TalkTalk and the British Post Office were hit with a distributed denial-of-service attack Sunday. The incident was smaller than the one that afflicted Deutsche Telekom: about 100,000 UK customers were knocked offline. A Mirai IoT botnet is implicated (the botmasters again tell affected customers they're sorry).
Shamoon continues to bedevil Saudi networks, destroying data in several sectors. Civil aviation is thought to be particularly affected by the Iranian malware.
WikiLeaks doxes the Bundesnachrichtendienst (BND) over its relationship with the US NSA. WikiLeaks also sustained a four-hour outage yesterday, and speculators speculate on a priori grounds that the incident was retaliatory DDoS.
Russian authorities say they've uncovered "a plot" by unnamed foreign intelligence services (but they're looking at you, Vice President Biden, you spymaster you) to disrupt Russia's banking system with a mix of cyberattacks and information operations designed to foment financial panic. These statements have a certain symmetry with concerns expressed in the US over Russian election hacking. On that election hacking, FireEye describes Russian intelligence services as having "weaponized social media," and says those services no longer appear to care, much, about their activities remaining undetected. Several US Senators have asked the White House to reveal more of what they think the White House knows about Russian attempts to influence the election.
A careless police investigator seems to have exposed documents relevant to Europol terror investigations.
In good news, an international police operation (involving the FBI, the NCA, the Bundeskriminalamt, and others) has taken down the Avalanche cyberfraud ring.
Today's issue includes events affecting Australia, Canada, China, European Union, Germany, Iran, Italy, Japan, Netherlands, Poland, Russia, Saudi Arabia, Ukraine, United Kingdom, United States.
A quick word to our readers about sponsoring the CyberWire—there are a few sponsor slots available for 2017, but they're going fast. Learn more here.
ON THE PODCAST
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin reviews the continuing revelations from the Playpen case. He'll also take up the related issues of the activation of the amendment to Rule 41, and what that means for US law enforcement in cyberspace. describes the challenges of including encryption in ransomware. Our guest John Dickson from the Denim Group will discuss privacy, cybersecurity, and surveillance policy under the new US Presidential Administration.
A special edition of our Podcast up is up as well—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.
As always, if you enjoy the podcasts, we invite you to please consider giving it an iTunes review.
AlienVault USM Webcast(Live Webcast, December 1, 2016) Find threats lurking on your systems with host-based intrusion detection and AlienVault USM.
Infoblox On This Week’s Deutsche Telekom Attack(Information Security Buzz) A failed Mirai botnet attack left 900,000 of Deutsche Telekom’s network customers without Internet this weekend (continuing into this week) after a botched attempt to hijack consumer routers in Germany. The large-scale attack was designed to quietly recruit the devices for a wider botnet attack and follows on from findings released this week which found that cybercriminals have begun exploiting a critical flaw that may be in millions of home routers
WikiLeaks releases 2,000 files from German inquiry into NSA spying scandal(International Business Times) Whistleblowing website WikiLeaks has released a 90GB-sized trove of data relating to the ongoing German parliamentary inquiry into the relationship between the county's foreign intelligence agency – the Bundesnachrichtendienst (BND) – and the National Security Agency (NSA)
WikiLeaks Suffered A Mysterious Outage For 4 Hours: Victims Of A DDoS Attack?(IT Tech Post) The radical transparency website WikiLeaks suffered a suspicious outage on December 1 for 4 hours, and many social media users quickly speculated that this situation could have been the result of another distributed-denial-of-service (DDoS) cyber strike, which has been very known this year after it attacked major websites as Twitter, Spotify and GitHub
Reports of a Facebook fake news detector are apparently a plugin(TechCrunch) Update: The feature appears to be an implementation of the Chrome plugin B.S. Detector, which some users took as a test by Facebook itself. We’ll continue to investigate but for now it looks like this is not a Facebook feature. Yes, the irony is rich
Shamoon virus returns in new Gulf cyber attacks after four-year hiatus(Reuters) A version of Shamoon, the destructive computer virus that crippled tens of thousands of computers at Middle Eastern energy companies four years ago, was used in mid-November to attack computers in Saudi Arabia and elsewhere in the region, according to U.S. security firms
Europol Left Red-Faced After Terror Data Leak(Infosecurity Magazine) Europol has launched an internal investigation after an officer accidentally exposed highly sensitive material on terror suspects online after contravening internal security policies
Security got first clue of San Fransisco Muni hackers(Socpedia) It had become the talk of the town ever since hackers attacked ticket vending machines of San Francisco Municipal Transportation with ransomware. To everyone’s amazement, the screen showed ‘You hacked, All data encrypted’
A Brief History of the Ransomware Threat(MSPmentor) It is not clear why there wasn't much activity between the first known ransomware attack and the mid-1990s, when antivirus began to be a common defense
New SmsSecurity Variant Roots Phones, Abuses Accessibility Features and TeamViewer(TrendLabs Security Intelligence Blog) In January of 2016, we found various “SmsSecurity” mobile apps that claimed to be from various banks. These apps supposedly generated one-time passwords (OTPs) that account holders could use to log into the bank; instead they turned out to be malicious apps that stole any password sent via SMS messages. These apps were also capable of receiving commands from a remote attacker, allowing them to take control of a user’s device
One Bit To Rule A System: Analyzing CVE-2016-7255 Exploit In The Wild(TrendLabs Security Intelligence Blog) Recently, Google researchers discovered a local privilege escalation vulnerability in Windows which was being used in zero-day attacks, including those carried out by the Pawn Storm espionage group. Microsoft was able to release a patch by the next Patch Tuesday, November 8. This entry provides a complete analysis of the vulnerability based on samples acquired in the wild
E-Cigarettes Are Spreading Malware(Wapack Labs) Suspect Chinese e-cigarette manufacturers are hardcoding USB charging units with malware. If an infected e-cigarette USB charger is used to connect with a computer, malware can be downloaded. This information is being supplied for your situational awareness
Insecure pacemakers can be easily hacked(Help Net Security) A group of researchers has discovered that it’s not that difficult for a “weak adversary” with limited resources and capabilities to fiddle with or even shut down a variety of insecure pacemakers and Implantable Cardioverter Defibrillators (ICDs), putting the lives of the individuals who use them in jeopardy
Your Tinder Account could be hacked.(Panda Mediacenter) Security researchers have discovered that two of the world’s most popular mobile dating apps can be hacked, exposing sensitive user data in the process. The team from the University of South Australia ran a series of tests, proving that a number of personal details could be extracted from the apps relatively easily
Moxa Fixes NPort Device Holes(Insudtrial Safety and Security Source) Moxa produced new firmware versions to mitigate vulnerabilities in its NPort serial device servers first identified in April, according to a report with ICS-CERT
Experian issues five predictions for data breaches in the coming year(GSN) While many companies have data breach preparedness on their radar, it takes constant vigilance to stay ahead of emerging threats and increasingly sophisticated cybercriminals. To learn more about what risks may lie ahead, Experian Data Breach Resolution releases its fourth annual Data Breach Industry Forecast white paper
Cyber Security: It's About Creating A Strong Defense Mechanism(CXO Today) The IT security industry is clearly responding to an ever increasing number (and complexity) of attacks. In a recent conversation with CXOtoday, Sanjai Gangadharan, Regional Director, SAARC, A10 Networks, explains that as cyber-attacks take various forms, it is important to understand all the possible modes of assault, and guard against them
WISeKey makes offer to acquire ABRY-backed QuoVadis(PE Hub) Swiss cybersecurity company WISeKey International Holding Ltd has inked a letter of intent to buy Bermuda-based QuoVadis, a public key infrastructure company. No financial terms were disclosed. QuoVadis is backed by ABRY Partners
Core Security is making the password reset process self-service, faster and simpler(App Developer Magazine) Core Security announced the release of Core Mobile Reset 1.0 and Core Access Insight 9.2. With the introduction of these solution updates, enterprise security teams will now be able to resolve immediate threats with prognostic analytics applied to the big identity and access data, while also enhancing organizational efficiency
Microsoft Antivirus Tied for Last in Malware Tests(Tom's Guide) Windows 10 added a lot of security enhancements to ordinary PCs, but perhaps it hasn't added enough. Most third-party antivirus software still does better than Microsoft's built-in defenses at protecting computers from new strains of malware, although Microsoft has caught up in stopping better-known bugs
Cut through the FUD in online security tips(Naked Security) In light of social movements and political upheavals around the world this year, there have been a spate of articles lately touting security tips to keep you, your information, and your contact list safe in a potentially inhospitable climate. But when you’re surfing around the web, you’ll come across as much FUD – fear, uncertainty and doubt – as you will useful suggestions to help keep you safe
FS-ISAC sets up Asian threat intelligence chapter with MAS(Finextra) The Financial Services Information Sharing and Analysis Center (FS-ISAC) and the Monetary Authority of Singapore (MAS) announced today that they will collaborate to establish an Asia Pacific (APAC) Regional Intelligence and Analysis Centre to encourage regional sharing and analysis of cybersecurity information within the financial services sector
Shadow IT And The Challenge Of Controlling The Cloud(Information Security Buzz) “Shadow IT” sounds like something you might see in a thriller starring Matt Damon, but it’s a clear and present danger for IT pros. It refers to the practice of people throughout a company setting up their own IT services without consulting with the IT department. It’s easy to do, thanks to the “consumerization of IT” trend and the availability of cheap or free cloud-based SaaS services from the likes of Dropbox, Google’s G Suite (formerly known as Google Apps), Microsoft Office 365, and Slack
Rule 41 Opponents Vow to Fight Government’s New Hacking Powers(Threatpost) A new rule goes into effect Thursday that gives law enforcement the ability to hack millions of computers or smartphones at once with a single search warrant. But opponents of the controversial Rule 41 say they are committed to fight the government’s expanded powers
The FBI Should be Enhancing US Cybersecurity, Not Undermining It(Lawfare) I believe that lawful hacking is a legitimate and necessary way for law enforcement to handle certain investigations in the Digital Age. But as Steve Bellovin, Matt Blaze, Sandy Clark, and I said in our paper, the default on using a vulnerability should be to report it. One can have exceptions just as the intelligence community does, but these should be rare and only when the potential damage to innocent people is minimal
Army Electronic Warfare Strategy Nearing Completion(Defense News) The establishment of an Army Cyber Directorate, the Rapid Capabilities Office and a nearly completed strategy are ushering in a more productive era in electronic warfare capability development, according to Col. Jeffrey Church, the chief of strategy and policy in the cyber directorate
Litigation, Investigation, and Law Enforcement
Europol Brings Down Global Cybercrime Syndicate(Voice of America) Europol, the European Union's law enforcement agency, said Thursday it has arrested five people in an online criminal enterprise and seized 39 computer servers following a four-year-long international investigation
Alert (TA16-336A) Avalanche (crimeware-as-a-service infrastructure)(US-CERT) “Avalanche” refers to a large global network hosting infrastructure used by cyber criminals to conduct phishing and malware distribution campaigns and money mule schemes. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI), is releasing this Technical Alert to provide further information about Avalanche
‘Avalanche’ Global Fraud Ring Dismantled(KrebsOnSecurity) In what’s being billed as an unprecedented global law enforcement response to cybercrime, federal investigators in the United States, United Kingdom and Europe today say they’ve dismantled a sprawling cybercrime machine known as “Avalanche” — a distributed, cloud-hosting network that for the past seven years has been rented out to fraudsters for use in launching countless malware and phishing attacks
It Took 4 Years to Take Down ‘Avalanche,’ a Huge Online Crime Ring(Wired) On Thursday, a group of international law enforcement agencies announced that it had completed an ambitious takedown of an extensive online criminal infrastructure called “Avalanche.” It’s one of the largest botnet takedowns ever, a four-year effort that turned up victims in 180 countries worldwide. Which is to say, nearly all of them
Massive cybercrime infrastructure demolished(Help Net Security) After more than four years of investigation, the Public Prosecutor’s Office Verden and the Lüneburg Police in cooperation with the US Attorney’s Office for the Western District of Pennsylvania, the DOJ and the FBI, Europol and Eurojust, dismantled an international criminal infrastructure platform known as Avalanche
Someone Accessed Silk Road Operator’s Account While Ross Ulbricht Was in Jail(Motherboard) Attorneys for Ross Ulbricht, the man convicted of running the Silk Road online drug marketplace under the pseudonym “Dread Pirate Roberts” say they’ve discovered evidence that someone logged into the Dread Pirate Roberts account on the Silk Road forums six weeks after Ulbricht was arrested. Ulbricht was in federal custody at the time
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
European Smart Grid Cyber Security(London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants,...
Cyber Threats Master Class(Turin, Italy, December 1 - 2, 2016) The UNICRI Masterclass on Cyber Threats aims to provide media and public relations professionals, as well as those planning a career in public information and communication, with a deeper understanding...
Disrupt London(London, England, UK, December 3 - 6, 2016) TechCrunch Disrupt is the world’s leading authority in debuting revolutionary startups, introducing game-changing technologies, and discussing what’s top of mind for the tech industry’s key innovators.
US Department of Commerce Cyber Security Trade Mission to Turkey( Ankara and Istanbul, Turkey, December 5 - 8, 2016) Now is the time to expand in Turkey! The growth and frequency of cyber-attacks in recent years has increased the demand to protect critical data and infrastructure of governments and businesses. Turkey...
Infosecurity Magazine Conference (Boston, Massachusetts, USA, December 6 - 7, 2016) Bringing together 100+ information security end-users, analysts, policy-makers, vendors and service providers, the meeting connects the information security community providing actionable information,...
Practical Privacy Series 2016(Washingto, DC, USA, December 7 - 8, 2016) This year, the Practical Privacy Series will return to Washington, DC, with its rapid, intensive education that arms you with the knowledge you need to excel on the job. We’re programming some stunningly...
CISO Southern Cal(Los Angeles, California, USA, December 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
SANS Cyber Defense Initiative 2016(Washington, DC, USA , December 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative...
Privacy, Security and Trust: 14th Annual Conference(Auckland, New Zealand, December 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.