Russia's increasingly thorough imperial pacification of Crimea continues apace. The weekend saw a surge in cyber operations associated with the incursion.
Most noteworthy, however, is several security firms' independent disclosure—G Data, BAE, F-Secure, Symantec, and Kaspersky prominent among them—of a large, capable cyber espionage campaign active in several countries. Variously called "Turla," "Snake," and "Uroboros," depending upon who independently discovered it, the malware framework appears to an evolutionary variant of RedOctober and Agent.BTZ. Among its features is a novel bypass of Microsoft's Driver Signature Enforcement. The malware has been found in at least nine countries, but BAE at least unambiguously calls Ukraine the target.
While some researchers (notably G Data) decline to attribute Turla/Snake/Uroboros to any particular actor, BAE and an analyst from the Center for Strategic and International Studies do note Russian security service fingerprints ("pawprints," says CSIS) on the code. Commendable (if prim) reticence aside, the consensus attribution is to the Russian government.
Hacktivists sympathetic to the Ukrainian side appear to have taken down Russian media site Rossiyskaya Gazeta. India (with at best a very small dog in the fight) suffers collateral damage as its embassy network is hacked to get at Russian arms exporter Rosoboronexport; Indian dealings with Russian defense firms and associated sensitive information appear also to have been exposed.
Elsewhere, hacktivists gear up one of their regular campaigns against Israel. These have recently tended to fizzle; the first attacks are promised today.
Hackers kick Mt. Gox while it's down, claiming evidence of fraud.
Today's issue includes events affecting Belgium, China, Colombia, Finland, Georgia, Germany, Hungary, India, Israel, Italy, Lithuania, Pakistan, Romania, Russia, Turkey, Ukraine, United Kingdom, United States..
Framework For Massive Cyber Attack Discovered in US And European Networks (The News Reports) IT security experts across Europe and America believe they have discovered the skeleton or framework for a huge malicious software (malware) attack across networks. Those investigating the existence of this sophisticated system tool virus have in different countries given it different names — Uroburos, Turla and Snake — based on repeated letters found in the coding and the fact that it seems to slither through entire networks. It seems, however, that they have all independently been looking at the same code
Malware uses new technology to bypass Windows' kernel protection(G Data Security Blog) Uroburos was already described as a very sophisticated and highly complex malware in our G Data Red Paper, where we had a look at the malware's behavior. This assumption is again supported, looking at its installation process. Uroburos uses a technique not previously known to the public to bypass Microsoft's Driver Signature Enforcement, an essential part of Windows' security
Ukrainian hackers break into Russian newspaper website (Voice of Russia) Early on Friday, March 7th, the website of the Rossiyskaya Gazeta daily came under hack attack. When the news was being prepared, the server sent an internal error message to the site. The downforeveryoneorjustme service has confirmed that the website has gone offline
Planned Cyber Attacks Against Israel(Israel Defense) According to experts of Aman group, ClearSky and Terrogence, the State of Israel is facing two campaigns of cyber attacks in the coming month. The first will be tomorrow (10.3) and the second on the 7.4. Both the attacks are part of the "Hacktivists month"
Anonymous hackers uncover alleged proof of MtGox fraud from site's CEO(Ars Technica) "It's time MTGOX got the bitcoin communities wrath instead of Bitcoin getting Goxed." Following the MtGox Bitcoin exchange losing millions to a hack and filing for bankruptcy, anonymous attackers took over the personal blog and reddit account of MtGox CEO Mark Karpeles on Sunday. After seizing control, the hackers posted (Pastebin) a message to the two spaces detailing their findings and the reasoning behind the attack
Hackers attacked bankrupt Bitcoin exchange(Money) Bitcoin exchange MtGox faced a massive hacker offensives last month, coming under 150,000 DDoS attacks a second for several days ahead of its spectacular failure, a report says
Cisco flaws put routers back in the dock(SC Magazine) A major flaw in Cisco's routers has been revealed just days after research firm Team Cymru reported it had found over 300,000 other routers infected with malware. Cisco issued a patch for its vulnerability on 5 March. The problem lies in the web management interface of its leading Cisco RV215W and CVR100W Wireless-N VPN routers, which could allow a remote attacker to take control of them
Managed Web-based 300 GB/s capable DNS amplification enabled malware bot spotted in the wild(Webroot Threat Blog) Opportunistic cybercriminals continue 'innovating' through the systematic release of DIY (do-it-yourself), Web-based, botnet/malware generating tools, seeking to monetize their coding 'know-how' and overall understanding of abusive/fraudulent/malicious TTPs (tactics, techniques and procedures) — all for the purpose of achieving a positive ROI with each new release. We've recently spotted a newly released, Web-based DNS amplification enabled DDoS bot, and not only managed to connect it to what was once an active DDoS attack, but also, to the abuse of a publicly accessible open DNS resolver which has been set up for research purposes
McAfee: Cybercrime-As-A-Service Led To Credit Card Breach, While Mobile "Malware Zoo" Grew 197% In Q4(TechCrunch) It looks like the rise of the "as a service" model, where people can buy software, platform access, security and more from a cloud-based provider for a fixed term, may have spawned its Damien: cybercrime as a service. The latest report from McAfee notes that the rush of point-of-sale credit card breaches that hit consumers in Q4 of last year — most notably at Target but other retailers as well
North Dakota University System hacked, roughly 300K impacted(SC Magazine) The North Dakota University System (NDUS) is notifying more than 290,000 former and current students and roughly 780 faculty and staff that their personal information — including Social Security numbers — may be at risk after an unauthorized party gained access to one of its servers
Security Patches, Mitigations, and Software Updates
Five bulletins, two critical in Patch Tuesday this month(FierceCIO: TechWatch) Microsoft will be releasing a total of five updates for March 2014, according to the latest Microsoft Security Bulletin Advance Notification that was released. The relatively lightweight update consists of two "critical" updates with the final three pegged as "important." Critical bulletins should be attended to as soon as possible and usually also require a system reboot
Your Biggest Cyber Security Threat May Be Right Under Your Nose(Forbes) When you're online dealing with matters involving your bank, your bill payments, your investments, your healthcare, or your next purchase from Amazon, I bet that security is top of mind. You don't want your information hacked somewhere along the way. But what about when you're gaming? Or, for parents: what about when your kids are gaming? Do you think about security then? Perhaps not
The Churn: Kaye Scholer Adds Cybersecurity Expert, Plus More Lateral Moves(American Lawyer) The newest hire at Kaye Scholer, Adam Golodner, will head the firm's new global cybersecurity and privacy group. Based in Washington, D.C., Golodner is a former Cisco Systems executive whose practice focuses on global legal and policy issues related to cybersecurity and privacy, including policy and regulatory advocacy, litigation, corporate governance and transactions
Open Networking Summit: Brocade Adds OpenFlow Support(Data Center Knowledge) At the Open Networking Summit in Santa Clara, California this week Pluribus Networks announced inNetwork Analytics, Procera Networks' NAVL Engine was selected by GFI Software, and Brocade launches support for OpenFlow 1.3 across its IP portfolio of products
MasterCard, Visa form group to push for better card security(Reuters via the Orlando Sentinel) Visa Inc and MasterCard Inc said they had launched a cross-industry group to improve security for card transactions and press U.S. retailers and banks to meet a 2015 deadline to adopt technology that would make it safer to pay with plastic
Collecting Cookie Data And Still Protecting Privacy(Red Orbit) The browser cookie has long been debated as a troubling side effect of the Internet. Privacy advocates and consumers fear that data collected from cookies are used in nefarious ways. However, publishers typically use the data to understand a site's visitors and target advertising
ACSA Teams With HP and CRA-W to Increase Cyber Security Scholarships for Women (Broadway World) Applied Computer Security Associates (ACSA), the non-profit sponsor of major cybersecurity research conferences, announced the expansion of the "Scholarship for Women Studying Information Security" (SWSIS) through relationships with HP, and the Computing Research Association's Committee on the Status of Women in Computing Research
Country to coordinate with foreign agencies to tackle cyber data theft(Oman Tribune) Pakistan has introduced precautionary measures in Prevention of Electronic Crimes Act 2014 that is likely to help enhance cooperation and information sharing with foreign agencies and even conduct joint investigation concerning offences related to unauthorised interception of data by any foreign element
US network to scan workers with secret clearances(AP via the Houston Chronicle) U.S. intelligence officials are planning a sweeping system of electronic monitoring that would tap into government, financial and other databases to scan the behavior of many of the 5 million federal employees with secret clearances, current and former officials told The Associated Press
Alexander: U.S. Must Address Media Leaks, Cyber Legislation(American Forces Press Service) Leaks to the media of classified information and the need for cyber legislation were key elements of a speech this week by Army Gen. Keith B. Alexander, commander of U.S. Cyber Command and director of the National Security Agency
I, journalist: public enemy number one(CSO) The journalists are the problem with global security? Well, if General Keith Alexander had his way they'd all be rounded up and dropped in a deep dark hole. Seems that his frustration has gotten the better of him
Walsh bill aims to rein in federal spying(Helena Independent Record) Sen. John Walsh, D-Mont., introduced his first bill Thursday, to restrict the ability of federal security agencies to secretly collect phone records and other personal data on U.S. citizens
House Subcommittee Delves Into Cyber Security(MoneyNews) Due to a highly publicized spate of security breaches at major retailers, continuing a pattern that has persisted for years, cyber security has already developed into one of the big stories of 2014. Accordingly, the House Financial Services Committee's Subcommittee on Financial Institutions and Consumer Credit held a hearing titled "Data Security: Examining Efforts to Protect Americans' Financial Information," featuring panels representing, first, the Secret Service and the Department of Homeland Security, and then the affected industries and a Democratic witness from U.S. Public Interest Research Group (PIRG)
Litigation, Investigation, and Law Enforcement
Court: NSA can't keep metadata past 5 years(Politico) A judge has denied the federal government's request to allow the National Security Agency to keep telephone metadata past the current five-year maximum in order to preserve the information for use in pending lawsuits
ACLU asks appeals court to undo phone data ruling(AP via the Washington Post) A federal appeals court should outlaw the National Security Agency's collection of millions of Americans' telephone records, concentrating searches instead on terror suspects, civil liberties lawyers said in papers filed seeking a reversal of a lower-court judge who ruled the program was legal and necessary to fight terrorism
Nuclear Regulatory Commission ISSO Security Workshop(, January 1, 1970) Exhibitors will have the opportunity to showcase cutting-edge products and services available in today's market. All companies specializing in products and services that would benefit the NRC workforce...
ICS Summit 2014(Lake Buena Vista, Florida, US, March 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset...
Suits and Spooks Singapore(, January 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate...
MCT-Congress: Going Mobile with Clinical Trials(Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...
Cyber Security for Energy & Utilities(, January 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the...
Veritas 2014(, January 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the...
Black Hat Asia(, January 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four...
SEC Cybersecurity Roundtable(Washington, DC, USA, March 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies,...
Cyber Security Management for Oil and Gas(, January 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security...
ISSA Colorado Springs — Cyber Focus Day(Colorado Springs, Colorado, USA, March 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).
CyberBiz Summit(Linthicum, Maryland, USA, March 28, 2014) Learn first-hand how to get your cyber business started, how to raise capital, and what to do to make it happen. Join us for four informative sessions, networking and breakfast at the BWI Westin on Friday,...
SyScan 2014(Singapore, March 31 - April 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and...
Interop Conference(, January 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.