Yonhap reports that a South Korean military intranet has sustained a North-Korean directed malware infestation. Seoul's Ministry of Defense acknowledged finding the malicious code in one of its cyber command networks.
Mirai appears to have a competitor in the distributed denial-of-service market. CloudFlare has reported that a new botnet—what kinds of bots it's composed of remains unclear—began executing attacks on November 23rd. It ran on a predictable schedule: eight hours a day for seven days, beginning at 10:00 AM PST. On the eighth day the attack switched to twenty-four hours, reaching a peak volume of 400 Gbps. (MIrai has hit 620 Gbps.) Attacks seem to have originated with Chinese IP addresses, and to have targeted servers in California. CloudFlare thinks the targets were "gaming and virtual goods sites and services."
Locky ransomware operators have shifted to [dot] osiris extensions in malicious code being spread by bogus Excel invoices. No decryption is yet available, so secure, regular backup is the best preparation for recovery. Globe2 ransomware is implicated in successful attacks on British hospitals that disrupted patient services.
Ransomware exacts opportunity costs from its victims: San Francisco's Muni light rail estimates it lost some $50,000 in fares during its attack. That's $75,000 less than the ransom Muni refused to pay, but it still hurts.
Social media companies and sites continue to grapple with content filtering. Counter-trolling seems unsuccessful. Control of terrorist imagery remains a work in progress, but is proceeding along lines followed to exclude child porn from networks.
Today's issue includes events affecting Belgium, China, European Union, France, Ireland, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Malaysia, Netherlands, Norway, Russia, United Kingdom, United States.
A quick word to our readers about sponsoring the CyberWire—there are a few sponsor slots available for 2017, but they're going fast. Learn more here.
ON THE PODCAST
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at Lancaster University, as Awais Rashid discusses the concept of critical national infrastructure. Our guest is Cris Thomas (whom you may know by his "Space Rogue" handle). He's from Tenable Network Security, and he'll be talking us through the Global Cybersecurity Assurance Report Card Tenable released yesterday.
A special edition of our Podcast up is up as well—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.
As always, if you enjoy the podcasts, we invite you to please consider giving it an iTunes review.
New Large-Scale DDoS Attacks Follow Schedule(Threatpost) A powerful new botnet is being blamed for massive and sustained DDoS attacks that security researchers at CloudFlare compare to Mirai when it comes to intensity and scope
The Ransomware before Christmas, 2016 edition(IT Governance) The weather outside is frightful and people are spending more time at home, where it’s warm and a cup of tea is right next to the laptop. It’s an endearing modern winter tale but it could easily turn into a nightmare – thanks to ransomware
Muni Braced for $50,000 Ransomware Hit(Infosecurity Magazine) San Francisco’s Municipal Transport Agency (SMTA) is expecting to have suffered a $50,000 hit in lost fares over the weekend it was struck by a major ransomware attack, in yet another example of the financial repercussions of critical security gaps
Never Ever (Ever) Download Android Apps Outside of Google Play(Wired) This week, researchers revealed that a strain of malware hit at least 1.3 million Android phones, stealing user data as part of a scheme to boost ad revenue. Called “Gooligan,” it got into those devices the way so many of these large-scale Android attacks do: through an app. Specifically, an app that people downloaded outside the comfortable confines of the Google Play Store
It’s Trivially Easy to Watch Porn On a Restricted Tablet Made For Kids(Motherboard) Christmas is around the corner and parents all over the world are mulling over what gifts to give their kids. Many toys and other children gizmos these days have an internet connection, which poses an interesting dilemma: how do you keep the kids out of the more undesirable (read: porn) parts of the web?
New Kit, Same Player: Top 10 Vulnerabilities Used by Exploit Kits in 2016(Recorded Future Special Intelligence Desk) According to updated Recorded Future analysis, Adobe (Flash Player) and Microsoft products (Internet Explorer, Silverlight, Windows) continue to provide the primary avenue of access for criminal exploit kits. While nation-state targeting of political efforts has dominated InfoSec headlines in 2016, criminals continue to deliver ransomware and banking trojans using new exploit kits targeting new vulnerabilities
Why Palo Alto Networks Is A Buy(Seeking Alpha) PANW’s shift to the subscription and renewals model is driving growth and helping it add more customers, while also leading to an improvement in the margin. PANW will benefit from an improvement in its total addressable market, which will grow to $22 billion in 2019 from $18.2 billion in 2016. It is expected that PANW will triple its market share by 2024 from the current share of 7% in the security market, driven by its wide suite of products
Darktrace co-founder discusses the future of cybersecurity(TechCrunch) One of the co-founders of the tight-lipped cybersecurity firm Darktrace peeled back some of the secrecy around the company today at TechCrunch Disrupt London, describing how investor Mike Lynch brokered a meeting between Cambridge mathematicians and spies at the British intelligence agency GCHQ to found the company
Nintendo Teams Up With HackerOne to Secure 3DS Via Bounty Program(Hardcore Gamer) Security vulnerabilities are a nightmare for a console company. Piracy and inappropriate content are particularly troublesome to Nintendo, so it’s teamed up with the web site HackerOne to find information on possible exploits of the 3DS platform
Convergence continues expansion with Panthera(Convergence Tech) A solid step in Panthera’s objective to provide leading capabilities across the technology platform; Convergence continues their expansion to serve the full-array of customer’s requirements from desktop to the application to the infrastructure while assuring secure application delivery
FireEye: The Big Difference With Helix(Seeking Alpha) FireEye recently introduced a cutting-edge security product called Helix. Helix will transform security deployment for small and large businesses. Is this the game-changer we have been waiting for?
Centrify streamlines adoption of hybrid cloud(Financial News) Centrify has announced new hybrid cloud capabilities and best practice guidance to speed and secure adoption of Infrastructure-as-a-Service (IaaS), the company said
Orange Slovakia offers family security package by Eset(Telecompaper) Orange Slovakia offers a security package for the whole family. It protects up to four devices and include also a special application for protection of children on the internet. The family security package includes Eset SmartSecurity, Eset Mobile Security and Eset Parental Control by the company Eset
How to avoid bogging down your own servers(Panda Mediacenter) There’s been a lot of talk recently about DDoS (distributed denial-of-service) attacks in the wake of an incident that left thousands of users without internet access as a result of the collapse of the servers at Dyn, a DNS hosting service. Needless to say, we should be aware of this threat, know how it works, and how to defend ourselves against it. Especially now, in the age of the Internet of Things, which has made it easier for cybercriminals to build an army of infected devices to carry out this kind of attack
Weihnachtsgeschenke sicher online shoppen(PCtipp) Ob per Smartphone, Tablet oder PC – der Onlineeinkauf der Weihnachtsgeschenke boomt. Anstatt sich in überfüllte Geschäfte zu stürzen, kaufen viele Schweizer die Präsente lieber online von zu Hause aus. Der IT-Sicherheits-Hersteller G DATA gibt Tipps fürs sichere Internet-Shopping
How blockchain can help fight cyberattacks(TechCrunch) Imagine a computing platform that would have no single point of failure and would be resilient to the cyberattacks that are making the headlines these days. This is the promise behind blockchain, the distributed ledger that underlies cryptocurrencies like Bitcoin and Ethereum and challenges the traditional server/client paradigm
Malaysia to Establish Cybersecurity Academy(Infosecurity Magazine) The Malaysian Digital Economic Corporation (MDEC) and Protection Group International (PGI) have signed an agreement to work together to develop a cybersecurity academy in Malaysia
15 under 15: Rising stars in cybersecurity(Christian Science Monitor Passcode) Kids born after the year 2000 have never lived a day without the internet. Everything in their lives is captured in silicon chips and chronicled on Facebook. Algorithms track how quickly they complete their homework; their text message confessions and #selfies are whisked to the cloud
Legislation, Policy, and Regulation
Obama Has a Plan to Fix Cybersecurity, But Its Success Depends on Trump(Wired) The Obama White House has had to reckon with cybersecurity like no other presidential administration in history, from China’s 2009 hack of Google, to the Office of Personnel Management breach, to the rise of botnets built from dangerously insecure “internet-of-things” devices
DDoS, IoT Top Cybersecurity Priorities for 45th President(KrebsOnSecurity) Addressing distributed denial-of-service (DDoS) attacks designed to knock Web services offline and security concerns introduced by the so-called “Internet of Things” (IoT) should be top cybersecurity priorities for the 45th President of the United States, according to a newly released blue-ribbon report commissioned by President Obama
Where would Mattis take cyber?(FCW) President-elect Donald Trump's pick for secretary of defense has a long and colorful track record of comments on combat, Afghanistan, Iran and other threats to the U.S. When it comes to cyber, however, experts say he's a bit of a tabula rasa
Facebook, Microsoft, Twitter and YouTube collaborate to remove ‘terrorist content’ from their services(TechCrunch) Facebook, Microsoft, Twitter and YouTube today announced they would cooperate on a plan to help limit the spread of terrorist content online. The companies said that together they will create a shared industry database that will be used to identify this content, including what they describe as the “most extreme and egregious terrorist images and videos” that have been removed from their respective services
Sextortion: The U.S. military's dirty little secret is a growing national security concern(Military Times) You're scrolling through Facebook like any other day when a friend request pops up from a pretty girl. You accept, and she sends you a naughty picture. You send one back, just to be polite, or maybe because she asked nicely. Maybe you move the conversation onto Skype for a live show. But then she demands money, hundreds of dollars, and threatens to send your naked photo to your friends, your family and — worst of all — your employer
Child porn on government devices: A hidden security threat(Christian Science Monitor Passcode) Explicit images of minors, which have been discovered on federal workers' computers across the government, can be gateways for criminal hackers and foreign spies. What's the best way to combat the problem?
EFF Blasts DEA in Ongoing Secret ‘Super Search Engine’ Lawsuit(Threatpost) The Electronic Frontier Foundation is accusing the Drug Enforcement Agency of improperly withholding documents in a court case that hopes to reveal details about the government’s controversial surveillance program known as Hemisphere. The EFF, which is suing the DEA as part of a Freedom of Information Act (FOIA) request, is demanding the agency turn over documents that have been withheld or have been highly redacted
Snowden 'not counting' on pardon from Obama(The Hill) National Security Agency whistleblower Edward Snowden acknowledged in an interview broadcast Monday that a pardon from President Obama before he leaves office in January is unlikely
Snowden: Petraeus shared data ‘far more highly classified than I ever did’(The Blaze) Edward Snowden, the former contractor for the National Security Agency who in 2013 leaked classified information that showed the U.S. government surveilled private data, said in an interview published over the weekend that retired Gen. David Petraeus “shared information that was far more highly classified than I ever did with journalists”
“Bullsh*t and spin”: Autonomy founder mocks HP’s $5B fraud suit against him(TechCrunch) How could Dr Michael Lynch raise a $1 billion venture capital fund while being sued for $5 billion over alleged fraud in the $11 billion sale of his company Autonomy to HP? “The reality is, that doesn’t take much time” since he has a team of lawyers on the case, Lynch said on stage during TechCrunch Disrupt London
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
CES® CyberSecurity Forum(Las Vegas, Nevada, USA, January 5, 2017) Now in its second year, the CES® CyberSecurity Forum presented by CyberVista is designed to ensure all stakeholders in developing high tech solutions understand the complexity and the need for action in...
Disrupt London(London, England, UK, December 3 - 6, 2016) TechCrunch Disrupt is the world’s leading authority in debuting revolutionary startups, introducing game-changing technologies, and discussing what’s top of mind for the tech industry’s key innovators.
US Department of Commerce Cyber Security Trade Mission to Turkey( Ankara and Istanbul, Turkey, December 5 - 8, 2016) Now is the time to expand in Turkey! The growth and frequency of cyber-attacks in recent years has increased the demand to protect critical data and infrastructure of governments and businesses. Turkey...
Infosecurity Magazine Conference (Boston, Massachusetts, USA, December 6 - 7, 2016) Bringing together 100+ information security end-users, analysts, policy-makers, vendors and service providers, the meeting connects the information security community providing actionable information,...
Practical Privacy Series 2016(Washingto, DC, USA, December 7 - 8, 2016) This year, the Practical Privacy Series will return to Washington, DC, with its rapid, intensive education that arms you with the knowledge you need to excel on the job. We’re programming some stunningly...
CISO Southern Cal(Los Angeles, California, USA, December 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
SANS Cyber Defense Initiative 2016(Washington, DC, USA , December 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative...
Privacy, Security and Trust: 14th Annual Conference(Auckland, New Zealand, December 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.