Symantec announces discovery of "DragonFly," a sophisticated cyber campaign directed principally against energy sector targets in North America and Western Europe. Also known as "Energetic Bear," DragonFly employs both espionage and sabotage components, although no large-scale sabotage has yet been reported. The campaign has successfully implanted Havex and Karagany Trojans, although investigators decline to say precisely which firms were compromised.
Attribution remains under investigation, but F-Secure analysts are calling this one on the Russian intelligence organs: appropriate timestamps, Cyrillic text, and names all point to Russia; sophistication points to a state sponsor. DragonFly appears to have begun operations in 2011; its original targets were US and Canadian defense and aerospace firms.
F-Secure has found another campaign, "BlackEnergy," active in Belgium and devoted at least initially to espionage. It emanates from Ukraine or Russia, and researchers speculate plausibly that it represents Russian battlespace isolation preparation in the ongoing conflict with Ukraine. F-Secure thinks diplomats involved with Eastern European tensions should be especially on their guard.
NATO clarifies its Article 5 with respect to cyber attacks: a cyber attack on one will be considered a cyber attack on all. (This doesn't mean airstrikes in response to denial-of-service attacks: responses would be proportionate.)
Cisco finds a spearphishing operation, "String of 'Paerls'," targeting high-worth enterprises with Visual Basic Scripting for Applications exploits.
Much discussion of research ethics in the wake of the Facebook emotional contagion study.
Microsoft hits botnets by taking down No-IP domains, but does a lot of collateral damage in the process.
Today's issue includes events affecting Algeria, Bahamas, Belgium, Canada, China, European Union, France, Germany, Greece, India, Ireland, Israel, Italy, Kuwait, Mexico, NATO, Netherlands, New Zealand, Poland, Romania, Russia, Serbia, Singapore, Spain, Sweden, Turkey, Ukraine, United Arab Emirates, United Kingdom, United States..
First, the CyberWire will take a break this Friday as we observe US Independence Day. Normal publication resumes Monday. And second, we're pleased to announce that we'll be devoting special coverage to the SINET Innovation Summit, "connecting Wall Street, Silicon Valley and the Beltway," in New York on July 17. Keynote speakers will be US Deputy Energy Secretary Daniel Ponemon and US NSA Director Admiral Michael S. Rogers.
Energy companies hit by cyber attack from Russia-linked group(Financial Times) The industrial control systems of hundreds of European and US energy companies have been infected by a sophisticated cyber weapon operated by a state-backed group with apparent ties to Russia, according to a leading US online security group
Beware BlackEnergy If Involved In Europe/Ukraine Diplomacy(F-Secure Lab) The universe is full of "Black Energy" and so is cyberspace. Not so very long ago, we wrote about a sample of the BlackEnergy family discovered via VirusTotal. The family is allegedly the same malware used in the cyber-attack against Georgia in 2008. Last Friday, another fresh variant was submitted to VirusTotal. And this time it is more obvious on how it was being distributed: a zip file containing an executable. Again, as was the case earlier this month, the sample was submitted from Ukraine
Threat Spotlight: A String of 'Paerls,' Part One(Cisco Blogs) This is part one in a two-part series due to the sheer amount of data we found on this threat and threat actor. This particular attack was a combined spearphishing and exploit attempt. As we’ve seen in the past, this can be a very effective combination
We Have An APB on CryptoClones(AppRiver) Over the weekend and into this morning we've been seeing a run of malware that uses an interesting technique in order to entice potential victims into falling for its trick. Fear is certainly a social engineering technique that tends to work well and has been used plenty of times in the past. However it is usually used in fake receipts or withdrawal receipts where the attacker is trying to make the victim believe that someone is make purchases on their behalf or simply taking it right from an account of theirs. In this version though the delivery email warns New York City residents of a homicide suspect that is apparently on the loose and possibly on the prowl
Cryptowall Ransomware: What You Need to Know(Collaborista Blog) Cryptowall is "ransomware" — malicious software that takes the data on your computer hostage. It then demands that a financial payment be made (a ransom) in order to regain access to the lost files. Once in place, Cryptowall encrypts a wide variety of file types on victims' computers before asking that a ransom be paid within a specified time period
163k individuals affected in Butler Uni data breach(Help Net Security) Personal and financial information of some 163,000 students, alumni, faculty, staff, and past applicants of Indianapolis-based Butler University have been stolen following a hack of the university's computer network
Security Patches, Mitigations, and Software Updates
Isolated Heap for Internet Explorer Helps Mitigate UAF Exploits(TrendLabs Security Intelligence Blog) In the recent Microsoft security bulletin for Internet Explorer, we found an interesting improvement for mitigating UAF (User After Free) vulnerability exploits. The improvement, which we will name as "isolated heap", is designed to prepare an isolated heap for many objects which often suffers from UAF vulnerabilities
DDoS attacks are becoming more effective(Help Net Security) Disruptive cyber-attacks are becoming more effective at breaching security defenses, causing major disruption and sometimes bringing down organizations for whole working days, according to a new global study from BT
Number and diversity of phishing targets continues to increase(Help Net Security) The number of phishing sites in the first quarter of 2014 leaped 10.7 percent over the previous quarter, the Anti-Phishing Working Group reports. 2013 was one of the heaviest years for phishing on record, and Q1 2014 perpetuated that trend posting the second-highest number of phishing attacks ever recorded in a first quarter
A CISO's Biggest Challenge(Becker's Hospital CIO) The biggest challenge Gaylon Stockman, CISO of Lifespan in Providence, R.I., currently faces is not the complex technical requirements of data protection or incorporating changing laws and regulations into the health system's information security procedures. It's finding a balance between protecting data and ensuring physicians have access to the information they need
Who knew?! There are efforts out there to monetize and secure personal data!(FierceBigData) In response to my last week's post "Could customers charge for their information?," several little birdies whispered in my ear that there are several efforts already underway to enable consumers to do just that — charge you for their data, and hide it from you if you don't pay up. Upon further investigation, here's what I found out
The impact of IoT on IT infrastructure(Help Net Security) Enterprises say they are prepared for the Internet of Things (IoT) and see it as a potential opportunity. However, as it stands today, there may not be enough network capacity to handle the demand that will accompany an anticipated explosion in the number of connected devices
CRGT Receives Prime Position on Department of Homeland Security EAGLE II(Digital Journal) CRGT Inc., a leading provider of full life-cycle IT services and an expert in managing complex IT systems for the Federal Government, received one of multiple contract awards under the Department of Homeland Security's (DHS) Enterprise Acquisition Gateway for Leading Edge Solutions II (EAGLE II) Contract Vehicle, Functional Category (FC) 1 — Unrestricted Track. EAGLE II is a DHS Indefinite Delivery Indefinite Quantity (IDIQ) contract vehicle and provides a range of information technology (IT) support services for multiple DHS programs and component agencies. EAGLE II has a five-year base period with one two-year option period
Gathering and using threat intelligence(Help Net Security) In this interview, Tomer Teller, Security Innovation Manager at Check Point, talks about the role of threat intelligence in the modern security architecture, discusses how it can help identify sophisticated malware attacks, and illustrates the essential building blocks of a robust threat intelligence solution
5 essential mobile security tips(Help Net Security) It doesn't matter if you're using iOS, Android, Windows Phone or BlackBerry, these tips apply to every mobile device that connects to the Internet
McGraw on assessing medical devices: Security in a new domain(TechTarget) Since 1996 my company has analyzed hundreds of systems — both big and small — built for many different purposes. Recently, as security attention has turned to the healthcare vertical, me and my company have been called on to analyze medical devices. This article is a quick overview of what I've seen, covering both our approach and some of our most common findings
Facebook's Emotional Manipulation Study: When Ethical Worlds Collide(Freedom to Tinker) The research community is buzzing about the ethics of Facebook's now-famous experiment in which it manipulated the emotional content of users' news feeds to see how that would affect users' activity on the site. (The paper, by Adam Kramer of Facebook, Jamie Guillory of UCSF, and Jeffrey Hancock of Cornell, appeared in Proceedings of the National Academy of Sciences)
Microsoft disrupts malware networks and APT operations(Help Net Security) Microsoft's Digital Crimes Unit struck again, and was allowed to seize 22 free domain names in an effort to strike a fatal blow to malware delivery networks run by a Kuwaiti and an Algerian national
Microsoft No-IP Takedown(Internet Storm Center) Microsoft obtained a court order allowing it to take over various domains owned by free dynamic DNS provider "No-IP". According to a statement from Microsoft, this was done to disrupt several botnets. However, No-IP is crying foul, stating that Microsoft never contacted them to have the malicious domains blocked. Further, Microsoft is apparently not able to properly filter and support all queries for these seized domains, causing widespread disruption among legit no-ip customers. According to the court order, Microsoft is able to take over DNS for the affected domains, but because the legit domains far outnumber the malicious domains, Microsoft is only allowed to block requests for malicious domains
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
INSCOM Cyber Day(Fort Belvoir, Virginia, USA, July 9, 2014) Cyber-industry vendors are invited to participate in the upcoming Cyber Day hosted by the United States Army Intelligence and Security Command (INSCOM), located at Ft. Belvoir. U.S. Army Cyber (AR Cyber)...
2nd Annual Oil & Gas Cyber Security Conference(Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT...
Security Startup Speed Lunch DC(Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology...
SHARE in Pittsburgh(Pittsburgh, Pennsylvania, USA, August 3 - 8, 2014) LEARN: Subject-matter experts and practitioners are on-hand at SHARE events to discuss major issues facing enterprise IT professionals today.
FOCUS: SHARE provides leading-edge technical education on a variety of topics. Whether you are an IT manager, IT architect, systems analyst, systems programmer or in IT support, SHARE offers focused sessions to benefit all job roles.
ENGAGE: At SHARE events, you will experience a wide variety of formal and informal networking opportunities that encourage valuable peer-to-peer interaction...
Passwords14(Las Vegas, Nevada, USA, August 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges...
BSidesLV 2014(Las Vegas, Nevada, USA, August 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in...
4th Annual Cyber Security Training Forum(Colorado Springs, Colorado, USA, August 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August...
DEF CON 22(Las Vegas, Nevada, USA, August 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.
South Africa Banking and ICT Summit(Lusaka, Zambia, August 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to...
SANS Cyber Defense Summit and Training(Nashville, Tennessee, USA, August 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.