The Jihadist group ISIS continues to show considerable aptitude for information operations (despite its own social media leaks discovered last week). Their opponents in the Syrian Electronic Army remain preoccupied with media site hijacking and redirection: more analysis appears today of SEA's weekend Reuters hack.
Anonymous appears to have fizzled with OpPetrol, and its spottily successful OpWorldCup has now declined into defacement of a Brazilian actress's website.
The attack on the unnamed hedge fund BAE coyly disclosed is now said to have cost the victim "millions," and is perceived as part of a larger campaign directed against not only hedge funds, but the closely allied high-frequency trading sector as well. The attackers apparent aim is to get inside traders' OODA loop, the better to profit from market manipulation.
Researchers at Kaspersky and the University of Toronto examine the controversial lawful intercept products of HackingTeam. Their study reveals, inter alia, the locations of many of the Italian company's command-and-control servers.
Heartbleed remains a concern, with estimates of vulnerable servers plateaued at 300,000. The vulnerability is being exploited in the wild: insurer Aviva is reported to be among the victims.
Some familiar malware spreads to new fields of activity. SCADA threat Havex now turns up in control systems outside its original electrical grid targets. Mobile malware SVPENG continues geographic expansion. And AskMen.com has been compromised with code injections leading to Caphaw infections.
Some smaller police departments in the southern US report ransomware attacks.
Gartner's conference spawns a clutch of new product announcements.
Today's issue includes events affecting Australia, Canada, China, Bulgaria, Estonia, Iraq, Italy, Democratic Peoples Republic of Korea, New Zealand, Philippines, Romania, Russia, Syria, Ukraine, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Who is behind Isis's terrifying online propaganda operation?(The Guardian) The extremist jihadist group leading the insurgency against the Iraqi government is using apps, social media and even a feature-length movie to intimidate enemies, recruit new followers and spread its message. And its rivals — including foreign governments — are struggling to keep up
How Reuters got compromised by the Syrian Electronic Army(Frederic Jacobs) Hint: It isn't actually Reuters' fault. Earlier today, Reuters was compromised by the Syrian Electronic Army. It isn't the first time that occurs. Anyone who would try to visit a story about Syria, would be redirected to a page hosted by the Syrian Electronic Army
Hedge Funds, HFT Vulnerable to Cyber Attack(Value Walk) HFT firm had their computer hacked, with hackers ironically being given an early look at their trade intentions. It was one small line in Michael Lewis's book that was most important to those closely watching the high frequency trading debate that mattered most. This line revealed the potential for HFT algorithims to fall into the "wrong hands" and cause untold economic damage. With the release of a Bloomberg report on the hacking of various hedge funds, the issue of terrorists and economic opportunists alike hacking into HFT firms and hedge funds comes squarely into focus
Researchers Go Inside HackingTeam Mobile Malware, Command Infrastructure(Threatpost) Controversial spyware commercially developed by Italy's HackingTeam and sold to governments and law enforcement for the purpose of surveillance, has a global command and control infrastructure and for the first time, security experts have insight into how its mobile malware components work
Heartbleed Attack on BYOD Service Hit Insurance Giant Aviva(Tripwire: State of Security) The Register is reporting that the Heartbleed vulnerability was leveraged in an attack last month against a BYOD service provider, allowing the attackers to potentially cause millions in damages for insurance giant Aviva after a number of the company's fleet of employee-owned mobile devices were wiped clean
SVPENG: Mobile Malware Expanding to New Territories(Security Intelligence) Over the last week, the media has been reporting on a new mobile malware called SVPENG. Though widely regarded as a new threat, this malware had already been under investigation by Trusteer's security team in 2013, when it was discovered in its testing phases. It was presented and discussed February this year during IBM's Pulse conference
Phishing Scam Targeted 75 US Airports(InformationWeek) Major cyberattack carried out in 2013 by an undisclosed nation-state sought to breach US commercial aviation networks, says Center for Internet Security report
A peek inside a commercially available Android-based botnet for hire(Webroot Threat Blog) Relying on the systematic release of DIY (do-it-yourself) mobile malware generating tools, commercial availability of mobile malware releases intersecting with the efficient exploitation of legitimate Web sites through fraudulent underground traffic exchanges, as well as the utilization of cybercrime-friendly affiliate based revenue sharing schemes, cybercriminals continue capitalizing on the ever-growing Android mobile market segment for the purpose of achieving a positive ROI (return on investment) for their fraudulent activities
Security Patches, Mitigations, and Software Updates
Android Kitkat 4.4.4 released by Google to tackle OpenSSL security hole(Lumension) Less than three weeks after Google pushed out Android 4.4.3 to users of its Nexus smartphones and tablets, the technology giant has unexpectedly released factory images, binaries and source code for a new version — Android Kitkat 4.4.4 — patching a serious vulnerability in the OpenSSL cryptographic library
Imminent iOS 7.1.2 release tipped to bring major fixes(BGR) Apple is apparently getting ready to release iOS 7.1.2, a build that has already been released to mobile operators to test it and sign off on by Friday, June 27th. According to MacRumors, a public release could occur this week as soon as carriers approve of the new update
Hacker Tactic: Holding Data Hostage(New York Times) The perpetual cat-and-mouse game between computer hackers and their targets is getting nastier. Cybercriminals are getting better at circumventing firewalls and antivirus programs. More of them are resorting to ransomware, which encrypts computer data and holds it hostage until a fee is paid. Some hackers plant virus-loaded ads on legitimate websites, enabling them to remotely wipe a hard drive clean or cause it to overheat. Meanwhile, companies are being routinely targeted by attacks sponsored by the governments of Iran and China. Even small start-ups are suffering from denial-of-service extortion attacks, in which hackers threaten to disable their websites unless money is paid
Spammers increasingly targeting Montreal(Help Net Security) AdaptiveMobile released data that shows a marked increase in SMS spam across Canada in the past six months. The higher volume of SMS spam comes on the eve of the July 1st compliance deadline for Canada's Anti-Spam Legislation (CASL)
Improving transaction security for financial institutions(Help Net Security) Mobile technology is changing the way we conduct financial transactions. With more and more consumers relying on mobile technology to perform everyday activities, the mobile channel now represents nearly two out of three (65%) of all transactions for financial institutions
Former NSA Chief Warns Banks of Hacking Threats(PYMNTS.com) Keith Alexander, the former National Security Agency chief and head of the U.S. Cyber Command, recently spoke to cyber consultants about the potential dangers facing the financial industry. According to a recent Bloomberg article, Alexander retired in March, but is now trying to speak directly to banks about what they need to do to ensure national security
A Cyber 'Axis of Evil'?(Eurasia Review) As almost all students and scholars of international relations would agree, the term "international order" is a contested one. There is not really a universally accepted definition, however, everyone, from the Ivy League scholars to the most unfamiliar individual, knows that there exists an "order" amongst the states in the international arena and that this order is preserved and maintained through various mechanisms. This international order we speak of is actually the post-WW2 order that is dominated by the Western, capitalist, liberal democracies. The "order", at times rather ostentatiously and sometimes implicitly, favors and protects the interests of the hegemonic countries, headed by the US. The international order is, in short, the order of the "international community", which is in other words, the Great Powers
Demand for data sovereignty puts home grown data centres in the spotlight(IT Director) The continuing revelations by former US National Security Agency employee Edward Snowden about the extent of data surveillance are rumbling like thunder around the cloud computing industry. This is likely to be more than just a passing storm in a tea cup as there could be lasting repercussions on where cloud users and providers store their data
DHS to award continuous monitoring task orders(Federal Times) As director of the Federal Network Resilience Division at the Department of Homeland Security, John Streufert oversees a $6 billion effort to secure public-sector networks against cyber threats. That effort, called the Continuous Diagnostics and Mitigation (CDM) program, aims to apply a strategic sourcing acquisition strategy toward the purchase of network sensors, dashboards, expertise and a variety of services to identify and fix the worst vulnerabilities threatening the dot-gov enterprise
SAIC looks to make cyber services easier to buy(FCW) The staying power of sequestration-level federal budgets has made the bang-for-buck sales pitch pervasive among security vendors. The message to federal clients is simple: Your dollars are scarce and, unlike our competitors, we are willing to save you money by bundling services or selling you less than we could
Andreessen Invests in Cybersecurity Firm(Wall Street Journal) Tanium, Which Helps Pinpoint IT Threats, Gets $90 Million. Venture-capital firm Andreessen Horowitz is placing its second-biggest bet ever on an unheralded tool for corporate-technology departments. The firm, known for backing Facebook Inc. and Pinterest Inc., among others, is investing $90 million in Tanium Inc., which helps companies pinpoint security threats and manage their sprawling computer networks. Andreessen Horowitz's investment values seven-year-old Tanium at $900 million
Cisco releases source code for experimental block cipher(Help Net Security) A team of Cisco software engineers has created a new encryption scheme, and has released it to the public along with the caveat that this new block cypher is not ready for production, i.e. is still in the experimental phase
Webroot Introduces Next Generation Threat Intelligence Services for Enterprises(Broadway World) Webroot, the market leader in cloud-based, real-time internet threat detection, today announced expansion of its enterprise-class security solutions with the introduction of BrightCloud Security Services for Enterprise, a new portfolio of services which makes Webroot's industry-leading threat intelligence available to enterprises through integration with popular network security and management platforms
ePLDT ties up with Check Point(Business World) Philippine Long Distance Telephone Co. (PLDT) said its unit ePLDT has tied up with Check Point Software Technologies in a bid to strengthen its network security offering
5 Free Tools for Compliance Management(eSecurity Planet) Most IT pros consider compliance a hassle. Yet the tools of compliance can empower security technologies and simplify risk management. Better yet, some of those tools are free
Technologies, Techniques, and Standards
Top 4 Takeaways from the "Live Bait: How to Prevent, Detect, and Respond to Phishing Emails" Webcast(Rapid7 Security Street) In this week's webcast, Lital Asher-Dotan and Christian Kirsch tackled the hot topic, "Live Bait: How to Prevent, Detect, and Respond to Phishing Emails". Phishing has risen from #9 to #3 in the Verizon Data Breach Investigations Report on the most common attack vectors. Phishing attacks are often successful because it only takes error on the part of one user to compromise an entire organization. Read on to learn what security professionals should focus on to prevent, detect, and respond to phishing attacks effectively
Forget malware — stolen credentials are the real enterprise threat(VentureBeat) Focusing on malware detection as a frontline cybersecurity strategy puts IT security teams in a never-ending game of cat and mouse. A report from Pandalabs earlier this year found that 30 million new malware threats were created in 2013 — an average of 82,000 per day. Keeping pace with this rate of malware creation requires continuous upgrades to the latest cybersecurity defense technologies, the very same ones that malware developers are constantly finding new ways around. Fighting this unwinnable battle not only strains precious cybersecurity resources, but it also leaves a company vulnerable to an even greater threat: stolen credentials
Security Everywhere: One Unmanaged Desktop Is All It Takes(Information Security Buzz) An unpatched and unmonitored Windows desktop is an open gateway for viruses and trojans to sneak onto your network. Besides malware, these desktops can also act as a portal for malevolent users to steal or delete critical company data. If a criminal hacker can access your machine, they will try different options to steal company data or gain access to your network looking for bigger prizes
Security Essentials? Basics? Fundamentals? Bare Minimum?(Gartner Blogs) Let's think together — what technologies and practices constitute information security essentials? The question is actually bitchingly hard — so think before answering! One way to think of this is to imagine somebody describing his security capabilities to you, and when they miss something from that list you go "ZOMG!!! No way you missed X! What are you, stupid or something?! STOP talking to me and go deploy/do/buy that now!!!"
Does de-identification work or not?(FierceBigData) In a FierceBigData article which ran last Wednesday, Pam Baker posed some compelling questions regarding a recent "Big Data and Innovation, Setting the Record Straight:De-identification Does Work" whitepaper released by Ann Cavoukian, the Ontario information and privacy commissioner, and Daniel Castro, Information Technology and Innovation Foundation Senior Analyst. Of these, the most salient question was also the simplest: "Does de-identification work or not?"
Using Words To Battle Cyber Losses(Wall Street Journal) Words matter when it comes to cybersecurity. With security concerns dominating today's corporate planning from the Board on down, the CIO often comes in as a technical expert, providing an analysis of the threat environment and what measures should be taken to prevent successful cyberattacks. And of course, the CIO is there to explain what happened when the inevitable successful attack happens. However, CIOs can do much more — and better protect the corporate bottom line — with just a little thought and some assistance from their lawyers. By using some careful contract language developed in collaboration with counsel and contract administrators, CIOs can be in a prime position to shift liability away from their company in the event of a successful cyberattack
Design and Innovation
Spy satellite agency wants to tap video game technology(USA TODAY) The National Reconnaissance Office (NRO), the secretive agency that launches and runs the nation's spy satellite system, is looking at technology developed by the video game industry to help it improve how it gathers and analyzes intelligence data, according to a research proposal released Monday
Research and Development
Faces Are the New Passwords(New York Magazine) One of the nine faces above is familiar to me, but the rest aren't. Can you pick it out? The answer is at the bottom of this post, and I don't like your odds. This grid is a "facelock," an alternative to the password system most websites use, and a study being published tomorrow in the journal PeerJ suggests that facelocks are a promising method of ensuring online security
The Shadow Internet That's 100 Times Faster Than Google Fiber(Wired) When Google chief financial officer Patrick Pichette said the tech giant might bring 10 gigabits per second internet connections to American homes, it seemed like science fiction. That's about 1,000 times faster than today's home connections. But for NASA, it's downright slow
Steganographic Key Leakage Through Payload Metadata(Cisco Blogs) Steganography is the ancient art of invisible communication, where the goal is to hide the very fact that you are trying to hide something. It adds another layer of protection after cryptography, because encrypted message looks like gibberish and everyone immediately notices that you want to hide something. Steganography embeds the (encrypted) secret message into an innocuous looking object such that the final communication looks perfectly normal. The "analog" form of steganography is the art of writing with invisible ink. The digital version hides the message by a subtle modification of the cover object. Probably the most researched area in digital steganography uses digital images as a cover media into which the message is inserted. The oldest (and very detectable) technique replaces the least significant bit (of each colour channel) with the communicated message. Shown below, the first picture is the cover object and the second one is the stego object
Planned cyber center includes USNA's first classified facility(Navy Times) A state-of-the-art cyber operations center planned for the Naval Academy would allow midshipmen to view classified information and watch cyber attacks as they happen, said Capt. Paul Tortora, director of academy's Center for Cyber Security Studies
University leads the way with cyber security(Voxy) One of the world's leading cyber security academics says the University of Waikato is "leading the way" in helping fill an ever-growing shortage of cyber security professionals
Tax, security info at cyber attack risk(Australian Associated Press via the Daily Mail) Tax and social security records and national security information remains vulnerable to cyber attacks, a new report shows. An auditor-general review of seven major government agencies found that none complied with the required cyber security measures which were due to be in place by mid-2014. The agencies included the Australian Tax Office, Department of Foreign Affairs and Trade, Australian Bureau of Statistics, Customs, Australian Financial Security Authority, the Department of Human Services and IP Australia
Massachusetts Man Pleads Guilty to Computer Hacking and Credit Card Theft(US Department of Justice, Office of Public Affairs) A Massachusetts man pleaded guilty today to hacking into computer networks around the country — including networks belonging to law enforcement agencies, a local police department and a local college — to obtain highly sensitive law enforcement data and alter academic records. He also pleaded guilty to obtaining stolen credit, debit and payment card numbers
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SANSFIRE(Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event.
26th Annual FIRST Conference(Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams...
Gartner Security & Risk Management Summit 2014(National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights...
AFCEA International Cyber Symposium(Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach.
2nd Annual Oil & Gas Cyber Security Conference(Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT...
SINET Innovation Summit(New York, New York, USA, August 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration...
Security Startup Speed Lunch DC(Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.