North Korea — the Air-gapped Kingdom — has recovered from Monday's Internet outage. Most observers think the DPRK sustained a denial-of-service attack; others say the episode's consistent with a glitch. (Arbor Networks publishes a technical overview of the outage.) Speculation jumps to the conclusion (with a coy little alley-oop from the State Department) that this is part of that proportional response the President promised, but attribution here is as difficult as it is elsewhere. Besides, both Anonymous and LizardSquad quickly claimed credit for themselves. Few are convinced, but it's possible.
Count the Chinese government among the official doubters of the FBI's attribution of the Sony hack to North Korea: they're slow-rolling any cooperation with US action. There's growing suspicion that such action will be circumscribed by the President's characterization of the attack as "cybervandalism," and anyway, others ask, what could you actually do to retaliate against Kim? (War on the Rocks' serious information ops suggestion — mockery of Kim — isn't risk-free: "sending in the clowns" would provoke sad reprisals against the North Korean people.) International lawyers watch for a confirmed US response with interest. Defense intellectuals offer to school the rest of us on cyberwarfare as an asymmetric threat.
DHS releases a compendium of Destover indications of compromise for those rightly concerned about further reuse of the wiper malware. South Korea beefs up its cyber defenses, more spooked by nuclear plant hacking than the Sony affair. ICS security mavens remind us of "Aurora" and the threat to rotating machinery (like pumps and dynamos).
Today's issue includes events affecting Afghanistan, Australia, China, European Union, Israel, Democratic Peoples Republic of Korea, Republic of Korea, Netherlands, Russia, Thailand, United Kingdom, United States.
The CyberWire staff will be taking Christmas off to celebrate the holiday with their families. Regular publication will resume December 26 (interrupted again for New Year's Day, then resuming as usual on January 2).
DHS Releases Destover Wiper Malware Indicators of Compromise(Threatpost) US-CERT released a not-so-cryptic advisory this weekend providing enterprises with indicators of compromise and detailed descriptions of the malware used against "a major entertainment company," the Department of Homeland Security's description of Sony Pictures Entertainment
China Isn't Sure North Korea Hacked Sony, Nor Whether It Happened On China's Territory(Bustle) The U.S. government announced last week that the North Korea regime was behind the destructive cyber attack on Sony Pictures Entertainment, but one country still isn't convinced. On Monday, Chinese officials said there's not enough evidence that North Korea hacked Sony, disagreeing with the recent conclusion made by U.S. investigators. The Chinese government also refused to directly condemn the cyber attack on Sony, but did emphasize that China denounces any cyber breaches of national security
South Korea Divided on Response to North's Cyber Attack(Voice of America) In South Korea, there are voices of support for the idea that U.S. President Barack Obama might put North Korea back on the list of state sponsors of terrorism in response to the cyber attack on Sony Pictures Entertainment
Sony Hack Is Bad, But the Real Cyberwar Is All Around You(NBC News) Sony is reeling from the effects of its recent massive breach, in which hackers were able to penetrate the company's systems at a deep level — and make Hollywood insiders blush by releasing troves of internal data and private emails
Reacting to the Sony Hack(Schneier on Security) First we thought North Korea was behind the Sony cyberattacks. Then we thought it was a couple of hacker guys with an axe to grind. Now we think North Korea is behind it again, but the connection is still tenuous. There have been accusations of cyberterrorism, and even cyberwar. I've heard calls for us to strike back, with actual missiles and bombs. We're collectively pegging the hype meter, and the best thing we can do is calm down and take a deep breath
How to Explain the Sony Hack to Your Relatives(Gizmodo) The holidays are a time for eggnog and presents and bizarre credulous rituals involving an old elf-man and his pack of flying caribou. It's also a time to cuddle up by the hearth and begrudgingly explain the latest technology news to your relatives. This week's edition: The Sony hack
North Korea's Finest Hour(Politico) After 60 years of trying to be taken seriously, the strangest regime on earth finally succeeds
Sony vs. North Korea: Send in the Clowns?(War on the Rocks) The Kim regime running North Korea is a brutally oppressive dictatorship that routinely commits mind-boggling atrocities against its own people. Thanks to its policy of punishing dissidents — as well as their extended families for several generations — an estimated 80,000-120,000 North Koreans suffer horrific human rights abuses in the Kim regime's gulags. Innocents are routinely beaten. Tortured. Made to eat vermin and grass to survive. It is difficult to comprehend the heartbreaking scope and scale of these abuses; they are "without parallel" in the 21st century. And, of course, as if all this wasn't disturbing enough, the Kim regime is proceeding "full steam ahead" on its nuclear weapons program, which threatens to destabilize the Asia-Pacific region. The dictatorship in North Korea is odious indeed
Should Sony Pictures have pulled 'Interview' movie?(Palm Beach Post) In the last month, Sony Pictures has been subject to an increasingly common form of cyberterrorism. Computer hackers broke into the company's computer system and released sensitive business and personal information. Tens of millions of these files were stolen and have appeared on file-sharing Web sites around the world. The attacks, which U.S. authorities have determined originated in North Korea, have sent the entertainment conglomerate reeling
Sony Hack: Three Lessons Learned for Corporations(Bloomberg) Peter Singer, author of "Cybersecurity and Cyberwar," and senior fellow at New America Foundation, discusses the hacking attack on Sony Pictures related to the film "The Interview," and the three most important lessons companies can learn from the situation
The sad ironies of the Sony affair(David Strom's Web Informant) I have been spending time studying up on what actually happened at Sony over the past month. There has been a tremendous amount of inaccurate reporting, and a dearth of factual information. Let's try to set that record a bit straighter. From where I sit, the attack and the activity about the movie were two separate events and were probably caused by at least two separate entities. Assigning blame across both of them to the same actor is ludicrous
Forget the Sony hack, this could be the biggest cyber attack yet(Quartz) On Friday, the FBI officially named North Korea as the party responsible for a cyber attack and email theft against Sony Pictures. The Sony hack saw many studio executives' sensitive and embarrassing emails leaked online. The hackers threatened to attack theaters on the opening day of the offending film, "The Interview," and Sony pulled the plug on the movie, effectively censoring a major Hollywood studio
App "Component" Downloads Apps Onto Devices(TrendLabs Security Intelligence Blog) We often talk about the security risks when dealing with third-party app stores. Previous research has shown that third-party app stores are often a hotbed of malware, specifically, malicious versions of popular apps. Aside from malicious apps, we are now seeing a marked increase of "downloader apps" in these stores, whose primary function is to download other apps that may lead to security risks for mobile users
JPMorgan data breach entry point identified: NYT(Reuters via Yahoo! Tech) A computer breach at JPMorgan Chase & Co earlier this year could have been avoided if the bank had installed a simple security fix to an overlooked server in its network, the New York Times reported, citing people briefed on investigations
oCERT Releases Advisory for Unpatched UnZip Vulnerability(US-CERT) The Open Source Computer Security Incident Response Team (oCERT) has released an advisory addressing vulnerabilities in all versions of UnZip. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system if a user opens a specially crafted zip file
Meet the bots that made half the web's traffic in 2014(Quartz) Bots, those software programs that automate web activity, accounted for 56% of Internet traffic in 2014, according to content delivery platform Incapsula. (This was actually down from 61.5% of traffic in 2013)
Security Patches, Mitigations, and Software Updates
Apple's First Automatic Security Update Protects Your Mac In the Background(TechCrunch) Apple has pushed its first ever automatic security fix for OS X, with a new update signed to thwart a vulnerability associated with the use of the network time protocol that allows your Mac to automatically sync its clocks. The update had already installed for me when I woke up this morning, with a notification letting me know what was up, but required no intervention on my part and also ran without having to restart my Mac
Will 2015 be the year of risk-based security?(Help Net Security) As 2014 comes to a close, many of us are beginning to look ahead at the expected trends for the coming year. For those of us in cybersecurity who are at the forefront of protecting organizations from an increasingly dynamic threat landscape and the harsh realities of cybercrime, placing big bets and declaring predictions regarding what we will see in 2015 has become both sport and tradition
2014: The year cyber danger doubled(GovTech) Cybersecurity stories were more popular than ever in 2014, with the word 'cyber' showing up in front of topics ranging from security to shopping scams to global online attacks. But no matter how we rename, reclassify or reanalyze the data in cyberspace, it is clear that the dollars spent, problems encountered and attention given cyber has virtually doubled in 2014
The Future of Privacy(Pew Research Internet Project) The terms of citizenship and social life are rapidly changing in the digital age. No issue highlights this any better than privacy, always a fluid and context-situated concept and more so now as the boundary between being private and being public is shifting. "We have seen the emergence of publicy as the default modality, with privacy declining," wrote Stowe Boyd, the lead researcher for GigaOm Research in his response in this study. "In order to 'exist' online, you have to publish things to be shared, and that has to be done in open, public spaces." If not, people have a lesser chance to enrich friendships, find or grow communities, learn new things, and act as economic agents online
Sony Hack Ignites Cybersecurity Market, But Human Element Remains Weak Link(International Business Times) Following hacks that crippled Sony Pictures and caused numerous other high-profile data breaches in 2014, cybersecurity has caught the attention of Wall Street. With companies and government agencies looking to secure their computer networks more tightly than ever, stocks of antivirus and network-protection specialists are hot. But even the most sophisticated software can't stop an employee from clicking on a legit-looking email link that opens their corporate data to the world
Teradata Corporation (NYSE:TDC) Announces Increase in Repurchase Plan(Street Report) Teradata Corporation (NYSE:TDC) announced that its Board of Directors has authorized an additional $300M for share repurchases under its general open market share repurchase program. The company now has approximately $450M available under this program as a result of the increased share repurchase authorization
How to stop hackers once they're in: CyberArk CEO(CNBC) The innovative project, in cooperation with the Check Point Software Technologies, will build a mechanism to detect and identify cyber-attacks on the Foreign Ministry's missions throughout the world
Sony Seeking More Cybersecurity Staff Amid Hack Fallout(Wall Street Journal) Sony 6758.TO +0.94% Corporation of America, whose film studio is recovering from a crippling hack, is seeking to hire cybersecurity managers to handle the political fallout from hack attacks and assess vulnerabilities. Filling those roles could be challenging given the cybersecurity talent shortage, say tech experts
New site to bolster cybersecurity community, workforce(Federal Times) The U.S. Cyber Challenge has partnered with Monster.com to build a community of cybersecurity professionals and verified talent pool that government and private sector employers can tap to fill positions in this critical field
Cybertalent on the Cheap(Internet Storm Center) I recently attended an information security meetup and one of the main topics was building up security resources on a state/local government budget. This is not an easy task, but is something many people are facing
Sony Hack Underscores the Need for Practical Email Protections — Virtru Makes Email Encryption Easy, Affordable and Available to Everyone(Marketwired) The Sony Pictures Entertainment hack and email leak is a cautionary tale for any business or individual with high-value intellectual property or company secrets to protect. The now historic security breach highlights the inherent vulnerabilities of email communication and how an email hack can cost a company more than its reputation. Early estimates predict losses of hundreds of millions resulting from the leak of personal and employee information, business plans, unreleased movies and other confidential and proprietary studio information. Had Sony adequately invested in data security and deployed an end-to-end email encryption service like Virtru, it's likely much of the fallout from this data breach could have been prevented
Attributing Cyber Attacks(Journal of Strategic Studies) Who did it? Attribution is fundamental. Human lives and the security of the state may depend on ascribing agency to an agent. In the context of computer network intrusions, attribution is commonly seen as one of the most intractable technical problems, as either solvable or not solvable, and as dependent mainly on the available forensic evidence. But is it? Is this a productive understanding of attribution?
Understanding & Detecting Backoff POS Malware(RSA: Speaking of Security) Point of Sale (POS) malware has had its share of headlines this year. Now with the holiday shopping season underway POS systems will certainly be an enticing target for hackers to explore due to the payoff of thousands of fresh credit card numbers that will be run through these devices
2 keys to enhancing DOD's new risk framework(Defense Systems) In mid-November, the Government Accountability Office and Veterans Affairs Department Inspector General testified before the House Veterans Affairs Committee regarding the deficiencies in the VA's cybersecurity program… One of the main concerns included in the report was the over-utilization of systems that were issued a temporary authority to operate (ATO), a formal declaration that a solution has passed the certification and accreditation (C&A) process
MFA and Cyber Bureau launch Cyber Defense Project(Yeshiva World) The innovative project, in cooperation with the Check Point Software Technologies, will build a mechanism to detect and identify cyber-attacks on the Foreign Ministry's missions throughout the world
Mathematicians Make a Major Discovery About Prime Numbers(Quanta via Wired) In May 2013, the mathematician Yitang Zhang launched what has proven to be a banner year and a half for the study of prime numbers, those numbers that aren't divisible by any smaller number except 1. Zhang, of the University of New Hampshire, showed for the first time that even though primes get increasingly rare as you go further out along the number line, you will never stop finding pairs of primes that are a bounded distance apart — within 70 million, he proved
S. Korean military to set up cyber operations team(Korea Herald) The South Korean military plans to establish a new team in charge of cyber operations under the Joint Chiefs of Staff (JCS) as part of efforts to boost its cyber warfare capabilities, officers said Tuesday
Why no one understands what cyber war actually is(Cyberwarzone) Here we go again, the hack on Sony has been titled an "cyber war attack" by various news outlets and the government is now claiming that it was an act of cyber vandalism and not an cyber war attack. Euhmm, ok. Awesome — that really helped us forward. Guys how many times does it need to be repeated, we clearly see the "war" in "cyber war", now let's take a look at the definition of war
Sony hack points to NSA's conflicting roles(San Jose Mercury News) Sony Pictures made a mistake in pulling the satire "The Interview" from movie theaters. But rather than look for help from China to solve the problem, President Obama needs to look inward, at his own federal government, to address the broader security issues underlying this and other damaging hacking, whether foreign or domestic
Cybersecurity and the Risks of Law Enforcement Back Doors(Reg Blog) Software, networking, and other technology providers are beginning to see stronger system security measures as a real benefit to their users. In fact, some companies, like Apple, Google, and Yahoo, are aiming to provide such strong security on user data that no one but the user can ever access the user's information. Law enforcement agencies in the United States have reacted negatively to plans for producing such strong security, insisting that companies must at least provide "back doors" to law enforcement to access user information. Law enforcement specifically wants to require companies to build their products' encryption and other security systems so that companies could "unlock" the data for law enforcement by using, as one editorial board unfortunately put it, a "secure golden key they would retain and use only when a court has approved a search warrant"
What Is Wrong With 'Legal Malware'?(Forbes) Can malware, malicious by definition, ever be a good thing? Surprisingly, there are law enforcement agencies that would answer yes. There are a growing number of hacking techniques involving malware deployed by governments around the world. Effectively they are using criminal tools, which they claim is a legitimate means to the ultimate, legitimate end — fighting crime, even going so far as deeming their use legal. I disagree. And I think it is a worrying trend generally — one that needs to be nipped in the bud
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cybersecurity: You Don't Know What You Don't Know(Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...
2015 Cyber Risk Insights Conference — San Francisco(San Francisco, California, USA, March 3, 2015) Following on the success of the 2014 half-day cyber risk event, Advisen will present a full day of learning and networking for risk managers, CISOs, CROs, insurance brokers, insurance underwriters, reinsurers...
2015 Cyber Risk Insights Conference — Chicago(Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals...
Cybersecurity World Conference(New York, New York, USA, January 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting...
ShmooCon(Washington, DC, USA, January 16 - 18, 2015) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...
California Cybersecurity Task Force Quarterly Meeting(Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...
FIC 2015(Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...
AppSec California(Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.