Several bits of information about the Sony hack come to light. The attack apparently involved months of preparation: reconnaissance and planting of "time bombs." The attack code used in the campaign reportedly involved a great deal of recycled techniques and malware (which leads to lingering suspicion that Iranian suppliers may have been involved). And Sony is said to still suspect some insider collaboration with external attackers.
Voices of skepticism aside, the US sticks to its attribution of the attack (which President Obama characterizes as an act of cybervandalism as opposed to cyberwar) to North Korea. The DPRK, of course, denounces the attribution as "slander," and cheekily offers to help the Americans with their inquiry. That offer will obviously be declined, but the US is seeking help from China, specifically a blockade of DPRK Internet access. The "proportional" response the US is mulling could also include information operations, difficult enough in a country that's largely airgapped itself through censorship and a policy of poverty, but still something the Kim regime seems to fear.
Many observers continue to speculate that Kim's long game is infrastructure attacks (and indeed there was recently a successful hack of a South Korean nuclear power provider — attribution unclear, but nominally the work of anti-nuclear hacktivists), but its proximate effect has been to increase business fears of cyber-extortion.
Ordinary cyber criminals, naturally, remain active. Banking Trojans Vawtrak and Zeus circulate in evolved, dangerous variants. Gangs install ATM malware from within banks. Office retailer Staples discloses a point-of-sale breach.
Today's issue includes events affecting Australia, Bolivia, China, Egypt, European Union, France, Germany, Iran, Iraq, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Morocco, Netherlands, Russia, Spain, Syria, Uganda, United Kingdom, United States.
The CyberWire staff will be taking Christmas off to celebrate the holiday with their families. Regular publication will resume December 26 (interrupted again for New Year's Day, then resuming as usual on January 2).
Sony Executives Suspect an Insider in the Cyberattack(Movie News Guide) While North Korea is still the main suspect to the massive cyberattack against Sony on Nov. 24, 2014, the executives of the company are starting to suspect it was an inside job. They assure that no outside source could perfectly hack Sony's network
U.S. Finally Officially Condemns Sony Cyber-Attack by North Korean Cyber-Terrorists(eNews Channels) John Kerry, U.S. Secretary of State made the following statement today in Washington, D.C.: The United States condemns North Korea for the cyber-attack targeting Sony Pictures Entertainment and the unacceptable threats against movie theatres and moviegoers. These actions are a brazen attempt by an isolated regime to suppress free speech and stifle the creative expression of artists beyond the borders of its own country
Homeland Security chief calls Sony hack 'an attack on our freedom of expression'(The Verge) On the heels of today's FBI statement officially naming North Korea as responsible for the hack on Sony Pictures, Homeland Security chief Jeh Johnson has put out a statement denouncing the attack and emphasizing his department's cybersecurity efforts. "The cyber attack against Sony Pictures Entertainment was not just an attack against a company and its employees," Johnson said in the statement. "It was also an attack on our freedom of expression and way of life." The release of The Interview, which is thought to have provoked the attack, has been cancelled, and the attackers have asked Sony Pictures executives to erase all traces of the film to prevent future leaks. President Obama is expected to address the matter later today
Obama vows U.S. response to North Korea over Sony cyber attack(Reuters) President Barack Obama vowed on Friday to respond to a devastating cyber attack on Sony Pictures that he blamed on North Korea, and scolded the Hollywood studio for caving in to what he described as a foreign dictator imposing censorship in America
Obama: North Korea's actions are cybervandalism, not war(McClatchy) President Barack Obama said Sunday that he does not think a recent North Korean cyberattack against Sony Pictures Entertainment was "an act of war." But, he told CNN's Candy Crowley on "State of the Union" that it was a very expensive act of cybervandalism
U.S. Asks China to Help Rein In Korean Hackers(New York Times) The Obama administration has sought China's help in recent days in blocking North Korea's ability to launch cyberattacks, the first steps toward the "proportional response" President Obama vowed to make the North pay for the assault on Sony Pictures — and as part of a campaign to issue a broader warning against future hacking, according to senior administration officials
What does a cyber counterattack look like?(Politico) President Barack Obama promised at his year-end news conference Friday that the U.S. will respond "proportionally" to North Korea's cyberattack against Sony Pictures Entertainment, but the conventional options available to him are ineffective, merely symbolic or a bad risk because they might lead to a larger military conflict
U.S. should respond aggressively to cyber attack, expert says(Hawaii Reporter) The attack on Sony Pictures and threats to the movie industry cannot be tolerated, one of the nation's leading security experts says. Lynn Mattice is president and CEO of the National Economic Security Grid, a non-profit organization focused on educating small and medium sized enterprises on a broad range of threats they face
What we know about North Korea's cyberarmy(IDG via CSO) The attack on Sony Pictures has put North Korea's cyberwarfare program in the spotlight. Like most of the internal workings of the country, not much is known but snippets of information have come out over the years, often through defectors and intelligence leaks
North Korea's legacy of terrorism goes far beyond hacking(Washington Post) A disastrous hack of Sony Pictures and the subsequent cancellation of "The Interview" has rightly been taken as a sign of the growing threat of cyberwarfare in the modern age. Many observers now wonder whether North Korea's actions (assuming it really is North Korea) constitute some new form of online terrorism
Iran Another Suspect Behind Sony Cyberattack(AP via CBS News) The detective work blaming North Korea for the Sony hacker break-in appears so far to be largely circumstantial, The Associated Press has learned. The dramatic conclusion of a Korean role is based on subtle clues in the hacking tools left behind and the involvement of at least one computer in Bolivia previously traced to other attacks blamed on the North Koreans
"The Interview" Censorship Protestors Screen Chaplin's Hitler Parody "The Great Dictator"(TechCrunch) A clandestine invite to a "secret screening to protest against censorship" of The Interview did not lead to a showing of the North Korea-skewering film at the center of the Sony Pictures hack. It did raise money for free speech charity Article 19, though. Instead, attendees in London, Rome, and San Francisco who were instructed to come "dressed in a dark suit, and bring a small gift for a stranger" were shown screenings of Charlie Chaplin's The Great Dictator
Sony hack adds to security pressure on companies(San Diego Union-Tribune) Faced with rising cybercrime like the attack on Sony Pictures Entertainment, companies worldwide are under pressure to tighten security but are hampered by cost and, for some, reluctance to believe they are in danger
The High Water Mark?(Security Info Watch) The Sony hack and subsequent damage control should mean something to every business owner
Game Change: Three Reasons Why #SonyHack Will Change Security(CTOVision) UPDATED: on 12/19/14, the FBI officially declared North Korea to be the aggressor behind the Sony Pictures Entertainment hack. The evidence published is circumstantial and probably would not stand up to scrutiny in a court of law. However, we do not know what other out-of-band information, such as SIGINT, HUMINT, and intelligence from other nations' intelligence agencies may have played into this determination. We do know it is highly unusual to conclusively determine attribution of an attack, especially this soon after the attack has occurred
Private School Threatened: Pay $1M or Cyber-Attack(NBC Philadelphia) Hot on the heels of the infamous Sony hack, Pine Forge Academy in Berks County is facing a similar threat if it doesn't pay $1 million to a person claiming to be with a group called Heart of the People
New Zeus variant targets users of 150 banks(Help Net Security) A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan
TorrentLocker Ransomware Spreading Fast: Report(Infopackets) A new report from security firm ESET finds that the TorrentLocker ransomware scam has now encrypted an estimated 285 million files. Unfortunately, ESET security experts don't see the rate of infections dropping off any time soon
CryptoLocker Copycat Hits Australians via Emails(Softpedia) A new ransomware trying to monetize on the name of the infamous CrytoLocker ransomware has been observed to be served to unsuspecting Australians in emails claiming to be from the Office of State Revenue, in connection to paying a fine for speeding
Gang Hacked ATMs from Inside Banks(KrebsOnSecurity) An organized gang of hackers from Russia and Ukraine has broken into internal networks at dozens of financial institutions and installed malicious software that allowed the gang to drain bank ATMs of cash. While none of the victim institutions were in the United States or Western Europe, experts say the stealthy methods used by the attackers in these heists would likely work across a broad range of western banks
Tor warns users of possible attempt to disable its network(Pando Daily) The Tor Project has issued a statement warning that it has learned of a possible "attempt to incapacitate our network in the next few days." The statement doesn't identify the source of the alleged threat but warns an attack might come "through the seizure of specialized servers in the network called directory authorities"
AutoIT-based POS Malware 'Sparks' Fresh Threat(Infosecurity Magazine) A variant of the Alina malware, used to scrape credit card (CC) data from point of sale (POS) software, has been rampaging its way through the wild lately — using a sophisticated twist in approach that involves AutoIT
Alert (TA14-353A): Targeted Destructive Malware(US-CERT) US-CERT was recently notified by a trusted third party of cyber threat actors using a Server Message Block (SMB) Worm Tool to conduct cyber exploitation activities recently targeting a major entertainment company. This SMB Worm Tool is equipped with a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool
Misfortune Cookie Takes Bite Out of Internet Security(Tom's Guide) This cookie wants to take a bite out of you: A serious security flaw called Misfortune Cookie affects more than 12 million routers, modems and other "gateway devices" — as well as all the devices connected to them, from computers, smartphones and tablets to "smart home" devices such as toasters, refrigerators, security cameras and more
Vulnerability Note VU#561444: Multiple broadband routers use vulnerable versions of Allegro RomPager(CERT | Software Engineering Institute | Carnegie Mellon University) Many home and office/home office (SOHO) routers have been found to be using vulnerable versions of the Allegro RomPager embedded web server. Allegro RomPager versions prior to 4.34 contain a vulnerability in cookie processing code that can be leveraged to grant attackers administrative privileges on the device. According to Check Point's advisory, the vulnerability was addressed by Allegro in 2005 but is present in current or recent firmware releases of many devices
Impersonator Bots See Steady Increase in Traffic(Infosecurity Magazine) Botnets are used for a variety of tasks, for everything from legitimate and innocent search engine indexing and RSS feed compilation to mass-scale hack attacks, DDoS floods, spam schemes and click-fraud campaigns. In its latest report on the state of the bot, Incapsula found that found that malicious bot traffic is growing, while "good bot" activity continues to decline
Bulletin (SB14-356): Vulnerability Summary for the Week of December 15, 2014(US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
Vulnerability Note VU#852879: Network Time Protocol daemon (ntpd) contains multiple vulnerabilities(CERT | Software Engineering Institute | Carnegie Mellon University) The Network Time Protocol (NTP) provides networked systems with a way to synchronize time for various services and applications. ntpd version 4.2.7 and pervious versions allow attackers to overflow several buffers in a way that may allow malicious code to be executed. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keyserview
The Network Time Protocol (NTP) provides networked systems with a way to synchronize time for various services and applications. ntpd version 4.2.7 and pervious versions allow attackers to overflow several buffers in a way that may allow malicious code to be executed. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys
Cyber-war or cyber-peace?(Security Affairs) Equilibria in cyberspace are evidently unstable and many experts believe that we are in the midst of a cyber-war… there is the urgency of a regulation
Government hacks and security breaches skyrocket(CNN) The North Korean hack of Sony Pictures that unleashed proprietary information, leaked embarrassing emails and brought the multi-billion dollar company's operations to its knees was unprecedented. But cyber security and intelligence experts warn that this is only the beginning
The Internet's Winter Of Discontent(Dark Reading) The new great cybersecurity challenge in trying to sum up the most dangerous weaknesses in the world's connected economy is that the hits just keep on coming
Cybercrime will continue to evolve(Help Net Security) The breadth and depth of the data breaches seen by the world in 2014 was shocking — spanning major banks, e-commerce giants, healthcare giants, casinos and others, exposing hundreds of millions of usernames, passwords and credit card details. The coming year will be no different, and businesses and consumers need to be prepared for continued changes in the cybercrime landscape
5 Worst Security Fails of 2014(Tom's Guide) From start to finish, 2014 was chock-full of embarrassing security failures. Executives' emails, starlets' nude photos and your credit-card numbers all got into the hands of bad people who seemed to run rampant over the Internet without restraint
Top 10 Social Media Fails Of 2014(InformationWeek) Businesses learn lessons the hard way when their social media posts go wrong. Have a look at the businesses that made this year's naughty list
Are Electronic 'Back Doors' Unintentionally Helping Hackers?(Knowledge @ Wharton) For global insurance firms, cyberattacks have become the most threatening of all emerging risks, according to a survey conducted recently by Guy Carpenter & Co., the risk and reinsurance specialists. Over the past two years, hackers have infiltrated major airlines, energy companies and defense firms, among many other businesses
Don't Mug Me For My Password!(InformationWeek) In today's information-based world, crooks are targeting mobile devices -- and the data on them. The healthcare industry is particularly vulnerable
How will your data be at risk in 2015(ITProPortal) The world of information security is, as we know, a constant arms race between the hackers and cyber criminals and the protection industry
2015 Industry Predictions Part 3: Defense, Response, Collaboration(Infosecurity Magazine) No industry sector can afford to stand still or rest on its laurels, but the burden of adapting to new challenges falls particularly heavily on infosec professionals. Failing to keep up with change in some other aspect is unlikely to affect an organization as badly as outdated security practice and policy. You only need to open a newspaper to see evidence of that
Symantec: A Long-Term Investment Opportunity In An Attractive Tech Stock(Seeking Alpha) Symantec is the second top-ranked stock in my portfolio. Symantec will continue to benefit from the increasing demand for anti-hacking tools and from its new partnership with HP to develop a new Disaster Recovery as-a-Service solution. Symantec is generating strong cash flows and returns value to its shareholders by stock buybacks and dividend payments
Verint Receives 2014 Asia Pacific Market Share Leadership Award from Frost & Sullivan for Seventh Consecutive Year(CSO) Verint® Systems Inc. (NASDAQ: VRNT) today announced that it has received the "2014 Asia Pacific Market Share Leadership Award" from Frost & Sullivan. This marks the seventh consecutive year that Verint has received this distinction in the Call Monitoring Systems category from the global analyst and consultancy firm, underscoring its innovation, growth, strong partner ecosystem, and ability to help customers achieve their business goals through the use of proven quality monitoring and customer engagement optimisation solutions
Gartner's Magic Quadrant positions Gemalto as a leader in user authentication(Globe Newswire) Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, has again been positioned as a Leader in Gartner's December 1, 2014 Magic Quadrant for User Authentication, out of the 18 vendors assessed by Gartner. The vendors surveyed in the Magic Quadrant are evaluated based on two main criteria: completeness of vision and ability to execute
Pulse Secure Simplifies Secure Device Onboarding and Compliance for BYOD(Business Wire) Pulse Secure, a leading provider of access and mobile security solutions to the enterprise and service providers, today released new functionality for its Connect Secure and Policy Secure solutions that simplify the deployment of secure network access services and address key challenges of BYOD. The new solutions offer automated onboarding of PCs and mobile devices, streamlined remote connectivity and expanded compliance enforcement
Decrypt This: OS Security Showdown(Digital Trends) 2014 has been a tumultuous year for personal security. Through the continuing revelations of NSA leaks, North Koreans shutting down Sony, and the big bad bug that made everyone's Heart Bleed, the past twelve months have shown that the hairiest of hacks are almost always in the last place you'd think to look
Cloud VPN Security Recommendations(Infosec Institute) A VPN (Virtual Private Network) enables connections between clients and servers from multiple different internal networks across a public network (like the Internet) as if the nodes were located in the same private network. Since the communication is transferred across the public network, it must be properly encrypted to prevent eavesdropping. When a user is connected to the VPN connection, he/she can access the extended network services the same way as if they were located with its private network
Smart grid security certification in Europe(Help Net Security) ENISA issues a report on smart grid security certification in Europe targeted at EU Member States (MS), the Commission, certification bodies and the private sector; with information on several certification approaches across the EU and other MS and EFTA countries
Buck Rogers Leads BOE's Hackersin 21st Century Cyberwar(Bloomberg) Buck Rogers is the man behind the Bank of England's latest cyber security campaign. Unlike the comic book hero, he doesn't battle radioactive mutants or aliens. His foes are the 21st century humans who use computers as weapons
Cybercriminals won't take a vacation this holiday season(Help Net Security) The holiday period is a time to celebrate with family and loved ones. Unfortunately, cybercriminals will use the season to take advantage of businesses as IT staff and end users relax their guard heading into the end of year. With that in mind, GFI Software is reminding both organizations and consumers to stay vigilant this year and is providing helpful tips on how to increase online safety and spot attempts at holiday cybercrime
Positive steps on the road towards harmonization of global cybersecurity risk management frameworks(Microsoft Cyber Trust Blog) Around the world, governments are pursuing initiatives to protect their cyberspace, developing national cybersecurity strategies, considering information sharing incentives, and assessing baseline security protections. Two important initiatives with the potential to be impactful far beyond national borders have been unveiled in the European Union (EU) and the United States over the past two years. First, the U.S. government encouraged businesses to adhere to a set of technical and organizational recommendations in its voluntary Cybersecurity Framework. Now, the EU is discussing the Network and Information Security (NIS) Directive, legislation that envisions mandatory cybersecurity requirements, the scope and detail of which will be critical to its effectiveness
White House Issues Impotent Response to Cyber Attack(Breitbart) The White House, in its usual impotent way, responded to the cyber attack on Sony Studios with a barrage of verbiage. White House spokesman Josh Earnest intoned that the attacks were executed by a "sophisticated actor with malicious intent… We believe that this destructive activity merits an appropriate response. There are a range of options that are under consideration right now. The president considers this to be a serious national security matter"
Lawmakers laud 'historic' cyber laws(The Hill) The cyber bills signed into law Thursday by President Obama are "a historic step in bolstering our national security," said Senate Homeland Security and Governmental Affairs Committee Chairman Tom Carper (D-Del.)
CISA Supporters Use Sony Pictures Security Breach To Push Bill(GamePolitics) We knew it wouldn't be long before some politicians and bureaucrats took the opportunity to use Sony Pictures' recent security breach as a way to push questionable cybersecurity legislation. The White House declared the Sony security breach a "national security issue" yesterday and today the FBI claimed that North Korea was directly involved in the hack
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cybersecurity World Conference(New York, New York, USA, January 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting...
ShmooCon(Washington, DC, USA, January 16 - 18, 2015) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...
California Cybersecurity Task Force Quarterly Meeting(Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...
FIC 2015(Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...
AppSec California(Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get...
Financial Cryptography and Data Security 2015(San Juan, Puerto Rico, USA, January 26 - 30, 2015) The goal of the conference is to bring security and cryptography researchers and practitioners together with economists, bankers, implementers and policy-makers. Intimate and colourful by tradition, the...
Data Privacy Day San Diego — The Future of IoT and Privacy(San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.