Salted Hashed Rehashed: The weekly news recap for June 17, 2016

Welcome to the weekly recap of news and other interesting items. Today’s Rehashed will cover Russian hackers and spies, FICO scores for security, APTs, North Korea, and more.

This week’s top story is related to the sub-head, which can only mean we’re going to start by talking about the security incident at the DNC (hat tip to Grugq for giving me an idea).

DNC hacked, are Russian spies to blame?

On Tuesday, CrowdStrike pulled off one of the greatest marketing plays I’ve ever witnessed. They mixed one part actual story narrative, one part intelligence report, one part politics, and churned out a Washington Post article that went viral in minutes.

I not even mad. They earned more PR for their incident response offerings in one day than a year of solid marketing could ever hope to accomplish. The kicker? It wasn’t all hype and fluff, because the Democratic National Committee was hacked.

By all accounts the IOCs discovered by CrowdStrike were related to groups with known loyalties to the Russian government. But was it sanctioned? No one knows for sure.

On Wednesday, a hacker came forward to claim responsibility for the hack and published documents as proof. CrowdStrike responded this by issuing a statement suggesting the hacker and the documents might be part of a disinformation campaign by the Russians.

A security researcher who goes by the name Pwn All The Things did some digging and discovered some things that certainly suggests such a thing.

So did spies hack the DNC? Did someone else? Why not both? It is entirely possible Russian intelligence did hack the DNC, why wouldn’t they? But they’re not alone. Who wouldn’t want to mess with a presidential election? At the same time, if the Russian intelligence community did target the DNC, perhaps there were others in the network too. We may never know.

At the same time, does it matter? While looking at the data that was compromised and attributing possible motives from what was targeted is a valid way to address risk management and protection priorities going forward, looking at such information in order just to claim that Russia, China, or North Korea hacked you is a waste of time really.

Instead, why not focus on how the attackers got in, plug those holes and assess existing plans and protections to ensure it doesn’t happen again?

We’re still running on the same best practices that were written 20 years ago, and yet these days all anyone seems to care about is whether China (or some other nation state) hacked them.

Security is hard. I get that. But it’s like a never-ending cycle, because we’re doing the same things over and over again and expecting something to change.

FICO scores for security?

I got a press release this week centering on Fair Isaac Corporation’s (known for their FICO credit scores) acquisition of QuadMetrics. It’s general corporate news, so it isn’t something I’d cover normally, but it’s worth a brief mention.

The long and short of it is this – this plan is to enable companies to obtain a FICO score on their security posture.

From the press release: “It will also help organizations manage similar risks associated with key vendors, business partners and other third parties, and enable breach insurance brokers and underwriters to better and more consistently assess enterprise risk for underwriting and portfolio management.”

So my question is this, what happens when a company with a solid FICO security score gets hacked back into the Stone Age?

A master index of APT groups:

Someone took the time to chart all the APT groups that have been identified over the years, and then link the groups between vendors. In addition, the index references the campaigns the groups are associated with, and their geographic location. Dr.Krypt3ia has expressed some thoughts on the list itself.

South blames North Korea for hacked systems

North Korea is said to be responsible for hacking more than 140,000 systems in 160 locations in South Korea, including government agencies. As always, the North denies any wrongdoing. According to Reuters, some 40,000 defense-related documents were compromised.

CircleCityCon

Last week, I was at CircleCityCon in Indianapolis, which is why Rehashed skipped a week. I shot several videos, which are available on IDG.tv, but I will be highlighting them in future articles. The first centers on password policies, which is embedded below.

The talk that Martin Bos gave at CircleCityCon is embedded below:

That’s all for this week. Have a great weekend!

Remember, if you have thoughts on something that should be added to Rehashed, email me and let me know. Such additions can include links to news items, blog posts, code samples, cool scripts, etc.

For those who want a suggestion, email me a link to your favorite security video or recorded talk, with a brief note as to why you like it. If it’s listed, let me know if you want named credit for the suggestion or if you prefer to remain anonymous.