skip navigation

More signal. Less noise.

Daily briefing.

A ceasefire in Ukraine and continued ISIS trumpeting of atrocities brings "hybrid warfare" to the forefront of analysts' minds. Hybrid warfare prominently employs non-state fighters and hakctivists, and what its kinetic and non-kinetic features share is deniability. Analysts expect to see a lot more of it.

The Chinese hack that turned Forbes' "Thought of the Day" into a watering hole seems to have been both technically clever and crafted with clear targets in mind.

Spoof PayPal phishing sites are taken down — many of them were very well crafted, another sign that the crooks have upped their design game.

Ransomware — in this case Simplocker — continues to appear in enhanced, increasingly dangerous forms. There are fresh expectations that we'll soon see a major outbreak among mobile devices.

More dodgy apps are found in Google Play.

The Anthem hack draws attention to the attack surface employees inevitably present. Some companies respond with social engineering drills.

NIST has released its draft guidance for industrial control system security.

The cryptocurrency community takes a stab a developing its own sector standards.

Assured Information Security demonstrates a cryptographic approach to making software (inter alia malware) tougher to reverse engineer.

In the US, the White House proceeds with plans for the CTIIC, intended to connect private sector cyber threat intelligence with the classified world's. Industry reaction is broadly skeptical: Didn't the NCCIC have that mission? Who's going to bear the cost of all that threat reporting? What about privacy? So the Administration still has some explaining to do.

A note to our readers: the CyberWire staff will take a break on Presidents' Day, this coming Monday. We'll resume regular publication on Tuesday, February 17.


Today's issue includes events affecting China, Iraq, Malaysia, Netherlands, Russia, Syria, Ukraine, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Newsweek Twitter hack is a sign of the times (IDG via CSO) The Twitter accounts of two more companies — Newsweek and the International Business Times — were compromised on Tuesday, showing Twitter's attractiveness to hackers despite its cybersecurity features

How the Islamic State Makes Sure You Pay Attention to It (War on the Rocks) The Islamic State (IS) has played us. It's been playing us for a long time now

Report Warns Russia's 'Hybrid Warfare' In Ukraine Could Inspire Others (Radio Free Europe | Radio Liberty) In a new report, a top defense think tank warns that Russia's destabilizing actions in Ukraine, including "sophisticated combinations of conventional and unconventional means of warfare," could inspire NATO's potential state and non-state adversaries elsewhere in the world

Host Hit in Cyber Attack Rips Government Inaction (Netherlands Times) Despite heavy complaints from within the Dutch government about Tuesday's cyber attack which took out several government websites, the managing director of the host hardest hit in the incident blames years of government inaction for the outage. The attack was clearly directed at the government, and any other websites that went down as a result were "collateral damage," said hosting firm Prolocation's managing director Raymond Dijkxhoorn

Pwned in 7 seconds: Hackers use Flash and IE to target Forbes visitors (Ars Technica) Hacked Forbes site fed 0days to defense contractor and financial services workers

Chinese Hackers Compromised Using IE, Flash Zero Days (ThreatPost) A Chinese APT group was able to chain together two zero day vulnerabilities, one against Adobe's Flash Player and one against Microsoft's Internet Explorer 9, to compromise a popular news site late last year

Chinese hackers attack blue-chip groups including banks (FT/OTCEER via STARR FM) Chinese hackers hijacked the Forbes website and used it to target thousands of computers linked to blue-chip companies, including US defence contractors and banks, in one of the most brazen cyber espionage campaigns apparently launched by Beijing-linked groups so far

Many PayPal lookalike phishing websites taken offline (CSO) Some were nearly identical copies of PayPal's website, OpenDNS said

Simplocker ransom Trojan returns with more dangerous encryption (CSO) The Simplocker ransom malware that infected thousands of Android devices last summer has dramatically boosted the power of its encryption design in a new version, security firm Avast as discovered

Ransomware could lock you out of your smartphones (Emirates 24/7) Warning is significant as it takes threat to totally different level

Google Play flaw opens Android devices to silent malware installation (Help Net Security) Android users are in danger of getting malicious apps silently installed on their devices by attackers, warns Rapid7's Tod Beardsley, technical lead for the Metasploit Framework

US Publishers Are Responsible for Most Malicious and Risky Apps, Putting Everyone with a Smartphone at Risk (Marble Labs) It's a common misconception that the risk of using mobile devices is limited to jailbroken or rooted devices in Asia, and apps that are downloaded from fly-by-night app stores other than the Apple App Store or Google Play. Nothing can be further from the truth

The New Windows 10 Release is Attracting the Attention of Criminals — and Not Why You Might Expect (Cyveillance) Among many interesting tidbits in Microsoft's recent Windows 10 announcement was that it would include two Internet browsers: the classic Internet Explorer, and a new one called Spartan. Although it's not that big of news per se, criminals are taking advantage of the media attention that has accompanied the Spartan announcement — not to exploit potential security flaws, although we're sure that will come soon — but to register domain names associated with it

Anthem hack: Employee access, not encryption, the problem (FierceHealthIT) As the investigations and lawsuits roll in over the breach of health insurance company Anthem, the industry is taking a closer look at the company's security practices

Anthem hack opens multiple inroads to healthcare fraud (FierceHealthPayer: Antifraud) Data captured by hackers could lead to false billing and medical identity theft, fueling black market for years to come

For local cybersecurity experts, Anthem breach 'hits close to home' ( Baltimore) Local cybersecurity experts say the health insurer has been transparent about its major data breach, which may have compromised the personal data of up to 80 million customers

Experts warn 2015 could be 'Year of the Healthcare Hack' (Reuters) Security experts are warning healthcare and insurance companies that 2015 will be the "Year of the Healthcare Hack," as cybercriminals are increasingly attracted to troves of personal information held by U.S. insurers and hospitals that command high prices on the underground market

Jobs's revenge: Flash piles up the zero-day exploits (Network World) Three zero-days in six weeks make Steve Jobs look even more prescient about the state of Flash

Gh0st RAT: Complete Malware Analysis — Part 1 (Infosec Institute) In this article series, we will learn about one of the most predominant malware, named Gh0st RAT, whose source code is dated back to 2001 but it is still relevant today. In this article series, we will learn what exactly is Gh0st RAT, all its variants, how it works, its characteristics, etc.

How one man could have deleted every photo on Facebook (Naked Security) Facebook is probably the biggest database of photographs ever compiled

How one bad line of code shut down UK air traffic for an hour (ZDNet) Shortly before the Christmas vacation break got under way, a single line of bad code at the UK's national air traffic control center left thousands of people grounded for days

Security Patches, Mitigations, and Software Updates

Microsoft's Patch Tuesday release leaves one big vulnerability unpatched (ZDNet) This month's Patch Tuesday release includes three updates rated Critical, including a massive security update that fixes more than 40 flaws in Internet Explorer. A recently disclosed XSS vulnerability remains unpatched, however, and one Windows Server 2003 bug won't be fixed

Report: Microsoft packing more patches into fewer bulletins (CSO) Microsoft is packing more common vulnerability exposures into its critical bulletins

Cyber Trends

Cybersecurity needs to be "a team sport": Homeland Security official (Plant Services) All employees need to take ownership of mitigating cyber risks, DHS cybersecurity expert tells ARC forum audience

Your likelihood to be hacked is greatest if you're located… (FierceCION) With fears over cyberattacks at perhaps their highest levels ever, businesses in Delaware have been warned that they may be at the highest risk of all


As Cyber Threats Soar, So Do CISO Salaries (Wall Street Journal) The search for chief information security officers has become a seller's market as companies rush to hire security experts in the wake of several high-profile cyberattacks. High demand, coupled with a shortage of talent, is leading to compensation that is "zooming up on an almost daily basis," said Peter Metzger, vice chairman at executive recruiter CTPartners

Which Cybersecurity Skills Are Hot? (eSecurity Planet) Big data breaches are inspiring employers to pay more for cybersecurity certifications, some experts say

FireEye: A Next-Generation Cyber Security Play (Seeking Alpha) Businesses and governments will further need cyber security companies like FireEye. FireEye's excellent revenue in previous years and expansive R&D team will continue to excel. FireEye's acquisition of competitor Mandiant further establishes the company as the leader in the industry

New BlackBerry CSO calls security 'War of good vs. evil' (CSO) BlackBerry's new CSO David Kleidermacher has 23 years of IT experience and expertise in IoT technology, and he will presumably play a key role in the company's future IoT security strategy

Cyber-threat startup Digital Shadows secures $8 million investment round (Finextra) Digital ShadowsCyber intelligence company Digital Shadows has today announced it has secured US$8 million of investment in a new funding round

WhiteHat Security Named a Leader in Application Security by Independent Research Firm (PRNewswire) WhiteHat Security, the Web security company, today announced it has been ranked a Leader in "The Forrester Wave™: Application Security, Q4 2014

ThreatMetrix Honored as Coolest Cloud Computing Vendor by CRN (PRWeb) ThreatMetrix analyzes and protects more Than 850 million monthly transactions with its innovative TrustDefender™ cybercrime protection platform

Businesswoman fighting back after cyber attack forces closure of firms (Express and Star) A businesswoman has been forced to close her estate agents and property consultancy firms in Staffordshire after coming under attack from cyber criminals, causing her to lose tens of thousands of pounds and lay off staff

Two Executives Earn Prestigious Smart CEO Award (ZeroFOX) ZeroFOX Chief Operating Officer, Evan Blair, and Chief People Officer, Hillary Herlehy, were both honored with SmartCEO?s executive management award

Lou Von Thaer, Leidos Nat'l Security Sector President, Chosen to Wash100 for Cyber and ISR Leadership (GovConExec) Executive Mosaic is honored to unveil Lou Von Thaer, president of the national security sector at Leidos, as the newest inductee into the Wash100 — a group of influential leaders in the government contracting arena

ThreatTrack Security taps new president (Washington Technology) ThreatTrack Security has named John Lyons president, where he will lead worldwide and government operations

vArmour Names Marc Woolward as Chief Technology Officer, EMEA (MarketWired) Former Goldman Sachs Networking CTO and Technology Fellow to drive vArmour vision and execution to deliver unprecedented security to the data center

Products, Services, and Solutions

Facebook Unveils Tool For Sharing Data On Malicious Botnets (Wired) Facebook noticed the attack first. But Mark Hammell and his team couldn't stop it without help from Tumblr, Pinterest, and others

How Secure is Your Android? Mobile Antivirus Apps Tested (PC Magazine) Most of us will never see our Android antivirus apps spit out a warning because most of us will never encounter malware on our phones. So how can you tell if your Android antivirus is actually protecting your phone against the malware that sometimes sneaks onto Google Play or is installed by an overbearing spouse?

Proofpoint Accelerates Email Archiving Migration, Speeds Path to Industry-Leading Cloud Archive (MarketWatch) Industry Leaders DTI Global, Nuix, QUADROtech and Trusted Data Solutions attest to faster, simplified email migration

First Ubuntu phone goes on sale on Wednesday (PCPro) Spanish mobile manufacturer to sell first handset via a series of online flash sales

Technologies, Techniques, and Standards

NIST Releases Update of Industrial Control Systems Security Guide for Final Public Review (NIST) The National Institute of Standards and Technology (NIST) has issued proposed updates to its Guide to Industrial Control Systems (ICS) Security (NIST Special Publication 800-82) for final public review and comment

NIST Special Publication 800-82 Revision 2 Final Public Draft: Guide to Industrial Control Systems (ICS) Security (NIST) Supervisory Control and Data Acquisition (SCADA) Systems, Distributed Control Systems (DCS), and Other Control System Configurations such as Programmable Logic Controllers (PLC)

Introducing the CryptoCurrency Security Standard (CCSS) (CryptoConsortium) The C4 mission statement is to develop and maintain standards that will benefit the cryptocurrency ecosystem. We accomplish this mission with the collaboration of the brightest minds in our space and have met success with each of our prior projects. Today, after months of working with extremely knowledgeable partners on this critical project, BitGo and C4 are proud to jointly announce the release of the draft CryptoCurrency Security Standard (CCSS) for public discussion

A Winning Strategy: Must Patch, Should Patch, Can't Patch (Dark Reading) The best way to have a significant impact on your company's security posture is to develop an organized effort for patching vulnerabilities

Are you a hack waiting to happen? Your boss wants to know (Washington Times) The next phishing email you get could be from your boss

The Why and How of DNS Data Analysis (CircleID) A network traffic analyzer can tell you what's happening in your network, while a Domain Name System (DNS) analyzer can provide context on the "why" and "how"

Decrypting TLS Browser Traffic With Wireshark — The Easy Way! (Jim Shaver) Most IT people are somewhat familiar with Wireshark. It is a traffic analyzer, that helps you learn how networking works, diagnose problems and much more

The Big Data picture — just how anonymous are "anonymous" records (Naked Security) On Naked Security we regularly write about, or at least make mention of, something called Big Data

From Big Data to smart data for security analytics (Global Big Data Conference) Have you heard the grand promise that Big Data analytics will reveal magical insights and enable organizations to transmute lead into gold? There seems a lack of depth to the idea and no concise plan in the roadmap. Big Data security analytics has the potential to be either a very effective solution or just another buzzword thrown around at conferences

Design and Innovation

A Crypto Trick That Makes Software Nearly Impossible to Reverse-Engineer (Wired) Software reverse engineering, the art of pulling programs apart to figure out how they work, is what makes it possible for sophisticated hackers to scour code for exploitable bugs. It's also what allows those same hackers' dangerous malware to be deconstructed and neutered. Now a new encryption trick could make both those tasks much, much harder

Are password alternatives a viable option? (Prosecurity Zone) Increased biometric authentication adoption hides flaws in technology that result in reverting to insecure password usage

Facebook is telling Native Americans their names are fake (Naked Security) In October, Facebook apologised to the drag queens, drag kings, and others in the LGBT (lesbian/gay/bisexual/transgender) community, some of which it had recently locked out of their accounts because their names weren't "real"

Drop in smartphone thefts after kill-switch introduction (CSO) The number of thefts and robberies of smartphones, particularly iPhones, is on the fall in New York, London and San Francisco, according to data to be released Wednesday


DARPA Hones Skills of Future Cyber Officers (DoD News) After months of work with world-class experts and online challenges, 60 cadets and midshipmen from the three service academies and the Coast Guard Academy recently faced off in contests of full-spectrum offensive and defensive cyber skills

Legislation, Policy, and Regulation

'Dramatic Improvement' in US and European Intel Sharing Because of ISIS (Defense One) The FBI is tracking every ISIS member it knows in the US, but needs Congress to block companies from offering encryption

Media Freedom In 'Drastic Decline' Worldwide (Radio Free Europe | Radio Liberty) Watchdog Reporters Without Borders (RSF) said in its annual evaluation released February 12 that media freedom suffered a "drastic decline" worldwide last year in part because of extremist groups such as Islamic State and Boko Haram

Western companies slam China's Internet firewall (Washington Post) China's growing restrictions on the Internet are harming the operations of Western businesses, stifling research and development operations and discouraging executives from moving here

White House Will Unveil Cyber Executive Actions At A Summit This Week (National Law Journal) On Friday, February 13, the White House will hold its Summit on Cybersecurity and Consumer Protection at Stanford University. President Obama will be speaking at the Summit and plans to issue a new Executive Order focusing on ways to increase cybersecurity information sharing between the private sector and the U.S. Department of Homeland Security

White House Cybersecurity Event to Draw Top Tech, Wall Street Execs (Wall Street Journal) Government to call on companies to help improve information sharing as breaches get more sophisticated

Three of Tech's Top CEOs to Skip Obama Cybersecurity Summit (Bloomberg) The top executives of Google Inc., Yahoo! Inc. and Facebook Inc. won't attend President Barack Obama's cybersecurity summit on Friday, at a time when relations between the White House and Silicon Valley have frayed over privacy issues

New cyber threat center to fill gaps in information sharing (Federal News Radio) The White House's new Cyber Threat Intelligence Center is not duplicating, or stealing resources or responsibilities from other agencies in government

Cyberthreat center coming (Washington Times) The White House national security adviser for counterterrorism announced this week that the Obama administration is setting up a cyberintelligence center aimed at providing better information and coordinated responses after cyberattacks that she said are growing more diverse and dangerous

White House launches new cyber security center: Will businesses cooperate? (Christian Science Monitor) The new Cyber Threat Intelligence Integration Center will aim to coordinate the United States government's response to cyberattacks, but it will need help from businesses to be effective

Feds to private businesses: Cough up your cyber intelligence (Network World) Corporations will be asked to contribute cyber intelligence to a new federal agency tasked with analyzing threat data culled from as many public and private sources as possible in order to more quickly spot attacks and attribute them to the guilty parties

Announcement of New Government Cybersecurity Agency Met With Skepticism (Slate) On Tuesday, the Obama administration announced that it is creating a new cybersecurity agency to coordinate between existing offices and groups that deal with cyber threats. The decision is motivated by recent high-profile incidents, like the Sony hack and a White House network that was reportedly infiltrated by Russian intelligence

Unconventional Security Conventions (Tripwire: the State of Security) In the face of the current wave of cyber threats, the U.S. government announced this week in Washington DC that as part of the Homeland Security initiative the current administration is creating a new agency called the Cyber Threat Intelligence Integration Centre (CTIIP) to monitor cybersecurity threats by acquiring, pooling and analysing any captured information — AKA 'intelligence'

Sharing threat intelligence is challenging the industry, but it's the only way forward (Banking Technology) Protecting your banking infrastructure from cybercriminals is one of the toughest IT challenges in banking. It keeps getting harder, even though banks are working tirelessly to protect both customers and assets

Answering Obama’s Call, Lone Senator Introduces Cybersecurity Bill (National Journal) Sen. Thomas Carper's bill seeks to cajole the private sector into increased information-sharing with the government by offering liability protection

NGA banks on the power of transparency (FCW) There is a data explosion happening in government. According to National Geospatial-Intelligence Agency Director Robert Cardillo, geospatial data — and in turn, his agency — are on the cusp of it

ODNI General Counsel Robert Litt's As Prepared Remarks on Signals Intelligence Reform at the Brookings Institute (IC on the Record) Thanks for that nice introduction, Cam

Litigation, Investigation, and Law Enforcement

After months of silence from feds on flying phone surveillance, EFF sues (Ars Technica) Since WSJ report on "dirtboxes" flown by US Marshals, few details have come out

Government wonders: What's in your old emails? (McClatchy) If you've been remiss in cleaning out your email in-box, here's some incentive: The federal government can read any emails that are more than six months old without a warrant

Malaysian Police Use Twitter in Crackdown on Dissent (New York Times) The Malaysian authorities have detained a cartoonist and ordered an investigation into two prominent politicians in an intensifying crackdown on dissent after the country's highest court upheld a five-year prison sentence for the leader of the opposition, Anwar Ibrahim

The Feds Want Your Grandma to Teach You How to Be Safe on the Internet (National Journal) Instead of treating older adults as helpless victims of online fraud, the government is trying to tap into their social networks to spread the word about Internet security

Utah Cyberunit Tackles Crimes Below the FBI's Radar (StateTech Magazine) The unit steps in when cybercrimes against residents and state networks don't rise to the level of an FBI investigation

New Mexico toes the thin line between overzealous detection and legitimate fraud prevention (FierceHealthPayer) We all have that friend who sees the world through rose-tinted glasses. Every day is a gift and every glass is half full

Hacker gets 8 Years in Jail for Making Prank Death Threats (HackRead) Remote control virus was used by the hacker to penetrate into computer systems and issue death threats to users

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

2015 North Dakota Cyber Security Conference (Fargo, North Dakota, USA, March 17, 2015) The North Dakota Cyber Security Conference brings together community members from academia, government and industry to share strategies, best practices and innovative solutions to address today's challenges...

Upcoming Events

AFCEA West 2015 (San Diego, California, USA, February 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.

Cybergamut Technical Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, February 17, 2015) Workshop Description: This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port...

Cyber Risk Wednesday: Breaking the Cyber Information-Sharing Logjam (Washington, DC, USA, February 18, 2015) A moderated discussion on challenges and solutions for information-sharing, the Administration's recent proposals for better practices between the private sector and government, and goal-directed approaches...

Cyber Framework and Critical Infrastructure: A Look Back at Year One (Washington, DC, USA, February 19, 2015) Last February, the Obama administration rolled out the nation's first cybersecurity standards to protect critical infrastructure. One year later, Dr. Phyllis Schneck, the Department of Homeland Security...

DEFCON | OWASP International Information Security Meet (Lucknow, India, February 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading...

10th Annual ICS Security Summit (Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools...

Cybersecurity for a New America: Big Ideas and New Voices (Washington, DC, USA, February 23, 2015) In addition to featuring keynote remarks by Admiral Mike Rogers, Director of the National Security Agency, this event will convene experts and practitioners from the public and private sector, military,...

Workforce Development Forum — CyberWorks Information Session (Baltimore, Maryland, USA, February 24, 2015) Are you a technology company that would like to actively participate in growing the right candidates for your open IT and cybersecurity positions? Are you a job seeker interested in pursuing a career in...

Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...

The Future of Cybersecurity Innovation (Washington, DC, USA, February 26, 2015) The US intelligence community has ranked cyberattacks as the No. 1 threat to national security — more than terrorist groups or weapons of mass destruction. But the military's cyberwarriors fight...

NEDForum: Cyber Network Exploitation and Defence: "Darknet & the Primordial Soup of Cyber Crime" (Edinburgh, Scotland, UK, February 27, 2015) Speakers will cover such topics as: "Fear and loathing on Darknet," (Greg Jones, Managing Consultant, Digital Assurance), "Securing the internet of everything" (Rik Ferguson, Global Vice President Security...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.