ISIS continues to use the Internet for information operations, posting video threats against (at least) France, Italy, and the United States. Other nations, especially in Europe, move to elevated levels of alert as gunmen take over a hundred hostages at a hotel in Bamako, Mali (Mali is a staging area for French operations against Islamist insurgencies in Africa).
A suicide bomber's dumped cell phone — unencrypted and unsecured — apparently led French police to the Paris massacre's ringleader. Telegram, the messaging app allegedly favored by ISIS, blocks ISIS-associated accounts. Cryptographers continue to give Telegram's encryption poor reviews, further calling into question the degree to which ISIS effectively screened its planning and coordination behind encryption.
Nonetheless, the crypto policy wars continue to boil, with the tech industry groups maintaining their opposition to government suggestions that encryption should be weakened.
Observers think they see signs that ISIS may be adopting al Qaeda's model of centrally directed attacks. If this is so, then a study of intelligence failures against al Qaeda may offer lessons as more governments agree to cooperate against the self-proclaimed Caliphate. One possible lesson: freelance hacktivist disruption of ISIS communications may prove counterproductive, reducing signals otherwise usefully collected and analyzed.
More familiar botnets and exploit kits return in enhanced (or at least evolved forms). One new threat actor surfaces: Microsoft is calling the group "Strontium," and describes its operations against NATO and national governments. There's no attribution yet, but Strontium's targets and methods suggest a nation-state as opposed to criminals and hacktivists.
Today's issue includes events affecting Australia, Belgium, Canada, China, Estonia, European Union, France, India, Iraq, Israel, Italy, Kenya, Republic of Korea, NATO, Russia, Syria, United Kingdom, United States.
How tech led to the death of France's public enemy number 1(IDG via CSO) When one of the terrorists involved in the Paris shootings dropped his smartphone in a trashcan outside the Bataclan concert venue on Friday night, he wasn't worried about encrypting his text messages or stored documents. Why would he be? With a bomb strapped to his waist, he knew he was about to die
Cyber ghost group foiling plots by feeding feds intel(Boston Herald) A small band of cyber jihadi hunters — including former members of the hacktivist group Anonymous — has been quietly feeding the feds online intel that's foiled more than 10 terror plots and identified scores of ISIS recruiters and websites, on a mission that's acquired new urgency in the wake of the Paris attacks
Microsoft Security Intelligence Report: Strontium(Microsoft Malware Protection Center) The latest report (SIRv19) was released this week and includes a detailed analysis of the actor group STRONTIUM — a group that uses zero-day exploits to collect the sensitive information of high-value targets in government and political organizations
TDrop2 Attacks Suggest Dark Seoul Attackers Return(Palo Alto Networks) While researching new, unknown threats collected by WildFire, we discovered the apparent re-emergence of a cyber espionage campaign thought to be dormant after its public disclosure in June 2013
Dridex and Shifu give spam bots the day off and spread via exploit kits(Proofpoint) November 17 presented an interesting variation in Dridex and Shifu distribution techniques, as Proofpoint researchers observed both spreading via compromised websites that led to exploit kits. In these cases, the same compromised web site could infect a user with one Trojan or the other depending on the user's geographical location
Attackers Embracing Steganography To Hide Communication(Threatpost) Encouraged by patterns carried out on a larger scale recently, researchers believe digital steganography has arrived as a legitimate method for attackers to use when it comes to obscuring communication between command and control servers
Huawei CPE Vulnerability and Kiddie Fun(Recorded Future) Like most Recorded Future users I have a list of keywords (entities created from text fragments) that generate a daily alert summary of relevant results from the Web. Recorded Future's applied NLP (natural language processing) makes the daily foreign language results especially interesting
This Black Friday — Fake Shops!(Check & Secure) Christmas is coming. If you believe the advertising industry anyway, as snowy scenes leak with crushing inevitability onto our screens
DNS Threat Index(Infoblox) The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent from the third quarter of 2014
Security Patches, Mitigations, and Software Updates
LinkedIn Fixes Persistent XSS Vulnerability(Threatpost) Developers at LinkedIn fixed a persistent cross site scripting vulnerability in the social network this week that could have been exploited to spread a worm on the service's help forums
4 trends in DDoS security in 2016(CIO Australia via CSO) As more and more devices become tied into the Internet each day, the security threat will continue to expand
How fake users are impacting business through acts of fraud and theft(Help Net Security) A new report by The Ponemon Institute highlights the average economic value of a company's user base ($117M) and the financial and brand reputation damage that can be done if fraudsters are allowed to create fake accounts and wreak havoc within a business and across the Internet
Mass adoption of mobile payment services derailed by security, privacy concerns(Help Net Security) Evaluating the mobile payment preferences of 1,217 consumers from the U.S., a new Research Now survey revealed that 17 percent of respondents who did not make holiday purchases with their mobile phone last year, plan to use a payment service such as Apple Pay, Android Pay, Samsung Pay or a proprietary service from their bank or card issuer to make the leap to mobile payments this holiday season
Mobile users continue to put personal and corporate data at risk(Help Net Security) Blancco Technology Group surveyed over 1,400 mobile users in the United States, Canada, UK and Australia, and found that inadequate security precautions taken by mobile users not only put their personal information at risk, but also leave corporate data exposed and susceptible to cyber theft
The future of information security in the government(Help Net Security) A new report from Intel Security and the Digital Government Security Forum (DGSF) looks at the fast changing digital world, which promises to transform how our government and public services operate
Insurers prime targets of cyber attacks says Moody's(Business Insurance) Cyber insurance has significant growth potential, but there are also challenges to its broad expansion in the market, including the complexity and variation of its risks, while insurers themselves are prime targets of cyber attacks, says Moody's Investors Service Inc. in a report issued Thursday
How Are US Armed Forces Closing the Cyber Skills Gap?(IBM Security Intelligence) Faced with a cyber skills gap, the U.S. Navy is seeking to identify and recruit more cyber talent in its force. While the Armed Services Vocational Aptitude Battery (ASVAB) has been a staple of entry into the armed forces, the Navy is looking for ways to better assess the cyber proficiency of potential new recruits
VirusTotal Adds Sandbox Execution for OS X Apps(Threatpost) Mac malware is a thing. It's real. Granted it hasn't reached the critical mass of malicious code for Windows, but recent encounters with WireLurker, XcodeGhost and YiSpecter among others have elevated the conversation to levels where it's been legitimized
Industry should steal FedRAMP cloud security baselines(C4ISR & Networks) The federal government is doing a good job establishing cybersecurity requirements for cloud providers and industry looking to do the same should look no further, according to John Pescatore, director of emerging security trends at the SANS Institute
Blackstone CISO's remediation plan: Fix everything(SC Magazine) In an environment in which cyber professionals are overwhelmed by rapidly changing security threats, industry pros generally agree that a remediation plan must involve difficult decisions about the security issues that companies are willing to accept the risk rather than take action
SIEM is not a product, it's a process…(Internet Storm Center) This famous Bruce's quote is so true that we can re-use it to focus on specific topics like SIEM ("Security Information and Event Management")
Tamper-proof Computing(Pipeline) Ask the vast majority of information technology professionals today if it is possible to completely secure a computing system against cybercrime and the answer you will get is a resounding "no"
White House: 'Sense of urgency' after Paris attacks(Washington Examiner) Obama administration officials said Thursday that the terrorist attacks on Paris have renewed the sense of urgency among the 65-member coalition combating the self-proclaimed Islamic State, but couldn't give any new specifics on what they are doing to stop the Sunni terrorist group
As France and Belgium Strengthen Security, a Classic Debate Arises(New York Times) Shocked by the carnage of the Paris attacks, France and Belgium moved aggressively on Thursday to strengthen the hand of their security forces, pushing Europe more deeply into a debate that has raged in the United States since Sept. 11, 2001: how to balance counterterrorism efforts and civil liberties
Policy Fight over Encryption Only Getting Started inside the Beltway; Paris Tragedy Reignites "Back Door" Debate(FBRFlash) In light of the tragic events in Paris and the terrorist investigation/manhunt, there is starting to be renewed debate around encryption and "back door" government access to consumer/enterprise data. With many signs pointing to advanced encryption messaging technology having been used in the planning of this horrific attack, there is much discussion within many circles of the technology world and government about whether law enforcement agencies should be given unencrypted access to encrypted technology and messaging
DISA chief: We're in 'an economic cyber cold war'(FCW) The U.S. government is fighting at least a two-front cyberwar right now, according to a top Pentagon official. The challenges involve the daily fending off of millions of attacks on defense networks and the slow burn of economic espionage carried out by adversaries
How cyber turns networks into weapons systems(Defense Systems) Information has always been power but the growing importance of the cyber domain has led U.S. military leaders to look at their information networks essentially as weapons systems. Or as Vice Adm. Jan Tighe , commander of the Navy's Cyber Command, put it recently, the branch must "operate the network as a warfighting platform"
DHS bulking up civilian agency cybersecurity(Federal News Radio) The Department of Homeland Security is embarking on an "aggressive" timetable to secure civilian networks in response to the cyber attack on the Office of Personnel Management
Federal Legislation Targets "Swatting" Hoaxes(KrebsOnSecurity) A bill introduced in the U.S. House of Representatives on Wednesday targets "swatting," an increasingly common and costly hoax in which perpetrators spoof a communication to authorities about a hostage situation or other violent crime in progress in the hopes of tricking police into responding at a particular address with deadly force
State insurance commissioners link with feds to battle cyber threats(Business Insurance) State insurance commissioners are engaging with U.S. federal legislators to counter the evolving cyber threat, but do not want adoption of national legislation or regulations that would pre-empt their authority, according to the head of the National Association of Insurance Commissioners
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cyber Security Breakdown: Chicago(Chicago, Illinois, USA, January 12, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...
Cyber Security Breakdown: Dallas(Dallas, Texas, USA, February 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...
Internet-of-Things World Forum 2015(London, England, UK, November 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions
2015 U.S. Cyber Crime Conference(National Harbor, Maryland, USA, November 14, 2015) The 2015 U.S. Cyber Crime Conference (Formerly the DoD Cyber Crime Conference) has brought world-class forensics and incident response training combined with outstanding community networking for over 15...
CyberPoint 2nd Annual Women in Cyber Security Reception(Baltimore, Maryland, USA, November 19, 2015) CyberPoint International announces its 2nd Annual Women in Cyber Security Reception to be held on November 19, 2015. Bringing together women from across the region and all different points on the career...
Pen Test Hackfest Summit & Training(Alexandria, Virgina, USA, November 16 - 23, 2015) SANS Pen Test Hackfest Training Event and Summit is coming back to Washington DC, bigger and better than ever! The Hackfest is an ideal way to learn offensive techniques so you can better defend your environment.
Energy Tech 2015(Cleveland, Ohio, USA, November 30 - December 2, 2015) Now in its 5th year, EnergyTech 2015 seeks the convergence of the best minds in policy, systems engineering and applied technology to address some of the critical issues of our time. In addition to its...
IoT Security Foundation Conference(London, England, UK, December 1, 2015) The is the first official conference of IoTSF. It follows on from the IoT Security Summit earlier in the year, maintaining the momentum of the theme. Delegates can expect a similar level of quality of...
Public Sector Cybersecurity Summit 2015(Reston, Virginia, USA, December 1 - 2, 2015) The Raytheon|Websense 6th Annual Public Sector Cybersecurity Summit is a unique opportunity to learn about the state of cybersecurity and how to prepare for future threats from many thought provoking government...
Enterprise Security and Risk Management(London, England, UK, December 2, 2015) Whitehall Media's 4th ESRM conference will bring together hundreds of leading InfoSec, cyber security and risk management professionals to discuss the latest industry developments and identify the most...
Cargo Logistics America(San Diego, California, USA, December 2 - 3, 2015) Cargo Logistics America (CLA) connects freight owners with freight movers, fostering multimodal synergy between diverse stakeholders in import, export and domestic supply chains. This year's conference...
NG Security Summit US(Austin, Texas, USA, December 2 - 4, 2015) The NG Security Summit US will bring together 65 senior decision makers and business leaders from across the region. The event aims to solve key business challenges. In particular, the ability to network...
Program on Cyber Security Studies (PCSS)(Garmisch-Partenkirchen, Germany, December 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused,...
Cyber Security Breakdown: Washington DC(Washington, DC, USA, December 3, 2015) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...
Cloud Security Alliance Summit Los Angeles 2015(Los Angeles, California, USA, December 3, 2015) The full day Cloud Security Alliance LA Summit is a standalone event in the greater Los Angeles area. Hosted by the CSA LA/SoCal chapter, some 200 well-qualified attendees are expected. The theme is "Enterprise...
2015 Cyber Security Exchange(Orlando, Florida, USA, December 6 - 8, 2015) This dynamic, three-day event will provide Cyber Security executives with valuable insights to reach their full potential by exploring security leadership strategies, heightened data privacy concerns,...
Disrupt London 2015(London, England, UK, December 7 - 8, 2015) TechCrunch Disrupt is one of the most anticipated technology conferences of the year. Join us at this iconic startup and thought leadership event in London on December 7 and 8. What happens at Disrupt?...
Passwords 2015(University of Cambridge, England, UK, December 7 - 9, 2015) More than half a billion user passwords have been compromised over the last five years, including breaches at internet companies such as Target, Adobe, Heartland, Forbes, LinkedIn, Yahoo, and LivingSocial.
ACSAC (Annual Computer Security Applications Conference)(Los Angeles, California, USA, December 7 - 11, 2015) ACSAC is one of the most important cyber security conferences in the world, and the oldest information security conference held annually. Researchers, government representatives, academia and security...
NSA RCTCON(Fort Meade, Maryland, USA, December 9, 2015) The NSA RCTCON industry exposition will be attended by 250-300 IC (Intelligence Community) cyber personnel working on solutions to the current cyber threats that face the U.S
SANS Institute: Information Security Training(Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...
cyberSecure (New York, New York, USA, December 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.