The Ukrainian prime minister's office and at least ten of the country's embassies abroad report being victims of an (apparently) Russian cyber espionage campaign. The malware reportedly belongs to the Turla family (a.k.a. Snake, a.k.a. Oroboros) and Ukraine is far from the only target. While Turla has hit predictable Western networks in France, Germany, Belgium, and the US, it appears to devote a great deal of attention to the former Soviet republics of the near abroad.
Kaspersky reports solving Turla's hitherto mysterious infection mechanism: a related campaign Kaspersky calls "Epic" makes the initial penetration. Symantec views Turla as principally a diplomatic cyber espionage tool, although aerospace and pharmaceutical companies have also been subject to its ministrations. The campaign used a mix of zero-day and known exploits.
The other big cyber story remains CyberVor's big criminal score of login credentials. The Russian gang apparently used botnets and SQL injection attacks to scavenge usernames and passwords from vulnerable sites. How serious the crimewave ultimately proves remains controversial. Everyone agrees something big was stolen, but estimates of consequences vary widely, from a universal password death knell to marketing opportunities for security companies. Most would like to see more details from Hold Security, the company that announced the theft.
Investors continue to look for better ways of assessing cyber risk, especially but not exclusively when looking at mergers and acquisitions.
IBM and BlackBerry look like (very preliminary) winners in the newly restricted Chinese market.
US Intelligence may have at least two more unidentified moles.
Today's issue includes events affecting Australia, Belarus, Belgium, Brazil, Canada, China, France, Germany, India, Iran, Iraq, Italy, Japan, Kazakhstan, Netherlands, Poland, Romania, Russia, Saudi Arabia, Switzerland, Tajikistan, Turkey, Ukraine, United Kingdom, United States, Uzbekistan, and Yemen.
Dateline Black Hat USA and DefCon 2014
Briefings — August 6-7(Black Hat USA 2014) [Black Hat's repository of text and slide decks from keynotes and presentations]
Podcast: Black Hat News Wrap(Threatpost) Dennis Fisher, Mike Mimoso and Brian Donohue discuss the news from day one of Black Hat, including the Dan Geer keynote, attacks on mobile broadband modems and carriers' control of mobile phones
No Fixes In Sight For Satellite Terminal Flaws(Dark Reading) At Black Hat USA, a researcher who in April revealed weaknesses in popular satellite ground terminal equipment found on air, land and sea, demonstrates possible attack scenarios
Mobile broadband modems are 'easy to attack,' says researcher(FierceMobileIT) Mobile broadband modems, used by business travelers and others to get 4G speeds on their laptops, are vulnerable to web-based attack, warned Andreas Lindh, security analyst with ISecure Sweden, during a session at the Black Hat security conference
Expert Warns of Chip-and-PIN Pitfalls(Threatpost) The inevitable changeover from magnetic strip-based payment cards to EMV, or chip-and-PIN, is coming for consumers and merchants in the United States. And coming along with it are a raft of weaknesses and real-world attacks that shoot holes in the presumption that EMV will remedy credit card fraud
How to Use Your Cat to Hack Your Neighbor's Wi-Fi(Wired) Late last month, a Siamese cat named Coco went wandering in his suburban Washington, DC neighborhood. He spent three hours exploring nearby backyards. He killed a mouse, whose carcass he thoughtfully brought home to his octogenarian owner, Nancy. And while he was out, Coco mapped dozens of his neighbors' Wi-Fi networks, identifying four routers that used an old, easily-broken form of encryption and another four that were left entirely unprotected
10 ways to get noticed at Black Hat(CSO) Some of the more eccentric members of the security industry show up for Black Hat each year, making it tough to stand out in the enormous crowd that flocks to Las Vegas for the A-list conference. But each year vendors manage to come up with gimmicks and gizmos that attract the throngs to their booths to hear a spiel or give up their contact information so they can receive sales calls when they get home. Here are some noteworthy examples from Black Hat 2014
Turla cyber-espionage campaign puzzle solved(Help Net Security) Turla, also known as Snake or Uroburos is one of the most sophisticated ongoing cyber-espionage campaigns. When the first research on Turla/Snake/Uroburos was published, it didn't answer one major question: how do victims get infected?
Turla: Spying tool targets governments and diplomats(Symantec Connect) A cyberespionage campaign involving malware known as Wipbot and Turla has systematically targeted the governments and embassies of a number of former Eastern Bloc countries. Trojan.Wipbot (known by other vendors as Tavdig) is a back door used to facilitate reconnaissance operations before the attackers shift to long term monitoring operations using Trojan.Turla (which is known by other vendors as Uroboros, Snake, and Carbon). It appears that this combination of malware has been used for classic espionage-type operations for at least four years. Because of the targets chosen and the advanced nature of the malware used, Symantec believes that a state-sponsored group was behind these attacks
Kaspersky Lab Reveals a Look Inside Cyber-Espionage(TopTechNews) Where do cyberattacks come from, and what is their methodology? New research from Kaspersky Lab sheds light on those common questions, using a cyber-espionage operation as an example. Researchers at Kaspersky say they've kept tabs on an operation that was able to find its way into two spy agencies and hundreds of government and military targets in Europe and the Middle East over the past eight months
Disclosure of Russian password hack seems like fake antivirus scam(CSO) There were plenty of hyperbolic, sky-is-falling headlines yesterday about news that a Russian criminal organization has amassed over a billion compromised passwords. The information was vague and scarce on details, though, and accompanied by a pitch to sell a service from a virtually unknown security vendor. The whole thing feels like a marketing stunt, or a fake antivirus scam perpetrated on a global level
Two new variants of Gameover Zeus banking Trojan identified(Computing) Gameover Zeus, the banking Trojan whose communications network was taken down by international coordination at the beginning of June, has been resurrected, with two new variants identified in the wild by security software company Bitdefender
Attack Harbors Malware In Images(Dark Reading) 'Lurk' click-fraud campaign now employing steganography. Steganography long has been a tool in the intelligence community and most recently terror groups, but a cyber crime gang has been spotted using the stealth technique of embedding information or code inside digital images
More Details Regarding the Gizmodo Brazil Compromise(TrendLabs Security Intelligence Blog) At the tail end of July, we wrote about Gizmodo Brazil being compromised by cybercriminals in order to lead visitors into downloading backdoor malware into their machine. This is of course a very big deal, since it is a rather large and noteworthy website being hacked into — but it's par for the course for the region, seeing as the modus operandi of criminals that target Brazilian users typically resort to compromised websites and hosts in order to host malware and phishing pages
Mr. Hack: Googlebot's Unruly Alter Ego(Incapsula Blog) In the first post of this two-part series, we shared our insights into Googlebot's activity and behavior patterns. However, no overview of Googlebot activity would be complete without a mention of Googlebot imposters, who assume Googlebot's identity to gain privileged access to websites and online information
Hacking for Bitcoins: The Underground Economy, Pt. 6(Symantec Connect) Once touted as a single currency to rule them all, the peer-to-peer cryptocurrency known as Bitcoins have seen their reputation damaged by a number of high-profile examples of them being stolen, devalued, laundered, and used to illegal activities worldwide. While it could be argued that traditional currency has had its share of looters throughout history, the volatility of Bitcoins based on a smaller circulation quantity is cause for concern. Below, we highlight three dangers facing this new method of payment
Will Bitcoin Succeed?(Trend Micro CTO Insights) When you work for a security company, sometimes people think you must know everything there is to know about technology. So sometimes I get asked, "Will Bitcoin and other cryptocurrencies succeed?"
Smart grid attack scenarios (understand the threat to defend against it)(SmartGridNews) Quick Take: It's a war out there — literally. Hackers from hostile countries target the U.S. power grid every day. That's why I wanted to run this adaptation of a recent blog post from Trend Micro, an IT security company. I previously shared their view of the ways to attack a smart meter. This article explains how those attacks could extend to the entire grid
Security Patches, Mitigations, and Software Updates
How Google plans to encrypt the web(Naked Security) Today Google announced that websites using HTTPS, the secure version of HTTP, will have a better chance of ranking well in Google searches than those that don't
SEC Commissioner Highlights Need For Cyber-Risk Management In Speech At New York Stock Exchange(mondaq) As we've previously reported, cyber risks are an increasingly common risk facing businesses of all kinds. In a recent speech given at the New York Stock Exchange, SEC Commissioner Luis A. Aguilar emphasized that cybersecurity has grown to be a "top concern" of businesses and regulators alike and admonished companies, and more specifically their directors, to "take seriously their obligation to make sure that companies are appropriately addressing those risks"
What investors need to know about cybersecurity: How to evaluate investment risks(IRRC Institute) Companies are increasingly vulnerable to incoming cybersecurity threats from new directions and adversaries. Attacks in the form of "hacktivism," corporate espionage, insider and government threats, terrorism, and criminal activity can cost an organization time, resources, and irreparable harm to their reputation if not handled appropriately. Investors can examine corporate disclosures and engage with management to better consider the potential implications of Cybersecurity when assessing investment options. It's more than a technology issue in the back office; it's a critical business issue that can dramatically impact company's competitive position
Cybersecurity: Why It's Got to Be a Team Sport(BankInfoSecurity) Listening to Tony Sager, one might recall the days of the Cold War, when the threat of a nuclear holocaust felt scary and real, but America knew its sole enemy. "The government's job was to save us from the bad guys out there," says Sager, who spent most his 30-plus-year government career as an information assurance leader at the National Security Agency
A Holistic Approach to Security(BankInfoSecurity) No single security solution is enough to defend against today's multifaceted exploits. So it's time for a new holistic and cooperative approach to information security, says Bob Hansmann of Websense
Professionalizing Cybersecurity: A path to universal standards and status(Pell Center for International Relations and Public Policy) This report addresses the widening gap between the supply of qualified information security professionals and the demand for skilled workers to secure critical infrastructure and cyberspace. It seeks to shed light on the current status of the cybersecurity labor market, which is best characterized as a fog of competing requirements, disjointed development programs, conflicting definitions of security roles and functions, and highly fragmented, competing, and often confusing professional certifications
IBM offers cloud-based services to Chinese firms to address security concerns(Reuters via Investing.com) International Business Machines Corp said on Thursday it would provide cloud-based risk analysis for a Chinese financial data firm in a deal that executives heralded as a model for future business in China, where state-owned enterprises are increasingly shunning foreign technology on security grounds
After China's Government Bans Purchases Of Apple Devices, Is BlackBerry In Catbird Seat?(Seeking Alpha) According to Bloomberg News, the Chinese government has excluded Apple, Inc. (NASDAQ:AAPL) devices from the list of products that can be purchased with government money due to security issues. At least ten Apple products - including iPads and MacBooks - were excluded from a list compiled by the Ministry of Defense and National Development and Reform Commission
Microsoft's cloud contracts approved by European privacy authorities(Microsoft Trustworthy Computing) A big milestone was achieved this week. The Article 29 Working Party, a collection of 28 European Union data protection authorities, announced that Microsoft's contractual approach to enterprise cloud services is in line with EU data protection law
Yahoo to Release End-to-End Encryption for Email Users(Threatpost) Yahoo plans to enable end-to-end encryption for all of its Mail users next year. The company is working with Google on the project and the encryption will be mostly transparent for users, making it as simple as possible to use
Top 5 Antivirus Apps for Android(Business News Daily) If you use your smartphone for business, security is a top concern. Failure to install a good antivirus app can have serious consequences, putting your device at risk for infection by corrupt apps and malware. Not only could that stop your phone from functioning properly, but it can also compromise sensitive company or client data stored on your phone or tablet. Fortunately, there's are a ton of good security apps that can lock down your Android device and keep it safe from rogue applications. Whether you can get by with a free security app, or want to invest in a more robust paid antivirus suite, here are five of the best on Android
The best free antivirus software for PC(PC Gamer) The last thing you want on your PC is a virus. The second-to-last thing you want on your PC is antivirus software that slows down your computer when you're gaming. Spending money on your antivirus software doesn't guarantee that you're getting the best, either. These days, there are a ton of free antivirus options, and many of them will keep your computer perfectly safe from the trojans and spyware and adware that lurk on the Internet
Take Control of Your Privacy Settings on Twitter with AVG PrivacyFix(WhaTech) AVG Technologies N.V. (NYSE: AVG), the online security company for 182 million active users, today announced a number of updates to its flagship AVG PrivacyFix application, including extending its scope to the popular social network Twitter and enabling users to assess their 'worth' to the key networks in terms of targeted advertising value
FortyCloud Upsizes Clientele Through Collaboration W/ Rackspace(CloudWedge) FortyCloud, an Israeli cloud security startup with offices in US, has joined forces with Rackspace. The firm will provide a comprehensive security solution to all Rackspace customers through Rackspace Marketplace. This network security-as-a-service works independently, although it is interoperable with Rackspace cloud services
Could the Judge of the Future be Silicon-Based?(American Lawyer) It's unsettling, really. While Colin Rule was the director of online dispute resolution for eBay Inc. from 2003 to 2011, he helped develop a system that managed 60 million disputes per year. Ninety percent of those disputes were settled without any human intervention
Checking for vulnerabilities in the Smart Grid System(Internet Storm Center) SCADA systems are not composed the same way as regular IT systems. Therefore, the risk and vulnerability assessment cannot be performed as it is done for any other IT system. The most important differences are
SWSIS program awards cybersecurity scholarships to women(Help Net Security) Responding to a shortage of cybersecurity professionals across the United States and a dearth of women in the field, Applied Computer Security Associates (ACSA) and the Computing Research Association's Committee on the Status of Women in Computing Research (CRA-W) announced the winning recipients of the 2014 Scholarship for Women Studying Information Security (SWSIS)
SMU Named National Center Of Excellence In Cyber Defense Education(Dallas South News) SMU has been re-designated a National Center of Academic Excellence in Information Assurance/Cyber Defense Education through 2021 by the National Security Agency (NSA) and the U.S. Department of Homeland Security, underscoring the record of successful work in this area by the Lyle School of Engineering
Abbott's national security failure(Business Spectator) Proper 'process' might sound like bureaucratic jargon but a prime minister ignores it at his or her peril. Applied to cabinet, it includes making sure ministers have all the facts. Importantly, it requires having present for the discussion all those who should be in the room
Cyber security: Canada pokes a dragon(Trustifier) There were media reports last week about a cyber attack against the National Research Council in Ottawa. The attack origins were supposedly traced back to China. The Canadian Government huffed and puffed and went ahead and admonished China publicly for catching their hand in the fortune cookie jar. Predictably, China denied the whole thing
China will keep spying. Canada must respond with skill, not rhetoric(Globe and Mail) Ottawa's allegation that "a highly sophisticated Chinese state sponsored actor" targeted computers at Canada's National Research Council threw a wrench into Foreign Minister John Baird's visit to Beijing this week. We're assured that his exchange with his Chinese counterpart was "full and frank." We could use some of some of that frankness here in Canada
The Canadian Government Is Now Fully in the Cyberwar Battlefield(Motherboard) After Chinese hackers spent the last month infiltrating Canada's National Research Council (NRC), an organization presiding over some of the countries most cherished scientific research and development, Canadians have been looking for assurances it won't happen again
Former top brass say cyberspace key in new defense rules(Japan Times) As Japan and the U.S. work toward a historic upgrade of bilateral defense cooperation guidelines for the first time in 17 years, the biggest tasks for the two allies may be dealing with China's growing military and economic might while also keeping an eye on events in North Korea and its unpredictable leader
Danzig: Focus on cyber 'existential' threats undermines U.S. preparedness(Inside Cybersecurity) Washington's recurring tendency to label cyber attacks an "existential" threat to the United States exaggerates the danger and fails to focus attention on managing significant cyber risks to critical infrastructure and U.S. national security, according to Richard Danzig, a key administration adviser and author of a recent cybersecurity study
It's not you, it's me: committee of cryptographic experts tries to crack NIST/NSA relationship(Access) In response to stories in the New York Times, ProPublica, and the Guardian that the National Security Agency ("NSA") was undermining encryption standards, The Visiting Committee on Advanced Technology (VCAT) released a report that called for increased transparency and internal expertise at the National Institute for Standards and Technologies ("NIST"). The VCAT reviews and makes recommendations regarding general policy for the National Institute of Standards and Technology. The VCAT formed a Committee of Visitors ("COV") in mid-April to review the relationship between NIST and the NSA
1st IO Command (Land) welcomes new commander(Belvoir Eagle) Col. Jayson M. Spade took command of the 1st Information Operations Command (Land) from Col. Jon N. Leonard II during a ceremony July 31, at Long Parade Field on Fort Belvoir
Litigation, Investigation, and Law Enforcement
Evidence of another Snowden-like mole is worrying Feds(Naked Security) Last year, Edward Snowden disappeared. Eventually, he turned up in Russia. Since then, the US government has been trying to answer a crucial question: is Snowden a lone wolf, or are other Edward Snowdens out there, leaking ever more classified documents?
FBI Probes Cyber Attack on US DHS Contractor(CBR) The FBI has started a probe into reported cyber attack on Virginia-based company US Investigations Services which was working as contractor with US Department of Homeland Security (DHS) to check backgrounds of officials
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SHARE in Pittsburgh(Pittsburgh, Pennsylvania, USA, August 3 - 8, 2014) LEARN: Subject-matter experts and practitioners are on-hand at SHARE events to discuss major issues facing enterprise IT professionals today.
FOCUS: SHARE provides leading-edge technical education on a variety of topics. Whether you are an IT manager, IT architect, systems analyst, systems programmer or in IT support, SHARE offers focused sessions to benefit all job roles.
ENGAGE: At SHARE events, you will experience a wide variety of formal and informal networking opportunities that encourage valuable peer-to-peer interaction...
DEF CON 22(Las Vegas, Nevada, USA, August 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.
South Africa Banking and ICT Summit(Lusaka, Zambia, August 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to...
SANS Cyber Defense Summit and Training(Nashville, Tennessee, USA, August 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training...
Resilience Week(Denver, Colorado, USA, August 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.
AFCEA Technology & Cyber Day(Tinker AFB, Oklahoma, USA, August 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only...
Build IT Break IT Fix IT: Build IT(Online, August 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...
The Hackers Conference(New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.