The Islamist DDoS campaign against US banks is crude and offers "nothing new," but it's surprisingly effective. Observers find it worrisome that large banks with sophisticated IT infrastructures are having such a hard time coping with it.
Energy infrastructure company Televent confirms that it's been hacked. Investigators blame China, and believe that the attack represents a SCADA threat even though its initial effects were theft of smart grid planning files. China also comes in for unusually blunt criticism from Cyber Command's Admiral Cox, who accuses that country of waging an ongoing cyber campaign against US Defense networks.
Adobe has been the victim of a certificate-signing APT attack. It's revoking the certificate immediately. URL shortening services are found to direct browsers to malware-infested sites. The remote wiping vulnerability discovered in some Samsung phones has been found to affect other Android devices as well, and a fix is available. Cisco releases security patches for nine products. Forrester finds that 75% of data breeches are inside jobs.
Budget sequestration (if it happens) won't affect Defense spending until January. OMB finds Federal agencies leery of Agile development but thinks they should work to overcome their fears. GovWin analyzes KEY-W's acquisition strategy as an example of how a small, "niche" company prepares to ride-out Federal budget austerity. Other analysts continue to track security industry consolidation.
In product news, Microsoft IE gets welcome good news: it's better at detecting malware than its competitors. Mozilla's password-free Persona login system is out in a beta version. Sim-card registration issues persist in the UAE.
Today's issue includes events affecting .
Cyber Attacks, Threats, and Vulnerabilities
As promised, Islamic hacktivists disrupt PNC Bank(CSO) Naming the targeted banks shows attackers are sophisticated, says one security expert. PNC Bank's website was disrupted on Thursday by a group of Islamic hactivists who have also claimed responsibility for downing the sites this week of Wells Fargo and U.S. Bank. The latest attack is identical to the other two in that hundreds of thousands of computers are used to overwhelm the sites' bandwidth, said Atif Mushtaq, a security researcher for FireEye who has been monitoring the attacks. The hactivists also claim to be behind the distributed denial of service (DDoS) attacks last week against Bank of America and JPMorgan Chase, as well as U.S. bank yesterday
US Banks Unable to Mitigate DDOS Attacks Despite Being Warned(Softpedia) A few days ago, hackers of the Izz ad-Din al-Qassam Cyber Fighters group have revealed their intentions of going after the websites of three other financial institutions: Wells Fargo, US Bank and PNC. Even though they knew their websites would be attacked by the hacktivists (called terrorists by some), the banks were unable to do anything to neutralize the attacks. ABCNews and the Los Angeles Times have interviewed experts who have reassured citizens that these attacks havent affected their financial assets and havent disrupted financial markets
Banks can only hope for best with DDoS attacks(CSO) As with Tuesday's attack on Wells Fargo, distributed denial of service attacks are said to be still crude but effective. Banks can only cross their fingers and hope the defenses they have in place can withstand cyberattacks like the one that disrupted the online banking site of Wells Fargo & Co., experts say
Cyber Attacks on US Banks Expose Computer Vulnerability(Businessweek) Such a sustained network attack ranks among the worst-case scenarios envisioned by the National Security Agency, according to the U.S. official, who asked not to be identified because he isn't authorized to speak publicly. The extent of the damage may
'Nothing new' in DDoS attacks(CSO) Two friends from Akamai take issue with the idea that there's something new about the nature of DDoS attacks targeting U.S. Bank, Wells Fargo and others
Are Hamas involved in a cyber war?(Al-Bawaba) And Thornton said there is already "a pretty good system for sharing threat data between the Department of Homeland Security and the financial services community today through a programme run by FS-ISAC (Financial Services Information Sharing Analysis
Shamoon Malware and SCADA Security - What are the Impacts?(Tofino Security) The latest post-Stuxnet discovery of advanced threats is a malicious malware known as Shamoon. Like Stuxnet, Duqu and Flame, it targeted energy companies in the Middle East, this time Saudi Aramco and likely other oil and gas concerns in the region including Qatars RasGaz. It is a new species however, because it did not disrupt an industrial process as Stuxnet did, nor did it stealthily steal business information as Flame and Duqu did
Breach a 'security disaster' for IEEE(CSO) Failure to encrypt data, usernames and passwords called "plain stupid." The IEEE (Institute of Electrical and Electronics Engineers) describes itself on its website as "the world's largest professional association for the advancement of technology." But after a data breach that left the usernames and passwords of 100,000 of its members exposed in plain text for a month, some security experts said it is clear both the organization and at least some of its members should also be in the business of the advancement of common sense security
USSD attack not limited to Samsung Android devices, can also kill SIM cards(CSO) The attack that can wipe data on Samsung devices remotely can also be used to disable SIM cards. A variation of the recently disclosed attack that can wipe data from Samsung Android devices when visiting a malicious Web page can also be used to disable the SIM cards from many Android phones, researchers say
Cyber attack on Philippines government sites(gulfnews.com) As early was Wednesday, Internet users trying to access the websites of the Bangko Sentral ng Pilipines (BSP or Philippine Central Bank) as well as the Metropolitan Waterworks and Sewerage System, the Department of Environment and Natural Resources
Chinese hackers have control of US power grid(Techeye) The company whose software and services remotely administers and monitor large sections of the US energy industry began warning customers about a sophisticated hacker attack. Telvent Canada said that digital fingerprints left behind by attackers point to a Chinese hacking group tied to repeated cyber-espionage campaigns against key Western interests. It looks like the hackers managed to get past the company firewall and security systems
US group studying breach at Schneider unit(Chicago Tribune) Calgary-based Telvent, which is owned by France's Schneider Electric SA, quietly warned customers about the sophisticated attack, which affected its operations in the United States, Canada and Spain, the cyber security news site KrebsOnSecurity.com
Attack on SCADA Vendor Telvent Raises Concerns(Threatpost) SCADATelvent, the maker of a SCADA product used in a number of critical industries, said that its corporate network has been compromised by attackers and that some of the files used by customers on their own networks were changed. This attack is the latest in what looks to be a series of incidents of varying severity that have occurred at companies involved in either the production or use of SCADA systems in recent months
Valid Adobe Certificate Used to Sign Malicious Utilities Common in Targeted Attacks(Threatpost) Adobe announced today it was the victim of an APT-style attack after two malicious utilities commonly used in targeted attacks for privilege escalation and pivoting within a network were discovered signed by a valid Adobe digital certificate. Adobe said it will revoke the certificate next week. Adobe products and services senior director of security Brad Arkin said in a statement that a build server with access to the Adobe code signing infrastructure was compromised and is the source of the issue
US cyber warrior accuses China of targeting Pentagon(Reuters) The U.S. Cyber Command's top intelligence officer accused China on Thursday of persistent efforts to pierce Pentagon computer networks and said a proposal was moving forward to boost the cyber command in the U.S. military hierarchy. "Their level of effort against the Department of Defense is constant" while alleged Chinese attempts to steal corporate trade secrets has been growing, Rear Admiral Samuel Cox, the command's director of intelligence, told Reuters after remarks to a forum on the history of cyber threats
The Wicked Witches of Cyberspace(Infosec Island) Lately Ive been doing a deep dive on technologies that enable one to bypass filters, blocking and jamming, to get uncensored information into denied areas. Ive been talking with all the really big boys about how they get information virtually and physically into North Korea, China, Iran, and other places. Its very interesting and very dangerous at times
Analysis of nearly 1.7 billion shortened URL links(Help Net Security) Web of Trust (WOT) completed an analysis of nearly 1.7 billion shortened URL links and found that the URL shortening services are often used to drive traffic to suspicious websites
Cisco Patches Numerous Bugs in IOS, UCM(Threatpost) Cisco has released nine security advisories for various products, including eight for its ubiquitous IOS operating system. Many of the vulnerabilities fixed in the patch release are denial-of-service flaws and none of them can give an attacker the ability to run code remotely on affected machines
Cyber Security: 75% of data breaches are inside jobs(eGovmonitor) High profile data breaches are often the work of hacker collectives like Anonymous, but it turns out that many more come at the hands of a company's own employees. According to new research from Forrester, only 25% of data breach cases are the work of external attackers. That leaves a whopping 75% coming from inside the company
Cyber Weapons: Are They The Deadliest Means Of Modern Warfare? – Analysis(Eurasia Review) Amid the Senkaku/ Diaoyu islet chain disputes and violent demonstrations in China against Japan, a series of cyber attacks hit the websites of the Japan's Defense Ministry, Internal Affairs and Communications Ministry, and the Supreme Court including Japan's Statistics Bureau and Banking networks. Referring to various Japanese and U.S. sources, a recent news story by Bill Gertz in Washington Free Beacon on September 25, has claimed that these attacks were originated in China and worked as a preview of China's military behavior during the opening phase of a military campaign
US and Russian experts turn up volume on cybersecurity alarms(Chicago Tribune) Former National Security Agency Director Michael Hayden warned that the United States had yet to resolve basic questions about how to police the Internet, let alone how to defend critical infrastructure such as electric generation plants
Top 10 issues eroding cloud confidence(Help Net Security) Findings from a joint Cloud Security Alliance (CSA) and ISACA survey show that government regulations, exit strategies and international data privacy dominate the Top 10 areas where confidence in the
Official warns Pentagon managers not to plan for budget cuts(Washington Times) The Pentagon's No. 2 official has issued a new warning to Defense Department civilians and commanders not to make any plans for automatic budget cuts that are set to take effect Jan. 2, even as Congress and the White House show no sign of halting the cuts
Pentagon Spending Shouldn't Slow Before Cuts, Carter Says(Bloomberg) The Pentagon's No. 2 civilian directed military departments and acquisition personnel to proceed with normal operations, including training and contracting, even though action hasn't been taken to avert looming spending cuts. The Pentagon "needs to continue normal spending and operations," Deputy Defense Secretary Ashton Carter told Defense Department and military service heads in a memo obtained yesterday by Bloomberg News
Defense rejects rigid supply chain security countermeasures(Nextgov) Dennis Bartko, special assistant for cyber at the Pentagon's National Security Agency who also spoke at the institute, added, "you may test and evaluate at one moment, but with upgrades, changes -- the devices themselves are often morphing and changing
GAO: Agencies have EA implementation gaps, but blame OMB(Fierce Government IT) Almost all agencies have established goals for their enterprise architecture, but executing on those goals is another challenge entirely, according to a Government Accountability Office report published Sept. 26. All 27 agencies reviewed in the report have fully or partially-defined goals, but only 11 have fully or partially established metrics for assessing their architectures and only five have fully or partially measured outcomes and benefits, say report authors
Unique challenges for Agile development in government(Fierce Government IT) Implementing Agile development with the federal government is not without unique challenges, members of a Sept. 26 panel said. Agencies are accustomed to the waterfall process, said Tim McCrosson, a senior policy analyst within the Office of Management and Budget office of e-government and information technology
Contractor Survival Tactics: KEYW Continues To Make Acquisitions, Expands Into Commercial Market(GovWin) In today's challenging federal market, contractors of all sizes are evaluating their current strategies to achieve success over the next several years, while bracing for potential budget cuts that could significantly impact the way they do business moving forward. At FIA, we are always watching the federal marketplace, and I personally have an interest in what's going on in the mergers and acquisitions (M&A) arena surrounding cybersecurity, a market which is rapidly evolving and always seems to be in the news. With this in mind, one company which I have been watching closely for awhile is KEYW Holding Corp., a smaller niche firm which provides agile cyber superiority and geospatial intelligence solutions to U.S. intelligence and defense customers
EADS Won't Extend BAE Deal Deadline(Wall Street Journal) Mr. Enders said he doesn't see any reason the issues can't be cleared up by Oct. 10, the existing deadline. The two companies have agreed on everything necessary to merge, and now it is up to governments, Mr. Enders said
Lockheed expands cybersecurity alliance(Washington Technology) Verizon joins the likes of Dell, EMC, Hewlett-Packard, Intel, Microsoft, Cisco and Citrix in the alliance, which Lockheed formed as a way to bring companies together to collaborate on cyber issues. Verizon is the 18th company to join the alliance
The Zacks Analyst Blog Highlights: Northrop Grumman, General Dynamics(Military & Aerospace Electronics) Revenue and earnings growth continue to be driven by its strong presence in the current focus areas of cyber security, modernization of defense and homeland security assets, intelligence, surveillance and reconnaissance systems, advanced electronics
Unisys Moves DOE Idaho Lab to Google Cloud(New New Internet) Unisys has completed its transition of 5,000 personnel at the Energy Department's Idaho National Laboratory to a Google cloud-based email and collaboration platform, Unisys announced Wednesday
BAE Names Frank Pope Enterprise Shared Services Lead, Erwin Bieber Head of Land & Armaments(GovConWire) BAE Systems Inc., the British contractor's U.S. subsidiary, has appointed Frank Pope president of the enterprise shared services organization, the company announced Thursday. Pope, currently president of land and armaments, will be succeeded by Erwin Bieber, vice president and general manager of business operations for the company's intelligence and security sector
Products, Services, and Solutions
Internet Explorer Blocks More Malware Than Firefox, Chrome, Safari(Dark Reading) NSS Labs browser tests show Google SafeBrowsing API weak link in catching click fraud malware. It hasn't been the best month for Internet Explorer given the recent zero-day attack, but the Microsoft browser got some good news today with a new test that shows it's by far better at stopping malware than Google Chrome, Mozilla Firefox, and Apple Safari
BlackBerry 10 Touch, Qwerty Devices Leak In Video; RIM Wants Lady Gaga To Help Sell BB10(TechCrunch) RIM is still bathing in the afterglow of yesterday's Q2 2013 fiscal results not being as awful as some had feared. The company remains in the invidious position of having to flog an out-of-date OS (BB7) while it tries to get its next-gen OS, BB10, ready for lift off at the start of next year. The wait for BB10 devices goes on — but two of RIM's forthcoming BB10 phones have surfaced online in what appears to be an internal marketing video posted to Vimeo (but since taken down)
Lockheed Martin Delivers SolaS Hybrid Cloud Solution(Equities.com) The solution uses Lockheed Martin's intelligence-driven defense approach to provide proactive and continuous cloud security situational awareness, and real-time compliance and configuration management. These capabilities are delivered by leveraging
Fidelis XPS Collector network appliance released(Help Net Security) Fidelis Security Systems announced Fidelis XPS Collector, a new network appliance that enables the storage, query and correlation of all sessions on a network. The appliance helps security teams
GFI Software combines antivirus and patch management(Help Net Security) GFI Software launched VIPRE Antivirus 2013 and VIPRE Internet Security 2013, which build upon VIPRE's detection rates and low impact on PC performance, helping to not only protect users' PCs from malware
Poland's Bank BPH to roll out finger vein ID solution(ATM Marketplace) Hitachi Europe Ltd., a wholly owned subsidiary of Hitachi Ltd., today announced that it has finalized delivery of finger vein biometrics authentication for Krakow-based Bank BPH S.A., one of the largest banks in Poland and a member of the GE Capital group. Bank BPH has been running a pilot in several branches since June of this year, and will implement the system in 22 branch offices by the end of September. All 287 branch offices in Poland will be using it as a main method of authentication at teller counters by the end of 2012
ISC Feature of the Week: Glossary(Internet Storm Center) Our feature today is a page we just launched, the Glossary: Terms and Definitions page! This page allows for browsing and list filtering of Computer and Security-related terms and definitions
CSA releases new IAM guidance(CSO) The Cloud Security Alliance says its guidance report on Identity Access Management is the first of 10 components that make up the Defined Categories of Security as a Service (SecaaS) in the cloud environment
Norwich computer program partners with security software firm(Vermont Digger) Officials at Norwich University announced a partnership between the university's digital Threat Analysis Center (NTAC) and computer security software firm RazorThreat. The Michigan-based company provides cyber security software that monitors all network activity which has the potential to be the basis for next generation digital forensics, a focus of Norwich's Bachelor of Science in Computer Security and Information Assurance (BSCSIA) program
Cyber security students receive $1.6 million grant(University at Buffalo The Spectrum) The graduates went on to work for the Federal Trade Commission, National Security Agency, Central Intelligence Agency, Federal Bureau of Investigation, Security Exchange Commission and the Office of Inspector General. To prepare students for careers in
California Joins Ban on Employers Demanding Social Media Access(Threatpost) California today joined two other states making it a crime for employers and colleges to ask applicants or workers for their social media login information in order to access their private Web sites. The new laws -- one for companies and one for colleges -- go into effect Jan. 1, 2013. Gov. Jerry Brown signed into law a state bill that prohibits employers from demanding usernames and passwords from employees and job applicants
October is National Cyber Security Awareness Month(, January 1, 1970) The Department of Homeland Security, National Cyber Security Alliance (NCSA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) work in partnership with public and private sector partners...
Cyber Maryland 2012(Baltimore, Maryland, October 16 - 17, 2012) "Designed for information security insiders, business innovators and aspiring professionals, this two-day conference features national thought leaders, showcases business opportunities and provides outstanding...
National Cyber Security Hall of Fame(Baltimore, Maryland, October 17, 2012) Baltimore welcomes the US cyber security community to honor the members of the National Cyber Security Hall of Fame innaugural class.
Cyber Security: A National Imperative(Washington, DC, October 29, 2012) Lockheed Martin is hosting a panel discussion on Cyber Security: A National Imperative – An in-depth view of Cyber Security from the world's leading defense contractor on Monday, Oct. 29, 11:00am at the...
TechExpo Cyber Security Careers(Columbia, Maryland, November 1, 2012) Profit from presentations by leading industry figures and networking opportunities designed for serious job-seekers.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.