More reactions to Kaspersky's description of "threat actor" Equation Group appear. Journalistic speculation (especially but far from exclusively in Russian media, which display some triumphalism about Kaspersky's Russian roots, and quote SVR's and FSB's placid assurances of immunity to cyberespionage) equates Equation Group to NSA, although Kaspersky Lab itself declines to offer any attribution. Symantec offers its opinion that Equation Group is clearly a state actor. Consensus holds that the actor is very sophisticated and well resourced.
Targets are said to have been found in thirty countries, with a handful of middle-eastern nations apparently on an exempt list. Infection vectors include Web-based exploits, a worm ("Fanny"), compromised physical media (including CD-ROMs and USB dongles), and compromised hard drive firmware.
Kaspersky discerns signs of Equation Group activity as far back as 2001, possibly as long ago as 1996. Its target set suggests traditional espionage as opposed to economically motivated spying.
Some accounts suggest the group had tools capable of overcoming air gaps. War on the Rocks publishes a piece on the "third offset" — convergence of cyber operations with more traditional electronic attack.
Kaspersky's Cancun séances also describe another threat actor: "Desert Falcon." Reported to be an Arab group — perhaps a mercenary one — it displays a growing MENA-based cyber attack capability.
As the US State Department tries anti-ISIS messaging, Yahoo News looks at the aspiring caliphate's information operations.
Researchers believe they've found a smoking typo tying the Sony hack to North Korea.
Banks continue Carbanak recovery. The Vawtrak Trojan acquires malicious macros.
Today's issue includes events affecting Algeria, Afghanistan, Australia, Bangladesh, Belgium, Brazil, Bulgaria, Cambodia, Cameroon, Canada, China, Czech Republic, Denmark, Ecuador, Egypt, France, Germany, Iceland, India, Indonesia, Iran, Iraq, Israel, Kazakhstan, Kenya, Democratic Peoples Republic of Korea, Kuwait, Lebanon, Libya, Malaysia, Mali, Mauritius, Mexico, Morocco, Nepal, Netherlands, Nigeria, Norway, Pakistan, Palestinian Territories, Philippines, Poland, Qatar, Singapore, Somalia, South Africa, Spain, Sudan, Switzerland, Syria, Taiwan, Ukraine, United Arab Emirates, United Kingdom, United States, Vietnam, Yemen, and Zambia.
Cyber Attacks, Threats, and Vulnerabilities
Equation Group: Questions and Answers(Kaspersky Lab) The Equation group is a highly sophisticated threat actor that has been engaged in multiple CNE (computer network exploitation) operations dating back to 2001, and perhaps as early as 1996. The Equation group uses multiple malware platforms, some of which surpass the well-known "Regin" threat in complexity and sophistication. The Equation group is probably one of the most sophisticated cyber attack groups in the world; and they are the most advanced threat actor we have seen
Equation: The Death Star of Malware Galaxy(Securelist) One sunny day in 2009, Grzegorz Brzeczyszczykiewicz embarked on a flight to the burgeoning city of Houston to attend a prestigious international scientific conference. As a leading scientist in his field, such trips were common for Grzegorz
A Fanny Equation: "I am your father, Stuxnet"(Securelist) At the Virus Bulletin conference in 2010, researchers from Kaspersky Lab partnered with Microsoft to present findings related to Stuxnet. The joint presentation included slides dealing with various parts of Stuxnet, such as the zero-days used in the attack
Fanny superworm likely the precursor to Stuxnet(CIO) The Stuxnet computer worm that was used to sabotage the Iranian nuclear program was likely preceded by another sophisticated malware program that used some of the same exploits and spread through USB thumb drives to computers isolated from the Internet
Equation Group: Meet the NSA 'gods of cyber espionage'(International Business Times) Over the last couple of years we have been hearing about ever more sophisticated pieces of malware. From Stuxnet and Flame to Gauss and most recently Regin, all have shown increasing levels of technical prowess and all have been linked in some way with the US government
Kaspersky Lab Unveils 'Equation': the Grand Daddy of APT Groups(Infosecurity Magazine) Kaspersky Lab has uncovered what appears to be one of the most sophisticated cyber-attack groups in history — in operation for at least 14 years and which even had access to some of the exploits used in the Stuxnet and Flame campaigns
Russian researchers expose breakthrough U.S. spying program(Reuters) The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber researchers and former operatives
Russia's Kaspersky Lab Exposes U.S. Cyber Espionage Program(Moscow Times) Russia's intelligence services are not concerned by the discovery of an advanced cyber-espionage ring discovered by the Moscow-based security software maker Kaspersky Lab, state news agency RIA Novosti reported Tuesday, citing an intelligence official
Bridging the Air Gap: the Coming "Third Offset"(War on the Rocks) Consider yourself warned: other militaries appear to be developing an unsettling attack capability with game-changing consequences for America's ability to project military might abroad. This platform does not take the form of a precision-guided munition or a next-generation fighter aircraft. It is also not a cyber-attack in the traditional sense, over Internet connections and terrestrial wires
Hack highlights holes in cyber security(Asset Servicing Times) A string of cyber attacks that saw about $1 billion stolen from banks affected 100 banks, e-payment systems and other organisations in a two-year period, according to an investigation led by Kaspersky Lab
The Desert Falcons targeted attacks(Securelist) The Desert Falcons are a new group of Cyber Mercenaries operating in the Middle East and carrying out Cyber Espionage across that region. The group uses an arsenal of homemade malware tools and techniques to execute and conceal its campaigns on PC and Mobile OS
APT Groups Emerging in Middle East(Threatpost) Since security researchers and vendors began exposing the inner workings of APT groups a few years ago, virtually all of the operations that have been made public have been the work of attackers in Europe, Asia or North America. But recently, groups in the Middle East have joined the game as well
Beware of fake Windows 10 "activators"(Help Net Security) The considerable interest users have shown for testing Microsoft's Windows 10 Technical Preview version has not passed unnoticed by cyber scammers and malware peddlers
Flaw in Netgear Wi-Fi routers exposes admin password, WLAN details(Help Net Security) A number of Netgear home wireless routers sport a vulnerability that can be misused by unauthenticated attackers to obtain the administrator password, device serial number, WLAN details, and various details regarding clients connected to the device, claims systems/network engineer Peter Adkins
What's critical to the success of the Internet of Things?(Help Net Security) Managing identities and access is critical to the success of the Internet of Things (IoT), but in its current form identity and access management (IAM) cannot provide the scale or manage the complexity that the IoT brings to the enterprise, according to Gartner
Palo Alto Networks: Well-Positioned For Growth(Seeking Alpha) With the pervasive threat and increasing severity of cyberattacks, the cybersecurity industry should see huge growth moving forward.
Palo Alto Networks has become in a standout in the privatized cybersecurity space through its sophisticated firewall capabilities and new innovative security products
Cybersecurity company Co3 Systems rebrands as Resilient Systems(BetaBoston) Internet security company Co3 Systems announced today that it is rebranding as Resilient Systems. The company, which focuses on helping organizations react to security incidents, claims to protect companies from data breaches and other potentially harmful cyber attacks
WatchGuard Lays Off its India Team(Computerworld) Security solutions vendor WatchGuard has laid off its entire India team. As part of a renewed strategy the company has recruited Round Robin as its new master distributor
Leidos Wins 15th Nunn-Perry Award for Mentor-Protege Excellence(PRNewswire) Leidos (NYSE: LDOS) announced today that it received the U.S. Department of Defense (DoD) Nunn-Perry Award for mentor-protege excellence. This is the 15th time Leidos has been selected to receive a Nunn-Perry Award, which is named in honor of former Sen. Sam Nunn and former Secretary of Defense William Perry. The award recognizes outstanding mentor-protege teams formed under the DoD's Mentor-Protege program
Benefits of the Cisco OpenSOC security analytics framework(TechTarget) Cisco's open source security analytics framework aims to help enterprises address visibility and incident management challenges. Expert Kevin Beaver discusses OpenSOC and what to consider when integrating it into an enterprise security strategy
Encryption and Silence Can Be Targets' Best Assets(Threatpost) Things are getting real these days for executives, researchers, journalists and others involved in the security community. Targeted surveillance is a reality for many in the community, and researchers and activists are trying now to help them assess and address that threat to their privacy and security
Nine Takeaways From the White House Cyber-security Summit (eWeek) In May 2009, newly elected President Barack Obama — who was burning the midnight oil trying to revive a very sick U.S. economy — declared that cyber-security was going to be a national security priority within his administration
The U.S. government's cyber-go-round(The Hill) Official Washington?s response to perceived major crises generally follows a pattern: a serious security threat is proclaimed that requires vast new resources and legal authorities to defeat. A ?czar? may be appointed to help coordinate the federal response, or even an entirely new military command will be established to meet the challenge. When those efforts fail, a reorganization of the national security apparatus will be the next proposed step. The end result is usually more bureaucratic and policy failure
Will Companies Voluntarily Share Data Regarding Cyber Security at the President's Request?(JDSupra) On Friday February 13, 2015, President Obama spoke at the White House Summit on Cybersecurity and Consumer Protection at Stanford University. After his address, President Obama signed an executive order, Promoting Private Sector Cybersecurity Information Sharing, that will encourage private companies to share information regarding cyber security with the U.S. government. The executive order does not require private corporations to cooperate with the U.S. government in any affirmative manner. In addition, the executive order directs the U.S. Department of Homeland Security to develop voluntary standards related to cyber security
A "Cyber" Study of the U.S. National Security Strategy Reports(Tripwire: the State of Securiy) In early February, the White House released its 2015 National Security Strategy (NSS). Each NSS report is symbolic to the extent that it reveals the security issues the acting U.S. president intends to focus on for the coming months and years. While not constituting "hard," actionable strategies, these documents help to articulate the future security foci of the United States
American Cyber Espionage is Acceptable and Needed(Final Approach) Since the massive leaks in 2013 by former National Security Agency (NSA) contractor Edward Snowden, the media has relentlessly covered American cyber espionage. Many, particularly foreign nations, decry the NSA's widespread collection of data and communications, but these and other activities conducted by American actors in the cyber arena are critical to the United States' survival
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Boston SecureWorld(Boston, Massachusetts, USA, March 4 - 5, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
TakeDownCon: Capital Region 2015(East Hyattsville, Maryland, USA, June 1 - 2, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their...
DEFCON | OWASP International Information Security Meet(Lucknow, India, February 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading...
10th Annual ICS Security Summit(Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools...
Cybersecurity for a New America: Big Ideas and New Voices(Washington, DC, USA, February 23, 2015) In addition to featuring keynote remarks by Admiral Mike Rogers, Director of the National Security Agency, this event will convene experts and practitioners from the public and private sector, military,...
Workforce Development Forum — CyberWorks Information Session(Baltimore, Maryland, USA, February 24, 2015) Are you a technology company that would like to actively participate in growing the right candidates for your open IT and cybersecurity positions? Are you a job seeker interested in pursuing a career in...
Cybersecurity: You Don't Know What You Don't Know(Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...
The Future of Cybersecurity Innovation(Washington, DC, USA, February 26, 2015) The US intelligence community has ranked cyberattacks as the No. 1 threat to national security — more than terrorist groups or weapons of mass destruction. But the military's cyberwarriors fight...
2015 Cyber Risk Insights Conference — San Francisco(San Francisco, California, USA, March 3, 2015) Following on the success of the 2014 half-day cyber risk event, Advisen will present a full day of learning and networking for risk managers, CISOs, CROs, insurance brokers, insurance underwriters, reinsurers...
Cybergamut Technical Tuesday: Tor and the Deep Dark Web(Columbia, Maryland, Sioux Falls, March 3, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external...
Mercury Proposers' Day Conference(IARPA1, Washington, DC, March 5, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Mercury Program on March 5, in anticipation of the release of a new solicitation in support of...
OISC: Ohio Information Security Conference(Dayton, Ohio, USA, March 11, 2015) Technology First invites you to participate in the 12th Annual Ohio Information Security Conference Wednesday, March 11, at the Sinclair Community College Ponitz Center in Dayton, Ohio. The conference...
RiSK Conference 2015(Lasko, Slovenia, March 11 - 12, 2015) In recent years RISK conference has become one of the leading events on computer security in the Adriatic region and is attended by engineering as well as executive staff of companies from the region.
B-Sides Vancouver(Vaqncouver, British Columbia, Canada, March 16 - 17, 2015) The third annual Security B-Sides Vancouver is an information security conference that will be held March 16th and 17th. We love to see brand new speakers, seasoned speakers, and everyone in between
Insider Threat 2015 Summit(Monterey, California, USA, March 16 - 17, 2015) The Insider Threat 2015 Summit is about bringing Government and Industry organizations and their cybersecurity leaders together in order to better understand the type of threats that may impact their infrastructure...
2015 North Dakota Cyber Security Conference(Fargo, North Dakota, USA, March 17, 2015) The North Dakota Cyber Security Conference brings together community members from academia, government and industry to share strategies, best practices and innovative solutions to address today's challenges...
BSides Salt Lake City(Salt Lake City, Utah, USA, March 20 - 21, 2015) BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation
CarolinaCon-11(Raleigh, North Carolina, USA, March 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions...
CyberTech Israel 2015(Tel Aviv, Israel, March 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems...
2nd Annual ISSA COS Cyber Focus Day(Colorado Springs, Colorado, USA, March 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado...
CYBERWEST: the Southwest Cybersecurity Summit(Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic,...
Women in Cyber Security(Atlanta, Georgia, USA, March 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally.
Automotive Cyber Security Summit(Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel...
Insider Threat Symposium & Expo(Laurel, Maryland, USA, March 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.