Some familiar threats resurface in new forms or places. BlackEnergy, says ICS-CERT, is exploiting a patched Siemens SIMATIC WinCC flaw. Blue Coat exposes the workings of Inception (and suggests there's a good chance the APT is the work of a "medium-sized nation-state"). Kaspersky revisits the related, and recently active, RedOctober espionage campaign.
Sony remains as much in the news as ever, and not in a good way. While probably not "unprecedented," the attack it sustained seems to have been quite difficult to parry. Attribution's still up in the air, but the US Department of Justice is working through its investigation and toward indictments. Observers continue to speculate about the cost of the attack ($100M?). Some of that damage will be hard-to-quantify reputational loss (one lesson we might all draw is to restrain the amount of acid wit we put into our emails — cyberspace isn't the Algonquin Roundtable). Sony has begun trying to stop downloads of leaked movies.
Several new vulnerabilities are disclosed, as is some potentially suspicious reconnaissance of D-Link devices.
Readers of Cylance's report on Operation Cleaver continue to worry about Iran turning off their lights. State-conducted offensive cyber operations remain a matter of concern (and the US Department of Justice seems to be playing a long game of deterrent lawfare in the Sony case, whether or not the attack came from North Korea). Bloomberg BusinessWeek calls out Russia for a 2008 cyber attack that enabled kinetic effects on Turkish pipelines.
In industry news, Belden's buying Tripwire for $710M.
Today's issue includes events affecting Australia, China, European Union, Iran, Ireland, Kenya, Democratic Peoples Republic of Korea, Republic of Korea, Mozambique, Netherlands, Paraguay, Romania, Russia, Sweden, Turkey, United Arab Emirates, United States, and Venezuela.
Cyber Attacks, Threats, and Vulnerabilities
BlackEnergy Malware May Be Exploiting Patched WinCC Flaw(Threatpost) Experts at ICS-CERT say that the BlackEnergy malware that has been seen infecting human-machine interface systems may be exploiting a recently patched vulnerability in the Siemens SIMATIC WinCC software in order to compromise some systems
Advanced Inception APT Malware Likely State-Sponsored(Infosecurity Magazine) A highly advanced, multi-layered advanced persistent threat (APT) is targeting individuals in strategic positions: Executives in important businesses such as oil, finance and engineering, military officers, embassy personnel and government officials. And it's spreading
Cloud Atlas: RedOctober APT is back in style(Securelist) Two years ago, we published our research into RedOctober, a complex cyber-espionage operation targeting diplomatic embassies worldwide. We named it RedOctober because we started this investigation in October 2012, an unusually hot month
RedOctober Rises Again with Cloud Atlas APT(Infosecurity Magazine) Remember RedOctober, the complex cyber-espionage operation targeting diplomatic embassies worldwide? After being outed in January 2013, the operation was promptly shut down and the network of C&Cs was dismantled. But now, the advanced persistent threat (APT) group appears to be back
DOJ: 'Increase the cost' for nation-state hackers(FCW) A top FBI cybersecurity official said the agency has yet to attribute a recent large-scale hack of Sony Pictures to North Korea. In the meantime, an assistant attorney general involved in the investigation is playing the long game, hoping that a potentially months-long probe and possible indictment would deter other cyberattackers
Did North Korea Hack Sony? It Seems Hard to Believe(Lumension Blog) There's plenty of rumours and speculation, but one thing is certain: something has gone awfully awry with the computer systems at Sony Pictures Entertainment — the television and movie subsidiary of the huge Sony Corporation
North Korea Cyber Attack on Sony — No Evidence, but Plenty of Capabilities(Daily Signal) The FBI declared on December 9 that there is "no attribution to North Korea at this point" of the massive cyber attack on Sony Pictures for its planned release of a parody film of North Korean leader Kim Jong-un. Sources close to the ongoing investigations disclosed that Pyongyang remains the principal suspect. Cyber experts concluded that there are similarities between the attack on Sony and earlier attacks against South Korean targets and that malware used included Korean language text
Sony Corporation (NYSE:SNE) Victim of another Cyber Attack: Different Group, Same Source(WallStreet.org) Guardians of Peace have struck again. The group that broke into Sony Corporation (NYSE:SNE)'s Hollywood Studios database and leaked volatile information has broken into Sony Corporation (NYSE:SNE) Playstation's online server. The group, this time called, Lizard Squad, broke into Sony Corporation (NYSE:SNE) Playstation's online store and took it offline. The hack comes barely after a week of the company's 20th century celebration of Playstation debut
Recursive DNS Resolvers Affected by Serious Vulnerability(SecurityWeek) Recursive Domain Name System (DNS) resolvers are plagued by a vulnerability that can be leveraged to cause them to crash due to resource exhaustion, the CERT Coordination Center at Carnegie Mellon University (CERT/CC) reported on Tuesday
Data Sent Between Smartwatch And Smartphone Might Not Be Secure(UberGizmo) A lot of smartwatches tend to sync with smartphones. This is required as notifications from the smartphone are sent to the smartwatch, and data collected from the smartwatch, such as biometrics and health data, are sent back to the smartphone where it is then recorded in your accompanying fitness app
Can Iran Turn Off Your Lights?(DefenseOne) Online security company Cylance released a report last week showing that an Iranian cyber-espionage operation "Operation Cleaver" had successfully breached U.S. and foreign military, infrastructure and transportation targets
Privacy Risks of Beacons(Infosec Institute) On October 6th 2014, buzzfeed.com published a report stating that Titan, a company controlling a number of New York City's phone booth advertising displays, installed tiny wireless devices called beacons in hundreds of phone booths. The beacons pinged out a Bluetooth signal that could be received by mobile phones on which certain apps are installed and activated. Such apps can identify the location of the mobile phones on the basis of the received Bluetooth signals and send targeted advertisements to the users of the phones
Tracking Moving Targets: Exploit Kits and CVEs(Recorded Future) One year ago a notorious programmer Paunch, who coded the Blackhole exploit kit, was arrested and charged for the distribution and sale of his wares. Blackhole was an epic Russian exploit kit, rented and used by thousands for their successful campaigns against a range of targets
Privileged Account Exploits Shift the Front Lines of Cyber Security(CyberArk) CyberArk's inaugural threat report provides an expert's vantage point into targeted cyber attacks by tapping into the experiences of seasoned threat investigators at five firms renowned for detecting, analyzing and remediating serious cyber security incidents
Microsoft Enables Removal of SSL 3.0 Fallback in IE(Threatpost) Yesterday's Internet Explorer security bulletin, in addition to patching 14 vulnerabilities, also affords Windows admins the ability to disable SSL 3.0 in IE 11 for Protected Mode sites. Doing so eliminates exposure to POODLE SSL attacks
How the Internet-Addicted World Can Survive on Poisoned Fruit(IEEE Spectrum) There is no "magic bullet" for cybersecurity to ensure that hackers never steal millions of credit card numbers or cripple part of a country's power grid. The conveniences of living in an interconnected world come with inherent risks. But cybersecurity experts do have ideas for how the world can "survive on a diet of poisoned fruit" and live with its dependence upon computer systems
Hacking Threatens Airline Safety: Aviation Chiefs(AFP via SecurityWeek) Cyber crime is a serious threat to safety in the skies, aviation industry heavyweights said Wednesday, vowing to fight the growing scourge before it causes a catastrophic incident
4 Worst Government Data Breaches Of 2014(InformationWeek) Government agency breaches pale in comparison to private sector companies' problems, but government did get hacked in 2014. Look at the four biggest incidents
Sansa Security Reveals 2015 IoT Predictions(Marketwired) Sansa Security, a leading provider of embedded security technologies, today revealed the company's Internet of Things (IoT) predictions for 2015, highlighting six of the top trends to watch out for next year
Costs of cyber attacks hit corporations and consumers(CCTV) Cyber attacks keep happening and the cost to businesses keeps rising. The latest data from the Ponemon Institute indicated cyber attacks cost U.S. businesses nearly double what they did four years ago, with the average cost of a security breach being $12.7 million. CCTV America's Mark Niu reported from California about some contributing factors as well as innovative efforts to minimize the damage
Hacktivism and the Spread of Western Cyber Issues among Key Trends Facing Financial Institutions in Middle East and North Africa(Zawya) If 2014 was the "year of the breach," then what future cybersecurity threats await us? What's the next mode of attack, and how much worse will it be? That's the question on the minds of financial services companies as they invest in cyber protection measures, manage growing customer concerns and try to predict what's next. The sustained growth of the Middle East financial services industry depends on that industry's ability to shore up its cyber defenses and build protection on all fronts against attack
DB Networks Closes $17 Million Funding Round(TopTechNews) DB Networks, an innovator of cyber Relevant Products/Services security Relevant Products/Services for core networks, today announced $17 million in new financing led by Grotech Ventures of Vienna, Virginia. The round also included funding from investors Khosla Ventures and Citi Ventures. DB Networks also announced that Joe Zell, general partner at Grotech Ventures, has joined its Board of Directors
Proofpoint Receives Consensus Recommendation of "Buy" from Brokerages (NASDAQ:PFPT)(WatchListNews) Proofpoint (NASDAQ:PFPT) has been given an average rating of "Buy" by the sixteen ratings firms that are covering the stock, Analyst Ratings News reports. One investment analyst has rated the stock with a hold recommendation and fourteen have issued a buy recommendation on the company. The average 12-month target price among brokers that have issued ratings on the stock in the last year is $46.15
Pinnacle makes Astute move to improve marketing(MicroScope) Having got the backing of shareholders to raise further funds to support a turnaround strategy Pinnacle Technology Group has followed that move up with the appointment of a demand generation specialist to help it gain further growth
CenturyLink Awarded New DHS EINSTEIN 3 Accelerated Task Order(MyArkLaMiss) CenturyLink, Inc. (NYSE: CTL) recently was awarded a task order from the U.S. Department of Homeland Security's Office of Cybersecurity and Communications to provide Intrusion Prevention Security Services, known as EINSTEIN 3 Accelerated (E³A) protections, to U.S. federal civilian agencies
Report: Android Security Apps Improving(PC Magazine) While there aren't nearly as many malicious applications aimed at Android devices as there are targeting Windows, that's no reason to be complacent. If one of those malware apps hits your phone, you've got trouble whether it's common or not. AV-Test Institute rated 31 Android security applications and found that for the most part they're even more effective than when last tested
South River Technologies Releases WebDrive for Mobile as a Free App(Marketwired) South River Technologies, Inc. (SRT), an innovator in secure file transfer, has announced the availability of version 3.0 of its WebDrive mobile app for iOS and Android. The WebDrive app can be downloaded for free for iPads and iPhones in the Apple App Store and for Android devices at the Google Play Store
10 strategies to protect patient information(Help Net Security) Data breaches, lawsuits, medical identity theft — all cringe-worthy realities — and the threats to patient data have never been greater. With cybercrime targeting healthcare, organizations are challenged to manage and protect sensitive patient data — protected health information (PHI)
DoD sets sights on standardized data output(FierceGovernmentIT) Defense Department Acting Chief Information Officer Terry Halvorsen is working with commanders, including U.S. Cyber Commander Adm. Michael Rogers, to set cyber technical and mission standards across the department. A core focus of the effort is standardizing the way data is output, said Halvorsen during a Dec. 5 press call
Federal data security bill heads to Obama's desk(The Hill) The first cyber-specific bill of the lame-duck session will head to President Obama's desk after the House on Wednesday night approved an update to federal information security laws
House clears intelligence authorization bill(The Hill) The House on Wednesday cleared the intelligence authorization for fiscal 2015 with little opposition a day after the release of a Senate report asserting that the CIA used torture on detainees and misled lawmakers
Why DC is Getting a $35M Cybersecurity Campus(In the Capital) Washington D.C. will get a $35 million cybersecurity center to help beat back digital attacks on civilians as part of the budget passed on Tuesday night by the House of Representatives. The center is being built at the request of the General Services Administration to bring together law enforcement and private companies to share information and tactics to fight cyberattacks
Microsoft: US would be outraged if another nation ransacked its servers(Naked Security) OK, Microsoft has said to the US government, so you want us to crack open our servers, even though they're on Irish soil. You've got a warrant, and you say it gives you the legal power to force us to dig out a users' email and hand it over, even though Irish and European data protection laws protect that content
MENA financial institutions in war against cyber crimes(Arabian Gazette) The outgoing Year 2014 presented a major threat of cyber crimes including hacktivism and spread of western cyber issues to the financial institutions operating in the Middle East and North Africa (MENA) region and future challenges keep haunting the bigwigs of the U.A.E. financial sector
Target found negligent in data breach(FierceRetailIT) It's been one year since Target's (NYSE:TGT) data breach disrupted the retailer's holiday season, and now a Minnesota District Court has found Target negligent, paving the way for lawsuits as banks and financial institutions potentially seek compensation
Game Changer: Court Rules that Target is Liable for Not Preventing Breach(Damballa: the Day Before Zero) Almost one year to the day after Target suffered a breach during peak 2013 holiday shopping, a Minnesota court just handed them a lump of coal. In a ruling announced on December 2, 2014, the court said that Target can be sued for failing to prevent their data breach. Their rationale was: Target can be viewed as negligent for failing to heed warnings from its FireEye prevention system and for disabling the inline blocking feature
In re: Target Corporation Customer Data Security Breach Litigation, (United States District Court: District of Minnesota) This matter is before the Court on Defendant Target Corporation's Motion to Dismiss the Consolidated Amended Class Action Complaint (Docket No. 163) in the Financial Institution Cases. For the reasons that follow, the Motion is granted in part and denied in part
Potential Security Concerns in Comcast Hotspot Class-Action(Threatpost) Cable and Internet service conglomerate Comcast is facing a class-action lawsuit stemming from its use of customer routers as personal home Wi-Fi networks as well as public-facing wireless hotspots available for other Comcast-Xfinity customers
ACSAC 30: Annual Computer Security Applications Conference(New Orleans, Louisiana, USA, December 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters,...
ICFPT 2014(Shanghai, China, December 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.