skip navigation

More signal. Less noise.

Daily briefing.

US and Canadian authorities open investigations into the on-going wave of Caliphate-themed low-grade cyber vandalism hitting North American websites.

The US State Department continues to grapple with its compromised email system. The long-standing intrusions are allegedly the work of Russian intelligence organs.

The Internet Storm Center describes the current state-of-play in malware stealth and evasion. Analysts report the evolution of VBA malicious documents to incorporate sandbox and virtualization detection.

The MongoDB tool, phpMoAdmin, is reported vulnerable to remote code execution.

Analysts recap the history of the FREAK vulnerability, "from discovery to mitigation."

Malwarebytes warns Facebook users of a worm (a member of the "Kilim" family) that enrolls infected machines into a botnet. (The bait is "scandalous photos of teenagers" — don't take it.)

Trend Micro reports an unpleasant evolutionary development in ransomware: "VIRLOCK" not only locks the victim device, but infects its files as well, which Trend Labs claims is a ransomware first.

Another USB threat is demonstrated as a proof-of-concept: this one destroys ("fries") hardware.

SecurityWeek mulls the problem of reputational damage caused by cyber attack.

Several bits of product news appear. Blackberry's partnership with IBM and Samsung yields a new, security-optimized, tablet. Google watchers believe they've spotted a VPN service in Android 5.1. Yahoo moves forward with plans to offer end-to-end encrypted email by year's end.

The US National Association of Insurance Commissioners issues "Principles for Effective Cybersecurity Regulatory Guidance.

Industry analysts offer perspective on the operational use of threat intelligence.

German police collar a major darkweb drug ring.

Notes.

Today's issue includes events affecting Canada, China, Germany, India, Iraq, Japan, Russia, Syria, Turkey, United Kingdom, United States.

SINET's ITSEF conference opens tomorrow, and the CyberWire will be there to cover it. We'll be live-tweeting from the event, and on Wednesday our editor will moderate a panel on emerging trends in cyber attack.

Cyber Attacks, Threats, and Vulnerabilities

The Bloody Battle of Website Defacement: "ISIS" Hackers vs. WordPress (Infosec Island) Police and FBI are investigating defacement attacks on numerous North American websites in which attackers placed an ISIS flag banner on website home pages and played an Arabic song in the background

State Dept. Shuts Down Email After Cyber Attack (ABC News) The State Department shut down large parts of its unclassified email system today in a final attempt to rid it of malware believed to have been inserted by Russian hackers in what has become one of the most serious cyber intrusions in the department's history, U.S. officials told ABC News

Maldoc VBA Sandbox/Virtualization Detection (Internet Storm Center) As could be expected, we witness an arms race when observing the evolution of VBA malicious documents. First the VBA code was trivially simple (download and execute), then obfuscation was added (strings and code), and now we see more attempts to evade detection

MongoDB tool vulnerable to remote code execution flaw (CSO) A MongoDB tool, phpMoAdmin, uses eval() on a public-facing GET function

The FREAK Vulnerability: From Discovery to Mitigation (Infosec Institute) A few weeks ago, security experts discovered a new major security SSL/TLS vulnerability, dubbed FREAK, that for more than a decade left users of Apple and Google devices vulnerable to hacking when they visited millions of legitimate and secure websites

Facebook worm spreads by leveraging cloud services (Help Net Security) Facebook users are in danger of having their computers turned in a bot by a worm that spreads via the social network

VIRLOCK Combines File Infection and Ransomware (TrendLabs Security Intelligence Blog) Ransomware has become one of the biggest problems for end users are as of late. In the past months alone, we have reported on several variants of both ransomware and crypto-ransomware, each with their own "unique" routines. We recently came across one malware family, detected as PE_VIRLOCK, as that not only locks the computer screen but also infects files — a first for ransomware

Malicious Android App Fakes Shutdown and Allows Bad Guys to Take Control (Trend Micro: Simply Security) The more our lives become dependent on mobile devices like Android smartphones, the more important it is to have mobile security to protect them and our digital lives. This is not just a concern for the future, but affects many users today in ways they could never have anticipated

Don't trust other people's USB flash drives, they could fry your laptop (IDG via CSO) Have you ever heard stories about malicious USB thumb drives frying laptops and thought they were far fetched? An electronics engineer heard them too, and then set out to create a prototype

Strange snafu hijacks UK nuke maker's traffic, routes it through Ukraine (Ars Technica) Lockheed, banks, and helicopter designer also affected by border gateway mishap

BBC website goes offline, but Jeremy Clarkson probably not to blame (Graham Cluley) This weekend, the BBC's website was inaccessible to millions of internet users around the world

Jamie Oliver's website found spreading malware… again (Graham Cluley) You won't need an incredibly good memory to recall that Jamie's Oliver was found to have been spreading malware recently

Can Your Smart Car Be Hacked? The Frightening Reality Is That Worse May Be Happening on the Road (Main Street) Today's cars ship with big brains. Sensors monitor everything from oil temperature to tire pressure and, on many cars, they can tell you exactly how many miles you can drive before running out of gas. Cars also are networked, and that means their condition and location can, in many cases, be monitored remotely

Pssst: Wanna Buy a Used Spy Website? (Wired) The names suggest a parade of a C-list websites. There was NewJunk4U.com and Monster-Ads.net, CoffeeHausBlog.com and SuddenPlot.com. But, these sad-sounding domains actually were artful creations of the National Security Agency: They were fronts for distributing and controlling government malware around the world

Security Patches, Mitigations, and Software Updates

After Delays, Samsung Patches Social Media Vulnerability in Millions of Devices (Threatpost) Samsung patched a vulnerability last month in SNS Provider, a popular application that manages other social media apps present in millions of its devices. If exploited the bug could have given attackers the ability to access to any personal information users stored on Facebook, LinkedIn and Twitter

Apple iOS 8.2 Has Two Nasty Surprises (Forbes) iOS 8.2 gets a lot right. Don't let the Apple AAPL -0.72% Watch compatibility fool you, the update is mostly about optimisations and bug fixes and in this regard it is the company's most diligent release to date. Yet 24 hours on what has become clear is that there are two nasty surprises awaiting users

Bypassing ASLR with CVE-2015-0071: An Out-of-Bounds Read Vulnerability (TrendLabs Threat Intelligence Blog) Almost every Patch Tuesday cycle contains one bulletin that (for convenience) rolls up multiple Internet Explorer vulnerabilities into a single bulletin. February?s Patch Tuesday cumulative IE bulletin (MS15-009) included a fix for a particularly interesting vulnerability that could be used to bypass one of the key anti-exploit technologies in use today, address space layout randomization (ASLR)

Microsoft EMET 5.2 is available (Internet Storm Center) Microsoft has announced a new release of the Enhanced Mitigation Experience Toolkit (EMET) 5.2

Yahoo Introduces Password-Free Login — Just Don't Lose Your Phone (TechCrunch) Yahoo wants to end your dependency on memorizing passwords — or creating crap ones that can be guessed or hacked — after it introduced a new "on-demand" system that sends a one-time password when you need to log in

Cyber Trends

Online trust is at the breaking point (Help Net Security) IT security professionals around the globe believe the system of trust established by cryptographic keys and digital certificates, as well as the security of trillions of dollars of the world's economy, is at the breaking point

New York's top bank cop says "cyber 9/11" attack could happen (Albany Times-Union) Department of Financial Services Supt. Benjamin Lawsky says threat of financial market panic is biggest concern

7 In 10 Businesses Struggle To Sustain PCI Compliance (Dark Reading) Maintaining PCI compliance is a bigger challenge that achieving it for many companies, Verizon study finds

Digital Transformation Ends in Breaches For 40% of UK Public Sector (Infosecurity Magazine) Nearly half (40%) of UK public sector organizations have suffered a data breach as they struggle to keep up with the pace of digital transformation demanded by Westminster, according to Iron Mountain

Homeland Security says US industrial control systems hit by 245 cyber attacks in 2014 (HazardEx) US industrial control systems were hit by cyber attacks at least 245 times over a 12-month period, the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has revealed. ICS-CERT is part of the National Cybersecurity and Integration Center, which is itself a unit of the Department of Homeland Security

Trustwave: 78% of IT Pros Expect to Partner With MSSP in 2015 (MSP Mentor) Most businesses anticipate pressure to protect their organizations against cyber threats will increase this year

Forty per cent of public-sector bodies 'have suffered data breach', lack of skills blamed (Computing) Forty per cent of IT leaders in the public sector have admitted that their department has suffered a data breach because management is struggling to deal with the pace of change as more and more services shift towards digital

Marketplace

Nevermind Your Cyber Defense: "Ostrich Security" Is Impacting Your Brand and Reputation (SecurityWeek) Recently, Benjamin Dean, Fellow for Internet Governance and Cyber-security, School of International and Public Affairs at Columbia University, wrote a very compelling piece in which he asserts — justifiably, I might add — that large corporations have little actual incentive to invest in cybersecurity

Survey: 54% of Patients Would Switch Providers After Data Breach (HIT Consultant) 54 percent of patients say they would be "very" or "moderately likely" to change providers after a security data breach impacting their personal health information, according to a recent survey conducted by Software Advice. In light of recent high-profile security breaches at medical organizations such as Anthem, Software Advice surveyed patients on their fears of a breach, and explored how software solutions can minimize data security risks

Chief Data Officers — The Case for the Defence (WillisWire) A large number of financial institutions (FIs) have appointed chief data officers (CDOs) over the past couple of years. I know a few of them and while they come from a wide variety of backgrounds — some technical, some business, some 'data geek' — they share a common belief that an organization's data is one of its most important assets. They would like to be shaping their data agenda to help drive business growth, even business transformation. However, most of them find themselves fighting a rearguard action, focusing on the basics, laying fundamental foundations without which the 'clever stuff' is no more than a pipe dream

CyberArk Tumbles after Pricing 4M Secondary Public Offering (Zacks) Shares of the global IT security software solution provider, CyberArk Software Ltd. (CYBR - Snapshot Report) declined approximately 7% yesterday after the company announced the pricing of the secondary public offering registered last month

Business Briefs: Pindrop Security Raises $35 Million (India West) Atlanta, Ga.-based Pindrop Security, a provider of phone fraud prevention and call center authentication, has raised $35 million in series "B" round funding led by Institutional Venture Partners, with participation by existing investors Andreessen Horowitz, Citi Ventures, Felicis Ventures, Redpoint Ventures and Webb Investment Network

Google's "security princess" targets bugs, "boys club" rep (CBS News) The tech industry may finally be tackling its "boys club" reputation. At Google, one employee is a rising female star and has what may be the most unusual job title in the field, CBS News' John Blackstone reports

Products, Services, and Solutions

BlackBerry partners with IBM, unveils high-security Samsung tablet (CBC) The BlackBerry owned-company Secusmart has unveiled a new high-security tablet at CeBIT, a technology conference in Hanover, Germany

AlienVault Partners With T-Systems and Deutsche Telekom to Power New Cyber Defense Solution (MarketWired) Partnership enables 'German Mittelstand' mid-market customers to detect and mitigate the impact of a breach

'Google VPN' in-built Hidden Service spotted in Android 5.1 (Hacker News) Good news for all Android Lollipop-ers! Google appears to be secretly working on a Virtual Private Network (VPN) service, dubbed 'Google VPN'

Yahoo will offer end-to-end e-mail encryption by year-end (BizNews) Yahoo said Sunday it plans to introduce "end to end encryption" for email this year to boost privacy protection for users concerned about snooping from governments or hackers

Yahoo puts email encryption plugin source code up for review (IDG via PC World) Yahoo released the source code for a plugin that will enable end-to-end encryption of email messages, a planned data-security improvement prompted by disclosures of U.S. National Security Agency snooping

Mozilla Relases Releases Open Source Masche Forensics Tool (Threatpost) Mozilla has released an open source memory forensics tool that some college students designed and built during the company?s recent Winter of Security event

Service lets CISOs compare effectiveness of security products (IT World Canada) Ever wondered how your IT security environment stacks up against another organization?s? What your weak products are? Or which applications create the most problems for a given malware

Technologies, Techniques, and Standards

Influential National Association of Insurance Commissioners (NAIC) Moves On Cyber (CTO Vision) Cybersecurity practitioners and policymakers have long been discussing the potential positive benefits of smart insurance policy and standards to reduce risk. Of the many actions and activities we see in the insurance world today, the news of NAIC involvement is seen as particularly interesting

Principles for Effective Cybersecurity Insurance Regulatory Guidance (NAIC) Due to ever increasing cybersecurity issues, it has become clear that it is vital for insurance regulators to provide effective cybersecurity guidance regarding the protection of the insurance sector?s data security and infrastructure

ISACs Demystified (Dark Reading) How some intelligence-sharing organizations operate in the face of today's threat landscape

Enterprise scenarios for threat intelligence services (TechTarget) Expert contributor Ed Tittel explains which types of organizations need a threat intelligence service as part of a proactive, layered security strategy

Investigating and Detecting Command and Control Servers (TrendLabs Security Intelligence Blog) Information about the overall threat landscape can be gathered from many sources. One useful method is by looking at the overall activity of botnet command-and-control (C&C) servers, as used both in targeted attacks and in attacks against the broader Internet user base

Deconstructing Threat Models: 3 Tips (Dark Reading) There is no one-size-fits-all approach for creating cyber threat models. Just be flexible and keep your eye on the who, what, why, how and when

Mistakes the Good Guys Make During a Hack Attack (Reuters via the Fiscal Times) Financial advisory firms are so busy trying to prevent computer hacking that they sometimes neglect an equally vital issue: what to do when hackers succeed

Has Security Ops Outlived Its Purpose? (Dark Reading) CISOs will need more than higher headcounts and better automation tools to solve today's security problems

Lessons from Anthem: Make Every Employee Part of the Cyber Security Team (Entrepreneur) By now, many of us in the cyber security world are combing through a litany of materials to analyze the causes, motives and methods of the Anthem data security breach that turned the health insurance conglomerate upside down and affected more than 80 million people

Listen to your employees or deal with shadow IT (Help Net Security) Data leakage, compliance breaches, business inefficiency and hidden costs are just some of the risks organizations are leaving themselves open to by not meeting the IT demands of their workforce

Protecting sensitive data: an approach to prevent data exfiltration (Security Affairs) Data exfiltration is mechanism to data breach that occurs when an individual's or organization's data is illegally copied from its systems

Hurry shipmates — the black hats have hacked our fire control system (Register) Infosec younglings stave off cyber-assault on WWII cruiser

This is what a cyber attack on London looks like (BT) The Cyber Security Challenge is putting on quite a show in London to test its finalist, with a career in online protection at stake

It was risky as hell, but the crazy thing is that Hillary Clinton's home email server actually worked (Quartz) Responding to mounting questions, Hillary Clinton — the former US secretary of state and a presumptive presidential candidate — said this week that she "opted for convenience" by using a personal email account instead of her official one

Anti-doxing strategy — or, how to avoid 50 Qurans and $287 of Chick-Fil-A (Ars Technica) Act before it's too late. Simple strategies can minimize the physical toll of doxing

Design and Innovation

IBM reported to be investigating 'Bitcoin-style', blockchain-based currency transaction system (The Stack) IBM is investigating the possibility of using the underlying exchange mechanism of Bitcoin to develop a digital cash system based on existing national currencies, according to an inside source

Hey Twitter, Kiling Anonymity's a Dumb Way to Fight Trolls (Wired) Tor users started reporting last week that they are being prompted more frequently than ever for a phone number confirmation when creating a new Twitter account — or in some cases when using a long-standing account. This development is disastrous for the free speech the platform generally stands for, and will likely not curb the abuse for which it has come under fire. If this change was targeted at that harassment — addressing the leaked acknowledgment from CEO Dick Costolo that "We suck at dealing with abuse and trolls on the platform and we?ve sucked at it for years" — it's a dangerous example of the Politician's Syllogism: we must do something; this is something; therefore, we must do this

Research and Development

Sell By Date: Research Finds Stolen Data is a Perishable Commodity (Digital Guardian) New research to develop a computer based model of cyber crime finds that time is the critical element assessing the cost of cyber incidents

MIT launches three-pronged effort to thwart cyber attacks (Network World) Groups across university will work with businesses to develop technical, regulatory and managerial remedies

Legislation, Policy, and Regulation

China put its crackdown on foreign tech companies on hold — for now (Quartz) China's proposed law that would require tech companies to help the government spy on their users has been put on hold, according to the White House's top cybersecurity official. The controversial law would have required foreign tech companies wishing to do business in China to make their encryption keys available to authorities, and build special "back doors" in their software to enable Chinese government surveillance

Wyden blasts cyber threat-sharing bill (The Hill) Sen. Ron Wyden (D-Ore.) lambasted a controversial cybersecurity threat-sharing measure after it passed the Senate Intelligence Committee on Thursday

Amias Gerety: Treasury Eyes Collaboration on Cyber Info-Sharing Standards, Automation (ExecutiveGov) Amias Gerety, acting assistant secretary for financial institutions at the Treasury Department, has said collaboration between the department and other government agencies as well as the financial industry is key to bolster cybersecurity

Q&A With The Congresswoman Taking On Gamergate (TechCrunch) Earlier this week, Massachusetts Rep. Katherine Clark called other members of Congress to sign a letter with her that demands the FBI crack down on cyberstalking and online harassment

Defense secretary: We could create separate military force to fight cyber wars (Baltimore Sun) Army, Navy, Air Force, Marines — and the Cyber Force? Could be on the cards new defense secretary says

Cyber force grows, along with retention concerns (Military Times) The military's effort to build a 6,200-strong force of cyber warriors is well underway, but questions remain about long-term retention of the highly skilled troops who will have big opportunities in the private sector

Japan recruits hackers for cyber security force (ComputerWeekly) Japan is the latest country to officially tap into hacking skills to identify and protect against cyber security threats

Full rules for protecting net neutrality released by FCC (Naked Security) The US Federal Communications Commission (FCC) on Thursday lay down 400 pages worth of details on how it plans to regulate broadband providers as a public utility

Litigation, Investigation, and Law Enforcement

The Crooked Path to Determining Liability in Data Breach Cases (Wired) From the high-stakes international intrigue and political espionage of Stuxnet, to the Sony hack of late 2014, which was first tentatively credited to pranksters, and later to conceded to North Korean hackers, the past few years have showcased pretty much every existing version, and underlying motive of cyber-attack — from outright warfare to hacktivist vandalism — all over the news headlines

Three Data Breach Trends to Watch for 2015 (Legal Intelligencer) With 2014 dubbed the "year of the data breach," questions loom over corporations for 2015: When will it happen to us? Are our security measures adequate? Will we be prepared for the fallout? The law is hurrying to keep up with the rapid pace of these leaks and attacks, and it is difficult to predict how data breach scenarios will play out in the future. Here is a snapshot of what we might expect to see this year in this area of the law

Assuring Authority for Courts to Shut Down Botnets (US Department of Justice) In our first post, we noted the dramatic growth over the past several years in the incidence of cybercrime that victimizes Americans. One of the most striking examples of this trend is the threat from botnets — networks of victim computers surreptitiously infected with malicious software, or "malware." Once a computer is infected with the malware, it can be controlled remotely from another computer with a so-called "command and control" server

German Police Just Made a Gigantic Dark-Web Drug Bust (Wired) If anyone had forgotten the sheer scale of the dark-web drug trade, German police just offered a helpful reminder. They've seized more than a third of a ton of narcotics from a single online drug seller — a haul that, despite its size, represents an insignificant dent in the burgeoning digital narcotics market known as Evolution

Why the Clinton Email Case Matters (Pell Center Blog) As you may have heard in the news recently, former Secretary of State Hillary Clinton did not use an official US government email with a .gov address during her entire tenure as Secretary, and instead exclusively used a ClintonEmail.com personal address for all State Department-related correspondence

Letter Calls Plea Deal for David Petraeus a 'Profound Double Standard' (New York Times) The plea deal given to retired Gen. David H. Petraeus, which spares him prison time even though he gave military secrets to his mistress, reveals a "profound double standard" in the way the Obama administration treats people who leak classified information, a lawyer for an imprisoned government contractor wrote in a letter to prosecutors

Silk Road moderator "Samesamebutdifferent" pleads guilty, faces life in prison (Ars Technica) Peter Nash, 42, worked for Dread Pirate Roberts for 10 months in 2013

Government Requests For Facebook Data Decrease In U.S. And UK, But Rise In India (TechCrunch) Facebook's latest report on government requests shows a decrease in requests from many Western countries in the second half of 2014, but that's offset by increases from India, Turkey and Russia

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

B-Sides Vancouver (Vaqncouver, British Columbia, Canada, March 16 - 17, 2015) The third annual Security B-Sides Vancouver is an information security conference that will be held March 16th and 17th. We love to see brand new speakers, seasoned speakers, and everyone in between

Insider Threat 2015 Summit (Monterey, California, USA, March 16 - 17, 2015) The Insider Threat 2015 Summit is about bringing Government and Industry organizations and their cybersecurity leaders together in order to better understand the type of threats that may impact their infrastructure...

2015 North Dakota Cyber Security Conference (Fargo, North Dakota, USA, March 17, 2015) The North Dakota Cyber Security Conference brings together community members from academia, government and industry to share strategies, best practices and innovative solutions to address today's challenges...

IT Security Entrepreneurs Forum: Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 17 - 18, 2015) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs...

IT Security Entrepreneurs Forum: Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 17 - 18, 2015) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs...

Philadelphia SecureWorld (Philadelphia, Pennsylvania, USA, March 18 - 19, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

2015 Cyber Security Summit (McLean, Virginia, USA, March 19, 2015) During Congressman Mike Rogers' "The Code War in America" talk at the June 2013 POC breakfast, he challenged all of us to "recognize that every day U.S. businesses are targeted by governments like China...

BSides Salt Lake City (Salt Lake City, Utah, USA, March 20 - 21, 2015) BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation

B-Sides Salt Lake City (Salt Lake City, Utah, USA, March 20 - 21, 2015) B-Sides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation

CarolinaCon-11 (Raleigh, North Carolina, USA, March 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions...

Cyber Security Conference 2015 (Bolton, UK, March 23 - 24, 2015) Cyber Security Conference 2015 is a coming together of the North of England's two most successful Cyber Security Conferences; BEC Information & Data Security Conference and Lancaster University's North...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.