Cyber espionage campaign Careto (or the Mask) continues to impress security analysts, who stick with their comparisons to Duqu and Flame. No attribution yet.
A customer running on CloudFlare's platform was hit by a large distributed denial-of-service (DDoS) attack. European networks and some CloudFlare US infrastructure were disrupted, but only in minor ways. Given the size of the network-time-protocol enabled campaign, the relative ease with which it was shrugged off suggests that enterprises are getting better at handling DDoS threats. Still, Prolexic and others warn that such attacks can be expected to grow in both frequency and sophistication.
Interested in a case study of how big phish render themselves vulnerable to spearphishing? Take a look at the LinkedIn "LIONs," for whom networking trumps security.
Investigators are increasingly convinced that the Target hackers lurked inside the retailer's point-of-sale networks for months before they began stealing customer data.
Bitstamp joins Mt. Gox in suspending Bitcoin withdrawals. Bitcoin exchanges are reported to be under sustained attack, much in the form of "phantom trading."
Snapchat users beware—if someone sends you a photo of a tempting fruit smoothie, it's probably a malware vector. Don't go there.
Microsoft, Adobe, JomSocial, and Facebook have all issued security updates.
In industry news, Sapient buys OnPoint, and IAI enters the cyber market.
Wired discerns a design trend in social media: building privacy in from the start.
In the US, DARPA works on the next generation of deep web search.
US state legislatures indulge in quixotic pro-privacy, anti-NSA posturing.
Today's issue includes events affecting Algeria, Argentina, Belgium, Bolivia, Brazil, China, Colombia, Costa Rica, Cuba, Egypt, European Union, France, Germany, Gibraltar, Guatemala, Iran, Iraq, Israel, Japan, Republic of Korea, Libya, Malaysia, Mexico, Morocco, Netherlands, Poland, Romania, Russia, South Africa, Spain, Switzerland, Tunisia, Ukraine, United Kingdom, United States, and Venezuela..
Mask Spyware Outdoes Flame(InformationWeek) Rare Spanish-speaking cyberespionage campaign uses spyware and malware tools that researchers call the most sophisticated yet
'The Mask' Espionage Malware(Schneier on Security) We've got a new nation-state espionage malware. "The Mask" was discovered by Kaspersky Labs
'The Mask' malware campaign, undetected by anti-virus firms since 2007?(Graham Cluley) Kaspersky used the backdrop of the luxurious beach resort of Punta Cana in the Dominican Republic to announce its malware discovery to the world's press. But if Careto, aka "The Mask", has been missed by security firms since 2007 that's not a great advert for the anti-virus industry
Get Ready for Powerful NTP-Based DDoS Attacks(Tripwire) Internet security experts from Cloudflare say the Internet saw a massive denial-of-service attack that exploited a vulnerability in the Web's infrastructure, resulting in the largest such attack of its kind ever recorded, and they warn that this is the just beginning of "ugly things to come"
Prolexic Warns of New DNS Flooder DDoS Attack Toolkit(SecurityWeek) Prolexic Technologies, a provider of Distributed Denial of Service (DDoS) protection services that was recently acquired by Akamai Technologies, today warned organizations about a new version of an attack toolkit that makes it easy for attackers to launch DNS flood attacks
Trojan.Win32.FSYSNA.fej AKA Chewbacca(Tenable) Before I begin the technical portion of this analysis, I think it's important to understand the severity of this threat, which is very low. This threat was initially discovered on the 25th of October 2013, in the world of counter malware, this is very old news. The recent RSA paper and industry coverage is more about the ongoing threats to the Point of Sales (POS) systems, that is gaining spotlight based in part on the local highly visible retail vendors compromised during the holiday season by another POS targeting malware. At the time of writing there are three families of malware known to target POS systems
LinkedIn "LIONs" Are an Easy Target for Criminals(Duo Security) When criminals want to spam or spear phish, finding targets that willingly give up details about themselves to strangers is a good place to start. With social networking enabling the exchange of personal information quicker than ever, it's not a shock that sometimes an opportunity to connect trumps online security practices
Target Breach Was Months in the Making(American Banker) It looks increasingly likely that the hackers responsible for the massive data breach at Target were lurking inside the retailer's network for months before they started swiping customers' credit card data, according to security expert and blogger Brian Krebs
Target Credit Card Breach(Critical Watch) Security Journalist Brian Krebs broke the Target Story on December 18, 2013, and on December 19, Target Officially confirmed the breach of 40 Million Credit Cards
Hackers attack prominent med device makers' networks(FierceHealthIT) Computer networks at three prominent medical device makers—Medtronic, Boston Scientific and St. Jude Medical—were hacked in the first half of 2013, and may have lasted several months, according to a report this week from the San Francisco Chronicle
Suspected Mass Exploit Against Linksys E1000 / E1200 Routers(Internet Storm Center) Brett, who operates an ISP in Wyoming, notified us that he had a number of customers with compromised Linksys routers these last couple of days. The routers, once compromised, scan port 80 and 8080 as fast as they can (saturating bandwidth available). It is not clear which vulnerability is being exploited, but Brett eliminated weak passwords. E1200 routers with the latest firmware (2.0.06) appear to be immune against the exploit used. E1000 routers are end-of-life and don't appear to have an immune firmware available.
Snapchat Hacked By Fruit Smoothie Enthusiast(TechCrunch) If one of your friends randomly sends you a photo of a smoothie on Snapchat, don't go to the URL on the picture. It's a hack that has affected several accounts, as a Twitter search shows. Wired writer Joe Brown was one of the users who suffered a Snapchat fruiting. A Snapchat spokesperson told him that the startup did not see any evidence of "brute-force tactics," and that someone had likely
Security Patches, Mitigations, and Software Updates
Growing interference on the customer's PC(Dave Waterson on Security) It used to be that the customer's PC program files were sacrosanct — safe from interference from well-meaning security applications. Not anymore. Recently it was reported that Microsoft remotely deleted the Tor browser from two million PCs. Without asking their customers for permission
Attacking ICS Systems Like Hacking in the 1980s(Threatpost) Here's how nuts the world of ICS security is: Jonathan Pollet, a security consultant who specializes in ICS systems, was at a Texas amusement park recently and the ride he was waiting for was malfunctioning. The operator told him the ride used a Siemens PLC as part of the control system, so he went
Will smart machines take away your job?(FierceMobileIT) Will the rise of smart machines, the so-called "Internet of Things," make your job obsolete? That is the question asked by Gartner analyst Tom Austin in a recent blog. He cites a study by University of Oxford researchers Carl Frey and Michael Osborne, which found that close to one-half of all current U.S. jobs are at risk from smart machines and computerization over the next two decades
Managing Life with Cyber Threats(Defense Update) IAI is developing the tools and methodologies enabling organizations to better prepare to cyber attacks and minimize the negative effects that such attacks can cause
FireEye climbs as analyst initiates coverage(AP via BloombergBusinessWeek) FireEye's stock rose Monday as an analyst started coverage of the computer security software company with an "Outperform" rating, saying it's a way for investors to get into the sector as concerns about cybersecurity grow
Let's Stay Together(Infosecurity Magazine) The information security industry is at war — with itself. A civil war occurring simultaneously with the more widely publicized war against cybercrime, and whatever and whomever threatens the security of information
Is Your Company Running A Data Dump?(InformationWeek) Hoarding useless data makes analytics harder. Companies like Paxata say their brand of analytics lets non-data experts turn data landfills into useful info
The Glitch That Will Kill Bitcoin(Bloomberg) What kind of "experiment" has a $14 billion market cap? As the world's first, and most popular, cryptocurrency, Bitcoin has by now suffered every possible setback a payment project could encounter. It was implicated in a huge drug bust when the Federal Bureau of Investigation took down the Silk Road electronic exchange. It has experienced regulatory pressure in forms ranging from trading restrictions in China to a recent threat of a complete ban by the Russian authorities. It survived a scare involving an apparently Ukraine-based operation taking over close to half of the currency's "mining". It absorbed Apple's decision to remove all related software from its app store. Now, a top Bitcoin exchange, where the cryptocurrency could be traded in for government-issued money, has hit a snag that forced it to stop Bitcoin transfers to outside addresses
Does PCI DSS help prevent credit card breaches?(FierceITSecurity) With all of the data breaches at major retailers, the question arises as to whether the Payment Card Industry Data Security Standard, or PCI DSS, is working to prevent theft of credit and debit card data
How to Avoid Intruders in your Smartphone(Mobile World Capital) We tend to believe that viruses are a problem that is limited to desktop computers, specifically the ones running Windows, but this is simply not true. Although it is much less common, your smartphone can be infected just like any other device and it could even be spying on you
Banks fare better in a staged, 36hr IT attack(ContractorUK) The UK's banks would hold up better than they did a few years ago if a hostile state launched a three-day cyber attack on London's financial system, a mock exercise suggests
Locking Down E-mail With Security Services(Dark Reading) Companies are increasingly looking to the cloud for services to encrypt, backup and archive their e-mail to protect from accidental leakage and intentional disruption
Design and Innovation
Secrecy Is the Key to the Next Phase of Social Networking(Wired) Over the past week, I've been getting a steady stream of push notifications alerting me that another one of my friends has joined the new social media app Secret. "Who could it be?" my screen asks each time, which is less an actual question and more an attempt to pique my curiosity. Technically, it could be any one of the couple hundred random people whose number I have in my phone. Within that parameter, I know for sure that it's someone I've at least talked to; whether or not I consider that person a friend is questionable, mostly because Secret won't tell you who it is that just joined the service
Research and Development
Memex: The next generation of deep-Web search?(Defense Systems) Web search engines are a great way to find information quickly, and they're always improving the quality of their results. Google "Winter Olympics" and you get 1.69 billion results in 0.29 seconds, along with the schedule for the day's events in Sochi and the current medal standings right there on the results page
Dumbing down cyberwar: Is the US military ready for simpler cyberweapons?(The Interpreter) America's military science lab DARPA (the Defense Advanced Research Projects Agency) is now spending $110 million 'to allow those with little or no hacking experience to engage in cyberwarfare', reports the technology website CNET. The goal is to help US military commanders launch cyber attacks 'using preplanned scenarios that do not involve human operators manually typing in code'
DON Pathways Internship Program (Computer Science Student Trainee)(USAJobs) Who may apply: Current students accepted for enrollment and/or pursuing a degree in Computer Science or a related degree that includes 30 semester hours in a combination of Mathematics, Statistics, and Computer Science. At least 15 of the 30 semester hours must include any combination of Statistics and Mathematics that included differential and integral calculus
NSA Protest Day Drives More Than 200K Emails And Calls To Congress(TechCrunch) A planned day of protest against the NSA's surveillance efforts called "The Day We Fight Back" got off to a strong start. So far, more than 69,000 phone calls have been placed to Congressional representatives, along with more than 140,000 emails as part of the effort. In-person protests are planned, as well, both in the United States and abroad
Maryland lawmakers look to cut off NSA's water, power(The Hill) A bill in Maryland's state legislature would cut off state services like water and power at the National Security Agency's (NSA) headquarters. The bill from eight Republicans in the House of Delegates, including the chamber's minority leader, would prevent the state from granting "material support, participation or assistance" to the NSA or any other federal agency that collects people's information without a warrant
Indiana bills seek to shelter digital privacy(AP via the Kansas City Star) Police would have to get a search warrant before they could take data off of cellphones or computer tablets or use aerial drones under bills that are still breathing in the Indiana General Assembly
Why South Korea is really an internet dinosaur(The Economist) South Korea likes to think of itself as a world leader when it comes to the internet. It boasts the world's swiftest average broadband speeds (of around 22 megabits per second). Last month the government announced that it will upgrade the country's wireless network to 5G by 2020, making downloads about 1,000 times speedier than they are now. Rates of internet penetration are among the highest in the world. There is a thriving startup community
Litigation, Investigation, and Law Enforcement
NSA cybersecurity issues echo scathing Hill report(FCW) Like the more than 15 civilian agencies lambasted for poor cybersecurity practices in a Feb. 4 Senate committee minority report, it appears the National Security Agency is also guilty of failing to promptly upgrade its IT software and security measures
Americans find swift stonewall on whether NSA vacuumed their data(McClatchy via the Kansas City Star) Since last year's revelations about the National Security Agency's massive communications data dragnets, the spy agency has been inundated with requests from Americans and others wanting to know if it has files on them. All of them are being turned down
When hacking isn't (CSO Salted Hash) This week I read an article about a French journalist, Olivier Laurelli, who had the temerity to to fix a URL in order to get to a proper webpage. The information that he accessed was not behind a firewall. The information was not password protected
Eerste phishingproces van start in Brussel(Redactie) In Brussel vindt het eerste proces rond phishing plaats. Bij phishing proberen criminelen mits een list bankgegevens te ontfutselen via het internet. In Brussel staan nu 25 mensen terecht voor phishing. Ze maakten zo'n 220.000 euro buit
Dutch Minister of Interior Fights for His Political Life(Wall Street Journal) The Dutch Minister of the Interior, Ronald Plasterk, is fighting for his political future, as he faces continued questioning that he misinformed the public over activities of his intelligence service. Mr. Plasterk backtracked last week when he admitted that the collection of telephone traffic and data wasn't the work of the U.S. National Security Agency as he previously suggested, but his own intelligence service
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Security Analyst Summit 2014(Punta Cana, Dominican Republic, February 9 - 13, 2014) The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community.
NovaSEC! Pre-RSA Rally(, January 1, 1970) This unique forum allows participants to meet, interact on key issues and provide a unified forum to network with likeminded individuals and creates an opportunity to cultivate a strong and integrated...
FBI HQ Cloud Computing Vendor Day(, January 1, 1970) As part of its FAR mandated market research efforts and in order to keep FBI employees informed of new products, technologies and services available in the industry, ITED has been tasked with organizing...
Free OWASP Training and Meet Up(San Francisco, California, USA, February 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn...
RSA Conference USA(San Francisco, California, USA, February 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each...
Nellis AFB Technology & Cyber Security Expo(, January 1, 1970) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case...
Cloud Expo Europe(, January 1, 1970) Cloud Expo Europe covers everything from hybrid cloud to software defined networks and data centres, from open source cloud to IaaS, from security and governance to cloud applications and from complex...
Suits and Spooks Security Town Hall(, January 1, 1970) Privacy versus Security: An Informed Debate and Discussion to Raise Industry Awareness. Taia Global and our sponsoring companies are hosting our first Suits and Spooks Security Town Hall at the Ritz Carlton...
Trustworthy Technology Conference(, January 1, 1970) Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens...
Creech AFB Technology & Cyber Security Expo(, January 1, 1970) The Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter, with support from the 432d Wing, will host a Cyber Security Awareness Day & Technology Expo at Creech AFB. This is...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.