skip navigation

More signal. Less noise.

Daily briefing.

A major false alarm — Turkey's widespread power blackout apparently was not, as early reports blared, the result of a cyber attack — rattled users of the European electrical grid at midweek. While the disruption was contained and remediated, observers warn that power grids throughout the developed world remain vulnerable to cyber attack. Their warnings also have broader application to ICS/SCADA networks.

Israeli sources, led by Check Point, continue to point to Lebanon as the source of the Volatile Cedar espionage campaign. Attribution wavers between the Lebanese government and unnamed "political groups."

The Laziok reconnaissance and industrial espionage Trojan Symantec reported this week is decidedly not a cutting-edge tool, but that doesn't matter. It's been able successfully to exploit a flaw in Windows Active X Control that was patched back in 2012. This highlights, of course, the importance of patching, and of keeping systems up-to-date. (Coincidentally, NetMarketShare reports that Windows XP — support for which ended on April 8, 2014 — still has more users than its Windows 8 successor, which is hardly good news from the herd immunity point-of-view.)

The denial-of-service attack that began afflicting GitHub last week, now by consensus attributed to the Chinese government, might have been mitigated by more widespread use of https (or so says the Electronic Frontier Foundation).

Several reports track trends in cyber criminal markets.

In industry news, CipherCloud buys Anicut Systems, CACI acquires LTC Engineering Associates, and Motorola Solutions buys PublicEngines.

President Obama's "national emergency" Executive Order on sanctions for cyber attacks draws foreseeably mixed reactions.

Notes.

Today's issue includes events affecting Algeria, Belgium, Denmark, Estonia, European Union, Finland, Germany, Ireland, Latvia, Lithuania, Morocco, Norway, Sweden, Tunisia, Turkey, United Arab Emirates, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Turkey blackout not cyber attack, no risk to Europe power link-up (Reuters) A power outage that blacked out most of Turkey on Tuesday was not due to a cyber attack and will not threaten a deal to link up with European grids, leading energy officials said

Did a cyber attack cause the blackout in Turkey? (Daily Sabah) After a nationwide blackout across Turkey on Tuesday, different scenarios for reasons for the power outage have been circulating

Turkey's 10-Hour Blackout Shows Threat to World Power Grids (Bloomberg) A massive power failure that crippled life in Turkey for almost 10 hours on Tuesday highlights the threats facing electricity grids worldwide

Texas Electric Grid Vulnerable To Cyber-Attack (KEYE TV) The warnings are getting louder and louder. "It's not a question of if," said Chris Humphreys with The Anfield Group. "It's a question of when." Energy security experts say the grid is vulnerable

Inside the rickety, vulnerable systems that run just about every power plant (IT World) In 1982, at the height of the Cold War, a vast explosion, visible from space, lit up Siberia. NORAD and others in the U.S. defense establishment worried: was this a nuclear test, or a missile being launched from a region where nobody had suspected that missies were stored? But no: it turns out the explosion, one of the largest non-nuclear blasts ever created, came from a remote area of the new Trans-Siberian Pipeline. And according to Thomas C. Reed, a U.S. National Security Advisor at the time, it was an audacious act of sabotage by U.S. intelligence

Stuxnet Five Years Later: Did We Learn The Right Lesson? (Dark Reading) No! That's despite an abundance of best practices and standards that are shining light into the dark corners of industrial control system security

Israeli security group blames Lebanon for major spying campaign (Lebanese Examiner) An Israeli security firm is pointing fingers at Lebanon after claiming to have discovered a spying campaign that "likely" originated with a government agency or political group in Lebanon

Mystery 'Explosive' cyber-spy campaign traced back to Lebanon (Register) Round up the unusual suspects, you know the drill

Laziok Trojan Exploits Three Year-Old Windows Flaw (Dark Reading) Data-stealing malware relies on old bug to break into systems at energy companies

Unsophisticated Trojan Malware Targets Middle East Energy Companies: Symantec (International Business Times) Cybersecurity specialist Symantec has exposed a new kind of malicious software that is being used as part of an ongoing international espionage campaign. The malware, dubbed Trojan.Laziok, has primarily targeted energy companies in the Middle East, though who first deployed it remains unclear

Pin-pointing China's attack against GitHub (Errata Security Blog) For the past week, the website "GitHub" has been under attack by China. In this post, I pin-point where the attack is coming from by doing an http-traceroute

Wider use of HTTPS could have prevented attack against GitHub (IDG via CSO) EFF said the GitHub attack reinforces the case for using HTTPS

'Revolution' Crimeware & EMV Replay Attacks (KrebsOnSecurity) In October 2014, KrebsOnSecurity examined a novel "replay" attack that sought to exploit implementation weaknesses at U.S. financial institutions that were in the process of transitioning to more secure chip-based credit and debit cards. Today's post looks at one service offered in the cybercrime underground to help thieves perpetrate this type of fraud

Ransomware surges in early months of 2015 (Computer Business Review) Variants of CryptoLocker multiply as hackers try to innovate

Critical Vulnerabilities Affect JSON Web Token Libraries (Theatpost) Critical vulnerabilities exist in several JSON Web Token (JWT) libraries — namely the JavaScript and PHP versions — that could let an attacker bypass the verification step

Google Ad Injectors Affect 1 In 20 Visitors (InformationWeek) If you're seeing extra or unusual ads, you may have an unwanted ad injector

NewPosThings Has New PoS Things (TrendLabs Security Intelligence Blog) Arbor Networks initially posted about a new point-of-sale (PoS) malware family named NewPosThings last September, which we detect as either TSPY_POSNEWT.SM or TSPY_POSNEWT.A. We are now seeing new developments in this area — namely, versions for 64-bit and higher

Angler Exploit Kit — Recent Traffic Patterns (Internet Storm Center) Angler exploit kit (EK) has changed URL patterns (again) during the past month. I infected a Windows host so we can take a closer look. Let's see what Angler has been up to. First, here are the Angler EK URL patterns noted in traffic from an infected host

Caution! New SMS scam! (Panda Media Center) We have seen many scams involving text messages, the most recent one in Spain a few days ago; crooks sent innocent users this SMS

Is it safe to use public Wi-Fi networks? (Network World) Wi-Fi has significantly changed the way we work and play, enabling us to interact with the digital world from anywhere in the physical world. Furthermore, free Wi-Fi access is on the rise, from local coffee shops to international restaurant chains. However, the convenience of free Wi-Fi comes with some real threats, from computer viruses to identity theft

Security Patches, Mitigations, and Software Updates

Mozilla Adds Opportunistic Encryption for HTTP in Firefox 37 (Threatpost) Mozilla has released Firefox 37, and along with the promised addition of the OneCRL certificate revocation list, the company has included a feature that enables opportunistic encryption on connections for servers that don't support HTTPS

Stable Channel Update (Google Chrome Team) The stable channel has been updated to 41.0.2272.118 for Windows, Mac and Linux. A partial list of changes is available in the log

Google clamps down on ad injectors after 100,000 Chrome users complained (Naked Security) Google has picked a fight with ad injectors — programs that insert adverts into the pages you visit while browsing the web — following complaints from more than 100,000 of its Chrome users

Google fixed a vulnerability that allowed any YouTube user to delete any video (Quartz) Everybody makes mistakes. Google caught a big one before it was too late

Google Drops Trust in Chinese Certificate Authority CNNIC (Threatpost) Google has taken the unusual step of completely removing trust from Chrome for the Chinese certificate authority CNNIC in the wake of an incident in which certificates issued by the CA were misused

Cyber Trends

Why nation-state cyber warfare should be keeping you up at night (Information Age) If you think that nation-state cyber warfare has no influence over your company's IT security, think again

"Your location has been shared 5398 times" — Do we need a privacy assistant on our smartphones? (Naked Security) Do you know how much information your smartphone is giving away to app makers and advertisers?

Marketplace

CipherCloud Acquires Anicut Systems — Adaptive Security as a Service (Converge!) CipherCloud, which provides cloud visibility and data protection, announced the acquisition of Anicut Systems, a privately held provider of adaptive security as a service. Financial terms were not disclosed

CACI International (CACI) Announces Acquisition of LTC Engineering Associates (Street Insider) CACI International (NYSE: CACI) has acquired LTC Engineering Associates, Inc., a highly specialized provider of technical engineering solutions and services to the Intelligence and Department of Defense communities in the areas of software engineering, cybersecurity, signals intelligence (SIGINT) and communications intelligence (COMINT), and digital signals processing

Motorola Solutions Advances Smart Public Safety Innovation with PublicEngines Acquisition (BusinessWire) Transaction adds crime analysis, predictive policing and citizen engagement applications to cloud-based solutions

HyTrust raises $25M to grow cloud security business (Silicon Valley Business Journal) Cloud security startup HyTrust raised $25 million in Series D funding on Wednesday in addition to securing $8 million in venture debt and credit facilities

Cybersecurity Leader Qualys Posts Superb Earnings Growth (Investor's Business Daily) Shares of Qualys (NASDAQ:QLYS) have been pulling back in what is now looking like a new base for the computer security leader. The stock has been consolidating for nearly four weeks since peaking at 50 on March 5. It's also possible to interpret the chart as a seven-week-old base because the stock hasn't made a new weekly closing high in that period

Why I Prefer Fortinet To Palo Alto Networks As A Long-Term Holding (Seeking Alpha) Shares of cyber-security solutions providers Fortinet and Palo Alto Networks have been doing very well over the past 12 months. This has mainly been orchestrated by the high demand for reliable cyber-security solutions driven by a record number of data breaches being witnessed across diverse industries. Which company is the better long-term prospect?

Fortinet Further Invests in the Middle East region (Zawya) Fortinet® (NASDAQ: FTNT) — a global leader in high-performance cyber security — today announced that it has moved to a new and larger office and at the same time opened a unique Technical Assistance Center in Dubai, UAE

Infinigate adds Damballa to cyber-security arsenal (Channel Pro) US security firm Damballa enlists Infinigate to recruit UK channel partners

Products, Services, and Solutions

Finding the Hidden Cyber Threats in the Power Grid (Green Tech Grid) How N-Dimension helped a Midwest utility distill 3.8 million cyber alerts into real-world security actions

The top cloud providers for financial services (ZDNet) Stringent compliance rules and potential security breaches might make cloud seem too risky for financial services. Don't overlook the benefits cloud providers can offer your firm

Microsoft ended support for Windows XP almost a year ago… and it still has more users than Windows 8 (BGR) How much has Windows 8 bombed with PC users? So much that an obsolete operating system that had its technical support cut off nearly a full year ago still has more global users

Huawei scales up data centre security (Computer Business Review) Industry's first NGFW card for data centre switches

Hexadite Launches Automated Security Incident Response Technology (eWeek) The goal of the new technology is to accelerate the time it takes to respond to a security incident after an alert is generated

CYREN (CYRN) Cybersecurity Tech Selected for Use by Mitsubishi, Siemens Joint Venture (Street Insider) CYREN (NASDAQ: CYRN) announced that UK-based Primetals Technologies, a joint venture by Mitsubishi Heavy Industries, Ltd. (MHI) and Siemens AG, selected CYREN's cloud-based cybersecurity technology to provide real-time protection from advanced cyberattacks, zero hour malware outbreaks, and hard-to-detect email threats, including viruses, phishing, spam and spyware

Leading Life Insurance Company Using EnCase® Security Products to Comply with PCI DSS (Insurance Weekly News) Guidance Software, Inc. (NASDAQ: GUID), the World Leader in Digital Investigations™, announced a leading life insurance company servicing more than 1,000,000 policies has invested in EnCase Cybersecurity and EnCase Analytics to ensure compliance with the Payment Card Industry Data Security Standard (PCI DSS)

Vidsys Innovates Software Platform to Converged Security and Information Management (Marketwired via Sys-Con Media) Vidsys, a top global provider of enterprise Physical Security Information Management (PSIM) software, announced today the next stage of evolution of its award winning, web-enabled software platform, to include the convergence of physical and cyber security along with information management solutions

Technologies, Techniques, and Standards

Do Threat Exchanges Work? (eSecuirty Planet) Sharing intelligence on security threats is an old idea getting new cred, thanks to Facebook's new Threat Exchange. But how well do such exchanges work?

Application of Threat Indicators: A Temporal View (Dark Reading) Better outcomes will be achieved when we're applying temporal considerations to threat indicators

Info governance committees could be strategic mistake (FierceContentManagement) You know the drill; you've seen it a thousand times. Whenever a company-wide initiative hits the planning stages, committees are formed, meetings are held and every component of the new strategy is discussed to death. Information governance committees are no different but IG attorney Linda Sharp says its time to turn that approach on its head

Why you should be spending more on security (CIO) As the cost and likelihood of security breaches increases, CIOs need to boost security measures — and spending — to mitigate the risk to your business

Q&A: Importance of virtualisation with Egnyte CSO Kris Lahiri (Computer Business Review) Kris Lahiri, Chief Security Officer at Egnyte, a file sharing service, tells CBR what virtualisation can do for businesses, and where it is most important

Social engineering: You got nailed! (TechTarget) Move beyond prevention to fast detection to combat a stealthy social engineering attack

To Respond to Targeted Attacks, You Must Detect the Unseen (Trend Micro: Simply Security) If you have not done so already, go play Targeted Attack: The Game. As of late, this is the reason why I ponder earth shaking questions such as the connection between the two inanimate objects you see above and targeted attacks. However, my hope is that after breezing through a few paragraphs, you will come to the following conclusion: Those who would perpetrate a targeted attack do not play by a set of predictable rules. To win 'the game,' you need to be able to detect things you would otherwise not see

Design and Innovation

Students Build Open Source Web-Based Threat Modeling Tool (Threatpost) Threat models help application developers answer some fundamental questions about potential risks and how to cut off vulnerabilities before they're put into production. Some software development lifecycles, however, don't include threat modeling as part of the code-building process because they've either never heard of it, or the process is too difficult

How to Protect Your Medical Device Against Cyber Threats (Medical Device and Diagnostics Industry Online) Facing the increasing risk of crippling cyber attacks, medical device manufacturers should take a new look at security to protect their devices and patient welfare

Advanced Analytics for the Masses (Wall Street Journal) Amplified intelligence extends the benefits of advanced analytics to drive operational efficiencies and improve decision-making throughout the enterprise

Research and Development

A search engine could become the first true artificial intelligence (Quartz) Everything in our online life is indexed. Every idle tweet, status update, or curious search query feeds the Google database. The tech giant recently bought a leading artificial-intelligence research outlet, and it already has a robotics company on its books

Academia

AACC cybersecurity program recognized (Capital Gazette) The National Security Agency and the U.S. Department of Homeland Security designated Anne Arundel Community College as a National Center of Academic Excellence for Information Assurance and Cyber Defense

Legislation, Policy, and Regulation

Our Latest Tool to Combat Cyber Attacks: What You Need to Know (The White House Blog) For the first time, President Obama is giving our country a new tool to combat the most significant cyber threats to our national security, foreign policy, or economy. It's an important step, and many people may be wondering how it will work. Take a look at a few answers to some questions you may have on how the President's latest Executive Order will bolster our cybersecurity

U.S. targets overseas cyber attackers with sanctions program (Reuters) President Barack Obama launched a sanctions program on Wednesday to target individuals and groups outside the United States that use cyber attacks to threaten U.S. foreign policy, national security or economic stability

Opinion: Sanctions may be Obama's best idea yet to battle cyberattacks (Christian Science Monitor Passcode) Obama signed an executive order today authorizing a program of sanctions to battle digital assaults coming from overseas. While the order seems aimed at the Chinese, it might also be the president's most successful tool for thwarting cyberattacks

Obama Emergency Cyber Sanctions 'Another Salvo In War On Legitimate Hackers' (Forbes) Unconvinced by President Obama and the government's promises to protect security researchers, professional hackers have expressed concern the "cyber" sanctions announced today by the US administration could, perversely, be used to punish those trying to protect the country. They're also not sure about the need to call a "national emergency" as a result of digital attacks on the nation

House chairman: Obama order reveals 'piecemeal' cyber plan (The Hill) President Obama's executive order authorizing more sanctions on cyberattackers is a small move that doesn't cover up the lack of a comprehensive plan to countering cyber crooks, House Homeland Security Committee Chairman Michael McCaul (R-Texas) argued Wednesday

U.S. Army Builds Cyber Branch One Step at a Time (SIGNAL) The U.S. Army's newly created cyber school is prepared to accept its first class of second lieutenants this summer followed by enlisted personnel and warrant officers. The historic first class signifies a significant first step toward building the service's new cyber branch

Free WhatsApp Voice Calls: UAE telecom operator blocks new feature (Emirates 24/7) Close on the heels of WhatsApp allowing everyone — including users in the UAE — access to its new VoIP-based free voice calling service, the UAE's telecom operators have been quick to block the feature, citing regulatory compliance

Litigation, Investigation, and Law Enforcement

Report: EU preparing to bring antitrust case against Google (Ars Technica) Internet giant could face fine of up to $6.6 billion

Facebook hits back at report claiming it tracks pretty much everyone (Naked Security) Facebook has hit back at a new report commissioned by the Belgian Privacy Commission, which claims that Facebook tracks far more users than previously thought

Silk Road Boss' First Murder-for-Hire Was His Mentor's Idea (Wired) The allegation that the Silk Road's Dread Pirate Roberts attempted to pay for six murders has loomed over the story of that massive online drug market. How could the pseudonymous figure preaching non-violent, libertarian ideals stoop to commissioning the paid killings of half a dozen people?

Disgraced DEA agent from Silk Road case sent weird messages to Mt. Gox CEO (Ars Technica) "The American government and economy will crash in the next five years"

GPS tracking counts as a "search", says US Supreme Court (Naked Security) Torrey Dale Grady is a repeat sex offender who has finished serving time in US prison

UAE researcher calls for more stringent cyber security (The National) An Emirati researcher believes his work will help to improve the nation's ability to respond to cyber security threats

Parents aren’t the only ones to blame for kids playing violent video games (Quartz) Headteachers from 16 schools in Cheshire, UK, have warned parents by letter that they would be reported to the authorities if they allowed their children to play video games marked as suitable for adults with an 18+ age rating

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cyber Insurance and Corporate Governance: Facing New Threats (Brooklyn, New York, USA, April 2, 2015) Peter D. Hancock, president and CEO of AIG, will lead a discussion of the ways in which the insurance industry is adapting to account for threats to the most valuable — and vulnerable — assets...

Coast Guard Intelligence Industry Day (Chantilly, Virginia, USA, April 2, 2015) With a blended focus of defense, homeland security, law enforcement, criminal investigations, intelligence and cyber issues, Coast Guard Intelligence is aggressively looking to collaborate with partners...

Centers for Medicare and Medicaid Services (CMS) CISO Security & Privacy Forum (Woodlawn, Maryland, USA, April 7, 2015) The CISO Security & Privacy Forum is hosted by the Information Security Privacy Group (ISPG) at CMS. The Vision for ISPG is to provide leadership to CMS in managing information security and privacy risks...

10th Annual Cyber and Information Security Research Conference (Oak Ridge, Tennessee, USA, April 7 - 9, 2015) Cyberspace is fundamental to our national prosperity, as it has become critical to commerce, research, education, and government. Realizing the benefits of this shared environment requires that we are...

Cyber Risk Wednesday: The future of Iranian cyber threat (Washington, DC, USA, April 8, 2015) Join the Atlantic Council's Cyber Statecraft Initiative on April 8, from 4:00 p.m. to 5:30 p.m. for a panel discussion on the Iranian cyber threat and the potential for a drastic escalation of cyber conflicts...

Cyber Threats Masterclass (Turin, Italy, April 9 - 11, 2015) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing two new courses on emerging threats towards states and citizens with the aim of promoting an in-depth knowledge...

InfoSec Southwest 2015 (Austin, Texas, USA, April 10 - 12, 2015) InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of subject-matter,...

Cybergamut Tech Tuesday: Tor and the Deep Dark Web (Elkridge, Maryland, USA, April 14, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external...

NIST IT Security Day (Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security...

Cyber Security Summit: Industrial Sector & Governments (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored...

Cyber Security Summit: Financial Services (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective...

INTERPOL World 2015 (Singapore, April 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from...

Mid-Atlantic ISSA Security Conference 2015 (Gaithersburg, Maryland, USA, April 15, 2015) Meeting at the NIST campus, this all-day event, jointly hosted by the ISSA Baltimore, DC, and Northern Virginia chapters, will have 3 concurrent tracks of security professionals discussing the current...

Symantec Government Symposium: Secure Government: Manage, Mitigate, Mobilize (Washington, DC, USA, April 15, 2015) The annual Symantec Government Symposium is a one-day event attracting 1,500 government IT security and management professionals. The event is designed to facilitate peer-to-peer dialogue on the challenges...

Proposer's Day Conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program (Washington, DC, area, April 16, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program, in anticipation of...

IIT Cyber Forensics and Security Conference and Expo (Wheaton, Illinois, USA, April 17, 2015) All are invited to participate in this multi-track, technical conference that attracts more than 200 professionals, 50 speakers, 20 sponsors, for an intensive one and a half day schedule that includes...

RSA Conference 2015 (San Francisco, California, USA, April 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015

Australian Cyber Security Centre Conference (Canberra, Australia, April 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise.

Security Forum 2015 (Hagenberg im Mühlkreis, Austria, April 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives...

CyberTexas / CyberIOT (San Antonio, Texas, USA, April 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection...

Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, April 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence...

INTEROP Las Vegas (Las Vegas, Nevada, USA, April 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities,...

2015 Synergy Forum (Tysons Corner, Virginia, USA, April 30, 2015) The 2015 Synergy Forum brings together government and industry practitioners driving our collective technology futures. This event is multi-disciplinary, examining the emerging fusion of physical and digital...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.