27 Burst results for "zero day"

Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers

The Vergecast

46:42 min | 2 weeks ago

Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers

"Everybody from the British. Ask this week's interview. Episode has any Greenberg senior writer at wired. He just SORTA book called Sand Worm New Era of cyber war in the hunt for the Kremlin's Miss, dangerous hackers, it is all about hacking group inside of the Russian government called San Worm. They were responsible for the most damaging cyber warfare attacks over the past year there behind not PECI. The hackers took out in the mayor shipping line hospitals across the U. K San has totally escalated. What we think of Cyber War, and he's book gets all into how they were discovered how they were flushed out the. The intricacies of these various hacks. It's super interesting. The book is a thrill ride. If you're looking for something that isn't the virus. This is like a thriller, a highly recommended. It was really fun to talk to her about the stuff. one thing I. WanNa know we're all at home so during this in every might hear some kids in the background. I asked you just be a little forgiving that we're all. We're all dealing with it and he was a great interview. Check Out Sandy Greenberg of sand worm, a new era of cyber war and the hunt for the Kremlin's most dangerous hack. Any Greenberg your senior writer at wired you're also the author of Sand Worm, new era of cyber war in the hunt for the Kremlin's most dangerous. Welcome glad to be here so even writing about cybersecurity frontier I think you just said two thousand six and writing about Cybersecurity, but this book sand worm as I was reading it. It seems like it's called the new era of cyber war. It seems like there's been a huge turn in sort of state-sponsored. Particularly Russians sponsored cyber attacks. How did you come onto that notion? How did you begin reading this book I'm I'm very curious how you see. See that turn happening well. In late twenty sixteen, my former colleague Kim Zetter she had been the one who really covered state sponsored hacking in cyber war stuff, but she left wired, and this was also at the time. When you know Russian hackers were meddling in the US election, they'd hacked the democratic. National Committee and the Democratic Congressional Campaign Committee and the Clinton Campaign, so my editors were really primes on face, mantra hacking all of a sudden, but what they? They really what they told me they wanted was a actually like a big takeover of the whole magazine. All about cyber war, but cyber war to me is different than those kinds of espionage election, meddling tactics so I went looking for no real cyber war story, which means to me like a actual disruptive cyber attacks, and as I looked around. It seemed like the place where that was really happening was in Ukraine not really in the US in fact maybe. Maybe what was happening in? Ukraine seemed to me like it was in some ways, the only real full blown cyber war that was actually occurring where Russian hackers were not just attacking the election which they had done, they tried this spoof the results of a presidential election, but they had also attacks media and destroyed their computers. They had attacked government agencies and tried to like destroy entire networks, and then they had turned off the power for the first time. In December of two thousand, fifteen, the the first actual blackout triggered by hackers, and just as I was look into this happened again the the effect, the seem hacker group caused a blackout this time in the capital of Kiev so I wince looking in Ukraine for this cyber war story that. Turned into a cover story for wired that kind of gave editors what they wanted, but then also kept unfolding This cyber war kept growing in scope and scale and. The original story written for wired was kind of about the fact that you could look to Ukraine to see the future of cyber war that will what was happening. There might soon spread to the rest of the world. And that is actually what happens to like just after we publish that cover story to same hackers released this climactic terrible cyber attack in Ukraine. Called Not Petiot that spread beyond Ukrainians became the worst cyberattack history cost ten billion dollars, so when that happened, that was when I saw that there was potential to do a book about this that it was not just a kind of case study about Ukraine or even kind of predictive story, but a an actual full story arc about this one group that had carried out the what I would say was not only the first. First Real Cyber War, but the worst cyberattack in history and the you know I wanted to capture the the Ark of that story in the effects, the real experience of cyber war. Yeah, so the group is called sand worm in this is just one of the the sort of opening arcs of the book is how they've come. They come to be named this because references and code walk people through just like it's so. relatable that like even these hackers are using using this language that leads them recalled Sandwich Tell people about it. So when I started to look into the origins of this group after that second blackout attack I I found that this this company called eyesight partners which have been acquired by fire I I, said partners was the first to find these hackers in twenty, fourteen, basically using fishing in kind of typical espionage tactics, plant malware in the networks of typical Russian hacking targets like groups across Eastern, Europe and NATO in a look like what they were doing was just kind of typical espionage. They were planning. This by wear calls lack energy buds will first of all they could see that they were rushing, because they had this server that they were using to administer some of these attacks and they. They left the server, so anybody could look at it in. There was a kind of Russian language to file for how to use black energy on the service, so these guys seem like they were rushing, but even more interesting in some ways. was that they to track each victim each instance of black energy? This malware has little campaign code in each campaign was a reference to the science fiction novel Dune and you know so like one of them was something about Iraq is, and then one of them is about the sutter cars, these like imperial soldiers in in that SCI FI universe so I said partners named this group sand worm, because well just because it's a cool. Name associated with doing, but it turned out to me. It became this very powerful because a sandwich miss this monster that lies beneath the surface, and occasionally arises from underground to do terribly destructive things. partners didn't know that at the time, they they soon afterward realized what sand. was doing was not just espionage, but they were actually doing reconnaissance for disruptive cyberattacks. They were also hacking power grids. They were planning black energy, not only in the European Eastern European targets in the US power grid networks as well. The Ultimately Syndrome was the first twenty fifteen to cross that line in use black energy as the first step in a multi step attack that led to a blackout. So this was not just espionage really was kind of like you know this monster that rises from under the ground to do terrible acts of mass destruction that came to pass so one of the things that comes up over in the book. Is this growing sense of dread from security researchers and analysts? Oh this is an imminent threat to the united. States just Ukraine, but like this is happening here and then there's a sense that the United States actually open the door to this kind of warfare with stuxnet. which was an attack on Iran? How how did those connect for you that it seemed like there's a new rule of engagement new set of rules of engagement for cyber warfare that actually the United States implicitly created with with stuxnet by attacking Iran. Yeah, I mean I tried to highlight. Clearly sand worm are the real bad guys in the story, they are the actual hacker group that did these terribly reckless destructive attacks that actually in some cases put people's lives at risk, the kind of in some parts of the story they actually shutdown medical record systems and I. Think may have cost people's lives with cyber attacks today they are the actual antagonist here, but I also want to highlight the ways that the US government is is partially responsible for the state of Cyber War, and there are a few ways that that's true. I The US! Open the Pandora's box of cyber war with stuxnet. This piece of now where that. That was used to destroy Iranian nuclear enrichment centrifuges that was the first piece of our that actually have caused that physical disruption destruction, and we now see Sandra doing the same thing in Ukraine. In in fact, in some ways around the world, also the the US hordes, these kind of zero day, secret hacking techniques, some of which were stolen and leaked and used by sand worm, but then I think the in fact, the biggest way that I tried to highlight that the US is responsible or complicit or negligent. Here is that we did not call allows what Santorum was doing in Ukraine and say to Russia. We know what you're doing. This is unacceptable. Nobody should be turning out the lights. Two civilians with cyber attacks. There wasn't a message like that I. mean the Obama White House sent a message to Russia over this kind of cyber hotline to say your election hacking is not okay. We see what you're doing and we want you to stop, but they said nothing about a tube blackout attacks in Ukraine, and that was kind of implicit signal to Russia. They could keep. Keep escalating, and even as all the cyber security, researchers and Ukrainians were warning that what was happening to Ukraine, would soon spread to the rest of the world, the US government ignore this both Obama, and then the trump administration until that prediction came to pass and a sand worm cyberattack did spread to the rest of the world, and it was too late, and we all suffered globally as a result, so let's talk about patch it. WAS CATASTROPHIC IN SCOPE, right? It took out the mayor shipping line, which is a massive business. It took out some hospitals in UK like it was huge in scope. I don't think people really put it all together. Talk about how it started and how big it grew. Yeah, so not too was kind of like big apotheosis sandwich, where all of these predictions of the terribly destructive things they were doing to the rest of the world came to pass but it did it started in Ukraine. They hijacked this. The the software updates of this accounting software called me doc that is basically used by everybody in Ukraine. The quicken turbo tax of Ukraine. If you do business in Ukraine, you have to have this installed, so sanborn hijack the updates of that news to push out this worm to thousands of victims mostly in Ukraine, but it was a worm, so it's spread the mmediately end quickly kind of carpet bombs. The entire Ukrainian Internet's every computer at spread to would encrypt permanently. You could not recover the computer, so it very quickly took down pretty much every. Every Ukrainian government agency twenty two banks multiple airports for hospitals in Ukraine that I. could count and in each of these cases. What is eight took them down. I mean it destroyed essentially all of their computers, which requires sometimes weeks or months to recover from, but then as you know, this is a worm that does not respect national borders. So even though it was, it seemed to be an attack intended to disrupt Ukraine. It immediately spread beyond Ukraine's borders. Borders to everybody who had this accounting software installed? That was doing business in Ukraine and some people who didn't so that includes Maersk. The world's largest shipping firm and Fedex and Mondelez, which owns cadbury, NABISCO and ranking manufacturing firm that makes tylenol in Merck. The Pharmaceutical Company in New Jersey on each of these companies lost hundreds of millions of dollars. The scale of this is kind of difficult to capture but I in the book I tried to. To I focused in part Maersk because it is just a good company to look at because you can. They had this gigantic global physical machine that is they have seventy six ports around the world that they own as well as these massive ships that have tens of thousands of shipping containers on them. And I told the story of how on this day seventeen of their terminals of were entirely paralyzed by this attack with ships arriving with just. Piles of containers on them. Nobody could unload. Nobody knew what was inside of nobody knew how to load or unload them with around the world of seventeen terminals, thousands of trucks, Semitrailers, carrying containers were lining up in Lyons miles long because the gates that were kind of checkpoints to check in the these trucks to drop something off or pick it up. They were paralyzed as well. This was a fiasco on a global scale is responsible for a fifth of the world's lable shipping capacity. They were truly just a rendered brain dead by this attack, but yeah displayed out at all of these different victims MERC had to borrow their own each vaccine from the Center for Disease Control because they're manufacturing. Manufacturing was disrupted by this, and it ultimately spread to a company called nuance, nate speech to text software. They have a service that does this for hospitals across the US to dozens of our possibly hundreds of American hospitals at this backlog of transcriptions to medical records that were lost because of this, and that resulted in patients, being do for surgeries or transfers, other hospitals in nobody knew their medical records were updated. I mean this was scale where hundreds of hospitals each of which has thousands of patients missing changes the medical records. We don't know what the effects of that work, but very well could've actually harmed people's health. Our lives I mean the scale of not petty is very difficult to. Get your mind around, but we do know that you know monetarily cost ten billion dollars, which is by far the biggest number we've ever seen, but it also had this this kind of harder to quantify toll on people's lives, so it it you know you read about it at length and wired. Obviously these companies go down of ripples in mainstream sort of general press, but I don't feel like people really not like Oh. This Russian group called San Worms sponsored by the Russian government. Unleash this attack in it caused this cascading effect of failure and disaster cost in that because we know what we can attribute it to the government, our government. I don't feel like that connection got made for people. What is the gap between other as a hack and Oh, this is actually a type of warfare engagement, because that that connection seems very tenuous. I think for a lot of people. Even as sort of the more general mainstream press covers this stuff. Yeah, you know. I don't think that that's is just like the nature of. Of Cyber War I think that was a failing that that lack of connection is a failing on our government's parts, and on you could say even on the part of some of these victims like these large companies I mean I at the time did not pitch it happened. I was fully on the trail of standard within days. I was talking to cyber security researchers who? Who had piece together? Some of the forensics to show the not petiot was Sandra that it was a Russian state-sponsored attack in yet none of those companies that I mentioned mercker Mondelez or Maersk or Fedex, or any of them wanted to say the Russia had done this to them and know governments were talking about either like the Ukrainian government was. They're always willing to point. Point the finger at Russia, but the US government was not, and you know that to me seemed to be just kind of I mean I felt like I was being gas. Let's at that point. I had watched Russia due to Ukraine for a long time at that point tonight. I sort of understood that NATO in the West. We had this kind of cruel logic that. Ukraine is not us. Russia can do what it likes to Ukraine because they're not NATO not e you. They are Russia's sphere of influence or something I think that that's very wrongheaded, but at least it made sense. You know to have that that viewpoints, but now this attack had spread from Ukraine to hit American soil American companies in many cases and yet still the US government was saying nothing I just thought this was bizarre and you know so i. For months I was like. Trying to get any of these companies to tell the story of of their experiences, not Peta I was trying to figure out why the US government wasn't talking about the fact that this was a Russian cyberattack and ultimately I. Think it was I. think it was kind of I know partly disorganization negligence. I think it may have something to do with the fact that the. The? Trump administration doesn't like talking about Russian hackers for obvious reasons, but eight months after it took eight months ultimately for the US government to finally say not that it was a was Russia it was the worst cyberattack in history, and then a month later. The White House impose consequences in put new sanctions on Russia and response, but it took nine months and more importantly it took. Multiple years this without was the first time this was twenty eighteen, and the Russian cyber war in Ukraine had started around the fall of Twenty fifteen, so that's just incredible span of negligence when the US government said nothing about these escalating unfolding. Acts, of Cyber Award that there should have been unacceptable from the very beginning I mean these are the kind of quintessential acts of state sponsored cyber attacks on civilians, trying out the lights. You know that's the kind of thing that I believe that the US government should have called out and drawn a red line across at the very beginning took ears, so I do think it was a big failing. Of of diplomacy, it just seemed like that part of the problem, and this is kind of an expression is it's so hard to describe like if the Russian government sent fighter jets to America and live their support. Okay, like everyone understood, you can see it. You can understand what happened there. In the you know, there's like a however many decades of movies about how to fight that war. This is a bunch of people in a room typing. Like it there's just an element of this where the dangerous Oh federal where the attack is invisible, and while the effects might be very very tangible, the causes are still sort of mysterious people so. My question is who is sandwich. What what do we know about them? Where do they work? What are they like? Do we have a sense of how this operation actually operates? In some ways the the biggest challenge of reporting this book, and I spent essentially the third act of the book, the last third of the reporting of the book, trying to answer the question of who is in worm, who are these people? Where are they located? What motivates them and I guess to partially spoil the ending here. They are a unit of the year you. They are a part of Russia's military intelligence agency, which is responsible for you know, this is not a coincidence. They are responsible for election meddling responsible for the attempted assassination of You. chemical weapons in the United Kingdom they're responsible for the downing of a seventeen as commercial passenger jet over Ukraine were three hundred innocent people died on the G. R.. You are this incredibly reckless callous out military intelligence agency, but they act like kind of almost just cut through mercenaries around the world. Doing Russia's bidding in ways that are very scary, so I threw essentially like a combination of excellent work of a bunch of security researchers who I was speaking to combined with some confirmation from US intelligence agencies, and then ultimately some other clues from the investigation of Robert Muller into meddling all these things combined created the trail that led to one group within the JERE. You that were you know I? Eventually had some names and faces even address of this this group, and all that was actually only finally fully confirms After the book came out Justin in recent months when the White House finally actually was the State Department's. End as well as the UK on Australian and other governments together finally said yes, sand worm is in fact that this unit of the year you so this theory that I developed in positive near the end of the book was finally basically confirmed by governments just in recent months. So one thing that strikes me at that is I, think of the Russian military things. Gru is being foreboding being obviously, they're very very good at this other a buttoned up in then they have like a incredible social media presence that kind of POPs up throughout the book that distracts from what doing. They set up Gucci for two point Oh when they were doing the DNC hacks that fed to wikileaks in the. That account insisted it was just guy. They set up the shadow brokers which was. I read. It is just like your some goof-balls like they wanted to seem a lot dumber and a lot smaller than they were. They were very effective at it to people I. Talk About those that strategy, and then I guess my question have is like a re better at seeing that strategy for what it is well. You make a really interesting point. The uses these false flags like throughout their recent history that we I should say we don't know that they were responsible for shadow brokers. In fact, nobody knows who shot a brokers. The shadow brokers truly are, and they are in some ways the biggest mystery in this whole story, this one group that hacked the NSA apparently and leaked a bunch of their zero day hacking techniques, or maybe they were even say insiders. We still don't know the answer to that question, but the other other incidents you mentioned. That are you are responsible for this Guja for two point zero fake hacktivists leaked a bunch of the Clinton documents. They're responsible for other false flags like they at one point to call themselves the Cyber Caliphate pretended to be Isis. They've a pretended to be like patriotic pro. Russian Ukrainians at some point they they're always like wearing different masks ends. They're very deceptive. in the a later chapter of the book, some of the biggest one of the biggest attacks they. They did was this attack on the twenty thousand Olympics where they not only wore a false mask, but they actually had layers of false flags where as cyber security researchers W. This melwert was used to destroy the entire back end of the two thousand eighteen winter Olympics. Just as the opening ceremony began, this was a catastrophic events. The aware had all of these fake clues made look like it was Chinese or North Korean or maybe Russian. Nobody could tell it was like. It was this kind of confusion bomb almost designed to to just make researchers throw up their hands. Give up on attributing mallards. Any particular actor was only through some amazing detective work by some of the analysts that I spoke to the able to cut through those false flags identify that sand was behind this essentially, but yeah, it's it is a one very real characteristic of the jury you that they are almost they seem to almost take pleasure or like be showing off their deception capabilities to and their evolving those capabilities they are getting more deceptive over time as fake gets more, destructive aggressive. Advertising content when I say Utopia what comes to mind? Birds Chirping lush natural beauty dialed up and vibrant technicolor. Is it within reach. Your world. World. explained. You are an essential part of the Pathak social body. Everybody in that place. Everybody happy now. While the peacock original series brave new world takes place in a scientific futuristic utopia. The concept is nothing new Sir Thomas more. I introduced the theory five hundred years ago, but we keep looking for that community identity stability of aldous. Huxley's Utopia and not finding it. Americans are the unhappiest they've been in decades and we're increasingly lonely. whereas in a utopia, everyone belongs to everyone else. In nineteen, forty-three, the psychologist Abraham Maslov developed a theory of Yoga. One that allows total self determination in basic terms. maslow's theory says that in a utopia we decide for ourselves what we need and how we're going to get it in Huxley's Utopia. Citizens always get what they want and don't want what they can't get. Sounds pretty good right then. Why can't we make it happen? For a Utopian Society, to work, we might need to disband some of the things we hold dearest marriage government privacy individualism, even family. See for yourself if a utopian world is as perfect as it seems watch, brave new world now streaming only on peacock. This is advertising content. Hey. This is bowes I'm a podcast or By, I, a Gamer Five G. is changing the gaming world in really unexpected exciting ways with the help of Samsung Five G. I'm getting a peek at how gaming is getting faster smoother and can even improve our lives well. Let's dish some secrets about the future gaming. Dr Jean Mechanical Direct Route Game Research and development at the Institute of the future. She's also a bestselling author game inventor. She's optimistic about gaming impact on us and our minds. The biggest thing that we've seen in research is that. We need to be able to game in the moment wherever we are. So, what happens when when you're playing when your favorite games is that it fires up than her logical pathways, it's kind of like having a of caffeine and a pet dog from your favorite coach, and you've just meditated for an hour. This emotional neurological power up is called the game transfer effect, and that effect is heightened when using five. Five G. The game transfer fact requires you to be totally immersed in the game, so you want to have the most amazing graphics and the most immersive audio and with five G. to do that anywhere anytime, be one of the first to harness the game transfer effect with Samsung Galaxy Five G. now available on Galaxy, S Twenty-five g and a seventy one five G. feels good to be I with Samsung. I love to play the game of like. Imagine the meeting and imagine that the one set of meeting which is like the actual hackers finding the vulnerabilities figuring out how to jump from Windows, eight computer to some sort of physical hardware controller that actually runs like that. That's a very hard problem in and of itself, and then the other meeting. They're like what we're GONNA do is claim to be a guy called Gucci for two point, Oh and like those are. Not Connected Right, but the way they throughout the book the way they execute East campaigns they're deeply connected, and that seems like not only just a new kind of warfare, and you kind of craft, but some just consistently seems to work in surprising ways like the tech press is GonNa. Be Like Gucci. I says this and we're. There's never that next step of also we think it's Russian government, and that seems like first of all I'm dying. I imagine the meeting right. I would love to be a fly on the wall of the meeting where they decide what their twitter name is going to be today. I'm very curious how they evolve those attacks in such a way that it just seems to be more and more effective time. Yeah, I mean. I also love to have been those meetings in. It's my one kind of regret in this book that I never actually got. Interviews, it's almost an impossible thing to do. They liked find defectors from the R., you or something. He will tell those stories at a knock it murdered I mean. It's kind of a possible, but but. In some cases? I think your earlier points. They almost seem kind of bumbling in these things they do them in a very improvisational way. for two point Oh seemed almost like it was a justice thing they invented on the spot, tried to cover up some of the the accidental ups like they had left russian-language formatting errors in the documents that they had leaked from the DNC, so they admitted this guy who appeared the next day and started. Talking about being a Romanian. Friends as motherboard Lorenza, Franceschi decry he started this conversation. Align with with Guja for two point, oh basically proved at the guy could not actually properly speak Romanian. BE Russian speaker. In fact, it was. It was almost comical at the same time. They're using very sophisticated hacking techniques doing destructive attacks on a massive scale, but they're also. They seem like they're kind of making it up as they go along. They do things that don't actually seem very kind of strategically smart. They kind of seem like they're trying to impress their boss for the day. Sometimes with just like some sometimes, it's just seems like the Jere. You wakes up in asks themselves. Like what can we blow up today? Rather than thinking like? How can we accomplish the greater strategic objectives of the Russian Federation? So they are fascinating in that way and very stringent colorful group. That's I think one of the biggest questions I have here is. We spend a lot of time trying to imagine what flat and Mirror Putin wants. You know when he grows up, but it. None of this seems targeted like what is the goal for Russia to disrupt the Winter Olympics right like. Is there a purpose to that? Is that just a strike fear? Is it just to? EXPAND THAT SUV influenced. Is it just to say we have the capability furious is there? has there ever really been the stated goal for this kind of cyber warfare? That one is particularly mystifying. I mean you can imagine why Russia would want to attack the Olympics. They were banned from the two thousand Eighteen Olympics doping, but then you would think that they might want to attack the Olympics and send a message maybe like eight deniable message a message that you know if you continue to ban us. We're GONNA. Continue to attack you like like any terrorists would do, but instead they attacked the winter. Olympics in this way, that really seemed like they were trying not to get caught, and instead like make it look like the was Russia North Korea? And then you have to like what is the point of that was? The could kind of. Sit there in Moscow and kind of like rub their hands together in gleefully. Watch this chaos unfolds. It almost really does seem like it was petty vindictive thing that they just for their own emotional needs wanted to make sure that nobody could enjoy the Olympics if they were not going to enjoy them I that was, but that one is i. think outlier in some ways for the most part you can kind of see. The Russia is advancing. The G. R. You that sand worm is advancing something that does generally make sense which is that. In Ukraine for instance, they're trying to make Ukraine look like a failed state. They're trying to make Ukrainians. Lose faith in their security. Services are trying to prevent investors globally from funneling money into Ukraine trying to create a kind of frozen conflict, as we say in Ukraine where there's this constant perpetual state of degradation. They're not trying to conquer the country, but they're trying to create a kind of permanent war in Ukraine and would cyber war. You can do that beyond the traditional front end. It is in some ways the same kind of tactic that they used in other places like the US which. which here we saw more than influence operation that they were hacking leaking organizations like democratic campaign organizations and anti doping organizations to kind of so confusion to embarrass on their targets. They're trying to influence like the international audiences opinion these people, but in Ukraine, it is in some ways, just a different kind of influence operation where they're trying to influence the world's view of Ukraine. Influence Ukrainians view of their themselves under government to make them feel like they are in a war zone even when their kid hundreds of miles from the actual fighting. That's happening on the eastern fronts in the eastern region of. Of Ukraine so in a book you you you go to Kiev. You spent time in Ukraine. Is there a sense in that country that while sometimes light goes out sometimes our TV stations. Their computers don't boot anymore. Because they got rewritten, the Hydros got Zeros like. Is there a sense that this is happening? Is there a sense the defy back is there does Microsoft deploy you know dozens of engineers to to help fight back. How does that play out on the ground there? Yeah, I mean to be fair. Ukrainians are very stoic about these things and regular. Ukrainian citizens were not bothered by you know. Know a short blackout. They didn't particularly care you know. This blackout was the first ever. Hacker induced blackout in history but Ukrainian cyber security. People were very unnerved by this end, people in these actual utilities were traumatized I mean these attacks were truly like relentless sins very kind of scary for the actual operators at the controls I mean in the first blackout attack. These poor operators Ukrainian control room in western Ukraine they were locked out of their computers, and they had to watch their own mouse cursor. Click through circuit breakers, turning off the power in front of them I. Mean They watched it happen? At these kind of Phantom hands to control of their mouse movements, so they took this very very seriously, but yet Ukrainians as a whole I mean they have seen a lot. They are going through an actual physical war. They've seen the seizure of Crimea and the invasion of the east of the country. You know the the date hits. A Ukrainian general was assassinated with a car bomb in the middle of Kiev, so they have a lot of problems, and I'm not sure that cyber war is one of the top of their minds, but not patio I. Did, actually reach Ukrainians normal. Ukrainian civilians to it. It shook them as well. I talked to two regular Ukrainians. who found that they couldn't swipe into the Kiev Metro. They couldn't use their credit card at the grocery store. All the ATM's were down The Postal Service was taken out for every computer that the postal service had was taken out for more than a month. I mean these things really did affect people's lives, but it kind of. A until that kind of climactic worm. Not Patio for I think for this to really reach home for Ukrainians. who have kind of seen so much. How do you fight back? I, mean I one of things that struck me as I was reading. The book is so many of the people you talked to people who are identifying the threat. They're actually private companies. Eyesight was the first even detect it. they are contractors to intelligence agencies the military in some cases, but they're not necessarily the government right like it's not necessarily Microsoft. Who has to issue the patches from the software not necessarily GE which makes simplicity, which is the big industrial controls talk about a lot. How does all that come together into a defense because that seems like harder problem of coordination? Yeah, I mean defense in Cyber. Security is in an eternal problem. It's incredibly complicated, and when you have a really sophisticated determined adversary, it know they will win eventually ends I. think that they're absolutely lessons for defense in this book about you know. Maybe you need to really really think about software updates for instance like the kind that were hijacked to a with this medoc accounting software. As a vector for terrible cyber-attacks. Imagine that like. Any of your insecure apps that have kind of updates can be become a a piece of Malware, really unique to signature networks need to think about patching on. There are just an endless kind of checklist of things to every organization needs to do to protect themselves so. In some ways that just like a Sisyphean task and I don't. I don't try to answer that question in the book because it's too big, and it's kind of boring as well, but what I do really hammer on is the thing that the government's really could've done here. which is to try to establish norms tried to control attackers through diplomacy through kind of disciplinary action through things like kind of Geneva Convention for Cyber War if. If you think about a kind of analogy to say like chemical weapons, we could just try to give everyone in the world a gas mask that they have to carry around with them at all times, or we could create a Geneva. Convention norm that chemical weapons should not be used in if they are than crime, and you get pulled in front of the Hague. Hague and we've done the ladder and I think that in some ways should be part of the the answer to cyber war as well we need to establish norms and make countries like Russia or like organizations like the G. Are you understand that there will be consequences for these kinds of attacks, even when the victim is not the US or NATO or the? The EU and I think we're only just starting to think about that. One of the questions I had as reading is it seems like a very clear red line for almost everyone you talk to is attacks on the power grid right? That is just unacceptable. You should not do it if you do it. You've crossed a line and there should be some consequence. Is, that clear to governments. Is that something that our government says? It's something that the says it has been established. It seems like it's it's the conventional wisdom wants to salvage, but I'm not unclear whether that is actually the line that exists. It definitely has not been established, and when I kind of did these I managed to get sort of interviews with the top cyber security officials in the Obama ends trump administration Jay Michael Daniel was the cyber. Cyber Coordinator for the administration was the kind of cyber coordinator boss in the The Homeland Security Adviser for trump and both of them when I asked him about like wiped. Why didn't you know to put it bluntly like? Why didn't you respond? When Russia caused blackouts in Ukraine? Both of them essentially said well. You know that's not actually the rule that we want to set. We want to be able to cause blackouts in our adversaries networks. In their power grids when we are in a war situation or when we believe it's in our national interest, so you know that's the thing about these cyber war capabilities. This is part of the problem that every country. Absolutely the US among them isn't really interested in controlling these weapons, because we in this kind of Lord of the rings fashion, we are drawn to them to like we want to maintain the ability to use those weapons ourselves and nobody wants to throw this ring in the fires, of Mount Doom. We all wanted maintain the ring and imagine that we can use it for good in out. So that's why neither administration called that Russia for doing this because they want that power to. Make the comparison to to nuclear weapons but Negotiated drawdown and treaties with Russia in the past we count warheads where aware that the United States stockpiles can destroy the world. Fifty Times over today maybe tomorrow one hundred hundred like what we have a sense of the the measure of force that we can. Put on the world when it comes to nuclear weapons, there's a sense that Oh, we should never use these right like we have them as a deterrent, but we've gained out that actually leads to his mutually assured destruction like there's an entire body of academics. There's entire body of researchers. Entire body is got scenario planning with that kind of weapon. Does that same thing exist for for cyber weapons. There are absolutely. Know community is of academics. Policymakers who are thinking about this stuff now, but I don't think it's kind of gotten through to actual government decision. that. There needs to be kind of cyber deterrence in how that would work. In in the comparison to nuclear weapons is like instructive, but not exactly helpful. In fact, it's kind of counter-productive because we cannot deter cyber-attacks with other cyber-attacks i. don't think that's GonNa work in part because we haven't even tried to establish it yet. There are no kind of rules or read lines, but then I think more importantly. Everybody thinks that they can get away with cyberattacks that they can. They're going to create a false flag. That's clever enough that that when they blow up a power grid, they can blame their neighbor instead, so they think they're. They're gonNA. Get Away with it, and that causes them to do it anyway. A not fear the kind of assured destruction so I think that the the right response, the way to to deter cyber attacks is not with the promise of a cyber attack in return. It's with all the other kind of tools we have, and they've been used sometimes, but but they were not in the case of Sand Werman. Those tools include like sanctions which came far too late in the story indictments of hackers. In some cases, we still haven't really seen syndrome. Hackers indicted for the things that they did in Ukraine or or even not petty. And then ultimately just kind of messaging like calling out naming and shaming bad actors, and that has happened to some degree with Sandra, but in some cases there have still been massive failures there there has still been no public attribution of the Sandwich attack on the twenty eighteen Olympics I mean. My Book has been out for months. I think show pretty clear evidence that syndrome is responsible for this attack. The very least it was Russia and yet the US and Korean War, These Olympics took place at UK, none of these governments have named Russia as having done that. That attack which almost just invites them to do it again whenever our next Olympics are going to be, I guess maybe not this year, but if you don't send that message than you're just essentially inviting Russia to try again so I think might my big question is what happens now? I mean right we you write about. The NSA has tailored access operations, which is their elite hacking group. We are obviously interested in maintaining some of these capabilities. We've come to a place where people are writing books about how it works. What is the next step? What is the next? does it just keep getting worse or does this kind of diplomacy you're talking about? Is that beginning to happen I? Think there is some little glimmers of hope about the diplomacy beginning to happen I mean this year in February I think it was the State Department's called out a sand worm attack on Georgia, where a worms hackers basically took down a ton of Georgian websites by attacking the hosting providers as well as a couple of TV's broadcasters in the US. State Department with a few other governments not. said this was sand. Worm named the unit of the GRU. That's is that was confirmation that I've been looking for for a long time, but they also made a point of saying that we're calling this out is unacceptable, even though Georgia. Georgia is not part of NATO or the U. so that's that's progress. That's essentially creating a new kind of rule. That's state-sponsored. Hackers can't do certain things, no matter who the victims and that's really important. Also, it was kind of interesting because federal officials like gave me a heads up about that announcement before happened, which they have very very rarely do and I think they were trying. To say was in we. We read your book and we. Got The message okay like Stop attacking us about this like we're trying. We're doing something different here I. Don't want flatter myself that I actually changed their policy, but it did seem interesting that they wanted to tell me personally about this so i. I think that like maybe our stance on this kind of diplomacy is evolving, and we're learning lessons, but at the same time we also see the attacks evolving to. To and their new innovations in these kinds of disruption happening, we've seen since some of these terrible Sandra attacks. You know other very scary things like this piece of our called Triton or crisis that was used to disabled safety systems in a oil refinery in Saudi Arabia on that was you know that could have caused an actual physical explosion of petrochemical facility? The the attacks are evolving to okay final last real question. Tell people where they can get your book. You can find all kinds of places by on indie Greenberg Dot net. Written another book as well previously, yes. That's right. I wrote a book about wikileaks. Cypher punks and things like that. That's right well. I'm a huge fan. It was an honor to talk to you. Thank you so much for coming on I know it's. It's a weird time to be talking about anything, but the coronavirus I was very happy to talk about something else, which is that it seems a little bit more in control Even if it is quite dangerous, a thank you for the time. I appreciate it. Yeah, I'm glad to provide people with a different kind of apocalypse as a distraction.

Ukraine United States Russian Government Nato Olympics Kiev United Kingdom Sandra Cyber Award State Department Kim Zetter Barack Obama Clinton Russia San Worm Sandy Greenberg NSA DNC
The Twitpocolypse

Let's Talk Bitcoin!

05:03 min | 3 weeks ago

The Twitpocolypse

"Some time ago about a year ago, or maybe two years ago, twitter introduced time based one time passwords google authenticated as most people know that mechanism where you have an authentic eater APP on a mobile device, and that gives you six digit codes to log in as to factor, which is much more secure than SMS SMS of course can be hijacked if your Sim Card is hijacked, so a lot of people were speculating all of these different methods of attack to me. It seems unlikely that accounts that are very familiar with some checking because. Because it happens a lot in crypto and has had a lot of high profile. Reporting would have SMS. It also seemed unlikely that even if they did that, someone was able to Sim Jack phones from big accounts across two different continents, at least because some of these accounts are china-based or singapore-based, some are europe-based. Some are a us-based that involve several different phone carriers in different countries all done within a matter of hours. It seemed to me very unlikely that I would be the case so assuming that they did have hardware two factor authentication. Or at least an authentic eater op, you can't really steal a password. That's not enough. So then, if the account security is likely to be quite secure, what are the other avenues someone can get in? The next most likely mechanism of attack would be API's so twitter has API's that allow various social media, aggregate or sites to post so that whole team of people can schedule and review and posts to multiple platforms similtaneously I. Use platforms like that, too. It allows me to work with a team of people and collaborate on what we post and schedule it out in advance. So. When you see a personal message from me, his personal, but when you see an with like I'm doing this video on Saturday, you know that's scheduled in advance and it's posted automatically. Are, not sitting there, attaching images and typing in Hashtags in real time. These services of course access the twitter API using off which is a nation protocol. It's the same protocol that's us when you log into a site using your google account and it redirects. You gets an encrypted challenge response message from uses that antedates into sight. And these gain full access the twitter time and presented in some of the site. You're probably familiar with things like hoot, sweet and buffer, sensible and various other sites like that now. These sites are not always as well secured. So that was my immediate suspicion. Because from there you can easily post the message, and if that site security isn't a strong with two factor, etc, I assumed. had been compromised than because there are only a handful of social media postings services eight. It was quite possible that all of these disparate companies were using the sang. Then the attack continued to escalate. One of the things that was noticeable was that the tweets that will come out? Were saying twitter web APP. Now when you have an off service that is posting remotely through the API. It has a clear identifier, says twitter for iphone, says hoot suite, it says some social media, posting or something like that. It doesn't say twitter web up. So my immediate suspicion was that this was a browser extension again much easier to compromise it. Browser extension that is a common single point of failure across all of these different accounts, and would have access to twitter web API to post on behalf or maybe sore credentials for users. There are a lot of sloppy browser extensions out there and then people started talking about the possibility of zero day browser exploit now. That'd be a very serious problem. Because Zero Browser, exploit effectively means that someone was compromising browsers through some click through mechanism, revolt, execution, or something like that and hijacking credentials from inside the browser secure store. That's a very serious. Because I would affect not just twitter, but then again it was only happening on twitter. And why would you use a zero day? Browser exploit that can be enormously powerful to hack only one site twitter, and then to use it to do this silly. Nigerian scam. I'm using the term Nigerian scam because Nigerians have anything to do with us, but because this type of scam originated with the Nigerian Prince Story, I mean it's a story, actually the we've seen repeat over and over and over again for two decades exactly I was reading through some kind of gaming coverage of this and many of them are likening it to scams that. That have been pulled in Yvonne Line, which is a popular sort of Laissez Faire, M., o. and ruined scape, also, which is really like a mostly for kids type of environment, and again like seven years ago. Apparently there was a rash of this type of give your money and I'll give you double back and again of course in crypto currency. We've seen this since.

Twitter Google Laissez Faire Yvonne Line
"zero day" Discussed on The CyberWire

The CyberWire

06:54 min | 5 months ago

"zero day" Discussed on The CyberWire

"And joining me once again is just an harvey. He's the global incident response leader at accenture. Justin great to have you join us here at. Rsa Twenty twenty. It is great to be here. Hopefully we're corona virus free. I know I know everybody's fist bumping and rubbing elbows shaking hands. And there's lots of Hand sanitizer being distributed just about everywhere You've had a little bit of time to walk around and take in Some of the sites to see what's your sense so far on this year's Rsa Conference or my sense. So far is it's it is. There are so many vendors out there you have Mosconi north. Which is several football-field-sized full vendors? Then you've got the tunnel between the two with it has a lot of startups smaller booths. Right and then you have Mosconi south which is again the same footprint as Mosconi north several football fields of vendors. And we're seeing a few common themes first theme is that it seems that there is a lot of technical solutions looking for business problems. So there are so many vendors out there and I often wonder if I was a cio or part of the C. Suite of a heck even a small medium sized business let alone g two thousand company. It is absolutely overwhelming. All of the blitz of vendors they are intelligence vendors. Everything is intelligence led or an intelligence embedded right. There are platform plays. Everyone says they have a platform. Even if you have a little point solution it's better to great platform right. That's like years ago It not just a product. It's the solution now the platform and I you know there's a there's all the normal cast of characters that you would expect all of the big vendors out there like the fire. I the Cisco's that Gigamon the Palo Altos. They're all out there. Yeah and Then you've got your medium in in in smaller players out there. There's there's an equal mix of cloud and threat detection and point network. But we're also seeing a resurgence of identity and access management solutions in privileged access monitoring monitoring. So I think that's really that's really picking up and less and less on the side and less on regulation and what do you think is driving those trends? I think just like we put out in our cost of CYBERCRIME report a few weeks ago. The number of incidents a number of breaches are going up and the average cost of breaches are also going up We've been tracking it with the Poem Institute for the last five years and it has gone up. Seventy two percent seventy two percent in the average cost of a breach and just in this last year loan. It's gone up thirteen point seven percent so there are more breaches happening clearly and and they are costing a lot more so we're seeing a lot more vendors out there but I do believe this is probably. I think we're nearing the end of the line here. I think the bubble burst on these companies to earlier. This week I was I was talking to someone who is a funder and she was saying that that there's so many of these companies where it seems as though They don't have so much products they have a feature right. You know something that would be nice to add to the things that we already have but probably can't stand on its own I wonder how much is this result of There's so much money in the sector right now that maybe it's not hard to to get someone to To put a little juice behind you when you're getting started up enough to come here and show your wares at Rsa. Yeah I think that There are a lot of point solutions and add-ons out there. I think the market for those types of organizations with their products may be dwindling. Because if you put yourself in in the in the mind or in the shoes of a CIS oh here she grapples every day with a very large technology stack. It's really hard to continue to add little point solutions on and every time you buy a piece of software. There's the time invested in procurement in doing the contracts. Then you've got to install and configure. Then you've got to maintain it and monitor it so it it becomes quite difficult to keep up with all of them. What's your strategy for a show like this in terms of of takeaways of getting out there? Now what are the things that you want to to learn from a big show likeness? Well I'm out here primarily to talk to You. Dave little pandering yes to to talk about our services and what we're seeing in the market. I'm here to talk to our biggest clients and customers absolutely. I think the tertiary goal is to really walk the floor and look for those nuggets. Those those diamonds in the rough. Because I I I know I'm not gonNA find the diamonds in the rough in the in the big holes really it's It's going through investment alley the startup alley with all these little vendors in you'll find one or two of these perhaps make good acquisition targets or good partners or or allies in the fight and being able to find these innovative solutions. is really core to our business. all right well as always Justin Harvey. Thanks for taking the time out of a busy show to come visit us. Thank you and that's the cyber wire for links to all of today's stories. Check out our daily news briefing at the Cyber Wire Dot Com. And don't forget you can get the daily news briefing as an Alexa Flash briefing to thanks to all of our sponsors for making the cyber wire possible especially are supporting sponsor. Observe IT THE PROOF. Point Company and the leading insider threat management platform learn more at observed dot com funding for this cyber wire. Podcast is made possible by our SA conference where the world talk security through global events in year round content our SAC connects you to cybersecurity leaders and cutting edge ideas for a safer more secure future learn more at Rsa Conference Dot Com beside rewire. Podcast is probably produced in Maryland out of the startup studios of data tribe. Where they're co- building the next generation of cybersecurity teams and technologies are amazing. Cyber wire team is rick. Howard Elliott Peltzman Peru. Precaut- Stefan Very Kelsey bond. Tim No Dr Joe Kerrigan Carol. -Tario Benny Elon. Nick Valenki Bennett. Mo- Chris Russell John Patrick Jennifer Ivan. Peter Kilby and I'm Dave Bittner. Quick thanks to everyone who stopped by to visit us here at the RSA Conference. We will be here through the week. And it's really great to meet you all come on by grab some stickers say hello thanks for listening. We will see you all back here tomorrow..

Rsa Twenty twenty Justin Harvey Mosconi Dave Bittner Rsa Conference Dot Com RSA accenture Mo- Chris Russell John Patrick cio Nick Valenki Bennett Point Company Palo Altos Alexa CYBERCRIME Maryland Howard Elliott Peltzman Peru Poem Institute Cisco Peter Kilby
"zero day" Discussed on The CyberWire

The CyberWire

11:53 min | 5 months ago

"zero day" Discussed on The CyberWire

"And now a word from our sponsor extra hop securing modern enterprises with network detection and Response Security teams today what to say? Yes to cloud adoption just like they want support enterprise iot an edge computing but the more complex your architecture the less you can trust your perimeter to keep threats out when attackers make it into your environment. You need to be the hunter. Not The hunted. Extra hop helps organizations like Home Depot and Credit Suisse detect threats up to ninety five percent faster with the context they need to act immediately visit them at RSA for a full product demo of threat and response for cloud multi cloud and hybrid enterprises or learn more at extra hop dot com slash cyber. That's half dot com slash cyber and we thank extra hop for sponsoring our show funding. This cyber wire podcast is made possible in part by McAfee security built natively in the cloud for the cloud to protect the latest like containers to empower your change makers like developers and to enable business accelerators like your team's cloud security that accelerates business. It's about time go to McAfee dot com slash time coming to you from the two thousand twenty. Rsa Conference in San Francisco. I'm Dave Bittner with your cyber wires summary for Wednesday February twenty six twenty twenty. Google has patched a chrome zero day that undergoing active exploitation in the wild mountain view isn't saying much about how where or by whom the vulnerability is being exploited by twenty twenty sixty four eighteen in fact Google's not really saying anything at all confining itself to this terse observation. Google is aware of the reports that an exploit for CV twenty twenty sixty four. Eighteen exists in the wild zero day. Type confusion issue one in which an APP initiates data execution of a certain type of input but is subsequently fooled into treating the input as a different type. Exploitation could give an attacker the ability to run malicious code within an application to other non zero days are also fixed in the update users are advised by multiple experts to patch energy. Wires says the Coast Guard has confirmed that the ransomware attack against a natural gas facility sissel warned of on February eighteenth was in fact the same incident the US coastguard reported in a December Maritime Safety Information Bulletin. Dragos offered the same evaluation last week. Fire I notes. The ways in which industrial systems have become increasingly attractive targets for ransomware operators. The extortionists are now frying bigger fish than heartland school districts concerns about ransomware our high on the list for those charged with defensive infrastructure as F C W reports. Cia Director Crabs observed this week at RSA as if to give point to those concerns a small electrical utility in Massachusetts the Reading Municipal Light Department has disclosed that it sustained a ransomware attack last Friday. Another big trend in ransomware is stealing files in addition to simply encrypting them bleeping computer notes that the operators of d'appel payment ransomware have now adopted the increasingly common tactic of adding dachshund to the traditional threat of data loss. D'appel payment has established a site where it will post private files stolen from victims who declined to pay the ransom and our sac panel hosted by cyber scoop featured the directors of two major US agencies and essays Cybersecurity Directorate led by an Newburger and the Department of Homeland Security's Cybersecurity and infrastructure security directorate led by Christopher Krebs. The organization see their roles and missions as complementary and offering a good scope for collaboration work against the influence operations and other information operations that targeted. The two thousand sixteen elections and that have since continued spurred more effective information sharing and Microsoft's January patches provided an important opportunity for the two agencies to reach out to the public on an urgent matter of online security Dallas County Iowa has ended its bungling and discreditable treatment of two coal fire. Penetration testers dropping all felony burglary and criminal trespass charges against them Info Security magazine reports in another legal case the extradition hearing in the matter of Mr Julian assange continues at Woolwich Crown Court. Reuters reports that barristers working on behalf of the wikileaks. Proprietor branded allegations. That Mr Assange helped the then. Us Army specialist Bradley. Manning hack into classified systems as lies lies and more lies a position that the American prosecutors of course are unwilling to accept. Mr Assange Council also took on another central US contention that wikileaks. Publication of material then specialists manning stole put lives at risk on the contrary argued lawyer mark. Summers when Mr Assange learned that unredacted copies of the material he'd received in prepared to share with various media. Were about to become public. He tried to warn you. Authorities calling the State Department and asking to speak with then Secretary Hillary Clinton to warn her. That lives were on the line and that something needed to be done. She didn't take his call. Mr Assange defense team said and no one got back to him in the promised. Couple of hours Keith. Millar ski held leadership positions with the CYBERSECURITY team in the Pittsburgh Office of the FBI and under his teams watch several high profile criminals and organizations where brought to justice. These days. Keith. Millar ski is with the team at E. Y. He stopped by our booth at RSA to share his insights. I spent twenty years at the FBI. And at that time you're eligible to retire just a great opportunity. Kinda still continue fighting the fight but just from the other side Ernst and Young gave me just a great opportunity to come and be a leader in their cyber practice in continue doing threat intelligence and incident response and being able to help clients just from the other side. So it's been a great transition. What sort of insights have you gained from being on the other side is a fresh perspective? From what you had before I think one of the things was the state of Cybersecurity is a lot worse than I thought. You know being a being on this side. I thought it was a little bit better. The the other thing is just. It's all about defense whereas when I was in the FBI was doing offensive defensive and investigations so so it is a little bit of a different beast bit bit fund nonetheless so in terms of the things you have your eye on these days particularly when it comes to ransomware what are you and your colleagues. Ernst and young focused on so when I look at ransomware I really look at that as a probably the biggest cyber criminal threat affecting companies. Today you know in the past you had a different banking trojans and they were doing account takeovers over the last five six years. The banks have got really good at stopping wire. Big Wire transfers going out so these organized crime groups. It's not profitable to do those big wire transfers. Because they're just not as successful but they're leveraging that that access that they had now to do what we're calling enterprise hunting ransomware or big game hunting ransomware. I'm curious to I mean from your point of view. I know the the line from the F. B. I. Forever has been. Don't pay the ransom right now. There's you're on. The other side has Are you still believe that's the way to go? Well Yeah I mean. I believe that you shouldn't pay the ransom because that's just giving money to criminal organizations and I believe that if you have really good cyber hygiene insecurity practices put in place that you could prevent the majority of these attacks and so you shouldn't even be in a position to have to pay these ransoms. So what you really want to kind of do with these with these groups is kind of put together a playbook because they all do follow a pattern in once you once you know their playbook you can build defenses around that everybody has a limited budget right and they have to allocate the various things that you know dial in the percentages to to various things. What's your tips for folks? Who HAVE RANSOMWARE FRONT OF MIND? How should they be approaching that from a practical point of view? Well I think you have to use intelligence to really drive your business practice You really need to understand where your crown jewels are. You need to be able to know where your risks are and make a business decision based on a risk are can you be one hundred percent secure absolutely not you need to manage your risk to a level where you're comfortable that? Hey my spend is at this right level. Lower my wrist to this level when that's acceptable for that and that's that's what you have to do. The only way to do that is really good. Intelligence on where your crown jewels are and also You know the techniques tactics used by the threat actors out there. What are you tracking in terms of evolution in these ransomware groups? How they're coming at people? What what are the trends there? So one of the biggest trends that we're seeing lately is because People don't WanNa pay the ransom or the restoring from backups. You know what we're seeing then is now a couple of the groups. I just saw d'appel Palmer mazes another group right now. Where since they're in your network for thirty to forty five days they're stilling documents and now they're saying if you don't pay the ransom now. We're going to post your your confidential documents. So so we're seeing a trend to for them to try to really make sure that they get that money from you. Turn up the heat turned up the heat. That's Keith Millar Ski from E. Y. to return to our SAC twenty twenty. What's our sense of the conference this year? We'll say that the event is well attended. Despite the last minute high profile cancellations announced last week it is perhaps a bit more subdued than we've seen in previous years. Some of the sense of reserve is no doubt due to concerns about Kovic. Nineteen the corona virus strain that prompted those eleventh-hour withdrawals hand sanitizer stations. Are Much in evidence and people seem less apt to shake hands more generally and with respect to the business of cybersecurity. We'RE GETTING A VIBE. That people see small businesses the mom and POPs as underserved by the sector finally inspired by Cisco's launch of its secure x platform at our SAC. And especially by the news that secure XS internal name had been Fenosa marketwatch wonders what superheroes exemplify. The spirit of various cybersecurity companies technically is a super villain. But we'll leave that aside they can find themselves to the Marvel Universe so DC superheroes need not apply iron man was the superhero. Most companies chose as their muse role model followed by captain's America and marvel with sue storm. Vision Suri doctor. Strange and ant man the ANC pin version. Thank you very much. Also crossing the finish line to our industries. Shame not a one of them. Chose Dr Charles Xavier. The silver surfer and obvious choice. When would think for any browser security vendor or the ancient one sad marketwatch had some suggestions for the various companies? They talked to and their suggestion. Struck us is better than the companies. Preferred superheroes again sad for our part. We Call J. Jonah Jameson. He's what you call high energy.

Keith Millar RSA US Google Mr Julian assange FBI Mr Assange McAfee Ernst wikileaks Dave Bittner Manning Home Depot Cybersecurity Directorate Dragos San Francisco Reuters Credit Suisse Microsoft
"zero day" Discussed on The CyberWire

The CyberWire

04:28 min | 7 months ago

"zero day" Discussed on The CyberWire

"Something as being wholly within the European Union then it's much easier to understand how they the sanctions will will apply in the process. Roses will be followed when he starts look at companies outside of the EU but still humbling a used citizen data. Then you know I'm not. I'm not truly sure how don't work work. I think it's more about where is your dad are going to be held if the is the country that you don't necessarily trust needed make a personal decision as to whether you want it to move forward with it. The one big beef I had is that every company seem to implement it in their own way with their own plug in and they all had different lasn. It's an approach is and that seemed to me just incredibly wrong. Yeah I agree. I think one of the challenges that we've had with GDP are that it's been completely a non-prescription disip technology and how people do things so it gives you kind of best props. His both words about you know you will keep information secure. You will set individual but there's actually nothing underneath underneath that. How you all recommendations or suggestions on technology say page layout so that then he's left to each individual company John Field thank. Thank you so much for all your insights in very interesting part pleasure. Thank you very much reminds me. This is Carol -Tario for the cyber wire. According to the Japan Times Mitsubishi Electric yesterday disclosed. The Chinese actors hit the company with a massive cyberattack last year in addition the personal information on some eight thousand individuals attackers may have obtained quote email exchanges with the Defense Ministry and Nuclear Regulation Authority as well as documents documents related to projects with firms including utilities railways automakers and other firms and quote the personal data exposed in. The incident belong to nearly a two thousand new graduates who applied for jobs at Mitsubishi Electric between October. Two Thousand Seventeen in April twenty twenty others who were job-hunting with the tokyo-based firm between in two thousand eleven and two thousand sixteen were also affected. The company noticed an anomaly in its networks in June two thousand nineteen investigation of irregular activity tippety on devices in Japan eventually revealed that someone had obtained unauthorized access to management networks. Those parties are believed to be Chinese criminal. Gangs Gang's in other news from the cyber underworld the operator of a booder service that is service that offers distributed denial of service attacks for higher has published telnet credentials for more than half a million servers home routers and smart devices why would they have done this according to ZD net net which asks them. The boot service has now been upgraded to a higher end model instead of just riding atop vulnerable IOT devices henceforth. It will rent high. Hi output services from cloud providers bust the fire sale. We guess although the specific motive for making mischief in this way still strikes us as obscure the leaker said they compiled the list by scanning devices with exposed telnet ports and then tried I factory default credentials followed by easy to Guess Password combinations credential stuffing effort and finally are you thinking of filing a claim in the equifax breach settlement. Well if you lar- deadline is tomorrow you'll need to have your paperwork. Ducks in a row to qualify and now a word from our sponsor extra hop delivering cloud native network detection and response for the hybrid enterprise. The cloud helps your organization relation move fast but hybrid isn't easy. Most cloud security failures will fall on customers not service providers now that network detection and response is is available in the public cloud. It's finally possible to close the visibility gaps inside your network extra reveal X.. Cloud brings cloud native network detection detection and Response to aws hoping security team spot contain and respond to threats that have already breached the perimeter. Request your thirty day. Free trial of reveal X.. Cloud today at extra hop dot com slash trial. That's extra hop dot com slash trial and we thank extra for sponsoring our show.

Mitsubishi Electric European Union John Field Japan Times Japan Defense Ministry and Nuclear R Carol -Tario ZD
Update Firefox Right Now to Patch This Zero-Day Vulnerability

Daily Tech Headlines

00:29 sec | 7 months ago

Update Firefox Right Now to Patch This Zero-Day Vulnerability

"Updated firefox patch an actively exploited critical zero day vulnerability researchers that China's chief who three sixty reported the flaw. The flaw Blah is a form of type confusion that can cause data to be written to or read from memory locations that should otherwise be off limits. This combined pass address space layout random mutation Zalin leading to control of ineffective system and also crashes. The flaw is fixed in Firefox. Seventy two point oh one point one users. A Fire Fox should update immediately really

China
Microsoft tried a 4-day work week — and productivity soared

KRLD News, Weather and Traffic

00:44 sec | 10 months ago

Microsoft tried a 4-day work week — and productivity soared

"And how does a four day work week sound I'm on board you know channel eleven gave me a zero day we're going to hit the hay yeah Microsoft Office in Japan they did this is an experiment they gave twenty three hundred workers there a four day work week over the summer so they gave me three days off at the end of the week you can either take Friday or Monday off they found that worker productivity jumped forty percent when I only had to work four days a week have a look at twenty five percent fewer days off and the company's I. twenty three percent cut in the cost of electricity wow works so well they're going to try it again next year so what would you take Friday or Monday noon that's a good question good question I think that one over

Japan Microsoft Four Day Twenty Three Percent Twenty Five Percent Forty Percent Three Days Four Days Zero Day
"zero day" Discussed on The CyberWire

The CyberWire

13:35 min | 10 months ago

"zero day" Discussed on The CyberWire

"Exit to do blocking a mapping a news APP from users in China and to look inside the blackbox as we visit and essays Cybersecurity Directorate and joining me once again is a Weiss Rasheed he's a professor cybersecurity at University of Bristol Welcome back away some we want to talk today about the importance of real world experimentation getting out of the lab spend with your research and practice what do you have to share with us about that today I think the challenge we are going to face the within the next two years the number of devices can detail on the Internet will outnumber humans by depending on whose estimates you believe something like five to one and you know the these this assistant of connected devices bill everything from healthcare to transport to energy finance the way we communicate and shit Taylor but a change so we are really talking about really large scale hyper connected systems so as you know we we need to we need to ensure that were developed in the lab actually works in the alone and as a result you know the way to test any kind of discussion than architectures has to be the Loyd the Lyles and understand what are the implications of that however that that his bedroom is challenging because of course Yukon deploy a typical solutions on production environments because of course they may not necessarily be fit for purpose or scam very well so we do need a law scale experimental infrastructure that hop close enough to the real world to be able to do that that's a big challenge whether there's an old saying the warfare that no battle plan survives contact with the enemy. I'd seems like that could apply here as well absolutely that's exactly the reason that nobody what happens China be developed developing said that developed with rigor and with good intentions by such as practitioners but usually testimony small scales things in the lab or in an experimental setting and then they are deployed in real world into such as the digital scale not saying that they never scale the don't always well that's why we need to think about it as to how we might be able to do this did a number of academic and industry organizations that run testbeds is a good argument link some of these testbed infrastructures together so that we do have a Ghana means of scale but also that really large scale environment that present the ballistic setting in which security takes place in the real world I'm thinking of the rigorous testing that that takes race when it comes to pharmaceuticals Is that not a good example is is it simply too expensive to do something at that scale I think it's it's it's not a case of expense it's hell you may may deploy as something in the pharmaceutical industry is an interesting example because the the the trials are legally bone to lodge skin clinical trials once they've gone through scale testing and then increasing level of confidence has been top and I think we do great to be able to do something very very similar but the question is how do we test in the wild for example would you be willing to deploy experimental securities then on say a power greater or outbound or transportation system and I think you would have to have a lot of UNFINI- and a lot of fail tips into it and I think we need to develop those protocols other disciplines have developed those verticals and I think we are a little bit further from at this point in time Weisman sheet thanks for joining us now it's time for a few words from our sponsor blackberry silence you probably know all about legacy antivirus protection it's very good as far as it goes but you know what the bad guys know all about it too it will stop the skids but to keep the savvier hoods hands off your endpoints blackberry silence thinks you need something better check out the latest version of silence optics it turns every endpoint into its own security operations center silence optics deploys algorithms formed by machine learning to offer not only immediate protection but security that's quick enough to keep up with the threat by watching learning and acting on systems behavior and resources whether you're worried about advanced malware commodity hacking or malicious insiders silence it's optics can help visit silence dot Com to learn more and we thank blackberry silence for sponsoring our show my guest today is Kumar Syrup Co founder and CEO of logic hub a security automation.

Weiss Rasheed China essays Cybersecurity Directora University of Bristol Lyles Yukon Taylor Ghana Kumar Syrup Co founder and CEO Weisman two years
"zero day" Discussed on The CyberWire

The CyberWire

08:29 min | 10 months ago

"zero day" Discussed on The CyberWire

"It's time to take a moment to tell you about our sponsor recorded future recorded the Real Time Threat Intelligence Company whose patented technology continuously analyzes the entire web developing cyber intelligence that gives analysts unmatched insight into emerging threats at the cyber wire we subscribe to and profit from recorded future cyber daily as anyone in the industry will tell you when analytical talent is as scarce as is it is today every enterprise owes it to itself to look into any technology that makes your security teams more productive and your intelligence more comprehensive and timely Because that's what you want actionable intelligence sign up for the cyber daily email in everyday you'll receive the top trending indicators recorded future captures crossing the web cyber news targeted industries threat actors exploited vulnerabilities malware and suspicious Ip addresses subscribed today in stay a step or two ahead of the threat go who recorded future dot com slash cyber wire to subscribe for free threat intelligence updates that's recorded future dot com slash cyber wire and we thank recorded Richard for sponsoring our show funding for this cyber wire podcast is made possible in part by McAfee security built by the power of harnessing one billion threat sensors from device to cloud intelligence that enables you to respond to your environment and insights that empower you to change it took McAfee the device cloud cybersecurity company go to McAfee dot com slash insights from the cyber wire studios at tribe. I'm Dave Bittner with your cyber summary for Friday October Eleventh Twenty nineteen researchers at security firm Morphou Sek have found bit payment ransomware exploiting an apple zero day and unquoted path vulnerability in an apple software update component that comes bundled with itunes for windows thus the ransomware evade security tools by effectively presenting itself as a legitimate software update earlier reports said the vulnerability was associated with Apple was Bonjour update but more set has concluded that's not the case it's an unrelated update her note that only windows users are affected Mac users it's they update to Mac Os Catalina this week will be untroubled apple is sunsetting I tunes for Mac with this update e set reports the discovery the of at tour a modular espionage platform that has been deployed mostly against select individuals in Russia many of whom have shown an interest in using privacy focused Sir misses the malware has also been used against a smaller number of diplomatic and government targets in Eastern Europe notably in Ukraine Slovakia Lithuania and Turkey at tour has been in use since twenty thirteen at least and e set describes it as professionally written it's plug in architecture enables its controllers to custom is at towards functionality to specific targets in general the malware uses an unusual device fingerprinting technique automated data collection and tour. pulled exfiltration e set does not know what at tours infection vectors have been and the researchers think it's probable that the malware has still undiscovered plug in and at toward self is named after a malign ferry in the book a court of Thorns and roses the book has lots of fans and lots of fan fiction into fire eye researchers have caught fin seven known for the carbonate financial crimes using new tools vin seven that is would be the one using the new tools not fireeye then sevens new kit has two items which fire I calls boost right and RDF's sniffer boost right is the in memory only dropper that's carrying both carbonate and a second payload which is RDF SNIFFER RDF sniffer has a range of militias functionality among other things it's able to intercept S. L. connections delete data and run commands on remote systems the PAYLOAD EFFECTS NCR Aloha command center client obsessions the Aloha command center is widely used in the hospitality industry to manage hardware and software at remote locations at the west of Chinese authorities apple has removed both a US news APP and mapping APP from its Chinese service the Telegraph notes that the optics aren't good for Cooper Keno which some see as having joined the National Basketball Association in a kind of shadow extension of China's social credit program into the West Virgin she says the APP is courses blocked for content not legal in China the courts news service is both widely read and not typically seen as extreme and so it's illegal would appear to be publication of stories not to the liking of Beijing the mapping APP H K map dot live was allegedly used it police and commit crimes where police weren't present apple had this latter information from the Hong Kong cybersecurity and Technology Crime Bureau the oppose Zing point of view holds that the protesters in Hong Kong were using H K map live to avoid the police and that the crime they were interested in committing was generally speaking assembling protest that and graffiti sure but graffiti wouldn't alone seems serious enough to warrant that kind of pressure on Apple Anyway Apple has taken the authorities line all the way to the bank courts is understandably on the other side of this dispute the company's CEO Zach seward told diverged we aboard this kind of government censorship of the Internet and have great coverage of how to get around such bands around the world he suggested that people read courts covered VPN's as means of evading government crackdowns on content it's perhaps worth noting that officials in three Western nations recently addressed VPN the two but they had a decidedly different take on them US Canadian and British intelligence and security services have over the past week published warnings that unspecified the threat actors were actively exploiting vulnerabilities in widely used virtual private networks one of the US agencies that issued its own warning on the matter was NSA's new cybersecurity directorate their public warning was noteworthy in that it offered some brief advice on how to use VPN's with more assurance they'd work as advertised the director it's five pieces of advice whereas follows seem easy enough for the ordinary user to do one immediately upgrade your VPN to the latest version two recent credentials before reconnecting the upgraded devices to an external network three review your network accounts to ensure adversaries did not create new accounts you're update VPN user administrator and service account credentials and five revoke and create new VPN server keys and certificates we Red Fort Meade yesterday for the NSA cybersecurity directorates I media round table the directorates leaders director and Neuberger and technical director Neil ring said that Monday's announcement concerning VPN vulnerabilities and remediation was the first in what they expect to be a continuing line of such warnings and advice as nation states increasingly targets that aren't themselves opposing nation states they said it's important to open the black box and provide individuals businesses the prophets and local governments actionable intelligence and the context necessary to use it and now a word from our sponsor observe it the greatest threat to businesses today isn't the outsider trying to get in it's the people you trust the ones who already have keys your employees contractors and privileged users sixty percent of online attacks are carried out by insiders the stop these insider threats I need to see what users are doing before an incident occurs observant enable security teams to detect risky user activity investigate incidents in minutes and effective really respond with observant you know the whole story get your free trial add observant dot com slash cyber wire that's observe the letter is the letter T. Dot com forward slash cyber wire and we thank observe it for sponsoring our show.

McAfee Threat Intelligence Company apple Richard Dave Bittner Morphou Sek sixty percent zero day
Microsoft issues emergency Windows patch to address Internet Explorer zero-day flaw

10 10 WINS 24 Hour News

00:27 sec | 11 months ago

Microsoft issues emergency Windows patch to address Internet Explorer zero-day flaw

"Five if you use Microsoft Windows a heads up on Microsoft has issued to emergency windows updates to protect against what it called critical and important to vulnerabilities impacting internet explorer and windows defender the anti virus software the internet explorer flaw which affects versions nine ten and eleven could enable attackers to gain the same user rights as you an infect your

Microsoft
OpenMandriva Lx 4.0 is Here

The Full Circle Weekly News

02:51 min | 1 year ago

OpenMandriva Lx 4.0 is Here

"Open mend Riva LX floor dot O is here, this version of open mend Riva ships with Colonel five dot one dot nine Katie plasma, five, fifteen dot five and Mason, nineteen dot one. This releases the first to offer up an optimized version specifically for AMD architecture alongside the typical architectures that were available previously from the Colonel to the packages. Everything has been compiled to improve performance. The default browser has been changed to the chromium based falcon though, fire FOX and chrome are still available to install. Katie plasma. Five dot sixteen gets I point release five sixteen dot one is now available in fixes bugs and discover panel view power, devil plasma network manager and the breeze theme. This release revamps the notification system. And also gives a new look and feel to the log in screen. Canonical outs important security update for all of whom two releases this update addresses a flaw in the handling of certain specially crafted TC ppac. It's that would allow an attacker to cause kernel panics on the receiving system effectively, causing a denial of service referred to as TCP sack. The flaws present in every current version of boon to and uses are strongly urge to update immediately. Canonical will drop support for thirty two bit architectures and future, a boon to releases Steve Lenka set on the to develop announce mailing lists said the Abboud to engineering team has reviewed the facts before us and concluded that we should not continue to carry I three eighty six forward as an architecture Consequently, I three eighty six will not be included as an architecture for the nineteen ten release, Mr. Langa said continues while this means we will not provide thirty two bit builds of new upstream versions of libraries. There are a number of ways that thirty two bit applications can continue to be made available to users of later of into releases. Canonical snap store ads eleven districts Pacific installation pages for every single app. This move by canonical is meant to ease the adoption of snaps by explaining how to install snap D And the snaps themselves on various popular distributions. Mozilla patches. Firefox zero day, abused in the wild Samuel gross in coin based discovered a flaw in the way. Fire FOX handles the Java script method array dot pop that could lead to remote code execution. However, at the time of this articles writing none existed, Mozilla strongly encourage users to upgrade to sixty seven dot zero dot three to patch this phone ability. Mozilla patches seconds zero day, flaw, this week while the previous flaw on its own could not directly lied to remote code execution. The second zero day was the sandbox escape or function needed. These flaws came together after a user visited a militias website and seems to have been targeted attack against coined based, employee's a subsequent version of fire FOX, sixty seven dot zero four is now the version Mozilla recommends.

Mozilla FOX Katie Plasma Colonel Mason Steve Lenka Mr. Langa Thirty Two Bit Zero Day
WhatsApp Zero-Day Exploited in Targeted Spyware Attacks

10 10 WINS 24 Hour News

00:43 sec | 1 year ago

WhatsApp Zero-Day Exploited in Targeted Spyware Attacks

"If you use what's app to make phone calls. Make sure you're running the latest version of that application if not you may. Fall prey to hackers using spyware made in Israel Israel software company. NS oh group says it's technology is used by law enforcement to fight crime and terror, but it's reportedly also been used to install spyware onto the phones of users of the Facebook subsidiary what's app officials with the company admit the spyware took advantage of a flaw in the program to remotely hijacked several dozen phones. Penetrating them through missed calls via the app voice calling function. Or as bonded. Scott Carr says that among those believed to have been targeted via WhatsApp is a human rights lawyer in

Scott Carr Israel Facebook
"zero day" Discussed on TechtalkRadio

TechtalkRadio

02:18 min | 1 year ago

"zero day" Discussed on TechtalkRadio

"Call they don't really what's from. And if it's from somebody. I don't know if it's from what could be possible spam a block it. So it's like leave a message or unique blocked. It's one of those things because I don't want to deal with it every day sometimes and I noticed that happened in the same time in the nine o'clock hour or the ten o'clock hour, that's when a majority of that happened. But there is a big problem this week, and I don't know how you dealt with it because I know you use Google Chrome, right and Google Chrome. They actually put out a notice if you. You use Google Chrome Google Chrome makes you do an update. Now. Don't wait. I thought go recruit dates at self. Well, no apparently there was zero day vulnerability now. And that's the thing. I thought about it. I tried to find an update button on chrome. I can't find one. Yeah. Is there enough? Putting it's gone. I'm looking through my options or he'll go look look at that. And see what you could find. I don't. I don't see. No, I couldn't either. So basically what I did is I remove chrome and reinstalled chrome doubt redound loaded, and then so I had the latest build. But apparently, this is a big problem with what they call zero day. What that means is they haven't issued a patch yet. They know that there's a vulnerability, and it is affecting systems, and I found it. I actually did get. Well, that's I did get that Volmer ability. Which basically what it what it was really weird. I was working on one of my other websites, and I went to pull it out, and it was like a different website. You know, it was one of those really weird. It was one of those spam type websites. And I was like what the heck is going on here. So here is how you update your Google Chrome. What you do is go. Go ahead and open up Google Chrome. Then once Google Chrome is open. If you see the the three little they look like three little dots right there on the right hand side of your screen now this is on your desktop. You wouldn't go ahead and just click those then you want to scroll down you'll see a flail box pop up. And then you could scroll down to the help section once you there, then you'll see three options about Google Chrome help center or report an issue click on about Google Chrome. What it'll do is..

zero day
"zero day" Discussed on Security Now

Security Now

02:53 min | 1 year ago

"zero day" Discussed on Security Now

"Pauline deployment sort of cautiously. They said while the phased rollout is in progress. Customers who would like to manually enable wretch Pauline on their machines those with windows, Ted October twenty eighteen eighteen o nine with a broad well or older chip can do. So they wrote with the following registry. Configuration updates. And again Lincoln the show notes for the five of you out of the who knows how many listeners we have. Who are, you know, still at this point like, oh, yeah. That's me. Go get it. Meanwhile. Adobe cold. Fusion gets an emergency patch last Friday March first adobe released an emergency patch for their Java based cold fusion website development platform to close vulnerability that was being actively exploited in the wild to execute arbitrary code, so yes emergency. That's so if hopefully again, if you're using cold fusion, you are current with your Email. Update notification list, and this is already old news to you. Because this was a zero day that they became aware of the vulnerability allowed an attacker to bypass restrictions for uploading files. So to take advantage of of it the website had to be configured to accept execute -able uploads so K so that immediately hopefully disqualifies them right there. Yeah. Now on the other hand, there are places where you know, you could imagine you could be allowing execute -able uploads for some reason where they would be sequestered. And then could not be executed. The flaw allows an H T T P request to execute that uploaded file Yuxi. So not good. Good really, not good all previous cold. Fusion versions on all platforms are vulnerable to this flaw. It CV twenty nine thousand nine hundred seventy eight sixteen. I've got a link to their security advisory which you just had on the screen a second ago. Adobe summary said adobe has released a as release security updates for cold..

adobe Pauline Lincoln zero day
Cybersecurity is still really hard. Full stop.

Marketplace Tech with Molly Wood

05:47 min | 1 year ago

Cybersecurity is still really hard. Full stop.

"This. Marketplace podcast is brought to you by organ state, university e campus wanna take the fast track to your career in computing, earn your computer science degree one hundred percent online from Oregon state and tap into unlimited career possibilities in any field. Learn more at e campus dot Oregon, state dot EDU slash tech. Cybersecurity is still really really hard full stop from American public media. This is marketplace tech demystifying the digital economy. I'm Molly would. On monday. The RSA cybersecurity conference kicks off in San Francisco. Lots of security vendors will be their offerings solutions for keeping businesses say from hacking, the number of you'd security breaches in recent years might make it seem like that's impossible. And in fact, this year the theme of the conference is simply better. Ouch. So let's talk cybersecurity in quality assurance the segment where we take a deeper look at big tech story, Kim Zetter is a cybersecurity journalist, and she said some things are better. And some aren't we still need to improve on software. Of course, you know, back in the days in nineteen ninety nine in two thousand two thousand one if you approach to Microsoft to point out of owner ability in their software. They would either ignore you or threaten you with a lawsuit. Microsoft doesn't do that anymore. And a lot of the becomes. Don't do that anymore. But there are still companies that don't have bug bounty programs for reporting vulnerabilities, or when you do report vulnerabilities, they don't respond in a timely manner or they still threaten researchers. How much of this does fall on the employee's? We hear so often that we are the single point of failure that you're only as good as the employee who doesn't click the fishing link. And you know, we recently ran a test internally at marketplace and pretty much everybody. Click the link, I it's one of my pet peeves because I I hate blaming the user because the user isn't at fault here. I mean, I'm in a job as a journalist where I I have to click on emails opening emails from people. I don't know if you're in human resources, that's a part of your job receiving resumes. Oftentimes as attachments from people, you don't know so blaming the user for doing their job isn't appropriate. And I think that the the real issue here is designing systems that prevent user systems from experiencing harm when the. Does click on something malicious. And then let's talk about the money for a minute RSA. Of course will feature a lot of security vendors that are trying to sell solutions to companies, and I wonder is the money spent by a company directly proportional to the amount of protection. No because you have to spend smartly, right? You have to buy wisely. I'll point to the issue of of target, you know, when they were breached several years back they had just implemented some multi-million dollar security system on their network, and that security system was issuing alert saying, hey, there's something suspicious here, and the people who were reading those alerts actually were I think in India, and they were contacting target employees saying we're seeing these alerts and the employee's were ignored them. So the system only works if you actually implemented correctly, and then you actually pay attention and act on what it tells you to do Kim Zetter is author of the book countdown to zero. Day Stuxnet and the launch of the world's first digital weapon. A report yesterday from Moody's Investor Services said that from a debt risk perspective, the four sectors at the highest risk from cyberattack, our banks investment firms securities exchanges and hospitals. And now for some related links a little more on that Moody's report the risk assessment is based on the combination of how reliant sector is on technology, and how much financial risk there is if it gets hit. And when Moody's says risk what it means is that those four sectors with the highest risk have a combined eleven point seven trillion dollars in outstanding debt, and if one or two or all four sectors were hit by massive cyberattacks. The financial implications would be huge in its report moody said quote, cyber risk is event risk. And we see a rising tide. Digitisation continues to increase supply chains are becoming more complex and attacker sophistication is improving. I know this is a little bit like credit rating and finance nerdy. But here we go around twenty eleven is when the securities and Exchange Commission started publishing guidance on how companies should disclose. Purity breaches and cyber security risks because there's money involved and Moody's has been looking at whether cybersecurity presents a credit risk in the same way as a natural disaster or some other quote extraordinary risk event since twenty fifteen that's the last time it put out a report on cyber risks across lots of sectors. And I hope this does show you that. Yes. I can pretty much geek out about anything. I'm Molly would. And that's marketplace tech. This is a PM. This marketplace podcast is brought to you by evident, providing a simple insecure platform that lets businesses confidently know who they're dealing with without the risk and expense of handling sensitive personal data from identity verifications to background checks and everything in between. Businesses of all sizes can get the answers they need securely and easily with evident. Visit evident ID dot com slash tech to sign up and start running verifications in minutes. That's evident ID dot com slash tech.

Moody Kim Zetter Molly Oregon Microsoft RSA San Francisco India Exchange Commission Seven Trillion Dollars One Hundred Percent Million Dollar
Aretha, Robin Reid and Robin Wright discussed on Lori and Julia

Lori and Julia

00:51 sec | 2 years ago

Aretha, Robin Reid and Robin Wright discussed on Lori and Julia

"Robin Reid as married her French bow Clement zero day he is a VIP relations manager for Saint Laurent's they got married on Friday a court source says it was a very intimate and low key affair and that, Robin wanted, it to be about them and not a big production remember Robin Wright was previously married to Sean, Penn for fourteen years and she was most recently involved with

Aretha Robin Reid Robin Wright Franklin Robin Associated Press Saint Laurent Sean Penn Seventy Six Years Fourteen Years Zero Day
Global Reach & Statistics - Uber Expansion

The World

01:00 min | 2 years ago

Global Reach & Statistics - Uber Expansion

"Does Uber dominate. The ride sharing industry globally Not exactly that was the case may be Two years ago their national strategy is is pretty interesting before it used to. Be in the over one point zero. Days it was boots on the ground everywhere you need to be anywhere where it needs to be the transport platform of choice for everyone in. The world that clearly was not. Financially sustainable so they've pulled. Out of Russia they pulled out of China we saw in southeast Asia were had to pull out the yield at, the company came to with the homegrown player grab was more favorable than deals that were, had with China's home from. Player TD still it was out of necessity the company was definitely not doing, as well as expected to across southeast Asia and that's why. They've had to pull out on in India market share might be a little. Bit, more comparable to its competitor there Ola however it. Is a very difficult market to

Spain New York City James Asquith Asia India Indonesia James Uber Marco Werman Middle East China London Johanna James Oscar Southeast Asia OLA United States Johanna Company
"zero day" Discussed on Software Engineering Daily

Software Engineering Daily

02:02 min | 2 years ago

"zero day" Discussed on Software Engineering Daily

"Your medicare benefits are going to be disabled so they're really really most of the time going for a sort of gut emotional response to get you to click something or to install something and honestly it's much more effective than you know spending time coating and trying to hone the perfect zero day it's a lot easier if you could just ask someone to click something so it's no surprise that we see a done so often and on the enterprise side of things it takes a lot of training for a lot of people especially if you work in human resources or if you work at the front desk essentially your job is to open mail and click on links and attachment which is basically by security nightmare so we do try to train our staff specifically about social engineering how does that apply to individuals how should individuals think about the threat of social engineering so the first thing thing is it's it is really easy to get confused between whether something is like an actual legitimate fishing attempt or if it's a spam email so we do see that users often get confused which it's not the best that they're confused but it is good that they're skeptical so one thing is definitely instilling a sense of skepticism so if you get a piece of email that you weren't expecting or it's from somebody who don't necessarily know that should sort of raise the first bar of like this isn't necessarily bad or an attack but i've questionable about this what is this and then you sort of go through gradients of okay well not expecting this but it's just a simple message there's attachments there's no links you know if someone sends you a message and there's no tach moments and there's no links will there's a very minimal threat there but when you say get a message you're not expecting and there's a lincoln there you.

zero day
"zero day" Discussed on Software Engineering Daily

Software Engineering Daily

01:31 min | 2 years ago

"zero day" Discussed on Software Engineering Daily

"And said across all your other containers and they're gonna know what to look for essentially or they'll purport to so if i find deviant behavior what is the effective response strategy you've got a bunch of options you as you said you could just kill the container be can also send an alert you could isolate the container you could pause the container you could just restart it what are some of the use cases where you'd want to take these different responses i think it really depends on how on how bad it really is in your infrastructure so if you're dealing with you know you just have a security vulnerability or something like that the easiest thing to do and it's a known you know zero day these a thing for you to do is just to rebuild redeploy your container that's fine if you're talking about you know actually being attacked and trying to take an action like something bad is happening in mind varmint the first thing you can do is just an alert right this is this is a easy thing to just let your team know that your security team know that something bad is happening to go take a look if they have capacity and start to investigate i typically recommend this is typical security that's practice is before you start implementing any kind of automated reaction just start sending alerts on things and seeing what what comes up and seeing if illegitimate and then you have a good idea whether or not you want to take the next step which is trying to automate some of these these reactions the simplest reaction you could probably take us to isolate a container when i mean my isolate is you can you can move the container to a new network and that would then restrict it's not we're connectivity the idea here being i don't want you know if there is something about in this container i don't want it to spread to other containers i don't want it to get to other network but i also want to still have this container around so i.

zero day
"zero day" Discussed on TechStuff

TechStuff

02:02 min | 2 years ago

"zero day" Discussed on TechStuff

"Heavy hitters who really desperately wanted to target specific computers and it raised some really big questions why would you use four zero day exploits because common logic said you should just stick to one at a time once a zero day exploit is discovered the clock is ticking before someone patches that respective software to plug up that vulnerability so that the exploit won't work anymore so the zero day exploit is only really valuable until people discover it if you have more than one zero day exploit involved in your mail wear then you run the risk of someone discovering all of those exploits if the malware itself becomes evident and if they find all of those exploits that all of those can be patched which means you lose all of those vectors of attack in a single cell swoop so this was kind of considered a big gamble why would you throw all of your eggs into this basket having all four zero day exploits by the way there was a fifth one actually that they had not yet discovered though that one into getting patched after the first wave of attacks not because of stuxnet the fifth vulnerability had been independently discovered through other means and had been patched but ultimately that did mean five different zero day vulnerabilities were used when designing stuxnet over the course of the life of stuxnet on top of those zero day splits the virus used for other means to copy and send itself along to other machines so in total it had nine different methods to spread the virus one of them leveraged a vulnerability in special siemens software to gain system level privileges siemens is a company that's in germany that creates all sorts of different kinds of software the software impotence.

siemens germany zero day four zero day one zero day
"zero day" Discussed on TechStuff

TechStuff

02:02 min | 2 years ago

"zero day" Discussed on TechStuff

"Made headlines so this is actually an opportunity for me to look back at something that developed over the course of the history of this show and learn more about where it came from wants purpose was and how that whole story unfolded before i really dive into the story i want to mention one of the sources i used when i was researching these two episodes this would be a book titled countdown to zero day stuxnet and the launch of the world's first digital weapon the book goes into great detail regarding the story of sex net it also gives wonderful background information on the key figures of cryptography researchers cybersecurity researchers all these people who were very much instrumental in discovering and uncovering stocks that and figuring out what it did and and who was probably behind it since that was never something that was officially acknowledged but come on we know who it actually was i'll talk about that in these episodes that's a great book if you want more information about stuxnet after this episode go check that out countdown to zero day stuxnet and the launch of the world's first digital weapon it goes into way more detail than i'm going to cover in these episodes now these episodes are also going to contain a lot of history and politics in them because stuxnet unlike many other examples of malware was not intended to be a type of computer virus to create monetary gain for the people who designed it or even just make people irritated it wasn't that kind of malware you may have encountered malware that was meant to try to extort money from someone where it locks down a computer and the only way.

zero day
"zero day" Discussed on Security Now

Security Now

02:22 min | 2 years ago

"zero day" Discussed on Security Now

"So brian goring who's the director of trend micro zero day initiative said there have been regulatory changes in some countries that no longer allow participation in global exploit contests such as pony to own and capture the flag competitions and although he didn't explicitly in this quote mentioned that he was referring specifically to china so there will be no chinese research teams at own this year which will likely be felt since for the last several years the chinese teams dominated the competition so i i think it's sort of sad like you know because they've got excellent hacking skills although i suppose for the people they were competing against having china held held back so sort of shifts the balance missy who the the the winners are when china is not present prior year chinese winners were contacted and asked for comment but none would remark other than to indicate that they would not be attending the competitions and in another little bit of chinese related news a an intelligence us threat intelligence firm known as recorded future has spotted that the chinese equivalent of our cv e database we'd often talk about cv e that's the common vulnerabilities and exposures database which is located at c v e dot mitre mit r e dot org the china has one known as the n v d the chinese national vulnerabilities database which is similarly meant to be open komo and available and and accessible anyway this firm has discovered that china has been retroactively manipulating the data in their own chinese national vulnerabilities database.

brian goring director china zero day
"zero day" Discussed on Security Now

Security Now

02:22 min | 2 years ago

"zero day" Discussed on Security Now

"So brian goring who's the director of trend micro zero day initiative said there have been regulatory changes in some countries that no longer allow participation in global exploit contests such as pony to own and capture the flag competitions and although he didn't explicitly in this quote mentioned that he was referring specifically to china so there will be no chinese research teams at own this year which will likely be felt since for the last several years the chinese teams dominated the competition so i i think it's sort of sad like you know because they've got excellent hacking skills although i suppose for the people they were competing against having china held held back so sort of shifts the balance missy who the the the winners are when china is not present prior year chinese winners were contacted and asked for comment but none would remark other than to indicate that they would not be attending the competitions and in another little bit of chinese related news a an intelligence us threat intelligence firm known as recorded future has spotted that the chinese equivalent of our cv e database we'd often talk about cv e that's the common vulnerabilities and exposures database which is located at c v e dot mitre mit r e dot org the china has one known as the n v d the chinese national vulnerabilities database which is similarly meant to be open komo and available and and accessible anyway this firm has discovered that china has been retroactively manipulating the data in their own chinese national vulnerabilities database.

brian goring director china zero day
"zero day" Discussed on Security Now

Security Now

02:45 min | 2 years ago

"zero day" Discussed on Security Now

"Um uh as a consequence of the crazy startup that we've had this year we got the february security roll up update for our systems last tuesday the sixth and it wasn't clear to me because we've had so many of them i mean it's been a week such a logger than we wet all through all through january uh but okay i and i fired up my machine and and looked for updates and nothing came so uh it looks to me like the only thing we're goint that we are getting today was uh what microsoft did push which was an update four the adobe flash zero day which we discussed last week and so there that was made available today but it looks like microsoft is gonna s sit tight uh with the with the major role up that we received for february last week so a week ahead of schedule ahead of their normal schedule um i mentioned also cisco's problem a late january so couple weeks ago the un the news hit that there had been responsible disclosure to cisco from a cedric how broad at with the ncc group that that they had discovered a a very worrisome vulnerability in a in a family of cisco enterprise class you know by like a big iron up firewalls their collectively known as adaptive security appliances a essay is the acronym and at the time it was initially believed that only the vpns component of those a assay devices and it did there's a family of them but the initial list was like a may be five or six of them of a much greater number were vulnerable um and that it only affected some configurations an and i remember thinking okay will this doesn't really impact our listeners directly it's not like you know brick consumer routers or something while since then several things happened the the number of affected devices has more than doubled and the list of subsystems the subsystem components we have went from one.

microsoft cisco adobe ncc zero day
"zero day" Discussed on Security Now

Security Now

02:45 min | 2 years ago

"zero day" Discussed on Security Now

"Um uh as a consequence of the crazy startup that we've had this year we got the february security roll up update for our systems last tuesday the sixth and it wasn't clear to me because we've had so many of them i mean it's been a week such a logger than we wet all through all through january uh but okay i and i fired up my machine and and looked for updates and nothing came so uh it looks to me like the only thing we're goint that we are getting today was uh what microsoft did push which was an update four the adobe flash zero day which we discussed last week and so there that was made available today but it looks like microsoft is gonna s sit tight uh with the with the major role up that we received for february last week so a week ahead of schedule ahead of their normal schedule um i mentioned also cisco's problem a late january so couple weeks ago the un the news hit that there had been responsible disclosure to cisco from a cedric how broad at with the ncc group that that they had discovered a a very worrisome vulnerability in a in a family of cisco enterprise class you know by like a big iron up firewalls their collectively known as adaptive security appliances a essay is the acronym and at the time it was initially believed that only the vpns component of those a assay devices and it did there's a family of them but the initial list was like a may be five or six of them of a much greater number were vulnerable um and that it only affected some configurations an and i remember thinking okay will this doesn't really impact our listeners directly it's not like you know brick consumer routers or something while since then several things happened the the number of affected devices has more than doubled and the list of subsystems the subsystem components we have went from one.

microsoft cisco adobe ncc zero day
"zero day" Discussed on Security Now

Security Now

02:45 min | 2 years ago

"zero day" Discussed on Security Now

"Um uh as a consequence of the crazy startup that we've had this year we got the february security roll up update for our systems last tuesday the sixth and it wasn't clear to me because we've had so many of them i mean it's been a week such a logger than we wet all through all through january uh but okay i and i fired up my machine and and looked for updates and nothing came so uh it looks to me like the only thing we're goint that we are getting today was uh what microsoft did push which was an update four the adobe flash zero day which we discussed last week and so there that was made available today but it looks like microsoft is gonna s sit tight uh with the with the major role up that we received for february last week so a week ahead of schedule ahead of their normal schedule um i mentioned also cisco's problem a late january so couple weeks ago the un the news hit that there had been responsible disclosure to cisco from a cedric how broad at with the ncc group that that they had discovered a a very worrisome vulnerability in a in a family of cisco enterprise class you know by like a big iron up firewalls their collectively known as adaptive security appliances a essay is the acronym and at the time it was initially believed that only the vpns component of those a assay devices and it did there's a family of them but the initial list was like a may be five or six of them of a much greater number were vulnerable um and that it only affected some configurations an and i remember thinking okay will this doesn't really impact our listeners directly it's not like you know brick consumer routers or something while since then several things happened the the number of affected devices has more than doubled and the list of subsystems the subsystem components we have went from one.

microsoft cisco adobe ncc zero day
"zero day" Discussed on Security Now

Security Now

02:04 min | 3 years ago

"zero day" Discussed on Security Now

"It cybersecurity now and it is a shark nato this episode dedicated to as zero day revealed by security researchers in every single eu verse heiress modem and it's a bad one wants to talk about also uh some interesting research which just came out by brian crabs on the marcus hutchins story all is not as it appears perhaps we apologise in advance you'll noticed during the show and i hope it's not too bad uh that there is there are audio breakup we do know about it steve i spent a long time trying to troubleshoot i think we know what it is but we weren't able to fix it for this episode so my apologies for the occasional glitches in burbs um nothing we can do about it we will not have this problem next week i promise you stay tuned security now is next net cash gas from people in your chest face is tweets bandwidth for security now is provided by cash fly at cpac h e f l y dot com there's the security now with steve gibson episode six hundred twenty seven recorded tuesday september fifth 2017 shark nato security now is brought to you by it protv a good idea pro is always learning and iot protv is the resource to keep you and your it team skills of today is that i t productivity slash security now and use the code s n thirty to get a free sevenday trial thirty percent off a monthly membership for the lifetime of your active subscription ambae rocket mortgage from quicken loans home plays a big role in your life that's why quicken loans created rocket mortgage it lets you apply simply and understand the entire mortgage process fully so you could be confident you're getting the right mortgage for you get started a rocket mortgage dot com slash security now.

zero day brian crabs marcus hutchins steve gibson thirty percent sevenday zero day