Reports over the weekend describe a "suspected state hacking campaign" active against Israeli and European military targets. The campaign, which CrowdStrike and Cymmetria describe as looking like the work of a "second-tier" cyber power, adapted Core Security testing software into attack tools. There's no attribution, but sources close to Israel CERT speculate that Iran might be responsible. Others independently note a trend of cyber attacks adapting legitimate tools (and not just the obvious lawful intercept tools) to disruptive ends.
North Korea's Internet suffered another outage Saturday, cause unknown. CloudFlare suggests that, given the fragility of the DPRK's information infrastructure, if the event indeed proves an attack as opposed to a failure, the hacker is most likely to be "a 15-year-old in a Guy Fawkes mask."
Microsoft and Sony have restored their Xbox and PlayStation networks. LizardSquad members claim responsibility, with an insouciance about exposure to prosecution that would be startling in a brighter group, but seems about par for LizardSquad. See KrebsOnSecurity for a clear (and hostile) profile of the group.
Having fooled with gaming networks, LizardSquad turned its attention to Tor with s Sybil attack aimed at controlling a significant portion of the network. Tor is actively mitigating the attack and purging compromised relays.
US members of Congress scowl in the direction of China, which they feel must have known about the (alleged) DPRK attack on Sony. For its part China's party-controlled media task Sony and the US Government with careless security and failure to regulate more stringently, respectively.
Today's issue includes events affecting Afghanistan, Cambodia, China, European Union, Iran, Israel, Italy, Democratic Peoples Republic of Korea, New Zealand, Russia, Spain, Ukraine, United Arab Emirates, United States.
The CyberWire will take New Year's Day off, returning as usual on January 2. We hope you continue to enjoy the holidays.
Cyber Attacks, Threats, and Vulnerabilities
Suspected state hacking campaign used commercial software(Reuters via the Chicago Tribune) A previously undisclosed hacking campaign against military targets in Israel and Europe is probably backed by a country that misused security-testing software to cover its tracks and enhance its capability, researchers said
Who's Behind The Internet Outages In North Korea, Anyway?(TechCrunch) North Korea blamed the U.S. and called President Obama a "monkey" today when the country's Internet and mobile network went down for the third time this week. However, it's still not clear who's behind the Internet outages
What caused the Afghan government cyber-attack?(Khaama Press) While the motive of the recent cyber-attack on Afghan government websites is still not known, the incident has certainly put the Ministry of Communications and Information Technology (MCIT) on the spot and the administration and management of the IT programs and projects are under scrutiny
Who's in the Lizard Squad?(KrebsOnSecurity) The core members of a group calling itself "Lizard Squad" — which took responsibility for attacking Sony's Playstation and Microsoft's Xbox networks and knocking them offline for Christmas Day — want very much to be recognized for their actions. So, here's a closer look at two young men who appear to be anxious to let the world know they are closely connected to the attacks
Gamers upset over another cyber attack(KNOE 8 News) A possible hack may have hit Sony again; this time interfering with its Playstation network and also taking Microsoft's X-box Live down in the cyber attack
UPDATE: 13k PSN, Xbox leak by Anonymous is copy paste from previous leaks?(HackRead) Yesterday, a Twitter account associated with the online hacktivists Anonymous claimed to leak a list of what it said were usernames and passwords of 13,000 accounts from VPNCyberGhost, UbiSoft, VCC, Brazzers, UFC TV, PSN, Xbox Live Gamers, Twitch TV, Amazon, Hulu Plus, Dell, Walmart and (EA) Games
Tor Users Were Not At Risk During Attack(Ubergizmo) Lizard Squad, a hacker group, has been pretty busy over Christmas. First it knocked down PlayStation Network and Xbox Live, bringing online gaming on PlayStation and Xbox consoles to a standstill, and then set its sights on an anonymity network called Tor. Lizard Squad shifted its focus over the weekend, saying that it would "no longer attack" gaming services, and instead go after Tor with a zero-day exploit. Simply put, a zero-day exploit is one that leverages an unknown vulnerability
"Rocket Kitten": Is it still APT if you can buy it off the shelf?(Internet Storm Center) Gadi Evron and Tillmann Werner presented an interesting case at 31C3 Conference in Hamburg yesterday, that shows how commercial software can be used to launch APT style attacks. In this case, several similar attacks where discovered against targets in Israel and Western Europe. In all cases, the attack started with a simple Excel spreadsheet which was sent as an attachment . The email itself was brief and unremarkable, but used fake and plausible "From" headers
Evolution of Banking Malwares, Part 2(infosec Institute) This technique is used in scenarios where critical information such as Social Security Number (SSN) or Personal Identification Number (PIN) is otherwise not easily available
The 5 Most Dangerous Software Bugs of 2014(Wired) Dealing with the discovery of new software flaws, even those that leave users open to serious security exploits, has long been a part of everyday life online. But few years have seen quite so many bugs, or ones quite so massive. Throughout 2014, one Mothra-sized megabug after another sent systems administrators and users scrambling to remediate security crises that affected millions of machines
Top Data Breaches of 2014(Security) 2014 was a very busy year for hackers. For those keeping a tally of data breaches, the year offered no respite
Honey Pot Entertainment — SSH(Internet Storm Center) The Christmas period is a nice time to play with some honeypots and share some of the info they have been collecting. Currently I only have two functioning, both of them are located in the US. Each receives 20K or more login attempts per day. I'm using a standard kippo installation, running as a non root user and using authbind to run the honeypot on port 22. Results are sent to a logging server for collection
TAB told who could be responsible for cyber attack(ONE News) The TAB says it is remaining vigilant after falling victim to a cyber attack - and that it has told the police who could be behind it. The betting agency's website crashed on Boxing Day after it became the target of a "concentrated cyber attack" that has caused problems since
Bulletin (SB14-363) Vulnerability Summary for the Week of December 22, 2014(US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
If It Can Happen To Sony, It Can Happen To You(Business World) Sony is only the most recent case of a major co with dedicated security teams, facing hacking. Bottom line, nobody is immune to emerging threats, says Andrew Del Matto, CFO, Fortinet, Inc
Cybersecurity Hindsight And A Look Ahead At 2015(TechCrunch) This year we witnessed a series of high-profile security breaches, from the aftermath of the Target and Home Depot fiascos, to a number of attacks on other national retailers, including Michaels, Goodwill and Neiman Marcus. Then there was the massive breach at JP Morgan Chase, which compromised personal information of more than 83 million households and businesses, and finally over 100 terabytes of internal files and films recently stolen from Sony
Cyber landscape of 2015(Star Online) From targeted attacks to ransomware, security firm Symantec Malaysia predicts another challenging year in cyber security
Hacking Is Officially the Internet's Latest Craze(RYOT) Future generations might remember 2014 as the year hacking went viral. The Sony hack, may have been the first to make international headlines and capture the attention of the general public, but the aftermath from that incident has just barely subsided and already several other major hacks or threats have surfaced
Why It's Time For A Board-Level Cybersecurity Committee(Forbes) Just the past 12 months have seen one massive corporate security breach after another. Major retailers (Target, Home Depot, Neiman Marcus, Sony Pictures), e-commerce sites (eBay), and financial institutions (JP Morgan) have all been victims
Cyber Security May Be A Good Sector To Invest In For 2015(Seeking Alpha) Cyber Security stocks should continue to perform very well in 2015. Recent breaches in the security of some major corporations show the need for more vigilance. Three companies that are and will continue to perform well in the cyber security industry
Is this the Right Time to Buy Check Point Software Stock? — Analyst Blog(Zacks via Nasdaq) Shares of Check Point Software Technologies Ltd. (CHKP) hit a new 52-week high of $80.82 on Dec 24, eventually closing at $80.44. The closing share price represents a one-year return of 26.4% and a year-to-date return of 24.7%. The average trading volume for the last three months aggregated 1,353K shares
Raytheon's Cheap Shares Have More Firepower(Seeking Alpha) Defense sector stocks are trending higher. This industry is poised for continued growth, especially with increasing global demand for cyber security and drones. Raytheon appears undervalued and could be poised for additional gains, therefore investors should consider buying, especially on pullbacks.
Building a Better Security Budget(eSecurity Planet) The key to smart security spending is assessing your current environment and looking for opportunities for centralization, consolidation and standardization
What Social Enterprises Should Know About Cyber Security(Forbes) 2014 was, of course, quite the year for revelations about cyber attacks and data breaches at major companies like Sony, JP Morgan Chase, Home Depot HD +0.18%, and a host of others. But there also have been a lot of incidents at NGOs and government agencies, according to Alexander Heid, chief research officer of SecurityScorecard, a New York-based firm that analyzes clients' security vulnerabilities
Good Riddance to Social Search(TechCrunch) Remember how not too long ago the future of search — at least according to the big search engines — was social search? Today, you'd be hard-pressed to find any mention of social search on Google or Bing (let alone Yahoo Search). Let's be thankful for that because social search was an ill-begotten idea to begin with
Research and Development
Researchers to give internet security layer(Nation) It could give every internet user access to simple encryption — and make the internet a far more secure place.
Scientists at Scentrics, working with University College London, say they have created an algorithm that can guarantee total privacy for everything from emails and text messages. Called 'the construct', they hope the system could be used to give everything from desktop machines to mobile phones simple to use encryption
Legislation, Policy, and Regulation
"The Cyber & IT Revolution is an Opportunity"(Israel Defense) The Minister of Public Security in an exclusive interview about the lessons derived from Operation Protective Edge regarding the home front, about the arguments with IMOD and about fighting terrorism and crime
Access to Gmail Is Blocked in China After Months of Disruption(New York Times) The Chinese government appears to have blocked the ability of people in China to gain access to Google's email service through third-party email clients, which many Chinese and foreigners had been relying on to use their Gmail accounts after an earlier blocking effort by officials, according to Internet analysts and users in China
China a Likely Factor in North Korea Cyber Prowess: Experts(AFP via SecurityWeek) North Korea may be facing explosive hacking accusations, but analysts are questioning how an isolated, impoverished country with limited Internet access could wage cyber sabotage — and many experts believe China plays a role
Sony to blame for cyber security failures(Global Times) While the hacking of Sony has become front-page news across the world, its true import may be in demonstrating the need for effective cyber security regulations to force businesses to treat their online security needs seriously. The success of this hack was as much due to Sony's lack of effective Internet security as it was due to any skill on the part of its attackers. It is becoming increasingly plain that Sony knew of the flaws in its online security for some time before the latest attack and yet failed to rectify them in order to protect both the business and its employees from the attack
U.S. cannot afford to be behind in cyber security(San Diego Union Tribune) The North Korean hack attack on Sony Pictures, which The New York Times described as possibly one of the most destructive cyber attacks on American soil, highlights growing concerns about American vulnerability to cyber warfare
Keating Says Law Will Boost Intelligence-Sharing(CBSBoston) A Massachusetts congressman says a new law proposed in the aftermath of the 2013 Boston Marathon bombing will help strengthen intelligence-sharing among federal, state and local law agencies
Litigation, Investigation, and Law Enforcement
DoJ's new cybersecurity office to aid in worldwide investigations(Federal News Radio) The Justice Department is taking its cyber crime-fighting efforts to a new level with the addition of a new cybersecurity unit. The unit will be operating under DoJ's Computer Crime and Intellectual Property section, and will serve to offer legal advice for cyber crime investigations worldwide
Facebook to face lawsuit for 'reading' users' messages.(HackRead) U.S District Judge Phyllis Hamilton ruled that Facebook must "face the consequences" of violating its users' privacy by actually scanning the messages they have been sending to other users as a form of advertising
Judge: It's OK, Cops can trick you to be their friends on Instagram.(HackRead) A serial burglar named Daniel Gatson has a pretty interesting Instagram account, it is private so you need to request to follow him. Gatson posts pictures of cash and jewelry on his account as cops discovered after they created fake Instagram accounts and, following a request to the burglar, got access to his posts
Cyber swatting hits close to home(Burnett County Sentinel) The 911 call at 1:50 a.m. Thursday morning was about a boy in Grantsburg who shot his mom. An hour later, another 911 call described the same boy stabbing his dad
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cybersecurity World Conference(New York, New York, USA, January 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting...
ShmooCon(Washington, DC, USA, January 16 - 18, 2015) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...
California Cybersecurity Task Force Quarterly Meeting(Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...
FIC 2015(Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...
AppSec California(Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get...
Financial Cryptography and Data Security 2015(San Juan, Puerto Rico, USA, January 26 - 30, 2015) The goal of the conference is to bring security and cryptography researchers and practitioners together with economists, bankers, implementers and policy-makers. Intimate and colourful by tradition, the...
Data Privacy Day San Diego — The Future of IoT and Privacy(San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.