skip navigation

More signal. Less noise.

Daily briefing.

The G20 summit seems to have been largely undisturbed by hacktivism, but there are reports of widespread Chinese government intrusion into Australian media networks, and of unattributed RAT-enabled surveillance of pro-Tibetan protestors in Brisbane.

The other dog that didn't bark over the weekend was the threatened Anonymous action protesting Israeli policy concerning the al Aksa mosque.

In the US, NOAA confirms that its weather data were interrupted by a probable Chinese cyber attack (and the agency receives criticism for its delay in notifying Congress). The State Department shut down its unclassified email system for security upgrades; reports suggest the Department noticed "anomalies" around the time the White House unclassified networks were hacked, and that these prompted the security enhancements.

Attacks on NATO and European governments conducted through Tor networks appear, says F-Secure, to be the work of a state. F-Secure primly leaves that state unnamed, but it's widely held to be Russia.

Other research into Tor finds that its users can be de-anonymized through traffic analysis.

A new ransomware variant treats victims as if they were prospective customers, offering them one free decryption.

A new Bashlite variant attacks routers and other devices running on BusyBox.

US-CERT warns against Masque; Apple says Masque is a minor issue.

Microsoft users experience problems with last week's Schannel patch.

In industry news, companies increase cyber security spending, and hire cyber firms for wider consultation. KPMG buys German cyber firm P3. Businesses increasingly see cyber insurance coverage as a necessity.

Chinese authorities arrest WireLurker suspects.

Notes.

Today's issue includes events affecting Australia, China, France, Germany, India, Iraq, Israel, Jordan, Malaysia, NATO, New Zealand, Palestinian Territories, Russia, Spain, Syria, Ukraine, United Kingdom, United States, Vanuatu, and Vietnam.

Those interested in US Federal law enforcement will find the CyberWire's exclusive interview with FBI Special Agent Keith Mularski interesting, particularly his observations on the role indictment and trial play in attribution of cyber attacks.

Cyber Attacks, Threats, and Vulnerabilities

Cybersecurity strikers target G20: Symantec (Scoop) Symantec has warned the upcoming G20 Summit is an attractive target for the 'Flea attack group' — malicious cybersecurity strikers

Chinese hackers 'breach Australian media organisations' ahead of G20 (Australian Broadcasting Corporation) A Chinese hacking group believed to be affiliated with the Chinese government has penetrated Australian media organisations ahead of this weekend's G20 meeting, a global cyber security expert says

Hackers target pro-Tibet G20 protesters (The Age) Cyber criminals have targeted G20 protesters through a malicious email that hacks into a recipient's computer camera and uses it to spy on the owner

NOAA weather data interruption due to alleged Chinese cyber attack (Ars Technica) NOAA shut down access to systems but failed to report intrusion for a month

Reports: State Department admits intrusion into unclassified email (IDG via CSO) The U.S. State Department's unclassified email system was taken offline over the weekend for security improvements, a scheduled event, but officials conceded suspicious activity had been previously detected, according to media reports

Evidence implicates government-backed hackers in Tor malware attacks (Guardian) OnionDuke malware linked to MiniDuke hacker tools, which are thought to have been used to target Nato and European governments

81 percent of Tor clients can be identified with traffic analysis attack (Security Affairs) The research revealed that more than 81 percent of Tor clients can be de-anonymized by exploiting a new traffic analysis attack based on Netflow technology

Hacker group Anonymous threatens to target Israeli websites (Israel Hayom) Intended cyber attack on banking and defense sites is touted as Anonymous' answer to "the ongoing Israeli attacks on the Al-Aqsa mosque." Security expert: These types of threats are frequently made and in most cases the damage is minor

Anonymous targets Ku Klux Klan during latest operation (CSO) After the Ku Klux Klan (KKK) promised to use lethal force against protestors in Ferguson, Mo., supporters of Anonymous launched OpKKK. On Sunday, the faceless, loosely associative collective hijacked two KKK Twitter accounts, and used DDoS to disable several KKK-related websites

Fake Viber Spam Changes Routines Based on Platform (TrendLabs Security Intelligence Blog) Earlier this week, we noticed that there was a spike in the volume of spammed messages that pretend to come from the messaging service Viber. This app, which also has a desktop version, allows users for free calls and messages. The email informs the recipient that they have one voice message for their account

New Encryption Ransomware Offers File Decryption Trial (Softpedia) Cybercriminals have adapted their ransomware game to a more user-friendly variant of crypto-malware to get the victims pay the unlock fee and even included a trial for the file decryption feature

Trojan Rovnix Infects More Than 130K UK PCs, Finds BitDefender (Spamfighter News) BitDefender has cautioned that more than 130K PCs inside United Kingdom are tainted because of Trojan Rovnix, the info-grabbing malware, within one botnet operation particularly victimizing high-profile entities across the country

'Bashlite' Malware Leverages ShellShock In BusyBox Attack (Dark Reading) A new version of Bashlite aims to get control of devices running on BusyBox, such as routers

A fresh C93 phishing Scam targeting Microsoft's Windows Outlook Users (Security Affairs) Scammers have unleashed a C93 virus scare, targeted at Microsoft's Windows outlook users in a wide phishing campaign aimed at stealing users' login credentials. The scam is similar to earlier phishing campaign targeted at Hotmail users raising suspicions that the same fraudsters could be involved

US Govt. warns Apple iOS Users over "Masque Attack" (The Next Digit) The US Computer Emergency Readiness Team has warned the Apple users about the Masque attack, which is a new bug that enables the hackers to steal important info from iPhones and iPads. If you are very curious about the "Masque Attack," watch the video posted at the end of this post

This is Apple's response to the 'Masque Attack' malware vulnerability (HITC Tech) Apple has issued a response to recent reports that iOS 8 is susceptible to malware attacks. After multiple reports this week discovered malicious software attacks could steal important data from the devices of iOS 8 users, Apple has issued a reply claiming they are unaware of any customers currently affected by the attack

Let the right one in: Apple uses two doors to manage malware (MacWorld) Two recent security incidents, WireLurker and Masque Attack, highlight both the ease and difficulty of slipping malware onto iOS. But they also show the way in which Apple may have infantilized its audience into not knowing the right choice to make when presented with a genuine security flaw

Exploitation of Philips Smart TV (fred's notes) My Philips Smart TV is a Linux box standing there in my living room : that's a sufficient reason to try to get root

Default ATM passcodes still exploited by crooks (Help Net Security) Once again, ATMs have been "hacked" by individuals taking advantage of default, factory-set passcodes

Hacking the Ayatollahs (Wall Street Journal) The Stuxnet virus opened and closed valves on Iranian centrifuges and adjusted their power supply as false readings were fed to operators

Security Patches, Mitigations, and Software Updates

Microsoft Updates MS14-066 (Internet Storm Center) Microsoft updated MS14-066 to warn users about some problems caused by the additional ciphers added with the update. It appears that clients who may not support these ciphers may fail to connect at all. The "quick fix" is to remove the ciphers by editing the respective registry entry (see the KB article link below for more details)

Issues Arise With MS14-066 Schannel Patch (Threatpost) Some users who have installed the MS14-066 patch that fixes a vulnerability in the Schannel technology in Windows are having issues with the fix causing TLS negotiations to fail in some circumstances

HP Ramps Up Mobile Payments Reach (TechWeek Europe) HP has announced a major expansion to its mobile payments capacity as it looks to improve the safety and security of transactions made using mobile devices

Mastercard and Visa to kill off password authentication (Register) Mastercard and Visa are removing the need for users to enter their passwords for identity confirmation as part of a revamp of the existing (oft-criticised) 3-D Secure scheme

Cyber Trends

The top infosec issues of 2014 (CSO) Security experts spot the trends of the year almost past

Privacy is the new killer app (Computerworld) You can't just be good. You have to be secure

3 emerging threats to healthcare privacy and security (FierceHealthIT) New risks have upped the ante for HIPAA security and privacy officers and increased fines have many on edge. Particularly in the aftermath of the Community Health Systems (CHS) breach, which put 4.5 million patient records at risk across 29 states and 206 hospitals, last year's risk assessments look woefully inadequate for many healthcare systems and practices. What's worrying privacy and security officers this year?

Trend Micro: Hackers will increasingly target online banks (The Star) Online banks will become a big target for hackers and the number of attacks are expected to increase next year, according to security company Trend Micro

Survey shows Android attack trends (IT Online) According to the results of the Mobile CyberThreat survey carried out by Kaspersky Lab and Interpol between August 2013 and July 2014, malicious programs targeting Android-based devices in order to steal their owners' money were used in 60% of attacks registered by Kaspersky Lab security products

STUDY: Average Fortune 100 Brand Has 320 Social Media Accounts (AllFacebook) The average Fortune 100 brand has 320 social media accounts, up 80 percent over the past three years, according to a new study from security-as-a-service provider Proofpoint

Majority of Firms Would Hire Ex-Cons as Cyber-Security Pros (Infosecurity Magazine) Over half of senior IT and HR professionals would consider hiring former hackers in a bid to overcome crippling cyber-security skills gaps and shortages, according to new research from consultancy KPMG

A third of Indian companies vulnerable to cyber attacks: Report (Economic Times) Nearly a third of Indian organisations do not possess the knowledge to prevent cyber attacks even as the information technology world is turning increasingly vulnerable, a recent study has found

Marketplace

FireEye CEO: More Firms Looking to Cybersecurity Vendor for Operational Guidance (Wall Street Journal) Companies now reach out to the Silicon Valley security firm for a number of operational issues too, such as whether they have proper liability insurance for directors and officers, or if board members have an appropriate level of cybersecurity experience

Companies spending more on cybersecurity (FierceCFO) Survey shows nearly three quarters of companies are spending more to prevent or mitigate cyberattacks

Will cloud, security hires break the bank in 2015? (FierceCIO) Big data and data analytics have been grabbing much of the headlines this year for top IT job demand. But CIOs are being warned to brace for an extremely competitive market for IT security professionals and virtually any cloud-related jobs in 2015, both of which should push salaries up significantly

Security testing market grow at CAGR of 14.9% to reach $4.96 billion by 2019 (WhaTech) Security testing refers to a set of activities performed to locate and isolate the flaws in the security mechanisms of a software or application to ensure data protection and functionality as intended

KPMG Acquires German Cyber Security Firm (TechWeek Europe) KPMG has completed the acquisition of P3, a privately-owned German cyber-security firm that provides risk management, security assessments, and mobile and fixed network protection to clients across the financial services sector

CyberArk Software shares spike after company beats Q3 revenue, earnings estimates (Boston Business Journal) Shares of CyberArk Software (Nasdaq: CYBR), a Newton-based firm providing IT security from internal threats, were up 18 percent Thursday after the company reported strong-than-expected earnings and revenue for the third quarter

ThetaRay turns to math to detect cyber threats (Haaretz) Israeli start-up aims to provide early detection of threats, enable shutdown of systems before damage can be done

SurfWatch Labs Acquires Cyber Risk Management Technology to Complement its Portfolio of Risk Intelligence Solutions (PRWeb) As part of the acquisition, former Washington Metropolitan Area Transit Authority (WMATA) Chief Information Security Officer, Adam Meyer, joins SurfWatch as Chief Security Strategist

Cyber firm RedOwl Analytics is opening a San Francisco office (Baltimore Business Journal) Baltimore startup RedOwl Analytics is expanding to San Francisco and has hired a new chief operating officer to head up its West Coast business

Canadian security firm expands as cloud demand grows (Computer Dealer News) A Toronto-based data protection company has opened a new office just outside the city as it expands operations to deal with the growing demand for cloud security solutions. Perspecsys Inc., said it new office in Mississauga, Ont. will house a growing team of engineers, sales, product and marketing personnel that will bring its AppProtex Cloud Data Protection Gateway to market

Adobe expands use of Splunk Enterprise (ARN) Adopts Splunk software and Cloud services

Shape Security Appoints Cisco Chief Security Officer John Stewart to Board of Directors (Marketwired) Tech pioneer brings over two decades of expertise in cybersecurity; will support shape in its mission to secure the web

Products, Services, and Solutions

2014 Information Security Readers' Choice Winners (TechTarget) We asked readers to pick the best security products in 22 categories. Find out which products earned top honors in our 2014 Readers' Choice Awards

Android, Windows Phone Withstand Pwn2Own Onslaught (Infosecurity Magazine) Despite headlines about rampant mobile insecurity, both Google Android and Windows Phone have withstood a cyber-battering in the 2014 Mobile Pwn2Own competition

BlackBerry Unveils New Enterprise Security, Mobility Solutions (SecurityWeek) Smartphone maker BlackBerry announced several new offerings targeted to its enterprise customers this week, in order to help organizations securely connect employees and help them access the corporate information and systems required to get their jobs done

New RSA Solution Takes Customers from Hunted to Hunter (Providence Journal) When I meet with customers, I'm always intrigued by how they perceive their organization's cyber risk relative to their security program's maturity. These conversations are invaluable in guiding the development of our product strategy

Cybersecurity Startup Reviews 'App's DNA' to Help CIOs Identify Mobile Malware (CIO Journal) A rise in threats targeting mobile devices, coupled with the fact that people can pick up malware in coffee shops and other connected places, has made managing mobile security more complicated for CIOs. The danger was underscored with the recent discovery of two Apple Inc. iOS vulnerabilities triggered by mobile malware, "Masque Attack" and "Wire Lurker," aimed at iPhones and iPads. New cloud software from startup Lookout Inc. combines machine learning and contextual analytics to protect mobile devices from malicious applications

Sonatype aims to help developers reduce risk from open-source components (PCWorld) Software developers use a large number of open-source components, often oblivious to the security risks they introduce or the vulnerabilities that are later discovered in them

Pompem — Exploit Finder Script & Web Version (Kitploit) Pompem is an open source tool, which is designed to automate the search for exploits in major databases. Developed in Python, has a system of advanced search, thus facilitating the work of pentesters and ethical hackers. In its current version, performs searches in databases

Parrot Security OS - Friendly OS designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, Privacy/Anonimity and Cryptography (Kitploit) Parrot is designed for everyone, from the Pro pentester to the newbie, because it provides the most professional tools combined in a easy to use, fast and lightweight pentesting environment, and it can be used also for an everyday use

Technologies, Techniques, and Standards

Is cyber insurance your last line of defense? (Beta News) The recent spate of payment card breaches that have plagued the retail industry this year has prompted many merchants to consider investing in cybersecurity liability insurance policies to offset the costs associated with a breach recovery. These companies often make this choice based on the belief that the money they've spent to comply with industry security standards has failed to prevent these breaches from occurring, and there seems to be no other alternative. At least one recently filed claim has led to a lawsuit that will put these cybersecurity insurance policies to the test

Cyber-Insurance Now a Necessity (Valley News) More than 3,000 American businesses were hacked last year, many of them small and midsize firms that are often less protected than their multinational counterparts, according to the Center for Strategic and International Studies

After this judge's ruling, do you finally see value in passwords? (CSO) Judge rules authorities can use your fingerprint to unlock your smartphone. What that means for authentication and the future of passwords

Design and Innovation

Carmakers promise they'll protect driver privacy — really (Computerworld) Drivers won't be spammed with ads — unless they agree to it

Research and Development

IBM patents privacy engine for cross-border data sharing (ZDNet) Big Blue says the engine will eventually enable businesses to aggregate international requirements for data transfers and flag any cross-border privacy issues

Socom leaders interested in cloaking technology (Tampa Tribune) In its never-ending search for ways to give commandos an edge in combat, U.S. Special Operations Command is looking to take a page out of the Harry Potter playbook

Academia

Nonprofit Effort Provides Training Programs for Veterans (SIGNAL) Last year, Kade Wolfley held a federal job as an electrician that gave him such little satisfaction he opted to quit and test his luck on an intriguing training program that took him away from his family for 11 weeks and offered no guarantee of employment

Students to Learn Cybersafety With New Program (SIGNAL) National Educator Sweepstakes offers chance for students, parents and educators to win $10,000 grant for their school

Team heads to cyber war competition (Pekin Daily Times) Twelve members of the Limestone Community High School Air Force JROTC invaded Advanced Medical Transport's Peoria headquarters Friday for cyber war games

Changed guidelines lead to more firsts for cybersecurity (Pacific.Scoop) A Vanuatu student has contributed to the ever-increasing list of firsts being achieved by the University of Waikatos cyber security programme. Jeff Garae initially came to the University in 2013 as part of the Ministry of Foreign Affairs and Trade (MFAT)

Legislation, Policy, and Regulation

NATO helps Jordan fend off ISIL cyber threat (NATO/OTAN) Over recent years, cyber attacks have targeted key national security installations in countries around the world, from Estonia's banking system to South Korea's media network. To help counter this growing threat, NATO has been strengthening the cyber defence capabilities of both its member countries and its partners

Russia launches alternative to financial data network Swift after UK proposes ban (ComputerWeekly) Russia is to set up an alternative to the Society for Worldwide Interbank Financial Telecommunication (Swift) to reduce the threat of sanctions on its business from western governments

Why cyber took a back seat in Beijing (FCW) In advance of President Barack Obama's Nov. 11 meeting with Chinese President Xi Jinping, Deputy National Security Adviser Ben Rhodes implied that Obama would be blunt with Xi on what the U.S. sees as China's transgressions in cyberspace, and also try to revive a bilateral working group on the issue. Obama may well have pushed for a breakthrough on cybersecurity in his five-hour meeting with Xi, but one was not forthcoming

Cyber bill's fate hinges on NSA reform (The Hill) The upcoming Senate vote on a bill to reform the National Security Agency (NSA) could make or break legislation on sharing cyber threat information in the lame duck

Cyber bills caught up in turf spat (The Hill) A House jurisdictional fight is holding up cyber legislation, said House Homeland Security Chairman Michael McCaul (R-Texas) in an interview

Facebook, Google and Apple lobby for curb to NSA surveillance (Guardian) A coalition of the biggest names in consumer technology have backed a US bill that would limit surveillance and prevent bulk email collection

U.S. Gov Insists It Doesn't Stockpile Zero-Day Exploits to Hack Enemies (Wired) For years the government has refused to talk about or even acknowledge its secret use of zero-day software vulnerabilities to hack into the computers of adversaries and criminal suspects. This year, however, the Obama administration finally acknowledged in a roundabout way what everyone already knew — that the National Security Agency and law enforcement agencies sometimes keep information about software vulnerabilities secret so the government can exploit them for purposes of surveillance and sabotage

Industry-Government Partnerships Critical To Resiliency Of US Electric Power Grid (HS Today) With the nation's dependence on the electric power grid for support across a number of critical infrastructure sectors — including oil and natural gas, water, transportation, telecommunications and financial sectors — it is becoming increasingly important for government and industry to partner together to strengthen and enhance the resiliency of the US electric power grid

RI Dem: Cybersecurity education should be top priority (The Hill) Cybersecurity education should be policymakers' first priority, a key House Democrat told an industry conference Thursday

Litigation, Investigation, and Law Enforcement

Suspects Tied to WireLurker Malware Arrested in China (Softpedia) The Beijing Municipal Public Security Bureau has arrested three individuals for involvement in the creation and distribution of WireLurker malware that compromises iOS devices and made hundreds of thousands of victims in China

Investigating Federal cyber crime (and why indictments matter) (The CyberWire) Back in December of 2012 at a cyber community event in Baltimore, Special Agent Mularski described his experience breaking up organized cyber criminal gangs. This interview gives us a chance to catch up with him about recent developments in cyber law enforcement

Scotland Yard wages war on 200 cyber crime gangs in London (Standard) Scotland Yard is battling more than 200 organised crime groups engaged in cyber fraud in London, police revealed today

Judges impose rare, stricter requirement for "stingray" use by police (Ars Technica) Washington judges: Locals cops must not collect data from innocent people

DOJ admits its lawyer misled appeals court during oral argument (Ars Technica) Attorney said companies can complain about their NSLs. In reality, they can't

'Microsoft Partner' Claims Fuel Support Scams (KrebsOnSecurity) You can't make this stuff up: A tech support company based in the United States that outsources its work to India says its brand is being unfairly maligned by — wait for it… tech support scammers based in India. In an added twist, the U.S.-based tech support firm acknowledges that the trouble may be related to its admittedly false statements about being a Microsoft Certified Partner — the same false statements made by most telephone-based tech support scams

In Federal crackdown, ex-cop indicted for coaching to beat polygraphs (McClatchy via the Biloxi-Gulfport Sun-Herald) A former Oklahoma City police officer has been indicted on charges of training people to lie about crimes during polygraph tests as part of the Obama administration's unprecedented crackdown on security violators and leakers

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cyber Threats to Critical Infrastructure: A Discussion of Challenges, Responses and Next Steps (Herndon, Virginia, USA, November 18, 2014) The vulnerability of the nation's critical infrastructure to cyber attack or disruption, whether from nation-states, non-state actors, hackers or disgruntled insiders, is of increasing concern to both...

Deepsec 2014 (Vienna, Austria, November 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research...

BugCON (Mexico City, Mexico, November 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows...

Navy Now Forum (Washington, DC, USA, November 19, 2014) Leaders from the Navy will present new initiatives in-depth, providing the audience with a thorough knowledge of the Navy's future plans. During the luncheon, military personnel and industry leadership...

Navy Now Forum: Admiral Rogers (Washington, DC, USA, November 19, 2014) Leaders from the Navy will present new initiatives in-depth, providing the audience with a thorough knowledge of the Navy's future plans. During the luncheon, military personnel and industry leadership...

International Cyber Warfare and Security Conference (Ankara, Turkey, November 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective...

Maintaining Robust Grid Cybersecurity in Expanding Smart Grid Markets (Washington, DC, USA, November 20, 2014) This roundtable will explore how cybersecurity has become an integral component, not just an afterthought, of the critical infrastructure and the energy industry

EDSC 2014 (Seattle, Washington, USA, November 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important...

Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, November 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial...

Cyber Security World Conference 2014 (New York, New York, USA, November 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused...

BSidesVienna (Vienna, Austria, November 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.