The first Russian cyber operations in its Crimean incursion are reported (by Ukrainian security authorities). These seem initially restrained, directed largely toward isolation of the Crimean battlespace, but there's a strong likelihood they'll see expansion through either Ukrainian retaliation or Russian escalation. Estonian and (especially) Georgian experience of being on the receiving end of Russian cyber attack offer instructive precedents. Some observers think the initial and uncharacteristic restraint of the Russian cyber offensive is explained by wariness of Ukraine's capable domestic hacking talent: a cyber riot can be as troublesome as a closely-run state campaign.
Russia's adventure for now enjoys the tepid, foot-dragging diplomatic support of China, so Kevin Mandia's retrospective of Chinese cyber capabilities is timely.
The Syrian Electronic Army threatens consequences for US Central Command should the United States undertake cyber operations against the Assad regime.
A large SOHO router pharming campaign, in progress since mid-December, has been exposed by Team Cymru. Some 300,000 machines are infected, with ground zero located in two London IP addresses registered with 3NT solutions. The campaign has so far been largely concentrated in Eastern Europe and Asia. Team Cymru calls it a "logical evolution of botnet technology." The campaign's motive, purpose, and attribution remain obscure, but Dynamoo sees fingerprints of Serbian cyber criminals.
Bitcoin bank Flexcoin has shut down—it's been looted. Mt. Gox attributes its own fall to criminal hacking. But Bitcoin isn't synonymous with either Flexcoin or Mt. Gox: Bitcoin ATMs continue to open, most recently in Singapore and Ireland.
Today's issue includes events affecting Bosnia Herzegovina, Chile, China, India, Italy, Japan, Netherlands, Philippines, Poland, Russia, Serbia, Syria, Thailand, Turkey, Ukraine, United Kingdom, United States, and Vietnam..
Cyber Attacks, Threats, and Vulnerabilities
Ukraine hit by cyberattacks: head of Ukraine security service(Reuters) Ukraine's telecommunications system has come under attack, with equipment installed in Russian-controlled Crimea used to interfere with the mobile phones of members of parliament, the head of Ukraine's SBU security service said on Tuesday
Hack Attack—Russia's first targets in Ukraine: its cell phones and Internet lines(Foreign Policy) The Russian forces occupying Crimea are jamming cell phones and severing Internet connections between the peninsula and the rest of Ukraine. Moscow hasn't succeeded in imposing an information blackout, but the attacks could be sign that Russia is looking to escalate its military operations against the new government in Kiev without firing a shot
Are we about to witness a full-on cyber-war between Russia and Ukraine?(ITProPortal) Russia has invaded Ukraine. Well, at least the province of Crimea. Are we about to see cyber-war unfold? After months of hearing about cyber-war, cyber-espionage, and attacks against critical infrastructure, it's only natural to wonder if the physical conflict between Russia and Ukraine is about to spill over into cyberspace. Most countries, the United States included, have cadre of forces trained in digital attacks and defences, and this kind of provocation seems like the perfect scenario to unleash them
China's support for Russia's Ukraine incursion is half-hearted, at best(Quartz) It was only a month ago that the close ties between Russia and China were on prominent display, with Chinese president Xi Jinping vowing that the two countries would "continue deepening our consultations and cooperation on major international issues and together maintain world and regional peace, security and stability"
Chinese Government Hacking, One Year Later(eSecurity Planet) What has changed in the year since Kevin Mandia first exposed hacking by the Chinese Army? A year after first issuing his landmark report titled, 'APT1: Exposing One of China's Cyber Espionage Units', Kevin Mandia gave an update on the report's aftermath. Mandia is now the senior vice-president
SOHO Pharming: Growing Exploitation of Small Office Routers Creating Serious Risks(Team Cymru) This report details our recent analysis of a widespread compromise of consumer-grade small office / home office (SOHO) routers. Attackers are altering the DNS configuration on these devices in order to redirect victims' DNS requests and subsequently replace the intended answers with IP addresses and domains controlled by the attackers, effectively conducting a Man-in-the-Middle attack
Two London IP Addresses Hijack Over 300,000 Home Routers(International Business Times) Security firm Team Cymru has discovered a huge man-in-the-middle cyber attack affecting over 300,000 small home and office internet routers that hijacks their internet connection — and the attack seems to originate from two IP addresses in London
Illinois Bank: Use Cash for Chicago Taxis(Krebs on Security) First American Bank in Illinois is urging residents and tourists alike to avoid paying for cab rides in Chicago with credit or debit cards, warning that an ongoing data breach seems to be connected with card processing systems used by a large number of taxis in the Windy City
[Meetup suffers DDoS attack](Meetup HQ Blog) No doubt, this has been a tough weekend for Meetup. Since Thursday, we faced a massive attack on our servers — a DDoS attack, which is a barrage of traffic intended to make service unavailable. We've had many hours of downtime over several days, a first for us in 12 years of growing the world's largest network of local community groups
Flexcoin is shutting down.(Flexcoin) On March 2nd 2014 Flexcoin was attacked and robbed of all coins in the hot wallet. The attacker made off with 896 BTC, dividing them into these two addresses
Mt. Gox users targeted with fake promises of lost Bitcoin recovery(Help Net Security) Bitcoin exchange Mt. Gox has shared more details about the issues that have led to it filing for bankruptcy protection just as malware peddlers have started taking advantage of affected users' desperation and desire to recover their lost bitcoins
Four Vulnerabilities Found in Oracle Demantra(Threatpost) Oracle's Demantra is fraught with vulnerabilities that could allow an attacker to extract sensitive information, carry out phishing attacks, and modify content within the application, among other attacks
Cyber crooks will go after medical records next(Help Net Security) As security firms and law enforcement agencies continue to cooperate and successfully take down botnets, cyber crooks will be forced to look for new and more lucrative targets, and especially ones that are poorly secured
Italian spyware firm relies on U.S. Internet servers(Washington Post) An Italian computer spyware firm, whose tools foreign governments allegedly have used to snoop on dissidents and journalists, relies heavily on the servers of U.S. Internet companies, according to a new report
Phone Phishing, Data Breaches, and Banking Scams(TrendLabs Security Intelligence Blog) Recently, I received a rather unusual call that claimed to be from National Australia Bank (NAB), one of the four largest banks in Australia. The caller had my complete name and my address. They claimed that they had flagged a suspicious transaction from my account to an Alex Smith in New Zealand to the tune of 700 Australian dollars. They needed my NAB number to confirm if the transaction was legitimate
The Mobile Cybercriminal Underground Market in China(TrendLabs Security Intelligence Blog) The availability of affordable mobile Internet access has changed the computing landscape everywhere. More and more people are using mobile devices both for work and for entertainment. China is no exception. According to a report published by the China Internet Network Information Center (CNNIC), 81% of Chinese Internet users went online using their mobile phone in 2013. The CNNIC also reported that China ended 2013 with 618 million Internet users and 500 million mobile Internet users
9 Worst Cloud Security Threats(InformationWeek) Leading cloud security group lists the "Notorious Nine" top threats to cloud computing in 2013; most are already known but defy 100% solution
Security Patches, Mitigations, and Software Updates
XPired!(Internet Storm Center) Yes, Windows XP is about to Xpire. This sunset has been a while in the making, and has even been paused so that the world could admire it a while longer. But now, it really is upon us, on April 8, the earth rotation will stop for a second or three, and then move on
Google Fixes Nearly 20 Bugs in Chrome 33(Threatpost) Google has fixed 19 security flaws in its Chrome browser, including more than a dozen high-risk bugs. The company paid out $3,500 in rewards to security researchers who reported flaws. Two of the high-risk vulnerabilities fixed in Chrome 33 are use-after-free flaws, one in SVG images and the other in speech recognition
TrustyCon talks made available on video(Help Net Security) As announced, the TrustyCon infosec conference, established by security consulting firm iSEC Partners, the Electronic Frontier Foundation (EFF) and DEF CON and held simultaneously as RSA Conference USA 2014, has drawn quite a crowd
Advanced Threat Report 2013(FireEye) The 2013 edition of the FireEye Advanced Threat Report analyses more than 40,000 advanced attacks across the globe to map out the latest trends in advanced persistent threat (APT) attacks. Leveraging real-time threat intelligence from millions of security alerts across customer deployments, FireEye tracked more than 160 distinct APT malware families and logged 22 million command-and-control (CnC) transmissions. This report correlates that intelligence to provide insight that spans countries, industries, and threat vectors
Trends shaping mobile forensics in 2014(Help Net Security) Mobile forensic provider Cellebrite surveyed its customer base and conducted interviews with leading mobile forensic experts and analysts spanning the industry, asking their opinion on top trends shaping mobile forensics this year
People, not PCI standards, cause data breaches(Venture Capital Post) Cisco Systems Security Solution Architect, Christian Janoff wrote in his column with VentureBeat that the reason why payment card data breaches are happening is not because of the failure of PCI standards but it's the people. They are not ready to deal with today's threats
Cyber Pranks — Funny or Mean?(McAfee Blog Central) We all know that kids love to play pranks — it is just part of childhood. Whether it is whoopee cushions, switching the salt and the sugar or good old plastic spiders, harmless pranks can be fun and actually a good way of teaching kids resilience
Cubic Completes Acquisition of Intific Inc. to Strengthen Virtual Simulation and Advance Research Capabilities(Wall Street Journal) Cubic Corporation announced today that it has completed the acquisition of Intific, Inc., an Austin, Texas-based advanced technology company focused on software and game-based solutions in modeling and simulation, training and education, cyber warfare, and neuroscience. Intific will become part of the Cubic Defense Systems segment which is a market leader in innovative live, virtual, and game-based training solutions. Intific completed 2013 with approximately $14 million in revenue and employs 80 personnel primarily located in Austin, Texas and Alexandria, Virginia
40 Million Reasons To Buy This Cyber-Security Laggard(Seeking Alpha) The loss of credit card information for 40 million Target (TGT) customers in December is just one in a growing list of high-profile cyber-crimes. The increase in these attacks, both financial and politically-motivated, is on the rise and is one of our megatrends for the next decade. Symantec (SYMC) has lagged peers in the industry but looks poised to surprise higher on the completion of its reorganization
Apple CFO Oppenheimer to retire in Sept.(MarketWatch) Apple Inc.'s Chief Financial Officer Peter Oppenheimer will retire at the end of September, the company announced Tuesday. He will be replaced by Luca Maestri, who currently serves as Apple's vice president of finance and corporate controller
Lunarline Weighs in on Recent Retail Sector Hacks(Broadway World) Following reports that hackers triggered more than 60,000 unaddressed alerts in an attack on Neiman Marcus's credit card payment systems, Lunarline released a statement emphasizing a widespread need for retail organizations to develop stronger internal cyber security capabilities
Appthority App Risk Management(Droid Report) Appthority App Risk Management provides service that employs static, dynamic and behavioral analysis to immediately discover the hidden actions of apps and empower organizations to apply custom policies to prevent unwanted app behaviors. Only Appthority combines the largest global database of analyzed public and private apps with advanced policy management tools to automate control over risky app actions and protect corporate data
Technologies, Techniques, and Standards
Cyber Intelligence Collection Operations(Tripwire: The State of Security) In the previous article in this series I talked about developing your cyber intelligence analyst skills. The approach largely relied on becoming tool agnostic and developing a strong base through education. As the analyst it is your opinion and expertise that matters most
Less risk, more reward: Managing vulnerabilities in a business context(Help Net Security) Network security can be both an organization's savior, and its nemesis. How often does security slow down the business? But security is something you can't run away from. Today's cyber-attacks have a direct impact on the bottom line, yet many organizations lack the visibility to manage risk from the perspective of the business. This quandary is a common balancing act that organizations must manage without truly understanding the impact to the bottom line
How NIST Develops Cryptographic Standards(Schneier on Security) This document gives a good overview of how NIST develops cryptographic standards and guidelines. It's still in draft, and comments are appreciated
Why SMBs Need Mobile Device Security(Trend Micro Simply Security) There's a growing security issue for small and midsize businesses (SMBs) that's called BYOD. The trend of "bring your own device" to work—defined as employees using their own smartphones, laptops or tablets for business tasks—is becoming a major challenge for all organizations. However, for smaller businesses, it's a real and serious security issue that needs to be addressed sooner rather than later
Research and Development
Our brains work hard to spot phishing scams, but still often fail(Naked Security) Scientists have found a significant increase in brain activity related to problem-solving and decision-making when spotting fake sites. But despite the extra brain-power, it seems we're still pretty bad at it, averaging just a 60% accuracy rate
China Establishes Presidential Commission to Shore Up Its Cyberdefenses(IEEE Spectrum) China is often pointed to as the home base for bad actors in the world of cybercrime and alleged to be a participant in undeclared cyberwarfare. But China's computer networks are not immune from attack. The government revealed the extent of its concern over cybercrime when it announced that President Xi Jinping is chairing a new working group on cybersecurity and information security
Fighting for rights in a time of big data(FierceBigData) More than a dozen civil rights groups are working to establish fairness guidelines for use by big data wielding law enforcement, hiring and commerce entities. They rightly point out the potential use of big data in discriminating against seniors and other groups. Below is the set of principles they think should be adopted across the board to prevent discrimination. The big surprise to some is that these principles do not apply only to minorities but to the much broader sweep of human rights
Can Protected Data Be Shared to Improve Services?(Government Executive) "Start with what you have," is the advice consultants recommend to organizations that are just launching performance measurement initiatives. Now the Office of Management and Budget has issued guidance encouraging agencies to use existing program data in new ways
Commentary: Why We Need a Defense Clandestine Service(Defense News) I was a CIA spy from 1979 to 1988, leaving when invited to be a co-creator of the Marine Corps Intelligence Center from 1988 to 1993. Since 1993, I have been one of the more persistent published proponents of intelligence reform around the world
Lawsuit to shorten NSA data access has opposite effect(FierceBigData) Proving once again that fact is stranger than fiction, a lawsuit initiated by the ACLU, the EFF and other advocacy groups that meant to shorten the time that the NSA can keep data resulted in the agency getting to keep data even longer. And when the same group sued to restrict access to the data, the court instead awarded more access to people and agencies
EFF Urges Court to Kill National Security Letters(Courthouse News Service) The Electronic Frontier Foundation filed two briefs asking the 9th Circuit to stop the federal government from issuing national security letters that allow it to spy on millions of Americans.
US says Sprint fraudulently charged hidden fees for government wiretaps(The Verge) The US government is taking Sprint to court for allegedly inflating the cost of performing wiretaps by millions of dollars. In a complaint filed on Monday, the government said Sprint had asked law enforcement agencies for an extra $21 million in reimbursement for its surveillance costs over a period of several years, raising its total bill by around 58 percent
Scareware pusher loses appeal against epic $163 million fine(Naked Security) The US Federal Trade Commission (FTC) is celebrating what it calls a "huge victory for consumers", after an appeal court threw out an attempt to overturn a massive fine imposed on Kristy Ross, a former representative of scareware marketing firm Innovative Marketing Inc. (IMI) which pushed fake security products such as WinFixer and XP Antivirus
Florida Cops' Secret Weapon: Warrantless Cell Phone Tracking(Wired) Police in Florida have offered a startling excuse for having used a controversial "stingray" cell phone tracking gadget 200 times without ever telling a judge: the device's manufacturer made them sign a non-disclosure agreement that they say prevented them from telling the courts
Online Identity: The Legal Questions(InfoRiskToday) The more organizations structure business and processes around online identities, the more they navigate in tricky legal waters, says attorney Tom Smedinghoff, who offers guidance
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
INFILTRATE(, January 1, 1970) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot...
Nuclear Regulatory Commission ISSO Security Workshop(, January 1, 1970) Exhibitors will have the opportunity to showcase cutting-edge products and services available in today's market. All companies specializing in products and services that would benefit the NRC workforce...
ICS Summit 2014(Lake Buena Vista, Florida, US, March 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset...
Suits and Spooks Singapore(, January 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate...
MCT-Congress: Going Mobile with Clinical Trials(Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...
Cyber Security for Energy & Utilities(, January 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the...
Veritas 2014(, January 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the...
Black Hat Asia(, January 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four...
Cyber Security Management for Oil and Gas(, January 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security...
ISSA Colorado Springs — Cyber Focus Day(Colorado Springs, Colorado, USA, March 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).
SyScan 2014(Singapore, March 31 - April 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and...
Interop Conference(, January 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.