Cyber security analysts often predict catastrophic cyber attacks on businesses. On Tuesday one such catastrophe hit code-hosting and collaboration platform Code Spaces. The episode began with a denial-of-service attack, followed by an extortion demand. Code Spaces declined to pay, and — discovering that intruders had gained access to its Amazon EC2 control panel — changed EC2 passwords and began recovery operations. The attackers, who had created backup logins, began deleting data as soon as they noticed recovery operations underway. Within twelve hours they succeeded in destroying most of the company's data, backups, machine configurations, and offsite backups. Code Spaces announced yesterday that it would cease operations, and "concentrate on supporting our affected customers in exporting any remaining data they have left with us."
The Code Spaces hack is a disturbing example of how cyber extortion has advanced in sophistication and ferocity. Another disquieting report comes from BAE, which describes a 2013 attack on one of its clients: an unnamed (but "large") hedge fund, hit by a cyber attack that proved both technically advanced and constructed with a high level of business knowledge.
State-sponsored hacking continues. The Syrian Electronic Army reappears in its familiar mode: defacements of media websites who offense is insufficient enthusiasm for Syria's Assad regime.
Password-protected Zbot malware has been found in the wild. CryptoLocker's massive resurgence hasn't materialized, but a ransomware successor to CryptoLocker — CryptoWall — has become widely active.
The US Department of Homeland Security IG finds significant security flaws — mostly failures to patch — in USCIS RFID card production.
Today's issue includes events affecting Australia, Belgium, Brazil, Canada, China, Colombia, France, India, Indonesia, Ireland, Israel, Philippines, Portugal, Romania, Serbia, Syria, Turkey, United Kingdom, United States..
Code Spaces : Is Down!(Code Spaces) Dear Customers, On Tuesday the 17th of June 2014 we received a well orchestrated DDOS against our servers, this happens quite often and we normally overcome them in a way that is transparent to the Code Spaces community. On this occasion however the DDOS was just the start
Cybersecurity firm says large hedge fund attacked(CNBC) In an audacious and sophisticated attack, cybercriminals acting in late 2013 installed a malicious computer program on the servers of a large hedge fund, crippling its high-speed trading strategy and sending information about its trades to unknown offsite computers, CNBC has learned
Password protected Zbot malware in the wild(Help Net Security) Early this morning a small malware campaign started up claiming to be daily customer statements from Berkeley Futures Limited (real company, but messages are spoofed)
A Not-So Civic Duty: Asprox Botnet Campaign Spreads Court Dates and Malware(FireEye) FireEye Labs has been tracking a recent spike in malicious email detections that we attribute to a campaign that began in 2013. While malicious email campaigns are nothing new, this one is significant in that we are observing mass-targeting attackers adopting the malware evasion methods pioneered by the stealthier APT attackers. And this is certainly a high-volume business, with anywhere from a few hundred to ten thousand malicious emails sent daily — usually distributing between 50 and 500,000 emails per outbreak
Ragebooter: 'Legit' DDoS Service, or Fed Backdoor?(Krebs on Security) On Monday, I profiled asylumbooter.com, one of several increasingly public DDoS-for-hire services posing as Web site "stress testing" services. Today, we'll look at ragebooter.net, yet another attack service except for one secret feature which sets it apart from the competition: According the site's proprietor, ragebooter.net includes a hidden backdoor that lets the FBI monitor customer activity
Lessons in insecure SSL courtesy of Hoyts cinemas(Troy Hunt) Why do we bother with SSL? I mean what's the risk that we're trying to protect against by using certificate authorities and serving up traffic over HTTPS? Usually it's men (or possibly even women) in the middle or in other words, someone sitting somewhere between the client and the server and getting their hands on the data. Do we all agree with this? Yes? Good, then why on earth would you possibly say this?
SNMP: Spike in Brute-force Attempts Recently Observed(Cisco Blogs) Simple Network Monitoring Protocol (SNMP) has been widely deployed as an important network management tool for decades, is a key component of scalable network device management, and is configurable in nearly all network infrastructure devices sold today. As with any management protocol, if not configured securely, it can be leveraged as an opening for attackers to gain access to the network and begin reconnaissance of network infrastructure. In the worst case, if read-write community strings are weak or not properly protected, attackers could directly manipulate device configurations
Flaws Found in USCIS RFID Card Production System(Threatpost) The system that's used to produce RFID-enabled identification cards — including permanent resident IDs — by the United States Citizenship and Immigration Service has a number of serious security issues, according to a new report from the Office of the Inspector General at DHS. Among the issues the OIG found is that nearly all of the workstations in the system were missing six years worth of Java patches and an Oracle database server was missing nearly two dozen patches
P.F. Chang's Breach Likely Began in Sept. 2013(Krebs on Security) The recently-announced credit card breach at P.F. Chang's Chinese Bistro appears to have gone on for at least nine months: New information indicates that the breach at the nationwide restaurant chain began on or around Sept. 18, 2013, and didn't end until June 11, one day after KrebsOnSecurity.com broke the news about the break-in
When Vulnerabilities are Exploited: the Timing of First Known Exploits for Remote Code Execution Vulnerabilities(Microsoft Security Blog) One of the questions I get asked from time to time is about the days of risk between the time that a vulnerability is disclosed and when we first see active exploitation of it; i.e. how long do organizations have to deploy the update before active attacks are going to happen? Trustworthy Computing's Security Science team published new data that helps put the timing of exploitation into perspective, in the recently released Microsoft Security Intelligence Report volume 16
It's Not Funny: Facebook Users Tricked into Bitcoin Mining(Hot for Security) Hundreds of Facebook users got infected with a new Trojan secretly using their systems to mine for Bitcoins, the virtual currency that spread a global money-making fever, Bitdefender warns. Since spotted last week, the malware has seen infections in countries such as Portugal, Belgium, India, Romania and Serbia
We're Aswarm In Denial Of Service Attacks And It's Getting Worse(Forbes) Denial of service cyberattacks get few props for their novelty in a field that prizes novelty. Lately, though, they've been making up in volume for what they lack in originality. A denial of service (DoS) attack, or DDoS if it's distributed as in originating from multiple computers, is an attempt to disrupt the operation of a Web site by flooding it with pointless requests that can clog or overwhelm network resources and eventually shut down a site Cybersecurity's Maginot Line: A Real-world Assessment of the Defense-in-Depth Model (FireEye) This first-of-its-kind study examines data from more than 1,600 FireEye network and email appliances in real-world settings. The FireEye devices were part of more than 1,200 "proof-of-value" trials in actual deployments, where they sat behind other defensive layers but were not set to block malicious activity. That unique vantage point revealed a deeply flawed defense-in-depth model
Cybersecurity's Maginot Line: A Real-world Assessment of the Defense-in-Depth Model(FireEye) This first-of-its-kind study examines data from more than 1,600 FireEye network and email appliances in real-world settings. The FireEye devices were part of more than 1,200 "proof-of-value" trials in actual deployments, where they sat behind other defensive layers but were not set to block malicious activity. That unique vantage point revealed a deeply flawed defense-in-depth model
Corero Network Announces Contract Win, Stock Up(RTT News) Corero Network Security Plc. (CNS.L), a provider of security solutions for defending against DDoS attacks and cyber threats, announced its largest First Line of Defense solution contract win. The order is valued at half a million dollars. The stock climbed over 11 percent
Mobile System 7 Moves to Maryland, Receives $400,000 Investment from State, County(Insurance News Net) The Maryland Venture Fund (MVF), the equity investment arm of the Maryland Department of Business and Economic Development (DBED), has invested $300,000 in Mobile System 7 following the cybersecurity firm's move to Bethesda from Virginia. The MVF led the financing round and was joined by the Montgomery County Department of Economic Development (DED), which invested $100,000, and private investment groups
[Disruptor 50:] #23. Shape Security(CNBC) Most measures to protect against cybersecurity threats today are reactive in nature. The threat has to be analyzed, identified as malicious and ultimately blocked. Shape Security is attempting to change that formula by allowing companies to be more proactive. Instead of a company's website scanning a near infinite amount of inbound traffic looking to block threats, as is the case with most existing solutions today, Shape's technology, based on the concept of polymorphism, continually transforms the underlying DNA of a website. This means that Shape can preserve the functionality of code while transforming how it is expressed, making it harder for bad guys to hack into a website
Cybersecurity Startups Pitch Investors at MACH37™ & CIT GAP Funds Cyber Showcase(Digital Journal) The MACH37™ Cyber Accelerator and CIT GAP Funds hosted investors yesterday at the Cyber Showcase. Twelve companies presented, including the MACH37™ Spring Cohort, plus six later stage companies from both the MACH37™ and CIT GAP Fund portfolios. Invited guests included investors representing top-tier venture capital firms, leading edge technology companies and angel groups from the east coast
NSA jitters are 'just a bummer' for cloud growth, HP says(PCWorld) Revelations about U.S. National Security Agency snooping have made some buyers outside the U.S. think twice about public clouds, placing a drag on one of the world's biggest technology trends, the head of Hewlett-Packard's enterprise group said
Tufin Orchestration Suite Wins SC Magazine 5 Star Award and 'Pick of the Litter' Rating(Broadway World) Tufin, the market-leading provider of Security Policy Orchestration solutions, today announced that the Tufin Orchestration Suite washonored bySC Magazinewith a five star (out of five stars) award and selected "Pick of the Litter" in the magazine's latest security policy automation roundup published onJune 2, 2014. The Tufin Orchestration Suite won perfect five star marks in all review categories
Geospatial framework for cybersecurity(Help Net Security) Esri is joining forces with RedSeal in order to create a geospatial framework for cybersecurity. The goal is to fully integrate existing cybersecurity and IT data with other organizational functions
Confer and The MITRE Corporation Join Forces to Accelerate Threat Sharing and Operationalize Threat Intelligence(Broadway World) Confer, the first company to offer endpoint and server security via an open, threat-based, collaborative platform, and The MITRE Corporation, a not-for-profit organization that has worked closely with government to strengthen our nation's cyber defenses for more than four decades, today announced an agreement to help companies better protect themselves by sharing cyber threat information. As part of this initiative, MITRE's Collaborative Research Into Threats (CRITs) Platform has been released as a new, open source project. Additionally, Confer is releasing the Confer Threat Exchange, which interfaces with CRITs to allow companies to securely share and automatically apply threat intelligence within their own infrastructure
The best password managers for PCs, Macs, and mobile devices(InfoWorld via CSO) Thanks to high-profile computer security scares such as the Heartbleed vulnerability and the Target data breach , and to the allegations leveled at the government and cloud providers by Edward Snowden, more of us Internet users are wising up about the security of our information. One of the smarter moves we can make to protect ourselves is to use a password manager. It's one of the easiest too
Breaking Into iCloud: No Password Required(Elcomsoft) With little news on physical acquisition of the newer iPhones, we made every effort to explore the alternatives. One of the alternatives to physical acquisition is over-the-air acquisition from Apple iCloud, allowing investigators accessing cloud backups stored in the cloud. While this is old news (we learned to download data from iCloud more than two years ago), this time we have something completely different: access to iCloud backups without a password! The latest release of Phone Password Breaker is all about password-free acquisition of iCloud backups
Technologies, Techniques, and Standards
Risk of re-identification 'greatly exaggerated'(FierceBigData) So sayeth Information Technology and Innovation Foundation (ITIF) Senior Analyst Daniel Castro and co-author Ann Cavoukian, the Ontario information and privacy commissioner in a new whitepaper. They bemoan the lack of public trust in de-identification and affix the blame to media reports stating "a tendency on the part of commentators… to overstate the findings." So what's the deal here? Does de-identification work or not?
Five steps towards cyber breach preparation(Help Net Security) Earlier this week, Domino's Pizza became the latest victim of a breach and ransom demand. Recent DDoS attacks on Evernote and Feedly DDoS, along with the efforts of Cryptolocker and other tricks to extort hard cash from unsuspecting users, are rapidly gaining momentum and are becoming a serious threat to individuals and organisations of all sizes. These brazen attempts to make a quick profit will only be fuelled for as long as they remain successful
An Intelligent Approach to Fighting Cyber Attacks(ProSecurityZone) Since today's cyber attacks are moving faster than legislation's ability to keep up, companies in high-risk sectors are left following regulations that fight yesterday's war. As the government and organizations try to secure their information, federal agents alerted more than 3,000 companies last year that their computer systems had been hacked. The companies varied in size from small to large and represent what experts think is a small fraction of the total number. Analysts estimate the cost of these breaches is up to $100 billion annually for U.S. companies and consumers
Tech support scams and the wisdom of Solomon(Graham Cluley) Surprisingly enough, given the years I've put in documenting and offering advice on tech support scams, I don't spend a lot of time talking to the scammers, even though I've had many of those calls over the years
The NSA's big problem, explained by the NSA(The Week) Amongst the new trove of classified documents released by Der Speigel is a rather academic discussion, in the NSA's own foreign affairs journal, about the differences between American signals intelligence collection and German signals intelligence collection
Design and Innovation
Here's What Cyberspace Looks Like(Nextgov) Several federal agencies are in the early stages of mapping out a realm that has no geography, in hopes of preempting breaches and successfully hacking adversaries
The senate is still trying to jam through its hugely controversial cybersecurity bill(BGR) The federal government refuses to let one of the most controversial Internet bills ever conceived die. CISPA, as it was known when it was introduced in 2011, made a temporary resurgence last year only to meet the same opposition that had blocked its passage two years before. But as Vice has discovered, the bill is back under consideration by the U.S. Senate under a slightly altered name
Funding Amendment To Curtail Warrantless Surveillance Proposed In House(TechCrunch) A bipartisan group of Congress members have proposed an amendment to the Fiscal Year 2015 Department of Defense Appropriations Act aimed at reining in government surveillance. The amendment would ban the funding of government to either demand or request a "backdoor" into products built by technology companies. It would also ban the funding of searches of the data of US persons under the authority of Section 702 of the Foreign Intelligence Surveillance Act (FISA)
Biden tries to reassure Brazil on cyber-spying(Global Post) U.S. Vice President Joe Biden was received here Tuesday by Brazilian President Dilma Rousseff, the first high-level encounter between the two governments since revelations about Washington's extensive spying on the South American nation
Victoria Police defends security of outdated software(The Age) The force's computer network still used Windows XP, for which Microsoft stopped providing software updates in April. Victoria Police insists its IT systems are not vulnerable to security breaches, despite using an outdated software system no longer supported by Microsoft
France To Train Own Cadre of Cyber Defense Experts(Defense News) Unable to compete with private firms as it looks to hire cybersecurity experts, France's Ministry of Defense will set up a course to train its own experts to protect the French military
Indonesian Navy to establish naval cyber command(IHS Jane's Defence Weekly) The Indonesian Navy (Tentera Nasional Indonesia - Angkatan Laut: TNI-AL) is to establish a naval cyber command unit in anticipation of greater maritime threats in the digital domain, said the TNI-AL in an address delivered on 16 June during a TNI-AL-hosted event in Jakarta aimed at raising awareness of digital threats
Now China can censor journalists before they even start reporting a story(Quartz) Everybody knows Chinese reporters have it rough. There are 32 of them in jail, according to the Committee to Protect Journalists' most recent figures. But they've usually been arrested only for stories that are published, well after research has uncovered the dirty secrets. Now, thanks to new rules (link in Chinese) from the main media regulator, the government can pre-empt them
Missing E-Mail Is the Least of the IRS's Problems(Bloomberg) Last Friday afternoon brought a disturbing news dump from the Internal Revenue Service: A big chunk of Lois Lerner's e-mail has disappeared. A hard drive crash, the agency says, permanently destroyed much of Lerner's e-mail in 2011, wiping out records from the previous two years
Data sharing deal with U.S. referred to EU's top court(Reuters) Ireland's High Court on Wednesday asked the European Court of Justice (ECJ) to review a European Union-U.S. data protection agreement in light of allegations that Facebook FB.O shared data from EU users with the U.S. National Security Agency
US Marshals Accidentally Replies All To Anonymous Bitcoin Auction Bidders In Email Fiasco(TechCrunch) In a magnificent show of technical ineptitude, today the U.S. Marshals revealed the identities of many anonymous bidders in its $18 million seized Silk Road Bitcoin auction by CC'ing them on an email thread. When one asked a question, the response was sent to 40 of the bidders, many whose names were attached or easily identifiable from their addresses, negating the whole point of the auction being anonymous. Smooth, government
FBI arrests alleged NullCrew hacker(Naked Security) Federal prosecutors have arrested and charged a Tennessee man for allegedly conspiring to attack a number of businesses and educational organisations since the middle of 2012
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Suits and Spooks New York(, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks...
SANSFIRE(Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event.
26th Annual FIRST Conference(Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams...
Gartner Security & Risk Management Summit 2014(National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights...
AFCEA International Cyber Symposium(Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach.
2nd Annual Oil & Gas Cyber Security Conference(Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT...
SINET Innovation Summit(New York, New York, USA, August 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration...
Security Startup Speed Lunch DC(Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.