skip navigation

More signal. Less noise.

Daily briefing.

Trend Micro's report on Arid Viper seems to have pushed some Arabic hacktivists-cum-mercenaries into social media occultation, but their command-and-control servers are still up and active.

Increasingly firm evidence surfaces that Komodia's traffic interception engine from (used by Superfish, among others) is being exploited in man-in-the-middle attacks.

Figures on the scope of the Anthem breach are out, with some good and bad news (more bad than good): 78.8M people's records were compromised (down 1.2M, so good) but somewhere between 8.8M and 18M people who aren't Anthem customers may have been affected (and that, of course, is bad).

Joomla redirect denial-of-service attacks continue. Another campaign, evidently staged from China, exploits a remote-code-execution vulnerability in Rejetto HTTP File Server to distribute the DDoS tool IptabLex.

Phishing spam is distributing links that, when clicked reset default router passwords to enable harvesting of sensitive data, including banking credentials.

US Director of National Intelligence Clapper testifies before Congress and offers some pointed criticism of state opponents in cyberspace. He singles out Russia, China, Iran, and North Korea as unregenerate bad actors (and attributes last year's attack on Las Vegas' Sands Corporation to Iran). Russian capabilities and intentions, he says, are particularly disturbing.

Corporations increasingly turn to cyber attack and response drills to train security teams (see Symantec) and concentrate on building timely response capabilities (see Northrop Grumman).

Drexel University researchers claim they've successfully "fingerprinted" malware coders — think linguistic analysis.

Reactions to the US Administration's new CTIIC continue to roll in. The US FCC passes net neutrality (and arouse Congressional attention).

Notes.

Today's issue includes events affecting Bangladesh, Canada, China, Egypt, European Union, India, Iran, Israel, Democratic Peoples Republic of Korea, New Zealand, Palestinian Territories, Russia, United Kingdom, United States.

Dateline Washington, DC: Plan X

The Pentagon is building an app store for cyberoperations: An exclusive inside look at DARPA's futuristic Plan X (Christian Science Monitor: Passcode) It looks like outer space. The hundreds of thousands of computers look like stars. Across the vast military network, the sparkling connections between them form constellations

The Future of Cybersecurity Innovation: Plan X (Christian Science Monitor: Passcode) A glimpse into the future of defending against threats to cybersecurity featuring a live demo by DARPA's Plan X team of its cyber threat visualization system with The Christian Science Monitor's new section on digital security and privacy, Passcode

DARPA offers rare glimpse at program to visualize cyberdefenses (Christian Science Monitor: Passcode) The Pentagon's advanced research arm revealed its latest version of Plan X, an in-progress system designed for the military to visualize defending against cyberattacks, at a Passcode event on the future of cybersecurity innovation

Active Authentication (DARPA) The current standard method for validating a user's identity for authentication on an information system requires humans to do something that is inherently unnatural: create, remember, and manage long, complex passwords. Moreover, as long as the session remains active, typical systems incorporate no mechanisms to verify that the user originally authenticated is the user still in control of the keyboard. Thus unauthorized individuals may improperly obtain extended access to information system resources if a password is compromised or if a user does not exercise adequate vigilance after initially authenticating at the console

Cyber Attacks, Threats, and Vulnerabilities

Arab Hackers Go Running After Trend Micro Report (Computer Business Review) Social media goes quiet, but attackers keep hacking

Signs of Superfish-like MitM Attacks Discovered in the Wild (Softpedia) Evidence has been found suggesting that cybercriminals may be relying on the traffic interception engine from Komodia, integrated in Superfish and other software solutions, for nefarious purposes in the wild

Anthem healthcare breach is smaller — and bigger — than first thought (Naked Security) At the start of February 2015, we wrote about a large-scale data breach at US health insurance company Anthem

Joomla Reflection DDoS attacks exploit a Google Maps Plugin flaws (Security Affairs) Akamai firm discovered numerous attacks exploiting a known vulnerability in a Google Maps plugin to run Joomla Reflection DDoS attacks against enterprises

DDOS Exploit Targets Open Source Rejetto HFS (Threatpost) Apparently no vulnerability is too small, no application too obscure, to escape a hacker's notice. A honeypot run by Trustwave's SpiderLabs research team recently snared an automated attack targeting users of the open source Rejetto HTTP File Server

Spam Uses Default Passwords to Hack Routers (KrebsOnSecurity) In case you needed yet another reason to change the default username and password on your wired or wireless Internet router: Phishers are sending out links that, when clicked, quietly alter the settings on vulnerable routers to harvest online banking credentials and other sensitive data from victims

How Hackers Can Hijack Your Website And Read Your Email, Without Hacking Your Company (Tripwire: the State of Security) Imagine coming into the office one day, and finding that visitors to your website are not only seeing messages and images posted by hackers, but that the attackers are also posting screenshots of private emails sent to your company on Twitter

Serious TalkTalk data breach leads to scam phone calls for customers (Graham Cluley) TalkTalk, we need to have a serious talk

How nine out of ten healthcare pages leak private data (Naked Security) A study by a Timothy Libert, a doctoral student at the University of Pennsylvania, has found that nine out of ten visits to health-related web pages result in data being leaked to third parties like Google, Facebook and Experian

DDoS Attacks Will Do More Than Tickle The Internet Of Things' Soft Underbelly (TechWeek Europe) Nexusguard's 2015 Internet Security Trend report reveals DDoS assaults on the Internet of Things will cost businesses millions of pounds

Iran Behind Cyber-Attack on Adelson's Sands Corp., Clapper Says (Bloomberg) The top U.S. intelligence official confirmed for the first time that Iran was behind a cyber attack against the Las Vegas Sands Corp. last year

US-Bangladesh blogger Avijit Roy hacked to death (EIN) A knife-wielding mob has hacked to death a US-Bangladeshi blogger whose writing on religion had brought threats from Islamist hardliners

Cyber Trends

Study Finds Disconnect Between IT, Leadership on Cyber Security (eSecurity Planet) Two thirds of CIOs and CISOs say senior leaders in their organization don't view cyber security as a strategic priority

The business and social impacts of cyber security issues (Help Net Security) With multiple recent high profile attacks targeting household names and large employers, individuals increasingly fear cyber crime and its resulting consequences at work as well as at home, according to GFI Software

The growth of cyber crime and why it may take a Manhattan Project-scale response to stop (National Post) Examples are easy. In December, malicious software allowed bank robbers to take as much as $1 billion from institutions in 30 countries. In November, Sony had that little problem with North Korea. In October, hackers snagged 40 million credit and debit card numbers from Target. A few months before that, computer systems at Canada's National Research Council suffered a massive hit by a cyberattacker

The spy in your pocket (Economist) Watch out for hackers — and spooks

'Shadow' Cloud Services Rampant In Government Networks (Dark Reading) Survey finds public sector employees use unmanaged cloud services just as much as private employees

Cyber deterrence 'relatively immature,' says head of US Cyber Command (FierceGovernmentIT) The U.S. military has acknowledged that it regularly engages in "active defense" — taking a range of proactive measures against an adversary in cyberspace. But the risks associated with this cyclic exchange of attack and retaliation are not unique to the cyber domain, said Adm. Mike Rogers, director of the National Security Agency and commander of the U.S. Cyber Command

Top Spy: Small Hacks Are Bigger Threat Than 'Cyber Armageddon' (Daily Beast) Good news: the U.S. is getting better at detecting cyber attacks already underway. Bad news: they're multiplying

Cyber attacks top US national threat list (ComputerWeekly) Cyber attacks by politically and criminally motivated actors top the list of threats facing the US, according to national intelligence director James Clapper

US intelligence chief: New classified intel suggests cyber threat from Russia more severe (US News and World Report) The U.S. has elevated its appraisal of the cyber threat from Russia, the U.S. intelligence chief said Thursday, as he delivered the annual assessment by intelligence agencies of the top dangers facing the country

Remarks as Delivered by the Honorable James R. Clapper, Director of National Intelligence (Office of the Director of National Intelligence) Chairman McCain, Ranking Member Reed and Members of the Committee, Gen. Stuart and I are honored to be here this morning

Hack scares put focus on cloud security (New Zealand Herald) Safe environment for users will require co-operation between devices, providers and software writers: expert

Marketplace

Healthcare security spending to reach US$10 billion by 2020 (Help Net Security) The healthcare sector is ill-prepared for the new cyberage. Hospitals, clinics, trusts, and insurers are under attack from malicious online agents. The value of personal health information, made more easily available with the convergence to electronic health records, is ten times that of financial data such as credit card numbers

Cyber-Security In Insurance: 7 Things To Know (InformationWeek) Insurers need to boost their security knowledge amidst the growing risk of cyberattacks

Want to be acquired? Get your cybersecurity in order (Washington Business Journal) More and more, cybersecurity has become a key factor in analyzing the amount of risk that a financial or strategic buyer would take on with an acquisition

High Risk, High Reward: The Ups And Downs Of Security Startups (CRN) A new wave of disruptive security startups are redrawing the battle lines in the growing conflict between cybercriminals and corporate America. For solution providers, the risks of partnering with these upstarts is high. But so are the rewards

Zimperium raises $12M to protect mobile phones from cyber threats (Geektime) Israeli cyber startup Zimperium raises an impressive $12M Series B round of funding within 18 months of raising $8M. Could it be on the fast track to an exit?

UK seeks next hacking genius to save queen, country from cyberterror (CNN) A fake cyberattack was staged against a landmark telecommunications building, but it was no mere academic exercise for self-taught "ethical hackers" fighting cyberterrorism

Lockheed Martin Awarded Contracts To Support U.S. Navy Cross Domain Intelligence Sharing Solution (PRNewswire) Lockheed Martin (NYSE: LMT) will continue to support the Navy system that allows secure sharing of sensitive data between unclassified and classified security domains. The U.S. Navy recently awarded Lockheed Martin two contracts with a total ceiling value of $90 million to support the Radiant Mercury cross domain solution for five years

Products, Services, and Solutions

Paranoid Android Kaymera smartmobe takes on Blackphone (Register) Super-secure Israeli platform only lacks Mossad bodyguard

Sicherheit für heterogene Netzwerke (ITSecCity) "G Data Antivirus für Mac": Der Einsatz einer Sicherheitslösung für Mac schützt nicht nur den eigenen Apple-Rechner, sondern sichert zugleich auch Windows-Systeme innerhalb des Netzwerk

Technologies, Techniques, and Standards

Cyber Threat Analysis for the Aviation Industry (Infosec Institute) Cyber attacks on the aviation industry are becoming a sensitive issue. Considering that cyberspace provides a low-cost haven for carrying out a broad range of disruptive activities, it is reasonable to conclude that hackers will consider the aviation sector as one of their targets. Also, because of lower risk, cyber terrorism is replacing the bomber and hijacker and becoming the weapon of choice when it comes to attacks against the aviation industry

Preventing insider attacks requires a phased approach that involves all departments, says PwC (FierceITSecurity) While much of the media coverage about data breaches focus on attacks by outside elements, many of the less publicized cases of data theft results from malicious insider actions

How better log monitoring can prevent data breaches (CIO via CSO) Recent high-profile data breaches reaffirm that the threat from data thieves is both persistent and pervasive. Could better log monitoring mitigate or even prevent these types of security catastrophes?

11 Ways To Track Your Moves When Using a Web Browser (Internet Storm Center) There are a number of different use cases to track users as they use a particular web site. Some of them are more "sinister" then others. For most web applications, some form of session tracking is required to maintain the user's state. This is typically easily done using well configured cookies (and not the scope of this article). Session are meant to be ephemeral and will not persist for long

OpenSSH Three factor Authentication using Google Authenticator and Public Key authentication (Ethical Hacking) I use Google Authenticator on all of my Google account because it's a nice, efficient way to do multi-factor authentication for the great price of free-ninety-nine. I wanted to use it on one of my servers, but I wanted to be extra secure and use not only TOTP, but password based and RSA key authentication as well. All of the documentation I could find on doing so with OpenSSH was only on doing Google Authenticator's TOTP and password based authentication. Thankfully, this is possible since OpenSSH 6.2 introduced the Authentication Methods argument

Social threat intelligence: will Facebook's Threat Exchange have an impact? (Information Age) Organisations can go about obtaining real-time threat intelligence through social media honeynets and honeypots

HP: Threat intelligence sources need vetting, regression testing (TechTarget) According to HP Security Research, threat intelligence best practices can be difficult to implement, and even the most trustworthy sources must be tested for fidelity

Symantec's CyberWar Games are coming to a computer screen near you (Silicon Valley Business Journal) A disgruntled research scientist posing a serious threat to trials of a new cold drug at a hospital by her pharmaceuticals-company employer doesn't sound out of the realm of reality these days, after recent large-scale hacks like the one that hit Sony Pictures Entertainment

Northrop Grumman CFO's Job: Attack the Hackers (CFO) Like other companies, Northrop Grumman is focusing on what to do after an attack, because you just can't prevent them all

Research and Development

Dusting for Cyber Fingerprints: Coding Style Identifies Anonymous Programmers (Forensic Magazine) A team of computer scientists, led by researchers from Drexel University's College of Computing & Informatics, have devised as way to lift the veil of anonymity protecting cyber criminals by turning their malicious code against them. Their method uses a parsing program to break down lines of code, like an English teacher diagramming a sentence, and then another program captures distinctive patterns that can be used to identify its author

Academia

Scots students welcome cyber-security chiefs (Herald Scotland) Cyber-security experts from the intelligence services are to attend a conference organised by Scottish students

Legislation, Policy, and Regulation

Govt to launch Internet safety programme with Google; wants to create cyber-threat awareness (Tech 2) Government will launch Internet safety programme in partnership with Google in order to create awareness among users regarding cyber-threats

Cisco, Apple, Citrix products no longer welcome on Chinese government systems (Help Net Security) A slew of US tech companies have been dropped from China's Ministry of Finance's approved government procurement list, including Apple, McAfee, Citrix Systems and Cisco Systems

Ensuring the New CTIIC is a Success (FedBizBeat) The recent news about formation of the Cyber Threat Intelligence Integration Center (CTIIC), which, according to a DoD News report, will analyze and integrate information already collected under existing authorities, piqued our interest. So much so, we wanted to speak with Keith Rhodes to get his take on it

Administration's cyber sharing proposal a 'policy puzzle,' not a panacea (Federal News Radio) In its latest legislative proposal on cybersecurity, the White House is advocating for liability protections for companies who agree to share cyber threat information with the government and with one another. But Department of Homeland Security officials freely acknowledged Wednesday that legal immunity will not, by itself, open the floodgates to the privately-held threat information DHS thinks it needs to help defend the country from cyber attacks

GOP chairman: White House not supporting Intel cyber bill (The Hill) Lack of White House support for the draft of a Senate Intelligence Committee bill to enhance cybersecurity information-sharing may be delaying the measure, which was expected to be released this week

The Snowdenites Are Winning (Slate) Opponents of surveillance have gained the upper hand. And like gun-rights activists, they don't need a majority to keep it

Here's 140 Fully-Redacted Pages Explaining How Much Snowden's Leaks Have Harmed The Nation's Security (TechDirt) If the US intelligence committee is concerned about the status of "hearts and minds" in its ongoing NSA v. Snowden battle, it won't be winning anyone over with its latest response to a FOIA request

In Twist, House to Vote on Stopgap DHS Bill (Defense News) House Republican leaders will bring a stopgap funding bill to the floor Friday that would fund the Department of Homeland Security for three weeks, buying time for a possible resolution on controversial immigration provisions

Say hello to net neutrality — FCC votes to "protect the open internet" (Naked Security) The FCC, courtesy of Shutterstock and Mark Van ScyocThe US Federal Communications Commission (FCC) has decided: it's bowed down to the 4 million voices who've joined in the net neutrality battle, ruling that broadband should be treated as a public utility, like water flowing from our taps or electricity to our lights, free of blocking, throttling or paid prioritization for those willing to pay more, and also thereby subject to greater government regulation

Republicans not giving up on net neutrality (The Hill) Congressional Republicans are continuing to push full steam ahead with plans to stop federal regulators' "power grab of the Internet," according to a top senator

Litigation, Investigation, and Law Enforcement

Insurance firm Staysure fined £175,000 for 'unbelievable' credit card hack (Computerworld UK via CSO) ICO report uncovered chaotic security

Europol takedown of Ramnit botnet frees 3.2 million PCs from cybercriminals' grasp (Naked Security) Europol's European Cybercrime Centre (EC3) has announced a victory in the never-ending battle against cybercrime

Ransomware Looming as Major Long-Term Threat (Threatpost) On May 30, 2014, law enforcement officials from the FBI and Europol seized a series of servers that were being used to help operate the GameOver Zeus botnet, an especially pernicious and troublesome piece of malware. The authorities also began an international manhunt for a Russian man they said was connected to operating the botnet, but the most significant piece of the operation was a side effect: the disruption of the infrastructure used to distribute the CryptoLocker ransomware

Marriage of ransomware and bitcoins is no honeymoon for targeted firms (FierceITSecurity) The rising popularity of the malware known as ransomware is targeting small- to mid-sized businesses and organizations who lack sophisticated enterprise security infrastructures

Controversy over 2006 Ernst & Young breach continues (Office of Inadequate Security) In September, I reported a case in Canada involving Mark Morris, a man who purchased decommissioned hardware from Ernst & Young in 2006 that he claimed had not been properly wiped. Morris had been employed by Synergy Partners, a firm Ernst & Young bought in 2003. He had purchased at least two servers and dozens of devices in 2006, but it wasn't until March 2014, when he booted one of the servers, that he discovered that it contained personal information that had not been wiped

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

28th Annual FISSEA Expo (Gaithersburg, Maryland, USA, March 25, 2015) This year's theme is "Changes, Challenges, and Collaborations: Effective Cybersecurity Training." Through numerous high quality sessions, over 100 attendees will learn new ways to improve their IT security...

QuBit 2015 Cybersecurity Conference (Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which...

Upcoming Events

10th Annual ICS Security Summit (Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools...

NEDForum: Cyber Network Exploitation and Defence: "Darknet & the Primordial Soup of Cyber Crime" (Edinburgh, Scotland, UK, February 27, 2015) Speakers will cover such topics as: "Fear and loathing on Darknet," (Greg Jones, Managing Consultant, Digital Assurance), "Securing the internet of everything" (Rik Ferguson, Global Vice President Security...

2015 Cyber Risk Insights Conference — San Francisco (San Francisco, California, USA, March 3, 2015) Following on the success of the 2014 half-day cyber risk event, Advisen will present a full day of learning and networking for risk managers, CISOs, CROs, insurance brokers, insurance underwriters, reinsurers...

Cybergamut Technical Tuesday: Tor and the Deep Dark Web (Columbia, Maryland, Sioux Falls, March 3, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external...

Cybergamut Technical Tuesday: Tor and the Deep Dark Web (Columbia, Maryland, Sioux Falls, March 3, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external...

Boston SecureWorld (Boston, Massachusetts, USA, March 4 - 5, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

Mercury Proposers' Day Conference (IARPA1, Washington, DC, March 5, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Mercury Program on March 5, in anticipation of the release of a new solicitation in support of...

Financial Services Cyber Security Summit: Middle East and North Africa (Dubai, UAE, March 9 - 10, 2015) Building on the success and feedback of our Cyber Security Summit in Europe — 180 attendees, 3 streams, CPE certified — we are pleased to invite you to the Financial Services Cyber Security...

The Vulnerability Economy: Zero-Days, Commerce and National Security (Rockville, Maryland, USA, March 10, 2015) Dr. Ryan Ellis (Belfer Center, Harvard University) will explore a series of topics around cybersecurity including the challenges and opportunities associated with the growing trade in previously unknown...

Cyber Security Opportunities in Japan, S. Korea and Taiwan Webinar (Online, March 10, 2015) Export.gov, of the US Department of Commerce, invites you to listen to experts from the Japan, South Korea and Taiwan and learn how to position your company for success in these countries. Learn about...

OISC: Ohio Information Security Conference (Dayton, Ohio, USA, March 11, 2015) Technology First invites you to participate in the 12th Annual Ohio Information Security Conference Wednesday, March 11, at the Sinclair Community College Ponitz Center in Dayton, Ohio. The conference...

RiSK Conference 2015 (Lasko, Slovenia, March 11 - 12, 2015) In recent years RISK conference has become one of the leading events on computer security in the Adriatic region and is attended by engineering as well as executive staff of companies from the region.

B-Sides Vancouver (Vaqncouver, British Columbia, Canada, March 16 - 17, 2015) The third annual Security B-Sides Vancouver is an information security conference that will be held March 16th and 17th. We love to see brand new speakers, seasoned speakers, and everyone in between

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.