Seoul releases details of how it traced last month's cyber attack to North Korea's Reconnaissance General Bureau, and alleges that the North plans a coordinated cyber and missile attack. Meanwhile spammers exploit Korean tensions with emails announcing (falsely) the outbreak of war; the messages carry Cridex login credential stealing malware.
Kaspersky uncovers a long-duration attack on online gaming companies. The "Winnti" campaign shows the convergence of cybercrime and cyber espionage: the criminals stole virtual currency, source code, and—most importantly—digital certificates. The certificates were eventually sold to Chinese security services whence they've appeared in attacks on Tibetan and Uyghur activists. The Winnti gang, operating at least since 2009, targets massive multiplayer online games.
Redpill spyware has resurfaced in India. In the US, another St. Louis area bank reports it's under cyber attack. Malaysian independent media suffer successful attacks as that country's election campaign opens. Sophos demonstrates a method of distributing malware via "read-only" Excel files.
Bitcoin-harvesting malware continues to roil trading in the math-based currency. Bitcoin's story is a curious one with many features of a classic bubble. It's attracting both a lot of smart money and a lot of denunciation (in one writer's characterization, it's a "Ponzi scheme").
Hacker News describes Skype password vulnerabilities. Ars Technica publishes a criminal consumer's guide to botnets—they're cheap and easy to use.
The EU's cyber security agency Enisa's post mortem on the CyberBunker-Spamhaus incident says ISPs and DNS server operators could have blocked the attack had they followed well-established best practices.
Today's issue includes events affecting Australia, Belarus, Brazil, China, European Union, Germany, India, Japan, Republic of Korea, People's Democratic Republic of Korea, Malaysia, New Zealand, Peru, Russia, South Africa, Switzerland, United Kingdom, United Nations, United States..
Looking ahead to next week, our Tuesday issue will offer special coverage of SINET's Monday conference, "Cyber Policy and Its Impact on Commercial Markets."
The Tallinn manual(The Dong-A Ilbo) The South Korean government said North Korea's military intelligence agency masterminded the cyber attack that paralyzed the IT networks of broadcasters and financial companies on March 20. As for the Stalinist regime's missile launch, it said, "We will punish the origin of the attack, supporting and commanding forces more than 10 times what they does." Whether Seoul will respond to the cyber attack or not remains to be seen. Some people say, "Since a cyber attack is combat, South Korea needs to punish North Korea." Nevertheless, it is not easy to do so under the international laws
Malicious Spam Warns of War with North Korea(eSecurity Planet) The spam e-mails deliver the Cridex malware, which steals login credentials from infected PCs. ThreatTrack Security researchers recently came across a spam campaign with a simple message -- the subject line is "Fwd: Re: War with N. Korea," and the message reads, "Hi, bad news. War with N. Korea"
Years-long cyber attack on online gaming companies uncovered(Polygon) A Russian-based computer security company says it's uncovered an international cybercrime group that uses code stolen from online gaming companies to create software that has been used to spy on activists and steal aerospace secrets
Winnti Cyberespionage Campaign Targets Gaming Companies(Threatpost) A cybercrime gang has been running roughshod over the gaming industry for years using malware signed with valid digital certificates to steal source code and valuable in-game currency for a number of popular online games
Data-Stealing Spyware Redpill Back, Targeting India(Threatpost) A form of spyware first seen in 2008 and known for siphoning away users' bank account credentials, emails, screenshots and various other bits of information has surfaced again – this time targeting computer users in India
Hide your kids, hide your BTC: Bitcoin-stealing malware emerges(Ars Technica) Click-bait to an exchange lookalike site drops malware to steal from accounts. In another example of the security mantra of "be careful what you click," at least one Bitcoin trader has been robbed in a forum "phishing" attack designed specifically to ride the hype around the digital currency. The attack attempts to use Java exploits or fake Adobe updates to install malware, and it's one of the first targeted attacks aimed at the burgeoning business of Bitcoin exchanges
Regions Bank cyber attack(KSDK) NewsChannel 5 received a tip Thursday that Regions Bank had been hit by a cyber attack. The bank confirmed this tip through their Twitter account, tweeting, "We are currently under cyber attack and our website and Online Banking are
Malaysian media sites targeted in cyber-attack(ABC Online) Cyber-attacks have taken several independent media outlets offline on the first day of Malaysia's election campaign. The websites for Radio Free Malaysia, Radio Free Sarawak and the news portal Sarawak Report have been brought down by a cyber attack
Wm. Jennings Bryan Dorn VA Medical Center Admits Security Breach(eSecurity Planet) The personal information of 7,405 patients may have been exposed. South Carolina's Wm. Jennings Bryan Dorn VA Medical Center recently sent letters to 7,405 patients warning them that an uprotected laptop was found to be missing on February 11, 2013. The laptop contained the veterans' personal information, including names, birthdates, weight, race, test results and partial Social Security numbers
When is a password not a password? When Excel sees "VelvetSweatshop"(Naked Security) Over the last few months, I've spent a significant proportion of my time researching the CVE-2012-0158 vulnerability…One of the issues in detecting CVE-2012-0158 samples is that the delivery mechanism can be RTF, Word or Excel files. Word and Excel files can be password-encrypted, meaning that it can be harder for an anti-virus scanning engine to see the malicious code. The problem the attackers have, of course, is that they not only have to trick users into clicking on the attachment with social engineering, but also need to dupe their potential victims into entering a password. With Excel, however, there is another method and that is to save the boobytrapped file as "Read Only". "Read Only" applies the same encryption method and uses a default password chosen by the Microsoft programmers: "VelvetSweatshop"
Malicious WordPress Plugin Discovered(eSecurity Planet) A freelance progammer apparently took the opportunity to inject malicious code into the Social Media Widget plugin without the maintainer's knowledge. Sucuri CTO Daniel Cid and COO Tony Perez recently discovered that the Social Media Widget plugin for WordPress was being used to inject spam into Web sites -- and with just under a million downloads, the plugin had the potential to impact a significant number of sites
Hackers could start abusing electric car chargers to cripple the grid, researcher says(CSO) If we don't start securing systems today, it will become a problem in 10 years, the researcher said. Hackers could use vulnerable charging stations to prevent the charging of electric vehicles in a certain area, or possibly even use the vulnerabilities to cripple parts of the electricity grid, a security researcher said during the Hack in the Box conference in Amsterdam on Thursday
Advanced Malware Takes Unique Steps to Hide Itself(InfoPackets) Researchers have discovered a new type of malware that uses several advanced strategies to prevent you from detecting it. Those strategies include tracking user mouse usage and hiding malicious files. The malware, which is being called Trojan.APT.BaneChant, was recently discovered by researchers at security firm FireEye. The malware reportedly spreads through an infected Microsoft Word document attached to emails
As Defenders Adapt, Offensive Techniques Continue to Evolve(Threatpost) The security teams that have to defend enterprise networks are faced with a broad and deep threat landscape populated with all manner of malware and targeted attacks. Those teams often have to react quickly to new threats, well before vendors respond with new technologies. By the look of things on the offensive side of the ball, much of which is on display at the Infiltrate conference here, things are not likely to get any easier for network defenders anytime soon
Social Engineering Skype Support team to hack any account instantly(Hacker News) You can install the industry's strongest and most expensive firewall. You can educate employees about basic security procedures and the importance of choosing strong passwords. You can even lock-down the server room, but how do you protect a company from the threat of social engineering attacks? For any of you that are involved in security awareness efforts, you know what I am talking about. It could happen tomorrow, it could happen today or it might already have happened
A beginner's guide to building botnets—with little assembly required(Ars Technica) For a few hundred dollars, you can get tools and 24/7 support for Internet crime. Have a plan to steal millions from banks and their customers but can't write a line of code? Want to get rich quick off advertising click fraud but "quick" doesn't include time to learn how to do it? No problem. Everything you need to start a life of cybercrime is just a few clicks (and many more dollars) away
The Truth About Spam(Dark Reading) New study shows one in three spam emails contains malware-ridden attachments, and one-fourth of all bots are in enterprise networks
Enisa cricitises ISPs' preparation against cyber-attacks(Telecompaper) EU cyber-security agency Enisa criticised ISPs in its analysis of a recent massive cyber-attack. ISPs are accused of failing to apply well-known security measures which have been available for over a decade. This error is as a key factor behind the
Security Patches, Mitigations, and Software Updates
Google Releases Google Chrome 26.0.1410.57(US-CERT) Google has released Google Chrome 26.0.1410.57 for all Chrome OS devices to address a vulnerability. This vulnerability could allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Release blog entry and follow best-practice security policies to determine which updates should be applied
Microsoft amends security update after reports of system errors(CSO) The company has removed the update from the MS13-036 batch of patches. Microsoft has amended a security update containing a patch that reportedly caused errors in some third-party software. The update, number 2823324, was distributed on Tuesday as part of MS13-036, a batch of patches that fix three Windows vulnerabilities in a kernel-mode driver
Infonetics: Managed Security Services Market Topped $13 Billion in 2012(eSecurity Planet) The research firm predicts that sales of cloud-based security services will surge over the next five years. According to Infonetics Research's latest Cloud and CPE Managed Security Services report, the global cloud and CPE managed security service market grew by 12 percent from 2011 to 2012, reaching $13 billion
BYOD Fuels NAC Comeback(eSecurity Planet) The BYOD boom is leading to a revival of network access control (NAC) technology, as more companies employ NAC to secure their networks. Network access control (NAC) is back. To get an idea of the NAC sales boom currently underway, Frost & Sullivan estimates that sales will grow by almost 14 percent a year for the next two years to
Why You Should Care Cybersecurity Lobbying Doubled(Mahsable) Lest you doubt we are entering the age of a cybersecurity industrial complex—and that such a system doesn't necessarily have the average Internet user in mind—take look at the numbers. According to a new study by the lobbying group Center for Responsive Politics, lobbying reports that referenced "cybersecurity" more than doubled last year. Mentions jumped from 990 in 2011 to 1,968 in 2012
South Africa a 'big target' for cyber crime(IT Web) Cyber crime poses the biggest risk to local business, with elements like mobile and cloud exacerbating the threat. If you think your data is safe, think again, says Andrew Kirkland, country manager of international security firm Trustwave. SA is a major target for data breaches and, while local businesses on the whole have certain measures in place, these are insufficient until companies understand and appreciate the value of their unique data
Bitcoin Is A Disruptive Technology(Forbes) A financial network is a technological platform that people build businesses on top of. And the traditional banking and credit card networks are closed platforms. If you want to build an e-commerce site, a payment network like Paypal, or any other service that deals in dollars, you need to convince incumbent financial institutions to do business with you. Getting such a partnership is difficult and involves a lot of red tape
Fool's Gold: Bitcoin is a Ponzi scheme—the Internet's favorite currency will collapse.(Slate) Bitcoin is a fantasy. The Internet's currency—a secure, private, decentralized type of money that makes possible anonymous and virtually costless transactions across borders—contains the seeds of its own destruction. More than anything else, it resembles a Ponzi scheme—and the wild claims made on its behalf reveal a great deal about a libertarian strain of thinking with deep roots in the American psyche
IRS's big data play built on shaky foundations(IT World) The IRS is scaring taxpayers silly this season with boasts about its Big Data prowess and 'robo audits.' But recent reports suggest the agency is struggling to keep its IT operations afloat
DISA building one-of-a-kind cloud for big data(FierceBigData) Talk about unstructured data--the Defense Information Systems Agency got specific this week about what kind of infrastructure it thinks it needs to store and analyze data types
Shortage of Skilled People Could Hamper Military's Offensive Security Capabilities(Threatpost) The U.S. military has been attempting to build up the offensive cybersecurity capabilities in its various services for several years now, but is running into the same obstacles and challenges that private sector firms in the same space are: a shortage of skilled workers and not enough money to hire the ones who have the skills. Those deficits could portend a reevaluation in the way that the military handles cyber operations and who is involved in them
Congress Skeptical Of Obama's Defense Budget(Washington Times) Lawmakers greeted the White House's $526.6 billion defense budget request with skepticism Thursday, as top Pentagon officials defended proposals previously rejected by Congress, such as base closures and increasing health care enrollment fees
FireEye gathers ANZ momentum(Tech Day) FireEye has begun a rapid expansion in Australia and New Zealand through the appointment of Phil Vasic regional director for the region. One of the global leaders in cyber attack prevention, the company says Vasic joined from Clearswift, where he served as vice president, Asia Pacific and Japan, bringing 15 years of enterprise sales and sales management experience at companies Websense and Hewlett Packard.
New CEO For Secunia(Dark Reading) The board has appointed Niels Henrik Rasmussen. The board and Thomas Zeihlund have agreed a new, international profile is needed for the role of CEO for Secunia, to lead the company onwards
Products, Services, and Solutions
Android MDM Fragmentation: Does It Matter?(Dark Reading) Of all the major mobile operating systems, Android provides the least in terms of mobile security and device management. Google has let its customers down
Google Death: Inactive account manager helps you plan digital last will and testament(CSO) Google provided a somewhat morbid reminder of the increasing primacy of digital data in our lives with the release today of the euphemistically named Inactive Account Manager feature. The service allows users to customize what will happen to their account data -- everything from Gmail messages to Drive content to Google+ posts -- if their account goes inactive for whatever reason. Options range from simply deleting everything to carefully arranged disbursement of personal information to selected contacts
Security Software Tracks Stolen Laptop from London to Tehran(eSecurity Planet) Dom del Torto now knows where his laptop is -- but he's unlikely to get it back. On February 4, 2013, Dom del Torto of London's Big Animal Design & Animation Studio found that someone had broken into his flat on London's Holloway Road, and had stolen his iPad and his MacBook Pro
Design and Innovation
Virginia is for startups: Governor launches cyber-security accelerator(VentureBeat) If you're a security startup you may want set up shop in Virginia, not Silicon Valley. Virginia Governor Bob McDonnell officially opened the doors to a security-focused startup accelerator today called Mach37. The accelerator is modeled in the same form as Y Combinator, 500 Startups, and Techstars, according to a release by the organization
IBM To Invest $1 Billion In Flash Technology Research, Reflecting Obsolescence Of Hard Disk Drives(TechCrunch) IBM plans to invest $1 billion in research to design, create and integrate Flash into its servers, storage systems and middleware, a reflection of the changing requirements needed for companies to manage massive amounts of data. As part of the news, IBM also announced a new line of Flash appliances. These storage appliances are based on technology acquired from Texas Memory Systems
Mind over matter: Researchers turn thoughts into passwords(CSO) Scientists demonstrate ability to differentiate individual brain activity. May be how you access your digital life in the future. In the not-crazy-distant future, instead of using a password to navigate our digital lives, we may be able to think our way into our various online services and ever-growing array of digital whatnots. Researchers at the University of California-Berkeley's School of Information claim to have devised a method to use biosensors to accurately differentiate the brainwaves of specific subjects as they visualized songs, images, or other mental tasks. The brain activity resulting from these tasks appear to be inherent to each individual and may one day supplant traditional (and hackable) password security systems
NYC students, hackers train for cybersecurity jobs(Philly.com) Students at the Polytechnic Institute of New York University (NYU-Poly), sitting near a poster from an earlier lecture about cyber crime, come together for a Wednesday evening Hack Night in the Information Systems and Internet Security (ISIS) lab at
Cryptographer Ronald Cramer appointed Fellow of IACR(CWI) Ronald Cramer from Centrum Wiskunde & Informatica (CWI) in Amsterdam and Leiden University has been appointed Fellow of IACR. This was announced on 8 April by the International Association for Cryptologic Research, IACR. The selection committee praised the mathematician for his contributions to the development of modern cryptography. He received the title "for fundamental contributions to cryptography, for sustained educational leadership in cryptography, and for service to the IACR". Cramer is the first researcher active in the Netherlands to receive this prestigious award. The ceremony takes place during the 33rd CRYPTO conference in August 2013 in Santa Barbara, Ca., USA
MI5 warns universities on cyber spying(Financial Times) UK security services have warned universities to be more vigilant in protecting themselves against cyber attacks by foreign powers seeking to poach intellectual property at the frontier of science and technology. Vice-chancellors have been briefed by Sir Jonathan Evans, the outgoing head of MI5, while Universities UK, which represents the sector, is preparing to issue institutions guidance about how to ward off the cyber threat
Top Majors to Influence National Growth(The Hill) Since the age of 16, graduating senior Dominique Nash always thought that she wanted to be a pharmacist. Before she transferred to Howard University, she was a Biochemistry Major at the University of Maryland Eastern Shore. Although she wanted to make her mother proud, Nash eventually left pharmacy and went to follow her real passion, Broadcast News
Trend Micro, Deakin University and Macquarie University join forces to protect Australians online(CSO) Trend Micro, a leading provider of cloud security, has joined forces with Deakin University and Macquarie University on a research project designed to analyse the security of the World Wide Web and make the online world safer for Australians. With more than 90 percent of malware delivered over the internet, the joint project aims to develop innovative approaches to effectively identify malicious web domains and sites. Using evidence-based research and big data analytics, the research team will analyse the web threats specifically targeting Australia and look at developing tools and capabilities to enhance the levels of online security. Another goal is to raise public awareness of cyber threats and educate users on how they can best protect themselves
Take a Break for Security(Embry-Riddle Horizons) With spring break behind us and summer break just around the corner, now is a great time to think about what you are doing to secure your data and devices. Are you vigilant about creating unique passwords and not sharing them or writing them down? Do you have passcodes on your mobile devices? Are you cognizant about what you post online and why
White House signals it won't support CISPA in present form(CSO) Calls for more privacy, civil liberties protections in reintriduced Cyber Intelligence Sharing and Protection Act. In what's quickly turning out to be a replay of events from last year, the White House today signaled that it would not support the recently reintroduced Cyber Intelligence Sharing and Protection Act (CISPA) in its present form
Critics: CISPA still a government surveillance bill(CSO) A U.S. House of Representatives committee failed to make the changes necessary to allay fears about government surveillance in a controversial cyberthreat sharing bill that's moving toward a House vote, critics said
Senior Cyber Official Targets Black Markets For Zero-Day Vulnerabilities(Inside Defense) A senior Pentagon official has targeted black markets for zero-day cyber vulnerabilities as one of his top priorities over the next year. Eric Rosenbach, the deputy assistant secretary of defense for cyber policy, said that responding to these is "one of the things that I really want to work the hardest on…because I see it as a really big threat"
Obama boosts military, 'black' and spook cyber forces(Register) Obama said that he wanted to increase the military cyber forces led by the US Cyber Command and bump up funding for cyber security information sharing in the Department of Defense (DoD) allocation. "We must confront new dangers, like cyber attacks
Obama makes cyber security a priority(IT Web) The US has moved to increase spending to protect its computer networks from cyber attacks. President Barack Obama proposed on Wednesday increased spending to protect US computer networks from Internet-based attacks, in a sign that the government aims to put more resources into the emerging global cyber arms race
The EU's common sense privacy approach to big data(FierceBigData) The European Union is being more aggressive than the United States and other countries in getting out in front of the definitions and impacts of big data on privacy, and the rules created around them
The IRS Doesn't Think 'Reasonable Expectation of Privacy' Applies to Your Emails(Slate) The IRS Criminal Tax Division doesn't think the Fourth Amendment should apply to email. With Tax Day less than a week away in the United States, you probably don't need another reason to dislike the IRS. But here's one anyway: Newly released documents show that in recent years, the agency has claimed American Internet users "do not have a reasonable expectation of privacy" when it comes to their emails being snooped on
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SANS Northern Virginia 2013(Reston, Virginia, USA, April 8 - 13, 2013) This event features comprehensive hands-on technical training fand includes several courses that will prepare attendees for DoD 8570 and GIAC approved certification exams. Four of the courses can apply...
INFILTRATE 2013(Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
Software Engineering Institute Invitational Career Fair(Pittsburgh, Pennsylvania, USA, April 11 - 12, 2013) Attention software engineers and cyber security professionals, the Carnegie Mellon Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing...
Information Tech Expo Series - Hawaii(Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness...
InfoSec World Conference & Expo 2013(Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
Cyber Guardian 2013(Baltimore, Maryland, USA, April 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection,...
Infosec Southwest 2013(Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending...
Mobile Device Security for Defense and Government(Alexandria, Virginia, USA, April 23 - 24, 2013) This Defense Strategies Institute conference addresses the challenges of operating mobile devices in networks whose security is mission critical. The symposium's overall theme will focus on DOD's plan...
Infosecurity Europe(London, England, UK, April 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every...
23rd Annual Government Procurement Conference(Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network...
INSA Leadership Dinner Featuring Betty Sapp, Director, NRO(Reston, Virginia, USA, April 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.