skip navigation

More signal. Less noise.

Daily briefing.

Events in Crimea escalate, kinetically, at least, with Ukraine alleging more Russian troop deployments as Crimea's rump-puppet parliament votes to join Russia. Some signs of cyber rioting break out, as anti-Putin hacktivists (perhaps operating independently) claim successful attacks on Russia's Rosoboronexport via a compromised Indian embassy network.

Indian media report a significant, long-standing penetration of that country's military networks.

Two major new cyber campaigns are reported. General Dynamics Fidelis reports that a criminal group, "STTEAM," is operating against oil and gas sector targets in the Middle East. (No further attribution is available, but Turkish words show up in the code.) Trend Micro discovers "Siesta" (so-called for its long periods of dormancy), a campaign directed against the energy, finance, security, defense, and healthcare sectors. Siesta is distributed via spearphishing of executives in targeted companies.

Two old campaigns remain active and dangerous: "Dexter" and "Project Hook" still endanger point-of-sale systems.

Apple's iOS is reported vulnerable to exploitation via malicious mobileconfig files.

Bitcoin exchange looting continues. Bitcoin aficionados protest that the flaws lie in the exchanges, not the cryptocurrency itself.

More cyber criminals are seen turning to extortion, as seen in Meetup's and Brand.com's experience. Expect threats of encryption, denial-of-service, and online reputational damage.

Cisco patches an authentication flaw in its routers. Microsoft will fix Internet Explorer zero-day CVE-2014-0322 on next week's Patch Tuesday.

Even as cyber security jobs open up, US students seem to fail at ideation: they're not seeing themselves in the field.

Charges dropped in the Barrett Brown hyperlink case.

Notes.

Today's issue includes events affecting Azerbaijan, Colombia, Egypt, Ethiopia, European Union, Hungary, India, Iran, Italy, Kazakhstan, the Republic of Korea, Malaysia, Mexico, Morocco, Nigeria, Oman, Panama, Poland, Russia, Saudi Arabia, Sudan, Thailand, Turkey, the Ukraine, United Arab Emirates, United Kingdom, United States, and Uzbekistan..

Cyber Attacks, Threats, and Vulnerabilities

The Ukraine crisis is not yet a cyber war, says Intel Security chief (The Inquirer) But will be if the countries' governments and critical infrastructure are targeted

Defining how a no-holds-barred Russia-Ukraine cyberwar would play out (ComputerWorld) From hacktivist defacements to Russian suppression of Ukrainian defense systems, a full-fledged cyber campaign could cause enormous collateral damage

U.S. Knew Of 'Imminent' Move In Crimea, Top Official Says (NPR) Senior U.S. officials were warned of imminent Russian military action in Crimea about a week before the troop movements that have sparked a major international crisis over Ukraine, the head of the Defense Intelligence Agency tells NPR

Ukraine crisis: CIA, not Pentagon, forecast Russian move — sources (Reuters via the Chicago Tribune) Until recently, collecting intelligence on Ukraine was a low priority for U.S. spy agencies, and as a result their reporting on recent developments was patchy, several current and former U.S. security officials said this week

Indian Embassy's Systems in Moscow Hacked to Target Rosoboronexport (Defense World) Indian embassy's network systems in Moscow were hacked to launch a cyber attack on Russian arms exporting agency, Rosoboronexport, if a claim by group calling itself the 'Russian Cyber Command' (RCC) is to be believed

Computers of armed forces and DRDO hacked (Economic Times) In a major security breach, around 50 computers belonging to the armed forces and the DRDO were hacked sometime back and classified files could have been compromised

Oil & Gas Firms Targeted In Web Server Hacks (Dark Reading) 'STTEAM' group also attacking Middle East state government sites, General Dynamics Fidelis says. A group of hackers who goes by the handle "STTEAM" has hit about a half-dozen oil and gas and government agencies in the Middle East using a mix of hacktivist, nation-state, and pure cybercrime techniques

Siesta cyber espionage campaign targets many industries (Help Net Security) Trend Micro researchers have uncovered yet another cyber espionage campaign targeting a wide variety of industries including energy, finance, security and defense, and healthcare. Dubbed "Siesta" on account of the periods of dormancy the delivered malware is ordered to enter at regular intervals, the campaign starts with malicious emails delivered to the target company's executives

Dexter, Project Hook POS Malware Campaigns Persist (Threatpost) Research this week makes it's clear that many attackers are still using point of sale malware, namely Dexter and Project Hook, in active attacks

Navy Hacking Blamed on Iran Tied to H-P Contract (Wall Street Journal) A major infiltration of a military network blamed on Iran was facilitated by a poorly written contract with computer-services provider Hewlett-Packard Co. HPQ, said people familiar with the matter

Apple iOS Vulnerable to Hidden Profile Attacks (InformationWeek) Unpatched flaw in iOS enables malicious profile users to secretly control devices and intercept data

Shedding New Light on Tor-based Malware (Threatpost) Alarm bells went off last August when spikes in Tor client downloads were traced to a large click-fraud and Bitcoin-mining botnet called Sefnit

Third cryptocurrency exchange becomes hacking victim, loses Bitcoin (ZDNet) Following Mt. Gox and Flexcoin, Poloniex has admitted to losing over 10 percent of customer funds due to cyberattacks

Bitcoin Heists Cause More Trouble (InformationWeek) Attackers continue to pummel bitcoin "banks," exchanges, and crypto-currency users themselves via malware that steals virtual wallets

Where have all the Bitcoins gone? (Naked Security) In the past, when we've covered anything that sounded even remotely like "Bitcoin trouble," we've ended up with well-meaning Bitcoin fans on our case. That's because many of, though not all, the Bitcoin troubles we have written about have really been troubles at the interface between Bitcoins and traditional currency

Newsweek Outting of Bitcoin's Satoshi Nakamoto Sparks Backlash (IEEE Spectrum) In an article published this morning by Newsweek, reporter Leah McGrath Goodman claims to have unmasked the elusive creator of the Bitcoin protocol. According to her story, the programmer, who for five years has been the subject of a high-stakes hacker manhunt, is a 64-year old, ailing Japanese American who loves model trains, deeply mistrusts the government and lives in the suburbs of Los Angeles. And his name really is Satoshi Nakamoto

Security pros see increase in Meetup-like DDoS extortion (CSO) Company refused to pay $300 ransom before being hit with attack

Brand.com blackmail, cyber attack shines light on cybercrime (Communities Digital News) In December, Brand.com president Mike Zammuto was the subject of a cyber attack. "One or more people sent us email demanding $500,000 in Bitcoin," said Zammuto. "They said that if we did not pay then that they would attack Brand.com and myself online and cause us to lose business"

Skype-based malware shows how 'peculiar' malicious code can be (NetworkWorld) ManTech's HBGary subsidiary found Skype-based malware 'hiding in plain sight' on customer's network

From Points A to Z: Examining a Random Phishing Email (CSO Salted Hash) Salted Hash examines a Phishing email, tracking the message to its source — a compromised school district — in an attempt to do some good, and maybe learn something

How cyber criminals beat email filters and web gateways (Computing) Cyber criminals can use clever psychological tricks to entice users to click on their malicious emails, and can be so adept at hiding their intentions that traditional email and gateway filtering fails to stop them

Free wi-fi hotspots pose data risk, Europol warns (BBC) Sensitive information should not be sent over public wi-fi hotspots, to avoid hackers stealing it, Europe's top cybercrime police officer has warned

Router Hack — What Happened And How To Fix It (Information Security Buzz) There have been quite a few news stories released over the past few days regarding a wide scale compromise of 300,000 Internet gateway devices

ComiXology requires all users to change passwords following breach (SC Magazine) Digital comics platform ComiXology is requiring all users to change their cryptographically protected passwords after an unauthorized individual gained access to a database of information

Hacker pranks San Francisco FBI using Google Maps exploit (San Francisco Bay Guardian) An ex-Marine turned hacker used his powers for good last week, exploiting a flaw in Google Maps to tap into phone calls from the FBI's San Francisco field office and the Secret Service

WARNING: Your Friends Are Not Naked In Videos; It's A Scam Spreading On Facebook (AllFacebook) Online security provider Bitdefender warned of yet another scam that is going viral on Facebook, involving nonexistent naked videos of users' friends

Oak Associates Funds Admits Data Breach (eSecurity Planet) Shareholders' names, addresses, e-mail addresses, phone numbers, Social Security numbers and account information may have been exposed

Security Patches, Mitigations, and Software Updates

Cisco Patches Authentication Flaw in Wireless Routers (Threatpost) There's a serious security flaw in some of Cisco's wireless routers that could allow a remote attacker to take complete control of the router. The bug is in a number of the Cisco small business routers, as well as a wireless VPN firewall

Microsoft will patch Internet Explorer 0-day flaw used in targeted attacks on March 11 (The Next Web) Microsoft today announced the latest Internet Explorer zero-day flaw (CVE-2014-0322) will be fixed on this month's Patch Tuesday. The patch will thus be released this Tuesday March 11 at approximately 10:00 AM PDT

Cyber Trends

There's No Real Difference Between Online Espionage and Online Attack (The Atlantic) You can't hack passively. Back when we first started getting reports of the Chinese breaking into U.S. computer networks for espionage purposes, we described it in some very strong language. We called the Chinese actions cyber-attacks. We sometimes even invoked the word cyberwar, and declared that a cyber-attack was an act of war

Baroness fires cyber attack warning (Yorkshire Post) Britain must be braced for a cyber attack aimed at crippling its military, industry and energy supplies during times of crisis, according to the former chairman of the Joint Intelligence Committee

Security Firms Don't Think Snowden's Leaks Have Dulled Their Tools (Motherboard) The corporate security industry isn't too concerned about the threats Edward Snowden's leaks posed to the National Security Agency's facade

Antivirus Users Want Low Impact, Good Detection, Survey Shows (PC Mag) Independent testing lab AV-Comparatives ran a survey last December asking site visitors just what they want to see in an antivirus product, what's most important to them in testing, and which information sources they trust. AV-Comparatives gave me a special link for my own post announcing this survey, which allowed them to supply me with figures for SecurityWatch readers, separate from the worldwide figures

Healthcare IT must adopt top security (European Hospital) With eavesdropping into secure systems brought sharply into focus as a result of revelations of monitoring by the US National Security Agency (NSA), a leading communication expert has warned that many hospitals across Europe need to take further steps to better protect the sensitive data stored on their healthcare IT systems

Security by design still not a reality, says security veteran (ComputerWeekly) In all the great technological innovation the world is seeing, security is still an afterthought, says Jarno Limnell, director of cyber security, Stonesoft, a McAfee Group Company

Marketplace

Spending on utilities' security will reach $8.4B this year, says Visiongain (FierceITSecurity) A renewed emphasis on the security of utilities infrastructure will spur $8.4 billion in security spending by companies and governments this year, predicts market research firm Visiongain

Cloud-based Security Solutions is an Emerging Trend in the Cyber Security Market in South Korea: TechNavio Report (FierceITSecurity) TechNavio, the independent London-based global research firm, today announced the publication of its research report on the Cyber Security Market in South Korea Market. The report finds cloud-based security solutions is an emerging trend in this market. The analysis is for the forecast period 2014-2018

CIO not the only one to blame for Target breach (ComputerWorld) Beth Jacob's resignation not surprising, but disappointing analysts say

Air Force needs support strategy for its six cyber weapons (Defense Systems) The Air Force is seeking support capabilities for the six cyber capabilities that have been approved for weapons system designations

Baltimore's software and IT industries are hiring (Baltimore Business Journal) Research Director-Looking at the list below, I think maybe it's not such a bad time to be a tech professional in the market for a job. Below are all the jobs mentioned to us in a recent survey of local software and IT consulting firms, when we asked each company if they're hiring in the next few months

American Career Aspirations Do Not Include Cybersecurity (InfoSecurity Magazine) The worldwide cybersecurity skills shortage is well-documented; and many countries have developed programs to fill the gap. These programs usually try to instill interest in schools, or tempt IT professionals into a career in security

Products, Services, and Solutions

Proofpoint Launches Anti-Malvertising Solution (SecurityWeek) Cloud-based security solutions provider Proofpoint has launched a new offering designed to combat malvertising

Avira Free Mac Security 2.0.3.54 Released (Softpedia) Avira has released a new update to its free antivirus software for OS X customers, Avira Free Mac Security 2.0.3.54, which packs equal doses of new features, enhancements, and fixes

Abacus Solutions Plays Key Role in Live Cybersecurity Simulation To Help Companies Understand the Threat Landscape (PRWeb) A report released this week details the large-scale cyber attack simulation that took place in Atlanta last week. The simulation, which was produced by the Technology Association of Georgia (TAG) and hosted by General James B. Butterworth, Adjunct General of the Georgia National Guard, exposed vulnerabilities companies have in protecting critical data, and in the real-time decision-making that happens during actual cyber attacks. Abacus Solutions Security Architect Jeff Jones played a key role as leader of one of the seven teams that attacked the fictitious business called The Logistics Company

Corero First Line of Defense Receives Two Info Security Global Excellence Awards (Wall Street Journal) Corero Network Security (LSE: CNS), a leading provider of First Line of Defense(R) security solutions, today announced that its DDoS Defense technology for the Enterprise was selected for two 2014 Info Security Global Excellence Awards. The Corero First Line of Defense solution received silver in the "Security Products and Solutions for Medium Enterprises" category and bronze in "Security Products for Finance and Banking"

Loaded and Locked: 3 Seriously Secure Cloud Storage Services (CIO) For the truly paranoid, storage that's encrypted from start to finish and accessible by no one else, ever

Air Force, Homeland Security step up to fight malware (Washington Times) New training kit to fend off attacks

Technologies, Techniques, and Standards

The password is dead: Next generation access management strategies (Help Net Security) If you follow the news, it's hard to miss all the breaches and stolen passwords offered for sale. The reality is that the method of processing passwords hasn't changed in the past 40 years, while attackers have become much more efficient.

CIOs Battle Worker Apathy Towards Lost or Stolen Mobile Phones (CIO) Like spoiled teenagers, American workers are telling their CIO that lost or stolen phones are simply not their fault, not their problem. Corporate data theft is no big deal. It's just a phone, they say. Besides, aren't you responsible for mobile data security? It's enough to make a CIO's blood boil

Survey: Centralized SSH security can help avoid high-profile breaches (TechTarget) Secure Shell keys used to protect machine-to-machine transactions are often going unmonitored by organizations, allowing hackers and insiders to use the unmanaged keys for malicious intent, according to a survey released by Cambridge, Mass.-based Forrester Research Inc

CSA to open source software defined perimeter "sometime this year" (Business Cloud) After a successful hackathon last week that saw its Software Defined Perimeter (SDP) network remain unbreached, the Cloud Security Alliance's (CSA) executive director Jim Reavis revealed that the organisation is on track to release an open source version of the framework "sometime this year"

New IT Security Survey Results — Top Reasons To Monitor Users (Dark Reading) BalaBit IT Security survey about use of privileged identity management (PIM) and privileged activity monitoring (PAM) technology

Research and Development

New technique targets C code to spot malware attacks (Help Net Security) Researchers from North Carolina State University have developed a new tool to detect and contain malware that attempts root exploits in Android devices. The tool improves on previous techniques by targeting code written in the C programming language — which is often used to create root exploit malware, whereas the bulk of Android applications are written in Java

Cryptographic obfuscation and 'unhackable' software (A Few Thoughts on Cryptographic Engineering) I have a thing for over-the-top cryptography headlines — mostly because I enjoy watching steam come out of researchers' ears when their work gets totally misrepresented. And although I've seen quite a few good ones, last week WIRED managed a doozy

Academia

A Cyber Army in Formation at South Korea's Hacker School (CSO) Many countries around the world are making large investments in cyber warfare from both an offensive and a defensive perspective. This is particularly true in emerging markets where finding parity in kinetic strength — tanks, submarines, ICBMs etc. — doesn' seem tenable, but where cyber can act as a great equalizer. South Korea is one such example

Norwich Ranked High as Cyber Security School (Northfield News) Norwich University was ranked second on a list of schools considered by security practitioners to be the best in the country for cybersecurity courses and degree programs

Publishers withdraw more than 120 gibberish papers (Nature) Conference proceedings removed from subscription databases after scientist reveals that they were computer-generated

Legislation, Policy, and Regulation

Privacy is in our blood, says NSA official (The Hill) Civil liberties are a top concern at the National Security Agency (NSA), the agency's new privacy chief said Thursday. "In their blood is [the] protection of your privacy," Rebecca Richards said Thursday, speaking at a privacy conference hosted by the International Association of Privacy Professionals

Four Federal Cyber Escapades to Watch for this Spring (Nextgov) The Obama administration's 2015 budget request hints at novel approaches to the cyber threat at civilian agencies and the Pentagon. Funding-related papers released on Tuesday to justify spending for congressional appropriators do not include the details. So, look for officials to color in the picture during House and Senate hearings in the weeks ahead

Scant detail so far on 'federal cyber campus' proposal (FierceGovIT) Details so far on a proposed "federal cyber campus" contained within the White House budget proposal are scarce, beyond a few offhand references

MeriTalk report discusses relationship between cybersecurity and big data (GSN) A new MeriTalk report, "Balancing the Cyber Big Data Equation," features information from 18 Federal IT and cybersecurity experts and highlights the importance of using intelligent analytics tools in federal IT to provide a secure network environment

Navy to Expand Information Dominance Capabilities (SIGNAL) The U.S. Navy is working to incorporate information dominance as a key part of its future warfighting tool kit. As a part of this ongoing effort, the sea service is standing up a new force dedicated to information dominance

California launches cyber-attack awareness campaign (FierceCIO) In response to growing IT security threats against government agencies, public corporations and private institutions, the State of California has launched a campaign to better educate organizations on the cyber security threats they face and steps they can take to better safeguard themselves

Litigation, Investigation, and Law Enforcement

Gen. Dempsey: NSA leaks will cost billions (AP via WAAY TV) The top U.S. military officer says it will take two years of study and billions of dollars to overcome the loss of security to military operations and tactics that were revealed in the massive stash of documents taken by former National Security Agency contractor Edward Snowden

Ex-OCR adviser offers HIPAA auditing tips (FierceHealthIT) Attorney David Holtzman, former senior adviser at the U.S. Department of Health & Human Services Office for Civil Rights, expects OCR will begin its HIPAA audit program in April, and says it's important for providers to be prepared from all angles

The Judge Who Said No to the NSA (American Lawyer) When Judge Richard Leon took on the NSA over its collection of phone data, it wasn't the first time he had questioned government's antiterrorism tactics

Two People Arrested for Hacking into KT Corp, Stealing Details of 12M Users (Softpedia) South Korean police have arrested a couple of individuals suspected of hacking into the systems of KT Corp, one of the country's largest telecom companies

Barrett Brown hyperlink charges dropped (Naked Security) Barrett BrownThe US government has moved to drop several charges against journalist and activist Barrett Brown that could have had far-reaching consequences for all users of the web

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

CyberBiz Summit (Linthicum, Maryland, USA, March 28, 2014) Learn first-hand how to get your cyber business started, how to raise capital, and what to do to make it happen. Join us for four informative sessions, networking and breakfast at the BWI Westin on Friday,...

The Device Developers' Conference: Bristol (Bristol, England, UK, May 20, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

The Device Developers' Conference: Cambridge (Cambridge, England, UK, May 22, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

The Device Developers' Conference: Manchester (Manchester, England, UK, June 3, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

The Device Developers' Conference: Scotland (Uphall, Scotland, UK, June 5, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

Global Summit on Computer and Information Technology (, January 1, 1970) The summit is hosting multiple conferences in different areas of Computer & Information Technology. CIT is a major platform for researchers and industry practitioners from different fields of computer...

Reducing the Nation's Cyber Risk: White House Insights on the President's Critical Infrastructure Framework (New York, New York, USA, March 11, 2014) The Fordham School of Professional and Continuing Studies and the Fordham Computer and Information Science Department present this informative panel, open and free to the public.

cybergamut Technical Tuesday: Virtualization Technologies in Cyberwarfare (Columbia, Maryland, USA, March 11, 2014) Virtualization is often talked about in the context of cloud computing, cost savings and enterprise environments. In this talk, Jason Syversen of Siege Technologies will introduce Intel, AMD and ARM virtualization...

Nuclear Regulatory Commission ISSO Security Workshop (, January 1, 1970) Exhibitors will have the opportunity to showcase cutting-edge products and services available in today's market. All companies specializing in products and services that would benefit the NRC workforce...

ICS Summit 2014 (Lake Buena Vista, Florida, US, March 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset...

27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference (, January 1, 1970) The 27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference will be held at the National Institute of Standards and Technology on March 18-20, 2014, exhibits will be...

Suits and Spooks Singapore (, January 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate...

MCT-Congress: Going Mobile with Clinical Trials (Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...

Cyber Security for Energy & Utilities (, January 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the...

Veritas 2014 (, January 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the...

Black Hat Asia (, January 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four...

SEC Cybersecurity Roundtable (Washington, DC, USA, March 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies,...

Cyber Security Management for Oil and Gas (, January 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security...

ISSA Colorado Springs — Cyber Focus Day (Colorado Springs, Colorado, USA, March 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).

Corporate Counter-Terrorism: the Role of Private Companies in National Security (Washington, DC, USA, March 28, 2014) The 2014 American University Business Law Review Symposium will address the growing role of corporate America in governmental counter-terrorism programs, including the bulk metadata and PRISM surveillance...

SyScan 2014 (Singapore, March 31 - April 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and...

Interop Conference (, January 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.