skip navigation

More signal. Less noise.

Daily briefing.

Group-1B reports that nominally ISIS-affiliated hackers hit some 600 Russian sites from a broad range of sectors last year. Some names Caliphate-sympathizing groups used were "Team System Dz," "Global Islamic Caliphate," and "FallaGa Team." Their attacks appear to be trending up. In the US, the ISIS-doxxed "kill list" of American service members seems more scare than serious operation, but properly remains of concern even to those dismissing it as gasconade.

Vawtrak financial malware emerges in a more virulent form, using encrypted favicons distributed via the Tor anonymizing network. Analysts consider this a form of steganography. Canadian banks are early targets.

A researcher claims to have found a backdoor in Dell System Detect. (Dell says if it's there, the company didn't install it deliberately.)

Proofs-of-concept demonstrate a side-channel attack that runs entirely in a browser and exploitation of a crypto algorithm known to be weak.

Cyber criminals revisit an old trick — malware-infected Microsoft Office macros — and spam out compromised documents. Caveat lector, and don't click.

FierceHealthIT looks back at the Anthem and Premera breaches and doesn't like what it sees. Others mull the difficulty of calculating losses in a breach, and consider the Target settlement's implications for executives.

Apropos this week's observations that hackers need no rational motive, here's Exhibit A: skids styling themselves "Vikingdom2015" hit the State of Maine again. They do it for the lulz, and say they don't care if they're caught. (One hopes an FBI visit will test their indifference.)

Nation-states move toward a cyber deterrence regime.


Today's issue includes events affecting Canada, Denmark, India, Iran, Iraq, Israel, New Zealand, Syria, United Kingdom, United States.

The CyberWire will be live-tweeting from the Women in Cybersecurity event, in Atlanta tomorrow and Saturday. We'll publish a special edition Monday on the conference.

Cyber Attacks, Threats, and Vulnerabilities

IS 'CyberCaliphate' Hacked 600 Russian Websites In 2014, Security Company Says (Radio Free Europe/Radio Liberty) According to a new report, websites targeted by the Islamic State group include a number of banks, construction companies, government organizations, and even schools. Hackers aligned to Islamic State (IS) militants attacked 600 Russian websites last year, according to a new report by Russian cyber intelligence company Group-IB

ISIS 'hack' draws skepticism but raises wariness (Defense Systems) Following last weekend's leak of sensitive information on military personnel apparently by ISIS supporters, many are scrambling to discover how this information was accessed and if Pentagon servers were breached. Some military families, meanwhile, are altering their approach to what they post online

Ex-Gov. Ridge: Hacking group's kill list only a scare tactic (Trib Live) Former Pennsylvania Gov. Tom Ridge, the nation's first Homeland Security chief, does not believe the 100 military members identified in a so-called "kill list" posted online last week by a group calling itself the Islamic State Hacking Division need to fear for their lives, he told the Tribune-Review on Wednesday

Vawtrak malware uses steganography to hide update files in favicons (Security Affairs) A new strain of Vawtrak malware implements capabilities to send and receive data through encrypted favicons distributed over the Tor network

Many Canadian banks target of attack, says security vendor (IT World Canada) Fifteen Canadian financial institutions have been targeted by new a malware attack aimed at stealing passwords, says a Danish security company

Researcher finds backdoor opened by Dell's helper app (Help Net Security) A security researcher has discovered a serious bug in Dell System Detect, the software Dell users are urged to use to download the appropriate drivers for their machines. The flaw can be exploited by attackers to make the computer download and execute potentially malicious files

The Spy in the Sandbox — Practical Cache Attacks in Javascript (Columbia University) We present the first micro-architectural side-channel attack which runs entirely in the browser. In contrast to other works in this genre, this attack does not require the attacker to install any software on the victim's machine — to facilitate the attack, the victim needs only to browse to an untrusted webpage with attacker-controlled content. This makes the attack model highly scalable and extremely relevant and practical to today's web, especially since most desktop browsers currently accessing the Internet are vulnerable to this attack

SSL/TLS Suffers 'Bar Mitzvah Attack' (Dark Reading) Researcher at Black Hat Asia shows how attackers could abuse a known-weak crypto algorithm to steal credentials and other data from encrypted communications

Serious Security: China Internet Network Information Center in TLS certificate blunder (Naked Security) TLS certificates are very important. So we thought we'd use a story about a recent certificate security blunder to remind you why

Macro-based Malware Increases Along with Spam Volume, Now Drops BARTALEX (TrendLabs Security Intelligence Blog) Early this year Microsoft reported an increase in macro-related threats being used to spread malware via spam. Similarly, we've been seeing a drastic increase in spammed emails with attached Microsoft Word documents and Microsoft Excel spreadsheets that come with embedded macros

Macro-based malware continues to gain traction (Help Net Security) After having "rediscovered" the usefulness of MS Office macros, malware peddlers have been ramping up email spam runs delivering documents that request users to enable them

Default Setting in Windows 7, 8.1 Could Allow Privilege Escalation, Sandbox Escape (Threatpost) A default setting in both Windows 7 and 8.1 could allow local users to elevate privileges and in some situations, escape application sandboxes

The disturbing truth behind the Premera, Anthem attacks (FierceHealthIT) As details continue to emerge following the recent hack attacks on payers Anthem and Premera--in which information for close to 90 million consumers combined may have been put at risk--perhaps the most disturbing revelation of all is that, in both instances, neither entity appears to truly take security seriously

Bitcoin & Altcoin Exchange 'Cryptoine' Gets Hacked (Hack Read) Not even a month has passed since AllCrypt Bitcoin was taken down and another Altcoin exchange has been attacked by hackers

Anonymous Targets NYPD Captains Union Website with Malware (Hack Read) On Friday, a cyberattack on NYPD captains union website infected it with malware and forced it to shut down hit by cyber attack for third time in three days (WGME) For the third straight day, was taken down by a cyber attack, and this time, the group claiming responsibility also said it's recorded the IP addresses of anyone who tried to visit the site

Xtube porn website spreads malware, after being compromised by hackers (Graham Cluley) XtubeThe popular Xtube hardcore porn website, visited by approximately 25 million people every month, has been compromised by hackers and is spreading malware onto visiting computers

Mobile 'sextortion' schemes on rise, Trend Micro reports (Network World) Victims pay up or their sex videos get sent to their contact lists

Too Many Adverts and Porn pop-ups in your Web Browser? Maybe your Router has been Hijacked (Tripwire: the State of Security) If you've recently found your web browsing plagued by pornographic pop-ups and irritating adverts, there might be a simple — but dangerous — explanation

Tax Fraud Advice, Straight from the Scammers (KrebsOnSecurity) Some of the most frank and useful information about how to fight fraud comes directly from the mouths of the crooks themselves. Online cybercrime forums play a critical role here, allowing thieves to compare notes about how to evade new security roadblocks and steer clear of fraud tripwires. And few topics so reliably generate discussion on crime forums around this time of year as tax return fraud, as we'll see in the conversations highlighted in this post

Security Patches, Mitigations, and Software Updates

GE Fixes Buffer Overflow Bus in DTM Library (Threatpost) GE has released a fix for a vulnerability in a library that's used in several of its products deployed in critical infrastructure areas. The flaw in the HART Device Type Manager library could allow an attacker to crash affected applications or run arbitrary code

iOS 8.3 Lets You Skip Password Entry to Download Free Apps. Good Idea? (Intego Blog) iOS 8.3 settingsThe new version of iOS, version 8.3, is getting ever closer and pre-release beta testers are stumbling across new hidden features and tweaks that Apple has made with the iPhone and iPad operating system

Cyber Trends

Lessons From The New Threat Environment From Sony, Anthem And ISIS (TechCrunch) The cyberattack on Sony Pictures entertainment left plenty of roiled waters in its aftermath: lawsuits from employees whose personal information was leaked; apologies to President Obama and other subjects of hasty emails; U.S. sanctions against North Korea and a war of words back and forth; and the irony of Sony turning to the entity most identified in those emails as a threat to its content distribution model, Google, to distribute "The Interview"

State-backed cybercrime hits our screens (Guardian) Today's hackers are not just criminals and activists — governments are launching cyber-attacks to hunt for secrets, research vulnerabilities or cause disruption. How can we defend ourselves?

NSA Doesn't Need to Spy on Your Calls to Learn Your Secrets (Wired) Governments and corporations gather, store, and analyze the tremendous amount of data we chuff out as we move through our digitized lives. Often this is without our knowledge, and typically without our consent. Based on this data, they draw conclusions about us that we might disagree with or object to, and that can impact our lives in profound ways. We may not like to admit it, but we are under mass surveillance

Survey: 75% of firms would take hours or longer to spot breach (CSO) Organizations say they can deal with a breach, but first they'll have to detect it

Rise of threat intelligence is leading to too many sources, finds MWR, CPNI and CERT-UK (IT Security Guru) Threat intelligence is rapidly becoming an ever-higher business priority with a general awareness of the need to 'do' threat intelligence, but vendors are falling over themselves to offer a confusingly diverse array of threat intelligence products

Zero day, Web browser vulnerabilities spike in 2014 (IDG via CSO) The number of zero-day and Web browser vulnerabilities shot up in 2014, but overall software vendors are patching faster

Former NSA Director: Breaches Will Get Worse (PYMNTS) Over the next two years, cyberattacks will get worse before they get better. But there's some good news. There are methods to counter cyber threats — by working with stakeholders across the political aisle, including private to public sector initiatives, to create enforceable barriers to bring about change

RFID use reaching 'tipping point' (FierceRetailIT) RFID is gaining traction with retailers and manufacturers, nearing an adoption and usage "tipping point," according to a recent study from GS1 US

Study: When it comes to security, smartphone users aren't very smart (BGR) Even though you may be familiar with how your smartphone works and the various security issues that threaten your privacy, chances are that if you're also a millennial you also aren't doing simple things to secure your data. At least that's what a study from security firm Lookout seen by the LA Times seems to indicate

Millennials Like Their Privacy, but Give It Away Freely (eWeek) More than half of smartphone owners under 35 years old believe they are privacy-savvy, yet they tend to take the most risks with their personal data

Power grids vulnerable to attacks (Great Falls Tribune) About once every four days, part of the nation's power grid — a system whose failure could leave millions in the dark — is struck by a cyber or physical attack, a USA Today analysis of federal energy records finds

UK attacks on crypto keys and digital certificates endemic (ComputerWeekly) All 499 UK security professionals polled in a global survey say their organisations have responded to multiple attacks on keys and certificates in the past two years


Calculating The Colossal Cost of A Data Breach (CFO) Some targets have spent tens of millions just to notify customers and provide identity-theft monitoring

Apple is picking off iOS antivirus apps one by one: Who'll be spared? (Register) Some slain in the software store, some survive — but why?

Palo Alto splashes $200m to strengthen endpoint security offering (Computer Business Review) Company acquires Israeli cybersecurity company Cyvera

Darktrace enters Asia Pacific security appliance market (Digital News Asia) Comes in as market is expected to register double-digit growth

Huawei does not pose UK national security threat (V3) Chinese telecoms firm Huawei has been given the all clear, meaning that the use of its technology in UK communications networks does not pose a national security risk

Leidos Board Appoints CEO Roger Krone to Chairman to Consolidate Roles (GovConWire) Leidos (NYSE: LDOS) CEO Roger Krone has taken the additional role of chairman of the board of directors beginning March 20, less than a year after he joined the company from Boeing

Products, Services, and Solutions

Red Owl Analytics: Next generation analytic platform (CTO Vision) This is an update of our write-up on Red Owl Analytics. We cover them in our special reports on Analytical Tools, Big Data, and Security

Microsoft Bombs Antivirus Tests Yet Again (Tom's Guide) If you're using nothing but Microsoft Windows Defender to protect your PC, you may want to toss the system into a bonfire now, before it's too late for the rest of your network

Targeted Attack: The Game (Trend Micro: Simply Security) April 2015 sees the release of a project that has been a year in the making for us. Something that we had affectionately been calling "Choose Your Own Adventure" for most of its lifetime as we laid it out, put some meat on the bones and finally stitched it all together (no we weren't making Frankenstein's monster)

Popular Cryptography Game Released for iOS & Android (prMac) Vito Technology Inc., award-winning developer has released an update and an Android version of their popular educational game Next Quote. The app offers a thrilling experience of deciphering a hidden message which contains an inspirational quote from famous authors, founding fathers and modern day politicians. Impossible at first glance, the game will draw you in while simultaneously developing your logic skills

Technologies, Techniques, and Standards

How to tell if you've been hacked (Guardian) Worried that you might get compromised by hackers? The bad news is that the rest of the internet might know before you do

Dissecting Network Segmentation, Data Traffic and Encryption (Dark Matters) Last year — dubbed "the Year of the Hack" — saw numerous major cyber attacks against prominent corporations, including JP Morgan bank and Sony Pictures Entertainment. And after Target in 2013, another retailer, Home Depot, suffered a data breach with more than 56 million credit cards stolen

Junk it: How BAE saves $3.2m a year by throwing out excess data (Computing) "Every IT person should be saving at least 10 per cent of their annual yearly salary," BAE Systems data centre storage director Mark Tango tells Computing

Security best practices for users is your first line of defense (CIO) Most savvy businesses are on top of their game when it comes to securing networks, encrypting sensitive data and keeping private customer information safe. But there's a glaring security vulnerability you may not have thought of: your end-users

Applying a Stress-Test to Your IT Infrastructure (Tripwire: the State of Security) Banks regularly undergo mandatory stress tests. These tests are clearly defined, and the results are used to determine how well each bank can maneuver through an economic calamity

CISSP 2015 Update: Identity and Access Management (Infosec Institute) The CISSP 2015 Update brings new viewpoints on the key domains covered in this certification. The CISSP is already one of the broadest of all certs in that the amount of information it covers in different fields is staggering. However, breaking this down into its component domains or fields can help to chop at it bit by bit. With the new updates, each domain is a bit more streamlined — a bit easier to manage in the overall picture — and becomes easier to understand

ISACA Lays Out Forensics for the Data Breach Era (Infosecurity Magazine ) When faced with a data breach, the first order of business for companies is to find out what happened, and then how it happened and who did it. To aid in the process, which is unfortunately no longer a rare scenario, ISACA has issued a new set of guidelines that outline the digital forensics process and identify the key steps for organizations to consider when dealing with attacks

Design and Innovation

You in Your Internet of Things (IEEE Spectrum) Should privacy and security measures be built into devices before they reach the market?

Research and Development

Drop User Names To Improve Security, Says Dartmouth Research (THE Journal) The focus on coming up with unusual passwords for improving security is likely misplaced, particularly when those passwords are accompanied by user names that are all too guessable. That's what a joint academic and industry research team has come up with after nearly a year of working together on the problem of authentication

Navy Engineer Impacts Public-Private Sector Research on Wearable and Embeddable Technology (Southern Maryland Online) How easy is it to hack a pacemaker? Your "FitBit" is designed to track your physical movements. Who else can see it?


Taking the Tech Track (US News and World Report) Across fields, grad programs are adding training in technology

Computer science surge sparks campus building boom (Network World) College campuses across the U.S. are building new computer science facilities that encourage hands-on education and interdisciplinary research

Foreign Affairs Ministry names teens in national cyber education initiative 'Cyber Ambassadors' (Jerusalem Post) Initiative is geared towards junior high students which offers after-school programs in computer technology

Legislation, Policy, and Regulation

NATO Chief: Cyber Can Trigger Article 5 (DefenseNews) NATO leaders on Wednesday reiterated the alliance's stance on treating cyber attacks against a member as an Article 5 issue, which would potentially draw a military response from the entire alliance

'States preparing cyber-attack options to cripple enemies' infrastructure' (Jerusalem Post) States engaged in arms race, building offensive and defensive capabilities in form of cybersecurity

Three Questions about Admiral Rogers' Testimony on Cyber Deterrence (Council on Foreign Relations) Last week, Admiral Mike Rogers, commander of U.S. Cyber Command, testified before the Senate Committee on Armed Services. Most of the media attention (see this, this, and this) has focused on Rogers' argument that deterrence is not working, and that defense in cyberspace will be "will be both late to need and incredibly resource intensive." As a result, Rogers argued, Cyber Command needs "to think about how can we increase our capacity on the offensive side to get to that point of deterrence"

National Breach Notification Bill Advances (GovInfoSecurity) Amendments to keep some state safeguards rejected

Would NSA Data Surveillance End With Patriot Act? (US News and World Report) The Patriot Act sunsets in June, but other legal powers may continue data collection

FBI needs better intelligence, information sharing: U.S. report (Reuters) The FBI needs to strengthen its intelligence programs and information sharing to counter the diverse and fast-moving national threats that have evolved since the Sept. 11, 2001, attacks, a congressional commission said on Wednesday

FBI Threat Intelligence Cyber-Analysts Still Marginalized In Agency (Dark Reading) Despite good progress, 9/11 Review Commission says that analysts could have a greater impact on FBI counter-terrorism activities if they had more domain awareness, forensics capabilities, and were more empowered to question agents

Carter: Cyberworkforce Development Is a Model for DOD (FedTech) Defense Secretary Ash Carter said the freshness of approach and the constant effort to reinvent can be an example for other DOD efforts

DoD Advances Elements of Joint Information Environment (DoD News) Defense Department Chief Information Officer Terry Halvorsen held a media roundtable recently to discuss progress on elements of his department?s transition to an information environment that's faster, safer and less expensive for the DoD

Litigation, Investigation, and Law Enforcement

What security leaders need to know about the Target breach settlement (CSO) Consider these three points before discussing the Target consumer breach settlement with other leaders

India strikes down controversial "Section 66A" social media policing law (Naked Security) India's Supreme Court on Tuesday repealed a controversial law after civil rights groups and a law student filed petitions arguing that it violated people's rights to freedom of speech and expression

Inquiry into electronic surveillance agency launched (New Zealand Herald) An inquiry into the activities of New Zealand's electronic surveillance agency has been launched by the Inspector General of Intelligence and Security

Alaska Joins Investigation Into Premera Cyber Attack (Alaska Public Media) Alaska is participating in an multi-state investigation into Premera following a cyber attack on the health insurer early this year. The state's insurance director says she has a lot of questions about why the attack occurred and why it took the company two months to announce it publicly

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cyber Insurance and Corporate Governance: Facing New Threats (Brooklyn, New York, USA, April 2, 2015) Peter D. Hancock, president and CEO of AIG, will lead a discussion of the ways in which the insurance industry is adapting to account for threats to the most valuable — and vulnerable — assets...

Upcoming Events

CYBERWEST: the Southwest Cybersecurity Summit (Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic,...

Conference on Cyber Defence in Europe (Berlin, Germany, March 25 - 26, 2015) The conference aims to address these and other issues of cyber defense in a broad audience of policy-makers, senior officials and experts from EU institutions and Member States, representatives of industry...

CYBERWEST (Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic,...

Fraud Summit Dubai (Dubai, United Arab Emirates, March 26, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Dubai event include...

Women in Cyber Security (Atlanta, Georgia, USA, March 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally.

Automotive Cyber Security Summit (Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel...

Insider Threat Symposium & Expo (Laurel, Maryland, USA, March 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively...

Kansas City Secure World (Kansas City, Missouri, USA, April 1, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

Coast Guard Intelligence Industry Day (Chantilly, Virginia, USA, April 2, 2015) With a blended focus of defense, homeland security, law enforcement, criminal investigations, intelligence and cyber issues, Coast Guard Intelligence is aggressively looking to collaborate with partners...

Cyber Insurance and Corporate Governance: Facing New Threats (Brooklyn, New York, USA, April 2, 2015) Peter D. Hancock, president and CEO of AIG, will lead a discussion of the ways in which the insurance industry is adapting to account for threats to the most valuable — and vulnerable — assets...

Centers for Medicare and Medicaid Services (CMS) CISO Security & Privacy Forum (Woodlawn, Maryland, USA, April 7, 2015) The CISO Security & Privacy Forum is hosted by the Information Security Privacy Group (ISPG) at CMS. The Vision for ISPG is to provide leadership to CMS in managing information security and privacy risks...

10th Annual Cyber and Information Security Research Conference (Oak Ridge, Tennessee, USA, April 7 - 9, 2015) Cyberspace is fundamental to our national prosperity, as it has become critical to commerce, research, education, and government. Realizing the benefits of this shared environment requires that we are...

Cyber Risk Wednesday: The future of Iranian cyber threat (Washington, DC, USA, April 8, 2015) Join the Atlantic Council's Cyber Statecraft Initiative on April 8, from 4:00 p.m. to 5:30 p.m. for a panel discussion on the Iranian cyber threat and the potential for a drastic escalation of cyber conflicts...

Cyber Risk Wednesday: The future of Iranian cyber threat (Washington, DC, USA, April 8, 2015) Join the Atlantic Council's Cyber Statecraft Initiative on April 8, from 4:00 p.m. to 5:30 p.m. for a panel discussion on the Iranian cyber threat and the potential for a drastic escalation of cyber conflicts...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.