Someone claiming to support ISIS (they call themselves the "CyberCaliphate," with a handle and a natty checkered shemagh that earlier appeared on compromised sites in Salisbury, Maryland, and Albuquerque, New Mexico) yesterday hacked social media accounts belonging to US Central Command (CENTCOM — based in Tampa but responsible for military operations in the Middle East).
CENTCOM, embarrassed, calls it "cybervandalism" and stresses that no operational systems or networks were compromised. Documents the hackers published purporting to be classified weren't: they seem simply gleaned from elsewhere on the Internet. The FBI's investigating, as it is earlier CypherCaliphate coup-counting against small market media sites.
Observers doubt ISIS directed the incident, but the hack exemplifies how movements ebb and flow, gathering and shedding casual and committed adherents in social media. Other observers note lessons: reduce attack surfaces and use two-factor authentication.
If you like to track Kim Jong Un's doings on North Korea's official news site, caveat inquirer: it's a watering hole with malware droppers disguised as retro Flash updaters.
Dell SecureWorks reports finding "Skeleton Key," malware that bypasses Active Directory and evades IDS detection.
Android malware morphs to affect Kindle's Fire OS (an Android fork).
ZeroFox describes a new catphish: Olga Redmon, meet Robin Sage.
Long-standing worries about the Internet-of-things take concrete shape in keylogging USB-chargers, banking Trojans on SCADA networks, home routers compromised for DDoS, and dodgy infusion pumps.
Boeing exits commercial cyber, optioning Narus licenses and reverse engineers to Symantec.
The Charlie Hebdo massacres prompt authorities to call for more surveillance.
Today's issue includes events affecting Australia, Brazil, Canada, European Union, France, United Kingdom, United States.
Cyber Attacks, Threats, and Vulnerabilities
U.S. Central Command Twitter Feed Hacked(SIGNAL) The Twitter and YouTube accounts for the U.S. Central Command, the Defense Department branch responsible for operations in the Middle East and Afghanistan, were hacked Monday by sympathizers of the Islamic State militant group, prompting U.S. officials to suspend the accounts and launch yet another round of investigations into a cybersecurity breach
Pro-ISIS 'CyberCaliphate' Hacks CENTCOM Twitter, YouTube Accounts; Experts Weigh In(HS Today) Just about the same time that President Obama addressed the nation Monday regarding national cybersecurity efforts, the pro-ISIS hacker group called CyberCaliphate hacked the Twitter and YouTube accounts of the US Central Command (CENTCOM), and used the accounts to disseminate their propaganda and leak information on CENTCOM personnel and other documents
ISIS, al-Qaeda and Why It Doesn't Matter to Would-Be Jihadists(Defense One) A new narrative is emerging about the Jan 7 attack on the satirical magazine Charlie Hebdo — that it was spurred, at least in part, by a competition between two terrorist groups. The theory is that Al Qaeda instigated the attack, through its franchise in Yemen, in order to reclaim its position as terrorist top dog from the arrivistes known variously as ISIL, ISIS and the Islamic State
Corel DLL hijacking vulnerability could allow arbitrary command execution(Help Net Security) Corel has developed a wide range of products including graphics, photo, video and office software. When a file associated with the Corel software is opened, the directory of that document is first used to locate DLLs, which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document
Aggressive Riskware Installation on Amazon Kindle (and Android)(Fortinet Security Research) As malware continues to grow on Android (900K malicious samples and 1,300 new per day), we sometimes forget attacks can also affect other devices… like Amazon's Kindle. The Kindle indeed runs Fire OS, a fork of Android. Thus, in several cases, Android malware also work on Fire OS, and reciprocally. Proof below
How Hackers Crack Supposedly Secure and Private APIs(ProgrammableWeb) A Python console program called mitmproxy that is used to intercept and examine HTTP traffic has become a go-to tool for individuals looking to reverse engineer APIs thought to be private and secure when those APIs are called by a client-side Web or mobile application (for example, an iOS or Android app on a smartphone). This trend, along with the recent security vulnerabilities revealed within the Moonpig API authentication strategy, highlight a need for increased API security analysis
A CISO's Nightmare: Digital Social Engineering(SecurityWeek) Olga Redmon is an attractive young professional whose resume includes experience in customer service and Microsoft Office. Her LinkedIn profile boasts 500+ connections and dozens of endorsements, all of which come from Midwestern professionals in the automotive industry. Olga's profile picture depicts her in a tight black tank top and red lipstick
IoT: The Rise of the Machines(Internet Storm Center) Our houses and offices are more and more infested by electronic devices embedding a real computer with an operating system and storage. They are connected to network resources for remote management, statistics or data polling. This is called the "Internet of Things" or "IoT". My home network is hardened and any new (unknown) device connected to it receives an IP address from a specific range which has no connectivity with other hosts or the Internet but its packets are logged. The goal is to detect suspicious activity like data leaks or unexpected firmware updates. The last toy I bought yesterday is a Smart Plug from Supra-Electronics. This device allows you to control a power plug via your mobile device and calculate the energy consumption with nice stats. I had a very good opportunity to buy one for a very low price (25€). Let's see what's inside
Hospital device may be opening for hackers(Minneapolis Star-Tribune via the Columbus Dispatch) The humble infusion pump: It stands sentinel in the hospital room, injecting patients with measured doses of drugs and writing information to their electronic medical records
Ransomware-wielding crooks made over $217,000 in a single month(Help Net Security) Crypto-ransomware continues to be a very effective way for cyber crooks to "earn" serious money: the method is so lucrative that with a single campaign, the crooks have managed to get their hands on 810 BTC (over $217,000) in a month
2014 Cyber Attacks Statistics (Aggregated)(Hackmageddon) As I did exactly one year ago, I have consolidated all the stats collected during 2014 with the intention to provide an high level overview of the past year. Of course this data does not pretend be exhaustive, I'd rather prefer to define the charts as macro-indicators of the threat landscape and the corresponding trends, since the sources of the timelines (from which the stats are derived) are open and therefore only show cyber attacks that were discovered and gained space in the news
Don’t look back in anger(Help Net Security) At the end of the 2014, as at the end of many years before it, our mailboxes were filled with various vendors' security predictions for 2015. We saw them also in articles in industry magazines, and security gurus and experts presented their opinions on what they will be the biggest security trends for the new year in podcasts and webcasts
Identity management trends in 2015(Help Net Security) A new year is always an excellent time to look ahead. So, there's not much of a better time than now to look at some of the identity management trends expected for the year in front of us
Cyber attacks becoming more sophisticated, brazen(Economic Times) The recent cyber attack on Sony Pictures by North Korean hackers has again put the spotlight on the dangers stalking a world digitally connected like never before. Till now mainly restricted to personal computers and laptops, the threat will only get bigger with smartphones and tablets becoming devices of daily use
Four cyber security risks not to be taken for granted in 2015(Banking Technology) With Sony the latest victim of hacking, large organisations are witnessing yet again how data breaches cause serious damage, to the tune of millions. The prevalence of hacking in the media begs the question, what's in store for 2015? writes Ilia Kolochenko
US federal IT market plans increase in cyber security defence(Companies and Markets) Barrack Obama will reveal plans next week which will look towards improving the US federal IT market, specifically focusing on the US government's plans to improve cyber security and protect online identity theft. The increase in concern surrounding cyber security follows the cyber attack on Sony Pictures, which led to theft and leaking of confidential data. According to the FBI's investigation of the malware used to hack into Sony Pictures, this malware could have also infiltrated 90% of current internet defences, and challenge even the US government's internal online protection
New DoD cloud security requirements coming Tuesday(Federal Times) The Defense Information Systems Agency (DISA) is poised to release final security guidance for purchasing cloud services on Tuesday as the Defense Department shifts to commercial providers
AVG Technologies NV Upgraded To Neutral by Zacks(JBG News) AVG Technologies, the makers of the very popular and effective anti virus software AVG Antivirus, has had its shares upgraded by Zacks from an underperform rating to a neutral rating according to a report released on Tuesday, Zacks currently has a $19.80 price objective on the company's stock
White Ops Adds Former RSA CTO Tim Belcher to Board of Directors(Marketwired) White Ops, a pioneer in online fraud detection, announced today that former RSA CTO and NetWitness Founder Tim Belcher has been appointed to the White Ops, Inc. Board of Directors. He brings extensive experience in developing and guiding groundbreaking security innovations to market and creating strong customer engagement and demand
Products, Services, and Solutions
Heartland First to Offer Comprehensive Merchant Breach Warranty(BusinessWire) Heartland Payment Systems (NYSE:HPY), one of the nation's largest payment processors, today announced it is the first company to offer a comprehensive warranty that protects businesses from payment card breach losses in the event of a breach
Certificate Transparency Moves Forward with First Independent Log(Threatpost) The Certificate Transparency scheme proposed by Google engineers has taken a couple of significant steps forward recently, with the approval of the first independent certificate log and the passing of a deadline for all extended validation certificates to be CT-compliant or lose the green indicator in Google Chrome
Do we need regular IT security fire drills?(Help Net Security) IT security 'fire drills', supported by executive management and the risk committee should be conducted regularly in organizations, in order to understand the appropriate course of action in advance of a security breach. So says Neil Campbell, Group General Manager for Dimension Data's Security Business Unit
Security Think Tank: Mitigation strategies for data-wiping malware(ComputerWeekly) While data-wiping malicious software — malware — is not new, the FBI was moved in December 2014 to issue a flash alert to US businesses, writes Peter Wenham. This alert highlighted the new malware that not only deletes files on an infected PC, but also overwrites the MBR sector of the PC's hard drive, making it impossible for the PC to boot. Recovery is time-consuming and costly, either requiring the disinfection of the MBR followed by a re-imaging of the drive; or installing a new hard drive and re-imagining. For the smaller company the likely case would be re-building a PC's hard drive from scratch. Note that, in all cases, any data on a PC's hard drive at the time of infection would be lost
Mobile Virtualization — Solving the BYOD Problem(Trend Micro: CTO Insights) For many users today, how they use technology is defined by mobile devices. Their primary device is not a desktop computer, or even a laptop. Instead, it's a tablet or a smartphone. Instead of data stored on a hard drive or a USB stick, corporate data is now stored in the cloud and accessed as needed by users. If we look at the number of PCs versus smartphones sold, the trend is clear. In the 3rd quarter of 2014, analysts estimate that 79.4 million PCs were sold — compared to 301 million smartphones in the same period
Colleges rush to create cybersecurity soldiers(Tampa Tribune) Target. Home Depot. Sony Pictures. The now infamous computer hacks infuriated consumers who had personal information compromised and Hollywood honchos who had embarrassing emails made public
Legislation, Policy, and Regulation
EU Plans to Extend Internet Surveillance after Paris Attacks(Hot for Security) EU Plans to Extend Internet Surveillance after Paris AttacksHeavier Internet monitoring and tighter border controls are needed to tackle the risk of Jihad attacks, according to a joint statement of US, European and Canadian security officials
Remarks by the President at the Federal Trade Commission(White House Press Office) THE PRESIDENT: Thank you so much. (Applause.) Thank you. Everybody have a seat. Well, thank you, Edith, for your introduction. Edith and I go a long way back. In law school we served on the law review together. I will not say who edited who. (Laughter.) I will say she looks exactly the same. (Laughter.) And I do not. (Laughter.) And it's upsetting. (Laughter)
What might we hear from President Obama on cybersecurity?(FedBiz) On Tuesday at the Homeland Security Department's National Cybersecurity and Communications Integration Center, President Barack Obama is supposed to discuss strategies for government and the private sector to share more cyber information. It's a topic that has spurred much theoretical discussion but little substantive action in recent years. So might we hear something new?
Why tort liability for data breaches won't improve cybersecurity(Threatbrief) Government policymakers have been hoping for twenty years that companies will be driven to good cybersecurity by the threat of tort liability. That hope is understandable. Tort liability would allow government to get the benefit of regulating cybersecurity without taking heat for imposing restrictions directly on the digital economy
DHS Leaves Federal Facilities Open To Cyber Attacks(HS Today) Amid reports that US Central Command's social media accounts were attacked by hackers claiming allegiance to the Islamic State (IS), the Government Accountability Office (GAO) issued an audit report indicating DHS is unprepared to address the increasing vulnerablilty of federal facilities to cyber attacks
DISA's new unit aims to take pressure off Cyber Command(FCW) Officials at the Defense Information Systems Agency are hoping that a newly formed joint force cyber unit at the agency can take some pressure off of U.S. Cyber Command. The goal is to leave the management of capacity-building to DISA so Cyber Command, whose charge is defending the nation in a cyberattack, can focus on executing the Pentagon's cyber capabilities
Guest Post: Brazil's Cybersecurity Conundrum(Council on Foreign Relations) Brazil has embraced the digital age with more gusto than most. It is one of the top users of social media and recently signed-off on a bill of rights for the Internet, the Marco Civil. The country is also a leader in the development of online banking with more than 43 percent of web users engaging such services, and can be proud of a thriving software industry, including some world class companies
Litigation, Investigation, and Law Enforcement
France moves to crack down on terror speech(The Local (France)) French courts have started handing out prison sentences to outspoken supporters of the recent terror attacks in Paris, with a girl as young as 15 apprehended by police for referring to the Kouachis as "my brothers"
66-Year-Old British Rock Guitarist Jailed for Joining Anonymous in Hacking Attack(Hacker News Bulletin) A 66-year old British Rock star Geoffrey 'Jake' Commander, who is the guitarist of Electric Light Band Orchestra (ELO), has been jailed for 10 days at the US jail after found guilty of joining the well-known online hacktivist "Anonymous" and taking his part with the popular Operation Payback campaign, which have brought down numerous financial websites
FBI access to surveillance program expands in recent years(IDG via CSO) U.S. Federal Bureau of Investigation access to overseas surveillance collected by sister organization the National Security Agency has expanded in recent years, with the law enforcement agency gaining access to collected but unprocessed data in 2009, according to a report released by the government
Feds Double Down on North Korea Hack Theory(Tom's Guide) A parade of top U.S. officials last week reaffirmed their certainty that North Korea was behind the devastating network intrusion at Sony Picture Entertainment, even as they dismissed the concerns of doubters and offered little further evidence for their conclusion
Zappos Ordered to Pay Fine in Wake of Breach(Pwnie Express Blog) The office of Massachusetts Attorney General Martha Coakley's Consumer Protection Division has recently announced the details of a $106K multi-state settlement reached with online retailer Zappos, which in 2012 was the target of a widely publicized attack that exposed the personal information of over 24 million users. The Attorney General's office's investigation found potential violations of the state's data protection laws after data including consumers' email addresses, names, and shipping addresses were stolen; though no evidence was found that financial information was stolen
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Suits and Spooks(Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...
CyberTech Israel 2015(Tel Aviv, Israel, March 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems...
Techno Security & Forensics Investigations Conference(Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises...
Mobile Forensics World(Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State...
FloCon 2015(Portland, Oregon, USA, January 12 - 15, 2015) FloCon is an open network security conference organized by Carnegie Mellon University
California Cybersecurity Task Force Quarterly Meeting(Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...
FIC 2015(Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...
AppSec California(Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get...
Data Privacy Day San Diego — The Future of IoT and Privacy(San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.