State-conducted offensive cyber campaigns attract attention and spur worries of more destructive operations to come. Cylance has released its report on what it calls "Operation Cleaver," an alleged Iranian cyber campaign directed against Western targets. At least fifty companies and agencies are said to have been prepped for attack through reconnaissance and initial compromise: they include energy companies, airlines and airports, hospitals, government agencies and military organizations. Forbes quotes analysts as saying the level of access attackers achieved is "bone-chilling," and that Cleaver amounts to revenge for Stuxnet.
North Korea may, however, present a more proximate threat, as consensus attributes the Sony hack to the DPRK. The FBI is investigating what former NSA Director Alexander calls "an act of war." Leaked films and compromised personal data are perhaps the least troubling of the attack's effects: the FBI draws particular attention to the master boot record overwrite capability, the "computer-killer" of journalese. Observers see functional similarities to Shamoon (which hit Saudi Aramco in 2012) and 2013's WhoIs attack on South Korea's banking sector. Several news outlets offer overviews of North Korea's cyber capabilities. Analysts (and presumably the SEC) wait for Sony to file an 8-K risk disclosure.
Iranian and North Korean capers have pushed them off the front pages, but grousing about delayed disclosure of Regin and marveling at the glib success of FIN4's market manipulation continue.
New point-of-sale malware continues to emerge, notably LusyPOS and BlackPOS variants.
CyberCom Pentagon daddy Ashton Carter will probably be the next US Defense Secretary.
Today's issue includes events affecting Afghanistan, Algeria, Belgium, Brazil, Canada, China, Fiji, France, Germany, India, Indonesia, Iran, Ireland, Israel, Japan, Kiribati, Democratic Peoples Republic of Korea, Republic of Korea, Kuwait, Malaysia, Mexico, Pakistan, Qatar, Russia, Saudi Arabia, Syria, Turkey, United Arab Emirates, United Kingdom, United States.
Dateline SINET Showcase
SINET Showcase and Workshops 2014(SINET) Showcase provides a platform to identify and highlight "best-of-class" security companies that are addressing industry and government's most pressing needs and requirements. The chosen SINET 16 Innovators present their technological solutions to representatives from the ecosystem of the entrepreneur: venture capital, investment banking, system integration, academia, science, legal, policy, private industry and executives from the Federal Government, including civilian, intelligence and military professionals. Showcase's objective is to increase awareness of innovative solutions that may lead to an investment in, or the purchase of, advanced technologies that will help secure our nation's critical infrastructure and command-and-control systems.
SINET Workshops deliver critical knowledge, targeted perspective and opportunities for direct information sharing between entrepreneurs and security experts. Held in conjunction with IT Security Entrepreneurs Forum and Showcase, each workshop offers expert insight from industry and government officials, venture capitalists, leading researchers and successful entrepreneurs who share thought leadership, experience and "know how." There is no comparable opportunity to learn how to navigate the Federal Government sector, and to obtain the necessary financing, professional services and guidance needed to win
Security Innovation Network (SINET) Announces Its 2014 Top 16 Emerging Cybersecurity Companies(Yahoo! Finance) The Security Innovation Network™ (SINET), an organization focused on advancing Cybersecurity innovation through public-private collaboration, announced today the winners of its annual SINET 16 competition. The companies, which were selected from a pool of 180 applicants from around the world, represent a range of Cybersecurity solution providers who are identifying cutting-edge technologies to address Cybersecurity threats and vulnerabilities. The selected companies will share their work with buyers, builders, investors and researchers during the SINET Showcase on Dec. 3 — 4, 2014 at the National Press Club in Washington, DC
Operation Cleaver(Cylance) Since at least 2012, Iranian actors have directly attacked, established persistence in, and extracted highly sensitive materials from the networks of government agencies and major critical infrastructure companies in the following countries: Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey, United Arab Emirates, and the United States
Cyber Attacks, Threats, and Vulnerabilities
Iran-Backed Hackers Target Airports, Carriers: Report(Bloomberg) Hackers working for Iran have targeted at least 50 companies and government organizations, including commercial airlines, looking for vulnerabilities that could be used in physical attacks, cyber-security firm Cylance Inc. said today
'Bone-Chilling' Research Suggests Iran Gearing Up To Avenge Stuxnet Hacks(Forbes) A vast number of western organisations have been breached by hackers operating out of Iran, according to researchers at Cylance, a security startup. The victims include military, energy firms, airlines and airports, hospitals, governments and their contractors in the US, the UK and beyond, the Operation Cleaver report read. And the level of access at some of the compromised critical organisations was described as "bone-chilling"
Whodunnit? Why North Korea Is Suspected in the Sony Hack(Bloomberg BusinessWeek) Sony (SNE) was warned. After learning of the company's plans to release a James Franco-Seth Rogen comedy about a plot to assassinate Kim Jong Un, North Korea declared war in June. At the time, a Foreign Ministry spokesman said all North Koreans were determined "to mercilessly destroy anyone who dares hurt or attack the supreme leadership of the country, even a bit"
Inside North Korea's elite cyberwarfare unit(CNBC) As Sony Pictures looks for a possible North Korea link to a cyberattack, there's a nagging question. Does the poor country even have advanced technology capabilities to infiltrate a large corporation?
The Latest Sony Breach And Its Potential SEC Problems(Digital Dao) Sony's (NYSE: SNE) latest network breach is also potentially one of its worst when it comes to financial impact on the company. The attackers (Guardians of Peace) stole five movies including Brad Pitt's "Fury" and released them online
Is Israel behind the 'Regin' cyber-threat?(Middle East Monitor) Last weekend the anti-virus company Symantec released details of a newly-detected piece of malware that it had intercepted and been decoding for some time. Several other anti-virus vendors released their own papers on this advanced piece of malicious software soon after
Security Researchers Withheld Regin Malware Details For 'Global Security' Reasons(TechDirt) Who's going to let you know your communications and data have been compromised by state entities? Well, it seems to depend on who the state entity is. When it's a non-'Five Eyes' country involved, there's usually no hesitation. But the recent exposure of Regin malware's NSA/GCHQ origins (which both agencies deny originates with them despite leaked documents to the contrary) came belatedly, confirming details revealed more than a year ago. The malware appears to date back nearly a decade and yet, there has been little said about it over that period of time
Biotech Professionals and Drug Manufacturers Targeted by Latest Cyber Threat(PharmExecBlog) The New York Times (NYT) reported on Dec. 1, 2014 that companies in the biotechnology sector might be the latest victims of computer security breaches. The perpetrators, who are thought to be former investment bankers, are using the information they glean to obtain a market edge on the pharmaceutical industry
Fake 'Ashton Carter' riles the national security world(Military Times) The Twitterverse exploded on Tuesday morning when a fake Twitter account purportedly belonging to Ashton Carter, the presumptive nominee to become the Pentagon's next chief, falsely claimed that he had landed the job
'LusyPOS' Malware Aims to Ruin Your Holidays(Tom's Guide) Cybercriminals and online attackers are doing their holiday shopping. A new strain of point-of-sale malware has appeared on underground black markets, designed to steal credit- and debit-card information from shoppers as cards are swiped at point-of-sale (PoS) checkout counters
Why Malvertising Is Cybercriminals? Latest Sweet Spot (Part 2)(Wired) Security is always a game of measure vs. countermeasure and malvertising is no exception. Now that smart attackers have discovered how to twist the nature of the online advertising to their criminal ends, awareness and a number of responses are necessary to counter the threat
Security Patches, Mitigations, and Software Updates
Mozilla Releases Security Updates for Firefox and Thunderbird(US-CERT) The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox and Thunderbird. Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, cause a denial of service, or exploit a buffer overflow on an affected browser
Time To Turn The Tables On Attackers(Dark Reading) As a security industry, we need to arm business with innovative technologies that provide visibility, analysis, and action to prevent inevitable breaches from causing irreparable damage
Kasperky Lab tips cyberthreats and crimes only going to get worse in 2015(Macworld) With cybercriminals growing in confidence, Kaspersky Lab anticipates that the coming year will see attacks move beyond just targeting users of banking services, widely seen as the weak link in the security chain, and grow towards higher-stakes targeted cyber-attacks hitting the banks themselves
Look for more attacks coming from privileged accounts(GCN) Abuse of privileged accounts has been understood for a long time to be a major security concern, since it opens up broad access to an organization's data and IT resources. Up to now, however, the focus has mainly been on how this applies to the so-called insider threat
Is the Detroit Power Outage Just the Tip of the Iceberg?(BusinessWire) Cybergy Partners, Inc. (OTC: MKHD) announced that today's major power outage in Detroit, which trapped people in elevators and closed public schools, is just the most recent example of many similar grid failures occurring across the country. CEO, Mark Gray stated, "Our nation's electricity infrastructure is outdated by the better part of a century. As the grid continues to age, we can expect similar incidents, driven not only by equipment degradation, severe weather, but also, unfortunately, by security breaches"
Autonomy founder Mike Lynch to report Hewlett-Packard to SEC(Financial Times) Autonomy founder Mike Lynch plans to ask US regulators to investigate evidence that he believes shows Hewlett-Packard made "false representations to the market" over its massive writedown on its acquisition of the UK software maker
Splunk Bullish Thesis Reaffirmed, Next Checkpoint At $75(Seeking Alpha) Splunk rallied 40% since it hit the 52-weeks low in June. Splunk reported strong Q3 results and increased its full-year guidance. Historical revenue trend, next year's guidance, and analysts' price targets suggest a possible 12% to 28% upside to Splunk's stock
Norway goes with Gemalto Trusted Service for mobile NFC payment commercial rollout(CSO) Gemalto, the world leader in digital security, announces that its Allynis Trusted Service Hub is enabling the commercial rollout of Valyou, Norway's first mobile NFC payment service, by Telenor, DNB and SpareBank 1. Telenor is Norway's leading mobile operator with three million subscribers in the country and some 180 million worldwide. DNB and SpareBank 1 are respectively the first and second largest financial services providers in the country. Four more banks are already planning to join the Valyou community, enabling even more users to make secure payments at fast food restaurants, convenience stores and gas stations with a simple touch of their smartphone on an NFC-ready terminal
Regin detection tool is available from G Data(IT Pro Portal) The latest prominent malware threat to pop up, Regin, has been causing quite a stir over the last few weeks — and you might be interested to learn that security firm G Data has produced a tool that can be used to discover whether you've been affected by this sophisticated Trojan
Appthority First Mobile App Security Company to Protect Enterprises from MASQUE and WireLurker iOS Malware(PRNewswire) Today Appthority, the leader in enterprise Mobile App Risk Management, announced the immediate release of a solution for analyzing and exposing both the MASQUE and WireLurker iOS mobile malware for its customers. As the first mobile app security company to detect this new iOS malware, which surfaced in early and mid-November, Appthority moved quickly to implement scanning, analysis and detection for both MASQUE and WireLurker. By quickly deploying an update to its cloud-based solution, Appthority enterprise customers have been protected since November 20, 2014
Avoiding Data Breaches with Context Aware Behavioral Analytics(Threatpost) Security, it turns out, is all about layers, where if one layer fails, there are secondary and tertiary and a long line of backup defenses. This is neither new nor revolutionary. It's why castles had moats, drawbridges and parapets; it's also why prisons have cells, walls and gates
Does Your Vulnerability Scanner Speak Portuguese?(Internet Storm Center) Rodrigo Montoro and Joaquim Espinhara did an interesting test, and like so many interesting tests, it is actually pretty obvious in hindsight: They looked at different vulnerability scanners, and checked how they behave if a web site is coded in a language other then English. The quick answer: They pretty much fail. The presentation is looking at a couple of open source and commercial scanners, and threw in snort as an IDS. Turns out all of the scanners (and Snort) have issues recognizing evidence of vulnerabilities (like SQL error messages) if the language is changed to anything but English
New tech beefs up military-strength encryption(C4ISR & Networks) Military and industry are developing a variety of software- and hardware-based encryption systems, including new software encryption tools, self-encrypting drives and biometrics
Steps to mitigate common cloud security threats(Scalar Blog) The cloud computing market has positively benefited from a quickly depleting level of security concerns among decision-makers in a wealth of industries and regions, but there are still plenty of actions that must be taken to ensure the integrity of data and systems in these environments. Whereas a majority of leaders believed that the cloud could simply not be secured as proficiently and effectively as legacy IT systems only a few years ago, most have wised up to the truths behind the technology
Protecting your Website from SQL Injection Attacks(Solutionary) [An] SQL injection (SQLi) vulnerability on a website is a big fear for a web developer, a bigger fear for a business and one of the biggest fears for anyone involved with finance or point-of-sale (POS)
Training kids to become infosec superheroes(Help Net Security) Children today embark on life in two interconnected worlds, the physical and the virtual. And just as they need to learn how to be smart and safe in the physical world, they need the skills and savvy to navigate a virtual world, an online cosmos of ever-expanding information and possibilities
Research and Development
Microsoft Research thinks Haven might be the answer to cloud storage security problems(Beta News) Storing your data in the cloud requires you to place trust in a company and its service. Whether you're talking about Dropbox, Google Drive or an enterprise level solution, security is of paramount importance. There have been numerous high profile cases in recent months in which data breaches have occurred and private data has been accessed by unauthorized people — including the NSA et al. It's little wonder that many people are wary of moving entirely to the cloud
Ashton Carter had a plan to fix the Pentagon — now he has the chance to implement it(Quartz) It was a little over three years ago that then-Secretary of Defense Bob Gates foresaw correctly that the days of increasing defense budgets were coming to an end. The nation confronted a looming fiscal crisis, and, as he famously put it in a speech at the Eisenhower Library, "The gusher has been turned off and will stay off for a good period of time"
Supreme Court quotes rap as it mulls Facebook free-speech case(Naked Security) The US Supreme Court on Monday began to wrestle with violent rap lyrics, internet trolling, and the notion that posting bomb and homicide threats is a form of therapy in which a now-jailed ranter could vent his frustration and thereby not really intend to kill anybody
German court blocks hacker's return to U.S.(AP via the Salt Lake Tribune) Germany's top court has blocked the extradition to the United States of a Turkish man accused of stealing almost $60 million in a series of hacking raids against credit card companies
Healthcare Cyber Security Summit 2014(San Francisco, California, USA, December 3 - 10, 2014) SANS is teaming up with the National Health Information Sharing & Analysis Center (NH-ISAC) to offer the 2nd Annual Healthcare Cyber Security Summit
SINET 16(Washington, DC, USA, December 3 - 4, 2014) Innovative solutions frequently come from new and emerging companies. Each year, SINET invites sixteen innovative Cybersecurity companies to present their technology solutions to a select audience of prominent...
SINET Showcase(, January 1, 1970) "Highlighting and Advancing Innovation." Showcase provides a platform to identify and highlight "best-of-class" security companies that are addressing industry and government's most pressing needs and...
Tax Incentives for Cybersecurity Businesses(Elkridge, Maryland, USA, December 9, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (including cyber, research, security clearance, and secured space tax credits) and get the...
(ISC)² Security Congress EMEA(London, England, UK, December 8 - 10, 2014) Building on the experience of the US-based (ISC)² Security Congress, now in its fourth year, (ISC)² Security Congress EMEA will offer a complementary and unique opportunity within the Europe...
ACSAC 30: Annual Computer Security Applications Conference(New Orleans, Louisiana, USA, December 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters,...
Cybersecurity 2015: Beyond the Breach(Washington, DC, USA, December 9, 2014) With each new cybersecurity attack businesses lose millions, governments lose information and citizens lose trust. At the end of a year where these attacks regularly dominated headlines, what's ahead for...
ICFPT 2014(Shanghai, China, December 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.