skip navigation

More signal. Less noise.

Daily briefing.

German power distribution company 50Herz discloses a distributed denial-of-service attack it suffered at the end of November. Under botnet control, the attack disrupted systems for five days. It's believed this is the first confirmed attack on the European power grid.

The Saudi investigation into August's Shamoon attack on Aramco continues, and the Interior Ministry says the attacker's objective was to cripple the Saudi economy by disrupting oil production. No attribution has been announced. Elsewhere in the Middle East and South Asia, Anonymous turns its attention to Egypt's President Morsy and the Pakistan Cyber Army "declares war" on China and Bangladesh.

The Skynet botnet is hiding its command-and-control servers behind Tor. New email borne threats include spoofed hotel booking notices, UPS and FedEx notices, and Facebook cancellation requests. Webroot offers an interesting look at the criminal economy as seen through a boutique exploit shop. (Compare PC Pro's survey of the legitimate bug-hunter economy.)

Ponemon tells the healthcare industry that the root of its cyber problems is a general failure to realize how valuable its data are. India's information security market is expected to rise by 18% in 2013. IT World predicts "massive consolidation" in the cyber security sector, with Sophos, WebSense, Panda Security, Bit Defender, AVG, WebRoot and Avast called out as potential takeover targets.

Those interested in creating local community-based cyber security capabilities may find the experience of Washtenaw County, Michigan, of interest.

The US is not happy about ITU plans for the Internet, and threatens to exit the WCIT.


Today's issue includes events affecting Australia, China, European Union, Germany, Iran, Israel, Saudi Arabia, United Arab Emirates, United Kingdom, United Nations, United States..

Cyber Attacks, Threats, and Vulnerabilities

European renewable power grid rocked by cyber-attack (EurActiv) A German power utility specialising in renewable energy was hit by a serious cyber-attack two weeks ago that lasted five days, knocking its internet communications systems offline, in the first confirmed digital assault against a European

Saudi Aramco says cyber attack targeted kingdom's economy (Al-Arabiya) Oil giant Saudi Aramco said on Sunday that an August cyber attack on its computer network targeted not just the company but the kingdom's economy as a whole. The interior ministry, which joined Aramco's investigation into the attack that affected some

Saudi Arabia says cyber attack aimed to disrupt oil, gas flow (NBC News) Saudi Arabia's national oil company, Aramco, said on Sunday a cyber attack against it in August which damaged some 30,000 computers was aimed at stopping oil and gas production at the biggest OPEC exporter. The attack on Saudi Aramco

Anonymous: Operation Egypt #OpEgypt (Cyberwarzone) Members of the hacktivist group known as "Anonymous" released a video on YouTube Tuesday warning Egyptian president Mohamed Morsy and Muslim Brotherhood that they risks cyberwarfare unless he relinquishes his claim to extrajudicial powers. DEAR CITIZENS OF THE WORLD,Anonymous can not, and will not stand idly while people are being denied their basic rights and human liberties. The people of Egypt have shown to the world the power of their struggle

Pakistan Cyber Army declares war on Chinese, Bangladeshi sites (The Register) Hacktivists claiming to hail from the Pakistan Cyber Army have defaced over 400 Chinese government web sites and also hit in excess of 20 Bangladeshi government sites. A hacker known as Code Cracker is claiming responsibility for the attack on the official web site of Xuchang City Peoples Procuratorate and a whopping 436 sub-domains, according to HackRead. The domains were posted to hackers favourite Pastebin and all now appear to have been taken offline, however there does not appear to have been any explicit message left for the local government aside from a generic Pakistan Cyber Army logo and the words hello admin

Tor network used to command Skynet botnet (CSO) Other botnet operators might use Tor to hide their command and control servers in the future, researchers say

You receive the electronic reservation? Malware attack poses as hotel booking email (Naked Security) Bogus hotel reservation emails have been spammed out widely, which claim to come from but in reality carry malware designed to infect Windows computers

Malicious email simultaneously impersonates UPS and FedEx (Help Net Security) Malicious notifications supposedly coming from major courier delivery services companies are nothing new, but they still must catch enough users off guard. This latest one is particular enough

Beware of bogus Facebook account cancellation requests (Help Net Security) Bogus "Facebook Account Cancellation Request" emails are back, and this time the malicious senders didn't opt for making users infect themselves. The "click here" link will secretly redirect victims

A peek inside a boutique cybercrime-friendly E-shop (Webroot) Seeking financial liquidity for their fraudulently obtained assets, novice cybercriminals continue launching new DIY cybercrime-friendly e-shops offering access to compromised accounts, harvested email databases, and accounts that have been purchased using stolen credit card data, in an attempt to diversify their portfolio and, consequently, increase the probability of a successful purchase from their shops. In this post, Ill profile one of the most recently launched cybercrime-friendly e-shops, continuing the A peek inside a boutique cybercrime-friendly E-shop series. The E-shop currently offers RDP, Root and SSH accounting data, as well as DIY Spam Mailers and marketing leads, namely, harvested databases of email addresses, with the prices varying between $8-$15

Cyber Trends

IBM: Security Impedes Adoption Of Some Major Technologies (Dark Reading) New data from IBM shows how security has become a major part of the IT decision-making process for adopting new technologies -- and how much it shapes those choices. Security is one of the top two hurdles in adoption of business analytics, mobile, social business, and cloud, according to the new IBM 2012 Tech Trends Report. And in mobile and cloud, security is the No. 1 hurdle by far

What Is Big Data? (Dark Reading) When someone says big data, what do you think of? Do you think of mainframes? Data warehouses? Do you think of Oracle Grids, Exadata, or Teradata clusters? Perhaps you think of Hadoop, MongoDB, Cassandra, or CouchDB? Or maybe it's any NoSQL database? Or perhaps you think it's just a giant mass of data in one place? If you read press articles on big data, then it's all of these things

Awareness There, Policies Lacking: Results Of A New SANS Survey On Application Security Policies In Enterprises (Dark Reading) Survey shows organizations managing multiple applications, yet 28% can't determine what applications are under management

80% of cyber attacks in 2012 came from legit sites (Manila Standard Today) Anti-virus firm Sophos has released its year-end security report, Security Threat Report 2013, which labeled 2012 as a year of

'Cyber Pearl Harbor': Could future cyberattack really be that devastating? (Christian Science Monitor) "I do think it's a genuine concern," says Stewart Baker, a lawyer and former senior official at the National Security Agency and the Department of Homeland Security. "I'd love to think it's overstated, but that view is supported more by wishful

Cyber-warfare Hype and fear (The Economist) EVEN as anxiety about jihadi terrorist threats has eased, thanks to the efforts of intelligence agencies and drone attacks' disruption of the militants' sanctuaries, fears over Western societies' vulnerability to cyber-assaults have grown

The zero-day bounty hunters (PC Pro) Davey Winder explores the hidden world of the bounty-hunting security researcher, finding vulnerabilities for fun and profit. Fewer than 1% of the exploits detected by Microsoft in the first half of last year were against so-called zero-day vulnerabilities – those that were previously unknown. That figure raises a question: if the vast majority of real-world exploits are "known threats", what makes zero days so valuable that they have spawned a hidden industry of bounty-hunting researchers

Cloud-based services revenue to increase (Help Net Security) Cloud-based services revenue in two years is expected to comprise nearly twice its current share of provider revenue, even as providers believe that showing evidence of cost savings is the biggest bar

Q&A: It's crucial for organizations to value their data, says Larry Ponemon (Healthcare IT News) Healthcare records "substantially more valuable than other types of records." Three out of five healthcare organizations are not allocating enough resources to protect patient data – and among the reasons is a simple fact that the industry has no way to place a value on that information


DHS cost model shows benefit of data architecting (Fierce Government IT) Data architecting has a verifiable although delayed financial benefit, says a case study produced by the Homeland Security Department's office of chief information officer. An August 2012 unclassified study summary (.pdf), provided on condition of anonymity, says preliminary results made with an activity-based cost model show a return on investment of $5.8 for every $1 invested into data standardization

India's info security market to touch Rs 1,415 cr in 2013: PwC (Zee News) The country's information security market is expected to grow by 18 percent to reach Rs 1,415 crore in 2013 on the back of increased spending by companies to secure their information assets, a new report says."Size of the information security market in India in 2012 is Rs 1,200 crore and our estimate for 2013 is Rs 1,415 crore, a growth of 18 percent," PWC said in 'The State of Information Security Survey -India, 2013'. The report said said regulatory compliance is the key justification provided by executives for increasing information security spending. The report said a survey shows 75 percent respondents from India as compared to 45 percent of global peers expect an increase in information security spending

Womble Carlyle Completes Successful Acquisition for Cyber Security Firm (WCSR) A Womble Carlyle multidisciplinary teamguided Maryland-based cyber security firm Rsignia through its successful acquisition by federal defense contractor KEYW (a publicly listed entity). This strategic acquisition, which closed in late November, is closely related to Project G, KEYW's Cyber Awareness and Response platform

Wynyard Group Sign Strategic Alliance with Leading Global Security Company Northrop Grumman (Sacramento Bee) Wynyard Group, the specialists in intelligence-led solutions for protecting companies and countries from threat, crime and corruption, has entered into a strategic alliance with Northrop Grumman Corporation (NYSE:NOC) to market and develop joint offerings to the US public sector and commercial markets

Predictions: Massive consolidation in the security industry (ITWorld Canada) That leaves Sophos, WebSense, Panda Security, Bit Defender, AVG, WebRoot and Avast. I can see all of them getting acquired. In my mind WebSense holds the

A U.S. Apple factory may be robot city (IT World) Apple's planned investment of $100 million next year in a U.S. manufacturing facility is relatively small, but still important. Apple has the money, talent and resources to build a highly automated factory that turns out products that are potentially cost competitive with those it now makes in China

Apple, Google said to be pooling $500 million plus for Kodak patents (Ars Technica) The groups wouldn't bid enough on their own, so now they're working together

Products, Services, and Solutions

Stallman slams Ubuntu, calls Amazon integration 'spyware' (Computer World) Activist and free software guru Richard Stallman on Friday hammered Ubuntu for including what he termed spyware in new versions of the popular open-source operating system and urged GNU and Linux users to avoid the distribution

DataMotion unveils SecureMail Gateway (Help Net Security) DataMotion announced updated its SecureMail Gateway, an intelligent monitoring solution that uses policy-based encryption and Exact Matching functionality to prevent data leakage and protect sensitive

Damballa Failsafe 5.1 Unveils Breach Confirmation And Instant Replay Capabilities (Dark Reading) Damballa Failsafe 5.1 combines the C&C detection and malware analysis capabilities to deliver two first-of-their-kind innovations to the information

Check Point Annouces ThreatCloud Security Services (Biztech2) Check Point Software Technologies Ltd., has announced Check Point ThreatCloud Security Services, a set of new security service offerings to assist customers in protecting their organisation's networks from the most sophisticated threats and provide expert resources to help during any attack. These new services monitor events directly on customer security gateways, and are powered by Check Point's ThreatCloud security intelligence infrastructure, the collaborative network to fight cybercrime and deliver real-time threat data from a worldwide network of threat sensors

Metasploit Pro 4.5 released (Help Net Security) Rapid7 released a new version of Metasploit Pro, which introduces advanced capabilities to simulate social engineering attacks. With Metasploit 4.5, security professionals can now gain visibility

Technologies, Techniques, and Standards

Tech Insight: 5 Myths Of Software Security (Dark Reading) Why do vulnerabilities keep cropping up in software? Here are five reasons -- and what developers can do about them

Norman AS Presents Five Steps to Secure Industrial Control Systems in New Cyber Security Awareness Video Episode (SYS-Con) Norman AS, the global leader in threat discovery, malware forensics and analysis, and industrial control system (ICS) protection solutions, presents "Five Steps to Securing Critical Infrastructure." In this episode of the cyber security awareness video series, "Inside Network Security," Joe Weiss, a managing partner of Applied Control Solutions, delineates a comprehensive cyber security plan for IT management teams to activate within industrial control system operations

Password handling: challenges, costs, and current behavior (Help Net Security) Online passwords are a pain, and not just when you have to type them to access your online bank account or shop at your favorite digital emporium. Password pain extends to the people who have to manage

Design and Innovation

ONLINE SAFETY: Get involved in online safety ( Keeping our kids, businesses and personal information safe online is like a part-time job for some. There is no shortage of topics for me to write about each month because the Internet is so pervasive in our everyday lives. Staying safe will take raising awareness and education in each community

Legislation, Policy, and Regulation

US drops 'net regulation bombshell', threatens WCIT exit (The Register) As the ITU's WCIT conference rolls on in Doha, the head of the American delegation Terry Kramer has pointed to the big red button, threatening to veto any new treaty it believes puts the Internet at risk. America's delegation has become increasingly agitated at the content of proposed changes to the ITRs – International Telecommunications Regulations – coming from countries such as Russia and China. According to Australian telecommunications newsletter Communications Day, the veto threat was made to a Dow Jones journalist, with Kramer saying the US delegation could "walk away from the conference"

ITU agrees deep-packet inspection of internet traffic (Computing) Deep-packet inspection examines the data part (and possibly also the header) of a packet as it passes an inspection point, such as a firewall. The agreement paves the way for national governments to assert their rights to analyse all internet traffic

UAE leads the way in cyber security (THe National) The UAE is weeks away from establishing the first national authority for cyber security in the region, to combat online threats to military and critical installations. Speaking at the Gulf International Cyber Security Symposium, Maj Gen Mohammed Al Essa of the Ministry of Defence, said that the three services of the armed forces were working closely on enhancing the security of digital communications systems to sustain a high readiness to face any threat to national or regional stability. The UAE introduced the necessary legislation and regulations which culminated in a special federal decree issued by the President to establish a national authority for cyber security, Gen Al Essa said

Why AusCERT fell off Govt cybersafety service (IT News) DBCDE complains of failure to innovate. The Federal Government chose to drop AusCERT from its Stay Smart Online (SSO) security alert service because it felt the non-for-profit organisation "failed to innovate", freedom of information documents have revealed. The online security service was run by AusCERT for four years before the contract expired in

White House advisers push classification overhaul (Federal Times) A White House advisory panel is calling for a dramatic rethinking of how the government keeps its secrets. Among its proposals: Reduce classification levels from three to two as one way to reduce unneeded secrecy. Under the current system, in place since 1953, agencies classify information as top secret, secret or confidential. The board's proposal would divvy up classified information into two categories: top secret and a "lower level." Automatically declassify information that's sensitive for only a short time. Most records now remain classified for at least 25 years. Strengthen the National Declassification Center, a 3-year-old agency within the National Archives and Records Administration charged with declassifying old materials

10 years of DHS: Blessing or 'bureaucratic monstrosity'? (Fox News) Ten years after its creation, the Department of Homeland Security continues to push against a mixed record of accomplishments and setbacks, and a mission that experts say is still hard to pin down. "I don't think people understand what (DHS) does and

US Intelligence: Redundancy Increases As Budget Pressure Mounts (Albany Tribune) First, domestic security agencies were cobbled together under a newly created Department of Homeland Security and another layer of bureaucracy was added on top of them. Also, a new intelligence agency in that newly established department was created

'Leaked' Draft of White House Cyber Security Order Not Worth the Wait (CIO) At least it doesn't say the Department of Homeland Security should be in charge. It opens with the boilerplate ... The otherwise powerless Director of National Intelligence gets to track "all of these reports and notifications." I guess he finished

Defense bill would require contractors to notify DoD of cyber intrusions (Foreign Policy) In case you missed it, buried inside the 2013 defense authorization bill is a clause that would require defense contractors to notify the Pentagon any time they have suffered a "successful penetration." Section 936 of the bill requires that the Pentagon "establish a process" for defense contractors that have classified information on their networks to quickly report any successful cyber attacks against them to the Defense Department. Contractors must include a description of the "technique or method used in the penetration," and include samples of the "malicious software, if discovered and isolated by the contractor," reads the bill

Litigation, Investigation, and Law Enforcement

Report: EU report accuses Huawei, ZTE of competing unfairly in mobile gear (Computer World) Chinese networking vendors Huawei Technologies and ZTE are competing unfairly in the European mobile infrastructure market, according to an analysis being circulated by the European Commission, The Wall Street Journal reported on Friday

Secret Service launches investigation into 'immense' security breach as computer files left on Metro (Telegraph) The worker was taking the sensitive material from the Secret Service HQ in Washington to an off-site facility but left them on the train when he got off. The tapes contained backup case file information as well as extremely personal data about employees, including dates of birth and addresses. Adding to the embarrassment is that the tapes had only "very basic encryption", meaning that they could easily be hacked

Special Report: How foreign firms tried to sell spy gear to Iran (Reuters) In the summer of 2008, Iranian security agents arrived at the family home of Saleh Hamid, who was visiting his parents during a break from his university studies. The plain-clothes agents, he says, shackled him and drove him blindfolded to a local intelligence detention center. There, he says, they beat him with an iron bar, breaking bones and damaging his left ear and right eye

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

2012 European Community SCADA and Process Control Summit (Barcelona, Spain, December 10 - 11, 2012) The European SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations...

SANS SEC 504 - Hacker Techniques, Exploits & Incident Handling (Linthicum Heights, Maryland, USA, December 10 - 14, 2012) Rescheduled after Hurricane Sandy, this SANS Institute program provides information on how to recognize and respond to hacking.

tmforum Big Data Analytics Summit (Amsterdam, Netherlands, January 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates,...

ATMiA US Conference 2013 (Scottsdale, Arizona, US, February 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.

#BSidesBOS (Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...

TechMentor Orlando 2013 (Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow...

e-Crime Congress 2013 (London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding...

The Future of Cyber Security 2013 (London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.

Cloud Connect Silicon Valley (Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...

InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...

25th Annual FIRST Conference (Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.