The Sony hack still dominates the news, and is likely to do so for some time (barring some comparably hysteria-inducing event). Official FBI attribution of the attack to North Korea just came out: the President may address the matter early this afternoon. (Heed the attribution, but also heed prudently skeptical voices from the security world. Cyber attribution is said to be notoriously difficult.) The soi-disant Guardians of Peace, generally regarded as a DPRK front, tell Sony they're pleased "The Interview" won't be released and promise not to leak any more embarrassing data. The Guardians even go so far as to say they'd be happy to watch the movie themselves as long as Kim Jong-un's death scene is edited out.
Other companies in other sectors have their guard up, since the Sony hack revealed both attacker capabilities and potential for economic damage. Some fear copycat attacks, others fear caving to demands will embolden fresh attackers, still others see this as the opening round in a new wave of state cyber offensives (power grid vulnerabilities are prominently mentioned in dispatches).
Assuming attribution to North Korea holds up, observers wonder what the US response will be. There's much talk of cyber war, but why this hack should constitute a casus belli (when other, lethal, kinetic attacks have not) puzzles some.
Elsewhere in the world an ISIS malware campaign fizzles, but it augurs a troubling interest in using cyber tools in actual kinetic combat support as well as a nascent capability for doing so.
Today's issue includes events affecting Australia, Bolivia, Canada, China, Denmark, Estonia, Finland, Germany, India, Iraq, Japan, Democratic Peoples Republic of Korea, Norway, Russia, Sweden, Syria, Turkey, United Arab Emirates, United Kingdom, United States.
Cyber Attacks, Threats, and Vulnerabilities
Update on Sony Investigation (FBI National Press Office) Today, the FBI would like to provide an update on the status of our investigation into the cyber attack targeting Sony Pictures Entertainment
Sony's 'The Interview' Capitulation May Prevent Further Leaks, Imply New Hacker Emails(TechCrunch) Sony Pictures might be spared further embarrassment resulting from future data dumps, according to emails received by Sony executives today. CNN reports that Sony execs got a new email that matches the pattern, language and email list of previous threats and demands, but this one apparently praises Sony for its "very wise" choice in cancelling the release of The Interview
Sony hacking fallout puts all companies on alert(AP via the Idaho Statesman) Companies across the globe are on high alert to tighten up network security to avoid being the next company brought to its knees by hackers like those that executed the dramatic cyberattack against Sony Pictures Entertainment
The Sony Hack — A Lesson in Cyber Terrorism(Tripwire: the State of Security) This week, Sony Pictures has announced that it will not release "The Interview," a film whose controversial subject matter is alleged to be one of the motivating factors behind a recent cyber attack against the company
U.S. Struggles for Response to Sony Hack(Wall Street Journal) The U.S. government is looking for ways to retaliate for North Korea's apparent hacking of Sony Pictures but is struggling for an appropriate solution, according to people familiar with the discussions
Digital dilemma: How will US respond to Sony hack?(AP via WRAL) The detective work blaming North Korea for the Sony hacker break-in appears so far to be largely circumstantial, The Associated Press has learned. The dramatic conclusion of a Korean role is based on subtle clues in the hacking tools left behind and the involvement of at least one computer in Bolivia previously traced to other attacks blamed on the North Koreans
Sony hack leaves U.S. in quandary on how to deal with North Korea(Los Angeles Times) With U.S. intelligence analysts quietly pointing to North Korea as having a hand in the destructive hack of Sony Pictures Entertainment computers, Obama administration officials scrambled Thursday to consider what, if anything, they should do in response
These Are The Groups Behind North Korea's Cyber Capabilities(Center for Strategic and International Studies via Business Insider) Sony Pictures Entertainment (SPE) recently announced the cancellation of the upcoming release of "The Interview." US government officials also informally acknowledged that North Korea played a central role in the cyber attacks against Sony
Watch out world: North Korea deep into cyber warfare, defector says(CNN) North Korea is one of the world's poorest countries, seen as well behind most everyone when it comes to most technologies and much more. Hacking may not be one of them. Scant resources or not, a defector who once worked as a computer expert for the North Korean government says that it has a vast network of hackers devoted to cyberwarfare against perceived enemies of the Stalinist state
goodbye horses(Daily Dave via Seclists) The year is almost over, and I feel like wasting my yearly DailyDave quota on a rant about this, and I hate the use the term non-ironically, NK "Cyber War" malarkey. Note I don't have time to be cohesive so this is mind vomit at best
Destover Attack on PCs by Using Stolen Security Certificates from Sony(Spamfighter News) Kaspersky Labs has found that the huge breach carried out against Sony Pictures Entertainment has led to a seemingly side effect wherein the 'Destover' malicious program is currently wreaking havoc by utilizing one embezzled digital certificate that belonged to SPE for probably hacking PC-systems
Etisalat websites hit by cyber attacks(The National) Etisalat websites appeared to have fallen victim to cyber attacks on Thursday morning, leading to questions about whether user information had been compromised
CoolReaper Revealed: A Backdoor in Coolpad Android Devices(Palo Alto Networks) Coolpad is the sixth largest manufacturer of smartphones in the world, and the third largest in China. We recently discovered that the software installed on many of Coolpad's high-end Android phones includes a backdoor which was installed and operated by Coolpad itself. Today we released a new report detailing the backdoor, which we've named "CoolReaper"
How Cybercriminals Dodge Email Authentication(TrendLabs Security Intelligence Blog) Email authentication and validation is one method that is used to help bring down the levels of spam and phishing by identifying senders so that malicious emails can be identified and discarded. Two frameworks are in common usage today; these are SPF and DKIM
USBDriveby Device Can Install Backdoor, Override DNS Settings in Seconds(Threatpost) Samy Kamkar has a special talent for turning seemingly innocuous things into rather terrifying attack tools. First it was an inexpensive drone that Kamkar turned into a flying hacking platform with his Skyjack research, and now it's a $20 USB microcontroller that Kamkar has loaded with code that can install a backdoor on a target machine in a few seconds and hand control of it to the attacker
Wie Merkels Handy abgehört werden konnte(Die Zeit) Berliner Sicherheitsforscher haben die Verschlüsselung in UMTS-Netzen ausgehebelt. Möglicherweise hat die NSA auf diesem Weg einst das Zweithandy der Kanzlerin überwacht
Fast Flux Networks Working and Detection, Part 1(Infosec Institute) In this series of articles, we will learn about a not-so-new type of attack, but one of the most difficult attacks to control. Yes, we will lean about the demon Fast Flux!! In this article, we will learn about what exactly Fast Flux is, types of Fast Flux, and how Fast Flux works. In the next article of this series, we will learn about why it is difficult to detect Fast Flux in the environment, and then finally the recommended ways to detect Fast Flux
3 Low-Tech Threats That Lead to High-Profile Breaches(CSO via CIO) In an age where data security defenses are getting more and more sophisticated, there will be increased pressure for malicious parties to glean information from within the organization's walls or public places
Cyber Attacks on U.S. Companies in 2014(Brian Pennington) The spate of recent data breaches at big-name companies such as JPMorgan Chase, Home Depot, and Target raises questions about the effectiveness of the private sector's information security
Private cloud tops Intel survey(ZDNet) An Intel survey has shown a marked preference for private clouds, with a virtualised datacentre a prerequisite for operating in the cloud
Cybersecurity 2014: The battle for mindshare(FedScoop) To be a cybersecurity reporter in 2014 was a lot like playing Bill Murray's character in the movie Groundhog Day — trapped in time, covering the same, predictable news over and over again
Die Lage der IT-Sicherheit in Deutschland 2014(Bundesamt für Sicherheit in der Informatsionstechnik) Der Lagebericht zur IT-Sicherheit 2014 informiert über die Qualität und Quantität der Gefährdungen sowie über die sich daraus ergebenden Risiken für die Informationstechnik (IT) in Deutschland
Security stocks outperform after Sony cancels movie release(Seeking Alpha) FireEye (FEYE +4.9%), recently hired by Sony to probe its massive hacking incident, is rallying strongly on an up day for equities after Sony cancelled The Interview's release in response to the hack and subsequent threats on movie theater chains.Other security tech names are also outperforming: PANW +3.2%. KEYW +3.9%. FTNT +2.6%. PFPT +3.2%. Imperva (IMPV +2.6%) is adding to the Tuesday gains it saw following a Deutsche upgrade
Sony hack presents opportunity for San Antonio cyber expertise(San Antonio Business Journal) The hack of Sony Pictures Entertainment, which is being described as one of the worst cyberattacks ever against an American company, is shining a fresh spotlight on the need for the kind of cyber security expertise that San Antonio has to offer
Cloud security the bright spot in network security market growth(Network World Asia via SecurityAsia) Although the total network security market is growing at an annualized rate of just 3%, the data center security part of the market is growing by over 10% and the cloud security part is growing by over 20%, according to new Q3 data from Synergy Research Group
Security appliances continue growth trajectory(IT-Online) According to the International Data Corporation (IDC) Worldwide Quarterly Security Appliance Tracker, both factory revenue and unit shipments continued to grow in the third quarter of 2014 (3Q14). Worldwide vendor revenue grew 10% year over year to nearly $2,4-billion for the 20th consecutive quarter of positive growth
Webinar Recap: Making the Business Case for Threat Intelligence(Cyveillance Blog) The growth of risks and sources for those risks is making effective threat intelligence increasingly vital. Unlike other industries, old threat vectors never really disappear, so it's critical for organizations to monitor both beyond and within the perimeter
Summit Research Starts CyberArk Software (CYBR) at Sell(Street Insider) Summit Research initiates coverage on CyberArk Software (NASDAQ: CYBR) with a Sell rating and a price target of $30.00… "While we believe CyberArk has an early lead and first mover advantage in securing privileged accounts (root or system or application administrator accounts) and expect the company to grow north of 20% for next few 3-5 years, we initiate with sell due to valuation"
Imperva Upgraded On Booming Cybersecurity Demand(Investor's Business Daily) Imperva (NYSE:IMPV) received an upgrade and price target increase on Wednesday as analysts approved new management's shift to a recurring revenue model and saw strong demand for its data security products
Bitdefender releases free CryptoWall Immunizer(PC and Tech Authority) Bitdefender Labs has announced the availability of Bitdefender CryptoWall Immunizer, a free Windows tool which offers some protection against versions 1 and 2 of the file-encrypting malware
ElcomSoft Responds to Apple Security Measures, Adds Support for Two-Factor Authentication and iOS 8.1(PRNewswire) ElcomSoft Co. Ltd. releases a major update to Elcomsoft Phone Breaker (formerly Elcomsoft Phone Password Breaker), a mobile forensic tool for acquiring data from Apple and BlackBerry devices, Apple iCloud and Windows Live! accounts. The new release adds acquisition support for iOS 8.1, enables full acquisition of cloud data, and enables full support for two-factor authentication schemes. In addition, the new release enables the extraction of iCloud authentication tokens from stand-alone hard drives and disk images in addition to live system analysis
Cisco Cognitive Threat Analytics on Cisco Cloud(Cisco) Cisco Cognitive Threat Analytics is a cloud-based solution that reduces time to discovery of threats operating inside the network. It addresses gaps in perimeter-based defenses by identifying the symptoms of a malware infection or data breach using behavioral analysis and anomaly detection
Time to Rethink Patching Strategies(Dark Reading) In 2014, the National Vulnerability Database is expected to log a record-breaking 8,000 vulnerabilities. That's 8,000 reasons to improve software quality at the outset
BYOD: Keeping Everyone Happy(ITProPortal) There are ways in which the roll out of BYOD initiatives can be successful and the key is in the way they are managed. With the proliferation of mobile devices and IT consumerisation, more employees will expect to work in companies that have a BYOD or CYOD (choose your own device) policy. Today's users want to have anytime, anywhere access to all the tools they need from day one. It is therefore vital for IT to educate end-users, particularly regarding security and corporate data. However, IT should avoid being too heavy handed in enforcing these policies. According to a new Gartner report , it is predicted that by 2016 roughly 20 per cent of companies will ultimately fail to find the proper balance between these dueling priorities
SDN And Security: Start Slow, But Start(Dark Reading) Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul policies
Dan Kaminsky on detecting malware with one line of code(TechTarget) Rapidly discovering and thwarting advanced targeted attacks in real time (or near-real time) is one of the most difficult challenges facing enterprises. But one of the information security industry's foremost luminaries says it may be possible to do just that with a single line of code
DISA Adopts Cyber Network Risk Scoring Method(ExecutiveGov) The Defense Information Systems Agency has implemented a continuous monitoring risk scoring system that will work to measure the cybersecurity risk of the agency's computer networks
Exclusive: HHS to lead 2-year DATA Act pilot(FedScoop) The Digital Accountability and Transparency Act is in full swing, with the Office of Management and Budget and the Treasury Department catching headlines in their path to issue a governmentwide set of financial data standards by May 2015. But quietly in the background, the Department of Health and Human Services is gearing up to lead a two-year pilot of the DATA Act to test how data standardization in a complex federal ecosystem works
Instant visibility said to be essential to fight cyber challenges(C4ISR&Networks) Instant network visibility will be imperative to combat the cyberspace challenges U.S. Pacific Command will face, said Air Force Lt Gen James McLaughlin, deputy commander, U.S. Cyber Command (CYBERCOM) during a Dec. 10 panel discussion at AFCEA International's TechNet Asia-Pacific 2014
Naval Academy gets $120 million for new cyber center(Navy Times) The Naval Academy will get $120 million to build its new cyber security center… The budget, signed by President Obama this week, fully granted the academy's request for funding in fiscal year 2015, said a release from the office of Sen. Barbara Mikulski, D-Md
Cisco Continues Partnering with CyberPatriot for the Advancement of STEM(PRNewswire) The Air Force Association today announced that Cisco renewed their support for CyberPatriot, the National Youth Cyber Education Program, as a Cyber Diamond Sponsor. Cisco is a longtime contributor to CyberPatriot, providing equipment, employee mentors for participants, and hosts the Cisco Networking Challenge during the CyberPatriot National Finals Competition
Legislation, Policy, and Regulation
Feeling Vulnerable, Turkey Seeks National Cyber Solutions(Defense News) The release of secret government audio recordings by activist rivals of the ruling party — in particular from a Foreign Ministry meeting in March — has awakened Turkish officials to the need to bolster cyber capabilities
India Still Unsure on Need for Cyber Command(Defense News) The Indian Ministry of Defence remains undecided on whether to establish a dedicated cyber command despite a push by the three military services to improve defense against network attacks from China and to build offensive cyber capabilities, a senior Indian Army officer said
Cyber Insurance for Critical Infrastructure(Dark Matters) You can't turn a television on today without seeing one of the nations' most beloved insurance icons "Flo" from Progressive insurance. We enjoy her whimsical plays on how to get the best price for an insurance policy, but I wonder at what point will these commercials hype "cyber"?
Cybersecurity…At Least There Is One Thing Congress Can Agree On(JD Supra Business Advisor) While most political observers were focused last week on the debates surrounding passage of the so-called "Cromnibus" spending bill, less noted was the fact that the U.S. Congress managed to pass a number of cyber-security bills in a rare moment of bipartisanship and cooperation between the House of Representatives and the Senate
Patrick Meehan, rising congressional star on cybersecurity(The Hill) Legislation to improve the cybersecurity of critical infrastructure has been a much-discussed topic in the last decade during various congressional sessions. Unfortunately, numerous hearings amounted to little more than banter — until now. Last week, several pieces of cybersecurity legislation were sent to the president's desk for signing
Missouri vs NSA: New Bill Would Ban "Material Support or Resources"(Tenth Ammendment Center) With Congress not only failing to rein in National Security Agency (NSA) spying, but actually expanding its power in a recent funding bill, many privacy activists are looking to the states to take action to block warrantless surveillance programs. A bill filed today in Missouri would not only support efforts to turn of NSA's water in Utah, but have some practical effect in the Show Me State should it pass
Banks Sue Kmart Over Credit Card Data Breach(Courthouse News Service) Kmart's failure to protect customer information with "elementary" security measures left banks liable for the resulting fraud, a federal class action claims
Digital Rights Group Goes After NSA(Sputnik US) In its ongoing public relations struggle, the NSA will soon have to defend itself in court. A digital rights group, Electronic Frontier Foundation (EFF) is bringing forth a motion against the National Security Agency on Friday over the agency's Internet data collection program
Report: DoD Bomb Hunters Pried into US Firms, Citizens(DefenseNews) During some of the bloodiest days of US combat in Afghanistan and the roadside bomb threat there, the Pentagon's Joint IED Defeat Organization (JIEDDO) "improperly collected" intelligence on US citizens and corporations to try to stem the threat, a Pentagon Inspector General (IG) report has found
Microsoft files suit against alleged tech support scammers(IDG via CSO) Microsoft is finally cracking down on scammers who offer to fix non-existent computer problems for hundreds of dollars. In a first strike, Microsoft sued several U.S. companies it said are involved in fake tech support scams
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
RSA Conference 2015(San Francisco, California, USA, April 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015
Cybersecurity World Conference(New York, New York, USA, January 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting...
FloCon 2015(Portland, Oregon, USA, January 12 - 15, 2015) FloCon is an open network security conference organized by Carnegie Mellon University
FIC 2015(Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...
Data Privacy Day San Diego — The Future of IoT and Privacy(San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.