InformationWeek has a useful slideshow on Operation Ababil, the Islamist hacktivist campaign against US banks. While complete Iranian innocence is implausible, independent groups with common goals but no central direction may be involved. (This in addition to opportunistic criminal bank fraud running in parallel with the hacktivism.) US officials discuss retaliation and preemption amid concerns of an Iranian cyber threat to the Gulf oil sector.
Spam attacks exploiting a US Government url shortener have stopped. To yesterday's reports on the black market in hacked machines and hacking tools, add crimeware-as-a-service: the Sopelka botnet quietly infects European systems. Facebook emails continue to spread the Blackhole exploit, and Yahoo Messenger suffers a malvertising infestation.
A major report outlines widespread vulnerabilities in Canada's cyber security posture. Verizon's latest Data Base Intrusion Report contains sobering news about opportunistic attacks and insider threats. Ponemon finds US Government civilian agencies risk-management laggards. (US military and Intelligence Community do better.) Gartner predicts $3.7T in IT spending during 2013.
President Obama promises budget sequestration won't happen, but companies continue to prepare various survival strategies: layoffs, cyber and C4ISR acquisitions, and pursuit of emerging markets. Palantir and K2 collaborate to bring advanced intelligence analytics to the legal profession.
The US Government Printing Office decides to go digital (even becoming a certificate authority). The UK government pushes Agile Development. The UN sides with law enforcement on data retention. Huawei continues to hit back at US espionage allegations and warns Australia not to get in the middle of a "trade war."
Today's issue includes events affecting Australia, Bahrain, Canada, China, European Union, Germany, India, Iran, Israel, Italy, Kuwait, Portugal, Qatar, Russia, Saudi Arabia, Spain, Switzerland, United Arab Emirates, United Kingdom, United Nations, United States..
Cyber Attacks, Threats, and Vulnerabilities
In Cyberattack On Saudi Firm, U.S. Sees Iran Firing Back(New York Times) United States intelligence officials say the attacks real perpetrator was Iran, although they offered no specific evidence to support that claim. But the secretary of defense, Leon E. Panetta, in a recent speech warning of the dangers of computer attacks, cited the Aramco sabotage as a significant escalation of the cyber threat
US considers preemptive action to prevent 'Cyber Pearl Harbor'(Infosecurity Magazine) Spyware families are propagating, with the latest identified spawn being miniFlame, a "small and highly flexible malicious program" suitable for targeted, in-depth cyber espionage operations, according to Kaspersky Lab. Financial cybercrime a rising
Mounting Fears of 'Cyber-Pearl-Harbor', Escalating Attacks on Banks(The Market Oracle) Panetta added that digital attacks emanating from foreign soils could paralyse the country's power grid financial networks and transportation system saying that a cyber attack had the potential to "paralyse and shock the nation and create a profound
Gulf oil industry at risk of cyber attack(Financial Times) Rising regional political tensions and a flurry of recent cyber attacks have raised fears about the growing use of viruses to target critical national infrastructure in the Middle East
Who Is Hacking U.S. Banks? 8 Facts(InformationWeek) Hackers have labeled the bank website disruptions as grassroots-level reprisal for an anti-Islamic film. But is the Iranian government really backing the attacks?…A Muslim hacktivist group calling itself the Cyber fighters of Izz ad-din Al qassam continues to take credit for the campaign of website disruptions
.Gov, .Mil URL-Shortener Spam Attack Curtailed(Dark Reading) URL shorteners notoriously come with some risk as well as convenience, and attackers are now abusing the federal government's official link-shortening service, 1 usa.gov
Sopelka botnet drops Citadel, Feodo, and Tatanga crimeware variants(ZDNet) Security researchers from S21sec have published an analysis of the Sopelka botnet. Operating since May 2012, it is known to have launched five unique campaigns, three of which dropped crimeware variants from multiple families. Based on the researchers' data, the group behind the botnet managed to infect over 16,000 hosts, the majority of which were geolocated to Germany and Spain, the two countries topping the infection per countries chart. Just how easy is it to develop and manage such a botnet for the sake of monetizing the infected hosts, and cashing out in complete anonymity? In 2012, the process of developing and managing such a botnet is entirely automated, efficient, and most importantly - available as a service through a malicious underground Cybercrime-as-a-Service provider
Baddest Botnets of 2012(CSO) According to security firm Kindsight, these are the Top Ten Worst Botnets this year. Botnets are networks of computers that have been compromised by malware. They're difficult to detect because they are controlled remotely by cybercriminals. Victim computers are often referred to as "bots" or "zombies" because they're carrying out a cybercriminal's orders without the victim's knowledge. In this slideshow, Kindsight Security Labs has identified the most dangerous botnets of 2012 based on their impacts this year
Hackers steal customer data from Barnes & Noble keypads(CNet) Hackers broke into keypads at more than 60 Barnes & Noble bookstores and made off with the credit card information for customers who shopped at the stores as recently as last month. The company discovered the breach on September 14 but kept it quiet while the FBI attempted to track the hackers. Hackers broke into the point-of-sale terminals at 63 stores across the country, including locations in New York City, San Diego, Miami, and Chicago
Report: Canada's cyber-security falling short(ITWorld Canada) For more perspective on the current report, I spoke to two researchers fromTrend Micro Inc., Tom Moss and Nart Villeneuve, about how serious they see the risks to our infrastructure. The danger is certainly present, they said, and government, just like
Cybersecurity Flaws at Department of Labor Continue the Trend of Government Cyber Failures(Heritage) A recent investigation into the Department of Labors (DOL) secure information systems revealed very serious cybersecurity flaws. Together with many other cybersecurity breaches and failures in the federal government, it is clear the government should not be put in charge of cybersecurity regulation of the private sector. The DOL failures included basic cybersecurity practices such as locking accounts after three failed attempts
Security Patches, Mitigations, and Software Updates
Verizon DBIR Analysis: Opportunistic Attacks Crushing Certain Industries(Threatpost) Regardless of the market or industry, the majority of attacks are financially motivated. Even in data-rich environments such as health care, attackers are still after profits and exploit the same weaknesses and transaction processing systems that are vulnerable in other industries such as hotels and accommodations, food services and financial services. Verizon's latest Data Breach Investigations Report (DBIR) broke out data breach characteristics by those industries, and came to a stunningly simple conclusion: Attackers will seek out the easiest way in, take what they need and get out quickly
2012 Data Breach Investigations Report(Verizonbusiness) 2011 will almost certainly go down as a year of civil and cultural uprising. Citizens revolted, challenged, and even overthrew their governments in a domino effect that has since been coined the Arab Spring, though it stretched beyond a single season. Those disgruntled by what they perceived as the wealth-mongering 1%, occupied Wall Street along with other cities and venues across the globe
Cyber insecurity: Managing against the risk(FCW.com) Agencies such as the National Security Agency and the State, Commerce and Defense departments are acknowledged leaders in risk management, but overall, the government is behind the curve. A recent Ponemon Institute study of risk-based security
The new Cold War(SC Magazine UK) With the US and Israel accused of sending Stuxnet to sabotage Iran's nuclear capability, and China and Russia implicated in cyber attacks on the West - as well as censoring their own citizens - have we entered a new Cold War
Will CMOs Outspend CIOs? Wrong Question(InformationWeek) Instead of focusing on who controls those tech dollars, IT pros should focus on why companies need more tech in marketing and where they can fill those needs
Obama: Sequestration 'Will Not Happen'(Govconwire) With nearly two-and-a-half months to go before the scheduled start date of sequestration cuts, President Barack Obama asserted during the final presidential debate Monday night that the cuts "will not happen." According to Federal News Radio's account of the debate, Obama said the budget his administration is considering focuses on maintaining current defense spending levels rather
Contractor Survival Tactics: Booz Allen Makes C4ISR Acquisition(govWin) At FIA, we are always keeping tabs on what's going in in the federal market, and I recently noticed that consulting firm Booz Allen Hamilton is making some interesting moves in order to remain competitive and continue its success in today's evolving
Northrop Grumman to cut up to 350 jobs(CapitalGazette.com) "The Department of Defense, for a number of years, has been stressing that companies need to be affordable," said Brandon Belote III, a spokesman for Northrop Grumman. "Cutting jobs is the last thing we like to do, but there are many cases where we're
Raytheon Closes Wireless Cyber Buy, Looks to Access Emerging Markets(Govconwire) In the company's 11th cybersecurity-related acquisition in the past six years, Raytheon Co. (NYSE: RTN) has bought a South Carolina-based technology developer as it looks to expand its ability to provide defense, intelligence and commercial customers with wireless services. The Waltham, Mass.-based contractor did not disclose the terms of the deal and said it will
ManTech Wins $152M Army C4ISR Task Order(Govconwire) ManTech International Corp. (NYSE: MANT) has won a task order under the strategic services sourcing prime contract for continued comprehensive IT support of C4ISR systems for the U.S. Army's communications-electronics command's software engineering center's field support division. According to a ManTech statement, the task order is for $151.9 million and has a period of 12 months
Two More Contracts for CACI(Zacks) CACI International shall also be providing its specialized technological services in the field of cloud technology, cyber security, service-oriented
Siemens Awarded Certification For Cyber Security Threat Protection(Dark Reading) Oct. 23, 2012 Wurldtech Security Technologies, leaders in protecting mission-critical connected devices from cyber security threats and Siemens, today announced that Siemens Infrastructure & Cities, Smart Grid Division, has obtained the Achilles Practices Certification, by passing strict industry benchmarks for device manufacturers security processes and practices. Based upon the standards set by the International Instrument Users Association (WIB), Achilles Practices Certification sets the bar for cyber security best practices in processes, practices, development, testing, commissioning, maintenance and support throughout the product lifecycle
Microstrategy Reorganizes C-level, Senior Leadership(Govconwire) Michael Saylor will remain chairman and chief executive at MicroStrategy Inc. (NASDAQ: MSTR) as the company rearranges its top management, according to a Washington Business Journal article. Saylor, who co-founded the company in 1989, will pass the title of president to Jonathan Klein, who serves as MicroStrategy's general counsel and chief legal officer
Palantir, K2 Team Up on Review Analytics(Law Technology News) K2 Intelligence LLC, formed in 2009 by famed information investigator Jules Kroll, and Palantir Technologies Inc., a data analytics software provider opened in 2004 and partially funded by the U.S. Central Intelligence Agency venture capital arm, are working side by side to advance and simplify their recent expansions in the legal technology market
Free dual-engine malware scanner(Help Net Security) The free Emsisoft Emergency Kit 3.0 can detect and remove malware by simply starting it directly from a USB stick or CD without the need for installation. The kit comes with a dual-engine scanner
LANDesk delivers secure user management suite(Help Net Security) LANDesk Software announced LANDesk Secure User Management Suite, a solution aimed at helping IT professionals gain control of a mixed environment of users, devices and platforms, regardless of location
Apple Reveals iPad Mini, New Macs(InformationWeek) Apple shows off a rash of new hardware products ranging from iMacs and MacBooks to the long-awaited smaller tablet, the iPad Mini
Bring Your Own iPad mini?(InformationWeek) If the iPad would work for you as a BYOD device, the iPad mini is an easy choice to make. But you'll pay for the privilege. Saving money doesn't seem to be the point for Apple. $329 is a lot of money, but Apple doesn't play by everyone else's rules
Rackspace Adds Block Storage, Answers Amazon(InformationWeek) Cloud block storage will help Rackspace compete more directly with Amazon, says CTO. Rackspace users starting today will get what Amazon users are long accustomed to: the ability to order the amount of storage their cloud server needs instead of the amount the service provider assigns
Amazon Outage Takes Out Reddit, Pinterest(InformationWeek) Amazon's service dashboard reported the first service interruptions at just before noon PST [on October 22] with its Elastic Beanstock services down, followed by announcements of service interruptions of other services
Nowcasting: Big data predicts the present(IT World) Big data is the key ingredient for predicting the present, or nowcasting, as it's called. Conceptually, it seems silly to use resources to predict the present, but nowcasting can save lives and make companies money
After Five Years, SAFECode Sees Software Security Progress, But Challenges Remain(Threatpost) SafecodeSoftware security, code quality and the iea of building security into applications from the design phase forward have become touchstones for any conversation about how to improve the security of the Web and the general IT infrastructure. But it wasn't always thus. In fact, it wasn't too many years ago that the idea of software security took a back seat to the more traditional security disciplines. That's changed of late, and one of the groups that's been in the middle of the transformation is SAFECode, the industry organization comprising Microsoft, Adobe, SAP, EMC and others, that's designed to advance software security methods and practices
Cyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors(Internet Storm Center) Let me preface this by saying that the "history" part of this ended up being way more complicated than we have space to cover in this story, I'll try to keep it brief. Back in the day, I remember the "PC DOS Tech Ref" manual (yes, I was there in 1981 to read this one. And yes, I still have my copy) - one of the many useful things in that manual was the by-now-very-familiar ASCII table, listing characters 1-127, which had been extended to include the next 128 characters, for an even 1-255 (1-FF in hex). I think this extension might have been for PC-DOS actually. I spent a lot of time using this, as it was handy in transcoding hex and binary data streams to characters (remember, this was before we had sniffers on PC DOS platforms)
Your Next Critical Security Project May Not Be What You Think(Infosec Island) Why do security 'solutions' fail to actually solve the problem that you made the investment of time and resources for? If we're honest with ourselves, we can easily look around the organization and find several projects that even though they are implementation-complete, are hardly "complete" as they sit. Too often after a catastrophic failure, or security incident we're pre-disposed to making hasty purchases to effectively stop the bleeding without considering what the full scope of what we're doing may be
Smart Grids: Digital Certificates and Encryption Play Key Role in Security(Security Week) The public infrastructure is one of the most valuable assets of the United States and its citizens. Communications networks, roads, bridges, tunnels, rail lines, and electric power are the backbone of the nation; the very fabric that helps to ensure our way of life. Damage to any of these infrastructures would be devastating, but damage to or failure of the electric power grid would be supremely tumultuous, as all of the other infrastructures that ensure the health of the nation rely upon electric power
4 Reasons Why Artificial Intelligence Fails in Automated Penetration Testing?(ivizsecurity) Formal Modeling and Automation is one of the things I love. I try to model everything and sometimes modeling helps and sometime it lands me in trouble. It helped me when I tried to model Penetration Testing and worked with my co-founder to design our first version of automated Penetration Testing Tool
The 25 worst passwords of 2012, and easy ways to avoid them(GCN) SplashData just released its annual list of the most common passwords stolen and posted by hackers, and if the list has a familiar look, its because most of the same passwords have appeared on past lists. In fact, this years top three -- "password," "123456," and "12345678" -- also finished one-two-three on SplashDatas 2011 list. The passwords below are not only the most common, they are also virtually useless at protecting an account
Catch, patch and match, cyber video warns(Ninemsn) Australia's most secretive intelligence agency has released a catchy new video warning of the perils of cyber attack. With music and graphics reminiscent of 1970s spy movies, the Defence Signals Directorate (DSD) warns government and industry are being
Mayfield Fund Backs Indian Incubator AngelPrime(TechCrunch) Mayfield Fund is announcing an Indian investment today, out of its Mayfield India fund. The venture firm is backing AngelPrime, a Bangalore-based incubator. The investment will be used as seed capital for the companies that AngelPrime plans to incubate over the next 3 years and to fund the operations of AngelPrime
Research and Development
Hunting Botnets On A Bigger Scale(Dark Reading) Researchers build prototype botnet detection system that gathers a big-picture view of both known and unknown botnet activity
Attacks on US Spark Need for More Cyber Security Degree Holders(U.S. News University) The cyber attacks reflect the nation's need to recruit more cyber security experts to protect the country's critical infrastructure. Tom Kellermann, vice president at Trend Micro and former member of President Barack Obama's cyber security commission
Digital services dominate GPO's 5-year plan(Fierce Government IT) The Government Printing Office hopes to transform itself into a digital information platform and provider of secure credentials, according to the GPO's recently released 5-year strategic plan. This means GPO is shifting to a document lifecycle process that ensures digital versions of publications are permanently available online and printed only when required or otherwise necessary, according to the plan
Agile development requires agile oversight, says U.K. government office(Fierce Government IT) In a report published earlier this year, auditors note that the U.K. government intends for half of its major information technology projects to utilize Agile Development by April 2013. As a result, the average delivery time should go down by 20 percent in 2014
DHS realigns cyber office into five divisions(Federal News Radio) The Homeland Security Department's Office of Cybersecurity and Communications is expanding to five divisions from three and creating a performance-management office. DHS is reorganizing CS&C in light of its increased responsibilities and improved stature in the federal and private sector cyber communities."Our new structure will result in an organization more capable of agile operations; of forming stronger partnerships; and of professionally, efficiently, and effectively enhancing the security, resiliency, and reliability of the nation's cyber and communications infrastructure," wrote Mike Locatis, the assistant secretary of the Office of Cybersecurity and Communications, in an internal memo obtained by Federal News Radio. "This realignment also centralizes common support functions of budget, finance, and acquisitions, information management and human capital
UN sides with law enforcement over data retention(UN sides with law enforcement over data retention) The United Nations (UN) has acknowledged the benefits of data retention when it comes to combating online terrorism, and sided with law-enforcement agencies that are pushing for greater powers. In a report issued by the United Nations Office on Drugs and Crime (UNODC), titled The use of the internet for terrorist purposes (PDF), UNODC highlighted the way in which the internet is increasing the gap between terrorists and prosecutors."Potential terrorists use advanced communications technology, often involving the internet to reach a worldwide audience with relative anonymity and at a low cost. Just as internet use among regular, lawful citizens has increased in the past few years, terrorist organisations also make extensive use of this indispensable global network for many different purposes," UNODC executive director Yury Fedotov said at the launch of the report
Column: Cyber inaction may be our Achilles' heel(FederalNewsRadio) Every day, our defense and intelligence agencies are dealing with many of the same sophisticated cyber attacks that plague our private sector. The need to coordinate information and efforts becomes even more urgent as our…We still have larger
Rewrite of cyber circular aims to 'break some china'(FederalNewsRadio) With Congress in a stalemate over cyber legislation, a different path to updating the Federal Information Security Management Act (FISMA) is available. A group of former federal cyber experts is recommending three major changes to Office of Management and Budget Circular A-130. The goal is to codify continuous monitoring, the role of the Homeland Security Department in overseeing the operational aspects of FISMA and the definitions of national security systems and major IT systems
Litigation, Investigation, and Law Enforcement
Europe Could Hit Microsoft With $7B+ Fine Over New Internet Explorer Antitrust Violations(TechCrunch) Looks like the European Commission is following through on what it's been reportedly planning to do for weeks: it has filed a formal complaint against Microsoft for antitrust violations related to Internet Explorer and giving consumers a clear way to choose another browser when using Microsoft's Windows operating system. The violation cost cost Microsoft billions in fines — the maximum penalty
China Cyber Threat: Huawei and American Policy Toward Chinese Companies(Heritage) On October 8, the House Permanent Select Committee on Intelligence released a report, U.S. National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE. The report concluded that using telecommunications hardware and infrastructure from these two firms entails a risk to American economic and national security.While Congress and the Administration should favorably consider important aspects of the report, they must not use it as an excuse for protectionism. Telecom is one of the few industries where national security concerns are sharp
Huawei acts to clear its name(Guardian) The Chinese telecoms equipment firm Huawei, classified by several governments as a national security risk, has done a poor job of communicating about itself and in trying to dispel myths, the chairman of its Australian business has admitted. A US Congressional committee has urged firms to stop doing business with Huawei based on security concerns, while Australia blocked the company from tendering for contracts in its A$38bn high-speed broadband network."We sincerely hope that in Australia we do not allow sober debate on cyber-security to become distorted the way it has in the US," the Huawei Australia chairman, John Lord, said in a speech in Canberra, adding that the company proposed to set up a cyber-security evaluation centre in Australia. The centre would give complete access to its software source code and equipment
'Just trust us' - NSA to privacy advocates in court(RT) The US National Security Agency isn't outright rejecting claims that they've been conducting surveillance on everyone in the country, but they want Americans to at least give them the benefit of the doubt when it comes to their intensions
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
TechExpo Cyber Security Careers(Columbia, Maryland, November 1, 2012) Profit from presentations by leading industry figures and networking opportunities designed for serious job-seekers.
Anatomy of an Attack(New York, New York, November 15, 2012) Join Sophos security experts in exploring how threats like malware, Trojans, worms and spyware actually work and what you can do to protect your company, even if you're on a tight budget.
ZeroNights(Moscow, Russia, November 19 - 20, 2012) ZeroNights is an international conference dedicated to the technical side of information security. The mission of the conference is to disseminate information about new attack methods, threats and defense...
Passwords^12(, January 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO...
BayThreat(Sunnyvale, California, December 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.