skip navigation

More signal. Less noise.

Daily briefing.

Reports from the region indicate that eleven private banks in Israel have been hit by a denial-of-service campaign mounted by Tunisian hacktivists. The cause is, as usual, support of Palestine.

Cyber criminals are selling counterfeit (and risky) versions of popular Android and iOS apps.

Network Time Protocol (NTP) attacks spiked last week, but seem now to have trailed off. The threat is nonetheless worth considering: the NTP version of a distributed denial-of-service attack abuses the monlist command in older versions of NTP, sending a small, spoofed query that requests a large amount of data. Symantec recommends either disabling monlist or upgrading NTP implementations to current versions.

Thieves in Europe are compromising ATMs by physically drilling into them, installing malware, patching the hole, then returning at some later time to withdraw cash illicitly from the terminal. The hack withdraws whatever cash a particular machine holds rather than draining customer accounts.

Scammers posing as recruiters infest LinkedIn at increasing rates. Hackers have shut down League of Legends and other massively multiplayer online game sites; in some cases they may have swatted players (that is, summoned police to a residence with a spoofed distress call—a very dangerous prank).

In industry news, disappointed vendors are swamping the US Department of Homeland Security's EAGLE II contract with protests. Midsized firms are showing an increased need (and appetite) for encryption technology.

US military services reduce their cyber attack surface by consolidating network access points: the Air Force has fused 120 such points into 16 gateways.

Notes.

Today's issue includes events affecting Australia, India, Indonesia, Israel, Japan, Taiwan, Tunisia, United Kingdom, United States..

The CyberWire will take a holiday tomorrow on New Year's Day. We'll resume normal publication Thursday. A happy new year to all our readers.

Cyber Attacks, Threats, and Vulnerabilities

11 Israeli Bank Websites Taken Down by Anonymous Tunisia and AnonGhost (Hack Read) Hacktivists going with the handles of Anonymous Tunisia and AnonGhost have taken down websites of 11 private Israeli banks in a DDoS attack. Anonymous Tunisia left a list of websites belonging to 11 different Israeli banks which were taken down few hours ago in support of Palestine. In a Tweet by Anonymous Tunisia, it was claimed that: This is just a just a beginning, this is just phase 1

Beware of counterfeit versions of top Android, iOS apps (Tech Hive) Cybercriminals are using third-party app sites to peddle reverse–engineered versions—essentially counterfeit or pirated—of almost all the most popular paid apps available on the Google Play and Apple App Stores, software firm Arxan has discovered

Attackers Wage Network Time Protocol–Based DDoS Attacks (Dark Reading) Attackers have begun exploiting an oft–forgotten network protocol in a new spin on distributed denial–of–service (DDoS) attacks, as researchers spotted a spike in so–called NTP reflection attacks this month

Thieves used USB sticks to infect ATMs, withdraw large amounts of cash (UPI Science News Via Acquire Media NewsEdge and TMC) Cyber thieves cut and drilled their way into European cash machines in order to infect them with malware this year, security researchers say

BBB warns job seekers of LinkedIn scams (Daily Journal) With many job seekers using LinkedIn to market themselves to potential employers, scammers also are finding ways to exploit the site by posing as recruiters, Better Business Bureau (BBB) warns

UPDATED: League of Legends, DOTA 2 and Other Servers Shut Down By Cyber Attack (Gamesided) UPDATE 7: 1:05am: After a long ordeal, all servers in League of Legends have been fully restored. The group has now taken down World of Tanks, however. Battle.net is also still having issues from Monday's event

Even tiny microSD cards have chips that can be hacked (BGR) Andrew "bunnie" Huang and Sean "xobs" Cross have discovered a way to hack even the small microSD cards that go inside current smartphones and tablets to increase their storage, as well as other flash–based memory solutions, presenting their findings at the Chaos Computer Congress (30C3). In a detailed blog post on bunnie:studios, Huang explained how the hack works, and why many flash cards are susceptible to being hacked and used for malicious purposes by people who are aware of this particular potentially serious security vulnerability

Another look at a cross–platform DDoS botnet (Semper Securus) I learned from a recent "Malware Must Die" post about a Linux malware sample that is associated with DNS amplification attacks. As mentioned in the MMD post, several researchers have posted on this, or similar malware. Since I'm particularly interested in Linux malware, especially if it has a DDoS component, I thought I'd also take a look

Barry University notifies patients records may have been hacked (Miami Herald) Barry University announced Monday night it is notifying patients of its Foot and Ankle Institute that their medical records and personal information may have been hacked

Employee sends info on 2,000 to personal email address, gets fired (SC Magazine) An employee with a private contractor for Colorado Medicaid was fired after sending an email to a personal account that contained sensitive information on almost 2,000 people

Mannix Marketing Acknowledges Data Breach (eSecurity Planet) Personal and credit card information for customers of Saratoga Sweets, Barkeater Chocolates, Olde Bryan Inn and Coffee Planet may have been exposed

7 sneak attacks used by today's most devious hackers (ComputerWorld) Most malware is mundane, but these innovative techniques are exploiting systems and networks of even the savviest users

UK CPNI Releases Spear Phishing Paper (US–CERT) The United Kingdom's Centre for the Protection of National Infrastructure (CPNI) has recently released a paper titled "Spear Phishing — Understanding the Threat;" this document provides guidance on how spear phishing attacks work, whether you are likely to be a target, and the steps organizations can take to manage the risks. CPNI is the UK's government authority for providing physical, personnel and information security advice to critical national infrastructure. US–CERT encourages users and administrators to review the CPNI document as well as US–CERT ST04-014, "Avoiding Social Engineering and Phishing Attacks"

Year of living dangerously — security breaches and scams of 2013 (Silicon Republic) The crushing impact of a cyber attack on individuals was brought to the public's attention on a number of occasions this year. In fact every year, the

Cyber Threats 2013: From Snowden to the Hunt for Red October (International Business Times) The last 12 months have seen the rise of mobile malware, the pernicious CryptoLocker ransomware and the emergence of Stuxnet's little sister. We look at 10 stories which encapsulate the turbulent and dramatic year that 2013 was in cyber security

Govt: Indonesia 'No. 1 Target' for Cyber Attacks (Jakarta Globe) The Communications and Information Technology Ministry has revealed that Indonesia was the world's most targeted country for cyber attack in 2013

India among six countries most affected by Bitcoin malware (NDTV) Bitcoin craze is turning into a fertile ground for cyber fraudsters as thousands

9 Notorious Hackers Of 2013 (InformationWeek) This year's hacking hall of shame includes members of Anonymous and the Blackhole cybercrime gang, plus state–sponsored groups

More companies file EAGLE II protests (Federal Times) The Department of Homeland Security's seven–year, $22 billion Eagle 2 information technology contract is getting buried under vendor protests, according to the Government Accountability Office

Air Force seeks better intelligence architectures (C4ISR & Networks) The Air Force is looking for assured cyber architectures technologies to improve the Defense Intelligence Information Enterprise

Encryption Technology: A Growing Need at Midsize Firms (Midsize Insider) This latest news is an example of the need for cryptographic technologies to protect corporate data. IT professionals at midsize firms who are

David Wolf, Fiona Barshow Named DNC Federal Civilian VPs (GovConWire) David Wolf, a 20-year project management veteran, has been appointed to serve as vice president of federal civilian programs at Data Networks Corp. Wolf will be responsible for executing business programs and growth strategies and overseeing customer satisfaction in federal civilian markets, DNC said

The Next Big Thing You Missed: Watchdox Builds Personal Bodyguard for Your Sensitive Files (Wired) With Dropbox exploding in popularity, Watchdox is betting people will want a highly protective and secure alternative

The Color of Money: Take action after Target breach (The Columbus Dispatch) One of the best parts of my job is helping address readers' financial concerns. The data breach at Target has a lot of people really worried

Don't Want Your Laptop Tampered With? Just Add Glitter Nail Polish (Wired) If you're traveling overseas, across borders or anywhere you're afraid your laptop or other equipment might be tampered with or examined, you've got a new secret weapon to improve security. Glitter nail polish

Software–Defined Networking Rises Above The Hype (InformationWeek) SDN earned plenty of hype in 2013, but the ability to program networks improves network performance and security in a more systematic and automatic fashion

Top ten SDN news stories of 2013: Cisco ACI, VMware NSX and more (Networking Digest) In 2013, the top ten SDN news stories were driven by two central themes: the rise of open networking and hardware vendors going software

Beginners' Guide To PGP (Bitcoin not Bombs) If you are new to Bitcoin it's likely you've heard some terms thrown around by Bitcoiners that you have no idea what they mean—PGP, Tor, VPN, OTR, etc. In most cases these are referring to various technologies that people use to protect their data and communications

Opinion: How infosec training is changing to stay ahead (TechTarget) Dr. Lynne Williams of Kaplan University shares her view on how infosec education is changing to keep pace with evolving attacks

Fearful of Cyber Attacks, Military Tightens Control Over Data Networks (National Defense Magazine (blog)) The Air Force's cyber command center so far has fused 120 network entry points into 16 gateways. "This already has improved our ability to secure the

Ex–NSA chief calls for Obama to reject recommendations (USA Today) Retired general Michael Hayden, former director of the National Security Agency and the Central Intelligence Agency, called on President Obama Monday to show "some political courage" and reject many of the recommendations of the commission he appointed to rein in NSA surveillance operations

What proof should be needed to show collecting intelligence that violates freedoms is worth it? (The Jerusalem Post) A perpetual battle in both the US and Israel over balancing fighting terror with violating privacy rights/freedoms has hit a crescendo this past week in the political and legal wars over the US NSA's (National Security Agency) electronic spying programs

Cyber spying? China points finger at US (The Hill) Congress is doubling down on its criticism of alleged Chinese cyber attacks despite recent revelations that the U.S. is engaged in massive spying of its own

U.S. Senator Issues Letter To Top 5 Wireless Carriers Urging Kill Switch Adoption (TechCrunch) U.S. Senator Amy Klobuchar of Minnesota has today taken up the battle cry of numerous legislators before her, calling for wireless carriers to enable new anti–theft technology on handsets. According to the Senator, one–third of robberies involve cell phone theft, resulting in an estimated $30 billion in lost or stolen phones. That said, Klobuchar has written a letter to the heads of the

Target Breach: Senators Seek Hearing (BankInfoSecurity) Three Democratic senators are calling on the Senate Banking Committee to examine whether stronger cybersecurity standards are needed to protect consumer data following a breach at Target stores that affected as many as 40 million debit and credit cards

Texas City Secretary Indicted for Insider Breach (eSecurity Planet) Lisa Moravitz allegedly forwarded Cuero Police Department e-mails to 'people who shouldn't have [them]'

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

FloCon2014 (Charleston, South Carolina, USA, January 13 - 16, 2014) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, on January 13–16, 2014. This open conference provides a forum for operational network...

NASA Langley Cyber Expo (Hampton, Virginia, USA, January 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer...

cybergamut Tech Tuesday: Malware Reverse Engineering - An Introduction to the Tools, Workflows, and Tricks of the Trade to Attack Sophisticated Malware (Columbia, Maryland, USA, January 21, 2014) Reverse engineering malware can be an integral part of every security team's calculus. This session provides a technical review of the tools, workflows, and advanced analytic insight a senior reverse engineer...

CANCELLED DUE TO WINTER STORMS: cybergamut Tech Tuesday: Malware Reverse Engineering — An Introduction to the Tools, Workflows, and Tricks of the Trade to Attack Sophisticated Malware (Columbia, Maryland, USA, January 21, 2014) This talk has been cancelled. Please consult cybergamut for scheduling updates.

Cybertech — Cyber Security Conference and Exhibition (Tel Aviv, Israel, January 27 - 29, 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber...

U.S. Census Data Protection & Privacy Day (Suitland, Maryland, USA, January 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees...

2014 Cybersecurity Innovation Forum (Baltimore, Maryland, USA, January 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations.

Cyber Training Forum at NGA (Springfield, Virginia, USA, February 4, 2014) The 2014 Cyber Security Training Forum (CSTF) will take place at the NGA East Campus in Springfield, VA. This event is designed to provide education and training to the NGA Workforce, the Intelligence...

Security Analyst Summit 2014 (Punta Cana, Dominican Republic, February 9 - 13, 2014) The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community.

The Insider Threat: Protecting Data and Managing Risk (Online, February 11, 2014) As recent events have demonstrated, the threats from inside government have the potential to be more harmful than the hacking activities of our enemies. Protecting sensitive government information from...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.