The "Dark Seoul" attack on banks and media in South Korea was severe. Although by consensus "less sophisticated" than denial-of-service attacks by the Izz ad-Din al-Qassam Cyber Fighters against US banks (not themselves markedly sophisticated) Dark Seoul destroyed data and devices. Attribution remains unclear, but despite finding Chinese fingerprints in the attacks, analysts are shifting their suspicions back to North Korea.
Trend Micro and Sophos talk about how they detected and contained the attack. The relatively simple logic bomb evaded signature-based firewalls and anti-virus software to target a familiar Internet Explorer vulnerability. Security officers should draw at least two lessons: signature-based defenses are increasingly susceptible to bypass, and known vulnerabilities should be closed.
The US Department of Homeland Security warns of a newly discovered vulnerability in Siemens industrial control systems. It also warns of DHS-themed ransomware.
The TeamViewer spyware found in European networks seems directed against activists in Eastern Europe and the former Soviet republics. Toronto's TD Bank suffers a denial-of-service attack similar to those US banks sustained earlier this year.
Weaknesses in the UK's 123.Reg enabled some 300 incidents of domain theft last year.
Australian medical practices receive advice on cyber insurance. NASA's IG thinks the agency's IT security redundancies are too costly, but NASA tightens them anyway in the wake of insider breaches.
The US House of Representatives hears expert testimony that only serious deterrence can be expected to quell cyber attacks. The House also heard that Iran is a bigger cyber threat than either Russia or China.
Today's issue includes events affecting Australia, Belgium, Canada, China, France, Germany, Hungary, India, Iran, Republic of Korea, People's Democratic Republic of Korea, Panama, Russia, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Logic Bomb Set Off South Korea Cyberattack(Wired) A cyberattack that wiped the hard drives of computers belonging to banks and broadcasting companies in South Korea this week was set off by a logic bomb in the code, according to a security firm in the U.S
Trend Micro Deep Discovery Protects South Korean Customers From Attack(PR Newswire) Crippling attacks on banks and media thwarted by advanced threat protection of Trend Micro Custom Defense. Trend Micro Incorporated announced today that customers using its Deep Discovery advanced threat protection product were able to discover and react to the recent cyber-attack before damage could be done. These attacks paralyzed several major banking and media companies, leaving many South Koreans unable to withdraw money from ATMs and news broadcasting crews cut off from their resources
South Korea bank attacks should prompt rethink in U.S.(CSO) DDoS attacks on U.S. banks were more advanced technically, but the attackers of the South Korean banks did much more damage. The simplicity of the malware that paralyzed the computer networks of three banks and two broadcasters in technically sophisticated South Korea is a warning that U.S. corporations need to rethink security. The cybercriminals did nothing out of the ordinary in penetrating the organizations' defenses on Wednesday. They used existing malware called "DarkSeoul," changed its signature to evade the organizations' firewalls and antivirus software, and targeted a well-known vulnerability in Internet Explorer (CVE-2012-1889)
South Korea Bank Hacks: 7 Key Facts(InformationWeek) Data-wiping attacks on Windows and Linux computers may have just focused on random targets to cause chaos, security researchers say
TD Bank hit by 'targeted' cyber attack that knocked out online services(Montreal Gazette) TD Canada Trust (TSX:TD) says it was hit by a "targeted" cyber attack, forcing its banking website and mobile banking service to go offline for several hours. The bank says the denial-of-service attack occurred mid-morning and prevented its customers from logging to its website and mobile site
DHS, ICS-CERT Warn of Siemens HMI Vulnerabilities(Threatpost) The Department of Homeland Security and the ICS-CERT issued an advisory yesterday warning of serious vulnerabilities in Siemens industrial control software deployed in a number of industries including water, gas and oil, and chemical
Recent Reports of DHS-Themed Ransomware(US-CERT) US-CERT has received reports of apparently DHS-themed ransomware occurring in the wild. Users who are being targeted by the ransomware receive an email message claiming that use of their computer has been suspended and that the user must pay a fine to unblock it. The ransomware falsely claims to be from the U.S. Department of Homeland Security and the National Cyber Security Division
TeamViewer-based cyberespionage operation targets activists, researchers say(Computer World) Security researchers have uncovered yet another ongoing cyberespionage operation targeting political and human rights activists, government agencies, research organizations and industrial manufacturers primarily from Eastern European countries and former Soviet Union states. The attacker group behind the campaign was dubbed TeamSpy because they use a malware toolkit built around the legitimate TeamViewer remote access application in order to control infected computers and extract sensitive information from them. The operation was analyzed by researchers from the Laboratory of Cryptography and System Security (CrySyS Lab) of the Budapest University of Technology and Economics, who collaborated with several antivirus companies, including Kaspersky Lab, Symantec and ESET
Guccifer strikes again: A major Silicon Valley venture capitalist's e-mail exposed(Quartz) While one hacker has been exposing wealthy Germans' financial secrets, another has been pulling more high-profile, but arguably more harmless tricks. A hacker going by the nom du pirate "Guccifer" has popped open the inbox of John Doerr, a partner at Kleiner Perkins Doerr, a firm that invested in early in tech giants like Google and Amazon. Doerr is a multi-billionaire and former Intel executive who is routinely cited as one of the most influential people in tech, even though he uses an AOL email account, which to most techies is practically like using pen and paper
Germany's offshore money and the hacker who helped expose it(Quartz) The German newspaper Sueddeutsche Zeitung has published the names (link in German) of wealthy Germans who were or are directors of companies in Panama, a country known as a tax haven. The directors included families behind major automakers, banks and businesses, many of whom denied keeping funds abroad for tax purposes or attributed the actions to now-deceased relatives
Security Hole in Control Panels of UK Registrars Led to Domain Hijacking(Softpedia) Last year, cybercriminals managed to steal around 300 domains by exploiting a vulnerability in the web hosting control panel of UK registrar 123-Reg. In addition to 123-Reg, its believed that four other registrars have been impacted. The Register has learned that a security hole in 123-Regs web hosting control panel allowed anyone with an account to gain access to other accounts simply by modifying the URL from the browsers address bar
PyCon Incident: Two People Fired, DDOS Attack Launched Against SendGrid Site(Softpedia) An incident at the recent PyCon Python developer conference has gotten way out of proportions, resulting in two people getting fired by their companies and distributed denial-of-service (DDOS) attacks being launched against two websites. It all started when two of the developers present at the conference started making jokes that were deemed inappropriate in nature by Adria Richards, a SendGrid developer evangelist. After becoming tired of the dongle and forked repository jokes, Richards took a picture of the two developers and posted it on Twitter
Iran Is a More Volatile Cyber Threat to U.S. than China or Russia(CIO) As members of the intelligence, military and homeland security communities evaluate the emerging cyber threats emanating from hostile nation states, they must consider important distinctions in the capabilities and attack patterns of adversaries like China and Iran, cybersecurity experts told a House subcommittee on Wednesday. Testifying before the House Committee on Homeland Security's cybersecurity subcommittee, witnesses drew a sharp distinction between the threats from comparatively mature actors like China and Russia, with which the United States has longstanding--if strained--diplomatic and economic ties, and nations like Iran and North Korea
Security Patches, Mitigations, and Software Updates
Apple iCloud now comes with two-step verification(SlashGear) Two-step verification (also known as two-factor authentication) is becoming all the rage now. After the recent influx of security breaches and hacks on major services, companies are starting to implement two-step verification to prevent social engineers from
We must end cyber warfare 'Wild West' or risk catastrophe(Public Service Europe) In pursuit of cyber-peace states need to develop international rules of engagement and seek limitations on the use of cyber arsenals against each other as they did with nuclear weapons in the 1940s. It's an increasingly acknowledged fact that the true battleground between nation states is now the cyber-world and not the traditional military field. The use of 'cyber-force' to push through political objectives is increasingly common, as is a shift in the identification of targets towards civilian critical infrastructure systems - which if taken down have the potential to cripple a nation and cause loss of life
Cyber Security a Growing Issue for Small Business(Entrepreneur) As more business owners utilize technology such as cloud computing and mobile devices and apps, the risk of hackers accessing money and sensitive business data becomes more real. The House Committee of Small Business addressed this issue today during a special hearing called, "Protecting Small Businesses Against Emerging and Complex Cyber-Attacks.""Small businesses generally have fewer resources available to monitor and combat cyber threats, making them easy targets for expert criminals," said Chris Collins, chairman of the House's Subcommittee on Health and Technology. "In addition, many of these firms have a false sense of security and believe they are immune from a possible cyber-attack
Security; The non-commodity(infosecisland) For most users and businesses, their primary contact with the world of security solutions is via antivirus. In an enterprise environment, a computer comes preloaded with Antivirus. Updates occur centralized and automatically
Does your practice need cyber insurance?(Pulse+IT Magazine) Mr Waite said Cyber Plus had also received industry advice from a number of antivirus expert companies like Trend Micro and Bitdefender to help design a
Pentagon Urged To Stop Stalling, Start Planning Defense Cuts(Reuters) The Pentagon needs to stop stalling and start figuring out how to cut its budget by $50 billion annually for the foreseeable future in a way that preserves national security, defense analysts from across the political spectrum said on Thursday
Congress Approves Temporary Spending Bill To Keep The Government Open(Washington Post) Congress approved a short-term funding bill Thursday that ends the possibility of a federal government shutdown next week. But a broader budget battle about taxes and spending for the year is just beginning. The stop-gap spending resolution, approved on a broad bipartisan vote in the House, locks in the $85 billion across-the-board spending cuts known as the sequester through the Sept. 30 end of the fiscal year
NASA's redundant IT security tools costly, finds IG(FierceGovernmentIT) NASA has no effective process for tracking information technology security tool requirements or purchases, according to a March 18 NASA office of inspector general report. As a result, redundant technologies are costing the agency. In June 2012, the agency had 242 security assessment and monitoring technologies across nine different control areas--costing a total of $25.7 million
To fix IRS computer security, GAO recommends dozens of corrective actions(FierceGovernmentIT) Serious security weaknesses threaten sensitive taxpayer information, the Government Accountability Office says. The GAO says that in a report it did not release to the public, it recommended in detail that the Internal Revenue Service take 30 specific actions on newly identified information security weaknesses. The problems are related to identification and authentication, authorization, cryptography, audit and monitoring, and configuration management, the GAO says
General Dynamics Fidelis Cybersecurity Solutions opens forensics lab in Columbia(Baltimore Business Journal) General Dynamics Fidelis Cybersecurity Solutions has opened a new forensic lab in Columbia. The new lab at 9055 Guilford Road in Columbia houses 15 forensic examiners who tackle cyber security threats for commercial clients. The company provides cyber security services and products for government agencies and commercial clients and has headquarters in Bethesda and Waltham, Mass
Heads-Up - Premature product - not a proper product to be used for PCI approved Web Scanning(IT Central Station) v2 Review: Premature product - not a proper product to be used for PCI approved web scanningHaving done numerous penetration tests using various manual and automated tools, today we are focusing on a new tool called QualysGuard Web Application Scanning v2.4.1. In the process of doing a pentest, we often use a quality automated tool to check for standard issues while we focus on the much more difficult issues of the testing. As this reduces the time it takes to do a full test, allows us to work more efficiently, and besides who wants to waste time doing monotonous simplistic checking
Wipe the drive! Stealthy Malware Persistence - Part 4(Internet Storm Center) This is my fourth post in a series called "Wipe the Drive - Malware persistence techniques". The goal is to demonstrate obscure configuration changes that malware or an attacker on your computer can leave behind to allow them to reinfect your machine. We will pick up the conversation with techniques #7 and #8. If you missed the first six techniques you can read about those here
Design and Innovation
AngelHack Launches A Startup Accelerator, Bringing Its Hackathon To 30+ Cities This Spring(TechCrunch) AngelHack has always been a little different from your average hackathon -- rather than taking place in one place over one weekend, it has become a global event that takes place in multiple stages. As a result, the projects are usually pretty polished, though not yet at the level of full-fledged startups. Now it's taking another step in that direction with the launch of its very own accelerator
Cyber security startups find home at BWTech on UMBC campus(Baltimore Sun) Those entering the University of Maryland, Baltimore County, campus from Interstate 195 find it easy to mistake the buildings on the right side of the road for part of the school, or just miss them completely. Those five buildings make up the BWTech Research and Technology Park and house Life Sciences, Clean Energy and Cyber Security business incubators. The incubators provide office space, mentors, resources and collaborative opportunities for small startup companies in each of the three fields
Experts Tell Congress Serious Deterrence Needed to Impede Foreign Cyber Attacks(Threatpost) The House Foreign Affairs Subcommittee on Europe, Eurasia, and Emerging Threats typically is more concerned with economics and political issues than cyber attacks, but the members spent this morning in a hearing trying to come up with an answer to a fairly straightforward, but thorny question: What consequences are serious and meaningful enough that they will deter U.S. enemies from infiltrating the country's networks? After hearing from several witnesses and chewing the subject over, the members didn't emerge with a solid answer, but there seemed to be consensus around the idea that national laws alone would not solve the network security problem
U.S. cyber plan calls for private-sector scans of Net(Yahoo News) The U.S. government is expanding a cybersecurity program that scans Internet traffic headed into and out of defense contractors to include far more of the country's private, civilian-run infrastructure. As a result, more private sector employees than ever before, including those at big banks, utilities and key transportation companies, will have their emails and Web surfing scanned as a precaution against cyber attacks
FITARA passes House Oversight committee(FierceGovernmentIT) A bill that would change federal information technology buying practices and authorities of IT officials passed the House Oversight and Government Reform Committee March 20 through a unanimous voice vote
CIA hangs on to everything--forever(FierceBigData) Contrary to what some experts have said about a high percentage of the volumes of data currently collected being suitable only for the landfill, Ira "Gus" Hunt, chief technology officer for the Central Intelligence Agency, said in a speech at the GigaOM Structure: Data conference in New York City this week that "The value of any piece of information is only known when you can connect it with something else that arrives at a future point in time." Since you can't connect dots you don't have, Hunt said, the agency tries to collect everything and hang on to it forever
Taxing big data, other software innovation(FierceBigData) Many experts have said that legislators, regulators and other government agencies need to catch up to the realities of emerging technologies such as big data. But they had in mind the issues around security, privacy and intellectual property. The state government in Massachusetts, however, is wasting no time catching up when it comes to taxation. The tech industry in and around Boston is none too pleased
Litigation, Investigation, and Law Enforcement
Microsoft Releases Report on Law Enforcement Requests(New York Times) Microsoft disclosed on Thursday for the first time the number of requests it had received from government law enforcement agencies for data on its hundreds of millions of customers around the world, joining the ranks of Google, Twitter and other
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CSO40(Braselton, Georgia, USA, April 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley(Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...
Cyber 1.3(, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation...
HITBSecConf2013(Amsterdam, the Netherlands, April 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team,...
SANS Northern Virginia 2013(Reston, Virginia, USA, April 8 - 13, 2013) This event features comprehensive hands-on technical training fand includes several courses that will prepare attendees for DoD 8570 and GIAC approved certification exams. Four of the courses can apply...
INFILTRATE 2013(Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
Information Tech Expo Series - Hawaii(Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness...
InfoSec World Conference & Expo 2013(Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
Cyber Guardian 2013(Baltimore, Maryland, USA, April 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection,...
Infosec Southwest 2013(Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending...
Mobile Device Security for Defense and Government(Alexandria, Virginia, USA, April 23 - 24, 2013) This Defense Strategies Institute conference addresses the challenges of operating mobile devices in networks whose security is mission critical. The symposium's overall theme will focus on DOD's plan...
Infosecurity Europe(London, England, UK, April 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every...
INSA Leadership Dinner Featuring Betty Sapp, Director, NRO(Reston, Virginia, USA, April 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community.
23rd Annual Government Procurement Conference(Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.