CrowdStrike reports on the DNC hack and links it to Russian hybrid warfare going on in eastern Ukraine. First, it notes that an Android app, Попр-Д30 (Popr-D30), designed by a Ukrainian officer to simplify operation of D-30 122mm howitzers, was Trojanized by Fancy Bear (the GRU) with a variant of X-Agent malware. Data from Popr-D30 (it's unclear whether Popr-D-30 is a survey or a fire direction tool) were used to locate, target, and destroy Ukrainian D-30 batteries. The connection with US election hacking is this: Fancy Bear used earlier versions of X-Agent implants against the DNC; X-Agent is one of Fancy's signature tools.
Some observers claim to discern a silver lining in the clouded Russo-American cyber relations: intolerable tensions could lead to détente. Maybe.
Suspicion rises in Ukraine that last Saturday's power outage around Kiev was the result of a cyberattack. It resembles last December's attack on that country's grid in that it involved disruption of an electrical substation's operation.
Seeking to heighten mistrust and hate in the Dar-al-Harb, ISIS online media urge Christmas attacks on Christian churches.
A wave of dictionary attacks on WordPress sites, earlier attributed to unknown criminals operating from a Ukrainian ISP, has been further localized: the attackers appear to be working from Alchevsk, a city in the Donetsk Oblast which is heavily disputed in the ongoing hybrid war. Bleeping Computer notes that Ukraine's government has only tenuous control over the city, and that it seems likely the ISP is a bulletproof host catering to criminals.
Today's issue includes events affecting Australia, Botswana, Canada, Democratic Republic of Congo, Germany, India, Iraq, Kenya, Malawi, Namibia, Netherlands, Nigeria, Russia, South Africa, Syria, Thailand, Uganda, Ukraine, United Kingdom, United States.
A note to our readers: We'll be observing US Federal holidays, as is our custom, and since this year both Christmas and New Year's Day fall on Sunday, that means we'll take a break on Monday, December 26th, and again on Monday, January 2nd. Other than that we'll publish on our normal schedule.
You can find information security lessons everywhere. We think we can see some in the new Star Wars flick, "Rogue One." Here's a hint: the Empire's contractors were apparently less than fully NISPOM compliant. C'mon, get with the program, Director Krennic. (And for the Force's sake, listen to your alert proofreaders. Just ask Deutsche Bank. You're welcome, New York Fed.)
ON THE PODCAST
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from our partners at Virginia Tech's Hume Center is represented by Charles Clancy, who discusses mobile device encryption standards. Our guest, Deloitte's Adnan Amjad, talks about some creative ways enterprises can find scarce cyber talent in the current seller's labor market.
You may also find the special edition of our Podcast of interest—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.
The podcast will take a holiday break on December 26th and January 2nd. Next week, December 27th through December 30th, we'll be running special best-of-episodes from 2016. We'll return to our normal programming on January 3rd. If you've enjoyed the podcasts, please consider giving us an iTunes review.
Danger Close: Fancy Bear Tracking of Ukrainian Field Artillery Units(CrowdStrike Blog) In June CrowdStrike identified and attributed a series of targeted intrusions at the Democratic National Committee (DNC), and other political organizations that utilized a well known implant commonly called X-Agent. X-Agent is a cross platform remote access toolkit, variants have been identified for various Windows operating systems, Apple’s iOS, and likely the MacOS
Russian hacks into Ukraine power grids a sign of things to come for U.S.?(CBS News) Russian hacking to influence the election has dominated the news. But CBS News has also noticed a hacking attack that could be a future means to the U.S. Last weekend, parts of the Ukrainian capitol Kiev went dark. It appears Russia has figured out how to crash a power grid with a click
UPDATED x1: Mirai Scanning for Port 6789 Looking for New Victims / Now hitting tcp/23231(SANS Internet Storm Center) Early today, a reader reported they were seeing a big spike to inbound tcp/6789 to their honeypots. We have seen similar on DShield's data started on December 17. It was actually a subject of discussion this weekend and this helpful data from Qihoo's Network Security Research lab attributes the large increase to Mirai, the default-password-compromising malware infected various IoT devices that are internet-connected. It's hard to see in the graph as it is still not a huge (but still it is significant) portion of Mirai scanning traffic. Here is port-specific graphs from Qihoo as well showing the start time of the spike. The command the it tries to execute once logged in is
Santa Claus is coming to town with a sack full of ransomware(Zscaler) It’s the season: holiday shopping has increased and email inboxes have been inundated with promotional emails, offers from online retailers, and discount banners. And with increased online shopping activity, you can expect to see an increase in activity from the bad actors, too. Cybercriminals are taking advantage of the bustling season by launching various social engineering attacks, including phishing and drive-by download campaigns, to deliver ransomware
Groupon Customer Anger After Account Fraud Hits Site(Infosecurity Magazine) Deals site Groupon has come in for fierce criticism after customers started complaining that their accounts had been compromised and used to purchase hundreds of pounds’ worth of goods fraudulently
The new Barnes&Noble Nooks come with free malware(TechCrunch) Barnes & Noble began outsourcing its Nook e-readers a few years ago after a partnership with Samsung and their latest $50 Nook 7 android tablet, announced last month, shows us how that has worked out for them. Their latest e-reader includes ADUPS, a firmware that sends user data back to the manufacturer or an interested hacker. This is the same malware that researchers found on cheap Blu tablets and phones last month
Microsoft closes the year with major security updates for its products(Windows Report) With 2016 almost reaching its departure, Microsoft released their one last ‘Patch Tuesday‘ update for the year. This update has by far the highest number of security updates released in a single patch. It features six critical patches, with the remaining six rated as important. It covered 34 individual flaws, all of which if exploited could lead to Remote Code Execution. So get ready for restarts. It is favorable to not delay the deployment of these patches. Since three of them, address vulnerabilities which have been publicly disclosed
Onapsis Research Labs First to Help Discover and Fix Vulnerabilities in SAP HANA SPS12 - SAP Security Notes December 2016(Onapsis Security Blog) Today SAP published 23 Security Notes, making a total of 32 notes since last second Tuesday of November, considering several notes that were published outside of the normal publishing schedule. As with every month, the Onapsis Research Labs have an impact on how SAP Security evolves. This month, 6 SAP Security Notes were reported to SAP by our researchers Sergio Abraham, Nahuel Sanchez and Emiliano Fausto (all of them recognized in SAP Webpage). These notes correct 20 vulnerabilities in several platforms that our team has been researching extensively: SAP HANA and SAP For Defense
Security Innovation Confirms That the Gap Still Exists(Econo Times) Sponsored by Security Innovation and INTEGRITY Security Services, a Green Hills Software company, the Ponemon Institute has conducted their second annual cybersecurity survey of over 500 automotive developers, engineers, and executives
More cyber crimes over next 2 years: Deloitte(Deccan Herald) Indian firms believe that incidents of fraud will increase in the next two years, a survey has found. But big companies are still unprepared to tackle cyber crime, while budget comes in the way of small and medium companies while dealing with such cases
Unleashing a Cyber Market Force(LinkedIn) Having called cyber risk existential myself, Senator John McCain’s quote this past weekend that Russian hacking represented the “possible unraveling of the world order” and could “destroy democracy”, struck me as perhaps a turning point. America needs to rally on a theme to fundamentally reshape our societal approach to cyber threats. But first we must properly define the problem. Representing cyber as a threat to global stability and Western free markets is a good start
Despite Successful Attacks, Orgs Aren't Upping Security Budgets(Infosecurity Magazine) Despite significant concerns over both new threats (ransomware, specifically) and age-old, persistent ones (users unknowingly triggering attacks), for the majority of organizations, next year’s security plan essentially boils down to more of the same
Palo Alto Gets Great Marks, FireEye Deteriorates, in Piper Survey(Barron's) Piper Jaffray’s Andrew Nowinski this morning offers up to clients a summary of a meeting he assembled last week between investors and security technology consultants and resellers, the substance of which was encouraging for vendors Palo Alto Networks (PANW), Symantec (SYMC), and Proofpoint (PFPT), but discouraging for FireEye (FEYE)
Will 2017 Be Palo Alto Networks Inc's Worst Year Yet?(Fox Business) Shares of Palo Alto Networks (NYSE: PANW) have fallen nearly 30% this year, due to slowing sales growth, widening GAAP losses, and the threat of rising competition. By comparison, the PureFunds ISE Cybersecurity ETF (NYSEMKT: HACK) -- which owns a basket of top cybersecurity-related stocks -- rose 4% during that period
Intelligence personnel aren’t fleeing because of Trump rift(Christian Science Monitor Passcode) Headhunters well-known for helping US spies find jobs in the private sector say intelligence analysts and officials, including those who specialize in cybersecurity, aren't running for the exits even though President-elect Trump has openly dismissed their findings
Pwnie Express Inducted Into SC Magazine's Industry Innovators Hall of Fame(Yahoo! News) Pwnie Express, the leading provider of device threat detection for wired, wireless, and Internet of Things (IoT) devices, has been inducted into the SC Magazine's Industry Innovators Hall of Fame. Induction into the Industry Innovators Hall of Fame is a noteworthy honor, reserved for three time SC Magazine innovator winners who "show creativity and innovation in product, business practices and go-to-market strategy"
Q&A: Amit Yoran On Leaving RSA, New CEO Role At Tenable And 2017 Security Predictions(CRN) Last week, RSA CEO and industry thought leader Amit Yoran announced he was leaving the Bedford, Mass.-based security vendor to take a role as CEO at Tenable Network Security. The news comes less than four months after Bedford, Mass.-based RSA was acquired by Dell, as part of the EMC Federation. In an interview with CRN, Yoran discussed why he decided to leave RSA and the opportunity he sees at Tenable, which offers a vulnerability assessment and management platform
AT&T Debuts 'Call Protect' Service to Protect Against Robocalls(Mac Rumors) AT&T today announced Call Protect, a complementary service aimed at protecting its users from automated phone calls, also referred to as robocalls. The service debuts five months after the U.S. Federal Communications asked wireless companies to offer free robocall blocking services
Sophos Sandstorm comes to XG Firewall(Sophos Blog) Keeping intruders away from your network is an essential first line of defense. However, cybercriminals are constantly updating and refining their methods of attack, using unknown malware to evade conventional protection
How Metadata Can Reveal What Your Job Is(Motherboard) In November, a federal court ruling revealed that CSIS, Canada’s CIA analog, operated a secret metadata collection program for a decade; metadata being all of the information—time stamps, locations, names and numbers—wrapped around our digital communications
Single Sign-On Buying Guide(eSecurity Planet) Deploying a single sign-on system can improve productivity and lead to better password hygiene, but it also carries some risks
Our 12 tips for staying safe online this Christmas(Naked Security) Here are 12 cybersecurity tips to help you focus on family, food and fun over Christmas, rather than dealing with the headache of stolen credit card details or important documents lost to ransomware
Encryption App ‘Signal’ Fights Censorship With a Clever Workaround(Wired) Any subversive software developer knows its app has truly caught on when repressive regimes around the world start to block it. Earlier this week the encryption app Signal, already a favorite within the security and cryptography community, unlocked that achievement. Now, it’s making its countermove in the cat-and-mouse game of online censorship
How to take vehicle cybersecurity further than the government suggests(Yahoo! Tech) Vehicle cybersecurity is getting well-deserved attention. In October, the U.S. National Highway Traffic Safety Administration (NHTSA) issued federal guidance to the automotive industry for improving motor vehicle cybersecurity. Transportation Secretary Anthony Foxx said at the time, “Cybersecurity is a safety issue, and a top priority at the Department.” Thales e-Security, a major security and data protection solutions system supplier, believes the NHTSA guidelines are a good start but don’t go far enough
Volkswagen teases a self-driving EV concept with retractable steering wheel(TechCrunch) Volkswagen is extending the I.D. concept family it debuted at the Paris Motor Show earlier this year with a new concept car in the same line to be fully revealed at the North American International Auto Show in Detroit in January. The carmaker teased the concept today, revealing a few details about the car, including that it’s designed to be fully self-driving in the future
Elon Musk says Tesla’s vision neural net for Autopilot is “now working well”(TechCrunch) Tesla is making progress towards its goal of making its latest cars fully self-driving, according to Elon Musk sharing some updates about the project, and about Enhanced Autopilot, the improved semi-autonomous driver assist system Tesla is planning to release in the near-term, before full autonomy is available
This Tool Maps the Spread of Fake News Online(Motherboard) Fake news, sensationalized media and blatant lies disguised as journalism have, unfortunately become major themes this year. Facebook’s finally stepping up to stop the spread, but some academics and data journalists have been working on the problem of viral misinformation for longer, with guides to help students become better news consumers and extensions to flag fake news
Information Won't Make Us Immortal(Motherboard) In the blogosphere, a curious notion is spreading and gaining momentum: namely, the idea that information is the new soul—a kind of Soul 2.0. Something over and above the nitty gritty of the brute matter. Something better
S&T Awards $527K To Brigham Young For Cybersecurity Tech(Homeland Security Today) Brigham Young University (BYU) has been awarded $527,112 to develop a web authentication middleware tool called TrustBase that will significantly upgrade the current Internet website authentication process and improve online security by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T)
How The Citizen Lab polices the world's digital spies(Christian Science Monitor Passcode) University of Toronto professor Ron Deibert launched The Citizen Lab in 2001 to become the 'CSI of the internet.' Since then, it has become one of the leading watchdogs for digital censorship and online suppression
Could US-Russia feud over hacks lead to digital detente?(Christian Science Monitor Passcode) Experts have been trying for years to forge norms for how militaries around the world should operate in cyberspace. Now, tensions between Moscow and Washington over recent political breaches may energize that effort
Takeaways From a Trip to the National Security Agency(Council on Foreign Relations) A few weeks ago, I was part of a “National Thought Leaders” visit to the National Security Agency. Famously secretive and opaque (see, No Such Agency), the NSA started conducting this type of outreach after the Snowden disclosures in an attempt to correct what it saw as misunderstandings about its surveillance and intelligence roles. The day consisted of briefings from high level officials involved in NSA operations, information assurance, legal authorities, industry partnerships, and privacy and civil liberties oversight. We also spoke with Cyber Command officials. The briefings were conducted according to Chatham House rules, and below are some of my takeaways, unattributed to any one official
Porn block on new PCs to ‘fight trafficking’ – unless you pay $20(Naked Security) Proposing a bill that requires computers sold in a state to block access to online porn on the grounds that it “would be another way to fight human trafficking” is an interesting approach to crime prevention. That’s what Bill Chumley, Republican state representative, is suggesting in South Carolina
Yahoo Email Scanning For U.S. Spy Agency Shows Push to Recast Privacy(Fortune) Yahoo's secret scanning of customer emails at the behest of a U.S. spy agency is part of a growing push by officials to loosen constitutional protections Americans have against arbitrary governmental searches, according to legal documents and people briefed on closed court hearings
US State Police Have Spent Millions on Israeli Phone Cracking Tech(Motherboard) When cops have a phone to break into, they just might pull a small, laptop-sized device out of a rugged briefcase. After plugging the phone in with a cable, and a few taps of a touch-screen, the cops have now bypassed the phone’s passcode. Almost like magic, they now have access to call logs, text messages, and in some cases even deleted data
Enigma Software Group Responds to Malwarebytes Incompatibility(Enigma Software) Enigma Software Group USA, LLC ("ESG") began notifying its customers that Malwarebytes Inc., the maker of Malwarebytes Anti-Malware ("MBAM") and AdwCleaner, has begun intentionally blocking the installation and operation of ESG's programs SpyHunter and RegHunter for what ESG believes are competitive reasons. This action by Malwarebytes has created an immediate incompatibility between SpyHunter or RegHunter coexisting on the same PC with MBAM
Man Jailed for Part in Global Fraud Ring(Infosecurity Magazine) Police in London are celebrating this week after a 29-year-old man was jailed for over five years for his part in a major online banking fraud ring
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CES® CyberSecurity Forum(Las Vegas, Nevada, USA, January 5, 2017) Now in its second year, the CES® CyberSecurity Forum presented by CyberVista is designed to ensure all stakeholders in developing high tech solutions understand the complexity and the need for action in...
SANS Security East 2017(New Orleans, Louisiana, USA, January 9 - 14, 2017) Start the year off right by choosing from outstanding, cutting-edge courses presented by our top-rated instructors. SANS is looking forward to an exciting kickoff of 2017 with SANS Security East 2017 in...
Cybersecurity of Critical Infrastructure Summit 2017(College Station, Texas, USA, January 11 - 13, 2017) An inaugural event to convene thought-leaders, experts, and strategic decision makers from government, industry, and academia to discuss the technology and policy implications of the ever-evolving cyber-threats...
ShmooCon 2017(Washington, DC, USA, January 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...
SANS Las Vegas 2017(Las Vegas, Nevada, USA, January 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you...
BlueHat IL(Tel Aviv, Israel, January 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel.
Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.
SANS Cyber Threat Intelligence Summit & Training 2017(Arlington, Virginia, USA, January 25 - February 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but...
Blockchain Protocol and Security Engineering(Stanford, California, USA, January 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.