skip navigation

More signal. Less noise.

Daily briefing.

CyberBerkut is back. The Putinist hackers claim to have disrupted a number of German government Websites in retaliation for Germany's support of Ukraine against the Russian campaign to re-engorge it.

ISIS sympathizers of the "CyberCaliphate" go after another US small media market, this time in Albuquerque.

Sony hack skeptics still aren't buying the FBI's insistence (based partially on clues left by "sloppy" attackers) that North Korea did it. Some think they see evidence of a "second attack" in spearphishing emails originating from British and Turkish ISPs, but other observers regard such levels of spearphishing as just the normal cost of doing business in cyberspace. A North Korean defector (supporting one tendency of US Government analysis of the case) claims DPRK hackers operate from a front in Shenyang. Other observers wonder why Sony seems to be a perennial hacking target: some trace it to the company's attempts, between 2005 and 2007, to install a copy protection rootkit in music CDs.

Pastebin has long been a place to dump stolen data. It's now being used to distribute backdoors.

Georgia Tech researchers are working on ways to parry side-channel attacks.

As the Morgan Stanley breach investigation unfolds, analysts warn, again, of the insider threat. The disaffected may become malicious; they're even likelier to become careless.

Electronic Arts appears to have been hacked.

In the US Defense Department, both DISA and Cyber Command are shopping for industry help with cyber security.

Kevin Mitnick is now selling zero-days (but only to good guys, he says).

Notes.

Today's issue includes events affecting Belgium, Canada, China, European Union, Germany, India, Iraq, Democratic Peoples Republic of Korea, Russia, Syria, Thailand, Turkey, Ukraine, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Pro-Russian group claims cyber attack on German government websites (Reuters) German government websites, including Chancellor Angela Merkel's page, were hacked on Wednesday in an attack claimed by a group demanding Berlin end support for the Ukrainian government, shortly before their leaders were to meet

ISIS hacker hacks Twitter accounts of US local TV station, Albuquerque Journal (HackRead) A hacker supporting the ISIS or ISIL terrorist group has hacked the official Twitter account and website of WBOC-TV, a Salisbury-based television station. The same hacker managed to hack Albuquerque Journal's Twitter page with posts and photos supporting ISIS fighters and threatening Albuquerque citizens

Was Sony Hit With a Second Hack? (Daily Beast) The FBI director on Wednesday revealed previously classified intelligence that he says shows North Korea is to blame for the massive data breach, but other hackers from different countries may have tried as well

FBI reiterates claims North Korea is behind Sony cyber attack (ComputerWeekly) The FBI says it is confident North Korea is behind the recent cyber attack on Sony Entertainment Pictures, despite the fact that attribution of such attacks is extremely difficult

North Korean defector: 'Bureau 121' hackers operating in China (CNN) On the streets of the neon-lit Chinese city of Shenyang, you'll find a restaurant, hotel, and other businesses owned and operated by the North Korean government

Why do hackers keep targeting Sony? (Fortune) For more than 3 1/2 years, hackers have been targeting Sony. But why?

Backdoors Found Leveraging Pastebin (Threatpost) The cut and paste website Pastebin is perhaps best known as a conduit for attackers to share database dumps, stolen data and other code, but now hackers have begun leveraging the site for their actual attacks

Experimental Malware Shows Threat Posed by OS X Firmware Bootkits (SecurityWeek) Highly persistent Mac OS X firmware bootkits can be installed on Apple computers, giving attackers full control of the device, a researcher has warned

Researchers Work to Counter a New Class of Coffee Shop Hackers (Newswise) If you're sitting in a coffee shop, tapping away on your laptop, feeling safe from hackers because you didn't connect to the shop's wifi, think again. The bad guys may be able to see what you're doing just by analyzing the low-power electronic signals your laptop emits even when it's not connected to the Internet

Dridex Banking Malware Abuses Microsoft Office Macros to Infect Users (eWeek) The attacks, largely against users in the United Kingdom, are leveraging macros in Microsoft Office documents to infect users

Assessing the Risk of POODLE (Internet Storm Center) One of the biggest security announcements in the last year was definitely the POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability, which marked the real end of SSLv3. In a contrast with many other previously identified vulnerabilities in encryption algorithms used by SSLv3, this vulnerability is viable, and can be exploited by an attacker without jumping over too many obstacles or requiring large resources — the POODLE vulnerability is real

Several Electronic Arts Origin accounts may have been hacked (HackRead) The gamers at Electronic Arts are finding purchases they didn't make on their accounts. This news comes in right after the Lizard Squad hackers attacked and brought to a stop the PSN and Xbox live services while the H4lt squad leaked the Xbox One SDK online, allowing the development of Homebrew Apps to be run on the gaming console

Immobilise national property register left 28 million doors wide open for burglars to plunder data (Graham Cluley) At the end of last week I was contacted privately by security consultant Paul Moore, who had stumbled across a glaring privacy hole on a site which really should have known how to lock up its valuables better

Unsettling Truths, Unanswered Questions in Morgan Stanley Breach (American Banker) The leak of client records at Morgan Stanley illustrates the danger posed when just one employee has unauthorized or unsecured access to sensitive information, as well as the ongoing threat to financial institutions from insider theft

The biggest cyberthreat to companies could come from the inside (CNET) A recent attack against Morgan Stanley that exposed hundreds of thousands of customer accounts was an inside job, a threat experts say is nearly impossible to stop

Your Best Asset? An empowered and aware workforce (CSO) I would offer that, in our ardor to discover yet another algorithm or create yet another complex software suite to counter the malicious insider or, almost as dangerous, the persistent state-sponsored threat, we are missing the best, and ironically the least-expensive method to mitigate these threats

Six Social Engineering tricks that can be avoided if you're careful (CSO) Social Engineers work on multiple levels. The key to their success is to target human nature and emotion

Social Engineering: How Dangerous is Your Lunch Break? (Tripwire: the State of Security) Ever heard the phrase "Loose lips sink ships?"

Phish Allergy — Recognizing Phishing Messages (We Live Security) This an updated and expanded version of advice that I've given many times in blog articles, white papers and conference papers. I'm not resurrecting it with reference to any particular phish (though I'm seeing an interesting selection of Apple-ID-targeting phishing mails at the moment), but because in the course of a conversation I had on a social media site, I promised to generate an update: sadly, there's a continuing need for (hopefully) reliable advice on phishing

A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever (Wired) Amid all the noise the Sony hack generated over the holidays, a far more troubling cyber attack was largely lost in the chaos. Unless you follow security news closely, you likely missed it

Addressing Escalation: When Hackers Get Destructive (Security Magazine) Ask most corporate executives to define cybersecurity and their initial thoughts turn to data privacy. That's for good reason. Companies are bleeding corporate trade secrets and personally identifiable information at such an alarming rate that confidentiality issues and related compliance concerns can't help but dominate the cybersecurity agenda. Yet, ask cybersecurity professionals what keeps them up at night, and the topic invariably turns to data deletion, tampering with control systems, and the potential to cause physical harm over the Internet

8 smart devices at risk (CSO) The explosion of "smart" devices is bringing unprecedented convenience to consumers. But, as is the case with anything connected to the Internet, it also brings risks

One coach's nightmare — sending his wank video to female players (Ars Technica) Don't misclick your private pics

Security Patches, Mitigations, and Software Updates

Microsoft's patch hangover: KB 3008923, 2553154, 2726958, 3004394, 3011970 (InfoWorld) Microsoft elves applied a few band-aids, but a slew of December Black Tuesday patches didn't get fixed over the holidays

Cyber Trends

Piper Jaffray: Security Again the Top CIO Spending Priority (Wall Street Journal) Cybersecurity is rising ever higher on the list of top priorities for CIOs. In a survey of 112 CIOs by brokerage firm Piper Jaffray, 75% of respondents said they expect to increase security spending in 2015. That compares with 59% who expected an increase in last year's survey. "CIOs clearly have heightened concerns from the many security breaches that occurred in 2014, resulting in an inflection in overall security spending," the report says. It's the second year in a row that security has taken the top spot

9 Enterprise Security Trends for 2015 (eSecurity Planet) Hackers find new twists for some of their favorite tools, like malware and DDoS, which means organizations need to get even more serious about security in 2015

Security trends 2015 predictions round-up (ITProPortal) Over the past couple of months, my inbox has filled up with predictions from vendors, analysts and security thinkers on what they think will create havoc or solve our problems in 2015

Why Healthcare Security Needs a New Approach to Malware (HealthITSecurity) Healthcare security must be able to keep pace with the evolution of how healthcare data is used. For example, healthcare data is more valuable than ever, accounting for more than 43 percent of major data breaches, according to the Identity Theft Research Center 2013 report

'Lax Information Security Could Prove Dangerous' (New Indian Express) Possessing a secure cryptography and information security set-up is imperative for the security of a country or organisation, Turing Award winner Prof Silvio Micali said on Tuesday

Thailand's top-three cyber-threats identified (The Nation) The top three cyber-threats in Thailand this year will be online-banking malware, malware on mobile devices, and attacks on open-source vulnerabilities, according to Trend Micro

The Hacker's Manifesto turns 29 years-old (CSO) Nearly three decades later, hackers have gone from criminals to heroes in the public eye

Marketplace

DISA seeks scalable, innovative security for systems, devices across Defense Department (FierceGovernmentIT) The Defense Department's information technology agency is seeking information about next-generation security capabilities that would protect complex systems — including desktops, mobile devices, servers and public and private cloud computing technology — against advanced persistent threats

Cyber Command turns to industry for solutions (FCW) WHAT: The Defense Information Systems Agency has issued a draft RFP for a contractor to help "streamline" U.S. Cyber Command's "acquisition of cyber-related services" and to provide the command with a range of cyber-related products and services

Wynyard wins $3.2m national security bureau security contract (Computerworld) Wynyard Group has secured a contract with an international partner to help a leading national security bureau fight organised crime and counter terrorism

CyberArk (CYBR), Tableau (DATA) Crush Earnings Estimates (Cabot Investing Advice) CyberArk Software (CYBR) and Tableau Software (DATA) are topping earnings estimates by a wide margin. With growth much faster than anticipated, investors often ratchet up earnings expectations — and hence the stock, Investor's Business Daily reported

FireEye (FEYE) Stock Getting a Lift Today After Being Named a 'Top Security Pick' (The Street) Shares of FireEye (FEYE) are getting a lift, higher by 2.65% to $30.57 in midday trading on Wednesday, after analysts at Bank of America/Merrill Lynch named the company a "top security pick" for 2015

BlackBerry aims for relevancy with new IoT platform (FierceCIO) The platform builds on BlackBerry's core technologies but potential customers might find it limiting

Goodguy Hacker Selling Bad Guy hacks (Finextra) Makes you wonder what these guys would have accomplished had they been born during the Renaissance…case in point: Kevin Mitnick, whose genius was so impressive as a cyber criminal (he hacked into IBM, Motorola, Sun Microsystems and other big-name outfits), that after serving prison time, he was hired as a good guy to help security teams develop penetration-proof systems

Raytheon Company Announces Executive Appointments (PRNewswire via the Providence Journal) Raytheon Company Chairman and CEO Thomas A. Kennedy announced today the appointment of David C. Wajsgras as President, Raytheon Intelligence, Information and Services (IIS) business, succeeding Lynn A. Dugle, who has announced plans to retire from the company. Additionally, Kennedy has appointed Anthony F. "Toby" O'Brien vice president and Chief Financial Officer, succeeding Wajsgras. The new appointments are effective March 2, 2015

Key Hill cyber staffer heads to K Street (The Hill) A top cybersecurity congressional staffer is headed to K Street

Products, Services, and Solutions

CES 2015: 8 Innovative Security Products (Dark Reading) The explosion in smart technologies that connect everyday objects to the internet is transforming both home and personal security

Verizon warns enterprise cloud users of 48-hour shutdown (IT World) 'Insanely stupid' down time hurts Verizon in rivalry with Amazon, IBM and Microsoft, says analyst

FireEye Threat Analytics Platform Integrated With NXLog to Increase Security Visibility Across the Enterprise (MarketWatch) FireEye, Inc. FEYE, +1.33% the leader in stopping today's advanced cyber attacks, today announced an integration of the FireEye® Threat Analytics Platform™ (TAP™) with NXLog. The integration enables security teams to feed NXLog network event log data into FireEye TAP and arm organizations with information needed to identify cyber attacks and investigate breaches

5 signs The Pirate Bay could become the flagship for an open file-sharing network (Venture Beat) In the file-sharing world, The Pirate Bay — a search engine for finding files you can download for free with BitTorrent — has long been a major player, but it's gone through a huge amount of upheaval in the past two months

Intel's "Compute Stick" is a full Windows or Linux PC in an HDMI dongle (Ars Technica) Atom-powered stick comes with Windows for $149 or Linux for $89

Technologies, Techniques, and Standards

As cyber attacks swell, a move toward improved industry collaboration (Fortune) Operation SMN is one way that companies are mimicking the intensely collaborative operations of criminal cyber organizations to fight back against attacks

Call On Threat Intelligence To Secure Your Organization (Manufacturing Business Technology) You may wish you had a crystal ball to see what cyber threats are headed your way, but there's something far more reliable. Threat intelligence provides you with true evidence of current-day threats that have already been spotted hitting organizations like yours, giving you time to prepare your defenses and block oncoming attacks

Why patch management is ALSO REQUIRED in ICS infrastructure (Internet Storm Center) Security patch management is a delicate issue in critical infrastructure. This is caused for the specific configuration, operating system version and related software required by the ICS platform. Most support contracts states that any modification outside the parameters stated by the manufacturer will void the relation and release manufacturer and seller from any responsibility about malfunction and any consequence on the industrial process

Authentication is a Two Way Street! (Safe and Savvy: F-Secure) In computer security, we throw around the word authentication all the time. It means a process or mechanism that is used to prove that you are you, (or that someone else or something else proves to you that they are they). Imagine yourself in a wartime encampment. Someone approaches the sentry and the sentry calls out "Flash" The approaching soldier replies, "Thunder". This is a classic sign and countersign password set from World War II

Using Free Tools To Detect Attacks On ICS/SCADA Networks (Dark Reading) ICS/SCADA experts say open-source network security monitoring software is a simple and cheap way to catch hackers targeting plant operations

The Relationship Between Regulation and Corporate Culture (Willis Wire) The Financial Conduct Authority (FCA), formerly the Financial Services Authority, holds an Enforcement Conference every two years. The latest one, last month, was the first one under the new FCA regime. The content of the conference was pretty much as expected

Librarians tackle data privacy, data tracking and free expression issues with 3D printers (FierceBigData) 3D printers are disrupting manufacturing as we know it. Chief among the changes being wrought is the democratization of manufacturing, the advent of which will shift the manufacturing industry from making and shifting goods to producing and delivering production codes for 3D printers in offices, stores, homes, and, yes, even in libraries

Progress in the Making (ALA: OITP Perspectives) 3D printing policy considerations through the library lens

SEC Announces Program to Facilitate Analysis of Corporate Financial Data (Securities and Exchange Commission) The Securities and Exchange Commission today announced the launch of a pilot program to facilitate investor analysis and comparisons of public company financial statement data

Top 3 reasons businesses should prioritize web security (Help Net Security) 2014 was a year of high-profile hacks for businesses around the world. From The Home Depot breach to the recent Sony data leak, it seemed like as soon as one data breach was under control, another one came to light

It's Time to Treat Your Cyber Strategy Like a Business (Dark Reading) How do we win against cybercrime? Take a cue from renowned former GE chief exec Jack Welch and start with a clearly-defined mission

A Packet a Day: ICMPv6 Type 1 Code 5 (Internet Storm Center) One of the exercises I keep recommending is to take 5 minutes of traffic form your own network (any network...), and try to explain each packet. Being an "eat your own dogfood" kind of guy, I try to do this myself every so often, and yesterday, after setting up a new IPv6 connection, I came across this neat packet

Academia

UCF's Cyber Defense Team Takes Top National Prize (Space Coast Daily) UCF's Cyber Defense Team has started the new year by taking top honors in the Collegiate Cybersecurity Championship Cup competition on Jan. 6

Trend Micro Supports Cybersecurity Curriculum with Educational Grant (PRNewswire) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in security software, has announced a $10,000 donation to the Mission College Center for Innovation and Technology (MC²IT). The grant will provide resources and expertise to advise and help enhance cybersecurity course curriculum. As the security and privacy industry continues to expand and evolve, Trend Micro is committed to encouraging students to enter the cybersecurity field while empowering them with the core competency to do so

Researchers teach security master class at Oregon State (SC Magazine) Over the next 10 weeks, analysts at McAfee Labs will teach a master class on cyber security at Oregon State University, which will cover everything from malware research, to mobile threats, incident response, and other topics

Santa Cruz libraries host cyber 'hygiene' classes (Santa Cruz Sentinel) With the nation's consciousness raised about cyber crime after North Korea's attack on Sony Pictures, the Santa Cruz Public Libraries is partnering with law enforcement and education agencies to encourage residents to better protect themselves online

Legislation, Policy, and Regulation

The Glamour of Islamic State (Bloomberg View) The Pentagon is trying to figure out why Islamic State has been so successful at attracting followers. "What makes I.S. so magnetic, inspirational?" Major General Michael Nagata, who commands U.S. special operations forces in the Middle East, asked a conference call of outside experts examining the question

North Korea's cyber-gap (Al Jazeera) North Korea's survival depends on keeping internet access limited to the privileged few

Re-Designating North Korea as a State Sponsor of Terrorism Would Only Make Matters Worse (New Republic) As the 114th Congress meets for the first time Tuesday, the Sony hack that dominated the holiday news cycle is fresh for political posturing. On Friday, the White House announced a new round of sanctions on North Korea, but Senator Robert Menendez is demanding a stronger response. He has repeatedly called for the State Department to add the Hermit Kingdom to the list of four states that sponsor terrorism

China police inadvertently admit to buying malware to spy on citizens (Washington Post) Don't click on links sent by strangers, the police in one Chinese district warned last year, because malware known as Trojan horses use all sort of tricks to burrow into people's phones and computers

Chinese city spends $24,000 on phone hacking software: Report (Economic Times) A Chinese city will spend $24,000 on Trojan horse computer software for monitoring mobile phones, state media reported Thursday, after a notice announcing the move inexplicably appeared on a local website

EU lawmaker warns of data protection rules delay till 2016 (EurActiv) With serious differences remaining between the European Parliament and the 28 member states, doubts remain over whether the EU's new Data Protection Regulation (DPR) can be agreed before the end of the year, the Parliament's rapporteur warned yesterday (7 January)

What Would a Cyber Attack on the UK be Like? (Forces TV) More than a dozen countries are now thought to be capable of mounting major cyber attacks

US leadership in the global Internet debate at risk, says former NSC cyber director (FierceGovernmentIT) While there's been a common perception that the United States has an outsized influence on Internet governance, many now want to see that change in light of ongoing leaks about widespread U.S. spying programs, according to a new paper

Connected Choices: How the Internet Is Challenging Sovereign Decisions (American Foreign Policy Interests) Modern societies are in the middle of a strategic, multidimensional competition for money, power, and control over all aspects of the Internet and the Internet economy. This article discusses the increasing pace of discord and the competing interests that are unfolding in the current debate concerning the control and governance of the Internet and its infrastructure

VPN Services Consider Leaving Canada to Protect Customer Privacy (TorrentFreak) Last week Canada enacted an amendment to its copyright law which requires Internet services to retain access logs of customers in order to process piracy notices. This mandatory data retention puts the privacy of VPN users at risk, and as a result Canadian providers are considering pulling out of the country

Air Force evolves its cybersecurity as JIE comes into focus (Federal News Radio) The Air Force is moving beyond requiring airmen to use smart identification cards to log onto its computer network. The service now is making its network security even stronger

Litigation, Investigation, and Law Enforcement

FBI Director: Sony's 'Sloppy' North Korean Hackers Revealed Their IP Addresses (Wired) The Obama administration has been tightlipped about its controversial naming of the North Korean government as the definitive source of the hack that eviscerated Sony Pictures Entertainment late last year. But FBI director James Comey is standing by the bureau's conclusion, and has offered up a few tiny breadcrumbs of the evidence that led to it. Those crumbs include the claim that Sony hackers sometimes failed to use the proxy servers that masked the origin of their attack, revealing IP addresses that the FBI says were used exclusively by North Korea

FBI Director to Detail Sony Hack Investigation (The Intercept) In the run-up to what some expect to be significant news from the FBI director on the Sony cyber attack investigation, authorities continue to probe a series of threats directed at media organizations, according to law enforcement sources

Ex-Microsoft Bug Bounty dev forced to decrypt laptop for Paris airport official (Register) Airside Clouseau in search of something, anything

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

AppSec California (Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get...

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service...

Upcoming Events

Cybersecurity World Conference (New York, New York, USA, January 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting...

U.S. Commercial Service Market Briefings on Europe's Cyber Security & IT Market (Washington, DC, USA, January 12, 2015) Join the U.S. Commercial Service Market Briefings on Europe's Cyber Security & IT Market. The value of the global cyber security market is expected to grow by 11.3% each year, reaching $120 billion by...

FloCon 2015 (Portland, Oregon, USA, January 12 - 15, 2015) FloCon is an open network security conference organized by Carnegie Mellon University

National Cybersecurity Center Of Excellence (NCCOE) Speaker Series: Security In A Cyber World (Rockville, Maryland, USA, January 14, 2015) The National Cybersecurity Center of Excellence (NCCoE) Speaker Series showcases global thought-leaders to highlight critical cybersecurity issues of national importance. The keynote speaker will be Chris...

California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...

FIC 2015 (Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...

IARPA Proposers' Day for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program (Washington, DC, metropolitan area, January 21, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program on January 21, 2015,...

4th Annual Human Cyber Forensics Conference: Exploring the Human Element for Cloud Forensics (Washington, DC, USA, January 21 - 22, 2015) The Human Cyber Forensics Conference addresses the human element of cyber. Presentations will look at the tradecraft and efforts required to identify, understand, navigate, and possibly influence human...

Cyber Security for Critical Assets: Chemical, Energy, Oil, and Gas Industries (Houston, Texas, USA, January 27 - 28, 2015) Cyber Security for Critical Assets Summit will connect Corporate Security professionals with Process Control professionals and serve to provide a unique networking platform bringing together top executives...

Data Privacy Day San Diego — The Future of IoT and Privacy (San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.