Group-1B reports that nominally ISIS-affiliated hackers hit some 600 Russian sites from a broad range of sectors last year. Some names Caliphate-sympathizing groups used were "Team System Dz," "Global Islamic Caliphate," and "FallaGa Team." Their attacks appear to be trending up. In the US, the ISIS-doxxed "kill list" of American service members seems more scare than serious operation, but properly remains of concern even to those dismissing it as gasconade.
Vawtrak financial malware emerges in a more virulent form, using encrypted favicons distributed via the Tor anonymizing network. Analysts consider this a form of steganography. Canadian banks are early targets.
A researcher claims to have found a backdoor in Dell System Detect. (Dell says if it's there, the company didn't install it deliberately.)
Proofs-of-concept demonstrate a side-channel attack that runs entirely in a browser and exploitation of a crypto algorithm known to be weak.
Cyber criminals revisit an old trick — malware-infected Microsoft Office macros — and spam out compromised documents. Caveat lector, and don't click.
FierceHealthIT looks back at the Anthem and Premera breaches and doesn't like what it sees. Others mull the difficulty of calculating losses in a breach, and consider the Target settlement's implications for executives.
Apropos this week's observations that hackers need no rational motive, here's Exhibit A: skids styling themselves "Vikingdom2015" hit the State of Maine again. They do it for the lulz, and say they don't care if they're caught. (One hopes an FBI visit will test their indifference.)
Nation-states move toward a cyber deterrence regime.
Today's issue includes events affecting Canada, Denmark, India, Iran, Iraq, Israel, New Zealand, Syria, United Kingdom, United States.
The CyberWire will be live-tweeting from the Women in Cybersecurity event, in Atlanta tomorrow and Saturday. We'll publish a special edition Monday on the conference.
Cyber Attacks, Threats, and Vulnerabilities
IS 'CyberCaliphate' Hacked 600 Russian Websites In 2014, Security Company Says(Radio Free Europe/Radio Liberty) According to a new report, websites targeted by the Islamic State group include a number of banks, construction companies, government organizations, and even schools. Hackers aligned to Islamic State (IS) militants attacked 600 Russian websites last year, according to a new report by Russian cyber intelligence company Group-IB
ISIS 'hack' draws skepticism but raises wariness(Defense Systems) Following last weekend's leak of sensitive information on military personnel apparently by ISIS supporters, many are scrambling to discover how this information was accessed and if Pentagon servers were breached. Some military families, meanwhile, are altering their approach to what they post online
Ex-Gov. Ridge: Hacking group's kill list only a scare tactic(Trib Live) Former Pennsylvania Gov. Tom Ridge, the nation's first Homeland Security chief, does not believe the 100 military members identified in a so-called "kill list" posted online last week by a group calling itself the Islamic State Hacking Division need to fear for their lives, he told the Tribune-Review on Wednesday
Researcher finds backdoor opened by Dell's helper app(Help Net Security) A security researcher has discovered a serious bug in Dell System Detect, the software Dell users are urged to use to download the appropriate drivers for their machines. The flaw can be exploited by attackers to make the computer download and execute potentially malicious files
SSL/TLS Suffers 'Bar Mitzvah Attack'(Dark Reading) Researcher at Black Hat Asia shows how attackers could abuse a known-weak crypto algorithm to steal credentials and other data from encrypted communications
Macro-based Malware Increases Along with Spam Volume, Now Drops BARTALEX(TrendLabs Security Intelligence Blog) Early this year Microsoft reported an increase in macro-related threats being used to spread malware via spam. Similarly, we've been seeing a drastic increase in spammed emails with attached Microsoft Word documents and Microsoft Excel spreadsheets that come with embedded macros
Macro-based malware continues to gain traction(Help Net Security) After having "rediscovered" the usefulness of MS Office macros, malware peddlers have been ramping up email spam runs delivering documents that request users to enable them
The disturbing truth behind the Premera, Anthem attacks(FierceHealthIT) As details continue to emerge following the recent hack attacks on payers Anthem and Premera--in which information for close to 90 million consumers combined may have been put at risk--perhaps the most disturbing revelation of all is that, in both instances, neither entity appears to truly take security seriously
Tax Fraud Advice, Straight from the Scammers(KrebsOnSecurity) Some of the most frank and useful information about how to fight fraud comes directly from the mouths of the crooks themselves. Online cybercrime forums play a critical role here, allowing thieves to compare notes about how to evade new security roadblocks and steer clear of fraud tripwires. And few topics so reliably generate discussion on crime forums around this time of year as tax return fraud, as we'll see in the conversations highlighted in this post
Security Patches, Mitigations, and Software Updates
GE Fixes Buffer Overflow Bus in DTM Library(Threatpost) GE has released a fix for a vulnerability in a library that's used in several of its products deployed in critical infrastructure areas. The flaw in the HART Device Type Manager library could allow an attacker to crash affected applications or run arbitrary code
Lessons From The New Threat Environment From Sony, Anthem And ISIS(TechCrunch) The cyberattack on Sony Pictures entertainment left plenty of roiled waters in its aftermath: lawsuits from employees whose personal information was leaked; apologies to President Obama and other subjects of hasty emails; U.S. sanctions against North Korea and a war of words back and forth; and the irony of Sony turning to the entity most identified in those emails as a threat to its content distribution model, Google, to distribute "The Interview"
State-backed cybercrime hits our screens(Guardian) Today's hackers are not just criminals and activists — governments are launching cyber-attacks to hunt for secrets, research vulnerabilities or cause disruption. How can we defend ourselves?
NSA Doesn't Need to Spy on Your Calls to Learn Your Secrets(Wired) Governments and corporations gather, store, and analyze the tremendous amount of data we chuff out as we move through our digitized lives. Often this is without our knowledge, and typically without our consent. Based on this data, they draw conclusions about us that we might disagree with or object to, and that can impact our lives in profound ways. We may not like to admit it, but we are under mass surveillance
Former NSA Director: Breaches Will Get Worse(PYMNTS) Over the next two years, cyberattacks will get worse before they get better. But there's some good news. There are methods to counter cyber threats — by working with stakeholders across the political aisle, including private to public sector initiatives, to create enforceable barriers to bring about change
RFID use reaching 'tipping point'(FierceRetailIT) RFID is gaining traction with retailers and manufacturers, nearing an adoption and usage "tipping point," according to a recent study from GS1 US
Study: When it comes to security, smartphone users aren't very smart(BGR) Even though you may be familiar with how your smartphone works and the various security issues that threaten your privacy, chances are that if you're also a millennial you also aren't doing simple things to secure your data. At least that's what a study from security firm Lookout seen by the LA Times seems to indicate
Power grids vulnerable to attacks(Great Falls Tribune) About once every four days, part of the nation's power grid — a system whose failure could leave millions in the dark — is struck by a cyber or physical attack, a USA Today analysis of federal energy records finds
Microsoft Bombs Antivirus Tests Yet Again(Tom's Guide) If you're using nothing but Microsoft Windows Defender to protect your PC, you may want to toss the system into a bonfire now, before it's too late for the rest of your network
Targeted Attack: The Game(Trend Micro: Simply Security) April 2015 sees the release of a project that has been a year in the making for us. Something that we had affectionately been calling "Choose Your Own Adventure" for most of its lifetime as we laid it out, put some meat on the bones and finally stitched it all together (no we weren't making Frankenstein's monster)
Popular Cryptography Game Released for iOS & Android(prMac) Vito Technology Inc., award-winning developer has released an update and an Android version of their popular educational game Next Quote. The app offers a thrilling experience of deciphering a hidden message which contains an inspirational quote from famous authors, founding fathers and modern day politicians. Impossible at first glance, the game will draw you in while simultaneously developing your logic skills
Technologies, Techniques, and Standards
How to tell if you've been hacked(Guardian) Worried that you might get compromised by hackers? The bad news is that the rest of the internet might know before you do
Dissecting Network Segmentation, Data Traffic and Encryption(Dark Matters) Last year — dubbed "the Year of the Hack" — saw numerous major cyber attacks against prominent corporations, including JP Morgan bank and Sony Pictures Entertainment. And after Target in 2013, another retailer, Home Depot, suffered a data breach with more than 56 million credit cards stolen
Applying a Stress-Test to Your IT Infrastructure(Tripwire: the State of Security) Banks regularly undergo mandatory stress tests. These tests are clearly defined, and the results are used to determine how well each bank can maneuver through an economic calamity
CISSP 2015 Update: Identity and Access Management(Infosec Institute) The CISSP 2015 Update brings new viewpoints on the key domains covered in this certification. The CISSP is already one of the broadest of all certs in that the amount of information it covers in different fields is staggering. However, breaking this down into its component domains or fields can help to chop at it bit by bit. With the new updates, each domain is a bit more streamlined — a bit easier to manage in the overall picture — and becomes easier to understand
ISACA Lays Out Forensics for the Data Breach Era(Infosecurity Magazine ) When faced with a data breach, the first order of business for companies is to find out what happened, and then how it happened and who did it. To aid in the process, which is unfortunately no longer a rare scenario, ISACA has issued a new set of guidelines that outline the digital forensics process and identify the key steps for organizations to consider when dealing with attacks
Drop User Names To Improve Security, Says Dartmouth Research(THE Journal) The focus on coming up with unusual passwords for improving security is likely misplaced, particularly when those passwords are accompanied by user names that are all too guessable. That's what a joint academic and industry research team has come up with after nearly a year of working together on the problem of authentication
NATO Chief: Cyber Can Trigger Article 5(DefenseNews) NATO leaders on Wednesday reiterated the alliance's stance on treating cyber attacks against a member as an Article 5 issue, which would potentially draw a military response from the entire alliance
Three Questions about Admiral Rogers' Testimony on Cyber Deterrence(Council on Foreign Relations) Last week, Admiral Mike Rogers, commander of U.S. Cyber Command, testified before the Senate Committee on Armed Services. Most of the media attention (see this, this, and this) has focused on Rogers' argument that deterrence is not working, and that defense in cyberspace will be "will be both late to need and incredibly resource intensive." As a result, Rogers argued, Cyber Command needs "to think about how can we increase our capacity on the offensive side to get to that point of deterrence"
DoD Advances Elements of Joint Information Environment(DoD News) Defense Department Chief Information Officer Terry Halvorsen held a media roundtable recently to discuss progress on elements of his department?s transition to an information environment that's faster, safer and less expensive for the DoD
Alaska Joins Investigation Into Premera Cyber Attack(Alaska Public Media) Alaska is participating in an multi-state investigation into Premera following a cyber attack on the health insurer early this year. The state's insurance director says she has a lot of questions about why the attack occurred and why it took the company two months to announce it publicly
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CYBERWEST: the Southwest Cybersecurity Summit(Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic,...
Conference on Cyber Defence in Europe(Berlin, Germany, March 25 - 26, 2015) The conference aims to address these and other issues of cyber defense in a broad audience of policy-makers, senior officials and experts from EU institutions and Member States, representatives of industry...
CYBERWEST(Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic,...
Fraud Summit Dubai(Dubai, United Arab Emirates, March 26, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Dubai event include...
Women in Cyber Security(Atlanta, Georgia, USA, March 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally.
Automotive Cyber Security Summit(Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel...
Insider Threat Symposium & Expo(Laurel, Maryland, USA, March 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively...
Kansas City Secure World(Kansas City, Missouri, USA, April 1, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
Coast Guard Intelligence Industry Day(Chantilly, Virginia, USA, April 2, 2015) With a blended focus of defense, homeland security, law enforcement, criminal investigations, intelligence and cyber issues, Coast Guard Intelligence is aggressively looking to collaborate with partners...
10th Annual Cyber and Information Security Research Conference(Oak Ridge, Tennessee, USA, April 7 - 9, 2015) Cyberspace is fundamental to our national prosperity, as it has become critical to commerce, research, education, and government. Realizing the benefits of this shared environment requires that we are...
Cyber Risk Wednesday: The future of Iranian cyber threat (Washington, DC, USA, April 8, 2015) Join the Atlantic Council's Cyber Statecraft Initiative on April 8, from 4:00 p.m. to 5:30 p.m. for a panel discussion on the Iranian cyber threat and the potential for a drastic escalation of cyber conflicts...
Cyber Risk Wednesday: The future of Iranian cyber threat(Washington, DC, USA, April 8, 2015) Join the Atlantic Council's Cyber Statecraft Initiative on April 8, from 4:00 p.m. to 5:30 p.m. for a panel discussion on the Iranian cyber threat and the potential for a drastic escalation of cyber conflicts...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.