skip navigation

More signal. Less noise.

Daily briefing.

Shin Bet and IDF say they stopped a "massive" cyber campaign against Israel during Gaza fighting, which they again say was directed by Iran. Meanwhile Moroccan Hamas sympathizers deface the municipal website of DuBois, Pennsylvania, USA (population 7,794) with messages supporting Gaza (DuBois being a softer target than Tel Aviv).

Observers now generally attribute the JPMorgan cyber attack to Russia. Many security analysts (Ponemon, for one) describe it as unusually sophisticated, and aimed more at demonstrating a significant attack capability (in this case hitting the bank's network layer) than doing direct damage. KnowBe4 says the attack vector was an employee's computer connected to a VPN, but the investigation is ongoing and details are sparse.

Interestingly, FS-ISAC has declined to raise its alert level from "guarded," saying that, unfortunately, they don't see this attack as terribly out-of-the-ordinary.

The campaign against Norway's energy sector (which Statoil says it's recovered from) remains unattributed, but many suspicious eyes are looking toward Russia here as well. Reports say phishing emails led to keylogger installation.

Lizard Squad skids, apparently weary of supporting ISIS barbarians, again invite arrest by hitting Twitch.

Gameover Zeus runs wild in countries where Windows XP remains in widespread use, notably Turkey. Trend Micro says it's found a new BlackPOS malware variant. Mozilla discloses a user data leak from its Bugzilla vulnerability-reporting project.

Dairy Queen, tipped off by banks warning of card-fraud patterns, acknowledges a breach. Other point-of-sale malware investigations continue. Aorato believes it's found an Active Directory angle in the Target breach.

Notes.

Today's issue includes events affecting Brazil, Canada, China, Iran, Israel, Republic of Korea, Morocco, Norway, Palestinian Territories, Russia, Syria, Turkey, Ukraine, United Kingdom, United States.

The CyberWire is pleased to say we'll be providing special coverage of the 2014 Cyber Security Summit, convening in New York on September 18. Watch for interviews and live coverage of Summit events.  Also, the CyberWire will take a break Monday as our staff enjoys the US Labor Day holiday (and the Maryland State Fair). We'll resume normal publication on Tuesday, September 2.

Cyber Attacks, Threats, and Vulnerabilities

Security Services 'Foiled Massive Cyber-Attack on Israel' (Arutz Sheva) Elite Israeli cyber-defenders repelled attack during Protective Edge; concerns hackers could seek to take control of armed drones

Hackers target U.S Govt: City of DuBois, Pennsylvania website Hacked for Palestine (HackRead) A Moroccan hacker going with the handle of 'MaeSTro-GhoL' has hacked and defaced the official website of City of DuBois, Pennsylvania in solidarity with Palestine

US banks, Norwegian energy firms latest cyberattack victims (FierceCIO) Large-scale cyberattacks used to make the tech headlines on a monthly, and then weekly, basis. But the pace has increased to almost daily now, with the latest being word of cyberattacks against several financial institutions and approximately 300 energy firms in Norway

Statoil In Control Over The Cyber Attack (SmartTech) Statoil was the target of a major cyber attack last year that lasted three days. Statoil now claims it has control over the targeted attack

Sophisticated Bank Cyber Attack Said to Target Core Infrastructure (Fox Business) A respected cyber security expert tells FOX Business the hackers who targeted JPMorgan Chase's (JPM) computer systems were trying to send a poignant message: Even the most secure systems can be infiltrated

KnowBe4 Says Employee PC Wreaks Havoc in JP Morgan Hack (MENAFN) The Wall Street Journal reported today that J.P. Morgan was hacked and suffered a cyberheist called "a significant breach of corporate computer security." Bloomberg reported that the FBI the US Secret Service and even the NSA are investigating the incident that seems to have occurred in mid-August. According Bloomberg Russian hackers breached the bank's defenses and compromised gigabytes of data but exact nature of that data remains unknown. However it was stated attackers "grabbed sensitive data from the files of bank employees including executives"

FBI, Secret Service studying 'scope' of reported bank cyberattacks (CSO) The attacks are believed to have affected at least five US financial institutions

JPMorgan Working With FBI in Cyber-Attack Probe (AFP via SecurityWeek) JPMorgan Chase said Thursday that it was cooperating with law-enforcement officials to determine the scale of reported cyber attacks against US financial institutions

FBI Examining Whether Russia Is Tied to JPMorgan Hacking (Bloomberg) Russian hackers attacked the U.S. financial system in mid-August, infiltrating and stealing data from JPMorgan Chase & Co. (JPM) and at least one other bank, an incident the FBI is investigating as a possible retaliation for government-sponsored sanctions, according to two people familiar with the probe

FBI, NSA Investigating Whether Russia Hacked U.S. Banks To Retaliate For Sanctions (Daily Caller) The FBI suspects an earlier August cyberattack on the U.S. financial system, which resulted in the theft of data from JPMorgan Chase, may have been the work of Russian hackers retaliating for U.S.-imposed economic sanctions

US banking group says unaware of any significant cyber attack (Tech 2) An influential U.S. financial services industry group that shares information about cyber threats has said it is unaware of any "significant" cyber attacks, downplaying concerns about possible breaches at JPMorgan Chase & Co and other banks

Cyber attacks on US businesses, banks mounting (AFP via Business Insider) Investigators were digging Thursday to find who initiated and what was taken in an apparent intense hacker effort this month to penetrate the systems of US banks including JPMorgan Chase

Bitcoin Malware Attack Exploits Russia-Ukraine Crisis (CoinDesk) A hacker group is trying to leverage the ongoing conflict between Russia and Ukraine as it distributes malware that is capable of targeting bitcoin wallets

Bitcoin Phishing Scam Hits Over 400 Businesses, Says Proofpoint (Spamfighter News) Proofpoint, the e-mail security company situated in California has just exposed one Bitcoin phishing scam that of late targeted over 400 organizations while attempting at deceiving end-users into giving away personal passwords of their Bitcoin purse

FBI-Hunted Hacking Group Continues Attacks, Targets Twitch (Forbes) Despite tweeting out a bomb threat to ground a Sony executive's flight this Sunday and landing themselves on the radar of the FBI, hacking group "Lizard Squad" remains unmolested and continues to orchestrate attacks on various gaming services

Windows XP-Heavy Turkey Overrun with Gameover Zeus Infections (Threatpost) Like a predator, criminals who profit online will seek out weak prey

New BlackPOS Malware Emerges in the Wild, Targets Retail Accounts (TrendLabs Security Intelligence Blog) We recently spotted a brand new BlackPOS (point-of-sale) malware detected by Trend Micro

Mozilla reports user data leak from Bugzilla project (CSO) It's the second database exposure incident reported by the organization in a month

Dairy Queen Confirms Cyber Hack (Twin Cities Business) The Edina-based company did not disclose how many customers or how many stores might be at risk

Report Examines Unanswered Questions Around Target Attack (SecurityWeek) Cybersecurity startup Aorato has published a report around the data breach suffered in 2013 by Target, which investigates some of the techniques used by the attackers to gain access to the company's networks

Microsoft's Active Directory is missing link in Target breach saga (FierceITSecurity) Once the Target attackers penetrated the retailer's network using stolen credentials from a third party vendor, they exploited weaknesses in Microsoft's Active Directory to get access to the core of its network, according to an analysis by security firm Aorato

Phishers targeting crypto currency and retail sites (Help Net Security) Online payment services and crypto-currency sites are being targeted by phishers. The number of phishing attacks remained high, and the second quarter of 2014 saw the second-highest number of phishing attacks ever recorded in a quarter since the APWG began tracking by quarterly periods in 2008

BIFROSE Now More Evasive Through Tor, Used for Targeted Attack (TrendLabs Security Intelligence Blog) We recently investigated a targeted attack against a device manufacturer, and in our analysis, we found that the malware deployed into the target network is a variant of a well-known backdoor, BIFROSE. BIFROSE has been around for many years now, highly available in the cybercriminal underground, and has been used for various cybercriminal activities

The Evolution of Asprox Malware (Recorded Future) Asprox is the malware used in a long campaign of phishing and drive-by downloads that has recently taken on APT-like evasion techniques, garnering the full attention of FireEye analysts. While the TTPs utilized are not novel — how Asprox's authors aptly evolved the common TTPs over the past six years to become highly efficient, evasive, and technical is unique

Compromised Facebook accounts create scam events (Trend Micro Countermeasures) Compromised Facebook accounts are being used in new ways to make sure that Spam reaches its intended audience

CryptoWall More Pervasive, Less Profitable Than CryptoLocker (Dark Reading) The former CryptoLocker wannabe has netted 625,000 infected systems and more than $1 million in ransoms

Security Patches, Mitigations, and Software Updates

What happens when Microsoft ends Windows 7 mainstream support next year (PCWorld) On January 13, 2015, Microsoft will stop mainstream support for Windows 7 — which is still an extremely popular operating system. But you'll still be able to use it safely for another five years

Cyber Trends

Why Russian hackers are beating us (CSO) Russian cybercriminals approach hacking like a chess game, staying many steps ahead of targets in defense and offense

Java, Flash and Reader still PC admins' biggest security headaches (Techworld via CSO) Better than 2013, but still not good enough

Why Are Security Pros Blasé About Compliance? (Dark Reading) A survey of 500 IT and security decision makers in the UK and US shows that a majority are in the dark about regulatory requirements for their business organization

Two-thirds of IT pros subject to weekly phishing attacks (FierceITSecurity) Two-thirds of IT pros experience phishing attacks at least once a week, according to a survey of 205 U.S. IT pros by Ipsos Observer on behalf of HP TippingPoint

Cyber: A Real and Present Danger (Diplomatic Courier) Much has been said in the press of the dreaded threat of 'cyber warfare', but little detail or clarity has given dimension to this threat of sinister activity. Comments from the UK's Secretary of State for Defence Phillip Hammond such as, "It's a new capability… we should explore the boundaries of it," do little to reassure us that world politicians are imbued with the necessary understanding of this emerging threat

Marketplace

Defending Against Hackers of the Future (Bloomberg BusinessWeek) Fully functioning quantum computers don't exist yet, but a lot of really smart scientists think they soon will. A two-year-old startup's 12 employees spend their days trying to figure out what to do if the bad guys get there first

Naval center seeks information assurance assistance (FCW) What: The Naval Surface Warfare Center Corona is seeking a firm fixed price contract for information assurance (IA) certification and accreditation (C&A) support, as well as advanced systems training services

GSA picks Valiant for enterprise IT security contract (FedScoop) The General Services Administration this week awarded Valiant Solutions a $33 million contract to serve as the agency's first line of enterprisewide defense against cyber attacks

iovation Named to Inc. 5000 for Fifth Consecutive Year (MarketWatch) iovation, the trusted source for mobile and online fraud prevention to safeguard businesses, has made the Inc. 5000, Inc. magazine's ranking of the nation's fastest-growing private companies

Syniverse Shortlisted for Four CTIA Awards (Sys-Con Media) Two of Syniverse's solutions are finalists in four CTIA categories in its MobITs and E-Tech award competitions

Products, Services, and Solutions

Facebook wants you to know that Messenger is not spying on you (Naked Security) No, Facebook Messenger will not secretly take video of you, listen to your phone calls, or tap into your brain to get all your secret thoughts

Why Some Privacy Apps Get Blocked From the Android Play Store (Wall Street Journal) Google Tuesday removed a smartphone app called "Disconnect Mobile" from its Android Play store because it violated a policy prohibiting software that interferes with other apps

Microsoft smokes out 1,500 bogus Windows 8 apps from its app store (ZDNet) Microsoft is toughening its stance on rogue apps in the Microsoft Store and Windows Phone Store

Microsoft finally tries to de-crap the Windows Store (Ars Technica) Company responds to growing complaints about misleading and deceptive apps

AVG Simplifies Microsoft® Office 365™ Administration with new AVG Managed Workplace® Service Module (Sys-Con Media) Next step in evolution of AVG's RMM platform helps partners experience further integration efficiencies and support cost savings

CipherTechs to Extend Managed Network Security Service Offerings Leveraging ForeScout CounterACT Platform (Newswire Today) ForeScout Technologies, Inc., the leading provider of pervasive network security solutions for Global 2000 enterprises and government organizations, today announced that CipherTechs, a privately held information security services provider, will offer a new suite of managed network security services to its customers enabled by ForeScout's CounterACT™ solution. This offering will provide CipherTechs customers dynamic network and endpoint intelligence, context-based access controls and policy-based mitigation of violations and threats

Protegrity Recognized in Gartner Research Report on Protecting Big Data In Hadoop (MarketWired) Data security solutions strengthened by partnerships, certifications & customer demand

MStar to Include Cryptography Research's CryptoFirewall™ Security Core in Connected TV Chips (BusinessWire) Enables first IP core-based, advanced security for smart TV market; fully compatible with existing CAS and DRM, providing most stringent security for premium content

Technologies, Techniques, and Standards

Cyber Framework: Setting Record Straight (BankInfoSecurity) NIST's Adam Sedgewick offers six-month assessment

Security council blames breaches on poor PCI standard support (CSO) "Best practices" guidance from PCI security group says compliance needs to be 365-day-a-year focus

You may already own the best Internet security tool (TechTarget) You may not have to spend money to purchase more security tools; in fact, Michele Chubirka writes, you probably already own what you need

False Positive or Not? Difficult to Analyze Javascript (Internet Storm Center) Our reader Travis sent us the following message

Understanding Cyber Bullying — Notes for Digital Forensics Examiners (Forensic Focus) The phenomenon of cyber bullying has received a significant amount of attention in the last decade and literature in this field has grown exponentially with advice and guidance on how to deal with cyber bullying

HyTrust and VMware: A successful SDDC must be policy-based (FierceEnterpriseCommunications) There seems to be general agreement now on the notion that a policy engine should be the "definer" in a software-defined data center. At issue now is to whom that engine should belong

5 things infosec can learn from adventure games (Help Net Security) As an active adventure gamer and a natural seeker of reusable patterns, I've noticed that some of the things I do to achieve success in video games can be applied to information security

A Primer on BitCoin (Webroot Threat Blog) Editors Note: One day, we found ourselves discussing the security of bitcoin, only to realize that many readers may not truly understand the digital currency. Luckily, a team member's father, Eoin Meehan, is well versed in the subject and has submitted a guest blog to help everyone understand this popular form of cryptocurrency

Design and Innovation

FTC picks winners in latest robocall-defeating contest, scammers keep scamming (Ars Technica) Contestants set up honeypots and spoof existing robocall-screening technologies

Research and Development

Could crowdsourcing boost America's homeland security? (Fox News) What should our government do to keep the homeland secure? You may find this surprising — but one part of the government genuinely wants to listen and use your ideas

Academia

The NSA's School of Cyber (Armed with Science) The National Security Agency (NSA) is host to one of the most inclusive and formidable cybersecurity training programs in the world. It's a program designed to not only train the future cybersecurity force, but to improve the skills of the teachers — and even civilian counterparts — as well. It's called the College of Cyber

Legislation, Policy, and Regulation

Ukraine to seek Nato membership, says PM Yatsenyuk (BBC) Ukraine's prime minister has said he will ask parliament to put the country on a path towards Nato membership

NSA Benefits Outweigh Snowden Damage (SIGNAL) U.S. relations with other nations remain largely unchanged, agency director says

Obama’s next technology guru may be this staunch supporter of women in tech (Quartz) Megan Smith, a former Google executive, is a top choice for the role of the White House's chief technology officer, Bloomberg reported today. If Smith takes the job that would mean the third person to hold the position created by president Barack Obama in 2009 would be a woman, a notable milestone given the gender imbalance of the US tech scene

Litigation, Investigation, and Law Enforcement

Why Offender Profiling is Changing Thanks to Mobile Forensics and Increasingly 'Social' Criminal Activity (Forensic Focus) Mobile forensics has changed the methodology when it comes to offender profiling. The frequent use of mobile devices has provided investigators with another source for profiling criminal suspects, as well as an insight into their habits and personalities

Online dating scammer targeted elderly victims out of $1.1million (Naked Security) A resident of Maryland stands accused of masterminding a series of online dating scams targeting the elderly

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

The Hackers Conference (New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives...

SEACRYPT 2013 (Vienna, Austria, September 2 - 4, 2014) The purpose of SECRYPT 2014, the International Conference on Security and Cryptography, is to bring together researchers, mathematicians, engineers and practitioners interested on security aspects related...

Build IT Break IT Fix IT: Break IT (Online, September 4, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

Security B-Sides Cape Breton (Sydney, Nova Scotia, Canada, September 5, 2014) Security B-Sides Cape Breton is an open platform that gives security experts, enthusiasts, and industry professionals the opportunity to share ideas, insights, and develop longstanding relationships with...

BalCCon2k14 (Balkan Computer Congress) (Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference taking...

BalCCon2k14: Balkan Computer Congress (Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference...

Detroit SecureWorld (Detroit, Michigan, USA, September 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has...

Ground Zero Summit, Sri Lanka (Colombo, Sri Lanka, September 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats.

Cyber Attack Against Payment Processes Exercise 1 (Online, September 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...

AFCEA TechNet Augusta 2014: Achieving Force 2025 Through Signals and Cyber (Augusta, Georgia, USA, September 9 - 11, 2014) The overall theme of TechNet Augusta 2014 is "Achieving Force 2025 Through Signals and Cyber." The overall focus is on Army ground forces, including Joint component interface, other Department of Defense...

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather...

Build IT Break IT Fix IT: Fix IT (Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

NOPcon Security Conference (Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers,...

5th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander,...

SINET Global Summit (London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.