US authorities warn that the Guardians of Peace may be expected to hit a media site soon (the Daily News says one of the prospective targets is thought to be CNN). The DPRK's General Bureau of Reconnaissance still figures in speculation about attribution of the Sony hack.
Lizard Squad's Christmas Eve attacks on the Xbox and PlayStation networks appear to have been a denial-of-service-as-service marketing stunt. (They've thereby attracted the ire of their playground rivals in Anonymous. Anonymous disapproves of the hack; Lizard Squad tells Anonymous to "do something" about it.) Among Lizard Squad's offerings is a reconnaissance and attack tool, "Lizard Stresser," designed to probe networks for susceptibility to DDoS, then to shut the vulnerable down. The tool's veneer of legitimacy as a white-hat testing tool will deceive few, but it was priced at between $6 and $500 per attack (payable in Bitcoin).
Lizard Stresser appears to have disappeared from the markets, at least for now, and police in Britain and Finland have arrested two Lizard Squad skids for their role in the Christmas Eve attacks. Both, demonstrating again that "criminal genius" is an oxymoron, had appeared on television as "experts" commenting on the attacks.
Security companies warn that attacks increasingly harness legitimate processes to enhance the effects of malware. The phenomenon isn't new (Cyactive calls it the "Luke Skywalker effect") but its growing prevalence is.
Enterprises are urged to look to risk management, not hermetically sealed networks, as they counter 2015's threats.
The New York Times advocates cyber-deterrence.
Today's issue includes events affecting Finland, Iraq, Democratic Peoples Republic of Korea, Republic of Korea, New Zealand, Syria, United Kingdom, United States of America.
N.Korea Fingered in Email Threats to Sony(Chosun Ilbo) The North Korean Army's General Bureau of Reconnaissance has been fingered in a spate of threatening emails to Sony Pictures Entertainment, according to Kyodo News on Thursday
Why Microsoft And Sony Couldn't Stop Lizard Squad Attack Despite Warnings(International Business Times) Sony and Microsoft saw their online gaming networks, PSN and Xbox Live, toppled over the holidays by hackers who used a relatively simple attack to jam up the sites. The technique, known as DDoS, is so straightforward that it begs the question why two of the world's most sophisticated entertainment and computing giants were not better prepared to defend themselves
Lizard Squad to Peddle Hacking Services for Small Fee(TechTimes) Lizard Squad is now offering potential customers its hacking services which the group has started promoting through a new website. The hacking group was the one responsible for the Christmas Day cyber attacks on Microsoft's Xbox systems and Sony's PlayStation
XBox and PSN attacks were "marketing scheme" for Lizard Squad's DDoS service(WeLiveSecurity) The attack which "stole Christmas" for millions of video games players by knocking offline the PlayStation Network (PSN) and Xbox Live appears to have been a publicity stunt, designed to gain notoriety and draw attention to the hacking group which has claimed responsibility — Lizard Squad
Lizard Kids: A Long Trail of Fail(KrebsOnSecurity) The Lizard Squad, a band of young hooligans that recently became Internet famous for launching crippling distributed denial-of-service (DDoS) attacks against the largest online gaming networks, is now advertising own Lizard-branded DDoS-for-hire service. Read on for a decidedly different take on this offering than what's being portrayed in the mainstream media
The Luke Skywalker Effect — When your Antivirus serves the dark side(Cyactive) With the end of 2014, we would like to note a growing phenomenon in malware development — the use of legitimate processes and applications on a victim's computer as tools to serve the malicious purpose of malware. This is not a new concept, as techniques such as API hooking are fundamentally similar, hijacking basic API processes in order to send the malicious payload different information about the computer. Yet, as this article by Jai Vijayan in Dark Reading notes, the phenomenon is growing, and malware are using not only processes, but entire applications, including apps developed for cyber-security, such as AV software and administrator control tools
In the Wake of Cyber Breaches, How Secure Are U.S. Energy Companies?(Texas Lawyer) NSA Director Admiral Michael Rogers has referred to the energy sector as the United States' "Achilles heel." In 2012, former Defense Secretary Leon Panetta warned of an advancing "cyber-Pearl Harbor." A 2012 Mandiant survey revealed that the energy industry (including oil and gas) ranks second in industries most likely to suffer a cyberattack. In 2013, for the first time in the history of Ernst & Young's survey of energy executives, cybersecurity made the top 10 list of industry concerns
ISIS threatening, hacking into more than U.S. news sites?(OneNewsNow) Accustomed to the world's most formidable terrorist group, ISIS, making headlines overseas for its wrath in the Middle East, Europe and Africa, many Americans were shocked to see the militant Islamic organization force its way into their living rooms last week through their computer screens and electronic devices with the chilling message: "We are already here"
Seven Things to Watch for in 2015(Threatpost) P4ssw0rds got you down? POODLEs Bashing you over the head giving you Heartbleed? Well, bad puns aside, 2014 was a rough year and you can surely expect more of the same in 2015 — with a few new twists. Hackers will still chase credit card numbers and point-of-sale systems, but they've got their eye on health care data and you can bet on more commodity cybercrime tools showing up in APT attacks. Your best response? Encrypt everything, win with privacy — and for heaven's sake, stop shaming victims. Here's a look at seven things to watch in 2015
In the Aftermath of Sony Hack: What's the Real Cybercrime Geography?(The Hosting News) When Sony Pictures was the target of a recent cyber-attack, computer experts were quick to speculate that North Korea was behind the digital infiltration. Things happen quickly in the digital world and now many experts are doubting the original idea that North Korea walked around inside Sony servers in reprisal for the movie, "The Interview," which imagines an assassination attempt against North Korea?s chubby leader, Kim Jong Un
2014 Cyber Security News Was Dominated By The Sony Hack Scandal And Retail Data Breaches(Forbes) When looking back on the cyber security stories of 2014, there is one type of event that clearly stands out above all others: data breaches against major corporations, particularly retail operations. "While 2013 was a bad year for IT security, there's no disputing that 2014 was the worst," said Kevin Jones, senior IT security architect for Thycotic. "Whether it was insider threats, anonymous, or nation-state hackers, 2014 was a bad year for anyone whose job is to protect sensitive data from unsanctioned access"
2014 was the year hacking became the norm(Mahsable) Information security — or the lack thereof — was one of the biggest stories of 2014. From Heartbleed to Kmart to JPMorgan to Snapchat to iCloud to Sony Pictures to countless others, data breaches and software vulnerabilities made news nearly every single week
The top cyber risks for NZ in an interconnected world(CIO) New Zealand organisations lead in awareness of cybersecurity risks, and bringing these to the attention of the board, according to the 2015 Global Information Security Survey. But they need to scale up on key areas to keep constantly evolving cybersecurity threats at bay
Booz Allen Hamilton Holding Downgraded to "Neutra" at Zacks (BAH)(InterCooler) Booz Allen Hamilton Holding (NYSE:BAH) was downgraded by Zacks from an "outperform" rating to a "neutral" rating in a report released on Tuesday. They currently have a $29.90 target price on the stock. Zacks's price target would indicate a potential upside of 10.91% from the company's current price
Options Check-Up: Check Point Software, FireEye, LifeLock(Schaeffer's Daily Option Blog) Among the stocks attracting attention from options traders lately are cybersecurity specialists Check Point Software Technologies Ltd. (NASDAQ:CHKP), FireEye, Inc. (NASDAQ:FEYE), and LifeLock, Inc. (NYSE:LOCK). Below, we'll break down how option buyers are positioning themselves, and how much speculators are willing to pay for their bets on CHKP, FEYE, and LOCK
Growing European Issues Imperil U.S. Tech Business Models(SecurityWeek) Apple, Google, and Facebook are playing a game of high-stakes global brinksmanship around who has rights to control their data, which impacts their European growth prospects, business models, and ultimately stock valuations
The Difference Between Risk and Loss(WIllis WIre) Risk management has caused many people to substitute one four-letter word for another. They will use the word RISK when they should be saying LOSS. And there is a world of difference between the two. It is the difference between the gleam in eye of the loving newlyweds and the cry of the babe in the middle of the night. (Really dating myself there. That is one from a 1950′s movie)
This Cybersecurity Medicine Might Be Tough To Swallow(TechCrunch) Imagine you're the CEO of a thriving company and you've been horrified by the news of the Sony hack, the Target breach and the litany of security issues that have plagued big companies in recent years. You swear you're going to do whatever's necessary to make sure it won't happen to your company. But do you realize what that really means?
'Born at the Right Time': How Kid Hackers Became Cyberwarriors(NBC News) A few years ago, when Greg Martin was in his mid 20s and teaching a computer security course for NASA engineers, he stumbled on an arcane bit of information that stopped him cold: the original set of rules governing the Internet, created in September 1981, the month he was born
Legislation, Policy, and Regulation
Deterring Cyberattacks From North Korea(New York Times) The recent cyberattack on Sony Pictures, which the Obama administration said was committed by North Korea, shows how far the United States still has to go to deter such intrusions, despite warnings by officials and experts about cybersecurity dangers. Countless assaults on America's computer networks by China and other foreign governments, hackers and criminals have demonstrated the urgent need for safeguards
Sony Incident Sets Dangerous Precedent, Cyber Expert Fears(Voice of America) When cyber journalist and author Shane Harris heard that President Barack Obama was promising the United States would make a "proportional response" against North Korea over the recent hacks at Sony Pictures Entertainment, his first response was alarm
The noose tightens on Lizard Squad, as police apprehend suspects(Graham Cluley) The notorious Lizard Squad hacking gang who brought down the PlayStation Network and Xbox Live over the Christmas holiday, ostentatiously courted the media about their antics, and recently launched a DDoS service, may have bitten more than it can chew
Two alleged members of Lizard Squad arrested following Xbox Live/PSN Christmas attacks(PCWorld) Did you spend Christmas mildly annoyed because you bought a new console, only to find that Xbox Live/ PlayStation Network had been downed by a "nefarious" group known as Lizard Squad? Yes, I know it sounds like a bad episode of 24, but at least now you can revel in a bit of Schadenfreude: Two alleged members have been arrested this week
Police suspect fraud took most of Mt. Gox's missing bitcoins(IDG via CSO) Nearly all of the roughly US$370 million in bitcoin that disappeared in the February 2014 collapse of Mt. Gox probably vanished due to fraudulent transactions, with only 1 percent taken by hackers, according to a report in Japan's Yomiuri Shimbun newspaper, citing sources close to a Tokyo police probe
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cybersecurity World Conference(New York, New York, USA, January 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting...
California Cybersecurity Task Force Quarterly Meeting(Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...
FIC 2015(Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...
Data Privacy Day San Diego — The Future of IoT and Privacy(San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.