Rumors of attribution begin to circulate around the Anthem breach: sources claiming familiarity with the investigation say they see the Chinese government's hand in the attack. It's very early, and attribution of course is notoriously difficult, but if the rumors prove out this wouldn't be the first time an intelligence service has sniffed around the healthcare sector. Mandiant, hired by Anthem to investigate, has said on the record that the attack used "custom backdoors," which would be consistent with a sophisticated attacker.
To be clear, personally identifiable information (PII) appears the object of the attack, not medical records proper or paycard data. PII could be used in either crime (via identity theft) or espionage (for cultivation or compromise of individual targets). If the attackers were indeed ordinary criminals, they'll find PII more lucrative than paycard data.
Some observers (notably CyberPoint's CTO) are struck by the extent to which the breach was foreshadowed by FBI warnings last year. We link to two of them below, and they're particularly instructive in retrospect.
Internet Explorer and Flash zero-days return to the news. Ransomware's tactical evolution proceeds apace: it's now targeting back-ups. Fake WhatsApp spam makes a nuisance of itself, and a WordPress plug-in vulnerability is exploited (and patched).
Hacking campaigns, whatever their sophistication, are showing greater complexity, with denial-of-service and social media exploitation increasingly functioning as preparation and misdirection.
Sony Pictures CEO Pascal resigns, her departure widely believed to be fallout from the Guardians of Peace hack.
Adobe patches Flash. Google updates Chrome.
Today's issue includes events affecting China, Germany, Iran, Israel, Philippines, United Kingdom, United States.
Cyber Attacks, Threats, and Vulnerabilities
Chinese State-Sponsored Hackers Suspected in Anthem Attack(Bloomberg) Investigators of Anthem Inc.'s data breach are pursuing evidence that points to Chinese state-sponsored hackers who are stealing personal information from health-care companies for purposes other than pure profit, according to three people familiar with the probe
China suspected in major hacking of health insurer(Washington Post) The massive computer breach against Anthem, the nation's second-largest health insurer, exposes a growing cyberthreat facing health-care companies that experts say are often unprepared for large attacks
Anthem's sour note(Economist) This could be one of the biggest corporate data breaches in history
Tens of thousands of people may be impacted by Anthem breach(WMAR ABC 2 News) Health insurance company Anthem is the latest causality of a massive security breach. The company says hackers gained access to the personal information of tens of millions employees, as well as current and past customers. That includes birthdays, social security numbers, addresses and employment information
Experts on the Anthem Hack: SurfWatch Lab's Adam Meyer(Wall Street Journal) Adam Meyer, chief security strategist of threat intelligence consultancy SurfWatch Labs, says the hackers behind the Anthem Inc. breach may have gained access by exploiting weaknesses in the company's Web services
Exclusive: Mandiant speaks on Anthem attack, custom backdoors used(SC Magazine) Mandiant, the incident response firm tapped by Anthem Inc. in the wake of its massive breach, says that the "sophisticated" cyber attack against the health care company involved the use of custom backdoors, one indication that an "advanced attack" did indeed take place against the company
HITRUST Helps Anthem, Others in Initial Hack Investigation(Health Data Management) Early in its investigation of a major cyber attack, health insurer Anthem shared much of what it knew with other health industry stakeholders, all of whom participate in the HITRUST Cyber Threat Intelligence and Incident Coordination Center, or HITRUST C3
Anthem Data Breach Could Affect Millions of Consumers(Threatpost) Attackers have compromised Anthem Inc., one of the larger health-care companies in the United States, gaining access to the Social Security numbers, birth dates, names, employment and income data and other personal information of an untold number of customers
Opinion on the Anthem Insurance Breach(Codify Security Blog) It's one of the first major breaches of 2015 and unfortunately it's probably going to be a large one. Anthem being one of the largest heathcare insurance companies in the US will have a massive amount of personal information for hackers to dive through for monetisation in their shady shyster ways. Luckily for the millions affected, apparently no financial details were grabbed in the hack but the loss of other PII information is still concerning and could lead to all kinds of fraud due to the US having a reliance on social security numbers to prove who they are for a plethora of interactions with organisations
Reactions to the extensive Anthem data breach(Help Net Security) Anthem, the second-largest health insurer in the United States, has suffered a data breach that may turn out to be the largest health care breach to date, as the compromised database holds records of some 80 million individuals
How the Anthem Insurance Hackers May Be Planning to Cash In(DC Inno) On Thursday, millions of Anthem Inc. health insurance customers woke up to a company e-mail notifying them that hackers may have gained access to their names, birth dates, Social Security numbers, addresses and employment data — including income figures — during a data breach
80M Anthem Records Hacked: Where's My Data Going? Who's Buying?(Easy Solutions Blog) Details continue to emerge on the massive breach at health care company Anthem, in which hackers have gained access to information including names, birthdays, medical IDs, Social Security Numbers, street addresses, email addresses and employment information (including income), on up to 80 million people
3 Vectors of a Healthcare Cyberattack(Fortinet Blog) Our healthcare systems, from EHR to medical devices, are more vulnerable than many of us realize. And the stakes are too high to ignore
Healthcare Data in the Cross-Hairs(Trend Micro: Simply Security) Today we've learned that up to 80 million customers and employees of Anthem health insurance have had their personal information stolen. Initial reports indicate that the data loss includes names, birth dates, Social Security numbers, addresses and employment data including income
Tomcat security: Why run an exploit if you can just log in?(Internet Storm Center) In our honeypots, we recently saw a spike of requests for […]. These requests appear to target the Apache Tomcat server. In case you haven't heard of Tomcat before (unlikely): It is a "Java Servlet and JavaServer Pages" technology
How social media hacks can be the gateway to further breaches(Insurance Business America) 'Another day, another breach' seems to be the mantra at the moment as increasing numbers of organisations fall victim to cyber attack. The recent high-profile hack of the US Central Command's Twitter feed by a group purporting to be ISIS demonstrates the vulnerability of anyone operating on these channels, even those you would assume to be heavily protected
Ineffective Oversight Of High-Risk Cargo Shipments Create Supply Chain Vulnerabilities(HS Today) With the reliance of the US economy on a secure global supply chain, securing the millions of cargo shipments arriving in the US every year is critical. However, a recent Government Accountability Office audit found Customs and Border Protection (CBP) has not been accurately recording the disposition of high-risk maritime shipments, which may be creating vulnerabilities in the supply chain
Amy Pascal is proof that Sony's scandal wouldn't be over until someone took a fall(Quartz) Ever since Sony went ahead with plans to distribute The Interview, both in theaters and online, in the face of increasing ominous threats by the hackers who breached its systems in November, everyone had been waiting for retaliation from the group that called itself Guardians of Peace — but none ever came. The hackers, who had been releasing new stolen Sony data on an almost daily basis in early December, had suddenly fallen silent, and still haven't been heard from since
January 2015 Cyber Attacks Statistics(Hackmageddon) It is time to summarize the data collected into the January 2015 Cyber Attacks timelines (Part I and Part II) into valuable statistics
Security Patches, Mitigations, and Software Updates
Yet Another Flash Patch Fixes Zero-Day Flaw(KrebsOnSecurity) For the third time in two weeks, Adobe has issued an emergency security update for its Flash Player software to fix a dangerous zero-day vulnerability that hackers already are exploiting to launch drive-by download attacks
Stable Channel Update(Chrome Releases) The stable channel has been updated to 40.0.2214.111 for Windows, Mac and Linux. A full list of changes is available in the log
IE Memory Attacks Net ZDI $125,000 Microsoft Bounty(Threatpost) When Microsoft introduced use-after-free mitigations into Internet Explorer last summer, certain classes of exploits were closed off, and researchers and black hats were left to chase new ways to corrupt memory inside the browser
M-commerce Fraud Leading to Millions in Lost Revenue(Infosecurity Magazine) Mobile e-commerce is still a nascent space, but growing fast: More than 200 million devices worldwide are now making regular purchases through mobile browsers and mobile applications. That offers a vast new playground for fraudsters, who will look to take advantage of immature security approaches in the space
The Year of The Hack(Tripwire: the State of Security) It seems only fitting that 2014 should have ended with the much publicized hacking of Sony as the American public was inundated all year with one sensational account after another of damaging data security breaches
Harvesting Your Data From The Internet of Things(Tripwire: the State of Security) Last week, I presented a talk at OWASP's AppSec California titled "We All Know What You Did Last Summer," where I spoke on the topic of privacy, security and the "Internet of Things." My primary focus was not necessarily on the privacy and security of devices themselves, but more regarding the security implications of the data they generate
Cybersecurity stocks rally after Anthem breach (updated)(Seeking Alpha) A major data breach at #2 U.S. health insurer Anthem — it involves a database containing personal info about 80M customers/employees — has put cybersecurity back in the spotlight … along with the companies providing hardware, software, and services to protect against external attacks
Significant Gaps Between Compromise and Discovery(Webroot Threat Blog) Over the past five years, the number of records compromised in US business breaches has exploded, growing from less than 20 million in 2010 to over 92 million in 2013. With major breaches at Target and the Home Depot, and many smaller breaches in the last year, the increase in records lost does not appear to be on the decline
Data Breach Directions: What to Do After an Attack(Security Magazine) In 2009, Heartland Payment Systems announced that it had suffered a devastating breach: 134 million credit cards were exposed through SQL Injection attacks used to install spyware on Heartland's data systems. The company processes payments for debit, prepaid and credit cards, in addition to online payments and checks and payroll services
A Cybersafety Culture Can Help Reduce Energy Usage Data Privacy Risks(Energy Collective) Thanks to M2M and Smart Grid technologies, new energy usage data can be invaluable to help intelligently manage energy and reduce utility operations costs and consumer costs. However, new data means new privacy risks for consumers (residential, commercial, industrial, and agricultural), utilities, their vendor communities, and other entities that collect, transmit, use, and/or store that data
IT professional, hack thyself(Help Net Security) To anyone not living under a rock, the increasing threat of a cyber attack is very plain. IT professionals spend sleepless nights worrying that they'll be the next Walmart or Sony or Visa. They hope that they're doing everything they can to either prevent an intrusion — or if that's not possible — prevent a serious breach and data loss
Monitoring SSL Vulnerabilities in Your Network(Bitsight: the Security Ratings Blog) Microsoft has announced that it is removing SSLv3 support in both Internet Explorer (according to VentureBeat) and Azure Storage (according to Redmond Mag) on Tuesday, February 10. The company is not the first to stop supporting the technology, but this announcement should be one of the final straws for companies still supporting it
Groups Urge U.S. Fight Against China Foreign Tech Purge(Bloomberg) U.S. business groups are seeking immediate action from the Obama administration to reverse "troubling" Chinese security requirements they say will block foreign software, servers and computing equipment from the country
U.S. Officials Say Chinese Cyberespionage 'Needs to Stop'(Threatpost) The top cybersecurity officials in the United States on Wednesday said that China is harming the potential for an open Internet through its policies of censorship, and also said the country's continued cyberespionage operations are damaging the two countries' relationship
Crowdsourcing America's cybersecurity is an idea so crazy it might just work(Washington Post) When it comes to protecting the nation's cyber networks from the vast array of threats, the government has its hands full. President Obama, in his State of the Union speech, alluded to this, highlighting the importance of integrating intelligence in order to combat cyber threats. As a result, the next big innovation in the world of cybersecurity may not be a new piece of code or a new software tool to detect a threat, but rather, a fundamentally new approach in how we think about leveraging partnerships between the private and public sector to protect our nation's cyber networks
DNI Releases Requested Budget Figure for FY 2016 Appropriations for the National Intelligence Program(IC on the Record) Consistent with 50 U.S.C. 3306(a), the Director of National Intelligence is disclosing to the public the aggregate amount of appropriations requested for Fiscal Year 2016. The aggregate amount of appropriations requested for the FY 2016 National Intelligence Program (NIP) is $53.9 billion, which includes funding requested to support Overseas Contingency Operations (OCO). In FY 2015, OCO funding was not included in the initial disclosure, but was included in disclosures that were updated after the submission of budget amendments
Obama's 'Big Data' privacy plans get lift from lawmakers(Reuters) The White House is working with a Republican congressman on the U.S. House of Representatives' leadership team and Democrats in both the House and Senate on a bill to protect data collected from students through educational apps
Net Neutrality: 4 Legal Challenges To Consider(InformationWeek) FCC Chairman Tom Wheeler unveiled a new open Internet proposal on Wednesday, and carriers are gearing up for battles in court. Here, we look at four legal arguments we can expect to see, and give you our best guesses as to how they'll fare in court
NSA surveillance 'hops' take a step back(WTOP) Since the embarrassing and damaging theft of documents from the National Security Agency by former contractor Edward Snowden, the U.S. intelligence community has sought to harden its information security systems
Poverty breeds cyber crimes, says DSWD(Bohol News Today) Poverty is still the culprit. The Department of Social Welfare and Development (DSWD) is partly right as it cited "Poverty and lack of stringent laws," one of the root causes, have generated what it called cyber pornography and cyber prostitution at the advent of technological advances
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
OISC: Ohio Information Security Conference(Dayton, Ohio, USA, March 11, 2015) Technology First invites you to participate in the 12th Annual Ohio Information Security Conference Wednesday, March 11, at the Sinclair Community College Ponitz Center in Dayton, Ohio. The conference...
CyberTexas / CyberIOT(San Antonio, Texas, USA, April 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection...
Automotive Cyber Security Summit(Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel...
Cyber Threat Intelligence Summit(Washington, DC, USA, February 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities
Nullcon 2015(Goa, India, February 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats
ICISSP 2015(Angers, Loire Valley, France, February 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information...
2015 Cyber Risk Insights Conference — London(London, England, UK, February 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout...
AFCEA West 2015(San Diego, California, USA, February 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
DEFCON | OWASP International Information Security Meet(Lucknow, India, February 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading...
10th Annual ICS Security Summit(Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools...
Workforce Development Forum — CyberWorks Information Session(Baltimore, Maryland, USA, February 24, 2015) Are you a technology company that would like to actively participate in growing the right candidates for your open IT and cybersecurity positions? Are you a job seeker interested in pursuing a career in...
Cybersecurity: You Don't Know What You Don't Know(Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.