Several sources are reporting that Sweden's infrastructure has been under threat of a cyber—or at least an electronic—attack from Russia since November of last year. A series of outages in Sweden's air traffic control system between 4 and 9 November 2015 are thought to have been caused by deliberate Russian offensive EW tests.
IBM X-Force researchers report that two banking Trojans, Nymaim and Gozi, have combined into a single malware package, "GozNym." Attackers have done this sort of thing before to assemble desired functionality into a single package—in this case they like Nymaim's two-stage dropper and Gozi's malicious dynamic link library injection.
Sucuri reports that CTB-Locker ransomware is using the Bitcoin blockchain to deliver decryption keys to victims (and take victims' payments).
Russia and Ukraine continue to host the world's most active and capable cyber criminal gangs. Notes from LookingGlass and LIFARS offer an overview of Eastern European gangland. Much money comes from direct theft, but sale of products and services is also big business. One trend in cyber gangland, says Team Cymru, is increased use of fast flux networks to make operations more resistant to takedown.
Speaking of gangland, Dmitri Fedetov, a.k.a. "Paunch," the Blackhole exploit kit impresario, was just sentenced to seven years by a Moscow court.
QuickTime for Windows is vulnerable, its support has ended, and it should be uninstalled.
The FBI still hasn't found much of anything on that jihadi's iPhone. It's still unlikely the Bureau will tell Apple how it got in.
Today's issue includes events affecting Canada, China, Denmark, European Union, Germany, India, Iran, Norway, Russia, Sweden, Ukraine, United Arab Emirates, United Kingdom, United States.
We'll be covering the SINET ITSEF conference from Mountain View, California, next Tuesday and Wednesday. Watch for our customary live-Tweets and special issues.
ON THE PODCAST
Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day.
Sweden Says its critical infrastructure was under Attack by Russian Hackers(HackRead) Sweden sent a message to NATO and released alert all over claiming that the country was under threat of a serious cyber-attack in November 2015. According to reports, the Swedish government claimed of receiving two separate warnings and passed them to various NATO allies including Denmark and Norway
Special Report: Confirmed cyber attack against air traffic control system(Threat Brief) We have been following reports for the last two days indicating that outages in the Swedish Air Traffic Control System between 4 and 9 November 2015 were actually caused by malicious, sustained cyber attacks from highly trained groups either supported by or under the direction of the Russian government
Cisco UCS servers can be hijacked with malicious HTTP request(Help Net Security) A data center server platform running Cisco’s Unified Computing System (UCS) Central Software can be compromised by unauthenticated, remote attackers with a single, malicious HTTP request, security researcher Gregory Draperi has discovered
Why the smart office is highly susceptible to data breaches(Help Net Security) The Edge in Amsterdam is one of the smartest office buildings in the world. The state-of-the-art offices include 28,000 connected sensors for motion, light, temperature, humidity and other conditions, which can all be detected and adjusted to suit workers’ needs
The Global Cyber Crime Underground: Russia and Eastern Europe(Cyveillance) n last week’s blog, LookingGlass Cyber Threat Intelligence Group (CTIG) Senior Threat Analyst Emilio Iasiello and LIFARS Marketing Manager Michal Nemcok* provided a general overview of the global cyber crime underground, as well as a more in-depth look at the Chinese criminal underground. Today, they focus their discussion on the Russian and Eastern European criminal marketplaces
East European Criminal Fastflux Infrastructure(Team Cymru) Fast flux networks allow miscreants to make their network more resistant against takedowns. By updating and changing the A records of a domain rapidly, there is a constant changing list of IPs hosting the domain involved, making it harder to shutdown. The carding site at csh0p[.]cc is hosted on a fast flux network. The servers are largely located in the Ukraine and Russia. Analysis of IPs used by this fastflux networks showed that they were also used by a Teslacrypt ransomware payment site and a TreasureHunter POS controller (friltopyes[.]com) in March 2016
Blizzard Hit By Multiple DDoS Attacks(Kotaku) Players couldn’t log into games like World of Warcraft and Diablo III for several hours last night thanks to a series of DDoS attacks that flooded Blizzard’s servers, the developer said. Blizzard says they’ve since thwarted the problem, though some login issues could linger this morning
Anonymous Shut Down Dalhousie University Website Against Halifax Rape Case(HackRead) In November 2015, HackRead reported about the hacktivist group Anonymous forcing Halifax Regional Municipality police into reopening the investigation of a sexual assault case involving an 18-year-old girl Jane Doe attacked by a fellow student on Halloween night at a Dalhousie University frat house in Halifax Nova Scotia, Canada
Security Patches, Mitigations, and Software Updates
VMSA-2016-0004(VMware Security Advisories) VMware product updates address a critical security issue in the VMware Client Integration Plugin
U.S. government worse than all major industries on cyber security(Reuters via Business Insurance) U.S. federal, state and local government agencies rank in last place in cyber security when compared against 17 major private industries, including transportation, retail and health care, according to a report released Thursday
Why few US consumers penalize hacked companies?(Help Net Security) About a quarter of American adults reported that they were notified about their personal information being part of a data breach in the previous year, but only 11 percent of those who have ever been notified say they stopped doing business with the hacked company after the event occurred, according to a new study
The Time Has Come to Hack the Planet(Threatpost) Today marks an exciting development in the often monotonous rehashing of vulnerability disclosure. The ISO standard that began about 11 years ago with the emotionally loaded title “Responsible Vulnerability Disclosure,” and was finally published in early 2014 as ISO/IEC 29147 Vulnerability disclosure, is now available for download at no cost
BBB urges digital spring cleaning(Barre Montpelier Times-Argus) The Better Business Bureau and the National Cyber Security Alliance, are urging consumers to make digital devices an additional target of their spring cleaning activities
Design and Innovation
A Scheme to Encrypt the Entire Web Is Actually Working(Wired) Apple's move to encrypt your iPhone and WhatsApp’s rollout of end-to-end encrypted messaging have generated plenty of privacy applause and law enforcement controversy. But more quietly, a small non-profit project has enacted a plan to encrypt the entire global web. And it’s working
Top European countries launch tax crackdown(Seeking Alpha) In the wake of the Panama Papers scandal, the EU's five biggest economies have struck a deal to crackdown on tax avoidance, agreeing to exchange information on the beneficial owners of companies and trusts
California Kills Phone Decryption Bill, But Bigger Battles Loom(Threatpost) Civil liberty groups and tech firms are celebrating the defeat of a controversial California bill that would have forced phone makers to decrypt their devices by court order. The proposed legislation, AB 1681, died when lawmakers refused to give the bill a vote
‘Blackhole’ Exploit Kit Author Gets 7 Years(KrebsOnSecurity) A Moscow court this week convicted and sentenced seven hackers for breaking into countless online bank accounts — including “Paunch,” the nickname used by the author of the infamous “Blackhole” exploit kit
Dubai Issues Fatwa Against Using Neighbor’s Wifi without Permission(HackRead) Fatwa issued in Dubai, against WiFi theft with a warning that stealing your neighbors WiFi will be contradictory to Islamic principles. This Fatwa was issued this week by Dubai’s Islamic Affairs and Charitable Activities Department, wherein the concerned authorities posted the religious announcement on their website
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CSO 50 Conference and Awards(Litchfield Park, Arizona, USA, April 18 - 20, 2016) We at CSO, the award-winning media brand, will bring you speakers from up to 50 organizations with outstanding security prowess. Over 2 ½ days, these distinguished executives and technologists will share...
2016 Cybersecurity Symposium( Coeur d’Alene, Idaho, USA, April 18 - 20, 2016) The Cybersecurity Symposium: Your Security, Your Future is an opportunity for academic researchers and software and system developers from industry and government to meet and discuss state of the art processes...
Amsterdam 2016 FIRST Technical Colloquium(Amsterdam, the Netherlands, April 19 - 20, 2016) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the...
Security & Counter Terror Expo 2016(London, England, UK, April 19 - 20, 2016) Security & Counter Terror Expo (formerly Counter Terror Expo) is the event for any professional tasked with protecting assets, business, people and nations from terrorism. It brings over 9000 attendees...
SINET IT Security Entrepreneurs Forum (ITSEF) 2016(Mountain View, California, USA, April 19 - 20, 2016) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs can meet...
SecureWorld Philadelphia(King of Prussia, Pennsylvania, USA, April 20 - 21, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...
Army SIGINT(Fort Meade, Maryland, USA, April 25, 2016) Approximately 500 attendees will come together to discuss future technologies in Signals Intelligence (SIGINT), focusing on applications for the actual users in the field (the soldiers). Most attendees...
6th European Data Protection Days (EDPD)(Berlin, Germany, April 25 - 26, 2016) The EDPD Conference will provide participants from the business side with all the important news and updates for the international data protection business at a high level. These include key developments...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.