Recorded Future finds a "Russian-speaking hacker" who may have compromised the US Election Assistance Commission. "Rasputin," as they're calling him, is selling access to the Commission. The Election Assistance Commission is a small independent Federal agency charged with supporting the conduct of elections in the States through a variety of largely voluntary services. The hack seems more embarrassing than dangerous, and does not appear to threaten any significant danger of vote fraud or manipulation.
The US continues investigating Russian influence operations during the recently concluded elections. Officials murmur about President Putin's direct involvement, President Obama promises unspecified retaliation, and the White House grouses that media who reported leaked DNS emails effectively became an "arm of Russian intelligence." British and European officials worry about similar Russian meddling in their own elections. The prospect of what ThreatConnect calls "Faketivism"—false flags and covert information operations—is particularly troubling to them.
The magnitude of the Yahoo! breach continues to sink in, and security industry observers express displeasure over weak crypto practices and slow breach disclosure. The company's stock price declines as investors lose confidence that Verizon's acquisition of Yahoo!'s core assets will go through.
Proofpoint warns that the DNSChanger exploit kit, distributed by malvertising, is now hitting routers.
Netskope discovers new variants of Locky ransomware circulating in the wild. There's some compensating good news: the public-private partnership No More Ransom adds new partners and expanded free services for ransomware victims.
India worries that the "Legion" hacks may amount to more than a nuisance.
Today's issue includes events affecting Austrian, Croatia, Denmark, European Union, Finland, France, India, Israel, Italy, Luxembourg, Malaysia, Malta, Netherlands, Nigeria, Portugal, Romania, Russia, Singapore, Slovenia, Ukraine, United Kingdom, United States.
A note to our readers: The new Star Wars film, Rogue One, is out this week. It's billed as "the epic tale of a scrappy group of rebels and their daring mission to steal the plans for the Death Star." Given what's generally known about information security, however, one wonders if perhaps the plans might actually have been compromised in a different way. (Not that a Sith lord would reuse his Yahoo! security questions in an Imperial account...he wouldn't, would he? Right?)
A special edition of our Podcast up is up as well—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.
As always, if you enjoy the podcasts, we invite you to please consider giving it an iTunes review.
Cyber Attacks, Threats, and Vulnerabilities
Vulnerable in cyberspace(The Hindu) The ‘Legion’ hacks expose the dire state of cybersecurity in India. Frequent data breaches will steadily erode the confidence of Internet users and deter them from using digital gateways
Russian-Speaking Hacker Selling Access to the US Election Assistance Commission(Recorded Future) On December 1, 2016, Recorded Future identified chatter related to a suspected breach of the U.S. Election Assistance Commission (EAC). Recorded Future engaged the Russian-speaking actor (referred to as “Rasputin” in this research) to assess the full scope of the unauthorized access, and provided all relevant information to federal law enforcement. Further analysis identified more than 100 potentially compromised access credentials, including some with administrative privileges. Rasputin offered to sell an unpatched system vulnerability to a Middle Eastern government broker. Recorded Future successfully attributed the EAC breach to Rasputin
Cyber Chief in UK Election Hack Warning(Infosecurity Magazine) The head of the UK’s National Cyber Security Centre has warned that Russia’s alleged meddling in the US election could lead to similar campaigns to destabilize the democratic process in the UK
Faketivists Could Play Havoc with Euro Elections in 2017(Infosecurity Magazine) Security experts are warning of a rise in so-called “faketivists” – state sponsored operatives who take on the personas of solitary hacktivists in order to disseminate sensitive hacked material for political ends
Yahoo's Record-Setting Breach Disclosure [Updated](The CyberWire) Yesterday Yahoo disclosed that more than a billion customer accounts were compromised in August 2013. This incident is distinct from the breach of 500 million accounts the company disclosed on September 22, 2016. Yahoo said in its announcement that how the breach was accomplished is not yet known, and that the company is working with law enforcement to investigate. This incident is regarded as being the largest breach on record, in terms of the number of individuals affected. Security industry experts have weighed in with their views on what happened and how such attacks might be prevented or mitigated
Yahoo's big breach helps usher in an age of hacker anxiety(AP) Yahoo has become the worst-case example of an unnerving but increasingly common phenomenon — massive hacks that steal secrets and other potentially revealing information from our personal digital accounts, or from big organizations that hold sensitive data on our behalf
My Yahoo Account Was Hacked! Now What?(KrebsOnSecurity) Many readers are asking what they should be doing in response to Yahoo‘s disclosure Wednesday that a billion of its user accounts were hacked. Here are a few suggestions and pointers, fashioned into a good old Q&A format
Yahoo breach: why does it take so long to tell people about a hack?(Naked Security) Hours after Yahoo disclosed this latest data breach, people asked why it took the company so long to come clean about a compromise dating back to 2013. To the casual observer, three years is a long time, and it makes them suspicious that the company was deliberately keeping users in the dark
Yahoo breach: here’s what you need to do(Naked Security) As you’ve probably heard by now, Yahoo says it suffered a massive data breach that compromised 1bn accounts. The breach, dating back to 2013, is separate from another disclosed in September, in which 500m user accounts were hacked
DNSChanger Exploit Kit Hijacks Routers, Not Browsers(Threatpost) Attackers are targeting more than 166 router models with an exploit kit called DNSChanger that is being distributed via malvertising. Researchers at Proofpoint said the exploit kit is unique because the malvertising component of the attack doesn’t target browsers, rather a victim’s router
New Variants of Locky Ransomware Found(Netskope) Locky ransomware is in the news again with variants using different extensions for encrypted files. A couple of months ago, we blogged about the Zepto variant of Locky ransomware which used the .ZEPTO extension for encrypted files. The blog also highlighted Zepto’s executable (.EXE) payload execution with pre-defined parameters. Later, we highlight in this blog another Zepto variant that executes its main payload via DLL rather than EXE. As we continue to monitor Locky ransomware’s evolution, Netskope Threat Research Labs took a deep dive into two new variants of Locky ransomware, this time using .AESIR and .ZZZZZ extensions for encrypted files. The variants also made a few changes in the malware’s payload execution
Goldeneye Ransomware – the Petya/Mischa combo rebranded(Malwarebytes) From March 2016 we’ve observed the evolution of an interesting low-level ransomware, Petya – you can read about it here. The second version (green) Petya comes combined with another ransomware, packed in the same dropper – Mischa. The latter one was deployed as an alternative payload: in case if the dropper was run without administrator privileges and the low-level attack was impossible. This combo is slowly reaching its maturity – the authors fixed bugs that allowed for decryption of the two earliest versions. Now, we are facing an outbreak of the fourth version – this time under a new name – Goldeneye, and, appropriately, a new, golden theme
One, if by email, and two, if by EK: The Cerbers are coming!(SANS Internet Storm Center) "One, if by land, and two, if by sea" is a phrase used by American poet Henry Wadsworth Longfellow in his poem "Paul Revere's Ride" first published in 1861. Longfellow's poem tells a somewhat fictionalized tale of Paul Revere in 1775 during the American revolution. If British troops came to attack by land, Paul would hang one lantern in a church tower as a signal light. If British troops came by sea, Paul would hang two lanterns
The economics of ransomware revealed(Help Net Security) 70 percent of businesses infected with ransomware have paid ransom to regain access to business data and systems. In comparison, over 50 percent of consumers surveyed said they would not pay to regain access back to personal data or devices aside from financial data, according to IBM Security
Non-Malware Attacks on the Rise, in the Shadow of Ransomware(Infosecurity Magazine) 2016 saw attackers holding data for ransom at an alarming rate; but in conjunction with the rise of ransomware and the continued ubiquity of mass malware, attackers are increasingly utilizing non-malware attacks in an attempt to remain undetected and persistent in organizations’ networks
“Secure the News” Grades Media Sites on HTTPS—And Most Fail(Wired) Before you enter your credit card into an unknown website, you probably (hopefully) check your browser for the padlock icon that means your connection to that site uses HTTPS encryption, which helps prevent hackers and eavesdroppers
Over Half of Global Firms Still Not Progressing with GDPR(Infosecurity Magazine) As we head into the final 18 month stretch before the European General Data Protection Regulation (GDPR) comes into force, two new studies have revealed a worrying lack of preparedness on the part of organizations
Growth rates of cryptographic keys and certificates(Help Net Security) A new study conducted by Dimensional Research evaluated current and projected growth rates of cryptographic keys and digital certificates in the enterprise for 2016 and 2017. Study respondents included 505 IT professionals that manage these critical cryptographic assets in the U.S., U.K., France and Germany
Quantifying Cyber Risks(CFO) Companies are clamoring for the data and information they need to manage their exposure
Vkansee raises $10M to fund fingerprint sensor innovation(Biometric Update) Vkansee has raised $10 million in additional funding from existing angel investors and other institutional investors, including Infotech Ventures, Yunnan Huizhong Fund, Shenzhen Qianhai Greatwall Fund and Superpix Micro Technolog
Morphisec opens Boston office to tap into American market(GSN) Morphisec, leading developer of Moving Target Defense (MTD) cybersecurity products, today announces rapid global expansion including the opening of its U.S. operations located in Boston. Born out of Ben-Gurion University and the JVP Cyber Labs in Be'er Sheva, Israel, Morphisec has emerged from Israel's national cybersecurity center to wide acclaim for its forward-thinking technology
CrowdStrike Selected as a 2016 Red Herring Top 100 Global(Yahoo! Finance) CrowdStrike, the leader in cloud-delivered endpoint protection, today announced that the company was recognized by Red Herring’s Top 100 Global award, a listing of the leading private companies from North America, Europe, and Asia
Soget and Thales launch port security coalition(Marine Electronics & Communication) Thales has joined forces with Soget to deliver secured port systems that include physical and cyber security. Combined, the two companies will protect critical port infrastructure from growing digital and physical threats
Dashlane Backs Two-Factor Authentication Awareness Campaign(Yahoo! Finance) Dashlane, the award-winning password manager and leader in online identity management, announces its participation in the #TurnOn2FA two-factor authentication awareness campaign. The campaign, which is in support of the White House's Cybersecurity National Action Plan, seeks to empower consumers to add a level of security to their account with two-factor authentication. Dashlane will promote the campaign, which was created by Intel® and TeleSign
Protect Your Office 365 Files With Vera For Microsoft(Forbes) Vera (a sponsor of TechSpective) just launched a new service called Vera for Microsoft designed to help customers protect files in Office 365 and give IT and security administrators some peace of mind. That is a significant challenge in an almost ubiquitously connected and mobile world where data can be anywhere and everywhere at the same time. Vera has established itself by enabling organizations to secure, track, and monitor data no matter where it’s stored or shared
Technologies, Techniques, and Standards
New sheriffs in town: No More Ransom(Help Net Security) A couple of months ago, Intel Security, Kaspersky Lab, Dutch National Police and Europol announced the No More Ransom initiative
Approaching security self-sufficiency(Help Net Security) As part of my role as CSO, I’m extremely lucky to get to have conversations with CISOs, CTOs, and other technology leaders across industries. One of the things that has always struck me throughout my career is how, while there are certainly issues specific to each business, the vast majority of the challenges we face as defenders are the same
GM will begin testing and building self-driving cars in Michigan(TechCrunch) GM is going to start building its next generation of self-driving vehicles at the Michigan plant where it builds its Chevrolet Bolt, the company’s CEO Mary Barra announced Thursday. It will also be testing vehicles on public roads in metro Detroit, GM said. GM is already testing self-driving vehicles using autonomous systems created by Cruise, the startup it acquired earlier this year, in both San Francisco, California and Scottsdale, Arizona
Legislation, Policy, and Regulation
Thai PM defends cyber controls as censorship concerns rise(Interaksyon) Thai Prime Minister Prayuth Chan-ocha on Thursday defended a decision to amend a cyber-crime law to increase the military government’s ability to remove online content as authorities seeks to tighten control on dissent
Mutually assured cyber destruction?(Times of Israel) Op-ed: Experts say first the US, then some of the West’s enemies, have developed the capability to shut down entire countries at the flip of a switch
Are We In a New Era of Espionage?(Defense One) One scholar compares it to the early Atomic Age, when members of Congress struggled to understand how nuclear weapons were changing diplomacy and war
Why Didn't Obama Do More About Russian Election Hack?(NBC News) The Obama administration didn't respond more forcefully to Russian hacking before the presidential election because they didn't want to appear to be interfering in the election and they thought that Hillary Clinton was going to win and a potential cyber war with Russia wasn't worth it, multiple high-level government officials told NBC News
Where is Trump getting his cybersecurity advice?(Christian Science Monitor Passcode) Since the president-elect has rejected intelligence analysis that Russian hackers meddled in the presidential election, where is he getting advice on issues of digital security and espionage?
How can cyber contribute to multi-domain battle?(C4ISRNET) The military is beginning to organize around a principle of multi-domain battle — the notion that effects, planning and operations will converge seamlessly among the five domains of warfare: land, sea, air, space and cyber. Rather than thinking about war from a domain-centric perspective, future battles will be fought with a combination of effects. The one thread that connects all domains is cyber
White House suggests Putin was involved in U.S. hacking(Military Times) The Obama administration suggested Thursday that Russian President Vladimir Putin personally authorized the hacking of Democratic officials' email accounts in the run-up to the presidential election and said it was "fact" that such actions helped Donald Trump's campaign. The White House also assailed Trump himself, saying he must have known of Russia's interference
Russia’s election hack aimed to hurt Hillary — not help Trump(New York Post) The debate continues: Did the Russians hack the Democrats’ computers to help Donald Trump? I answered this one a long time ago. Yes, the Russians did but through surrogates who probably resided in Bulgaria. And the goal was likely less to help Trump than to hurt Hillary Clinton — a splitting of hairs, I know, but an important distinction in the motive that I’ll address in a minute
Huma says she never received FBI warrants for email searches(New York Post) Hillary Clinton aide Huma Abedin told a Manhattan federal judge in a court filing Thursday that neither she nor Anthony Weiner ever received FBI search warrants for emails found on her estranged husband’s computer — raising questions about whether FBI warrants for the emails were ever issued, and if so to whom
More states confirm suspected cyberattacks sourced to DHS(WSB-TV) Channel 2 Investigative Reporter Aaron Diamant has learned two more states’ election agencies have confirmed suspected cyberattacks linked to the same U.S. Department of Homeland Security IP address as last month’s massive attack in Georgia
Regulators crack down on Skype and WhatsApp over privacy(Naked Security) Microsoft’s Skype and Facebook’s WhatsApp and other app-based messaging services are facing increased regulation as the European Commission makes plans to update its privacy rules. CIO reports on a leaked legislative draft, revealig
District Court Finds Finjan's '494 Patent Claims Against Blue Coat to be Valid(Sys-Con Media) Finjan Holdings, Inc. (NASDAQ: FNJN), a cybersecurity company, provides an update on subsidiary, Finjan, Inc.'s ("Finjan") second patent infringement suit against Blue Coat Systems, Inc. ("Blue Coat") in Finjan v. Blue Coat, 5:15-cv-03295-BLF, before the Honorable Beth Labson Freeman. On December 13, 2016, the Court entered its Order ("the Order") Denying Blue Coat's Motion for Judgment on the Pleadings under 35 U.S.C. § 101 ("the Motion"), filed on September 16, 2016, that asserted claims of Finjan's U.S. Patent No. 8,677,494 ("the '494 Patent") are invalid for lack of patentable subject matter
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SANS Cyber Defense Initiative 2016(Washington, DC, USA , December 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative...
CES® CyberSecurity Forum(Las Vegas, Nevada, USA, January 5, 2017) Now in its second year, the CES® CyberSecurity Forum presented by CyberVista is designed to ensure all stakeholders in developing high tech solutions understand the complexity and the need for action in...
SANS Security East 2017(New Orleans, Louisiana, USA, January 9 - 14, 2017) Start the year off right by choosing from outstanding, cutting-edge courses presented by our top-rated instructors. SANS is looking forward to an exciting kickoff of 2017 with SANS Security East 2017 in...
Cybersecurity of Critical Infrastructure Summit 2017(College Station, Texas, USA, January 11 - 13, 2017) An inaugural event to convene thought-leaders, experts, and strategic decision makers from government, industry, and academia to discuss the technology and policy implications of the ever-evolving cyber-threats...
ShmooCon 2017(Washington, DC, USA, January 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...
SANS Las Vegas 2017(Las Vegas, Nevada, USA, January 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you...
BlueHat IL(Tel Aviv, Israel, January 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel.
Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.
SANS Cyber Threat Intelligence Summit & Training 2017(Arlington, Virginia, USA, January 25 - February 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but...
Blockchain Protocol and Security Engineering(Stanford, California, USA, January 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.