Belgian media group Rossel (publishers of Le Soir) was hit with a cyber attack at week's end. No attribution, but Deutsche Welle does note this is the second attack on a major francophone media outlet this month. The first attack, of course, was against TV5Monde, and ISIS sympathizers claimed that hack. Other ISIS sympathizers have recently been active against Walloon government sites in Belgium.
The TV5Monde hack seems to have spooked observers out of proportion to its actual effects. Media outlets in both the UK and US, from both ends of the ideological spectrum, speculate that the incident is a leading indicator of Caliphate intent and capability of hitting ("destroying") key infrastructure. Disruption of the Hobart (Tasmania) Airport site over the weekend (service now restored) was also claimed on behalf of ISIS. As usual, such hacktivism seems inspired rather than centrally directed. Twitter takes ISIS connections seriously: last week the social media company took down some 10 thousand ISIS-sympathizing accounts.
FireEye reports another major, long-running Chinese cyber espionage operation: "APT30" has been operating since 2005 without major changes to its tactics or techniques. Its targets have mostly been in South and Southeast Asia.
Another Chinese operation, the "Great Cannon," is scrutinized for its role in the GitHub DDoS attack and its general utility for censorship.
Observers discuss burgeoning international cyber tensions as Russia flexes its (doubtless shirtless) virtual muscles at the United States.
But international cooperation remains possible: governments and corporations sinkholed the Simda pay-per-install criminal botnet over the weekend.
Today's issue includes events affecting Australia, Belgium, Bhutan, Brunei, Cambodia, Canada, China, France, India, Indonesia, Iran, Iraq, Japan, Kenya, Democratic Peoples Republic of Korea, Republic of Korea, Laos, Luxembourg, Malaysia, Myanmar, Nepal, Netherlands, Pakistan, Philippines, Poland, Russia, Saudi Arabia, Singapore, Syria, Thailand, Ukraine, United Kingdom, United Nations, United States, and Vietnam.
The CyberWire will be covering RSA 2015 in San Francisco next week. Look for special issues devoted to the event beginning Friday.
Cybersecurity Giant FireEye Accuses Chinese Government of Major Hacking Operation(DCInno) On Sunday, the popular public stalwart of cybersecurity operations, FireEye, released a stark 65 page report outlining a series of high profile corporate espionage and cyber spying offenses against targets located throughout Asia. Evidence collected by FireEye following "months" of research, led FireEye's APAC CTO Bryce Boland to tell TechCrunch, "There's no smoking gun that shows this is a Chinese government operation, but all signs point to China." The cybersecurity firm chose to not disclose the names of those affected by the hacker collective, but did mention that the information offered an important clue into their investigation
An Aggressive Turn in Chinese Censorship Practices: 'The Great Cannon'(Global Voices) Citizen Lab, an advanced, human rights-based research center on Information and Communication Technology at the University of Toronto, has identified that the infrastructure of the man-in-the-middle DDoS attack on the Chinese open source platform hub GitHub is co-located with the Great Firewall. Citizen Lab terms this new technological innovation as "the Great Canno"
Scalability of the Great Cannon(Errata Security) Here is a great paper on China's Great Cannon, which was used to DDoS GitHub. One question is how scalable such a system can be, or how much resources it would take for China to intercept connections and replace content
After White House Hack, State Indicentally Offered Spearphishing Training(Nextgov) After a White House hack that reportedly was instigated by a malicious email from a compromised State Department account, State in March held a phishing email workshop. All federal security employees were invited to participate in the 90-minute online training session. But no one from the White House watched
One-Man PoS Malware Operation Captures 22,000 Credit Card Details in Brazil(TrendLabs Security Intelligence Blog) We have been able to identify a new point-of-sale (PoS) malware family that has affected more than 100 victim organizations in Brazil. We have dubbed this new malware family as "FighterPOS". (This name is derived from BRFighter, the tool used by the author to create this new threat.) This one-man operation has been able to steal more than 22,000 unique credit card numbers
White Lodging Confirms Second Breach(KrebsOnSecurity) In February 2015, KrebsOnSecurity reported that for the second time in a year, multiple financial institutions were complaining of fraud on customer credit and debit cards that were all recently used at a string of hotel properties run by hotel franchise firm White Lodging Services Corporation. The company said at the time that it had no evidence of a new breach, but last week White Lodging finally acknowledged a "suspected" breach of point-of-sale systems at 10 locations
Security Threat Landscape Still Plagued by Known Issues: HP(ChannelWorld) HP has published the 2015 edition of its annual Cyber Risk Report, providing in-depth threat research and analysis around the most pressing security issues plaguing the enterprise during the previous year and indicating likely trends for 2015
Blink and you'll miss them — the latest form of DDoS attacks(Computing) Distributed denial of service (DDoS) attacks are nothing new. Computing looked into the impact that the cyber attacks could have on an organisation back in 2012 and urged CIOs to take notice because of the devastating financial and reputational damage that they can cause. Since then, DDoS attacks have continued to increase, in both size and volume
Sorry Symantec — Antivirus is not dead(IT Pro Portal) Each time someone reports that antivirus is dead, a hacker gets his wings (and I get furious). With our industries becoming increasingly data-driven, the need to protect our networks, devices, and archives has become more important than ever
Cisco, F5 Have Shot at Taking Back Palo Alto, Fortinet Turf, Says Morgan Stanley(Barron's) Morgan Stanley's James Faucette and Keith Weiss today offer up a lengthy thought piece about network security, arguing that the changing landscape gives networking vendors such as Cisco Systems (CSCO) and F5 Networks (FFIV) another chance to reclaim the throne from security specialists such as Palo Alto Networks (PANW) and Fortinet (FTNT)
IBM's Latest Cloud Win Could Be a Game Changer(Motley Fool) There's no denying the impact cloud-related technologies are having on both business and consumers. So it's no wonder that some of the technology industry's biggest players are diving headfirst into the deep end of the cloud pool. Microsoft (NASDAQ: MSFT) CEO Satya Nadella makes a point of alluding to his "cloud-first" mantra at seemingly every chance he gets. And Nadella is not alone
Products, Services, and Solutions
Building Intelligence Inc. Receives SAFETY Act Designation from the Department of Homeland Security (DHS)(Benzinga) Building Intelligence Inc. has been approved as a Qualified Anti-Terrorism Technology provider under a formal SAFETY Act Designation by the Department of Homeland Security (DHS). Building Intelligence, Inc. provides its SV3 ("Technology") as Software-as-a-Service (SaaS) used by building managers, occupants, and security personnel to support security identification of vendors, vehicles, and visitors, processing admission and maintaining a record of activity, identities, and objects at a given facility
Dabbling in two-factor authentication can be dangerous(CSO) What if the front door to your home was virtually impenetrable — secured with a standard lock, as well as a deadbolt and a video surveillance system — but the side door to the house was unlocked and left wide open? How effective would the brakes on your car be if they only worked part of the time? That is what it's like to use two-factor authentication, but only on certain designated systems
FFIEC's Seven Cybersecurity Priorities for 2015(JDSupra) While others were waiting for spring to arrive, community bank officers and directors were waiting for the Federal Financial Institutions Examination Council (FFIEC) to provide additional guidance on its cybersecurity assessment program
NIST Seeks Feedback on the Big Data Framework Development(Dark Matters) The National Institute of Standards and Technology (NIST) is seeking public comment on a draft publication of the NIST Big Data Interoperability Framework, as part of a major collaborative effort to develop a standard framework to make it easier for to use "Big Data" sets for analytics
5 Email Lessons Every Employee Should Learn From The Sony Hacking Incident(Forbes) Almost everyone in the world has heard about the incident where Sony Pictures Entertainment became the victim of a cyber attack and sensitive information was leaked to the public, including internal company emails. While this situation highlighted the issue of cyber-security, it also provides a good warning for all employees on the use of email in business
AACC recognized as leader in cyber defense(Eye on Annapolis) Anne Arundel Community College has been designated as a National Center of Academic Excellence in Information Assurance/Cyber Defense (CAE2Y) through 2020 by the National Security Agency and the U.S. Department of Homeland Security. The college offers credit programs and cyber and technology continuing education courses
Russia's cyberattacks grow more brazen(The Hill) Russia has ramped up cyber attacks against the United States to an unprecedented level since President Obama imposed sanctions last year on President Putin's government over its intervention in Ukraine
Will China and America Clash in Cyberspace?(National Interest) The information revolution has been a mixed blessing for China and the world. On one hand, computer networks enhance economic productivity, national security, and social interaction. On the other, valuable information infrastructure provides lucrative targets for thieves, spies, and soldiers. Nearly every type of government agency, commercial firm, and social organization benefits from information technology, but they can also be harmed through cyberspace. Not a week goes by where a major hack is not reported in the media or countries chastise each other for cyberespionage
Work Details the Future of War at Army Defense College(DoD News) On stage today at the U.S. Army War College in Pennsylvania, Deputy Defense Secretary Bob Work summoned up scenes from a future war where soldiers and machines join forces in a multidimensional "informationalized" zone, using advanced tools to fight adversaries from space to cyberspace
As encryption spreads, U.S. grapples with clash between privacy, security(Washington Post) For months, federal law enforcement agencies and industry have been deadlocked on a highly contentious issue: Should tech companies be obliged to guarantee government access to encrypted data on smartphones and other digital devices, and is that even possible without compromising the security of law-abiding customers?
DoD sets sights on weaponizing cyber(C4ISR & Networks) The Defense Department appears to be preparing to make major moves in the military's cyber domain, with several components advancing their capabilities and policies, and the Defense secretary eyeing a specialized cyber corps
French MPs debate contentious spying laws(The Local) More than three months after Islamist attacks in Paris that killed 17, French MPs will on Monday debate controversial new laws allowing spies to hoover up data from suspected jihadists
India: A Cyber Wing in the National Cadet Corps — Analysis(Eurasia Review) Cyberspace has become a full-blown war zone as governments across the globe clash for digital supremacy in a new, mostly invisible, theatre of operations. Once limited to opportunistic criminals, cyber-attacks are becoming a key weapon for governments seeking to defend national sovereignty and project national power. One can see the emerging contours of cyber warfare from strategic cyber espionage campaigns, such as Moonlight Maze and Titan Rain, to the destructive, such as military cyber strikes on Georgia and Iran and the new dimension of recent attacks on corporates like Sony Entertainment. Human security and international conflict are entering a new phase and domain in their long histories of existence. The shadowy battlefield called cyber space requires a new breed of warriors, Cyber Warriors
SOPA & PIPA Act — Pakistan's Bizarre Approach to Counter Cyber Terrorism(Hack Read) If you thought only the United State government loves surveillance, you are wrong — Here are some shocking revelations about Pakistani Sopa & PIPA. Cyber terrorism is the main area of concern to every government and head of state nowadays but some governments adopt a completely disoriented approach to counter the threat of cybercrime by introducing laws that impose unnecessary limitations on internet usage on ordinary citizens
Brussels unaware Malta had outsourced border control software(Independent) After German MEP Cornelia Ernst had recently taken issue over Malta's use of the PISCES border control software, which was donated to the country by the American government in 2004, claiming that Malta's use of the software could constitute a security risk for other EU member states, the European Commission has said that it is, "not aware that Malta has externalised such IT-services"
Servers seized in global Simda botnet hit(ZDNet) Servers in the Netherlands have been seized, with additional servers taken down in the US, Russia, Luxembourg, and Poland in Interpol's global operation to tackle the Simda botnet
SIMDA: A Botnet Takedown(TrendLabs Security Intelligence Blog) The collaboration between Trend Micro, INTERPOL, and other private organizations resulted in another triumph for the security industry earlier this week: the takedown of the SIMDA botnet. Trend Micro provided information such as the IP addresses of the affiliated servers and statistical information about the malware used, which led to the disruption of the botnet activities
Coordinated Takedown Puts End to Simda Botnet(Threatpost) The Simda botnet, known for spreading banking malware and dropping a backdoor on hundreds of thousands of machines worldwide, was taken down last Thursday in a collaborative effort between international law enforcement bodies and private security and technology companies
Alleged 'Nazi' Android FBI Ransomware Mastermind Arrested In Russia(Forbes) The Russian Ministry of Internal Affairs has announced the arrest of a 25-year-old, believed to be the creator of a particularly harmful strain of Android money-stealing malware, known as Svpeng, that had infected as many as 350,000 Google GOOGL +0.58% devices last year. Four other suspects thought to be members of the cybercriminal gang, who were said to have a penchant for Nazi iconography, were also detained
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
INFWARCON(Nashville, Tennessee, USA, April 28 - 30, 2015) INFWARCON takes a look at how the balance has flipped in the past 20 years in the cyber security industry. Back then, governments had the upper hand, and could not imagine that cyber criminals could ever...
Southern Africa Banking and ICT Summit(Lusaka, Zambia, April 30, 2015) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to...
SOURCE Conference(Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's...
ASIA (Annual Symposium on Information Assurance)(Albany, New York, USA, June 2 - 3, 2015) ASIA is an event held jointly with the 18th Annual New York State Cyber Security Conference (NYSCSC), aiming to attract researchers and practitioners alike for engaging talks about information security...
Cloud Identity Summit 2015(La Jolla, California, USA, June 8 - 11, 2015) Enterprises large and small are looking to the cloud to replace legacy applications and virtualize their existing data center environments. In each case, security technology vendors need to manage the...
TRUSTe Internet of Things Privacy Summit 2015(Menlo Park, California, USA, June 17, 2015) The Second IoT Privacy Summit will be held on June 17th 2015 and focus on practical solutions to the privacy challenges of the Internet of Things with multiple case studies, workshops and panel presentations...
Cybergamut Tech Tuesday: Tor and the Deep Dark Web(Elkridge, Maryland, USA, April 14, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external...
Cyber Security Summit: Industrial Sector & Governments(Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored...
Cyber Security Summit: Fnancial Services(Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective...
Cyber Security Summit: Financial Services(Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective...
INTERPOL World 2015(Singapore, April 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from...
Mid-Atlantic ISSA Security Conference 2015(Gaithersburg, Maryland, USA, April 15, 2015) Meeting at the NIST campus, this all-day event, jointly hosted by the ISSA Baltimore, DC, and Northern Virginia chapters, will have 3 concurrent tracks of security professionals discussing the current...
INFILTRATE Security Conference(Miami Beach, Florida, USA, April 16 - 17, 2015) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.