skip navigation

More signal. Less noise.

Daily briefing.

Yonhap reports that a South Korean military intranet has sustained a North-Korean directed malware infestation. Seoul's Ministry of Defense acknowledged finding the malicious code in one of its cyber command networks.

Mirai appears to have a competitor in the distributed denial-of-service market. CloudFlare has reported that a new botnet—what kinds of bots it's composed of remains unclear—began executing attacks on November 23rd. It ran on a predictable schedule: eight hours a day for seven days, beginning at 10:00 AM PST. On the eighth day the attack switched to twenty-four hours, reaching a peak volume of 400 Gbps. (MIrai has hit 620 Gbps.) Attacks seem to have originated with Chinese IP addresses, and to have targeted servers in California. CloudFlare thinks the targets were "gaming and virtual goods sites and services."

Locky ransomware operators have shifted to [dot] osiris extensions in malicious code being spread by bogus Excel invoices. No decryption is yet available, so secure, regular backup is the best preparation for recovery. Globe2 ransomware is implicated in successful attacks on British hospitals that disrupted patient services.

Ransomware exacts opportunity costs from its victims: San Francisco's Muni light rail estimates it lost some $50,000 in fares during its attack. That's $75,000 less than the ransom Muni refused to pay, but it still hurts.

Social media companies and sites continue to grapple with content filtering. Counter-trolling seems unsuccessful. Control of terrorist imagery remains a work in progress, but is proceeding along lines followed to exclude child porn from networks.

Notes.

Today's issue includes events affecting Belgium, China, European Union, France, Ireland, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Malaysia, Netherlands, Norway, Russia, United Kingdom, United States.

A quick word to our readers about sponsoring the CyberWire—there are a few sponsor slots available for 2017, but they're going fast. Learn more here.

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at Lancaster University, as Awais Rashid discusses the concept of critical national infrastructure. Our guest is Cris Thomas (whom you may know by his "Space Rogue" handle). He's from Tenable Network Security, and he'll be talking us through the Global Cybersecurity Assurance Report Card Tenable released yesterday.

A special edition of our Podcast up is up as well—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.

As always, if you enjoy the podcasts, we invite you to please consider giving it an iTunes review.

Cyber Attacks, Threats, and Vulnerabilities

N. Korea likely hacked S. Korea cyber command: military (Yonhap News) N. Korea likely hacked S. Korea cyber command: military North Korea appears to have hacked South Korea's cyber command in what could be the latest cyberattack against Seoul, the military here said Tuesday

New Large-Scale DDoS Attacks Follow Schedule (Threatpost) A powerful new botnet is being blamed for massive and sustained DDoS attacks that security researchers at CloudFlare compare to Mirai when it comes to intensity and scope

Locky Ransomware switches to Egyptian Mythology with the Osiris Extension (Bleeping Computer) Once again, the developers of the Locky Ransomware have decided to change the extension of encrypted files. This time, the ransomware developers moved away from Norse gods and into Egyptian mythology by using the .osiris extension for encrypted files

The Ransomware before Christmas, 2016 edition (IT Governance) The weather outside is frightful and people are spending more time at home, where it’s warm and a cup of tea is right next to the laptop. It’s an endearing modern winter tale but it could easily turn into a nightmare – thanks to ransomware

Ransomware blamed for cyber attack which forced hospitals to cancel operations and shut down systems (ZDNet) 2,800 patient operations were cancelled in total, hospital confirms -- but no word on how Globe2 ransomware infection occurred

Muni Braced for $50,000 Ransomware Hit (Infosecurity Magazine) San Francisco’s Municipal Transport Agency (SMTA) is expecting to have suffered a $50,000 hit in lost fares over the weekend it was struck by a major ransomware attack, in yet another example of the financial repercussions of critical security gaps

'Gooligan' hack hitting 13,000 Android phones per day (Chinchilla News) If you've travelled recently, you'll have been asked to leave your Samsung Galaxy Note 7 at the gate before you board your plane

Never Ever (Ever) Download Android Apps Outside of Google Play (Wired) This week, researchers revealed that a strain of malware hit at least 1.3 million Android phones, stealing user data as part of a scheme to boost ad revenue. Called “Gooligan,” it got into those devices the way so many of these large-scale Android attacks do: through an app. Specifically, an app that people downloaded outside the comfortable confines of the Google Play Store

Chrome bug triggered errors on websites using Symantec SSL certificates (CSO) The bug affected Chrome on all platforms, as well as the WebView component on Android

DailyMotion Allegedly Hacked, 85 Million User Accounts Stolen (Bleeping Computer) An unknown hacker has supposedly breached video sharing platform DailyMotion and stolen details for 87.6 million accounts, belonging to approximately 85 million users, according to data breach index website LeakedSource

Talking Dolls Pose Privacy Risk to Children, Advocacy Groups Allege (Wall Street Journal) Complaint alleges My Friend Cayla and I-Que Intelligent Robot collect and use personal information from children

It’s Trivially Easy to Watch Porn On a Restricted Tablet Made For Kids (Motherboard) Christmas is around the corner and parents all over the world are mulling over what gifts to give their kids. Many toys and other children gizmos these days have an internet connection, which poses an interesting dilemma: how do you keep the kids out of the more undesirable (read: porn) parts of the web?

New Kit, Same Player: Top 10 Vulnerabilities Used by Exploit Kits in 2016 (Recorded Future Special Intelligence Desk) According to updated Recorded Future analysis, Adobe (Flash Player) and Microsoft products (Internet Explorer, Silverlight, Windows) continue to provide the primary avenue of access for criminal exploit kits. While nation-state targeting of political efforts has dominated InfoSec headlines in 2016, criminals continue to deliver ransomware and banking trojans using new exploit kits targeting new vulnerabilities

Scottish FA Apologizes After Fans are Phished (Infosecurity Magazine) Scottish football fans have been targeted by a highly convincing phishing scam

NSFW posts pop up on T.J. Maxx’s Facebook page (Boston Globe) The official Facebook page of Framingham-based corporate retailer T.J. Maxx appeared to fall victim to hackers on Sunday

Watch an emotional Paige Spiranac speak out about the cyber bullying she's faced (Golf Digest) Paige Spiranac would like to improve upon last year's performance when she tees it up again at this week's Omega Dubai Ladies Classic. In the meantime, the LPGA hopeful/social media star should be content if the highlight of her latest trip to the Middle East is the press conference she gave on Monday

Security Patches, Mitigations, and Software Updates

Dirty Cow Vulnerability Patched in Android Security Bulletin (Threatpost) The Dirty Cow vulnerability lived in Linux for close to a decade, and while it was patched in October in the kernel and in Linux distributions, Android users had to wait for more than a month for their fix

Cyber Trends

Nation-state hacking from Russia and China set to continue into 2017, experts warn (International Business Times) Most of the biggest hacks that will happen in 2017 are 'already under way'

Government cybersecurity readiness declining, according to survey (Federal Times) The government sector is unprepared in aggregating risk intelligence and performing risk assessments, according to the 2017 Global Cybersecurity Assurance Report Card compiled by Tenable Network Security and research partner CyberEdge Group

One-Fifth of Government Agencies Don't Encrypt Data (Infosecurity Magazine) Nearly 20% of government agencies using a public cloud do not encrypt data, but still see security as a top priority

Marketplace

Why Palo Alto Networks Is A Buy (Seeking Alpha) PANW’s shift to the subscription and renewals model is driving growth and helping it add more customers, while also leading to an improvement in the margin. PANW will benefit from an improvement in its total addressable market, which will grow to $22 billion in 2019 from $18.2 billion in 2016. It is expected that PANW will triple its market share by 2024 from the current share of 7% in the security market, driven by its wide suite of products

Darktrace co-founder discusses the future of cybersecurity (TechCrunch) One of the co-founders of the tight-lipped cybersecurity firm Darktrace peeled back some of the secrecy around the company today at TechCrunch Disrupt London, describing how investor Mike Lynch brokered a meeting between Cambridge mathematicians and spies at the British intelligence agency GCHQ to found the company

Nintendo Teams Up With HackerOne to Secure 3DS Via Bounty Program (Hardcore Gamer) Security vulnerabilities are a nightmare for a console company. Piracy and inappropriate content are particularly troublesome to Nintendo, so it’s teamed up with the web site HackerOne to find information on possible exploits of the 3DS platform

Bitglass makes European channel debut (Channelnomics) Cloud security vendor plans to open UK office early next year

Forcepoint™ Announces Executive Leadership Appointment (PRNewswire) Meerah Rajavel joins as the company's new Chief Information Officer

Unisys Appoints New Chief Marketing Officer, Aims To Boost Its Security Marketing Message (CRN) Unisys bolstered its marketing prowess Monday by bringing on former LiveOps chief marketing officer Ann Sung Ruckstuhl as the solution provider’s new CMO

Accenture Continues To Build Cybersecurity Practice, Hires Former Fidelis CSO To Head Incident Response Practice (CRN) Continuing to build up its new cybersecurity unit, Accenture has hired former Fidelis Cybersecurity chief security officer Justin Harvey as managing director and global lead for the company’s incident response practice

FourV Systems Announces Two Appointments to Senior Board of Advisors (BusinessWire) Experts with strong backgrounds in security and risk to support company growth and expansion

Products, Services, and Solutions

GlobalSCAPE, Inc. Releases New Security Features and File Sharing Capabilities to Its Data Exchange Platform (Globalscape) Security enhanced through integration of Web single sign on through SAML; broader support for RSA, RADIUS; new workspaces Outlook plugin

Virtru Recognized by Google as a Recommended for G Suite Application for Encryption (Marketwired) G Suite users to benefit from Virtru's data-centric approach to business privacy and security -- ensuring data is protected wherever it travels

Convergence continues expansion with Panthera (Convergence Tech) A solid step in Panthera’s objective to provide leading capabilities across the technology platform; Convergence continues their expansion to serve the full-array of customer’s requirements from desktop to the application to the infrastructure while assuring secure application delivery

Palo Alto Networks extends AWS relationship to enhance firewall scalability (Channel Buzz) Palo Alto sees its adaption to the new age of cloud security as fundamental, and has been doing what it can to keep its channel partners moving in tandem on this objective

Behavior analytics tools for cybersecurity move into enterprises (Computerworld) Parchment deploys Darktrace's Enterprise Immune System

FireEye: The Big Difference With Helix (Seeking Alpha) FireEye recently introduced a cutting-edge security product called Helix. Helix will transform security deployment for small and large businesses. Is this the game-changer we have been waiting for?

Centrify streamlines adoption of hybrid cloud (Financial News) Centrify has announced new hybrid cloud capabilities and best practice guidance to speed and secure adoption of Infrastructure-as-a-Service (IaaS), the company said

Amazon Launches AWS Shield DDoS Protection Service (HackRead) AWS Shield comes in two packages: AWS Shield Standard and AWS Shield Advanced

Google Debuts Continuous Fuzzer for Open Source Software (Threatpost) A new Google program aimed at continuously fuzzing open source software has already detected over 150 bugs

Orange Slovakia offers family security package by Eset (Telecompaper) Orange Slovakia offers a security package for the whole family. It protects up to four devices and include also a special application for protection of children on the internet. The family security package includes Eset SmartSecurity, Eset Mobile Security and Eset Parental Control by the company Eset

New anti-Facial Recognition Glasses Protect Users’ Privacy From CCTV Cameras (HackRead) Wear Reflectacles to avoid surveillance through CCTV Cameras and to enjoy night-time biking

Technologies, Techniques, and Standards

Safer, Less Vulnerable Software Is the Goal of New NIST Computer Publication (NIST) We can create software with 100 times fewer vulnerabilities than we do today, according to computer scientists at the National Institute of Standards and Technology (NIST). To get there, they recommend that coders adopt the approaches they have compiled in a new publication

BYOD: How to provide secure access to network resources (Help Net Security) IT organizations have little or no choice when it comes to Bring Your Own Device (BYOD) programs

Laws, regulations and contracts that infosec pros should be familiar with (Help Net Security) If you’re a white hat and you want to continue being one, knowing what laws and industry regulations allow or not allow (or require or not require) you to do is of crucial importance

How to avoid bogging down your own servers (Panda Mediacenter) There’s been a lot of talk recently about DDoS (distributed denial-of-service) attacks in the wake of an incident that left thousands of users without internet access as a result of the collapse of the servers at Dyn, a DNS hosting service. Needless to say, we should be aware of this threat, know how it works, and how to defend ourselves against it. Especially now, in the age of the Internet of Things, which has made it easier for cybercriminals to build an army of infected devices to carry out this kind of attack

Internal and External Ramifications of Leaked Board Strategies (Infosecurity Magazine) Building off part one of our conversation, where we discussed the evolving board landscape as well as the associated top security concerns, this second part dives into breach response and how to prepare against them

The Five Core Components of Proactive Cybersecurity (TechZone 360) In 2016 the cyber landscape reached new heights with advanced attack methods, increased levels of sophistication and escalated frequency of adversary activity

Security startup confessions: Customer breach disclosure (Help Net Security) Balancing the needs of your company, your employees, and your customers requires making tough choices

Weihnachtsgeschenke sicher online shoppen (PCtipp) Ob per Smartphone, Tablet oder PC – der Onlineeinkauf der Weihnachtsgeschenke boomt. Anstatt sich in überfüllte Geschäfte zu stürzen, kaufen viele Schweizer die Präsente lieber online von zu Hause aus. Der IT-Sicherheits-Hersteller G DATA gibt Tipps fürs sichere Internet-Shopping

Design and Innovation

Solve cybercrime by permanently linking physical space and cyberspace (CSO) Virtually every cyber threat is enabled by the failure of most online identity verification systems to reliably connect a person’s physical identity with his or her cyber identity. Solving this problem will dramatically improve global cyber security

How blockchain can help fight cyberattacks (TechCrunch) Imagine a computing platform that would have no single point of failure and would be resilient to the cyberattacks that are making the headlines these days. This is the promise behind blockchain, the distributed ledger that underlies cryptocurrencies like Bitcoin and Ethereum and challenges the traditional server/client paradigm

Facebook begins asking users to rate articles’ use of ‘misleading language’ (TechCrunch) A survey asking users about “misleading language” in posts is the latest indication that Facebook is facing up to what many see as its responsibility to get a handle on the fake news situation. At least part of its solution, it seems, is to ask users what they think is fake

Hacker News calls for “political detox,” critics cry censorship (TechCrunch) Can social media even exist without political debate? What about trolls? Hacker News, the social news site run by Y Combinator, is trying to find out

‘Spezgiving’: How Reddit’s CEO Tried And Failed to Troll the Trolls (Motherboard) Opening with the acronym for the phrase "Today I F[***]ed Up," what follows is an apology written by Reddit’s co-founder and current CEO, Steve Huffman

Research and Development

DARPA selects Raytheon for cybersecurity support (UPI) Raytheon has received a $9 million contract to support the U.S. Defense Advanced Research Project's Agency's latest cybersecurity project

Academia

Malaysia to Establish Cybersecurity Academy (Infosecurity Magazine) The Malaysian Digital Economic Corporation (MDEC) and Protection Group International (PGI) have signed an agreement to work together to develop a cybersecurity academy in Malaysia

15 under 15: Rising stars in cybersecurity (Christian Science Monitor Passcode) Kids born after the year 2000 have never lived a day without the internet. Everything in their lives is captured in silicon chips and chronicled on Facebook. Algorithms track how quickly they complete their homework; their text message confessions and #selfies are whisked to the cloud

Legislation, Policy, and Regulation

Obama Has a Plan to Fix Cybersecurity, But Its Success Depends on Trump (Wired) The Obama White House has had to reckon with cybersecurity like no other presidential administration in history, from China’s 2009 hack of Google, to the Office of Personnel Management breach, to the rise of botnets built from dangerously insecure “internet-of-things” devices

DDoS, IoT Top Cybersecurity Priorities for 45th President (KrebsOnSecurity) Addressing distributed denial-of-service (DDoS) attacks designed to knock Web services offline and security concerns introduced by the so-called “Internet of Things” (IoT) should be top cybersecurity priorities for the 45th President of the United States, according to a newly released blue-ribbon report commissioned by President Obama

Atkin: Cybersecurity, critical infrastructure will be challenges for Trump's DHS (Federal Times) Speaking at the Homeland Security & Defense Business Council’s annual gathering forecasting the state of the agency, Thomas Atkin outlined the challenges the Department of Homeland Security will continue to face in 2017

Where would Mattis take cyber? (FCW) President-elect Donald Trump's pick for secretary of defense has a long and colorful track record of comments on combat, Afghanistan, Iran and other threats to the U.S. When it comes to cyber, however, experts say he's a bit of a tabula rasa

Van Hollen Applauds Elevation of U.S. Cyber Command in Maryland (AFRO) Today Maryland Congressman Chris Van Hollen issued the following statement applauding the elevation of U.S. Cyber Command in Maryland as part of the House-passed National Defense Authorization Act (NDAA)

Litigation, Investigation, and Law Enforcement

Court upholds warrantless surveillance of U.S. citizens under Section 702 (TechCrunch) The U.S. federal appeals court has ruled in United States v. Mohamud, a case that began with a 2010 holiday bomb plot and will end with unique implications for the private digital communications of American citizens

Court: Secret spying of would-be Christmas tree bomber was OK (Ars Technica) ACLU slams ruling, says this surveillance violates the constitution

Facebook, Microsoft, Twitter and YouTube collaborate to remove ‘terrorist content’ from their services (TechCrunch) Facebook, Microsoft, Twitter and YouTube today announced they would cooperate on a plan to help limit the spread of terrorist content online. The companies said that together they will create a shared industry database that will be used to identify this content, including what they describe as the “most extreme and egregious terrorist images and videos” that have been removed from their respective services

Sextortion: The U.S. military's dirty little secret is a growing national security concern (Military Times) You're scrolling through Facebook like any other day when a friend request pops up from a pretty girl. You accept, and she sends you a naughty picture. You send one back, just to be polite, or maybe because she asked nicely. Maybe you move the conversation onto Skype for a live show. But then she demands money, hundreds of dollars, and threatens to send your naked photo to your friends, your family and — worst of all — your employer

Child porn on government devices: A hidden security threat (Christian Science Monitor Passcode) Explicit images of minors, which have been discovered on federal workers' computers across the government, can be gateways for criminal hackers and foreign spies. What's the best way to combat the problem?

EFF Blasts DEA in Ongoing Secret ‘Super Search Engine’ Lawsuit (Threatpost) The Electronic Frontier Foundation is accusing the Drug Enforcement Agency of improperly withholding documents in a court case that hopes to reveal details about the government’s controversial surveillance program known as Hemisphere. The EFF, which is suing the DEA as part of a Freedom of Information Act (FOIA) request, is demanding the agency turn over documents that have been withheld or have been highly redacted

Snowden 'not counting' on pardon from Obama (The Hill) National Security Agency whistleblower Edward Snowden acknowledged in an interview broadcast Monday that a pardon from President Obama before he leaves office in January is unlikely

Snowden: Petraeus shared data ‘far more highly classified than I ever did’ (The Blaze) Edward Snowden, the former contractor for the National Security Agency who in 2013 leaked classified information that showed the U.S. government surveilled private data, said in an interview published over the weekend that retired Gen. David Petraeus “shared information that was far more highly classified than I ever did with journalists”

“Bullsh*t and spin”: Autonomy founder mocks HP’s $5B fraud suit against him (TechCrunch) How could Dr Michael Lynch raise a $1 billion venture capital fund while being sued for $5 billion over alleged fraud in the $11 billion sale of his company Autonomy to HP? “The reality is, that doesn’t take much time” since he has a team of lawyers on the case, Lynch said on stage during TechCrunch Disrupt London

Software Salesman Pleads Guilty To PoS Scam (Dark Reading) Washington's John Yin allegedly sold point-of-sale systems with revenue suppression software, incurring government monetary loss of $3.4 million

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

CES® CyberSecurity Forum (Las Vegas, Nevada, USA, January 5, 2017) Now in its second year, the CES® CyberSecurity Forum presented by CyberVista is designed to ensure all stakeholders in developing high tech solutions understand the complexity and the need for action in...

Upcoming Events

Disrupt London (London, England, UK, December 3 - 6, 2016) TechCrunch Disrupt is the world’s leading authority in debuting revolutionary startups, introducing game-changing technologies, and discussing what’s top of mind for the tech industry’s key innovators.

US Department of Commerce Cyber Security Trade Mission to Turkey ( Ankara and Istanbul, Turkey, December 5 - 8, 2016) Now is the time to expand in Turkey! The growth and frequency of cyber-attacks in recent years has increased the demand to protect critical data and infrastructure of governments and businesses. Turkey...

NCCoE Speaker Series: Understanding, Detecting & Mitigating Insider Threats (Rockville, Maryland, USA, December 6, 2016) Insider threats are growing at an alarming rate, with medium-to-large company losses averaging over $4 million every year. Smaller businesses are at risk too, and it is estimated that in 2014, over half...

Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter (Elkridge, Maryland, USA, December 6, 2016) This cybergamut Technical Tuesday features ZeroFox data scientist John Seymour, who will present a recurrent neural network that learns to tweet phishing posts targeting specific users. Historically, machine...

Infosecurity Magazine Conference (Boston, Massachusetts, USA, December 6 - 7, 2016) Bringing together 100+ information security end-users, analysts, policy-makers, vendors and service providers, the meeting connects the information security community providing actionable information,...

Practical Privacy Series 2016 (Washingto, DC, USA, December 7 - 8, 2016) This year, the Practical Privacy Series will return to Washington, DC, with its rapid, intensive education that arms you with the knowledge you need to excel on the job. We’re programming some stunningly...

CISO Southern Cal (Los Angeles, California, USA, December 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

SANS Cyber Defense Initiative 2016 (Washington, DC, USA , December 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative...

Privacy, Security and Trust: 14th Annual Conference (Auckland, New Zealand, December 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.