skip navigation

More signal. Less noise.

Daily briefing.

Indonesian hacktivists claim responsibility for attacks on Australian sites. The Indonesian government gives that nation's telcos a week to inspect their records for evidence that they were complicit in alleged electronic surveillance by Australian intelligence.

Other Indonesian and Malaysian hacktivists deface Chinese government sites with unclear motives (ethnic resentments may be in play).

Former US DCI Michael Hayden says the Syrian Electronic Army is effectively a tool of Iran. (And a Syrian defector who hacked their servers before he departed the country says officers of Syria's Mukhabarat spend much of their workday surfing not-safe-for-work sites.)

Spam spoofing an AV vendor patch notification carries a Zeus payload. A Trojan recently discovered targeting SAP client apps seems partially based on Carberp code. Another old threat—Conficker—is still making its rounds.

Social engineers are probing bank call centers. New malicious spam impersonating WhatsApp carry a malicious payload that pulls infected machines into a botnet. McAfee detects new efforts to circumvent Android digital signature app validation.

CryptoLocker continues its malign spread, with over 12,000 new victims this week. High turnover in command-and-control servers helps it thrive: it rarely uses a server for more than a week.

Prolexic warns of rising distributed reflection denial-of-service attacks.

Increased military use of COTS technology prompts fresh concerns over supply chain cyber security.

The cyber insurance subsector's tentative growth is inhibited mainly by scanty threat data—more sharing is needed.

Pakistan's military says it has new software that renders its installations hack-proof (observers are reluctantly moved to skepticism).

Notes.

Today's issue includes events affecting Australia, Austria, Belgium, China, Finland, Germany, India, Indonesia, Iran, Luxembourg, Malaysia, Netherlands, Nigeria, Norway, Pakistan, Sweden, Switzerland, Syria, United Kingdom, United Nations, United States..

Cyber Attacks, Threats, and Vulnerabilities

Indonesian Hackers Take Credit for Australia Cyber Attacks (Jakarta Globe) The websites of the Australian Federal Police and the Reserve Bank of Australia have been the victims of an apparent cyber attack, with reports Thursday blaming Indonesian hackers

Code–Newbie Team from Indonesia and Malaysia Hacks 44 Chinese Government Domains (Hack Read) A group of Indonesian and Malaysian hacker going with the handle of Code-Newbie has hacked and defaced 44 Chinese government sub-domains belonging to Fifth Agriculture Division of the country

Hayden: Pro–Syrian hacker group working with Iran (The Hill) The pro-Syrian hacker group, dubbed the "Syrian Electronic Army" is likely working in conjunction with or directly for Iranian military and intelligence on cyber warfare operations

Hackers Broke Into Syria's Secret Police Computers And Found…Porn (Forbes) An exiled Syrian hacker has claimed to have cracked the systems of the country's brutal secret police to find evidence that intelligence officers spent their working days watching pornography

Spam from an anti–virus company claiming to be a security patch? It's Zbot/Zeus malware… (Naked Security) Julie Yeates of SophosLabs (thanks Julie!) alerted us earlier today to a spam campaign that seemed to originate from a whole raft of different security and anti-virus companies

Trojan program steals log-in credentials, other sensitive data from SAP client applications (ComputerWorld) A recently discovered malicious program steals log-in passwords and other sensitive information from SAP client applications and allows cybercriminals to access SAP servers from infected workstations

SAP Trojan based partially on Carberp code (Help Net Security) Bit by bit, details about the first information-stealing Trojan discovered targeting SAP enterprise software are being unveiled, and Microsoft researchers have tied at least part of its source code to that of the infamous Carberp banking Trojan

Five Years Old And Still On The Run: DOWNAD (TrendLabs Security Intelligence Blog) Five years ago, Conficker/DOWNAD was first seen and quickly became notorious due to how quickly it spread and how much damage it caused

Financial Institution Call Centers Targeted By Social Engineers (Dark Reading) One in every 2,500 calls to these sites is from a fraudster trying to steal money, new report says

Fake WhatsApp 'Voice Message Notification' themed emails expose users to malware (Webroot Threat Blog) We've just intercepted a currently circulating malicious spam campaign impersonating WhatsApp — yet again — in an attempt to trick its users into thinking that they've received a voice mail. Once socially engineered users execute the malicious attachment found in the fake emails, their PCs automatically join the botnet operated by the cybercriminal(s) behind the campaign

Newly released proxy–supporting Origin brute–forcing tools targets users with weak passwords (Webroot Threat Blog) In need of a good reason to immediately improve the strength of your Origin password, in case you don't want to lose access to your inventory of games, as well as your gaming reputation? We're about to give you a pretty good one

New threats subverting digital signature validation (Help Net Security) McAfee Labs found new efforts to circumvent digital signature app validation on Android-based devices. The McAfee Labs team identified a new family of mobile malware that allows an attacker to bypass the digital signature validation of apps on Android devices, which contributed to a 30 percent increase in Android-based malware

Botnets Hike Usage of Google Cloud (Industrial Safety and Security Source) Mobile botnets are on the rise and one of the areas attackers are using the Google Cloud Messaging service as a stepping off point to send data from command-and-control servers to malware, researchers said

Ransomware Running Wild… (Industrial Safety and Security Source) There have been over 12,000 victims of the malware CryptoLocker in less than a full week, which has been locking up computers with ransomware over the past couple of months, researchers said. "CryptoLocker servers are changed very often – it is rare that a command-and-control server remains online for more than a week," according to security technology company Bitdefender Labs

Soaring price of Bitcoin prompts CryptoLocker ransomware price break (Ars Technica) CryptoLocker operators may be ruthless, but they don't lack business smarts

What You Need To Know About CryptoLocker (Dark Reading) CryptoLocker ransomware is terrorizing home and business users alike. Here's how to protect yourself

A spurned techie's revenge: Locking down his ex's digital life (Ars Technica) Revenge porn is just the tip of the iceberg when it comes to cyber-domestic abuse

DrDoS attacks—They're new and they're coming for you (FierceITSecurity) There is a new kind of cyber threat on the horizon. It's called a distributed reflection denial of service attack and it's on the rise, according to security firm Prolexic Technologies

Call Me i$Hm@eL (Pacific Standard) At the peak of his career in the late-2000s, a mysterious online figure from Eastern Europe attained the position of administrator of DarkMarket. He had climbed to the highest rung of one of the most significant cybercriminal forums—where stolen credit-card data and other illicit goods and services are traded—in history. But before he could do all that, he had to choose a nickname

Security Patches, Mitigations, and Software Updates

LG says it will push out firmware update for spy TVs, but fails to apologise (Graham Cluley) LGSmart TV manufacturer LG, which is embroiled in a controversy after reports that their devices were spying on what channels viewers were watching, has issued a statement

Serious security hole in Gmail password reset system found by security researcher (Graham Cluley) Google passwordA security researcher has uncovered what Google has described as a "high impact" bug in its account recovery process, which could have potentially allowed hackers to trick users into handing over their passwords

Cyber Trends

Threat Grows for Cyber-Physical Systems (SIGNAL) The rapid adoption of commercial firmware and software for cybersystems serving the critical infrastructure is increasing vulnerabilities that potentially could lead to devastating system failures, according to a report issued by a cybersecurity organization. In some cases, these diverse systems also are threatened by their legacy nature, which is a barrier to implementing necessary cybersecurity measures

Threat Intel To Deliver Some Benefits To Cyberinsurance (Dark Reading) About a third of large companies have a cyberinsurance policy, but the industry still has issues measuring risks and gauging threats

Learn cyber conflict history, or prepare to repeat it (Armed Forces Journal) "There have been at least seven major "wake-up calls" in cyber conflict, attacks or other events that shocked and surprised defenders and decisionmakers, then were promptly forgotten until a similar shock "awakened" a new cohort of cyber leaders. This pattern will repeat itself until policymakers and practitioners pay attention to history"

The Need for a Cyber Attack Warning System (Recorded Future) In the 1960s, one of the largest threats being faced was nuclear warfare. The development of satellites capable of detecting nuclear launches or explosions was a decade away, but the United States and the United Kingdom needed a means of detecting if they were under nuclear attack

Google's Eric Schmidt: 'the solution to government surveillance is to encrypt everything' (The Verge) Since revelations of the NSA's widespread data collection and monitoring earlier this year, Google has staunchly denied working with the government agency and has taken it to task on a number of occasions. After calling the NSA surveillance "outrageous" earlier this month, Google executive chairman Eric Schmidt has come out against the agency again in an interview with Bloomberg News. "The solution to government surveillance is to encrypt everything," Schmidt said in a speed at the Johns Hopkins University School of Advanced International Studies

Why Nigerian Banks Will Keep Losing Money to e–Fraud (This Day Live) The recent loss of money recorded by the Central Bank of Nigeria (CBN) has not only given researchers a case study but has shown that the acclaimed tools and techniques currently used by Nigerian banks are not sufficient

Better education required to counter 'culture of carelessness' and protect mobile data from hackers (Computing) More education is needed to counter a "culture of carelessness" within UK businesses that is leaving them vulnerable to computer hackers and other cyber threats

John Halamka: Looming HIT mandates 'too big in scope' (FierceHealthIT) In the wake of the much maligned HealthCare.gov rollout, John Halamka, CIO at Boston-based Beth Israel Deaconess Medical Center, says that he sees signs that even "well resourced" health institutions will have a hard time with various health IT mandates that are on the horizon

Most senior execs clueless about handling data breaches, survey finds (FierceITSecurity) Senior business leaders are not prepared for a data breach, with fewer than one in four knowing enough to take the lead should a breach occur, according to a survey of 341 senior executives and in-depth interviews with 17 senior executives conducted by the Economist Intelligence Unit on behalf of HP

Rise in targeted attacks pushes firms to managed security services (FierceITSecurity) An increase in targeted attacks against enterprises in Europe, the Middle East and Africa has prompted many to turn to managed security services to secure their organizations, according to a new report from Frost & Sullivan

The enemy within (Help Net Security) Recent high-profile cases in the press have called attention to the threat the trusted insider can pose to the security of an organization. A recent survey highlighted that employees often have access rights that are way beyond the ones they actually require for their roles. Another survey by the University of Glasgow showed the risks posed to corporate data by employees using consumer-based cloud services such as Dropbox

'Encrypt everything:'' Google's answer to government surveillance is catching on (CSO) And the Giants of the Web seems to agree in the wake of recent NSA spying revelations. Lock it all down!

Why current security efforts are like using bayonets against a modern army (CSO) I recently sat on a panel with people working on these approaches, professionally, before I was born. And they lament that they've been "fighting the same battle" for over 40 years without success. It's time for security to evolve

Marketplace

Critics say U.S. tech companies could suffer in warning against China-based cloud services (CSO) Congressional commission says that security risk could lead to backlash against American tech companies

The hacker hunters (Financial Times) An elite battalion of largely twentysomething experts are on the front line of corporate cyber defence

PasswordBox Acquires Legacy Locker (Dark Reading) Acquisition follows the recent announcement that PasswordBox has raised $6 million

Tony Moraco on The 'New' SAIC, Post–Spinoff Goals & Changing Market Strategy (Executive Biz) Tony Moraco - SAIC, ExecutiveMosaicAfter more than four decades of doing business as Science Applications International Corp., the iconic contractor founded by Dr. Robert Beyster divided into two independent companies in September

SRA Appoints Tom Nixon, Executive Vice President and Chief Growth Officer (4-Traders) SRA International, Inc., a leading provider of IT solutions and professional services to government organizations, today announced the company has appointed Tom Nixon as Executive Vice President and Chief Growth Officer

TeraDact Solutions, Inc. names Gus Hunt Chief Cyber Strategist (Virtual-Strategy Magazine) TeraDact Solutions, Inc. (www.teradact.com), a privately held Missoula, Montana-based software company, announced today at Bloomberg, The Year Ahead: 2014, that Ira A. (Gus) Hunt, the former Chief Technology Officer for the Central Intelligence Agency, has joined the company as Chief Cyber Strategist and will also serve on the TeraDact Advisory Board

Products, Services, and Solutions

Solutionary Formalizes Critical Incident Response Services Offering (Wall Street Journal) The new offerings include Incident Response Planning, Incident Response Plan Testing, Forensics and Malware Analysis. Solutionary CIRS are available at

Security Innovation Releases NTRU Public Key Cryptography to Open–Source Community to help fend off looming "Cryptopocalypse" (Hispanic Business) Security Innovation, an authority in application and crypto security, today announced the availability of NTRU crypto for free use in open-source software. With its small footprint, high speed, future-proof security, and IEEE and X9 standards adoption, NTRU is poised to become the de facto crypto in the post-RSA world

EPA experiments with Thunderclap (FierceGovIT) Late last month the Environmental Protection Agency experimented with a new social media tool designed to amplify a single message across social networks called Thunderclap. The tool is open to all agencies for use based on federal-friendly terms of service recently negotiated by the General Services Administration

Tresys Technology Announces Availability of New Product Tresys MobileFortress™ (Hispanic Business) Tresys Technology, a leading provider of cyber defense technology and engineering services to our nation's defense, intelligence and critical infrastructure organizations, announced today the general availability of Tresys MobileFortress for Android, a secure mobile operating system for Government and Commercial Enterprise mobile platforms

Technologies, Techniques, and Standards

Replacing Security Best Practices with Things that Actually Work (Threatpost) The term "best practices" is high on the list of overused and nearly meaningless phrases that get thrown around in the security field. It forms the basis for regulations such as HIPAA and PCI DSS and yet if you asked a random sample of 10 security people what the phrase meant, you'd likely get 10 different answers. But what if there aren't actually any best practices

NIST focused on outcomes for privacy appendix in cybersecurity framework, says Lefkovitz (FierceGovIT) The privacy appendix contained within the private sector critical infrastructure cybersecurity framework being developed by the National Institute of Standards and Technology is meant to tie into corresponding cybersecurity practices, a NIST official said during a Nov. 8 workshop

Are tablets secure enough for business? (Help Net Security) Amazon is launching its first enterprise-ready tablet. A smart move, as the much-loved mobile device can finally be integrated into business. However it does beg the question, how can SMEs ensure they are prepared for this new mobile device onslaught

Preventing cyber attacks not enough, justifying investments too, CIOs told (CIOL) Despite the increasing security threats, most organizations are only reactive to security issues instead of being proactive. In such a situation, CIOs have to not only justify the security spending by preventing cyber attack on their organizations but also build convincing metrics

5 Ways To Keep Big Data From Going Bad (CRN) While the collection and analysis of troves of data offer potential societal benefits, the public needs to understand the risks it poses on individual privacy and security, said Barton Gellman, a two-time Pulitzer Prize winning author and reporter who is one of three journalists still reviewing National Security Agency documents leaked by Edward Snowden

Financial Services Industry Proposes Security Controls For Third–Party, Open–Source Software (Dark Reading) FS-ISAC addresses potential dangers of insecure software components used by financial firms

Study: Most Application Developers Don't Know Security, But Can Learn (Dark Reading) Solid training of app developers can reduce vulnerabilities, Denim Group study says

IT Security Best Practices For Cyber Monday (Dark Reading) Businesses need to prepare for the prevalence of malware hidden in cheerful holiday greetings

Academia

Is It Fair to Steer Students into STEM Disciplines Facing a Glut of Workers? (IEEE Spectrum) The argument over whether or not there is a shortage of qualified STEM workers was replayed once more in a story this past week in a Chronicle of Higher Education article titled, "The STEM Crisis: Reality or Myth." Unfortunately, you need to be a subscriber to gain full access to the article, but I thought a few quotes from the usual suspects claiming there is a STEM crisis in the United States would be enlightening

Legislation, Policy, and Regulation

All military installations including GHQ now fool-proof for cyber attacks (The News Tribe) Pak Army now has taken big step and created a new software to make fool proof all military installations including General Head Quarter

Iran Blocks Encrypted Chat Service Despite Claims of Internet Freedom (Mashable) Iranian officials have promised more Internet freedom since Hassan Rouhani was elected in June. However, many websites and social networks, like Facebook an Twitter, remain blocked

Father of Web says China will dismantle 'great firewall' (Reuters via The West Australian) China's rulers will ultimately take it upon themselves to dismantle the "great firewall" that limits its people's access to the Internet because doing so will boost China's economy, the inventor of the World Wide Web said

Sir Tim Berners–Lee Blasts "Insidious, Chilling Effects" Of Online Surveillance, Says We Should Be Protecting Whistleblowers Like Snowden (TechCrunch) The rising tides of online surveillance, and the lack of safeguards from governments to protect individuals against them, are having a disastrous effect on how the internet will grow and have an impact in the future -- possibly even more than censorship, the inventor of the World Wide Web said today. Speaking at the launch of the Web Index, an annual piece of research from the World Wide Web

U.N. anti–spying resolution weakened in bid to gain U.S., British support (Reuters via Chicago Tribune) A draft U.N. resolution that some diplomats said suggested spying in foreign countries could be a human rights violation has been weakened to appease the United States, Britain and others ahead of a vote by a U.N. committee next week

Revelations about Britain's intelligence agencies 'chipping away' at public support for their work, says Nick Clegg (The Independent) Deputy PM responds to recent disclosure that Blair government gave US permission to store and analyse email, mobile phone and internet records of potentially millions of Britons

Congress Draws Battle Lines Over NSA Phone Snooping Program (PC Magazine) In the wake of revelations about the National Security Agency's domestic surveillance programs over American phone records and Internet activities, Congressional leaders are demanding reform to rein in the agency's broad powers

Most of NSA's data collection authorized by order Ronald Reagan issued (Miami Herald) The National Security Agency's collection of information on Americans' cellphone and Internet usage reaches far beyond the two programs that have received public attention in recent months, to a presidential order that is older than the Internet itself

Spy Agency Excuse Absurd, Revolting (Wheeling News Register) Sit down for this one. You're not going to like it…"Blame the computer" just won't do

Poll: Many View NSA Intrusions as Unjustified (WTMA) Public belief that the National Security Agency unnecessarily intrudes on privacy rights has grown, but so has the sense that Edward Snowden damaged U.S. security by disclosing the spy agency's activities — with the latter a more powerful factor in views on charging him with a crime

Majority: Snowden leaks hurt national security (The Hill) A majority of people in the United States says Edward Snowden's leaks damaged U.S. national security

OMB: Agencies must implement continuous monitoring by 2017 (Federal Times) Agencies have until fiscal 2017 to implement continuous monitoring of information systems, according to guidance released Monday by the Office of Management and Budget

Obama administration looks to scrub security clearance list (Politico) The Obama administration has ordered a government-wide reassessment of how almost 5 million Americans have been granted classified information security clearances and whether each person currently approved to see sensitive national security secrets truly has a need for such access

Proposed security clearance regulation inadequate in current form, says GAO official (FierceGovernment) A regulation jointly proposed by the Office of the Director of National Intelligence and the Office of Personnel Management to update the position designation process is inadequate, said a Government Accountability Office official

Litigation, Investigation, and Law Enforcement

Indonesia's telcos to investigate their role in the phone tapping of president (The Guardian) Communications minister gives phone companies a week to investigate whether they helped Australian spies

New forensics lab will help police take the fight to cyber criminals (Canberra Times) Cyber criminals will be in the cross-hairs as part of operations at the Australian Federal Police's new multimillion-dollar forensics centre

Feds say Silk Road suspect's computer shows he (thought he) plotted 6 murders (Ars Technica) New court filings against Ross Ulbricht, the young Texan accused of being the mastermind behind the notorious Silk Road website, show new and compelling evidence that he was the man at the helm

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

New Resources to Grow Cyber Security Companies in Maryland (Rockville, Maryland, USA, November 25, 2013) Learn about new resources available locally to grow your cybersecurity company, including the Maryland Cybersecurity Investment Incentive Tax Credit and the Montgomery County Supplemental Incentive Program...

Oil and Gas Cyber Security 2013 (London, England, UK, November 25 - 26, 2013) It has been stated that by 2018 the oil and gas industry will be spending up to $1.87 billion on cyber security. The hugely increased demand to protect a multi-billion dollar global industry is being spurred...

IT Forum Expo/Black Hat Regional Summit (, January 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions...

DefCamp 2013 (Bucharest, Romania, November 29 - 30, 2013) DefCamp is one of the most important conferences on hacking & information security in South-East Europe, bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under...

2nd Annual East Africa IT and Cyber Security Convention 2013 (Nairobi, Kenya, November 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber...

Operationalize Threat Intelligence (Webinar, December 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data...

Cloud Security Alliance Congress 2013 (Orlando, Florida, USA, December 4 - 5, 2013) The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering...

SINET Showcase: THE SINET 16 (Washington, DC, USA, December 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present...

The 8th International Conference for Internet Technology and Secured Transactions (London, England, UK, December 9 - 12, 2013) The 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013) is an international refereed conference dedicated to the advancement of the theory and practical implementation...

World Congress on Internet Security (London, England, UK, December 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the...

ACSAC 2013 (New Orleans, Louisiana, USA, December 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and...

2013 ASE International Conference on Cyber Security (Orlando, Florida, USA, December 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange...

Cyber Defense Initiative 2013 (Washington, DC, USA, December 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.