Two major cyber stories break at Kaspersky's Cancun shindig, both still developing. First, Kaspersky Lab lays out its research on the "Equation Group," hacking "gods" (Kaspersky Lab is pretty star-struck here) who, researchers say, were able to install "permanent" surveillance and sabotage tools on the networks of countries and groups of interest. The campaign may go back as far as 2002. It's said to have used booby-trapped CDs among its earliest vectors, and succeeded in compromising commonly used hardware. Kaspersky suggests links among the Equation Group, Flame, Stuxnet, and Regin. (Journalists infer that Equation Group is a US Government operation.)
The second story is less surprising (Krebs and Cluley both point out that it's been breaking, at least in incipient form, for months) but shocking nonetheless: a Russian cyber criminal group has succeeded in siphoning off about $1B from banks worldwide. Don't be misled by Blofeldian details of ATMs in Kiev spitting out cash into reading this as a local story: "Carbanak" hit about 100 banks and seems to have made use of surveillance tools earlier deployed against government and industry targets. (Few journalists infer Russian government involvement with cyber Mafiosi.)
ISIS information operations (against a UAE newspaper and US service members' Twitter accounts among other targets) prompt a revamped US response (State Department has the lead). Trend Micro reports on Arid Viper, an anti-Israeli cyber campaign controlled from Gaza, using servers located in Germany.
President Obama's cyber Executive Order attracts more reviews. So does Apple CEO Cook's summit presentation.
Today's issue includes events affecting Afghanistan, Australia, Bangladesh, Belgium, Brazil, Bulgaria, Cameroon, Canada, China, Czech Republic, Denmark, Ecuador, Egypt, France, Germany, Iceland, India, Iran, Iraq, Israel, Kazakhstan, Kenya, Kuwait, Lebanon, Libya, Malaysia, Mali, Mauritius, Mexico, Morocco, Nepal, Netherlands, Nigeria, Norway, Pakistan, Palestinian Territories, Philippines, Poland, Qatar, Singapore, Somalia, South Africa, Spain, Sudan, Switzerland, Syria, Taiwan, Ukraine, United Arab Emirates, United Kingdom, United States, Yemen, and Zambia.
Cyber Attacks, Threats, and Vulnerabilities
U.S. Embedded Spyware Overseas, Report Claims(New York Times) The United States has found a way to permanently embed surveillance and sabotage tools in computers and networks it has targeted in Iran, Russia, Pakistan, China, Afghanistan and other countries closely watched by American intelligence agencies, according to a Russian cybersecurity firm
Carbanak Ring Steals $1 Billion from Banks(Threatpost) Hackers in Eastern Europe are bleeding banks dry, stealing as much as $1 billion from more than 100 financial institutions in a string of attacks that borrow heavily from targeted attacks against sensitive government and industrial targets
Bank Hackers Steal Millions via Malware(New York Times) In late 2013, an A.T.M. in Kiev started dispensing cash at seemingly random times of day. No one had put in a card or touched a button. Cameras showed that the piles of money had been swept up by customers who appeared lucky to be there at the right moment
The Great Bank Heist, or Death by 1,000 Cuts?(KrebsOnSecurity) I received a number of media requests and emails from readers over the weekend to comment on a front-page New York Times story about an organized gang of cybercriminals pulling off "one of the largest bank heists ever." Turns out, I reported on this gang's activities in December 2014, although my story ran minus many of the superlatives in the Times piece
Calls for greater banking security in light of major cyber attack(MicroScope) The revelations by Kaspersky that hackers were able to gain access to 100 banks across 30 countries and steal around $1bn over a period of two years is not only a major concern but also an indication that while a lot of focus has been drawn to nation state attacks the criminals are still busy getting their hands on cash illegally
Arid Viper: Gaza vs Israel Cyber Conflict(TrendLabs Security Intelligence Blog) Today, Trend Micro publishes a research report on an ongoing malware campaign that targets Israeli victims and leverages network infrastructure in Germany. The campaign has strong attribution ties to Arab parties located in the Gaza Strip and elsewhere
Fuel Station Skimmers: Primed at the Pump(KrebsOnSecurity) I recall the first time I encountered an armed security guard at a local store. I remember feeling a bit concerned about the safety of the place because I made a snap (and correct) assumption that it must have been robbed recently. I get a similar feeling each time I fuel up my car at a filling station and notice the pump and credit card reader festooned with security tape that conjures up images of police tape around a crime scene
C-93 Virus Alert Email from Microsoft is a Phishing Scam(HackRead) An email is being received by users of Microsoft's email accounts claiming to be sent from Windows Outlook. It has been titled C-93 Virus Alert and informs the user that a virus has been detected by Microsoft in your mailbox. Also present in that email is the method to eliminate this virus
WhatsApp spy tool lets anyone track when you're online(Naked Security) Just a few weeks after WhatsApp was found to be flashing photos that users weren't supposed to see, we've got another privacy glitch: this time, it looks like changing your privacy settings doesn't stop people from tracking your status and any changes you've made to profile photos, status messages and settings
Did You Remove That Debug Code? Netatmo Weather Station Sending WPA Passphrase in the Clear(Internet Storm Center) (BTW: it looks like the firmware update released this week by netatmo after reporting this issue fixes the problem. Still trying to completely verify that this is the case.) I have the bad habit of playing with home automation and various data acquisition tools. I could quit any time if I wanted to, but so far, I decided not to. My latest toy to add to the collection was a "Netatmo" weather station. It fits in nicely with the aluminum design of my MacBook, so who cares if the manufacturer considered security in its design, as long as it looks cool and is easy to set up
Bulletin (SB15-047) Vulnerability Summary for the Week of February 9, 2015(US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
Companies 'Must See Cyber Attacks as Inevitable'(Newsweek) A top executive from the firm whose forensic experts investigated the Sony Corporation cyberhack last year says we "shouldn't be surprised" by the recent cyber robbery of up to $1bn — deemed one of the world's biggest cyber heists to date — and that companies should plan for the worst and see attacks as an inevitability
Evolution and Adaptation in the Security Jungle(Threatpost) One of the more difficult aspects of defending a network or system is trying to keep up with the new tactics and techniques that attackers use. They modify their techniques constantly, and security teams must do they same or they won't survive. Evolve or die has become the rule
Secuina Vulnerability Update, February 17, 2015(Secunia [registration required]) Total number of new vulnerabilities in the Top 20 over the 3 month period: 1,357. Vendor with most vulnerable products in the 3 month period: IBM. Product with the most vulnerabilities: X.Org XServer
Cybercrime moves from server room to the boardroom(The Tally) Cybersecurity analysts have for years lamented that banks weren't paying sufficient attention to the threat posed by online attacks. Now, after a slew of high-profile breaches, it seems bank chief executives are taking not
Turing And The Increasingly Important Case For Theory(TechCrunch) Like many in Silicon Valley, I recently saw Morten Tyldum's The Imitation Game. I have a soft spot for underdog academic narratives and actually teared up. However, I couldn't shake the feeling the film pigeonholed the breadth and depth of Turing's work to early cryptography and its mechanized instantiation during WWII
U.S. Intensifies Effort to Blunt ISIS' Message(New York Times) The Obama administration is revamping its effort to counter the Islamic State's propaganda machine, acknowledging that the terrorist group has been far more effective in attracting new recruits, financing and global notoriety than the United States and its allies have been in thwarting it
Israel establishes Cyber Defense Authority(San Diego Jewish World) Israel's Cabinet, at its weekly meeting on Sunday, Feb. 15, approved a comprehensive plan for national readiness in cyberspace; this is in addition to processes and efforts being advanced by the Israel National Cyber Bureau since its establishment three years ago in order to boost the State of Israel's strength in cyberspace
Obama to urge companies to share data on cyber threats(KPCC) In a move the White House says will help "quickly identify and protect against cyber threats," President Obama will sign an executive order today urging companies that come under attack to share information about the threat with both other companies and the government
Takeaways from Obama's cyber security summit(ITProPortal) US President Barack Obama led a cyber security summit in California last week, also attended by the likes of Apple CEO Tim Cook, with the aim of uniting the Government and technology companies on issues of national cyber security
What Apple Is Missing About Cyber Security(Huffington Post) Last week, Apple CEO Tim Cook attended a cyber security conference sponsored by the White House, in which he signed up for a framework to share information on cyber threats between companies
Cybersecurity: Beware untrustworthy partners(Muscatine Journal) Before the ink had time to dry on his Feb. 12 executive order "promoting private sector cybersecurity information sharing," US president Barack Obama launched a campaign to re-write history and make the case for trusting government to bolster network security and data privacy
For Net Neutrality, Political Theater(TechCrunch) The FCC is moving on net neutrality. And past internal dissension at the agency, Congressional forces are lining up to mostly kick up dust and whine as the Commission readies to vote on stringent rules in under two weeks
OMB reaffirms cyber oversight role(Federal News Radio) Agencies should expect a cybersecurity revival of sorts from the Office of Management and Budget this year. OMB is reasserting its cyber oversight role with a new group of experts called the E-Gov Cyber and National Security Unit
US wireless carriers now legally have to unlock our phones(Naked Security) After two years behind bars and a whole lot of petition-signing, US mobile phone owners have regained their gadgets' freedom: we now have the ability to legally unlock our phones and take them to whatever network carrier has compatible cell towers
DEFCON | OWASP International Information Security Meet(Lucknow, India, February 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading...
10th Annual ICS Security Summit(Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools...
Cybersecurity for a New America: Big Ideas and New Voices(Washington, DC, USA, February 23, 2015) In addition to featuring keynote remarks by Admiral Mike Rogers, Director of the National Security Agency, this event will convene experts and practitioners from the public and private sector, military,...
Workforce Development Forum — CyberWorks Information Session(Baltimore, Maryland, USA, February 24, 2015) Are you a technology company that would like to actively participate in growing the right candidates for your open IT and cybersecurity positions? Are you a job seeker interested in pursuing a career in...
Cybersecurity: You Don't Know What You Don't Know(Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...
The Future of Cybersecurity Innovation(Washington, DC, USA, February 26, 2015) The US intelligence community has ranked cyberattacks as the No. 1 threat to national security — more than terrorist groups or weapons of mass destruction. But the military's cyberwarriors fight...
2015 Cyber Risk Insights Conference — San Francisco(San Francisco, California, USA, March 3, 2015) Following on the success of the 2014 half-day cyber risk event, Advisen will present a full day of learning and networking for risk managers, CISOs, CROs, insurance brokers, insurance underwriters, reinsurers...
Cybergamut Technical Tuesday: Tor and the Deep Dark Web(Columbia, Maryland, Sioux Falls, March 3, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external...
Mercury Proposers' Day Conference(IARPA1, Washington, DC, March 5, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Mercury Program on March 5, in anticipation of the release of a new solicitation in support of...
OISC: Ohio Information Security Conference(Dayton, Ohio, USA, March 11, 2015) Technology First invites you to participate in the 12th Annual Ohio Information Security Conference Wednesday, March 11, at the Sinclair Community College Ponitz Center in Dayton, Ohio. The conference...
RiSK Conference 2015(Lasko, Slovenia, March 11 - 12, 2015) In recent years RISK conference has become one of the leading events on computer security in the Adriatic region and is attended by engineering as well as executive staff of companies from the region.
B-Sides Vancouver(Vaqncouver, British Columbia, Canada, March 16 - 17, 2015) The third annual Security B-Sides Vancouver is an information security conference that will be held March 16th and 17th. We love to see brand new speakers, seasoned speakers, and everyone in between
Insider Threat 2015 Summit(Monterey, California, USA, March 16 - 17, 2015) The Insider Threat 2015 Summit is about bringing Government and Industry organizations and their cybersecurity leaders together in order to better understand the type of threats that may impact their infrastructure...
2015 North Dakota Cyber Security Conference(Fargo, North Dakota, USA, March 17, 2015) The North Dakota Cyber Security Conference brings together community members from academia, government and industry to share strategies, best practices and innovative solutions to address today's challenges...
BSides Salt Lake City(Salt Lake City, Utah, USA, March 20 - 21, 2015) BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation
CarolinaCon-11(Raleigh, North Carolina, USA, March 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions...
CyberTech Israel 2015(Tel Aviv, Israel, March 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems...
2nd Annual ISSA COS Cyber Focus Day(Colorado Springs, Colorado, USA, March 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado...
CYBERWEST: the Southwest Cybersecurity Summit(Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic,...
Women in Cyber Security(Atlanta, Georgia, USA, March 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally.
Automotive Cyber Security Summit(Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel...
Insider Threat Symposium & Expo(Laurel, Maryland, USA, March 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.