The innocently named but criminally famous Russian Business Network appears to be up and operating in Sochi, reports Lookingglass.
Kaspersky has discovered and (along with others) analyzed a major cyber espionage campaign, "the Mask," or "Careto." The Mask targets sensitive data including "encryption and SSH keys and wiping and deleting other data on targeted machines." The Mask is unusual in several respects. It appears state-sponsored, possibly by the government of a Spanish-speaking nation. (But such linguistic clues must be treated as indicators, not decisive evidence.) It employs a remote-access Trojan distributed by infected email attachments. Its suite of tools includes Backdoor.WeevilB, a modular cyberespionage tool with multiple possible configurations. This prompts comparison to Duqu and Flame, but there's little to suggest the same actors are behind it. The Mask has operated against government, diplomatic, activist, private equity, and energy sector targets since 2007. Kaspersky believes the Mask has claimed at least 380 unique victims in 31 countries; it ceased operation recently, perhaps because its operators realized they'd been discovered.
Comcast has quietly advised customers to change passwords post-NullCrew hack.
Flappy Birds may be gone from legitimate sites—"too addictive," thought its creator—but addicts beware: Trojanized knock-offs remain freely available.
Microsoft's Patch Tuesday features two more fixes than expected: there are seven, not five. The Tor Project releases an updated browser.
The European Union releases a feasibility study for a proposed cyber Early Warning and Response System (EWRS). The US DNI releases a list of permissible uses of signals intelligence.
Today's issue includes events affecting Algeria, Argentina, Australia, Belgium, Bolivia, Brazil, China, Colombia, Costa Rica, Cuba, Egypt, European Union, France, Germany, Gibraltar, Guatemala, Bailiwick of Guernsey, Iran, Iraq, Libya, Malaysia, Mexico, Morocco, Norway, Pakistan, Philippines, Poland, Romania, Russia, South Africa, Spain, Switzerland, Tunisia, Turkey, United Arab Emirates, United Kingdom, United States, and Venezuela..
Cyber Attacks, Threats, and Vulnerabilities
Lookingglass Issues Special Alert Linking Major Cybercrime Organization to IT Infrastructure at Sochi(Lookingglass) Investigation reveals connection to Russian Business Network, a known reseller of stolen identities. Special Alert: We at Lookingglass are seeing significant new criminal activity positioned in the Sochi region of Russia. This is a serious threat. For those traveling to the area, be wary of using 4G or untrusted/unsecure wireless connections. Act with overall heightened awareness of cyber security risks. Be on the lookout for the following: strange emails, links, social engineering, Phishing, etc. Be extra protective of business and personal credentials and credit card information. Monitor for fraudulent charges to your credit cards as they may slip automated flags set up by your provider if you have notified them you are traveling to the region. Limit the use of network-connected devices such as smartphones and laptops, especially from accessing proprietary, financial, confidential or personal information. Consider cleaning devices of critical information prior to entering the region
New 'Mask' APT Campaign Called Most Sophisticated Yet(Threatpost) A group of high-level, nation-state attackers has been targeting government agencies, embassies, diplomatic offices and energy companies with a cyber-espionage campaign for more than five years that researchers say is the most sophisticated APT operation they've seen to date. The attack, dubbed the Mask, or "Careto" (Spanish for "Ugly Face" or "Mask") includes a number of unique components and functionality and the group behind it has been stealing sensitive data such as encryption and SSH keys and wiping and deleting other data on targeted machines
The Mask(Symantec) Modern cyberespionage campaigns are regularly defined by their level of sophistication and professionalism. "The Mask", a cyberespionage group unveiled by Kaspersky earlier today, is no exception. Symantec's research into this group shows that The Mask has been in operation since 2007, using highly-sophisticated tools and techniques to compromise, monitor, and exfiltrate data from infected targets. The group uses high-end exploits and carefully crafted emails to lure unsuspecting victims. The Mask has payloads available for all major operating systems including Windows, Linux, and Macintosh
Infographic: The Mask malware victims(ZDNet) "The Mask" (aka Careto) cyber-espionage malware has claimed 380 unique victims between 1000 IPs in 31 countries, according to the Kaspersky Lab security research team
Bitcoin Foundation, Mt. Gox spar over purported bug(C/Net) Mt. Gox, one of the largest Bitcoin exchanges in the world, claims that it has uncovered a bug that affects all transactions and needs to be
addressed outside the scope of its own service. But the Bitcoin Foundation — the organization that ultimately manages the crypto-currency — sees things differently. On Friday, Mt. Gox suspended all Bitcoin withdrawals from its service, citing a glitch in the way the currency handles transactions paid out to digital wallets held by third parties'
Govt report: Cyberattacks not coordinated(AP via the Boston Herald) A multi-agency government task force looking into cyberattacks against retailers says it has not come across evidence suggesting the attacks are a coordinated campaign to adversely affect the U.S. economy
Corporate hackers target the weakest link, the supply chain(Minneapolis Star Tribune) The cyber-thieves who hit Target Corp. took advantage of a widespread and often overlooked weakness in corporate information security: third-party computer connections that can create a virtual back door to customer information
DTI-Davao cautions public vs cyber-attack(Davao Sun-Star) The regional office of the Department of Trade and Industry (DTI) in Davao Region cautioned the public on Monday against becoming a victim of cyber-attack
Windows XP lives on in ATMs. Crisis?(ZDNet) An ATM running an unpatched Windows XP is not like your kid's old laptop running XP. It's pretty heavily defended. And lots of new ATM and POS security features are coming in the next few years
Dynamic Detection of Malicious DDNS(Cisco Blogs) Two weeks ago we briefly discussed the role of dynamic DNS (DDNS) in a Fiesta exploit pack campaign. Today we further analyze and explore the role of DDNS in the context of cyber attack proliferation and present the case for adding an operational play to the incident response and/or threat intelligence playbook to detect attack pre-cursors and attacks in progress
Beware of Trojanized Flappy Bird game(Help Net Security) Trojanized versions of Flappy Bird, the mega-popular iPhone and Android game that has recently been pulled from Google Play and Apple's App Store by its creator, have begun popping up on third-party Android markets
Managed TeamViewer based anti-forensics capable virtual machines offered as a service(Webroot Threat Blog) Operational Security (OPSEC) has always been an inseparable part of the cybercrime ecosystem, especially in the context of preventing law enforcement agencies from tracking down the activities of fraudulent and malicious adversaries online. Throughout the years, the industry has witnessed active utilization of malware-infected hosts (Socks4/Socks5) as anonymization 'stepping stones' and the use of cybercrime-friendly VPN providers, bypassing internationally accepted data retention regulations, as some of the primary anonymization tactics used by cybercriminals. Nowadays, this set of tactics has evolved into a diversified mix of legitimate and purely malicious infrastructure that provides value-added services such as APIs supporting Socks4/Socks5 services, DIY real-time
Tor Browser 3.5.2 is released(The Tor Project) The 3.5.2 release of the Tor Browser Bundle is now available on the Download page. You can also download the bundles directly from the distribution directory
Banking Cyber-Attack Trends to Watch(GovInfoSecurity) When it comes to cyberthreats, what are the major concerns for banking institutions in 2014? Distributed-denial-of-service attacks waged as a mode of distraction to perpetrate fraud across numerous banking channels are a growing threat. But financial institutions also are concerned about ransomware attacks designed to wage account takeover fraud, as well as mobile malware and insider threats
Cyber Attacks — a serious threat that all businesses must take seriously(International Finance Centre-Guernsey) Business leaders attending the latest Guernsey IOD seminar heard that it isn't a question of if there is a cyber attack on their business, but when. The sell out event sponsored by JT was entitled: 'Cyber Risk — one of the biggest threats to business', and included expert panellists brought in from the UK, Jersey and Guernsey
Lockheed Chief Sees Commercial Demand for Cybertechnology(Bloomberg) Lockheed Martin Corp. (LMT), the world's largest defense contractor, sees an expanding market for its cybersecurity products and services among companies in industries from energy to banking, Chairman and Chief Executive Officer Marillyn Hewson said
FireEye takes on Cisco, Palo Alto with new cyber product(Reuters via the Chicago Tribune) Cybersecurity firm FireEye Inc plans to take on Cisco Systems Inc and Palo Alto Networks Inc in selling intrusion prevention systems, which help companies detect cyber threats that breach their firewalls
A Surprisingly Easy Tool for Encrypting Email, Courtesy of an Ex-NSA Employee(Motherboard) Thinking of sending some strictly confidential, top secret information over email? A degree of hesitation would seem appropriate, as most forms of digital communications, be they email, text messaging, social network conversations, or phone calls, are continuously being proven exploitable and accessible to hackers and intelligence gathering government agencies. Dodging the NSA is no easy task—but what if you have the help of an agency alumnus? A new service introduced by a former NSA employee Will Ackerly and his brother John, called Virtru, is being called an easy-to-use, one-stop, secure email platform
A Tale of Two Admins (and no Change Control)(Internet Storm Center) I have a client who's done the right thing, they've broken out their test environment from their production environment. The production environment is in a colocation facility, and uses a different firewall. The test environment is in the office location, and shares the office subnet and the office firewall. So sort-of the right thing, they're moving in the right direction — I would have given the test lab it's own firewalled DMZ subnet
Preparing For and Surviving a Data Breach(Credit Union Times) Credit unions spend millions of dollars complying with regulation designed to reduce the risk that the use of information technology presents, yet must spend millions more on card replacement and other costs to protect their members when a card processor or vendor is breached
A case for opportunistic encryption on the web(SC Magazine) When, in 2010, I scanned about 90 million web sites (all .com, .net, and .org domain names that existed at that time) in order to determine their support for encrypted communication, I was dismayed to discover that only about 0.5 percent had means to protect their data in transit. The vast majority made no attempt to encrypt anything. Looking at only the top one million websites, the situation is better, but—with only about 10 percent of those sites supporting encryption—not significantly better
Seven Useful Habits for a Safer Internet(Kaspersky Lab Daily) Tomorrow is Safer Internet Day. You must know you can make your own Internet experience a lot safer without big technology or tough measures. All it takes is just a couple of good habits
Isn't it About Time to Get Moving on Chip and PIN?(Internet Storm Center) I got to thinking about the 3 "big story" breaches that we've all been discussing over the last month or so. Just adding things up, we're at a count of over 100 million cards and personal information disclosed
10 Bitcoin Security Tips(eSecurity Planet) Bitcoins have the potential to revolutionize business payment transactions. But they also have some security shortcomings. Here are 10 tips for keeping Bitcoins secure
Design and Innovation
Microsoft Accelerator Launches New Program For Late Stage Startups In India(TechCrunch) As we have been writing, startup accelerators in India's nascent ecosystem are beginning to seek more mature, late stage companies to work with. The latest to join this trend is Microsoft Ventures, which announced its Summer 2014 batch for the Indian accelerator today. Of the 16 startups selected, six will be part of Microsoft's new Accelerator Plus program, aimed at helping companies
Research and Development
D-Wave's Quantum Computing Claim Disputed Again(IEEE Spectrum) The strongest scientific evidence for D-Wave's claim to have built commercial quantum computers just got weaker. A new paper finds that classical computing can explain the performance patterns of D-Wave's machines just as well as quantum computing can—a result that undermines crucial support for D-Wave's claim from a previous study
Boom or bust: The lowdown on code academies(IT World) The reason these schools exist is simple. There's an enormous number of openings for people with coding skills and a serious shortage of warm bodies to fill them
List of Permissible Uses of Signals Intelligence Collected in Bulk(IC on the Record) Presidential Policy Directive/PPD-28 — Signals Intelligence Activities establishes a process for determining the permissible uses of nonpublicly available signals intelligence that the United States collects in bulk. It also directs the Director of National Intelligence to "maintain a list of permissible uses of signals intelligence collected in bulk" and make the list "publicly available to the maximum extent feasible, consistent with the national security." Consistent with that directive, I am hereby releasing the current list of permissible uses of nonpublicly available signals intelligence that the United States collects in bulk
Don't Spy On Us: it's time to hold politicians to account for mass surveillance(Wired) UK digital rights organisations have teamed up to launch Don't Spy On Us, a protest against mass surveillance perpetrated by the NSA and GCHQ and a call for a public inquiry on the topic. It coincides with a similar initiative in the US titled The Day We Fight Back, which takes place today, 11 February 2014
OPM to take on final reviews of background checks(FierceGovernment) Final quality reviews for contractor-completed background investigations will now fall on the shoulders of the Office of Personnel Management and not contractors, a Feb. 6 statement by OPM Director Katherine Archuleta says
Army Sec. Talks Cyber Command Plans at Fort Gordon(WHBF ABC6) In preparation for the Army Cyber Command consolidation, Secretary of the Army John McHugh visited Fort Gordon to look at the logistics of the change. The trip included talks with the commanding general and staff to set the stage for work that is needed in order to make the Cyber Command Center of Excellence happen as well as address any of the soldier's concerns. He told media at the conclusion of his visit that Fort Gordon was chosen because it is the best place to be
Litigation, Investigation, and Law Enforcement
Australian Attorney General Accuses Snowden of Putting Lives at Risk(Softpedia) Ever since news broke that Edward Snowden's leaks impacted Australia as well, the country's officials have taken sides — some call the former NSA contractor a whistleblower, while others a traitor. Australia's attorney general believes Snowden is definitely a traitor
Charges in ATM Skimming Scheme(BankInfoSecurity) A Romanian man faces charges that he directed a large-scale ATM skimming scheme that allegedly defrauded Wells Fargo, Citibank, TD Bank and multiple other financial institutions out of at least $5 million, federal prosecutors say
Judge orders new hearing for student in alleged cyber attack(Luzerne County Citizens Voice) A Luzerne County judge denied a preliminary injunction to block a Dallas High School sophomore's suspension for allegedly launching a cyber attack that nearly crashed the school district's Web server and ordered the district to hold a new informal hearing to determine the student's punishment
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
HITBSecConf2014 Amsterdam(, January 1, 1970) The annual HITB Security Conference will be featuring an all-women keynote lineup of leading security individuals, as well as Haxpo exhibition. To encourage the spirit of inquisitiveness and innovation,...
Security Analyst Summit 2014(Punta Cana, Dominican Republic, February 9 - 13, 2014) The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community.
NovaSEC! Pre-RSA Rally(, January 1, 1970) This unique forum allows participants to meet, interact on key issues and provide a unified forum to network with likeminded individuals and creates an opportunity to cultivate a strong and integrated...
FBI HQ Cloud Computing Vendor Day(, January 1, 1970) As part of its FAR mandated market research efforts and in order to keep FBI employees informed of new products, technologies and services available in the industry, ITED has been tasked with organizing...
Free OWASP Training and Meet Up(San Francisco, California, USA, February 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn...
RSA Conference USA(San Francisco, California, USA, February 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each...
Nellis AFB Technology & Cyber Security Expo(, January 1, 1970) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case...
Cloud Expo Europe(, January 1, 1970) Cloud Expo Europe covers everything from hybrid cloud to software defined networks and data centres, from open source cloud to IaaS, from security and governance to cloud applications and from complex...
Suits and Spooks Security Town Hall(, January 1, 1970) Privacy versus Security: An Informed Debate and Discussion to Raise Industry Awareness. Taia Global and our sponsoring companies are hosting our first Suits and Spooks Security Town Hall at the Ritz Carlton...
Trustworthy Technology Conference(, January 1, 1970) Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens...
Creech AFB Technology & Cyber Security Expo(, January 1, 1970) The Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter, with support from the 432d Wing, will host a Cyber Security Awareness Day & Technology Expo at Creech AFB. This is...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.