skip navigation

More signal. Less noise.

Daily briefing.

Ransomware is evolving in some interesting directions as its purveyors adopt crimeware best practices. CryptoWall 4.0 is circulating in the wild, and Heimdal notes that the new strain is not only more adept at evading firewalls, but has also taken to encrypting filenames as well as the files themselves. That latter step is thought to increase victims' confusion and susceptibility to the ransom pitch. That pitch is now presented as a "welcome to the CryptoWall community," with an offer of a remedial "software package" replacing the expected ransom demand.

Check Point takes a look at a different strain of ransomware (going by too many names to list) whose contribution to criminal technique is to obviate a need to interact with a command-and-control server to receive encryption keys. Rather, the victim contacts the criminal through a shifting set of email addresses, making it more difficult to run the criminal to ground.

Ars Technica looks at the evolution of CryptoWall and Chimera and sees a boom in the ransomware market.

Banking Trojans are still out there and enjoying success, too: Timba in Russia and the Near Abroad, a variety of opportunistic exploits in Singapore (which has both wealth and a lot of online transactions).

A Forbes piece looks at the IoT and sees a future battlefield. Other policy wonks regard cyber attacks as potential casus belli.

A sell-off in cyber stocks (led by FireEye) prompts analyst speculation about the industry as a whole. (FBRFlash sees the problem as FireEye's, not the sector's.)

Notes.

Today's issue includes events affecting Belarus, China, European Union, Moldova, Nigeria, Russia, Singapore, Ukraine, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Security Alert: CryptoWall 4.0 — new, enhanced and more difficult to detect (Heimdal) Less than a year after CryptoWall 3.0 made its debut on the malware scene, its successor came into circulation

CryptoWall 4.0 A Stealthier, More Sweet-Talking Ransomware (Dark Reading) Less 'gimme all your money,' more 'please buy this software package'

Booming crypto ransomware industry employs new tricks to befuddle victims (Ars Technica) High-pressure tactics try to extort more people into paying to recover their data

Crypto-ransomware encrypts files "offline" (Help Net Security) Ransomware comes in various forms, and not all ransomware encrypts files — some just block computers until the ransom is paid. When the file encryption feature is included, the encryption key is usually sent to the malware's C&C server, which is controlled by the crooks — but not always

"Offline" Ransomware Encrypts Your Data without C&C Communication (Check Point) Early in September, Check Point obtained a sample of a ransomware. When the sample was run, the following message, written in Russian, appeared

Tinba — Tiny Banker, Huge Problems for Eastern Europe (Check & Secure) Russians, as well as the citizens of the former Soviet Republics, are used to a life of chaos in a way that isn't really understandable to Western Europeans

Singapore Targeted By Cybercriminals with Banking Trojans — Kaspersky (Spamfighter) IT Threat Evolution report of Kaspersky for the third quarter of 2015 reveals that Singapore suffered maximum attacks from banking Trojans during second quarter of 2015 with 496 individuals reporting attacks

Nigerian government serving up fresh phish (Netcraft) The Financial Reporting Council of Nigeria is currently serving a webmail phishing site from its own government domain

Linux Machines Powered Nearly Half of DDoS Attacks in Q3: Kaspersky (SecurityWeek) Linux-based botnets are being increasingly used by cybercriminals to launch distributed denial of service (DDoS) attacks, according to a new report released Wednesday by Kaspersky Lab

Sale of legitimate code-signing certs booms on darknet markets (Help Net Security) In the underground cybercrime economy, many players have specialized in one or two skills and services

TalkTalk claims cyber attack hit just 4pc of customers (Telegraph) TalkTalk says only 157,000 of its 4 million customers were affected by hackers who stole bank details

Nearly 157,000 had data breached in TalkTalk cyber-attack (Guardian) Company says over 15,000 also had financial details hacked but most codes obtained could not be used for payments

5 Lessons from the TalkTalk Hack (BankInfoSecurity) Encrypt all customer data, for starters

Federal Reserve is in cross-hairs of cyberattackers, warns Fed official (FierceITSecurity) Cyberattackers are increasingly targeting the Federal Reserve System, which processes $4.5 trillion in electronic financial transactions every day, according to Don Anderson, senior vice president and chief information officer at the Federal Reserve Bank of Boston

Reverse Social Engineering Tech Support Scammers (Talos) The amount of fraudulent actors masquerading as legitimate tech support has been on the rise since 2008

RSA: Insider threats — "People are the new perimeter" (SC Magazine) Rashmi Knowles, RSA's chief security architect, warns of the looming dangers of the disgruntled, vengeful or merely careless employee

Cyber criminals often resort to simple trickery (San Jose Mercury News) As it does every year, security firm Trend Micro has released its annual threat report, titled "Security Predictions for 2016 and Beyond." And, to me, the most profound statement in the report is "cybercriminals don't need to use the most advanced technologies or sophisticated methods to succeed. Sometimes, simply understanding the psychology behind each scheme and its targets can be enough to make up for the lack of sophistication"

Security Patches, Mitigations, and Software Updates

Google's Hacking Division Just Called Out Samsung. Here's Why (Fortune) Exposing security glitches on the Galaxy Edge S6 gives Google control in how and when things are fixed

Cyber Trends

How The Internet Of Things Will Turn Your Living Room Into The Future Cyber Battleground (Forbes) As cyber attacks have become a daily fixture of world headlines, much of the conversation has centered on commercial data breaches and targeted hacking of governmental, military, and national infrastructure targets

Cyber adds several new dimensions to warfare (C4ISR & Networks) The face of war is changing as the world's infrastructure is interconnected and the cyber theater becomes a focus for militaries around the world

Cyber attacks could warrant military reply, experts say (Tribune-Review) Computer attacks like North Korea's breach of Sony Entertainment are not acts of war, but they could cause enough havoc and economic pain to trigger a military response, experts told the Tribune-Review on Thursday

As Cybersecurity Breaches Mount, IT Turns to Intelligence Exchanges (Government Technology) Peer-to-peer cybersecurity threat intelligence exchanges are becoming more popular among IT professionals, a recent survey found

Raw threat data is not effective, it's time for threat intelligence (Help Net Security) A new Ponemon Institute survey includes insight from 692 IT and IT security professionals from both global businesses and government agencies, who answered more than three-dozen questions around threat intelligence sharing

Cloud key to future cyber security, says Qualys (ComputerWeekly) Security could be improved by moving to a world where security is enabled by customised and optimised security agents in virtual datacentres, endpoints and apps, says Qualys CTO Wolfgang Kandek

The Physical Internet Will Rest On The Internet Of Things (Manufacturing Net) The 11th International Industrial Engineering Conference (CIGI2015) that was held on October 26-28, 2015 at Laval University in Quebec City, whose theme was "integrative engineering for responsible innovation and sustainable performance," provided a timely opportunity to explore the synergetic interaction of two revolutionary concepts, i.e., the Internet of Things and the Physical Internet

Sony hack anniversary: More cyberattacks on media & bigger security budgets — survey (RT) Media executives say that since the cyberattack on Sony Pictures Entertainment a year ago, they've noticed an increase in hacks both external and internally, according to a survey conducted by the auditor PwC

Hackers seized control of my life in minutes & it was terrifying (The Memo) Last month I invited a team of hackers to test my cyber security, here's what happened

Security's Ever-Growing, Ever-Moving Target (Infosecurity Magazine) It would seem there is no airport, no train station, and no mode of transport that has not been used by mobile service providers to demonstrate the capabilities of their networks

Data Breaches Cost $1,000 Per Record: Study (Credit Union Times) Every record compromised in a data breach ends up costing almost $1,000 — and that's probably on the low end, according to a new study by Gladwyne, Penn.-based risk assessment company NetDiligence

Marketplace

FTNT, CUDA, VDSI, PFPT, KEYW slump as FireEye plunges post-earnings (updated) (Seeking Alpha) Fortinet (FTNT -4.2%), Barracuda (CUDA -3.9%), Vasco (VDSI -1.9%), Proofpoint (PFPT -4.6%), and KEYW (KEYW -6.3%) have joined the ranks of enterprise security tech firms selling off in the wake of FireEye's Q3 revenue/billings miss, soft Q4 sales guidance, and full-year billings guidance cut.Other decliners include Palo Alto Networks, CyberArk, and Rapid7. FireEye itself is down 23%.Also: PC/mobile security software firm AVG is down 17.7% after missing Q3 estimates and providing light Q4 guidance. Symantec is up slightly following an FQ2 EPS beat.The PureFunds ISE Cyber Security ETF (HACK -3.1%) has fallen below $27. CyberArk reports after the bell.

Is the red-hot security sector hitting a plateau, or is it just FireEye? (MarketWatch) The canary in the security sector coal mine is starting to wheeze

It's FireEye, Not Cybersecurity Weakness; Thoughts on Today's Selloff (FBRFlash) In light of FireEye's disaster quarter/guidance last night, we are seeing softness across the sector this morning as investors "sell first and ask questions later"

Cybersecurity Firm FireEye Blames Tanking Stock On U.S.-China Hacking Deal (Fortune) Thanks, Obama. Truces do not a cybersecurity business make

FireEye: Emergency Spending Inflated Growth Rates (Seeking Alpha) FireEye shocked the market with a substantial reduction in its billings forecast

Symantec avoids security selloff after beating on EPS, unveiling $500M accelerated buyback (Seeking Alpha) While many security tech peers sell off in response to FireEye's soft top-line results/guidance, Symantec (SYMC - unchanged) is nearly flat after beating FQ2 EPS estimates and posting in-line revenue

Symantec Corporation (SYMC — $20.90) Company Update: Still Wood to Chop, but a Step in the Right Direction; Veritas Headache Now in Rearview Mirror (FBRFlash) This morning, Symantec delivered respectable September results that were generally in line with Street estimates

Proofpoint Proves It's Worth Shorting (Seeking Alpha) Stock trades at over 10x sales with an increasing share count

Is It Finally Time To Sell? JP Morgan Downgrades AVG Technologies (NYSE:AVG) (FinacialMagazin) AVG Technologies (NYSE:AVG)'s rating was downgraded by equity analysts at JP Morgan from a "Overweight" rating to a "Neutral" rating in analysts report published on Thursday morning

AVG Business Wants To Create The Most Successful MSPs In The World (BusinessSolutions) Since AVG Business launched in the spring, its goal has been to focus on supporting the channel

AVG Announces Transition of Chief Financial Officer (PRNewswire) AVG® Technologies N.V. (NYSE: AVG), the online security company™ for more than 200 million monthly active users, today announced that it is initiating a Chief Financial Officer transition. During this period, John Little will remain CFO and maintain all of his existing duties until a successor is named and the transition is complete

RSA undergoing aggressive transformation, says Amit Yoran (ComputerWeekly) RSA has made a series of "difficult decisions" as a business to focus on key markets and security challenges, says company president Amit Yoran

Guidance Software Unveils Major Corporate Brand Overhaul (BusinessWire) Guidance Software, makers of EnCase®, the gold standard for digital investigations and endpoint data security, today introduced the company's new corporate brand identity and logo. This major brand overhaul reflects the company's repositioning to focus on broader markets

Cyber start-up, Ayasdi, graduates from Northrop Grumman and bwtech@UMBC Cync Incubator Program (CNN Money) Northrop Grumman Corporation (NYSE:NOC) and the bwtech@UMBC Cyber Incubator announced today that machine intelligence and advanced analytics provider, Ayasdi, will be the sixth cyber start-up to graduate from the highly successful Cync Program

Karl and Vicki Gumtow: Giving back is everybody's business (Daily Record) When CyberPoint first opened its doors back in 2009, of course we wanted to be successful

PhishMe Appoints World-Renowned Threat Researcher and Cybercrime Expert as Chief Threat Scientist (MarketWired) Malcovery Security Co-Founder and Chief Technologist Gary Warner joins PhishMe through acquisition to drive product innovation and threat intelligence research

ZeroFOX hires 2 execs from big cybersecurity firms (Technical.ly Baltimore) Scott O'Rourke and Alex Abey will help lead sales efforts

Products, Services, and Solutions

411 for Hackers: Disclosure Assistance (HackerOne) When a vulnerability is found, it needs to get into the right hands quickly. This is the only way to ensure it will be resolved safely without public harm

Know thine enemy: Symantec launches cyberthreat intelligence service for the enterprise (ZDNet) The new solution gives enterprise players answers to all their questions related to the cyberthreat landscape

Avast releases updated security suite for mobile and PC (ITProPortal) Avast Software, maker of the world's most popular mobile and desktop security products in the world, today announced the launch of its new mobile and PC security solutions to help consumers address their growing privacy concerns

Sookasa Unveils Breakthrough Data Loss Prevention Product, File Scan (PRWeb) Sookasa now provides all the tools enterprises need to secure corporate data on the cloud with its fully integrated CASB solution

Edward Snowden's Favorite Messaging App: How It Works (Gear & Style Cheat Sheet) If you're an Android user looking for a more secure way to send text messages and make calls, you're in luck. Encrypted chat and call app, Signal, is coming to Android six months after it was first released for iOS

Comparing the top Web fraud detection systems (Tech Target) Expert Ed Tittel explores the features of the top Web fraud detection systems and compares critical purchasing criteria

Technologies, Techniques, and Standards

Now available: NIST Cybersecurity Practice Guide, Special Publication 1800-4: "Mobile Device Security: Cloud & Hybrid Builds" (NCCoE) The NCCoE has released a draft of the next NIST Cybersecurity Practice Guide "Mobile Device Security: Cloud & Hybrid Builds." The center invites you to download the draft guide below and provide feedback

NIST instructs agencies to use application control programs in new guidance (FierceGovernmentIT) The National Institute of Standards and Technology has published comprehensive resources on application whitelisting, as well as a step-by-step guide to implementing the technique to prevent malware intrusion

Federal Endpoint Study Shows 44 Percent of Endpoints are Unprotected or Unknown (MeriTalk) Federal IT Executives Anticipate Progress with CDM Phase II and NIST Framework

Endpoint Epidemic (MeriTalk) Federal agencies are facing an explosion of endpoints in both volume and variety. However, as endpoints increase, so do cyber vulnerabilities. How are Federal IT managers handling this endpoint epidemic? What's the best approach to building an effective, practical, and enforceable endpoint strategy? What are the challenges and what's the path forward?

Four ways organizations can prevent PII from becoming black market public record (Help Net Security) Personally Identifiable Information (PII) is worth 10 times more than credit card information on the black market, making it imperative to have strong policies and safeguards that protect personal data in place

Good password advice from NatWest? Don't bank on it (Graham Cluley) NatWest Bank has a seemingly new section on its website where it has posted a number of videos about computer security

Heartland CEO Carr Reflects on Breach (BankInfoSecurity) Enterprises must improve breach detection, adopt end-to-end encryption

5 Reasons Data Loss Prevention (DLP) Should Be A Part Of Your IT Security Toolkit (BusinessSolutions) Over the last couple years, security breaches have rocked the business landscape

Design and Innovation

Hello, I'm Mr. Null. My Name Makes Me Invisible to Computers (Wired) Pretty much every name offers some possibility for being turned into a schoolyard taunt

Research and Development

Air Force awards emitter detection contract (C4ISR & Networks) Southwest Research Institute has been awarded a $9.4 million Air Force contract to develop technology that can detect and geolocate high-frequency emitters

Legislation, Policy, and Regulation

E.U. seeks to reassure companies about trans-Atlantic data transfers (Business Insurance) The European Commission on Friday will seek to reassure firms operating on both sides of the Atlantic that they can continue to transfer Europeans' personal data to the United States after a court struck down a system used by over 4,000 companies to do just that

Foreign business lobbies ask China to revise cyber insurance draft rules (Business Insurance) Foreign business lobbies have asked China to substantially revise proposed cyber security regulations for the insurance industry, signaling a dispute that started with the publication of similar bank technology rules earlier this year may widen

FG Urged To Adopt Cyberspace To Boost National Security (Leadership) In furtherance to tackle the rising state of crime and to boost national security, researchers have urged the federal government to consider the use of cyberspace technology as needful, saying it has contributed to the development of many countries and now critical to the socio-economic success of the growth of most nations

The politics of surveillance are about politics, not keeping us safe (Telegraph) Is Britain really going to become the first major democracy to log every website its citizens visit?

Snowden surveillance revelations drive UK and US policy in opposite directions (Guardian) Draft bill would enhance British government's surveillance powers as US works to limit NSA data collection following whistleblower's call for debate

Homeland Security panel OKs bills to help states, ports fight hackers (The Hill) The House Homeland Security Committee this week approved two cybersecurity bills aimed at helping states and ports fight off hackers

States vs. feds: Who does cybersecurity better? (GCN) Federal, state and local governments face different flavors of cybersecurity threats, but there is a common need for additional threat intelligence sharing and better cyber-talent recruitment, a recent research report suggests

Lawmakers move to study car hacking (The Hill) Two congressmen want to study vehicle cybersecurity after several high-profile car hacking incidents thrust the issue into the limelight

DHS Secretary remains focused on E3A, CDM programs (FierceGovernmentIT) Homeland Security Department Secretary Jeh Johnson said he is determined to make "tangible improvements to cybersecurity" in the final months of the Obama administration through the department's EINSTEIN 3 Accelerated and Continuous Diagnostics and Mitigation, or CDM, programs

Cyber official: IT rulebook revamp overdue, but not agile enough (FCW) The federal government is making progress in the never-ending cybersecurity fight, but everything from acquisition to network protection is lagging by decades, said retired Brig. Gen. Gregory Touhill, deputy assistant secretary of cybersecurity and communications at the Department of Homeland Security

DoD still 'working through' cyber strategy implementation (C4ISR & Networks) he Defense Department's cyber strategy released earlier this year outlined several overarching goals, fleshed out narrower objectives and plans for implementation, and hit on a number of Pentagon cyber ambitions. Now, six months after the strategy's late-April release, DoD officials are working to carry out its directives

GAO doesn't fully endorse FITARA scorecard conclusions (FierceGovernmentIT) Yesterday morning, the House Oversight and Government Reform Committee released a scorecard grading agencies on their implementation of the Federal Information Technology Acquisition Reform Act, or FITARA — but during a hearing later that afternoon, a Government Accountability Office official said he did not fully concur with the conclusions the committee drew from agencies' self-reported data

Litigation, Investigation, and Law Enforcement

FBI opens new chapter in war on encryption, 'Going Dark' (NewsChannel5) Nestled against townhomes and beside a busy 7-Eleven in Fredericksburg, Va., the emerging front lines in the FBI's war on "Going Dark" are quietly taking shape

Cox to pay $595,000 for Lizard Squad data breach (IDG via CSO) A phishing attack was used to access internal databases

Trump Hotel Organization Denies Multiple Claims in Data Breach Lawsuit (Legaltech News) The lawsuit claims the defendants violated state consumer protection laws and state data breach notification laws

"I'm dying from boredom" Facebook posts lead to $1K fine for juror (Naked Security) A woman who blabbed on Facebook about "dying from boredom" while serving on a jury has been slapped with a $1000 fine

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Public Sector Cybersecurity Summit 2015 (Reston, Virginia, USA, December 1 - 2, 2015) The Raytheon|Websense 6th Annual Public Sector Cybersecurity Summit is a unique opportunity to learn about the state of cybersecurity and how to prepare for future threats from many thought provoking government...

Department of the Navy (DON) IT Conference, West Coast 2016 (San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that...

Upcoming Events

ICMC (the International Cryptographic Module Conference) (Washington, D.C., USA, November 4 - 6, 2015) ICMC core focus includes cryptographic modules, FIPS 140-2, ISO/IEC 19790 and cryptographic algorithms. Specialists from all over the world gather in Washington to discuss about commercial cryptography...

University of Phoenix® Technology Conference (Arlington, Virginia, USA, November 7, 2015) At the University of Phoenix® Technology Conference 2015, a free event hosted by the University of Phoenix College of Information Systems and Technology, you will be introduced to cyber security,...

Cyber³ Conference: Crafting Security in a less Secure World (Nago City, Okinawa, Japan, November 7 - 8, 2015) An international conference on cyber security hosted by the Government of Japan with the support of the World Economic Forum. At this conference, multi-stakeholders, including policymakers, business leaders,...

FedCyber 2015 (Tyson's Corner, Virginia, USA, November 10, 2015) This conference, orchestrated by cyber practitioners Matt Devost and Bob Gourley, is designed to advance the state of cyber defense. The FedCyber.com Threat Expo will bring together thought leaders who...

First International Conference on Anti-Cybercrime (ICACC-2015) (Riyadh, Saudi Arabia, November 10 - 12, 2015) Al Imam Mohammad Ibn Saud Islamic University is organizing this international conference to establish a forum where discussions on vital issues related to anti-cybercrime can occur. This conference will...

Black Hat Europe (Amsterdam, the Netherlands, November 10 - 13, 2015) Black Hat prides itself with being "the most technical and relevant global information security event series in the world." For the past 16 years, the Black Hat events have given their attendees the opportunity...

Data Privacy, Data Security, and Business Risks — What Lawyers Should Know (Baltimore, Maryland, USA, November 12, 2015) Continuing Legal Education presented by the Baltimore Bar Association. The sessions will include "An Overview of Data Privacy Laws Issues for Lawyers,? ?Obligations to Keep Data Secure? Cyber Insurance??...

Pen Test Hackfest Summit & Training (Alexandria, Virgina, USA, November 16 - 23, 2015) SANS Pen Test Hackfest Training Event and Summit is coming back to Washington DC, bigger and better than ever! The Hackfest is an ideal way to learn offensive techniques so you can better defend your environment.

cybergamut Technical Tuesday: Hackproof Signal Processing for Wireless Communications ("Central Maryland, " USA, November 17, 2015) Conventional computing and communications expose myriad attack surfaces because of the Turing-equivalence of the instruction set architectures and the mathematical impossibility of forming a complete set...

Cybersecurity, the SEC and Compliance (New York, New York, USA, November 18, 2015) The recent SEC CyberSecurity Examination Initiative focuses on information safeguards for financial services organizations. Are you prepared? Please join us for a panel discussion on what cybersecurity...

CyberCon 2015 (Pentagon City, Virginia, USA, November 18, 2015) CyberCon 2015 is the forum for dialogue on strategy and innovation to secure federal and defense networks, as well as private sector networks that hold their sensitive data

Internet-of-Things World Forum 2015 (London, England, UK, November 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions

2015 U.S. Cyber Crime Conference (National Harbor, Maryland, USA, November 14, 2015) The 2015 U.S. Cyber Crime Conference (Formerly the DoD Cyber Crime Conference) has brought world-class forensics and incident response training combined with outstanding community networking for over 15...

CyberPoint 2nd Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, November 19, 2015) CyberPoint International announces its 2nd Annual Women in Cyber Security Reception to be held on November 19, 2015. Bringing together women from across the region and all different points on the career...

DefCamp6 (Bucharest, Romania, November 19 - 20, 2015) Why DefCamp? Because it's the most important conference on Hacking & Information Security in Central Eastern Europe, bringing hands-on talks about the latest research and practices from the INFOSEC field,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.