skip navigation

More signal. Less noise.

Daily briefing.

State-conducted offensive cyber campaigns attract attention and spur worries of more destructive operations to come. Cylance has released its report on what it calls "Operation Cleaver," an alleged Iranian cyber campaign directed against Western targets. At least fifty companies and agencies are said to have been prepped for attack through reconnaissance and initial compromise: they include energy companies, airlines and airports, hospitals, government agencies and military organizations. Forbes quotes analysts as saying the level of access attackers achieved is "bone-chilling," and that Cleaver amounts to revenge for Stuxnet.

North Korea may, however, present a more proximate threat, as consensus attributes the Sony hack to the DPRK. The FBI is investigating what former NSA Director Alexander calls "an act of war." Leaked films and compromised personal data are perhaps the least troubling of the attack's effects: the FBI draws particular attention to the master boot record overwrite capability, the "computer-killer" of journalese. Observers see functional similarities to Shamoon (which hit Saudi Aramco in 2012) and 2013's WhoIs attack on South Korea's banking sector. Several news outlets offer overviews of North Korea's cyber capabilities. Analysts (and presumably the SEC) wait for Sony to file an 8-K risk disclosure.

Iranian and North Korean capers have pushed them off the front pages, but grousing about delayed disclosure of Regin and marveling at the glib success of FIN4's market manipulation continue.

New point-of-sale malware continues to emerge, notably LusyPOS and BlackPOS variants.

CyberCom Pentagon daddy Ashton Carter will probably be the next US Defense Secretary.

Notes.

Today's issue includes events affecting Afghanistan, Algeria, Belgium, Brazil, Canada, China, Fiji, France, Germany, India, Indonesia, Iran, Ireland, Israel, Japan, Kiribati, Democratic Peoples Republic of Korea, Republic of Korea, Kuwait, Malaysia, Mexico, Pakistan, Qatar, Russia, Saudi Arabia, Syria, Turkey, United Arab Emirates, United Kingdom, United States.

Dateline SINET Showcase

SINET Showcase and Workshops 2014 (SINET) Showcase provides a platform to identify and highlight "best-of-class" security companies that are addressing industry and government's most pressing needs and requirements. The chosen SINET 16 Innovators present their technological solutions to representatives from the ecosystem of the entrepreneur: venture capital, investment banking, system integration, academia, science, legal, policy, private industry and executives from the Federal Government, including civilian, intelligence and military professionals. Showcase's objective is to increase awareness of innovative solutions that may lead to an investment in, or the purchase of, advanced technologies that will help secure our nation's critical infrastructure and command-and-control systems. SINET Workshops deliver critical knowledge, targeted perspective and opportunities for direct information sharing between entrepreneurs and security experts. Held in conjunction with IT Security Entrepreneurs Forum and Showcase, each workshop offers expert insight from industry and government officials, venture capitalists, leading researchers and successful entrepreneurs who share thought leadership, experience and "know how." There is no comparable opportunity to learn how to navigate the Federal Government sector, and to obtain the necessary financing, professional services and guidance needed to win

Security Innovation Network (SINET) Announces Its 2014 Top 16 Emerging Cybersecurity Companies (Yahoo! Finance) The Security Innovation Network™ (SINET), an organization focused on advancing Cybersecurity innovation through public-private collaboration, announced today the winners of its annual SINET 16 competition. The companies, which were selected from a pool of 180 applicants from around the world, represent a range of Cybersecurity solution providers who are identifying cutting-edge technologies to address Cybersecurity threats and vulnerabilities. The selected companies will share their work with buyers, builders, investors and researchers during the SINET Showcase on Dec. 3 — 4, 2014 at the National Press Club in Washington, DC

Operation Cleaver (Cylance) Since at least 2012, Iranian actors have directly attacked, established persistence in, and extracted highly sensitive materials from the networks of government agencies and major critical infrastructure companies in the following countries: Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey, United Arab Emirates, and the United States

Cyber Attacks, Threats, and Vulnerabilities

Iran-Backed Hackers Target Airports, Carriers: Report (Bloomberg) Hackers working for Iran have targeted at least 50 companies and government organizations, including commercial airlines, looking for vulnerabilities that could be used in physical attacks, cyber-security firm Cylance Inc. said today

'Bone-Chilling' Research Suggests Iran Gearing Up To Avenge Stuxnet Hacks (Forbes) A vast number of western organisations have been breached by hackers operating out of Iran, according to researchers at Cylance, a security startup. The victims include military, energy firms, airlines and airports, hospitals, governments and their contractors in the US, the UK and beyond, the Operation Cleaver report read. And the level of access at some of the compromised critical organisations was described as "bone-chilling"

Sony Pictures hack gets uglier; North Korea won't deny responsibility [Updated] (Ars Technica) Employee salary, health data mixed in with other corporate data leaked

The breach at Sony Pictures is no longer just an IT issue (CSO) The full scope of the incident isn't clear, but the early fallout is nothing but bad news

Whodunnit? Why North Korea Is Suspected in the Sony Hack (Bloomberg BusinessWeek) Sony (SNE) was warned. After learning of the company's plans to release a James Franco-Seth Rogen comedy about a plot to assassinate Kim Jong Un, North Korea declared war in June. At the time, a Foreign Ministry spokesman said all North Koreans were determined "to mercilessly destroy anyone who dares hurt or attack the supreme leadership of the country, even a bit"

Did North Korea's notorious Unit 121 cyber army hack Sony Pictures? (Guardian) Reports have pointed the finger at North Korea for the attack which crippled Sony Pictures and leaked documents and movies online

Here's What We Know About North Korea's Cyberwar Army (Re/code) It is still not definitively known if the hacking attack that brought the computer network belonging to Sony Pictures to its knees was carried out on behalf of North Korea or not

Inside North Korea's elite cyberwarfare unit (CNBC) As Sony Pictures looks for a possible North Korea link to a cyberattack, there's a nagging question. Does the poor country even have advanced technology capabilities to infiltrate a large corporation?

N Korea's hacking capability is of the world's best standards: defector (Channel News Asia) "What can really destroy South Korea is not from a direct artillery attack, but from the hacking of South Korea's nuclear plants," said Kang Myong Do, the son-in-law of a former North Korean prime minister

Retired General: Sony cyber attack is an act of war (KSAT ABC 12) FBI continues investigation after Sony cyber attack

The Latest Sony Breach And Its Potential SEC Problems (Digital Dao) Sony's (NYSE: SNE) latest network breach is also potentially one of its worst when it comes to financial impact on the company. The attackers (Guardians of Peace) stole five movies including Brad Pitt's "Fury" and released them online

FBI warning links wiper malware to Sony Pictures hack (TechTarget) A confidential FBI warning circulated to U.S. businesses warns of attacks that may utilize wiper malware like that used in the Sony Pictures cyberattack

Computer-killing malware used in Sony attack a wake-up call (ComputerWeekly) Computer-killing malware linked to the recent attack on Sony Pictures Entertainment should be a wake-up call to businesses, say security experts

Hollywood on Alert Following Sony Cyber-Attack (Variety) The hacking attack that hobbled Sony Pictures Entertainment in recent days has left other Hollywood studios examining their own security measures

Is Israel behind the 'Regin' cyber-threat? (Middle East Monitor) Last weekend the anti-virus company Symantec released details of a newly-detected piece of malware that it had intercepted and been decoding for some time. Several other anti-virus vendors released their own papers on this advanced piece of malicious software soon after

Security Researchers Withheld Regin Malware Details For 'Global Security' Reasons (TechDirt) Who's going to let you know your communications and data have been compromised by state entities? Well, it seems to depend on who the state entity is. When it's a non-'Five Eyes' country involved, there's usually no hesitation. But the recent exposure of Regin malware's NSA/GCHQ origins (which both agencies deny originates with them despite leaked documents to the contrary) came belatedly, confirming details revealed more than a year ago. The malware appears to date back nearly a decade and yet, there has been little said about it over that period of time

Biotech Professionals and Drug Manufacturers Targeted by Latest Cyber Threat (PharmExecBlog) The New York Times (NYT) reported on Dec. 1, 2014 that companies in the biotechnology sector might be the latest victims of computer security breaches. The perpetrators, who are thought to be former investment bankers, are using the information they glean to obtain a market edge on the pharmaceutical industry

Xbox Live having issues, hacker group claims responsibility for taking it offline [update] (Polygon) Xbox owners are reporting difficulties connecting to Xbox Live and a hacker group with a history of targeting online gaming services is claiming responsibility for taking the network offline

Lizard Squad Hackers Deface Mobile News Site (Computer Business Review) Attack pattern deviates from usual methods, but Twitter seems to confirm culprit

Fake 'Ashton Carter' riles the national security world (Military Times) The Twitterverse exploded on Tuesday morning when a fake Twitter account purportedly belonging to Ashton Carter, the presumptive nominee to become the Pentagon's next chief, falsely claimed that he had landed the job

'LusyPOS' Malware Aims to Ruin Your Holidays (Tom's Guide) Cybercriminals and online attackers are doing their holiday shopping. A new strain of point-of-sale malware has appeared on underground black markets, designed to steal credit- and debit-card information from shoppers as cards are swiped at point-of-sale (PoS) checkout counters

New point-of-sale malware on underground markets for $2,000 (IDG via ComputerWorld) LusyPOS appears to be a derivative of the Dexter and Chewbacca POS malware

Black Friday, Cyber-Attack Monday (Cyactive) Holiday season brings with it yet another addition to the growing PoS malware family, profiting off end-of-year sales

Why Malvertising Is Cybercriminals? Latest Sweet Spot (Part 2) (Wired) Security is always a game of measure vs. countermeasure and malvertising is no exception. Now that smart attackers have discovered how to twist the nature of the online advertising to their criminal ends, awareness and a number of responses are necessary to counter the threat

Can you depend on Wi-Fi to enable the Internet of Things securely? (SC Magazine) When it comes to the Internet of Things (IoT), the presumption is that it just works, but the physical connection and the security behind it cannot be overlooked

The Islamic State is a Hybrid Threat: Why Does That Matter? (Small Wars Journal) The Islamic State (IS), also known as ISIS or ISIL, has garnered international condemnation for its brutal military and genocidal campaigns under ethnic and religious auspices

Security Patches, Mitigations, and Software Updates

Mozilla Releases Security Updates for Firefox and Thunderbird (US-CERT) The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox and Thunderbird. Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, cause a denial of service, or exploit a buffer overflow on an affected browser

IBM Fixes Serious Code Execution Bug in Endpoint Manager Product (Threatpost) IBM has fixed a serious vulnerability in its Endpoint Manager product that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system

Cyber Trends

Time To Turn The Tables On Attackers (Dark Reading) As a security industry, we need to arm business with innovative technologies that provide visibility, analysis, and action to prevent inevitable breaches from causing irreparable damage

Kasperky Lab tips cyberthreats and crimes only going to get worse in 2015 (Macworld) With cybercriminals growing in confidence, Kaspersky Lab anticipates that the coming year will see attacks move beyond just targeting users of banking services, widely seen as the weak link in the security chain, and grow towards higher-stakes targeted cyber-attacks hitting the banks themselves

Look for more attacks coming from privileged accounts (GCN) Abuse of privileged accounts has been understood for a long time to be a major security concern, since it opens up broad access to an organization's data and IT resources. Up to now, however, the focus has mainly been on how this applies to the so-called insider threat

Vulnerabilities Under Attack: Shedding Light on the Growing Attack Surface (Trend Micro: Simply Security) A former colleague of mine who used to work for a certain government agency out of Langley, Virginia (i.e the CIA) was fond of an Ian Fleming quote from Goldfinger: "Once is happenstance. Twice is coincidence. Three times is enemy action"

Is the Detroit Power Outage Just the Tip of the Iceberg? (BusinessWire) Cybergy Partners, Inc. (OTC: MKHD) announced that today's major power outage in Detroit, which trapped people in elevators and closed public schools, is just the most recent example of many similar grid failures occurring across the country. CEO, Mark Gray stated, "Our nation's electricity infrastructure is outdated by the better part of a century. As the grid continues to age, we can expect similar incidents, driven not only by equipment degradation, severe weather, but also, unfortunately, by security breaches"

Marketplace

Mobile security platform Viaforensics rebrands as NowSecure, collects $12.5M to expand (VentureBeat) Mobile security firm NowSecure just landed $12.5 million in its first round of funding

Autonomy founder Mike Lynch to report Hewlett-Packard to SEC (Financial Times) Autonomy founder Mike Lynch plans to ask US regulators to investigate evidence that he believes shows Hewlett-Packard made "false representations to the market" over its massive writedown on its acquisition of the UK software maker

Once Celebrated in Russia, Programmer Pavel Durov Chooses Exile (New York Times) When a SWAT team appeared at Pavel Durov's door in St. Petersburg, he started thinking about his future in Russia

Joshua Shani: Lockheed Joins Cyber Initiative in Israel to Support Local ICT Partnerships (ExecutiveBiz) Lockheed Martin has partnered with BGN Technologies, EMC and Jerusalem Venture Partners under Israel's CyberSpark Industry Initiative, which aims to bolster public-private partnerships in the country as well as international industry collaboration

Splunk Bullish Thesis Reaffirmed, Next Checkpoint At $75 (Seeking Alpha) Splunk rallied 40% since it hit the 52-weeks low in June. Splunk reported strong Q3 results and increased its full-year guidance. Historical revenue trend, next year's guidance, and analysts' price targets suggest a possible 12% to 28% upside to Splunk's stock

Norway goes with Gemalto Trusted Service for mobile NFC payment commercial rollout (CSO) Gemalto, the world leader in digital security, announces that its Allynis Trusted Service Hub is enabling the commercial rollout of Valyou, Norway's first mobile NFC payment service, by Telenor, DNB and SpareBank 1. Telenor is Norway's leading mobile operator with three million subscribers in the country and some 180 million worldwide. DNB and SpareBank 1 are respectively the first and second largest financial services providers in the country. Four more banks are already planning to join the Valyou community, enabling even more users to make secure payments at fast food restaurants, convenience stores and gas stations with a simple touch of their smartphone on an NFC-ready terminal

My Digital Shield Forms Partnership with Hospitality Solutions Provider SkyWire (Virtual Strategy Magazine) Security-as-a-service provider's cloud-based solution will be marketed to SkyWire's customers in banking, hospitality, restaurant, retail, spa, and more

Products, Services, and Solutions

Which e-retailers have good user security? (ZDNet) Some web sites have better password rules than others, and some collect more information. The best is Apple, the worst is Sears

Regin detection tool is available from G Data (IT Pro Portal) The latest prominent malware threat to pop up, Regin, has been causing quite a stir over the last few weeks — and you might be interested to learn that security firm G Data has produced a tool that can be used to discover whether you've been affected by this sophisticated Trojan

Appthority First Mobile App Security Company to Protect Enterprises from MASQUE and WireLurker iOS Malware (PRNewswire) Today Appthority, the leader in enterprise Mobile App Risk Management, announced the immediate release of a solution for analyzing and exposing both the MASQUE and WireLurker iOS mobile malware for its customers. As the first mobile app security company to detect this new iOS malware, which surfaced in early and mid-November, Appthority moved quickly to implement scanning, analysis and detection for both MASQUE and WireLurker. By quickly deploying an update to its cloud-based solution, Appthority enterprise customers have been protected since November 20, 2014

Tripwire Announces Threat Detection and Protection Integration With Palo Alto Networks (MarketWatch) Provides comprehensive protection against advanced cyber threats

Encrypted messaging service Wickr, formerly mobile-only, now available on desktops (Venture Beat) Self-destructing messaging is coming to the desktop today in a new update from the ephemeral messaging app Wickr

Kemp LoadMaster ADC, now with Web application firewall security (TechTarget) The Kemp LoadMaster ADC line will now come equipped with a Web application firewall, giving customers application-level threat protection

AVG Antivirus Download more security layers with the new updates (The REM) AVG antivirus is a brand that is one of the best when it comes to taking care of the security of mobile devices and computers

Technologies, Techniques, and Standards

Avoiding Data Breaches with Context Aware Behavioral Analytics (Threatpost) Security, it turns out, is all about layers, where if one layer fails, there are secondary and tertiary and a long line of backup defenses. This is neither new nor revolutionary. It's why castles had moats, drawbridges and parapets; it's also why prisons have cells, walls and gates

Does Your Vulnerability Scanner Speak Portuguese? (Internet Storm Center) Rodrigo Montoro and Joaquim Espinhara did an interesting test, and like so many interesting tests, it is actually pretty obvious in hindsight: They looked at different vulnerability scanners, and checked how they behave if a web site is coded in a language other then English. The quick answer: They pretty much fail. The presentation is looking at a couple of open source and commercial scanners, and threw in snort as an IDS. Turns out all of the scanners (and Snort) have issues recognizing evidence of vulnerabilities (like SQL error messages) if the language is changed to anything but English

New tech beefs up military-strength encryption (C4ISR & Networks) Military and industry are developing a variety of software- and hardware-based encryption systems, including new software encryption tools, self-encrypting drives and biometrics

Steps to mitigate common cloud security threats (Scalar Blog) The cloud computing market has positively benefited from a quickly depleting level of security concerns among decision-makers in a wealth of industries and regions, but there are still plenty of actions that must be taken to ensure the integrity of data and systems in these environments. Whereas a majority of leaders believed that the cloud could simply not be secured as proficiently and effectively as legacy IT systems only a few years ago, most have wised up to the truths behind the technology

Protecting your Website from SQL Injection Attacks (Solutionary) [An] SQL injection (SQLi) vulnerability on a website is a big fear for a web developer, a bigger fear for a business and one of the biggest fears for anyone involved with finance or point-of-sale (POS)

Leveraging the Kill Chain for Awesome (Dark Reading) There are good reasons the Kill Chain is being used by some of the most successful information security teams around. Here are three

How I learned to stop worrying and love the Twitterbot (Christian Science Monitor) What it's like to have your identity hijacked and replaced with a Russian-speaking Bruce Willis impostor

Design and Innovation

Microsoft's futuristic cybercrime computer lets you see and hear botnet activity (Geek) Microsoft's new cybercrime center already looked like something out of a futuristic cop flick, but their new dashboard for examining botnet activity takes things to a whole new level

Training kids to become infosec superheroes (Help Net Security) Children today embark on life in two interconnected worlds, the physical and the virtual. And just as they need to learn how to be smart and safe in the physical world, they need the skills and savvy to navigate a virtual world, an online cosmos of ever-expanding information and possibilities

Research and Development

Microsoft Research thinks Haven might be the answer to cloud storage security problems (Beta News) Storing your data in the cloud requires you to place trust in a company and its service. Whether you're talking about Dropbox, Google Drive or an enterprise level solution, security is of paramount importance. There have been numerous high profile cases in recent months in which data breaches have occurred and private data has been accessed by unauthorized people — including the NSA et al. It's little wonder that many people are wary of moving entirely to the cloud

Legislation, Policy, and Regulation

Government accused of cowardice over tapping of cables (Irish Times) 'Will the Government continue to award contracts to firms that have been complicit with the UK government in spying on our conversations?'

Meet Chuck Hagel's expected replacement as Defense Secretary (CNN) Ashton Carter, the former second-in-command at the Pentagon, appears to be the top choice to replace outgoing Secretary Chuck Hagel

Likely DOD pick helped drive Cyber Command buildup (The Hill) President Obama's presumptive choice to head the Pentagon, Ashton Carter, played a key role in reorganizing U.S. Cyber Command in 2013

Ashton Carter had a plan to fix the Pentagon — now he has the chance to implement it (Quartz) It was a little over three years ago that then-Secretary of Defense Bob Gates foresaw correctly that the days of increasing defense budgets were coming to an end. The nation confronted a looming fiscal crisis, and, as he famously put it in a speech at the Eisenhower Library, "The gusher has been turned off and will stay off for a good period of time"

DNI Combines Security Functions with Counterintelligence Unit (Washington Free Beacon) Critics say Clapper center will further diminish counterspy efforts

Why FBI Is Wrong On Encryption Workaround (InformationWeek) Such a measure would invade privacy, extend government overreach, and hurt US tech companies

Better public-private relationship key to preventing next cyber attack (Federal News Radio) The threat of a major cyberattack could expose the sensitive information of millions of Americans — whether that breach happens at a retailer like Target or at a government agency like the Postal Service

Litigation, Investigation, and Law Enforcement

Supreme Court quotes rap as it mulls Facebook free-speech case (Naked Security) The US Supreme Court on Monday began to wrestle with violent rap lyrics, internet trolling, and the notion that posting bomb and homicide threats is a form of therapy in which a now-jailed ranter could vent his frustration and thereby not really intend to kill anybody

German court blocks hacker's return to U.S. (AP via the Salt Lake Tribune) Germany's top court has blocked the extradition to the United States of a Turkish man accused of stealing almost $60 million in a series of hacking raids against credit card companies

Edward Snowden wins Swedish human rights award for NSA revelations (Guardian) Whistleblower receives several standing ovations in Swedish parliament as he wins Right Livelihood award

Accused Anonymous hacker's life 'devastated' by charges, Perth court hears (Australian Broadcasting Corporation) An alleged member of the Anonymous group accused of hacking into Australian and Indonesian websites has his case adjourned by a Perth court, despite his lawyer arguing the charges against her client are having a "devastating" effect

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

5th Annual Raytheon Cyber Security Summit: "The Unassailable Enterprise" (Reston, Virginia, USA, December 2 - 3, 2014) We invite commercial and government entities to attend the 5th Annual Cyber Security Summit where we will explore the "unassailable enterprise" in 2014 and beyond. We bring together some of the most acclaimed...

Healthcare Cyber Security Summit 2014 (San Francisco, California, USA, December 3 - 10, 2014) SANS is teaming up with the National Health Information Sharing & Analysis Center (NH-ISAC) to offer the 2nd Annual Healthcare Cyber Security Summit

SINET 16 (Washington, DC, USA, December 3 - 4, 2014) Innovative solutions frequently come from new and emerging companies. Each year, SINET invites sixteen innovative Cybersecurity companies to present their technology solutions to a select audience of prominent...

SINET Showcase (, January 1, 1970) "Highlighting and Advancing Innovation." Showcase provides a platform to identify and highlight "best-of-class" security companies that are addressing industry and government's most pressing needs and...

Tax Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, December 9, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (including cyber, research, security clearance, and secured space tax credits) and get the...

International Conference for Internet Technology and Secured Transactions 2014 (London, England, UK, December 8 - 10, 2014) The ICITST is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology...

(ISC)² Security Congress EMEA (London, England, UK, December 8 - 10, 2014) Building on the experience of the US-based (ISC)² Security Congress, now in its fourth year, (ISC)² Security Congress EMEA will offer a complementary and unique opportunity within the Europe...

ACSAC 30: Annual Computer Security Applications Conference (New Orleans, Louisiana, USA, December 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters,...

Cybersecurity 2015: Beyond the Breach (Washington, DC, USA, December 9, 2014) With each new cybersecurity attack businesses lose millions, governments lose information and citizens lose trust. At the end of a year where these attacks regularly dominated headlines, what's ahead for...

ICFPT 2014 (Shanghai, China, December 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.