skip navigation

More signal. Less noise.

Daily briefing.

Russia's increasingly thorough imperial pacification of Crimea continues apace. The weekend saw a surge in cyber operations associated with the incursion.

Most noteworthy, however, is several security firms' independent disclosure—G Data, BAE, F-Secure, Symantec, and Kaspersky prominent among them—of a large, capable cyber espionage campaign active in several countries. Variously called "Turla," "Snake," and "Uroboros," depending upon who independently discovered it, the malware framework appears to an evolutionary variant of RedOctober and Agent.BTZ. Among its features is a novel bypass of Microsoft's Driver Signature Enforcement. The malware has been found in at least nine countries, but BAE at least unambiguously calls Ukraine the target.

While some researchers (notably G Data) decline to attribute Turla/Snake/Uroboros to any particular actor, BAE and an analyst from the Center for Strategic and International Studies do note Russian security service fingerprints ("pawprints," says CSIS) on the code. Commendable (if prim) reticence aside, the consensus attribution is to the Russian government.

Hacktivists sympathetic to the Ukrainian side appear to have taken down Russian media site Rossiyskaya Gazeta. India (with at best a very small dog in the fight) suffers collateral damage as its embassy network is hacked to get at Russian arms exporter Rosoboronexport; Indian dealings with Russian defense firms and associated sensitive information appear also to have been exposed.

Elsewhere, hacktivists gear up one of their regular campaigns against Israel. These have recently tended to fizzle; the first attacks are promised today.

Hackers kick Mt. Gox while it's down, claiming evidence of fraud.

Notes.

Today's issue includes events affecting Belgium, China, Colombia, Finland, Georgia, Germany, Hungary, India, Israel, Italy, Lithuania, Pakistan, Romania, Russia, Turkey, Ukraine, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

Ukraine And Russia Approach Cyber Warfare (TechWeekEurope) Expert suggests Ukraine would not be able to withstand a coordinated Russian attack on its infrastructure

According to UK-based BAE Systems: The target of cyber attack is Ukraine (Periscope Post) Ukraine was attacked repeatedly by refined cyberspies as tensions between Russian and pro-Western factions trend intensified in recent months, according to a report based defense contractor BAE Systems in the UK

Framework For Massive Cyber Attack Discovered in US And European Networks (The News Reports) IT security experts across Europe and America believe they have discovered the skeleton or framework for a huge malicious software (malware) attack across networks. Those investigating the existence of this sophisticated system tool virus have in different countries given it different names — Uroburos, Turla and Snake — based on repeated letters found in the coding and the fact that it seems to slither through entire networks. It seems, however, that they have all independently been looking at the same code

Malware uses new technology to bypass Windows' kernel protection (G Data Security Blog) Uroburos was already described as a very sophisticated and highly complex malware in our G Data Red Paper, where we had a look at the malware's behavior. This assumption is again supported, looking at its installation process. Uroburos uses a technique not previously known to the public to bypass Microsoft's Driver Signature Enforcement, an essential part of Windows' security

INSIGHT-Suspected Russian spyware Turla targets Europe, U.S. (Reuters) A sophisticated piece of spyware has been quietly infecting hundreds of government computers across Europe and the United States in one of the most complex cyber espionage programs uncovered to date

'Snake' cyber espionage operation the work of 'well-funded professionals' (Computing) Defence contractor BAE Systems has analysed how the recently disclosed 'Snake' cyber espionage toolkit operates, finding that its authors are likely to be "committed and well-funded professionals"

Is Russia behind the Snake spying malware, seen attacking systems in Ukraine? (Graham Cluley) Following the report published earlier this month by G Data into the "Uroburos" spyware, which heavily hinted the malware could have been written by Russian intelligence, UK-based defence contractor BAE Systems has entered the fray with all guns blazing

Ukrainian hackers break into Russian newspaper website (Voice of Russia) Early on Friday, March 7th, the website of the Rossiyskaya Gazeta daily came under hack attack. When the news was being prepared, the server sent an internal error message to the site. The downforeveryoneorjustme service has confirmed that the website has gone offline

Indian Embassy's Systems in Moscow Hacked to Target Rosoboronexport. (DefenseWorld) Indian embassy's network systems in Moscow were hacked to launch a cyber attack on Russian arms exporting agency, Rosoboronexport, if a claim by group calling itself the 'Russian Cyber Command' (RCC) is to be believed

Cyber attack on Russia hits India, secret defence documents leaked (Hindustan Times) A cyber attack on Russian communication systems by anonymous hackers on early Saturday morning has compromised India's defence dealings with Russia and raised serious concerns about a possible major security breach

Planned Cyber Attacks Against Israel (Israel Defense) According to experts of Aman group, ClearSky and Terrogence, the State of Israel is facing two campaigns of cyber attacks in the coming month. The first will be tomorrow (10.3) and the second on the 7.4. Both the attacks are part of the "Hacktivists month"

Anonymous hackers uncover alleged proof of MtGox fraud from site's CEO (Ars Technica) "It's time MTGOX got the bitcoin communities wrath instead of Bitcoin getting Goxed." Following the MtGox Bitcoin exchange losing millions to a hack and filing for bankruptcy, anonymous attackers took over the personal blog and reddit account of MtGox CEO Mark Karpeles on Sunday. After seizing control, the hackers posted (Pastebin) a message to the two spaces detailing their findings and the reasoning behind the attack

Hackers attacked bankrupt Bitcoin exchange (Money) Bitcoin exchange MtGox faced a massive hacker offensives last month, coming under 150,000 DDoS attacks a second for several days ahead of its spectacular failure, a report says

Cybercriminals Infiltrate Various Organizations in Siesta Campaign (Softpedia) Security researchers from Trend Micro are investigating a new campaign of targeted attacks aimed at organizations from various sectors. The campaign has been dubbed Siesta (read on to learn why)

Fake Night Vision Camera App on Google Play Hides SMS Trojan (Softpedia) Security researchers from Avast have come across a fake night vision camera app on Google Play. The malicious app is designed to harvest information and subscribe users to premium SMS services

Cisco flaws put routers back in the dock (SC Magazine) A major flaw in Cisco's routers has been revealed just days after research firm Team Cymru reported it had found over 300,000 other routers infected with malware. Cisco issued a patch for its vulnerability on 5 March. The problem lies in the web management interface of its leading Cisco RV215W and CVR100W Wireless-N VPN routers, which could allow a remote attacker to take control of them

Former bank websites put to 'sinister' use (BBC) Many websites once used by US banks have been taken over by spammers and virus writers, reveals research

NHS websites awash with security vulnerabilities. Ensure your WordPress site is running up-to-date software (Graham Cluley) Websites run by Britain's National Heath Service (NHS) are riddled with security vulnerabilities and could easily be exploited by online criminals, claims a newly-published investigation by Computer Active magazine

Want someone to click on your targeted attack? Disguise it as a LinkedIn message (Graham Cluley) Hopefully, by now, we all understand the threat posed by targeted attacks, and how online criminals might attempt to target specific individuals inside your organisation

Managed Web-based 300 GB/s capable DNS amplification enabled malware bot spotted in the wild (Webroot Threat Blog) Opportunistic cybercriminals continue 'innovating' through the systematic release of DIY (do-it-yourself), Web-based, botnet/malware generating tools, seeking to monetize their coding 'know-how' and overall understanding of abusive/fraudulent/malicious TTPs (tactics, techniques and procedures) — all for the purpose of achieving a positive ROI with each new release. We've recently spotted a newly released, Web-based DNS amplification enabled DDoS bot, and not only managed to connect it to what was once an active DDoS attack, but also, to the abuse of a publicly accessible open DNS resolver which has been set up for research purposes

McAfee: Cybercrime-As-A-Service Led To Credit Card Breach, While Mobile "Malware Zoo" Grew 197% In Q4 (TechCrunch) It looks like the rise of the "as a service" model, where people can buy software, platform access, security and more from a cloud-based provider for a fixed term, may have spawned its Damien: cybercrime as a service. The latest report from McAfee notes that the rush of point-of-sale credit card breaches that hit consumers in Q4 of last year — most notably at Target but other retailers as well

Hacker breaches Hopkins server, but officials say identity theft not a concern (Baltimore Sun) Person claiming to be part of 'Anonymous' group obtained names, contact information

North Dakota University System hacked, roughly 300K impacted (SC Magazine) The North Dakota University System (NDUS) is notifying more than 290,000 former and current students and roughly 780 faculty and staff that their personal information — including Social Security numbers — may be at risk after an unauthorized party gained access to one of its servers

Touchlogging Represents a Real Mobile Risk (eSecurity Planet) Trustwave researcher warns about the risk of touchlogger applications on IOS and Android

Security Patches, Mitigations, and Software Updates

Five bulletins, two critical in Patch Tuesday this month (FierceCIO: TechWatch) Microsoft will be releasing a total of five updates for March 2014, according to the latest Microsoft Security Bulletin Advance Notification that was released. The relatively lightweight update consists of two "critical" updates with the final three pegged as "important." Critical bulletins should be attended to as soon as possible and usually also require a system reboot

Microsoft plans full fix for Internet Explorer zero-day SnowMan exploit (V3) Microsoft has detailed plans to release a full fix for a vulnerability in Internet Explorer 9 and 10 that was being targeted by so-called Operation SnowMan hackers

Over 40 Bugs, Including 4 Security Vulnerabilities, Fixed in Joomla 3.2.3 (Softpedia) Joomla 3.2.3 is available for download. The latest release addresses a total of more than 40 bugs, four of which are security issues

Twitter plugs protected accounts bug to flush out stalkers (The Register) Creepy types can no longer see selectively shared tweets via SMS

Cyber Trends

Has the NSA's mass spying made life easier for digital criminals? (The Guardian) In flooding the internet with malware, and by increasing wariness of data sharing, the NSA's actions have had a negative impact on the fight against cybercrime

IoT sensors, ad hoc networks to transform communications market, predicts Strategy Analytics (FierceMobileIT) The pervasiveness of energy sensors and ad hoc networks to enable the Internet of Things (IoT), along with virtualized networks and cloud computing, will transform the communications networks, content and technology markets by the end of the decade, predicts Strategy Analytics

European IT pros reveal top reasons to monitor privileged users (Help Net Security) BalaBit IT Security announced results of a recent survey of IT security professionals about use of privileged identity management (PIM) and privileged activity monitoring (PAM) technology

Your Biggest Cyber Security Threat May Be Right Under Your Nose (Forbes) When you're online dealing with matters involving your bank, your bill payments, your investments, your healthcare, or your next purchase from Amazon, I bet that security is top of mind. You don't want your information hacked somewhere along the way. But what about when you're gaming? Or, for parents: what about when your kids are gaming? Do you think about security then? Perhaps not

Marketplace

Security giants set to fight over enterprise market (PCR) Two of the biggest IT security firms, Kaspersky and Bitdefender, have both revealed that they are making bigger pushes into the enterprise market

Encrypted communications to take center stage at Cebit (ComputerWorld) Security has passed cloud services to become the most important IT issue this year in Germany

Red-hot security software company FireEye sells more than $1 billion in fresh shares (San Jose Mercury News) Less than six months after an eye-popping initial public offering, security software company FireEye sold millions of new shares for more than four times the price of its IPO, bringing the company and its stakeholders more than $1 billion

FireEye Stock Gets Upgrade On View Of Massive Growth (Investor's Business Daily) FireEye (FEYE) stock hit a new high Wednesday, supported by a price target increase by FBR Capital Markets

The Most Expensive 'Undiscovered' Cyber Security Company In The Market (NASDAQ) In our experience exuberance and enthusiasm for the market tend to peak not when the market leaders are afforded lofty valuations, but when, in desperate search of new longs, the pretenders are given these same, or in some cases, higher valuations

The Churn: Kaye Scholer Adds Cybersecurity Expert, Plus More Lateral Moves (American Lawyer) The newest hire at Kaye Scholer, Adam Golodner, will head the firm's new global cybersecurity and privacy group. Based in Washington, D.C., Golodner is a former Cisco Systems executive whose practice focuses on global legal and policy issues related to cybersecurity and privacy, including policy and regulatory advocacy, litigation, corporate governance and transactions

Private equity giant Warburg Pincus looks to invest in mobile companies (Mobile Marketer) Warburg Pincus, a private equity firm with $37 billion assets under management and a portfolio of more than 120 organizations, is looking to invest in mobile companies across a wide range of industry sectors

SINET Continues Virtuous Work: Convening World Class Cyber Security Thought Leaders at IT Security Entrepreneurs Forum 8-9 Apr (SYS-CON) You know the Security Innovation Network (SINET), the virtuous community builder focused on promotion of innovation in cyber security

Products, Services, and Solutions

Open Networking Summit: Brocade Adds OpenFlow Support (Data Center Knowledge) At the Open Networking Summit in Santa Clara, California this week Pluribus Networks announced inNetwork Analytics, Procera Networks' NAVL Engine was selected by GFI Software, and Brocade launches support for OpenFlow 1.3 across its IP portfolio of products

Tokenless two-factor authentication with single use Q-Codes (ProSecurityZone) Innovative One-time password system developed using a Q-code passed to users telephone as a form of two-factor authentication

Technologies, Techniques, and Standards

MasterCard, Visa form group to push for better card security (Reuters via the Orlando Sentinel) Visa Inc and MasterCard Inc said they had launched a cross-industry group to improve security for card transactions and press U.S. retailers and banks to meet a 2015 deadline to adopt technology that would make it safer to pay with plastic

Five things to know about malware before driving it out (CSO) Security teams need to be able to differentiate between inconsequential and truly damaging malware so resources aren't diverted towards chasing the wrong threat, says Cyphort's Shel Sharma

Good Security Begins With Effective Threat Modeling (CSO Salted Hash) You need a solid foundation to build secure software, and that foundation begins with creating a threat model to identify all of the potential risks the application might face

DHS official touts machine-to-machine cyber threat data sharing (FierceGovernmentIT) A Homeland Security official touted his department's use of a machine-to-machine format for sharing cyber threat information during a March 7 hearing

Tech Insight: How To Protect Against Attacks Via Your Third-Party Vendors (Dark Reading) Third-party business connections often provide attackers easy, unfettered access to bigger, richer networks

Navy network hack has valuable lessons for companies (CSO) Marine Corps databases did not receive proper updates, leaving them vulnerable to an SQL injection

Design and Innovation

4 Signs You're Being Digitally Disrupted (InformationWeek) Accenture exec Mark McDonald offers four not-so-obvious signs you may be falling victim

Research and Development

Collecting Cookie Data And Still Protecting Privacy (Red Orbit) The browser cookie has long been debated as a troubling side effect of the Internet. Privacy advocates and consumers fear that data collected from cookies are used in nefarious ways. However, publishers typically use the data to understand a site's visitors and target advertising

You've Never Heard Of Quantum Encryption, But It's The Technology That 'Keeps Our Digital World Running Smoothly' (Business Insider) We use encryption all the time, whether we acknowledge it or not

Android malware detection boosted by university research (CSO) Researchers from North Carolina State University have found a way to monitor for Android malware with very low overhead

Academia

ACSA Teams With HP and CRA-W to Increase Cyber Security Scholarships for Women (Broadway World) Applied Computer Security Associates (ACSA), the non-profit sponsor of major cybersecurity research conferences, announced the expansion of the "Scholarship for Women Studying Information Security" (SWSIS) through relationships with HP, and the Computing Research Association's Committee on the Status of Women in Computing Research

UTSA faculty recognized for cyber security expertise (San Antonio Business Journal) A national cyber security group has recognized two University of Texas at San Antonio faculty among its newest class of Distinguished Fellows

Legislation, Policy, and Regulation

China blames terrorism on technologies to bypass Internet censorship (IT World) China is blaming technology used to bypass China's censorship systems for recent terrorist attacks, suggesting that the government is considering tighter controls on the country's Internet

Erdogan weighs Turkish ban against Facebook and YouTube (Financial Times) Recep Tayyip Erdogan has suggested Turkey could ban Facebook and YouTube after elections this month, in his latest response to a series of leaks of his private conversations on the internet

'Search Parliament for bugs': IT commission (The Local (German Edition)) The German Parliament should be thoroughly searched for security leaks and bugs, government cyber security experts will recommend on Thursday

Country to coordinate with foreign agencies to tackle cyber data theft (Oman Tribune) Pakistan has introduced precautionary measures in Prevention of Electronic Crimes Act 2014 that is likely to help enhance cooperation and information sharing with foreign agencies and even conduct joint investigation concerning offences related to unauthorised interception of data by any foreign element

NSA created 'European bazaar' to spy on EU citizens, Snowden tells European Parliament (IT World) National spy agencies across Europe are allowing the NSA to piece together their data into a larger picture, Snowden said

US network to scan workers with secret clearances (AP via the Houston Chronicle) U.S. intelligence officials are planning a sweeping system of electronic monitoring that would tap into government, financial and other databases to scan the behavior of many of the 5 million federal employees with secret clearances, current and former officials told The Associated Press

Alexander: U.S. Must Address Media Leaks, Cyber Legislation (American Forces Press Service) Leaks to the media of classified information and the need for cyber legislation were key elements of a speech this week by Army Gen. Keith B. Alexander, commander of U.S. Cyber Command and director of the National Security Agency

I, journalist: public enemy number one (CSO) The journalists are the problem with global security? Well, if General Keith Alexander had his way they'd all be rounded up and dropped in a deep dark hole. Seems that his frustration has gotten the better of him

Walsh bill aims to rein in federal spying (Helena Independent Record) Sen. John Walsh, D-Mont., introduced his first bill Thursday, to restrict the ability of federal security agencies to secretly collect phone records and other personal data on U.S. citizens

House Subcommittee Delves Into Cyber Security (MoneyNews) Due to a highly publicized spate of security breaches at major retailers, continuing a pattern that has persisted for years, cyber security has already developed into one of the big stories of 2014. Accordingly, the House Financial Services Committee's Subcommittee on Financial Institutions and Consumer Credit held a hearing titled "Data Security: Examining Efforts to Protect Americans' Financial Information," featuring panels representing, first, the Secret Service and the Department of Homeland Security, and then the affected industries and a Democratic witness from U.S. Public Interest Research Group (PIRG)

Litigation, Investigation, and Law Enforcement

Court: NSA can't keep metadata past 5 years (Politico) A judge has denied the federal government's request to allow the National Security Agency to keep telephone metadata past the current five-year maximum in order to preserve the information for use in pending lawsuits

ACLU asks appeals court to undo phone data ruling (AP via the Washington Post) A federal appeals court should outlaw the National Security Agency's collection of millions of Americans' telephone records, concentrating searches instead on terror suspects, civil liberties lawyers said in papers filed seeking a reversal of a lower-court judge who ruled the program was legal and necessary to fight terrorism

Privacy groups lodge complaint over Facebook's acquisition of Whatsapp (Naked Security) The Electronic Privacy Information Center (EPIC) and the Center for Digital Democracy (CDD) have filed a complaint with the Federal Trade Commission against Facebook's recent acquisition of WhatsApp in a deal worth $19 billion

'Stingray' device tracks cell phones, allows eavesdropping on calls, prompts civil liberties worries (Washington Examiner) The National Security Agency apparently isn't the only government agency engaged in domestic spying. Some local law enforcement agencies are playing the role of Big Brother, too, but to what extent is still unknown

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Reducing the Nation's Cyber Risk: White House Insights on the President's Critical Infrastructure Framework (New York, New York, USA, March 11, 2014) The Fordham School of Professional and Continuing Studies and the Fordham Computer and Information Science Department present this informative panel, open and free to the public.

cybergamut Technical Tuesday: Virtualization Technologies in Cyberwarfare (Columbia, Maryland, USA, March 11, 2014) Virtualization is often talked about in the context of cloud computing, cost savings and enterprise environments. In this talk, Jason Syversen of Siege Technologies will introduce Intel, AMD and ARM virtualization...

Nuclear Regulatory Commission ISSO Security Workshop (, January 1, 1970) Exhibitors will have the opportunity to showcase cutting-edge products and services available in today's market. All companies specializing in products and services that would benefit the NRC workforce...

ICS Summit 2014 (Lake Buena Vista, Florida, US, March 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset...

27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference (, January 1, 1970) The 27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference will be held at the National Institute of Standards and Technology on March 18-20, 2014, exhibits will be...

Suits and Spooks Singapore (, January 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate...

MCT-Congress: Going Mobile with Clinical Trials (Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...

Cyber Security for Energy & Utilities (, January 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the...

Veritas 2014 (, January 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the...

Black Hat Asia (, January 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four...

SEC Cybersecurity Roundtable (Washington, DC, USA, March 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies,...

Cyber Security Management for Oil and Gas (, January 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security...

ISSA Colorado Springs — Cyber Focus Day (Colorado Springs, Colorado, USA, March 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).

CyberBiz Summit (Linthicum, Maryland, USA, March 28, 2014) Learn first-hand how to get your cyber business started, how to raise capital, and what to do to make it happen. Join us for four informative sessions, networking and breakfast at the BWI Westin on Friday,...

Corporate Counter-Terrorism: the Role of Private Companies in National Security (Washington, DC, USA, March 28, 2014) The 2014 American University Business Law Review Symposium will address the growing role of corporate America in governmental counter-terrorism programs, including the bulk metadata and PRISM surveillance...

SyScan 2014 (Singapore, March 31 - April 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and...

Interop Conference (, January 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.