Sony continues to recover from its encounter with the "Guardians of Peace." As it restores network services, the company reaches out to employees whose personal information may have been compromised in the breach. Production of a Bond movie is reportedly disrupted, and, in an interesting legal development, Sony dispatches Boies, David Boies, to wage lawfare against those (for the most part journalists) the company alleges are making illegal use of stolen information. Observers think the company, which has extensive cyber insurance, may not have enough to cover the costs the attack is exacting.
An AP story on one man's experience with identity theft (in his case fallout from the Target breach) suggests the difficulty of assessing the real extent of damage done in a cyber attack.
Ransomware surges, with new distribution methods and more advanced infection mechanisms.
Check Point outlines a troubling new attack technique against Android phones: "man-in-the-Binder."
Several insights into the criminal market appear today. Cyber criminals are building (and trading in) increasingly plausible fake identities. They're also showing a renewed interest in attacking point-of-sale vendors (coincidentally, a vulnerability is discovered in Honeywell point-of-sale software). Holiday spam uses spoofed big-box retailers as phishbait. And Dell SecureWorks publishes an overview of the blackmarket, which includes price lists — stolen identities are up — and plenty of guarantees of satisfaction-or-your-money-back.
In the US, observers see two policy trends: Congress is sending essentially status-quo cyber bills to the President, and, in the absence of legislation, regulatory agencies increasingly rely on coaxed voluntary compliance.
Today's issue includes events affecting Argentina, Brazil, Canada, Czech Republic, European Union, India, Ireland, Israel, Republic of Korea, Mexico, Netherlands, New Zealand, Russia, Sweden, United States.
Cyber Attacks, Threats, and Vulnerabilities
Cyber Attack Notification And AllClear ID Services(MarketWatch) As is being widely reported in the press, Sony Pictures Entertainment (SPE) experienced a significant system disruption on Monday, November 24, 2014. SPE has determined that the cause of the disruption was a brazen cyber attack. After identifying the disruption, SPE took prompt action to contain the cyber attack, engaged recognized security consultants and contacted law enforcement
Stolen identities cost more than money(AP via Longview News-Journal) As soon as Mark Kim found out his personal information was compromised in a data breach at Target last year, the 36-year-old tech worker signed up for the retailer's free credit monitoring offer so he would be notified if someone used his identity to commit fraud
New Crypto-Ransomware Uses Next-Gen Encryption(Tom's Guide) A doozy of a new malware campaign uses powerful next-generation encryption to lock up your personal files, then demands you pay a ransom in Bitcoin to get the decryption key. The campaign spreads via malvertising, or malicious Web ads that can infect your PC when you click on them, or even just let them load onto your Web browser
Man in the Binder: He Who Controls the IPC Controls the Droid(Check Point) At Black Hat Europe, Check Point researchers Nitay Artenstein and Idan Revivo presented their new research on what may become the new frontier of mobile malware attacks, "Man in the Binder: He Who Controls the IPC, Controls the Droid." Nitay and Idan's research of Android's unique operating system (OS) architecture showed the potential capture of data and information being stored and communicated on Android devices through the Binder, the message passing mechanism in Inter-process Communication (IPC)
Hackers Increasingly Spoof Authentic Identities(CIO Insight) Cyber-attacks will continue to grow as hackers collect, compile and share identity information to build profiles that are increasingly indistinguishable from authentic identities, a new report says. Using cloaking technologies, such as proxies and spoofed locations, these cyber-criminals mask their identities and whereabouts. The report is the first to analyze how frequently stolen and compromised identities are used to create cyber-crimes. It emphasizes attack trends particular to e-commerce, and forecasts more high-profile data breaches during this $600-billion holiday shopping season
Customized Support Scam Supported by Typo Squatting(Internet Storm Center) This attack got it "all", and shows how hard it can be for a non ISC reader to evade some of these tech support scams. The URL used, login.microsoftlonine[dot]com is only one letter off from the legit Microsoft Office 365 login page (you noticed the extra letter?)
Attackers Turn Focus To PoS Vendors(Dark Reading) The recently reported attack on Charge Anywhere puts the payment solutions provider on a list of PoS vendors attacked this year
The Importance of POS Threat Analysis for the Retail Sector(Infosec Institute) The rising intensity of POS threats has created a precarious environment for retailers looking to protect their customers' financial and personal data. POS systems are increasingly becoming a soft target for hackers, which is why it's more important than ever to consider the security of these machines and the information they store
Banking Trojan Targets South Korean Banks; Uses Pinterest as C&C Channel(TrendLabs Security Intelligence Blog) We recently found a new banking Trojan which targeted several banks in South Korea. This isn't the first, though: in June last year, we saw that several online banking threats widened their range and targeted South Korean banks using various techniques
Malwarebytes Flaw Found in Upgrade Mechanisms(Infosecurity Magazine) Users of the consumer version of the Malwarebytes Anti-Malware and Anti-Exploit should upgrade to the latest version of the security software as soon as possible: A vulnerability that affects both could allow nefarious types to hijack the upgrade mechanisms for the packages, and push their own updates to accomplish malware installation
Ars Technica is the latest site to fall victim to hack(Verge) There has been a lot of hacking news in the past few weeks, and now noted technology news site Ars Technica has fallen victim to a hack. The site's front page has gone black, with white text reading "Ars Security" alongside a couple of Twitter handles, presumably of those who have taken control of the site. There's also some music playing to keep you occupied while waiting for the site to come back online
Two newcomers in the exploit kit market(Help Net Security) Exploit kits are a great means to an end for malware distributors, who either buy them or rent them in order to widely disseminate their malicious wares. It's no wonder then that unscrupulous developers are always trying to enter the market currently cornered by Angler, Nuclear, FlashEK, Fiesta, SweetOrange, and others popular exploit kits
Security Patches, Mitigations, and Software Updates
Google Proposes Marking 'HTTP' as Insecure in 2015(Threatpost) The Chromium security team is devising a plan to explicitly and actively inform users that 'HTTP' connections provide no data security protections. Google's grand vision is that some day, HTTPS will become so widespread and commonplace that secure connections can be unmarked in the way that HTTP connections are currently
Nation states expected to ratchet up cyber war in 2015(MicroScope) If you had to make one prediction about the security market it would be that next year will see the threat level increasing and as a result resellers and customers will have to keep an eye on developments
Debunking the Biggest Cyber Security Myths for Businesses(Tripwire: the State of Security) A glimpse at the world of cyber security can be a frightening one. Stories revolving around security breaches hitting major companies, like Target and Home Depot, can fill any business executive with trepidation
All malware defeats 90% of defenses(Errata Security) When the FBI speaks, you can tell they don't know anything about hacking. An example of this quote by Joseph Demarest, the assistant director of the FBI's cyberdivision
1 in 5 employees going rogue with corporate data(Help Net Security) Companies around the world have reason to be worried about the use of cloud applications to share mission-critical information. In fact, 1 in 5 employees has uploaded proprietary corporate data to a cloud application, such as Dropbox or Google Docs, with the specific intent of sharing it outside of the company
How have attitudes to privacy changed post-Snowden?(Naked Security) A recent survey has found that 60% of people have heard of Edward Snowden and his revelations about the degree of surveillance conducted by the US National Security Agency (NSA) and other countries' intelligence agencies, and 39% of them have taken steps to protect their privacy as a result
Web Application Firewall revenue to reach $777.3 million in 2018(Help Net Security) The global Web application firewall (WAF) market was once primarily driven by regulatory requirements to protect Web applications and the sensitive customer data they collect. High-profile data breaches are driving organizations to now also proactively evaluate WAF solutions as a means to minimize business risk from unprotected Web applications
Companies invested millions in privacy in 2014(Help Net Security) As the number of data breaches in the U.S. reached 708 in 2014, new research shows that companies are investing millions in privacy and multiple business units are now involved in addressing growing consumer concerns and compliance risks
Gemalto close to completing SafeNet acquisition — CEO(Telecompaper) French smartcard and security group Gemalto is close to completing its USD 890 million acquisition of US data protection specialist SafeNet, with the only authorisation pending being that of the Committee on Foreign Investment in the US, Gemalto CEO Olivier Piou told La Tribune
Security Appliance Market Continues on a Growth Trajectory in the Third Quarter, According to IDC(BusinessWire) According to the International Data Corporation (IDC) Worldwide Quarterly Security Appliance Tracker, both factory revenue and unit shipments continued to grow in the third quarter of 2014 (3Q14). Worldwide vendor revenue grew 10.0% year over year to nearly $2.4 billion for the 20th consecutive quarter of positive growth. Shipments improved 7.3% year over year to 520,752 units, making this the fourth consecutive quarter of growth. The market is largely being driven by Unified Threat Management (UTM) solutions, a unified cyber security product with many features and capable of performing multiple security functions within a single appliance
Local Governments Across the U.S. Turn to FireEye to Strengthen Cyber Defense(MarketWatch) FireEye, Inc. FEYE, -1.44% the leader in stopping today's advanced cyber attacks, today announced that the city of New Orleans and the office of the CTO for the District of Columbia join a growing number of local government institutions that turn to FireEye to update their security infrastructure and protect sensitive data. The city of Miramar, Florida, and the office of enterprise technology for the county of Maricopa, Arizona are among other local government customers that have recently selected FireEye to strengthen their cyber defenses
The FBI Used the Web's Favorite Hacking Tool to Unmask Tor Users(Wired) For more than a decade, a powerful app called Metasploit has been the most important tool in the hacking world: An open-source Swiss Army knife of hacks that puts the latest exploits in the hands of anyone who's interested, from random criminals to the thousands of security professionals who rely on the app to scour client networks for holes
Streamlining the Digital Forensic Workflow: Part 3(Digital Forensic Investigator News) Consider this scenario: Law enforcement is made aware that an individual is planning to shoot several people at a popular local nightclub. A tip leads investigators to the probability that the suspect used one or more computers over a period of time at the city's central library to post information about his intent on social media sites
The problem with security shortcuts(Help Net Security) A combination of irresponsible user behavior and weaknesses in the protection of networks could create more risks for data breaches during the holiday period than at any other time, according to BalaBit
What do cloud vendors want, part 2?(Canadian Lawyer) Last month, I wrote about part of my recent conversation with in-house counsel from several major public Canadian and U.S. cloud vendors in connection to the Canadian IT Law Association's Annual Meeting in October. Here are some more thoughts from them on the big issues surrounding cloud computing
Air traffic control computer woes are a backup reminder(MicroScope) The problems experienced in UK airports last week as a result of a computer failure at National Air Traffic Services (Nats) has handed the channel the opportunity to talk to customers about the need for backup plans should the worst happen
Fraud-proof credit cards possible with quantum physics(Science Daily) Credit card fraud and identify theft are serious problems for consumers and industries. Though corporations and individuals work to improve safeguards, it has become increasingly difficult to protect financial data and personal information from criminal activity. Fortunately, new insights into quantum physics may soon offer a solution
Monster Government Solutions and U.S. Cyber Challenge Announce Collaboration in Cybersecurity Community Portal(US Cyber Challenge) Today at the Department of Homeland Security, Science and Technology Directorate (DHS S&T) 2014 Cyber Security Division R&D Showcase in Washington, DC, National Director of U.S. Cyber Challenge, Karen S. Evans, will announce the program's collaboration with Monster Government Solutions as the organizations develop CyberCompEx, a social network portal for students, professionals, employers, and other individuals involved or interested in the cybersecurity community
Enough about STEM already — they're just kids(Quartz) There's been a lot of growing excitement the past few years about modern and innovative ways to prepare children for careers, technology, and social paradigms of the future. I would just like to pause for a minute and remind everyone (including myself): High school kids have never been too excited about the adult world, and that hasn't changed. Don't get me wrong: I want wi-fi at my school, I like that LAUSD (Los Angeles Unified School District) earmarked $1.3 billion for iPads, and I want to teach skills that are relevant for the 21st century economy. But in our dizzy excitement to provide opportunities for our future employees, let's not blind ourselves to the fact that regardless of how many presents we buy them, high school kids just aren't that into us, our jobs, or our LinkedIn accounts
Legislation, Policy, and Regulation
Russia's War on Information(War on the Rocks) Russian President Vladimir Putin has nearly completed his purge of independent news media in Russia. "This is not just a war of information," says one keen analyst at Radio Free Europe/Radio Liberty. "It is a war on information"
US Congress OKs 'unprecedented' codification of warrantless surveillance(Naked Security) Congress last week quietly passed a bill to reauthorize funding for intelligence agencies, over objections that it gives the government "virtually unlimited access to the communications of every American", without warrant, and allows for indefinite storage of some intercepted material, including anything that's "enciphered"
Cyber breakthrough eludes lawmakers(The Hill) Lawmakers are punting on a cyber sharing bill, leaving the controversial issue to the new Congress even as experts warn that the nation's critical infrastructure remains exposed to attacks
FOIA reform is dead for now(FierceGovernmentIT) Freedom of Information Act reform is dead for this Congressional session. As House Speaker John Boehner (R-Ohio) closed the last meeting of the 113th Congress, the FOIA bill was nowhere to be found despite pleas from both sides of the aisle
Wilson to head House Intelligence Subcommittee(BioPrepWatch) U.S. Rep. Mac Thornberry (R-Texas) named Rep. Joe Wilson (R-S.C.) on Thursday to head the Subcommittee on Intelligence, Emerging Threats and Capabilities, under the House Armed Services Committee, in the next legislative session
Boies Schiller Confronts Media on Sony Data Breach(American Lawyer) Sony Pictures Entertainment has hired Boies, Schiller & Flexner to clamp down on media companies that have republished confidential — and at times embarrassing — information leaked about the company through a hacker. But its efforts may be in vain
In Damage Control, Sony Targets Reporters(KrebsOnSecurity) Over the weekend I received a nice holiday letter from lawyers representing Sony Pictures Entertainment, demanding that I cease publishing detailed stories about the company's recent hacking and delete any company data collected in the process of reporting on the breach. While I have not been the most prolific writer about this incident to date, rest assured such threats will not deter this reporter from covering important news and facts related to the breach
Can Sony sue media outlets who publish the stolen Sony documents?(Washington Post) David Boies, representing Sony, has written a letter to various media outlets, demanding that they not publish or otherwise use the stolen Sony documents, and threatening lawsuits if the information in the documents is indeed "used or disseminated by [the receipients] in any manner." Does Sony have a legal leg to stand on?
The Sony Hack and the Yellow Press(New York Times) "Jolie a 'Spoiled Brat' From 'Crazyland,'" says The New York Post. "Shocking New Reveals From Sony Hack," says The Daily Beast. "Sony's Hacked Emails Highlight Hollywood's Problems With Diversity," says The Huffington Post. "You're Giving Material Aid to Criminals," say the rest of us
Why It's Right To Report On The Sony Hack(TechCrunch) "No one's private life can totally withstand public scrutiny," reads an NYT op-ed penned by screenwriter and playwright Aaron Sorkin, angrily blasting the media for reporting the private details revealed through the recent hack of Sony Pictures Entertainment, in what's shaping up to be one of the largest corporate data breaches to date. "…Every news outlet that did the bidding of the [hacking group] Guardians of Peace is morally treasonous and spectacularly dishonorable," he adds
Hack the National Security Agency, not Sony(San Francisco Chronicle) The intelligence was obtained illegally. The hackers presented a threat to workers and their families. Foreign operatives likely were behind the document theft. Any news organizations that report this ill-gotten information are, if not un-American, surely "morally treasonous and spectacularly dishonorable"
Legality of Jailbreaking Mobile Phones(Infosec Institute) The term "jailbreaking" refers to circumventing security measures of a mobile operating system with the aim to install unauthorized software. The term originates from the very first hacks on iPhones. The purpose of these hacks was to break the jailed environment of iPhones, which imposed restrictions on what resources were accessible
Google Says Death Threats Don't Trump Copyright, YouTube(Bloomberg) An actress who says she got death threats over a performance used in an anti-Islam YouTube clip has made enemies of Google Inc. (GOOG) and Hollywood, which say her bid to erase it from the Internet is making "Swiss cheese" of U.S. copyright law
Taking video of people harassing your family can get you busted in the EU for privacy violations(Quartz) If you're a resident of the European Union and you're planning to add a few smart home cameras to your cozy nest, or perhaps buy a video-ready drone, you might want to hold off. The Court of Justice for the European Union (CJEU) sent down a ruling this past week regarding filming public spaces with private home monitoring cameras for which legal experts say may impact a much wider set of technologies in the emerging Internet of Things (IoT)
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
NSA SIGINT Development Conference 2015(Fort Meade, Maryland, USA, June 2 - 3, 2015) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and...
NSA Mobile Technologies Forum (MTF) 2015(Fort Meade, Maryland, USA, June 8 - 12, 2015) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia,...
NSA Information Assurance Symposium (IAS) 2015(Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred...
5th Annual Cyber Security Training & Technology Forum (CSTTF)(Colorado Springs, Colorado, USA, August 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring...
Cybersecurity World Conference(New York, New York, USA, January 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting...
FloCon 2015(Portland, Oregon, USA, January 12 - 15, 2015) FloCon is an open network security conference organized by Carnegie Mellon University
FIC 2015(Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...
Data Privacy Day San Diego — The Future of IoT and Privacy(San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.