about attribution the North American Electric Reliability Corporation Russian Newark an industry group has released a report on the March Fifth Twenty nineteen incident that affected the US power grid according to Ian E. News this this cyberattack generated the first formal report of a cyber incident from the utilities to the Department of Energy Nurse Report of lessons learned downplays the severity already of the attack as affecting a low impact control center and it cites basic lapse in Cyber Hygiene namely failure to patch a firewall as the enabling enabling 'cause nurk recommends that utilities follow a set of familiar best practices patch management network segmentation network monitoring and so John Coincidentally or not the Wall Street Journal observes that the Federal Energy Regulatory Commission Firkh a US government regulatory body is considering wondering revising its rules to include public identification of electric utilities that failed to follow rules designed to ensure the grids physical and cybersecurity cyber scoop reports that semantic thinks a recently discovered Chinese government hacking group three P- may actually be another manifestation of the long active Bill Bug or Lotus blossom unit th rip like Lotus Blossom has concentrated on military organizations. It's also particularly interested did in satellite communications media and education targets. The geographical focus has been Southeast Asia. What is trolling. It's the word with a complicated history. It's root meaning is a technique of fishing from a slow moving boat often with multiple hooks it came to be used in the nineteen nineties as a description of certain forms of online behavior designed to elicit a response from people looking at the Internet soon people who trolled that is the people who tried to engage others with distracting often off topics posts or comments came to be known as trolls because trolling sounded like something mythical. We'll Scandinavian beings might do maybe from beneath a bridge so would trolling count as a kind of information operation well shore why not at US Cyber Command seems to have been trolling Pyongyang by releasing samples of DPRK malware on North Korea's national holiday axios thinks so anyway September ninth which is today on the Baltimore side of the International Dateline but yesterday on the Non Jew side is the day of the foundation of of the republic. It's a big day in the DPRK like the fourth of July in the United States only with more flag teams and rhythmic applause than fireworks and grilled hot dogs. We should note that the North Korean government has been telling the rest of the world that contrary to the slanders being mouthed by the Yankee puppets on the UN Security Council. They don't hack stuff or rob banks or Jackpot. ATM's or any of that stuff at any rate between midnight and one in the morning yesterday Cyber Command Dan released some Hidden Cobra Code for the benefit of researchers axios. Ask them if the timing was deliberate if they were messing with Mr Kim's head cyber the command said in effect no comment quote we do not discuss details about the malware samples in C. N. F. Team Posts and quote is how they're a public affairs. Representative put it in a statement that doesn't even amount to a non denial denial as one tweeter observed. It's old stuff and at this point on this day cyber command is just being mean on the other hand couldn't happen to a Nicer Guy Right Mr Kim and finally finally what do departments of motor vehicles do with all that information they collect about drivers in the US and elsewhere driver's licenses can amount to a de facto national identification system and the DMV asks a lot of questions about you a recent visit by one of our people to the DMV on the north side of Baltimore this weekend required birth certificates marriage licenses W to tax forms a recent credit card statement and a recent utility bill which is quite a grab bag up p I so so what do they do with all that stuff. Make sure you're you of course for one thing but according to an investigation published by vice a lot of state. DMV's are selling doing the data to third parties for some serious dough enriching the state coffers to the tune of tens of millions of dollars. WHO's buying some of the purchasers strike drag vice has more or less legit like towing outfits and insurance companies others however seem as vice puts it more nefarious notably private investigators gators and unlike Philip Marlowe. These shoes are happy to do. Divorce work several of the DMV's told reporters that they drew the line at selling the photos does on the licenses. We've got that going for us. Guests and now a word from our sponsor observe it the greatest threat to businesses. Today isn't the outsider trying to get in. It's the people you trust the ones who already have the keys. He's your employees. Contractors and privileged users sixty percent of online attacks are carried out by insiders the stop these insider threats who need to see what users are doing before an incident occurs observant enable security teams to detect risky user activity investigate incidents in minutes and effectively respond respond with observant. You know the whole story. Get your free trial at observant dot com slash cyber wire. That's observe. The letter is the letter T. dot com forward slash cyber wire and we thank observe it for sponsoring our show and joining me once again is Joe Kerrigan. He's from the Johns Hopkins University Adversity Information Security Institute also my co host on the hacking humans podcast Joe Great to have you back hi. Dave <hes> got an interesting story <hes> from the verge and this is about got an update that Google made to g mail for IOS users right what's going on here so what they've done a finally given <hes> Djamil users on IOS the option of blocking images from being loaded when you open an email K. is this some you're an android us. Something you could have already had that capability ability over on planet android. It would seem so okay until the story came across. I didn't <hes> didn't change the settings <hes> but I was able go in and quickly change the settings for all my accounts now. It's account per account basis so the setting is attached the account not your g mail client general. I say take like five G. Mail accounts on my phone right what was interesting is in the article. It says that <hes> Ios for g mail users will now let that you do it but if you use G. Suite you cannot block images from loading right so the corporate users corporate users cannot can't do it can't do it but corporate users can do it on. I android because <hes> I have a corporate email account from G. Suite on my phone. I was able to to change the setting for loading images on loading the email. Now let's review here ear. What's the significance of being able to turn off loading images okay so there's actually a a privacy insecurity risk with this somebody can attach or put in in bed in the html of an email <hes> because now h. for years now for decades now e mail has been using html. I can create a unique file name for every email I send out and have that file loaded. When someone opens the email and the html engine of either the email client or the web page <hes> notices that there is a link for an image it goes and it requests the the image but because it requested an image with a unique name I know who has open that email when they opened the email and actually know where they are so this is the whole tracking tracking pixels tracking things right so very small white image that you'll never see an island? I opened an email in my email client. This tracking Pixel gets summoned right and you know that I've opened the email correct right now. I actually have a plug in for <music> chrome that I use that blocks tracking pixels. It's called ugly email arena hugli email and <hes> one of the things I like about it is that it puts. It's up a little icon next to messages that contain tracking pixels so it knows before you open it correct correct and one of the things Xilai about this. Is that <hes> it just. lets me know who's trying to track me. That's good information to have. I think it is it is and it's very interesting. Yeah I mean obviously you know I hear at the cyber we get lots of e mail from PR folks. Pr Folks Love to know if you've opened their emails so <hes> <hes> you know in this also blocks that so they don't know if you've opened their emails or not so <hes> you know that can be helpful so yeah interesting. It's it's a good party. <hes> a good third party solution on your web browser. But what about your phone now Google's allowing you to do this on <hes> on your Google Account your g mail accounts but not in your G. Suite counterfeit need to go ahead and allow users to go to do this as well all right well. It's good capability <hes>. I guess I could say what took you so long but I'll say gee. I'd like to know yeah I can do it on my android phone but it seems like it's a fairly simple affects yeah all right well good to know and this is this is something you think concerns you <hes> definitely worth going in and checking those settings. Maybe it's something you want to turn on all right Joe Kerrigan. Thanks for joining US pleasure. Dave and that's the cyber wire. Thanks all of our sponsors for making the cyber wire possible especially are supporting sponsor observed the leaving insider threat management platform learn more at observant dot COM com. Don't forget to check out the grumpy old GEEKS podcast where I contribute to a regular segment called security. I joined Jason and Brian on their show for a lively discussion Russian of the latest security news every week. You can find grumpy all geeks where all the fine podcasts are listed and check out the recorded future podcast which I also host the subject. There is threat intelligence and every week. We talked to interesting people about timely cybersecurity topics. That's at recorded future dot com slash podcast the cyber wire wire podcast is proudly produced in Maryland out of the startup studios of data tribe where they're building the next generation of cyber security teams and technology are amazing using cyber wire team is Stefan Zero to make a Smith Kelsey Bond Tim no Dr Joe Kerrigan Carol -Tario Nick Valenti Bennett Mo- Chris Russell John John Patrick Jennifer Ivan eater kilby and I'm Dave Bittner. Thanks for listening. We'll see you tomorrow <music>.