Sony's via dolorosa through cyberspace continues as someone, perhaps the still-unidentified parties responsible for last week's major attack send "vague demands" to Sony employees accompanied by threats against the employees' families. Also, the PlayStation Store was briefly rendered inaccessible.
Suspicion has been so far largely directed against North Korea's government, but over the weekend Norse tweeted its belief the attack was in fact mounted by insiders (and promises more information once its participation in investigations permits it to be more forthcoming).
Pyongyang denies involvement, but then (addressing no doubt prospective buyers of the Brooklyn Bridge) credits the attacks to a heroic spontaneous global defense of North Korea against American imperialism (in the persons of Seth Rogen et al.). Many observers continue to believe the Kim regime is responsible, and offer an overview of that government's cyber capabilities.
FireEye's Mandiant unit, investigating the attacks, calls them "unprecedented," and suggests there was little Sony could have done to forestall them. Outsiders suggest to the contrary that tighter security practices might have made the attack less successful.
The Sony hack has driven other threats (notably Iran's Operation Cleaver battlespace preparation and ISIS cyber operations) from the front pages, but these remain matters of ongoing concern.
Neverquest evolves and appears in the North American wild. Trusteer researchers see the Trojan's evolution as more evidence of the futility of "naïve" security.
Social engineering continues to advance in sophistication and effectiveness, as seen in several current campaigns.
Bebe is the latest major retail victim of cybercrime.
Today's issue includes events affecting Belgium, China, European Union, France, Iraq, Israel, Japan, Democratic Peoples Republic of Korea, Morocco, Netherlands, Pakistan, Poland, Saudi Arabia, Slovakia, Syria, United Kingdom, United States.
WIPALL Malware Leads to #GOP Warning in Sony Hack(TrendLabs Security Intelligence Blog) Our previous blog entry discussed the "destructive" FBI security advisory and an analysis about the WIPALL malware family and its direct connection to the massive Sony Pictures hack. In this blog post, we will further discuss other WIPALL malware variants and their main routines that link to the #GOP warning seen in infected computers of Sony Pictures employees. Below is an overview of the infection chain to be discussed in this entry
Did North Korea Hack Sony Pictures? Federal Government Says It's Possible(Bustle) Sony Pictures Entertainment was recently hit with a massive cyber attack that stole personal information on employees and high-profile movie stars, leaked salaries and screenplays, and inevitably wiped the company's internal servers clean. Now, the hackers are reportedly harassing Sony employees and threatening their families. But the federal government has an inkling of who's behind the devastating security breach: Federal investigators reportedly believe North Korea hacked Sony's servers, and are taking the cyber attack very, very seriously
Sony Cyber Attack 'Righteous Deed' In Struggle Against US Imperialism, Says North Korea(International Business Times) North Korea praised the cyberattack on the Sony Corp. that exposed confidential company information and froze Sony Pictures Entertainment's computer network, but it denied responsibility for the hacking, NBC News reported Sunday. The Sony Pictures unit is releasing Christmas Day an action-comedy film titled "The Interview," in which CIA agents plot to assassinate North Korean leader Kim Jong Un
In North Korea, hackers are a handpicked, pampered elite(Reuters) Despite its poverty and isolation, North Korea has poured resources into a sophisticated cyber-warfare cell called Bureau 121, defectors from the secretive state said as Pyongyang came under the microscope for a crippling hack into computers at Sony Pictures Entertainment
Sony Cyber Attack One of Worst in Corporate History(Newsweek) Sony Pictures Entertainment experienced one of the most devastating corporate attacks in history. Thousands of files, seized by hackers last week, have been leaked online including personal details of around 6,000 Sony employees, upcoming Sony feature films and the salary details of top executives
Sony Breach Has Cybersecurity Industry Scrambling for Answers(The Street) The baffling, prolonged cyber-breach at Sony (SNE) highlights the frailty of corporate networks, if a string of high-profile attacks against Home Depot (HD) , Neiman Marcus, Target (TGT) , Bank of America (BAC) and others had not already made the vulnerability clear
CIOs and CISOs Can Learn From the Massive Sony Data Breach(Wall Street Journal) The destructive cyberattack at Sony 6758.TO -3.25% Pictures Entertainment represents a major shift in the techniques and motivations attackers use, security experts say. As this shift occurs, technology executives may need to rethink how they manage and protect broader swaths of information across increasingly complex and interconnected networks
SpoofedMe — Intruding Accounts using Social Login Providers A Social Login Impersonation Attack(PacketStorm) In recent years, millions of web users have employed their social network accounts (such as Facebook and Google+) to connect to third-party websites using a process called 'Social Login'. Social login (or social sign-in) is a general name for authentication mechanisms that allow an end-user to conveniently use a single existing account of an identity provider (typically a social networking service) for signing
into multiple third-party websites, instead of having to use separate credentials for each one. In this paper, we present an implementation vulnerability found in some popular social login identity providers
"Tyranny of the Police" Email Delivers Upatre Trojan(Softpedia) A malicious email is currently hitting the inboxes claiming to be delivered by the Deans & Lyons law firm and to inform recipients of new abuses committed by the police following the Ferguson incidents
Cybercrime, Insider Trading and Gaming the Stock Market(Hacksurfer) A group of cybercriminals has been targeting the email accounts of more than 100 organizations in order to steal non-public information about mergers and acquisition (M&A) deals and other pending announcements. The group, which FireEye calls FIN4, has been operating for more than a year and presumably uses that stolen information to gain a considerable trading advantage in the stock market
Social Engineering improvements keep Rogues/FakeAV a viable scam(Webroot Threat Blog) The threat landscape has been accustomed to rogues for a while now. They've been rampant for the past few years and there likely isn't any end in sight to this scam. These aren't complex pieces of malware by any means and typically don't fool the average experienced user, but that's because they're aimed at the inexperienced user. We're going to take a look at some of the improvements seen recently in the latest round of FakeAVs that lead to their success. While the images shown may have different names of A-Secure, Zorton, and AVbytes, they are identical in execution, appearance and are likely from the same author(s)
Another Retailer Hack(Hacksurfer) Another store another hack, and this one also broke by security blogger, Brian Krebs. The internet is still abuzz about the recent Sony hack so many are barely paying attention to the new data breach at Bebe Stores Inc, a popular women's clothing store. Is this is the beginning of a major holiday strike or just another store with lax security standards?
WellCare informs Medicare subscribers of data breach(Rochester Democrat & Chronicle) Some personal information of a few dozen Monroe County residents who are Medicare subscribers with WellCare Health Plans recently was mishandled by a subcontractor for the insurer
Army chief warns of threats from 'supra individuals'(AAJ News) Chief of Pakistan Army Staff General Raheel Sharif has warned the world of threats from 'supra individuals' having a capacity to trigger instability and conflicts within states, saying the nations are now embattled with such particular entities
Health insurance online threats revealed(Help Net Security) Websites hosted by external providers, excessive mobile app permissions and third party code libraries represent the biggest risks to users of health insurance web and mobile self-service tools, according to RiskIQ
Bogus IDs Aboard NASA's Orion Spacecraft(Softpedia) A microchip aboard the Orion spacecraft and containing over 1.3 million names may be carrying bogus information injected by a researcher through an online service provided by NASA for people to register for a boarding pass for the test flight of the spacecraft
Shellshock scare ripples out(Enterprise Innovation) The third quarter saw a significant event with the new critical vulnerability, known as Shellshock, that threatened more than half a billion servers and devices worldwide, according to a new report from Trend Micro
Security Patches, Mitigations, and Software Updates
Study: 58 percent of businesses do not have complete patch management strategy(SC Magazine) A Trustwave study found that 58 percent of businesses do not have a fully mature patch management process in place and 12 percent do not have one at all. Although major vulnerabilities, such as Heartbleed and ShellShock, were discovered this year, and data breaches dominated headlines, IT security professionals are continuing to delay the creation of thorough security plans and patching schedules, a new study found
I'm a logistician. When did cyber warrior become part of my job description?(DC Velocity) When you go into the deployed environment, you pay attention to the threat environment. As we continue to see in Iraq and Afghanistan, there are a ton of threat vectors. It's an asynchronous environment so concepts like "the rear," some sort of notional safe haven, are at best quaint and at worst lethal if you think the really exists
Companies Face Cyberthreat from Inside(Institutional Investor) The recent computer attacks on Wall Street firms and Sony Pictures highlight the potential danger from employees and other parties with insider knowledge
Human Error Blamed for Most UK Data Breaches(Infosecurity Magazine) Human error, poor processes and inadequate systems accounted for virtually all the data breaches reported to privacy watchdog the Information Commissioner's Office (ICO) in the second quarter, according to new figures
Complicated password rules diminish online shopping convenience(Help Net Security) The holiday shopping season is now fully underway, but the online shopping splurge is not over yet. Over half of Europeans plan to buy their gifts online, yet many are struggling to cope with the complex password rules posed by online retailers, according to Kaspersky Lab
What will create cybersecurity challenges in 2015?(Help Net Security) Security experts at Unisys predicted even greater cybersecurity challenges in the year ahead as continued growth in the use of mobile devices and applications in the workplace, along with increased business-related usage of the Internet of Things, outpace organizations' ability to protect their critical data
5 things every company should know about cyber breaches(PropertyCasualty360) The prospect of a cyber breach looms for every business and the stakes have never been higher. A survey by the Ponemon Institute with Hewlett-Packard found that the average cost of responding to a cyber attack for U.S. companies has increased 96% over the last five years to a whopping $12.7 million. Considering that the 59 organizations which participated in the study have seen a 176% increase in the number of cyber attacks with an average of 138 successful attacks per week, the chances that a company will experience an attack increase every day
Rising cyber attacks prompt more investment in security(Gulf Times) Technology firms and critical national infrastructure such as telecommunications networks are among the five major industries that invest heavily on security due to high risks of cyber attacks and threats, a senior official of Qatar-based global telecom company Ooredoo said
Cloud Security Budgets Expected to Increase to Prevent Attacks(Midsize Insider) According to a new study by SolarWinds featured in MSPmentor, 82 percent of IT professionals said that their company was the victim of a serious attack on their network within the recent past. However, 84 percent think their company's security is above average. IT professionals remain optimistic, and cloud security budgets are growing
Huawei Technologies has big plans, faces big questions(Seattle Times via Phys.org) Many Americans may not be familiar with Huawei Technologies, but the Shenzhen, China-based company has become one of the largest telecommunications and networking suppliers in the world, competing against the likes of Cisco and Ericsson, as well as Samsung and Apple in smartphone sales
Suspicions keep Chinese telecom firm Huawei out of U.S. market(Los Angeles Times) In mid-November, the giant Chinese telecommunications firm Huawei invited networking executives from some of the more than 170 countries where it does business for a two-day Global Mobile Broadband Forum. The potential buyers wandered among display tables bathed in a ghostly blue light as corporate associates talked up the products. They represented about 400 companies. None was American
BlackBerry: Analyzing The Secusmart Purchase(Seeking Alpha) Just last week Germany approved BlackBerry's (NASDAQ:BBRY) planned acquisition of Secusmart, the supplier of voice encryption technology used to secure the communications of top politicians including German Chancellor Angela Merkel
RTGX Completes Acquisition of THE TIPSTONE GROUP, LLC(Virtual Strategy) Ross Technologies, Inc. (RTGX), an innovative provider of Cyber and Big Data intelligence, Technology Portfolio Management and technology infrastructure management to national security and Department of Defense agencies in the federal space, is pleased to announce that the company has completed its acquisition of THE TIPSTONE GROUP, LLC. significantly expanding its cyber research and program and portfolio management capabilities for the U.S. Department of Defense and Intelligence Community. A privately-owned company based in Northern Virginia TIPSTONE's primary solution offerings are in cyber operations SETA research and the management of highly technical and advanced forward leaning solutions and standards that shape the future
Interview: Rohyt Belani, CEO PhishMe(Infosecurity Magazine) With nearly 15 years in the industry, Rohyt Belani is now firmly in "geek in suit" territory, having co-founded PhishMe in 2008. He told Mike Hine about the changing face of cybersecurity, the persistent threat of spear-phishing, and the importance of hands-on cybersecurity training
zANTI 2.0 — Android Network Toolkit(Kitploit) zANTI is a mobile penetration testing toolkit that lets security managers assess the risk level of a network with the push of a button. This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to compromise the corporate network
Technologies, Techniques, and Standards
Hardware secured mobile devices toughen first line of defense(GCN) It's been 10 years since the federal government introduced measures to standardize identity and credentials across all agencies. Since then, almost 5 million smart card-based Personal Identity Verification (PIV) credentials have been issued to government employees and contractors for secure access to government buildings and IT systems. Standards have also been widened for non-federal and commercial use to include millions more through Personal Identity Verification Interoperable (PIV-I) and Commercial Identity Verification (CIV) cards
Toward a Breach Canary for Data Brokers(KrebsOnSecurity) When a retailer's credit card systems get breached by hackers, banks usually can tell which merchant got hacked soon after those card accounts become available for purchase at underground cybercrime shops. But when companies that collect and sell sensitive consumer data get hacked or are tricked into giving that information to identity thieves, there is no easy way to tell who leaked the data when it ends up for sale in the black market. In this post, we'll examine one idea to hold consumer data brokers more accountable
How to Stop DNS Hijacking(Infosec Institute) You have (probably more than once in your life) keyed in a familiar domain name and ended up in an entirely different page that was not even close to what you had expected. Chances are that you never even noticed the abnormality and you went ahead retyping the domain name or making a custom search of your preferred destination on Google. Well, what you have never realized is that you may have been a victim of Domain Name System Hijacking or redirection
ERM in Practice: Risk Limits and Controls(WillisWire) One of the core elements of a thorough ERM strategy involves setting risk limits and controls. This practice forms an essential link in every organization's risk management cycle, which includes identifying, assessing, taking, mitigating, monitoring, and responding to risk
Setting Up Your Gadgets Securely(Trend Micro: CTO Insights) It's that time of year again — the last quarter of the year is a time for many of us to buy a new smartphone, as we look at the new devices launched relatively recently by Apple, Samsung, and all the other phone providers and decide which one we shall use for the duration of our next smartphone contract
Huawei in Bid to Improve Global Cyber-Security(Infosecurity Magazine) Chinese computing giant Huawei has released a new report outlining what it believes are the top 100 requirements organizations should consider when appraising the security capabilities of their technology vendors
Blame China for the NSA's spying campaign on us all(InfoWorld) In summer 2007, top executives of 20 of the largest defense contractors in the country were summoned to a meeting in a "sensitive compartmented information facility," a room built to be impervious to eavesdropping at the National Security Agency's headquarters in Maryland. What they learned was shocking
Terrorism insurance deal takes shape(Politico) Congress is closing in on a deal to extend the government's terrorism risk insurance program, a top priority for the business community during the lame-duck session that has been the subject of an intense lobbying campaign
White House Ignores Ongoing Cyber Massacre on US(Breitbart) The Obama administration has faced a larger threat of cyber attacks from foreign enemies than any administration before it, yet has demonstrated a continuing de facto policy in dealing with the onslaught of cyber attacks against our nation: doing nothing. Not only does our current administration mostly ignore the intrusions and sabotage entirely — they carry on like nothing ever happened
After 20 years, Saxby Chambliss lays out his 'cyber' legacy(AJC) It's been nearly two years since a frustrated Saxby Chambliss, pointing to the "ugly" climate in Washington, announced he would rather be home sipping whisky on a porch with friends rather than serve another six years in the U.S. Senate
Judge: Give NSA unlimited access to digital data(PC World) The U.S. National Security Agency should have an unlimited ability to collect digital information in the name of protecting the country against terrorism and other threats, an influential federal judge said during a debate on privacy
Litigation, Investigation, and Law Enforcement
EC3 Head Paints Bleak Cybercrime Picture(Threatpost) Everyone has the right to privacy, said Troels Oerting, head of the Europol's European Cybercrime Center (EC3), at Georgetown Law's Cybercrime2020 conference yesterday. However, he went on, if you break your contract with society, that right can be taken away
Treasury Dept: Tor a Big Source of Bank Fraud(KrebsOnSecurity) A new report from the U.S. Treasury Department found that a majority of bank account takeovers by cyberthieves over the past decade might have been thwarted had affected institutions known to look for and block transactions coming through Tor, a global communications network that helps users maintain anonymity by obfuscating their true location online
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Healthcare Cyber Security Summit 2014(San Francisco, California, USA, December 3 - 10, 2014) SANS is teaming up with the National Health Information Sharing & Analysis Center (NH-ISAC) to offer the 2nd Annual Healthcare Cyber Security Summit
Tax Incentives for Cybersecurity Businesses(Elkridge, Maryland, USA, December 9, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (including cyber, research, security clearance, and secured space tax credits) and get the...
(ISC)² Security Congress EMEA(London, England, UK, December 8 - 10, 2014) Building on the experience of the US-based (ISC)² Security Congress, now in its fourth year, (ISC)² Security Congress EMEA will offer a complementary and unique opportunity within the Europe...
ACSAC 30: Annual Computer Security Applications Conference(New Orleans, Louisiana, USA, December 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters,...
Cybersecurity 2015: Beyond the Breach(Washington, DC, USA, December 9, 2014) With each new cybersecurity attack businesses lose millions, governments lose information and citizens lose trust. At the end of a year where these attacks regularly dominated headlines, what's ahead for...
ICFPT 2014(Shanghai, China, December 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.