skip navigation

More signal. Less noise.

Daily briefing.

The "Dark Seoul" attack on banks and media in South Korea was severe. Although by consensus "less sophisticated" than denial-of-service attacks by the Izz ad-Din al-Qassam Cyber Fighters against US banks (not themselves markedly sophisticated) Dark Seoul destroyed data and devices. Attribution remains unclear, but despite finding Chinese fingerprints in the attacks, analysts are shifting their suspicions back to North Korea.

Trend Micro and Sophos talk about how they detected and contained the attack. The relatively simple logic bomb evaded signature-based firewalls and anti-virus software to target a familiar Internet Explorer vulnerability. Security officers should draw at least two lessons: signature-based defenses are increasingly susceptible to bypass, and known vulnerabilities should be closed.

The US Department of Homeland Security warns of a newly discovered vulnerability in Siemens industrial control systems. It also warns of DHS-themed ransomware.

The TeamViewer spyware found in European networks seems directed against activists in Eastern Europe and the former Soviet republics. Toronto's TD Bank suffers a denial-of-service attack similar to those US banks sustained earlier this year.

Weaknesses in the UK's 123.Reg enabled some 300 incidents of domain theft last year.

Australian medical practices receive advice on cyber insurance. NASA's IG thinks the agency's IT security redundancies are too costly, but NASA tightens them anyway in the wake of insider breaches.

The US House of Representatives hears expert testimony that only serious deterrence can be expected to quell cyber attacks. The House also heard that Iran is a bigger cyber threat than either Russia or China.

Notes.

Today's issue includes events affecting Australia, Belgium, Canada, China, France, Germany, Hungary, India, Iran, Republic of Korea, People's Democratic Republic of Korea, Panama, Russia, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

Logic Bomb Set Off South Korea Cyberattack (Wired) A cyberattack that wiped the hard drives of computers belonging to banks and broadcasting companies in South Korea this week was set off by a logic bomb in the code, according to a security firm in the U.S

Cyber-attack on South Korea may not have come from China after all: regulator (Reuters) This week's cyber-attack on South Korean broadcasters and banks may not have originated in China after all as the IP address has been traced to one of the victim banks, the communications regulator said on Friday. But it couldn't rule

North Korea Still Chief Suspect In Cyber Attacks On South (TechWeekEurope UK) Despite evidence that the recent cyber attacks on South Korea were not…Trend Micro said it was aware of other attacks on South Korean firms

UPDATE 3-Hacking highlights dangers to Seoul of North's cyber-warriors (Reuters) The North's professional "cyber-warriors" enjoy perks such as luxury…security vendor Sophos said, noting the malicious software it detected was not

South Korea cyber attacks are linked back to China (Inquirer) Officials in South Korea have linked the recent cyber attacks in the…Sophos products have been able to detect the malware for nearly a year

Trend Micro detects multiple cyber attacks on South Korea (New Straits Times) Trend Micro, a provider of cloud security software, has detected multiple cyber attacks on South Korean banking corporations and media

Trend Micro Deep Discovery Protects South Korean Customers From Attack (PR Newswire) Crippling attacks on banks and media thwarted by advanced threat protection of Trend Micro Custom Defense. Trend Micro Incorporated announced today that customers using its Deep Discovery advanced threat protection product were able to discover and react to the recent cyber-attack before damage could be done. These attacks paralyzed several major banking and media companies, leaving many South Koreans unable to withdraw money from ATMs and news broadcasting crews cut off from their resources

South Korea bank attacks should prompt rethink in U.S. (CSO) DDoS attacks on U.S. banks were more advanced technically, but the attackers of the South Korean banks did much more damage. The simplicity of the malware that paralyzed the computer networks of three banks and two broadcasters in technically sophisticated South Korea is a warning that U.S. corporations need to rethink security. The cybercriminals did nothing out of the ordinary in penetrating the organizations' defenses on Wednesday. They used existing malware called "DarkSeoul," changed its signature to evade the organizations' firewalls and antivirus software, and targeted a well-known vulnerability in Internet Explorer (CVE-2012-1889)

South Korea Bank Hacks: 7 Key Facts (InformationWeek) Data-wiping attacks on Windows and Linux computers may have just focused on random targets to cause chaos, security researchers say

TD Bank hit by 'targeted' cyber attack that knocked out online services (Montreal Gazette) TD Canada Trust (TSX:TD) says it was hit by a "targeted" cyber attack, forcing its banking website and mobile banking service to go offline for several hours. The bank says the denial-of-service attack occurred mid-morning and prevented its customers from logging to its website and mobile site

DHS, ICS-CERT Warn of Siemens HMI Vulnerabilities (Threatpost) The Department of Homeland Security and the ICS-CERT issued an advisory yesterday warning of serious vulnerabilities in Siemens industrial control software deployed in a number of industries including water, gas and oil, and chemical

Recent Reports of DHS-Themed Ransomware (US-CERT) US-CERT has received reports of apparently DHS-themed ransomware occurring in the wild. Users who are being targeted by the ransomware receive an email message claiming that use of their computer has been suspended and that the user must pay a fine to unblock it. The ransomware falsely claims to be from the U.S. Department of Homeland Security and the National Cyber Security Division

TeamViewer-based cyberespionage operation targets activists, researchers say (Computer World) Security researchers have uncovered yet another ongoing cyberespionage operation targeting political and human rights activists, government agencies, research organizations and industrial manufacturers primarily from Eastern European countries and former Soviet Union states. The attacker group behind the campaign was dubbed TeamSpy because they use a malware toolkit built around the legitimate TeamViewer remote access application in order to control infected computers and extract sensitive information from them. The operation was analyzed by researchers from the Laboratory of Cryptography and System Security (CrySyS Lab) of the Budapest University of Technology and Economics, who collaborated with several antivirus companies, including Kaspersky Lab, Symantec and ESET

Guccifer strikes again: A major Silicon Valley venture capitalist's e-mail exposed (Quartz) While one hacker has been exposing wealthy Germans' financial secrets, another has been pulling more high-profile, but arguably more harmless tricks. A hacker going by the nom du pirate "Guccifer" has popped open the inbox of John Doerr, a partner at Kleiner Perkins Doerr, a firm that invested in early in tech giants like Google and Amazon. Doerr is a multi-billionaire and former Intel executive who is routinely cited as one of the most influential people in tech, even though he uses an AOL email account, which to most techies is practically like using pen and paper

Germany's offshore money and the hacker who helped expose it (Quartz) The German newspaper Sueddeutsche Zeitung has published the names (link in German) of wealthy Germans who were or are directors of companies in Panama, a country known as a tax haven. The directors included families behind major automakers, banks and businesses, many of whom denied keeping funds abroad for tax purposes or attributed the actions to now-deceased relatives

Security Hole in Control Panels of UK Registrars Led to Domain Hijacking (Softpedia) Last year, cybercriminals managed to steal around 300 domains by exploiting a vulnerability in the web hosting control panel of UK registrar 123-Reg. In addition to 123-Reg, its believed that four other registrars have been impacted. The Register has learned that a security hole in 123-Regs web hosting control panel allowed anyone with an account to gain access to other accounts simply by modifying the URL from the browsers address bar

PyCon Incident: Two People Fired, DDOS Attack Launched Against SendGrid Site (Softpedia) An incident at the recent PyCon Python developer conference has gotten way out of proportions, resulting in two people getting fired by their companies and distributed denial-of-service (DDOS) attacks being launched against two websites. It all started when two of the developers present at the conference started making jokes that were deemed inappropriate in nature by Adria Richards, a SendGrid developer evangelist. After becoming tired of the dongle and forked repository jokes, Richards took a picture of the two developers and posted it on Twitter

'Human Weakness' Helped Chinese Hackers Steal Secrets From US Companies (Business Insider) The APT1 hackers were able to crack into American companies' computer networks and systems by targeting "human weakness," according to [Mandiant founder, Kevin Mandia]. They would send emails to a company's employees that appeared to be from

Most Indian Websites Abused for Phishing Attacks Are from IT and Education (Softpedia) In the period between August and November 2012, 0. 11% of all phishing pages identified by Symantec were hosted on compromised websites from India. If in 2011, education sites were most targeted by phishers, in 2012, they dropped to second place, being overtaken by IT sites

Iran Is a More Volatile Cyber Threat to U.S. than China or Russia (CIO) As members of the intelligence, military and homeland security communities evaluate the emerging cyber threats emanating from hostile nation states, they must consider important distinctions in the capabilities and attack patterns of adversaries like China and Iran, cybersecurity experts told a House subcommittee on Wednesday. Testifying before the House Committee on Homeland Security's cybersecurity subcommittee, witnesses drew a sharp distinction between the threats from comparatively mature actors like China and Russia, with which the United States has longstanding--if strained--diplomatic and economic ties, and nations like Iran and North Korea

Security Patches, Mitigations, and Software Updates

Apple places kill date on apps that use 'UDID' device identifiers (ZDNet) Apple is finally putting a cap on UDIDs - often used for ad tracking - that establish a permanent link to iOS devices. Liam Tung

Temporary fixes released for Samsung Android lock-screen glitch (CSO) By manipulating the emergency call screen, an attacker could get persistent access to a device

Apple iCloud now comes with two-step verification (SlashGear) Two-step verification (also known as two-factor authentication) is becoming all the rage now. After the recent influx of security breaches and hacks on major services, companies are starting to implement two-step verification to prevent social engineers from

Cyber Trends

We must end cyber warfare 'Wild West' or risk catastrophe (Public Service Europe) In pursuit of cyber-peace states need to develop international rules of engagement and seek limitations on the use of cyber arsenals against each other as they did with nuclear weapons in the 1940s. It's an increasingly acknowledged fact that the true battleground between nation states is now the cyber-world and not the traditional military field. The use of 'cyber-force' to push through political objectives is increasingly common, as is a shift in the identification of targets towards civilian critical infrastructure systems - which if taken down have the potential to cripple a nation and cause loss of life

Cyber Security a Growing Issue for Small Business (Entrepreneur) As more business owners utilize technology such as cloud computing and mobile devices and apps, the risk of hackers accessing money and sensitive business data becomes more real. The House Committee of Small Business addressed this issue today during a special hearing called, "Protecting Small Businesses Against Emerging and Complex Cyber-Attacks.""Small businesses generally have fewer resources available to monitor and combat cyber threats, making them easy targets for expert criminals," said Chris Collins, chairman of the House's Subcommittee on Health and Technology. "In addition, many of these firms have a false sense of security and believe they are immune from a possible cyber-attack

Security; The non-commodity (infosecisland) For most users and businesses, their primary contact with the world of security solutions is via antivirus. In an enterprise environment, a computer comes preloaded with Antivirus. Updates occur centralized and automatically

Does your practice need cyber insurance? (Pulse+IT Magazine) Mr Waite said Cyber Plus had also received industry advice from a number of antivirus expert companies like Trend Micro and Bitdefender to help design a

Marketplace

Pentagon Urged To Stop Stalling, Start Planning Defense Cuts (Reuters) The Pentagon needs to stop stalling and start figuring out how to cut its budget by $50 billion annually for the foreseeable future in a way that preserves national security, defense analysts from across the political spectrum said on Thursday

Congress Approves Temporary Spending Bill To Keep The Government Open (Washington Post) Congress approved a short-term funding bill Thursday that ends the possibility of a federal government shutdown next week. But a broader budget battle about taxes and spending for the year is just beginning. The stop-gap spending resolution, approved on a broad bipartisan vote in the House, locks in the $85 billion across-the-board spending cuts known as the sequester through the Sept. 30 end of the fiscal year

NASA's redundant IT security tools costly, finds IG (FierceGovernmentIT) NASA has no effective process for tracking information technology security tool requirements or purchases, according to a March 18 NASA office of inspector general report. As a result, redundant technologies are costing the agency. In June 2012, the agency had 242 security assessment and monitoring technologies across nine different control areas--costing a total of $25.7 million

To fix IRS computer security, GAO recommends dozens of corrective actions (FierceGovernmentIT) Serious security weaknesses threaten sensitive taxpayer information, the Government Accountability Office says. The GAO says that in a report it did not release to the public, it recommended in detail that the Internal Revenue Service take 30 specific actions on newly identified information security weaknesses. The problems are related to identification and authentication, authorization, cryptography, audit and monitoring, and configuration management, the GAO says

Booz Allen Hamilton Holding Corporation : Booz Allen Hamilton to Provide Specialized Scientific Research to the National Geospatial-Intelligence Agency's InnoVision Future Solutions Program (4-Traders) Booz Allen Hamilton today announced it received a $315 million single award contract to support the National Geospatial-Intelligence Agency's (NGA) InnoVision Directorate. Booz Allen will provide specialized scientific and technical research and development subject matter expertise to all facets of the InnoVision Future Solutions Program (IFSP) through Nov. 2017. IFSP provides support to perform path-breaking scientific research and transitions innovative concepts and capabilities required to solve the Intelligence Community and Department of Defense's most complex problems

General Dynamics Fidelis Cybersecurity Solutions opens forensics lab in Columbia (Baltimore Business Journal) General Dynamics Fidelis Cybersecurity Solutions has opened a new forensic lab in Columbia. The new lab at 9055 Guilford Road in Columbia houses 15 forensic examiners who tackle cyber security threats for commercial clients. The company provides cyber security services and products for government agencies and commercial clients and has headquarters in Bethesda and Waltham, Mass

Products, Services, and Solutions

LaserLock Technologies Files New Provisional Patent For Enhanced Document (Dark Reading) New embedded security features in paper can prevent theft and copying of sensitive documents

Palo Alto Networks GlobalProtect Solution Now Available For iOS On The App Store (Dark Reading) Enterprises can now extend next-generation firewall security policies to mobile users

Route1 Announces Release Of MobiLINK (Dark Reading) Authentication and secure access technology enables users to securely access internal Web-enabled applications and Web resources

Heads-Up - Premature product - not a proper product to be used for PCI approved Web Scanning (IT Central Station) v2 Review: Premature product - not a proper product to be used for PCI approved web scanningHaving done numerous penetration tests using various manual and automated tools, today we are focusing on a new tool called QualysGuard Web Application Scanning v2.4.1. In the process of doing a pentest, we often use a quality automated tool to check for standard issues while we focus on the much more difficult issues of the testing. As this reduces the time it takes to do a full test, allows us to work more efficiently, and besides who wants to waste time doing monotonous simplistic checking

Panda Security Offers Simplicity and Greater Profits to Partners (Virtual-Strategy Magazine) Partners can now offer a comprehensive security and system management service to customers, with Panda Cloud Office Protection, Panda Cloud Office

Technologies, Techniques, and Standards

When Active Directory And LDAP Aren't Enough (Dark Reading) Cloud and mobile pose problems to most enterprise's centerpiece identity and access management technology

Wipe the drive! Stealthy Malware Persistence - Part 4 (Internet Storm Center) This is my fourth post in a series called "Wipe the Drive - Malware persistence techniques". The goal is to demonstrate obscure configuration changes that malware or an attacker on your computer can leave behind to allow them to reinfect your machine. We will pick up the conversation with techniques #7 and #8. If you missed the first six techniques you can read about those here

Design and Innovation

AngelHack Launches A Startup Accelerator, Bringing Its Hackathon To 30+ Cities This Spring (TechCrunch) AngelHack has always been a little different from your average hackathon -- rather than taking place in one place over one weekend, it has become a global event that takes place in multiple stages. As a result, the projects are usually pretty polished, though not yet at the level of full-fledged startups. Now it's taking another step in that direction with the launch of its very own accelerator

Research and Development

So It Begins: Darpa Sets Out to Make Computers That Can Teach Themselves (Wired Threat Level) The Pentagon's blue-sky researchers are eying computers that can learn on their own, which could make for some advanced new smart machines -- which are simple enough for non-experts to use as well

Academia

Cyber security startups find home at BWTech on UMBC campus (Baltimore Sun) Those entering the University of Maryland, Baltimore County, campus from Interstate 195 find it easy to mistake the buildings on the right side of the road for part of the school, or just miss them completely. Those five buildings make up the BWTech Research and Technology Park and house Life Sciences, Clean Energy and Cyber Security business incubators. The incubators provide office space, mentors, resources and collaborative opportunities for small startup companies in each of the three fields

Legislation, Policy, and Regulation

NASA Tightens Security In Response To Insider Threat (Dark Reading) NASA shuts down database and tightens restrictions on remote access following the arrest of a Chinese contractor on suspicion of intellectual property theft

Experts Tell Congress Serious Deterrence Needed to Impede Foreign Cyber Attacks (Threatpost) The House Foreign Affairs Subcommittee on Europe, Eurasia, and Emerging Threats typically is more concerned with economics and political issues than cyber attacks, but the members spent this morning in a hearing trying to come up with an answer to a fairly straightforward, but thorny question: What consequences are serious and meaningful enough that they will deter U.S. enemies from infiltrating the country's networks? After hearing from several witnesses and chewing the subject over, the members didn't emerge with a solid answer, but there seemed to be consensus around the idea that national laws alone would not solve the network security problem

U.S. cyber plan calls for private-sector scans of Net (Yahoo News) The U.S. government is expanding a cybersecurity program that scans Internet traffic headed into and out of defense contractors to include far more of the country's private, civilian-run infrastructure. As a result, more private sector employees than ever before, including those at big banks, utilities and key transportation companies, will have their emails and Web surfing scanned as a precaution against cyber attacks

DHS well positioned to carry out cybersecurity executive order, says panel (FierceGovernmentIT) The Homeland Security Department is well equipped to carry out the roll called for it by President Obama's Feb. 12 executive order, said panelists speaking at a March 15 event on Capitol Hill hosted by the Congressional Internet Caucus Advisory Committee

FITARA passes House Oversight committee (FierceGovernmentIT) A bill that would change federal information technology buying practices and authorities of IT officials passed the House Oversight and Government Reform Committee March 20 through a unanimous voice vote

CIA hangs on to everything--forever (FierceBigData) Contrary to what some experts have said about a high percentage of the volumes of data currently collected being suitable only for the landfill, Ira "Gus" Hunt, chief technology officer for the Central Intelligence Agency, said in a speech at the GigaOM Structure: Data conference in New York City this week that "The value of any piece of information is only known when you can connect it with something else that arrives at a future point in time." Since you can't connect dots you don't have, Hunt said, the agency tries to collect everything and hang on to it forever

Taxing big data, other software innovation (FierceBigData) Many experts have said that legislators, regulators and other government agencies need to catch up to the realities of emerging technologies such as big data. But they had in mind the issues around security, privacy and intellectual property. The state government in Massachusetts, however, is wasting no time catching up when it comes to taxation. The tech industry in and around Boston is none too pleased

Litigation, Investigation, and Law Enforcement

Microsoft Releases Report on Law Enforcement Requests (New York Times) Microsoft disclosed on Thursday for the first time the number of requests it had received from government law enforcement agencies for data on its hundreds of millions of customers around the world, joining the ranks of Google, Twitter and other

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

CSO40 (Braselton, Georgia, USA, April 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.

Cloud Connect Silicon Valley (Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...

An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, April 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The...

Cyber 1.3 (, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation...

HITBSecConf2013 (Amsterdam, the Netherlands, April 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team,...

SANS Northern Virginia 2013 (Reston, Virginia, USA, April 8 - 13, 2013) This event features comprehensive hands-on technical training fand includes several courses that will prepare attendees for DoD 8570 and GIAC approved certification exams. Four of the courses can apply...

INFILTRATE 2013 (Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.

Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness...

InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...

Cyber Guardian 2013 (Baltimore, Maryland, USA, April 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection,...

A Dialogue on Cyber Warfare from Legal and Corporate Perspectives (New York, New York, USA, April 16, 2013) Conversation on Cyber Warfare and the LawThe Journal of Law & Cyber Warfare in partnership with the Columbia Society of International Law is honored to host this first cutting edge conference on the complex...

Infosec Southwest 2013 (Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending...

Mobile Device Security for Defense and Government (Alexandria, Virginia, USA, April 23 - 24, 2013) This Defense Strategies Institute conference addresses the challenges of operating mobile devices in networks whose security is mission critical. The symposium's overall theme will focus on DOD's plan...

Infosecurity Europe (London, England, UK, April 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every...

INSA Leadership Dinner Featuring Betty Sapp, Director, NRO (Reston, Virginia, USA, April 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community.

23rd Annual Government Procurement Conference (Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.