Cyber criminals continue con games that cruelly exploit people's horrified reactions to the Boston Marathon bombing. US-CERT summarizes them, and the SANS Institute publishes valuable updates of malicious sites and terms caught in spam traps.
Seculert finds malware in the wild— "Magic"—that may represent the first phase of a broader campaign. Its functionality, which could extend to establishing backdoors, data theft, HTML injection, and installing other malicious files, is apparently not yet in use, and the malware's purpose remains unclear.
The most commonly used home wireless routers are shown vulnerable to exploits that place attackers inside local firewalls.
Krebs traces SWATting attacks to identity theft sites.
Prolexic reports that distributed denial-of-service attacks show dramatically increased bandwidth capacity (and incidentally casts doubt on claims that last month's Spamhaus attack was the largest DDOS incident ever).
Quartz writer Kevin Ashton demonstrates the ease with which one can create a plausible, authenticated, and entirely fictitious Internet persona. Following DISA's famous "Robin Sage" (mother of all catfish), Ashton creates "Santiago Swallow," wins Twitter's blue checkmark of authenticity, and gains 80,000 followers before the gaff is finally blown.
Microsoft's Security and Intelligence Report notes the decline of worms and the rise of Web threats; it also finds that about 25% of all computers lack basic security software.
Venture capital shows a general contraction through the first quarter.
SANS offers a new tool for assessing cyber talent. Trusteer makes some very large claims for its Apex security solution: it "blocks 100% of previously unknown malware."
Today's issue includes events affecting Australia, Azerbaijan, Belarus, China, Denmark, Finland, European Union, India, Spain, Russia, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Scams Exploiting Boston Marathon Explosion(US-CERT) Malicious actors are exploiting the April 15 explosions at the Boston Marathon in attempts to collect money intended for charities and to spread malicious code. Fake websites and social networking accounts have been set up to take advantage of those interested in learning more details about the explosions or looking to contribute to fundraising efforts
UPDATE: Now Over 125 Domains Related To Boston Explosion Including "Relief" Domains(The Domains) There are now at least 125 domain names that have been recently registered relating to the explosions at the Boston Marathon today and most troubling many that look like charitable domains that can be be used to raise money for the victims. Over 20 of the domain .com/.net domains registered today sound like they could be used for fundraising efforts for the victims so we need to watch those to make sure they are only used by licensed and regulated charities
Boston-Related Malware Campaigns Have Begun(Internet Storm Center) About mid-afternoon yesterday (Central time - US), Boston related spam campaigns have begun. The general "hook" is that it sends a URL with a subject about the video from the explosions. Similar to when Osama Bin Laden was killed and fake images were used as a hook, in this case, the video is relevant to the story and being used as a hook. Right now, very roughly 10-20% of all spam is related to this (some spamtraps reporting more, some less). Similar IPs have also been sending pump & dump scams so likely the same group has re-tasted itself. Here is a list of subjects I've seen hit spam traps
Fake Boston Marathon Scams Update(Internet Storm Center) Yesterday, TheDomains reported there was 125 potentially fake domains registered just hours after the attack in Boston. By my current count, I see 234. Some of these are just parked domains, some are squatters who are keeping the domains from bad people. A couple are soliciting donations (one is soliciting bitcoins, oddly enough). So far, there has been no reports of any spam related to this but there have been a few fake twitter accounts which are fairly quickly getting squashed. Oh, and one lawsuit-lawyer related site in connection to the event but that's a different kind of scum then we typically deal with here. But so far, most of the domains are parked (typically at GoDaddy, but don't read that as a swipe at them) or they don't resolve anywhere
Seculert Uncovers Magic Malware(eSecurity Planet) According to Seculert CTO Aviv Raff, the malware may just be the first phase of a broader attack. Seculert researchers recently came across a malware sample they're calling "Magic," which had remained undetected on targeted machines for 11 months. According to Seculert CTO Aviv Raff, the malware's name comes from the fact that it communicates with its command and control (C2) server using a custom-made protocol, with "some_magic_code1" required at the beginning of every conversation to verify that the communication is coming from an infected machine
Top Wi-Fi routers easy to hack, says study(CNET) The most popular home wireless routers are easily hacked and there's little you can do to stop it, says a new study by research firm Independent Security Evaluators
A RAT named Poison Ivy(Dave Waterson on Security) In February 2013, Mandiant published a report exposing APT1, one of the cyber espionage units based in China. They found that APT1 is one of the most prolific cyber espionage groups, having stolen hundreds of terabytes of sensitive proprietary data through Advanced Persistent Threats (APTs). Mandiant concluded that APT1 is likely Chinese government-sponsored and has links with the People's Liberation Army
Anonymous Hackers Hit Azerbaijan(eSecurity Planet) The hackers have released 1.5GB of data taken from the Ministry of Communications and Information Technologies
SWATting Incidents Tied to ID Theft Sites?(Krebs on Security) Many readers have been asking for an update on the "SWATting" incident at my home last month, in which someone claiming to be me fraudulently reported a home invasion in progress at my address, prompting a heavily armed police response. There are two incremental developments on this story. The first is I've learned more about how the hoax was perpetrated. The second is that new clues suggest that the same individual(s) responsible also have been SWATting Hollywood celebrities and posting their personal information on site called exposed.re
DDoS Attack Bandwidth Jumps 718% (InformationWeek) Distributed denial-of-service study finds increase in attack quantity and severity, while most attacks continue to originate from China
Prolexic CEO: 'Biggest Cyber Attack Ever' Was Built On Lies(TechWeek Europe) When Spamhaus, an anti-spam organisation that some have labelled a vigilante group, claimed it was being hit by a 300Gbps distributed denial of service (DDoS) attack, it made plenty of headlines. That's because it was the biggest cyber attack on record. At least, that's what we were all told and it may well be true. Some suggested it even caused a global Internet slowdown, with Spamhaus' DDoS protector CloudFlare saying it "almost broke the Internet", claims that were later torn apart by more cynical onlookers. Then today, the biggest DDoS protection vendor in the world, Prolexic, brought out a report on DDoS attack power, writing that those involved in the Spamhaus hit had reported "grossly inflated" figures. The report didn't mention the attack again
The beginner's guide to breaking website security with nothing more than a Pineapple(troyhunt.com) You know how security people get all uppity about SSL this and SSL that? Stuff like posting creds over HTTPS isn't enough, you have to load login forms over HTTPS as well and then you can't send auth cookies over HTTP because they'll get sniffed and sessions hijacked and so on and so forth. This is all pretty much security people rhetoric designed to instil fear but without a whole lot of practical basis, right? That's an easy assumption to make because it's hard to observe the risk of insufficient transport layer protection being exploited, at least compared to something like XSS or SQL injection. But it turns out that exploiting unprotected network traffic can actually be extremely simple, you just need to have the right gear. Say hello to my little friend
Tweeto ergo sum: How to become internet famous for $68(Quartz) Santiago Swallow may be one of the most famous people no one has heard of. His eyes fume from his Twitter profile: he is Hollywood-handsome with high cheekbones and dirty blond, collar-length hair. Next to his name is one of social media's most prized possessions, Twitter's blue "verified account" checkmark. Beneath it are numbers to make many in the online world jealous: Santiago Swallow has tens of thousands of followers. The tweets Swallow sends them are cryptic nuggets of wisdom that unroll like scrolls from digital fortune cookies: "Before you lose weight, find hope," says one. Another: "To write is to live endlessly"…There's just one thing about Santiago Swallow that you won't easily find online: I made him up. Everything above is true. He really does have a Twitter feed with tens of thousands of followers, he really does have a Wikipedia biography, and he really does have an official web site. But he has never been to TED or South By South West and is not writing a book. I--or rather he--flat out lied about that. (Editor's note: Santiago Swallow's Twitter account was suspended after the publication of this piece.
Very fake Santiago Swallow wants his very real Twitter account back(Quartz) Santiago Swallow is the internet-famous alter ego of Quartz contributor Kevin Ashton. As you know, I am an expert in the imagined self. You can therefore imagine how shocked my self was this morning when I found my Twitter account, with 80,000 followers and hundreds of insightful and carefully curated tweets, such as, "My dad is so old he can remember when there was only one type of house music," and "New York, New York. Is it so good they named it twice, or so ADHD they were't listening the first time?" had been suspended for unstated reasons. Twitter and its silly rules about only having a verified check mark that they bestow
How easy is it to find your kids online?(WDAM) Do you know who your child's Facebook friends are or what personal information they're posting? As we learned, it doesn't take much to track down a Facebook friend
Facebook launches privacy campaign to protect teens(Naked Security) Facebook, under pressure to educate teenagers on staying safe on the site, has teamed up with 19 US attorneys general to launch a privacy public awareness campaign. But can these resources actually help
Microsoft: Worms And Rogue AV Dying, Web Threats Thriving(Dark Reading) Conficker finally flickering out, newest edition of Microsoft's Security Intelligence Report (SIR) shows. For the first time in nearly four years, the top malware threat plaguing enterprises is not the Conficker worm: Web-based attacks have taken over, according to new data gathered from more than 1 billion Windows machines worldwide. IframeRef, a family of iFrame malware that infects Web servers, now holds the No. 1 spot, with a fivefold increase in the fourth quarter of 2012 alone with 3.3 million detections, according to the new Version 14 of Microsoft's Security Intelligence Report (SIR) for the second half of 2012
Why Programmers Are Excited About Bitcoin(Forbes) I've noticed a contrast in the way programmers and non-programmers react when they first hear about Bitcoin. And I think an analogy to cryptography helps explain it. Cryptography has been around for centuries, but until recently all the practical encryption systems people knew about were symmetrical. The encryption key could be derived from the decryption key as easily as vice versa
Governments Must Co-Opt Bitcoin to Avert Disaster(American Banker) When the news spread that Archduke Franz Ferdinand of Austria was assassinated in Sarajevo, few, if any, had the foresight to envision the colossal consequences that topped all previous global conflicts. But this spark ignited the horrific chapter in world history known as World War I
Is Armageddon on the cyber horizon?(The Guardian) Cyber security has become a major threat to global infrastructure and economy. We've seen malware designed to spy on and subvert industrial systems at Iran's Natanz nuclear facility, a destructive Trojan horse disable thousands of computers at Saudi
Why cyber insurance isn't booming(BusinessWeek) Some form of cybersecurity insurance has been around for a long time, and while the risk of cyberattacks has risen steadily, the market to insure against it has lagged. If your organization still favors risk acceptance and mitigation over risk transfer (insurance) when it comes to computer systems, it's in good company
US intelligence agencies embrace OpenStack(ITworld.com) The U.S. National Security Agency has been "transformed" since implementing OpenStack, and now the agency plans to open its experiences to all 16 agencies that make up the U.S. intelligence community. "Over the next few
At NSA, The Cloud Is About Big Data And Moving Beyond IT(TechCrunch) The National Security Agency (NSA) cloud is about big data and creating unicorns. And it all started when some geeks stole two servers. It makes no sense, according to conventional thinking, but these are unconventional times, and the cloud that NSA
DISA says commercial cloud computing middleman function at IOC(FierceGovernmentIT) The Defense Information Systems Agency announced April 16 it has achieved initial operational capacity as the commercial cloud computing middleman for the Defense Department--despite its acknowledgment that it has yet to fully approve for DoD use any FedRAMP-authorized commercial cloud service providers
Northrop to Help Run Army Enterprise Web Portal(GovConWire) Northrop Grumman (NYSE: NOC) has won a potential $56.7 million contract from the U.S. Army to help operate a web-based portal that provides users classified and unclassified access to features such as email and instant messaging. The contract for the Army Knowledge Online Enterprise Services system contains one base year and one option year
Cryptography Research and StarChip sign agreement(Electronicsfeed) Cryptography Research and StarChip SAS (StarChip), experts in designing and qualifying smart card ICs, today announces that they have signed a patent license agreement allowing the use of Cryptography Research's patented technology in StarChip
Son of WWII nisei receives promotion at Pentagon(Honolulu Star-Advertiser) Paul M. Nakasone, currently serving deputy chief of staff, for intelligence at International Security Assistance Force Joint Command in Afghanistan, will become director of Army Cyber Operations Integration Center at Second Army/U.S. Army Cyber Command
Ex-hacker Mudge is "getting the band back together" at Google(The H) Former hacker Peiter "Mudge" Zatko has been working for the US government for several years, but he now says he is "getting the band back together", presumably at his new employer Google. Mudge, who, among other things, developed the hacking tool L0phtCrack (used to crack Windows passwords), had recently been working for the Defense Advanced Research Project Agency (DARPA) which is part of the Department of Defense
New approach blocks all zero-day malware, says Trusteer(ComputerWeekly) Stateful application control blocks 100% of previously unknown malware, closing the security gap left by traditional antivirus (AV) software, according to endpoint security firm Trusteer. The security firm estimates that 70-80% of enterprise malware infections are through the exploitation of zero-day vulnerabilities
China's social media gurus face off in the Weibo vs. WeChat debate(Quartz) In China's rapidly expanding social media sphere, the lion's share of buzz is split between Tencent's WeChat, a text and voicemail service that has grown so popular it is threatening the business of the country's mobile phone carriers, and Sina Weibo, a microblogging service where users post unfiltered snippets of news in a cat-and-mouse game with the country's censors
It's time for Microsoft to give up on consumers(Quartz) Microsoft hasn't released sales figures for the Surface, suggesting that people aren't exactly lining up to buy it. Microsoft's current business model is inertia. And it's a surprisingly good one: Despite free-fall in demand for PCs, analysts are expecting that when Microsoft announces earnings after markets close tomorrow (April 18), the company most closely identified with the PC will report a jump in revenue from a year ago, from $17.42 billion to $20.54 billion
'Clueful' App-Interrogation Tool Coming To Android(Lifehacker Australia) Bitdefender is preparing to launch Clueful in the Google Play Store; the same privacy protection app that was forcibly removed from the Apple App Store last year. We quizzed Bitdefender's leading security bods about what the new app offers Android users
Technologies, Techniques, and Standards
Your Data Is Gone, Have A Nice Day(Dark Reading) A client called our office the other day, needing help with an emergency data restoration from the backup system it manages in-house. The main server had crashed and was unrecoverable. It happens
Time To Dump Antivirus As Endpoint Protection?(Dark Reading) Attackers find it easy to avoid signature- and heuristic-based anti-malware defenses. Experts recommend alternatives to antivirus programs be used alongside them, not in lieu of them. The shortcomings of antivirus software are well known in the security industry, where the programs are typically considered an eminently fallible last line of defense. When Google analyzed, for example, the performance of four antivirus engines in a recent research paper on new reputation-based techniques to stop malicious downloads, the company found that the best scanner caught at most 25 percent of malicious files from the Internet. Combining all four engines only resulted in 40 percent of the malicious files being detected. While the Internet giant did not name the providers of the software nor discuss the testing environment, the results are in line with other studies as well
DevOps Integration Key to Avoiding Pre-Ordained Security Failures(Threatpost) Downstream is where you live today as a security person. If Gene Kim has his way, you'll be inline soon enough. Kim's keynote today at Source Boston 2013 took listeners on a deep dive of the integration of development and IT operations and helped map out how organizations may be able to wedge security into the conversation and help security practitioners escape a system that pre-ordains failure—one they are for the most part powerless to avoid today
Banks Must Ditch Legacy IT(InformationWeek) Banks with decades-old IT systems are struggling to adjust to the changing regulatory and financial landscape
Why PaaS Is The Future(InformationWeek) Platform-as-a-service will become standard for Web applications. It's time to evaluate your options and plan a migration strategy
Design and Innovation
Pixar's Innovation Secret: Moore's Law as Business Tool(Wired) Inventors, visionaries, engineers have to arrive at each level before they can even imagine a way to the next one…and then create it. That's how Pixar and its first film Toy Story — the first feature-length computer-animated film
How do you compete with a free operating system? Try paying people(Quartz) China's e-commerce juggernaut Alibaba has finally found some takers for its mobile operating system, known as AMOS, or the Alibaba Mobile Operating System. It announced yesterday that five handset makers--KONKA, ZOPO, Amoi, G'Five, and Little Pepper--will release devices running on AMOS
Deep Run students get lession in cyber security(WTVR) Some students at a Henrico high school got a crash course in cyber security Wednesday. FBI agents came in to teach students at Deep Run High School about the importance of keeping their identities and personal information secure online
Legislation, Policy, and Regulation
Laws Can't Save Banks From DDoS Attacks(Dark Reading) A threat information-sharing bill wouldn't do much to help banks defend themselves against distributed denial-of-services (DDoS) attacks. Rep. Mike Rogers (R-Mich.), who is also chairman of the House Intelligence Committee, told NBC News on Wednesday that the Operation Ababil bank disruption campaign run by al-Qassam Cyber Fighters could be stopped, if only private businesses had unfettered access to top-flight U.S. government threat intelligence. Currently the federal government is "trying to share cyber threat information with these banks to help them get ahead of these attacks," Rogers said. "Unfortunately, a series of policy and legal barriers is impeding that cooperation, as well as slowing down cooperation within the private sector and making it less effective"
CyberCom Elevation To Stand-Alone Command On SecDef's Desk(AOL Government) Carl Levin, chairman of the Senate Armed Services Committee, signaled the Pentagon that -- while he knows "there is a proposal before the Secretary of Defense to elevate Cyber Command" -- he has concerns about the command
European Commission welcomes European Parliament's vote to extend mandate of ENISA and strengthen EU Cybersecurity(Europa) Today's vote (626 for, 45 against) is the conclusion of lengthy political discussions between Council and the European Parliament. A political agreement was reached at the end of January 2013, and EU Ministers formally endorsed the Regulation on 8 February. The new Regulation (see MEMO/10/459) grants ENISA a new 7 year mandate. This is particularly significant given the important role the agency will play in the implementation of the EU Cybersecurity Strategy adopted by the European Commission in January
House approves two federal cybersecurity bills(FierceGovernmentIT) The House unanimously approved April 16 legislation that would modify statutory federal cybersecurity program requirements. That bill, the Federal Information Security Amendments Act of 2013 (H.R. 1163), secured a 416-0 vote with 16 representatives not present; it would amend the Federal Information Security Management Act in ways similar to legislation the House approved in 2012 but which the Senate did not take up
CISPA heads to House floor; White House issues veto threat(FierceGovernmentIT) The White House issued a veto threat against the controversial Cyber Intelligence Sharing and Protection Act, which is set for a vote by the full House this week following the House Rules Committee's April 16 adoption of a rule permitting 12 amendments onto the floor
Hacking the Law: Fights Over Cyber-Security and a Silicon Valley Divide(SF Weekly) To some, hacker Andrew "Weev" Auernheimer is a cause celebré. To others, he's a famous douchebag. To many, he's a polarizing figure in a debate that's roiled Silicon Valley, pitting established tech companies against rogue innovators. When Auernheimer was sentenced to 41 months in prison for collecting and publicizing the names of 114,000 AT&T iPad users, reporters grappled over the right words to characterize him. A headline in Venture Beat reflected their ambivalence: "Terrorist, hacker, freedom fighter: Andrew Auernheimer parties tonight in expectation of jail tomorrow." The law that federal prosecutors used as a blunt instrument against Auernheimer is nearly three decades old, but it's had a weird pop-culture resurgence in recent months. Called the Computer Fraud and Abuse Act (CFAA)
Whistleblowing now akin to treason(Salon) The persecution of a former National Security Agency official highlights a disturbing government initiative. When Thomas Drake, then an official at the National Security Agency, realized that the agency's decision to shut down an internal data analysis program and instead outsource the project to a private contractor provided the government with less effective analysis at much higher cost, he tried to do something about it. Drake's decision to join three other whistleblowers in asking the agency's inspector general to investigate ultimately made him the target of a leak investigation that tore his life apart
Firefox 'death sentence' threat to TeliaSonera over gov spy claims(The Register) Mozilla may snub telecom giant's new SSL certs. Firefox-maker Mozilla could issue a "death sentence" to TeliaSonera's SSL business over allegations the telecoms giant sold Orwellian surveillance tech to dictators. The punishment would be an embarrassing blow to the company: it would effectively cut off HTTPS-encrypted websites verified by TeliaSonera from Firefox users, who make up one-fifth of the planet's web surfers
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SNW Fall 213(Long Beach, California, USA, October 15 - 17, 2013) SNW is the leading global event series focused on the advancements in, and implementations of, storage, data center, networking, cloud and information infrastructure technologies.
Information Tech Expo Series - Hawaii(Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness...
InfoSec World Conference & Expo 2013(Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
Cyber Guardian 2013(Baltimore, Maryland, USA, April 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection,...
Infosec Southwest 2013(Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending...
Mobile Device Security for Defense and Government(Alexandria, Virginia, USA, April 23 - 24, 2013) This Defense Strategies Institute conference addresses the challenges of operating mobile devices in networks whose security is mission critical. The symposium's overall theme will focus on DOD's plan...
Infosecurity Europe(London, England, UK, April 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every...
23rd Annual Government Procurement Conference(Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network...
TechExpo Cyber Security Hiring Event(Columbia, Maryland, USA, April 30, 2013) A hiring event for experienced cyber security professionals, with many leading companies in attendance and interviewing on-the-spot. Learn from the distinguished speakers' panel, details of which will...
INSA Leadership Dinner Featuring Betty Sapp, Director, NRO(Reston, Virginia, USA, April 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.