Researchers discuss the role Destover malware played in the Sony attack, noting that Destover shares some code with both Shamoon and Dark Seoul. The version used against Sony, Kaspersky reports, was compiled in July and signed on December 5. ESET notes the role certificates played in the attack, and Imperva describes Destover's potential backdoor functionality. Observers, hearing the FBI's sober assertion that the attack would have succeeded against a lot of US Federal organizations, reaffirm their resolve to respond to incidents with swift mitigation.
TIME claims Sony "didn't say anything" after an attack in 2013. Ars Technica reminds us that Iranian hackers used Visual Basic malware to wipe data at the Las Vegas Sands Corporation in retaliation for a casino bigwig's anti-Iranian statements.
Sudan may be seeing the early phases of a cyber-jihad.
Syrian hacktivists are reported to have hit another US bank's websites.
A number of old exploits resurface in new forms. They're frequently disseminated by phishing, which leads security experts to (again) urge enterprises to undertake user security awareness training.
Microsoft bangs into some problems with its December patches.
Google pulls engineers from Russia as Moscow tightens information controls. (Google's also feeling different pressures in the EU.)
We've recently seen litigation and regulatory trends shape emerging cyber security standards of care — insurance underwriters make their own contribution to this environment.
More M&A activity: Cisco will buy Neohapsis, and Vistronix finalizes acquisition of Objective Solutions Inc.
The US Department of Homeland Security issues small business cyber research pre-solicitations.
Today's issue includes events affecting Canada, European Union, France, Iran, Italy, Democratic Peoples Republic of Korea, New Zealand, Romania, Russia, Spain, Sudan, Syria, Turkey, United Kingdom, United States.
Cyber Attacks, Threats, and Vulnerabilities
3, 2, 1 Action: Sony's Apocalyptic Scene(Cyactive) The Sony cyber attack, that caused actual cyber damage by deleting data, used Destover, a variant of malware that carried out the exact same operation twice in the past two years
Sony Hackers Nabbed Digital Cert to Evade Malware Filters(Infosecurity Magazine) Security researchers have claimed that the destructive, information-stealing malware attack on Sony Pictures last month allowed hackers to grab a digital certificate from the company which could enable future attacks to evade malware filters
Sony Execs Debated Risk of 'The Interview'(Newsfactor) Months before a devastating computer attack on Sony Pictures Entertainment, studio executives debated the risk of releasing the upcoming comedy "The Interview" amid threats from North Korea that the movie was tantamount to an act of war
'Poodle' Bug Returns, Bites Big Bank Sites(KrebsOnSecurity) Many of the nation's top banks, investment firms and credit providers are vulnerable to a newly-discovered twist on a known security flaw that exposes Web site traffic to eavesdropping. The discovery has prompted renewed warnings from the U.S. Department of Homeland Security advising vulnerable Web site owners to address the flaw as quickly as possible
REVETON Ransomware Spreads with Old Tactics, New Infection Method(TrendLabs Security Intelligence Blog) Last week we wrote about a sudden hike in crypto-ransomware variants across the Europe, the Middle East and Africa (EMEA) region, specifically seen in Spain, France, Turkey, Italy, and the United Kingdom. In this blog post we will discuss another strain of ransomware known as REVETON, which was seen infecting systems in the United States with a new infection method: arriving as a .DLL versus the traditional .EXE
Info-Stealing File Infector Hits US, UK(TrendLabs Security Intelligence Blog) We noticed that there has been a spike in infections related to the malware URSNIF. The URSNIF family is known to steal information such as passwords. Spyware are always considered high risk, but these URSNIF variants can cause damage beyond info-stealing. These URSNIF variants are file-infectors — which is the cause of the noted spike
Phishers Target Yahoo Mail Users(Tom's Guide) Phishing attacks are usually easy to avoid, but as long as people keep falling for them, scammers will keep using them. A recent con targets Yahoo Mail users, but despite an ever-so-slightly convincing layout, avoiding it is not difficult, especially if you have Internet security software installed
Researcher: 'Lax' Crossdomain Policy Puts Yahoo Mail at Risk(Threatpost) Yahoo has made strides in battening down its security in the last 12 months, most publicly with its decision to enable end-to-end encryption for its email service, turn on SSL by default, and encrypt links between its data centers. There are still some darkened corners of its infrastructure, however, that merit attention
Cross-Signed Certificates Crashes Android(TrendLabs Security Intelligence Blog) We have discovered a vulnerability in Android that affects how cross-signed certificates are handled. No current Android release correctly handles these certificates, which are created when two certificates are signed with a looped certificate chain (certificate A signs certificate B; certificate B signs certificate A). We've already notified Google about this vulnerability, and there is no fix and no timeframe for a fix from them
Time's Up: Android-Based Smartwatches Hacked(Tom's Guide) Smartwatches and other wearable devices can manage tons of personal information, from texts and email messages to health and biometric data. But how safe is that information as it travels to and from the wearable?
CHARGE Anywhere Provides Notice of Payment Card Incident(CHARGE Anywhere) CHARGE Anywhere, LLC is a provider of electronic payment gateway solutions to merchants. Our solutions route payment transactions from merchants' point-of-sale systems to their payment processors. Maintaining the security of payment card data provided to us by our customers is an absolute priority. Unfortunately, criminals have become good at evading security measures to steal payment card data from retailers and their service providers. CHARGE Anywhere recently uncovered a sophisticated attack against its network. The attack has been completely shut down and fully investigated
FBI couldn't bypass iPhone 6 encryption, but this 7-yr-old did.(HackRead) Harrison Green, a witty 7-year-old boy, unlocked his father's iPhone 6 Plus easily adopting a very simplistic method of Touch ID. How he did it? He sneaked into his father's room while he was asleep and pressed his dad's finger on the cellphone's Touch ID Home button. There you have it, the mighty iPhone 6 Plus was unlocked in seconds merely
Security Patches, Mitigations, and Software Updates
The biggest challenges faced by CIOs/CISOs heading into 2015(CSO) As the year winds to a close, CIOs and CISOs are faced with a number of challenges heading into 2015. CSO recently heard from several experts about the topic, each offering their opinion on what they feel would be the most important item in the security sandbox next year
Why the board of directors will go off on security in 2015(CSO) Get ready for 2015, a year when some predict breaches will hit even harder and security executives will come under fire by confused company board members. But, as our "fly on the wall" reports from the year ahead, the answers to this dilemma may lie in retooling the CSO position - and adding a security-minded board member
2015 To See More Targeted Cyber Attacks(CXO) Targeted attacks are on the rise and they will continue to multiply in 2015, forewarns a Trend Micro report, which adds that enterprises should be on high alert in order to counter the threat
Study: Malicious social media attacks on the upswing(SC Magazine) Social media represents the next frontier of threats for IT security professionals and the companies they protect, according to a new study that details Fortune 100 companies and their social media channels
Cybersecurity in Healthcare: a Unique Challenge(Trend Micro: Simply Security) Well-established cybersecurity vendors like Trend Micro have long had something of a dual role in the industry. On the one hand, we work tirelessly around the clock and across the globe to keep businesses, governments and consumers safe from the latest security threats. But on the other, we're also working to educate those individuals and organizations better about the threat landscape — to make the world a safer place in which to exchange digital information
A Look Back At Information Security in 2014(CSO Online) With the major financial card breaches at global retailers, as well as a number of SSL/TLS vulnerabilities, it's possible you may have missed a few other under-reported security issues that provided valuable lessons to the general technology community in 2014
Retailers are "overconfident" about their security, majority have fundamental gaps(Naked Security) This just in, right in time for the holiday shopping daze: many UK retailers' heads are comfortably buried in the sand when it comes to their cyber security and data protection capabilities, thinking that in spite of not having basic protection and no contingency plans for data breaches, something — maybe magic? — will somehow protect them from malicious cyber attack
Turning worm(Economist) How cyber-warfare really started — and where it will lead
What Does Cloud Security Even Mean and Other Questions Answered(HackSurfer) A recent survey of CISOs by IBM found that nearly 90 percent of respondents had either already adopted or were currently planning cloud initiatives. Additionally, the cloud market as a whole is expected to grow by 126.5 percent this year, according to a CipherCloud report
Why BlackBerry and Microsoft Must Watch Apple's Deal With IBM Closely(The Street) Nearly 30 years after Steve Jobs facetiously welcomed IBM (IBM) to the PC market and unveiled Apple's (AAPL) iconic 1984 ad, the once-frosty relationship between the two companies has thawed and is beginning to bear fruit. As Apple enters the enterprise market with the announcement of 10 new apps, born from its July partnership with IBM, BlackBerry (BBRY) and Microsoft (MSFT) better be paying attention
New Boeing lab to focus on engineering, integration, visualization, cyber security, data analytics(Intelligent Aerospace) Boeing (NYSE:BA) is constructing a 7,000-square-foot addition to its research and technology center in Alabama. The new lab space, known as the Center for Applied Simulation and Analytics (CASA), will serve as a hub for Boeing, its research partners, and academic collaborators to create and develop simulation and analytics technologies, providing advanced simulation of Boeing products from concepts through operations
We present the 2014 Security 7 award winners(TechTarget) As the year comes to a close, we are excited to present one of our favorite issues, the annual Security 7 award winners. For the past decade, we have asked the information security community to nominate peers who are at the top of their profession for recognition in one of seven enterprise markets. The winners this year carry on that tradition, leading the charge in areas such as healthcare information sharing, secure software development, community building, and cybersecurity education
Products, Services, and Solutions
Cisco Releases Alpha Version of Snort 3.0(SecurityWeek) The popular open source intrusion prevention system (IPS) Snort has been completely rewritten and fitted with several new features, Cisco announced on Thursday
Hexis Cyber Solutions Announces Strategic Distribution Alliance with Promark in the U.S.(TWST) Hexis Cyber Solutions (Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (Nasdaq:KEYW), and a provider of advanced cybersecurity solutions for commercial companies and government agencies, today announced a distribution agreement with Promark, an Ingram Micro (NYSE:IM) company and premier value-added distributor of data storage and electronic document imaging products and solutions. As a U.S. distribution partner, Promark will market and sell Hexis' NetBeat product line to channel partners that help organizations in need of continuous monitoring, analysis and control capabilities for their network
Netskope chosen as Box Trust partner(Financial News) Netskope said it has announced its participation in the new Box Trust ecosystem,a comprehensive security initiative that provides Box customers with a unified network of partners and solutions that help ensure security, visibility and accessibility for critical business content
Why now is the time for enterprises to implement context-based authentication(Help Net Security) Security and efficiency are constant concerns in enterprise IT. The popularity of BYOD has been a boon for improved productivity and collaboration, but it has also created a new set of challenges, increasing the potential for fraudulent logins from the personal devices that are being used to access critical and non-critical applications
Standards: The superglue for security systems(Security InfoWatch) If you think about it, without standards to govern the products and services we manufacturer and buy, whole industries would collapse. Cars wouldn't run. Buildings would crumble. Service people would be at a loss as to how to fix things or even get the correct replacement parts
Cloud security: Do you know where your data is?(Help Net Security) The rapid move towards virtualization and cloud infrastructure is delivering vast benefits for many organizations. In fact, Gartner has estimated that by 2016, 80% of server workloads will be virtualized. The reasons are clear: better availability, improved cost-efficiency from hardware investments, and better SLAs
CID: Be alert and aware on social media(Army Times) Army Criminal Investigation Command is calling on all soldiers and their loved ones to scrub their social media accounts in light of recent world events
Can you spot the phishing scams and stay safe online?(CSO) For many people, the holidays means a dramatic spike in email traffic. There is more communication between family and friends, more solicitations from retailers pitching holiday bargains, and more online shopping confirmations and shipping notifications. It's also a time of year when cybercriminals try to take advantage of the overwhelming volume of email communications to catch unwitting victims off guard with phishing scams. Hopefully you would be able to spot a fake malicious email and avoid getting compromised, but don't be too sure
Research and Development
Analyzing Ponemon Cost of Data Breach(Data Driven Security) I was recently presenting on the use of statistics for risk analysis at the SIRACon conference held in Minneapolos (Oct. 9th and 10th, 2014). I was explaining how models and algorithms work at a high level: given one or more observations and the outcomes, we build models or algorithms to learn how the observations can help predict the outcome. As examples I used things like CVSS, the Binary Risk Assessment and the Ponemon cost of data breach (CODB) report. All of them use observables that feed into some type of model for the purpose of predicting an outcome (or providing a score). In the case of Ponemon, I simplified the model down to having an observable of # of records, the model is to multiply that by a fixed number and the output (prediction) is the impact of a breach
Pre-solicitation Topics Announced for Nine Homeland Security Challenges(Department of Homeland Security Science and Technology Directorate) The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) announced the release of the Small Business Innovation Research (SBIR) Program FY15.1 Pre-Solicitation. The Pre-Solicitation, HSHQDC-15-R-00017, contains topic descriptions from both S&T and the Domestic Nuclear Detection Office (DNDO) for which Phase I proposals are sought. These include seven topics from S&T and two topics from DNDO
Tim Rudolph: Air Force aims for zero data centers through purchase of IaaS(C4ISR & Networks) n a recent Q&A session, Rudolph offered candid comments on the direction of IT infrastructure acquisition, where he articulated the Air Force's goal of operating zero data centers and a shift to purchasing IT infrastructure as a service (IaaS), as well as other capabilities as a service
Cyber Command trying to get running start, add staff(Stars and Stripes) The fledgling U.S. Cyber Command is trying to hit the ground running, aware that it's playing catchup with often archaic equipment, dealing with constantly evolving threats and trying to justify its existence amid budget cuts and force reductions
Army's new Cyber branch looking to recruit talent(Defense Systems) As the military continues to trim down following the drawdown in Iraq and Afghanistan, the one growth area is in cyber defense. All of the military services' cyber divisions, along with the overarching U.S. Cyber Command, plan to steadily increase their number of cyber warriors over the next two years, to help protect networks and combat the growing threats from other countries
Navy sets a three-prong plan for information dominance(Defense Systems) The Navy has laid out its long-range plans for effective operations in cyberspace with three documents that address different areas of what the military calls information dominance, from treating information as a weapon to building a capable corps of cyber warriors
Litigation, Investigation, and Law Enforcement
Lawsky investigates Barclays and Deutsche Bank algorithms in FX scandal(FierceFinanceIT) Dozens of traders have been let go as probes into manipulation of the FX benchmarks have unfolded, but a New York financial regulator may be looking beyond the traders and investigating FX algorithms. New York Department of Financial Services superintendent Benjamin Lawsky is reportedly investigating whether Barclays and Deutsche Bank used algorithms to manipulate currency benchmarks
Silk Road Judge: I Won't Reveal Witnesses Because Ulbricht Could Have Them Killed(Wired) When alleged Silk Road mastermind Ross Ulbricht's trial begins in less than a month, he'll face charges of narcotics conspiracy, money laundering, and computer fraud — not murder. But the specter of violence is creeping into Ulbricht's trial nonetheless. The prosecution and judge in his case have now refused to let him know which witnesses will be testifying against him for fear that he might orchestrate their killing from his jail cell
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Data Privacy Day San Diego — The Future of IoT and Privacy(San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...
ACSAC 30: Annual Computer Security Applications Conference(New Orleans, Louisiana, USA, December 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters,...
ICFPT 2014(Shanghai, China, December 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices...
Cybersecurity World Conference(New York, New York, USA, January 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting...
FloCon 2015(Portland, Oregon, USA, January 12 - 15, 2015) FloCon is an open network security conference organized by Carnegie Mellon University
FIC 2015(Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.