Hacktivists and cyber-rioters remain relatively quiescent for a second day (although Anonymous claims a Microsoft take-down no one else seems to have much noticed).
Cyber criminals, however, continue their expected high crime tempo. Trend Micro warns of malware masquerading as AutoCAD, the apparent role of which is to serve as a preparation for further attacks. Symantec describes Linux Trojan "Linux.Fokirtor," which stealthily exfiltrates stolen data. Kaspersky researchers find a crime marketer offering a kit that seeds code into banking sites viewed with IE or Firefox. (The offeror claims the ability to attack "about 100" banks.) CSIS dissects the crimekit "Atrax," which goes for the low price of $250 on the black market. EvilGrab is still out there, mostly in Japan and China.
Security experts urge vigilance over vulnerabilities in Ruby on Rails and InMobi. And CryptoLocker remains a threat: small businesses should be particularly alert during the holidays.
The black market continues to mirror the legitimate market. Hackers-for-hire fill the criminal labor market, and (since there's no honor among thieves) fraudsters find themselves in need of fraud protection.
KnowBe4 estimates the costs of cybercrime at $113B. Symantec's CEO finds IP theft a bigger worry than cyber war. Analysts continue to see US IT international sales depressed by surveillance fears.
NIST's cyber security framework is summarized by ISSS.
The UN passes a digital privacy resolution. France's National Assembly, unimpressed, debates extending electronic surveillance; the US Senate considers restricting it. Activists say Google could knock down the Great Firewall in ten days.
Today's issue includes events affecting China, Estonia, France, Germany, India, Japan, Kenya, NATO, New Zealand, Pakistan, Russia, Saudi Arabia, Sweden, United Kingdom, United Nations, United States..
Why Crimekit Atrax will attract attention(CSIS) CSIS researchers have observed an introduction of a new commercial crimekit being sold on several underground web forums. The kit is dubbed "Atrax" and is both a cheap kit – costs less than $250 for the main platform - as well as it utilizes the TOR protocol for stealthy communication with C&Cs from where it is intended to get instructions, updates and new modules
EvilGrab's Evil, Still Propagating(TrendLabs Security Intelligence Blog) Recently, Trend Micro published findings on a new campaign called EvilGrab that typically targets victims in Japan and China. This campaign is still attacking users, and we have now acquired a builder being used to create binaries of this campaign
Finding Cryptolocker Encrypted Files using the NTFS Master File Table(Security Braindump) For the most part, everyone seems to be familiar with the new variants of Cyptolocker making the rounds these days. To quickly summarize, this form of ransomware that encrypts documents and pictures found on local and mapped network drives in an attempt to obtain payment for the decryption keys. The attackers are using decent encryption and the malware is very efficient
SAP–targetting Gameker Malware Linked to Carberp(InfoSecurity Magazine) Gameker, the information-stealing trojan that was recently found to be targeting the log-on client for SAP, caused alarm thanks to the size of the addressable victim pool: SAP makes enterprise software applications for tracking and managing business operations, and is used by an estimated 86% of Forbes 500 companies
An Anti–Fraud Service for Fraudsters(Krebs on Security) Many online businesses rely on automated fraud detection tools to weed out suspicious and unauthorized purchases. Oddly enough, the sorts of dodgy online businesses advertised by spam do the same thing, only they tend to use underground alternatives that are far cheaper and tuned to block not only fraudulent purchases, but also "test buys" from security researchers, law enforcement and other meddlers
Evolution of Attackers–for–Hire(GovInfoSecurity) The emergence of attackers-for-hire is a troubling trend in cybercrime, and one particular group is changing its techniques to gain access to computer systems, says Symantec researcher Kevin Haley
Saudi Aramco denies suffering another cyber attack(Reuters via the Chicago Tribune) Saudi state oil company Saudi Aramco said on Tuesday it had shut some of its computers for an upgrade and denied it had suffered a cyber attack similar to one it experienced last year
Did LG try to hide its tracks in Smart TV spying incident?(FierceCIO: TechWatch) LG Electronics admitted that its smart televisions track what consumers are watching. The spying first came to light when a security researcher decided to dig around after his new LG Smart TV started displaying ads
FTSE 350 Companies Face Cyber Attack Risks(shareprices.com) In July 2013, the Department for Innovation, Business and Skills asked FTSE 350 listed companies to take part in a cyber risk assessment study. The study revealed that cyber leaks at major companies are a major risk to the UK's economic growth and the security of the country
Why we are losing the cyber security war and what we can do about it(NetworkWorld) If this year's attacks on Adobe, LexisNexis, NASDAQ, US Airways, and dozens of other large and technologically sophisticated US enterprises didn't provide sufficient evidence that we are losing the cyber security war, the ongoing breaches by Anonymous make it undeniable. Why are the world's most IT savvy companies unable to keep attackers out of their networks
How Much Does Cybercrime Cost? $113 Billion(IEEE Spectrum) According to Internet security awareness training firm KnowBe4, the losses attributable to cybercrime total US $113 billion. Take a moment to let that astounding number sink in
Meg Whitman hit the reset button at Hewlett Packard, and it just might have worked(Quartz) The numbers: Pretty good, on balance. Revenue for the fourth quarter was down 3% from a year ago, falling to $29.1 billion, but this is the smallest decline, in percentage terms, in nine quarters. Net income came in at $1.4 billion, or $1.01 per share, ahead of Wall Street consensus for $1.00, according to FactSet. The recovering PC, printing and server giant also reaffirmed its forecast for earnings in fiscal 2014 to come in between $3.55 to $3.75 per share. Wall Street expects $3.64. The stock is flying, up about 6% in after-hours trading
Norman Shark Sees Major Revenue Stream With Blue Coat Partnership(Digital Journal) Norman Shark, the global security leader in malware analysis solutions for enterprises, service providers and government entities, sees as much as a 50% increase in revenue this year and expects to more than double their revenue by 2016 according to the company's announcement in this week's blog "Blue Coat and Norman Shark partner to provide comprehensive threat protection to the enterprise"
SAIC Awarded Contract by U.S. Space and Naval Warfare Systems Center Atlantic(Virtual-Strategy) Science Applications International Corporation (SAIC) (NYSE:SAIC) announced today that it was awarded a prime contract by the U.S. Space and Naval Warfare Systems Center Atlantic (SSC Atlantic) to provide transport, computing and infrastructure support services related to command, control, communications, computers, combat systems, intelligence, surveillance, and reconnaissance (C5ISR)
Chris Goodrich Promoted to ManTech Cyber Group EVP(GovConWire) Chris Goodrich, who joined ManTech International (NASDAQ: MANT) in 2009 and a former senior vice president, has been promoted to EVP and chief operating officer of the Fairfax, Va.-based contractor's mission, cyber and intelligence solutions group
Bitcoin community offers up $10K bug bounty(SC Magazine) Technology giants – such as Google, Microsoft and Yahoo – offer up big rewards to researchers who report critical vulnerabilities. Bitcoin users are now offering up their own type of bug bounty
F–Secure launches KEY, a secure password manager(Help Net Security) F-Secure Key safely stores your passwords, user names and other credentials so that you can access them wherever you are through one master password. Your personal data is strongly encrypted to keep it safe, and all F-Secure Key servers are owned and operated by F-Secure within the European Union
NIST Cybersecurity Framework: What it Means(Industrial Safety and Security Source) You may have heard some buzz in the press about the release of the Cybersecurity Framework Draft from the U.S. National Institute of Standards and Technology (NIST). However, you may not know much about its background. And you probably don't know what it may mean to you as a control or security professional. This should give you a high level overview of the genesis of this document and some handy points of reference
ONC's Joy Pritts on Breach Prevention(Healthcare Info Security) Healthcare organizations should make widespread use of encryption because it's the single most essential technology to use for breach prevention, says Joy Pritts, chief privacy officer at the Office of the National Coordinator for Health IT
A New Way to Prevent Card Data Security Breaches(Storefront Backtalk) All retailers and any business that processes payment should have a new document on hand that is meant to prevent and mitigate some of the millions of dollars in losses from card data breaches annually
How Small Businesses Can Win On Security And Speed This Cyber Monday(Forbes) Cyber Monday is looming and more holiday shoppers than ever will buy online, skipping the crowds and snapping up last minute deals and free shipping. Next Monday is expected to produce $1.8 billion in sales – up 13.1% on last year, according to research group, IBISWorld. But, if you're a small business outsourcing most of your data storage and security to the cloud, it can be confusing to know what you should be doing to make sure your website is fast and secure
Cyber Wargaming: The Power of Disruptive Thinking(C4ISRNet) Cyber wargaming (or, as many call it, cyber attack simulation) has really taken off lately, and not just in the defense and intelligence communities. It has permeated throughout the government, the military and the intelligence communities and is rapidly making headway into the business community as well, particularly within the critical infrastructure provider community
Overcoming the data privacy obstacle to cloud based test and development(Help Net Security) How many times have data security and privacy constraints brought your key application development initiatives to a screeching halt? It usually occurs right around the time when contractors or outsourced vendors are called in to test the latest features or train users on major system enhancements but they are unable to do so. Why? The sensitive data that has traditionally been used to facilitate such activities now comes with some serious strings attached
Why BYOD actually increases security, based on the recent findings shared by Sophos (CSO) Businesses naturally manage risk. All risks, including finding and increasing revenue. Part of the process is the search for and adoption of new solutions and technologies that reduce the cost and increase the capability of driving new revenue. Due to the continued struggle for security to create, measure, and effectively communicate value, BYOD is poised to increase security and lower risks -- while providing a demonstrable value to the business
Oubliez les mots de passe, pensez phrases de passe !(CNET France) Pourquoi choisir des mots de passe compliqués et pourtant piratables, quand il suffit d'utiliser quatre mots aléatoires ? Attention, j'ai bien dit aléatoires. Pas quéstion d'aller chercher votre phrase dans la Bible ou dans un bouquin
Research and Development
NSA testing how to handle classified data over unsecured networks(Federal News Radio) In the view of the National Security Agency, just because information is classified doesn't mean authorized users should only be able to view it while they're tethered to their desks. So NSA is looking for ways to access classified information on tablets and smartphones over transport mechanisms and on devices that would have been unthinkable a few years ago
UN Passes Anti–spying Resolution(SecurityWeek) A UN rights committee on Tuesday passed a "right to privacy" resolution pressed by Germany and Brazil, which have led international outrage over reports of US spying on their leaders
The right to privacy in the digital age(United Nations General Assembly) The General Assembly, reaffirming the purposes and principles of the Charter of the United Nations, reaffirming also
the human rights and fundamental freedoms enshrined in the Universal Declaration of Human Rights and relevant international human rights
treaties, including the International Covenant on Civil and Political Rights and the International Covenant on Economic, Social and Cultural Rights
Uproar over French plan to extend online spying(The Local) Google and other internet giants have reacted angrily to the French government's plans to extend its surveillance of emails, phone calls and online behaviour, as the National Assembly met on Tuesday to discuss the proposal
Did NSA Secretly Tap the Internet Backbone?(CIO Today) Earlier this month, reports surfaced that the documents released by former NSA contract employee Edward Snowden showed the NSA had tapped the transmissions to and from Google's and Yahoo's data centers. The taps meant that the agency had access to hundreds of millions of user accounts, many of which are owned by Americans
Debate: Does Spying Keep Us Safe?(NPR) The recent revelations about National Security Agency surveillance programs have renewed the debate over the balance between national security and civil liberties
Surveillance Is Too Important to Be Left to the Generals(Politico) With each revelation of the National Security Agency's vast surveillance network, one thing is becoming clear: The generals charged with designing and managing the agency's initiatives—NSA Director Keith Alexander and Director of National Intelligence James Clapper—have been unable or unwilling to call attention to critical program details with broad societal implication
U.S Senators wants the NSA PRISM program to stop(Venture Capital Post) Three U.S senators, Ron Wyden of Oregon, Mark Udall of Colorado, and Martin Heinrich of New Mexico published an op-ed in the New York Times today, exhorting the U.S Senate to stop encouraging and giving NSA the green light on its "dragnet" surveillance programs. This follows after the recent revelation of NSA's activities that made everyone cry foul, including the government officials now
The Secret Story of How the NSA Began(The Atlantic) Congress was surprised to find that a federal intelligence agency they'd scarcely heard of was bigger and more powerful than one that they'd created
Home Alone(Foreign Policy) With Keith Alexander out fighting fires, meet the woman who's really running the NSA
Privacy, Human Rights Groups Form New Anti–Surveillance Coalition(Threatpost) A large group of privacy and digital rights organizations has put together a new effort to urge politicians to curtail the mass surveillance operations that have been exposed in the last few months. The new coalition has developed a set of 13 principles for governments to follow in their intelligence gathering efforts and started a petition that it plans to deliver to the United Nations and governments around the world
Thirteen Rules of Intelligence(IMSL Insights) Admiral John Henry Godfrey, Director of Naval Intelligence from 1933 to 1935, was instrumental in the development of the OSS, a predecessor to the CIA, and he is alleged to be the inspiration for the character 'M' in the James Bond books — Ian Fleming was his 2ic
Litigation, Investigation, and Law Enforcement
NSA fingered in Dotcom scandal(Stuff) Police document on Kim Dotcom case makes passing reference to "data supplied to the GCSB" - raising questions of whether America's National Security Agency spied on the German millionaire. Kim Dotcom's lawyers have accused the government's electronic spy agency and police of deliberately withholding information crucial to their court case
WikiLeaks's Julian Assange unlikely to face charges(Naked Security) US officials certainly don't like that he published top-secret documents, but they say that legally, he hasn't committed a crime - at least, not that they've determined so far. They've refrained from formally closing the grand jury investigation, though, so maybe they're holding out hope
BIPS suffers Bitcoin heist(CSO) The world is drawn ever closer to the flame of Bitcoin and the inescapable lure of easy fortune. With that brings the criminal element that instinctually follows the scent of possible easy money
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Security Analyst Summit 2014(Punta Cana, Dominican Republic, February 9 - 13, 2014) The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community.
MCT-Congress: Going Mobile with Clinical Trials(Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...
IT Forum Expo/Black Hat Regional Summit(, January 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions...
DefCamp 2013(Bucharest, Romania, November 29 - 30, 2013) DefCamp is one of the most important conferences on hacking & information security in South-East Europe, bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under...
2nd Annual East Africa IT and Cyber Security Convention 2013(Nairobi, Kenya, November 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber...
Operationalize Threat Intelligence(Webinar, December 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data...
Cloud Security Alliance Congress 2013(Orlando, Florida, USA, December 4 - 5, 2013) The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering...
SINET Showcase: THE SINET 16(Washington, DC, USA, December 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present...
World Congress on Internet Security(London, England, UK, December 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the...
ACSAC 2013(New Orleans, Louisiana, USA, December 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and...
2013 ASE International Conference on Cyber Security(Orlando, Florida, USA, December 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange...
Cyber Defense Initiative 2013(Washington, DC, USA, December 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.