More people look at the compromised Android fire direction app that enabled Russian forces to locate and destroy Ukrainian artillery during hybrid combat in eastern Ukraine. The Ukrainian officer who developed the app and provided it to his comrades has said reporting on the hack contains "rotten information." But he also advises users to delete older versions and download the app only from him. Some commentators think the risks CrowdStrike reported overblown, because devices using the app wouldn't be Internet-connected, but video of Ukrainian gunners using the tool appears to show them connecting wirelessly to something.
The incident, the clearest instance yet of lethal tactical hacking (apart from some targeting of ISIS operators), is seen by many as a harbinger of the intersection of the cyber and kinetic domains.
CrowdStrike attributes the hack to Fancy Bear, Russia's GRU, and says the code is relevantly similar to that found in the US Democratic National Committee networks. Russian President Putin again denied meddling with US elections and expressed hope for better relations. The US still presumably has some retaliatory options in the barrel, but what those might be remains to be seen. There's not much hint of them in recent high-minded harrumphing from Director of Central Intelligence Brennan, who would decline to sink to the adversary's level, deplores "skullduggery," etc. The Council on Foreign Relations says people at Fort Meade told them that US Cyber Command likes the idea of "loud" cyber weapons, so retaliation, if it comes, may be noisily obvious.
Today's issue includes events affecting Australia, Brazil, Ireland, Russia, Ukraine, United States.
A note to our readers: Since this year both Christmas and New Year's Day fall on Sunday, we'll take a break on Monday, December 26th, and again on Monday, January 2nd. Other than that we'll publish on our normal schedule. Best wishes for the holidays from all of us at the CyberWire.
You can find information security lessons everywhere. We think we can see some in the new Star Wars flick, "Rogue One." Here's a thought: the Empire's contractors on Eadu were apparently less than fully NISPOM compliant. Didn't Director Krennic require them to self-certify? (For background on NISPOM, see this account of a CRTC symposium, and lawyer up, padawans. Even the Empire has privacy and employment laws. We're pretty sure...although Krennic's HR policies seem a little strict...)
ON THE PODCAST
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from our partners at Lancaster University, as Awais Rashid explains how advanced persistent threats exfiltrate data. Our guest is FBI Special Agent Keith Mularski, who'll give us the straight skinny on the big Avalanche takedown.
You may also find the special edition of our Podcast of interest—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.
The podcast will take a holiday break on December 26th and January 2nd. Next week, December 27th through December 30th, we'll be running special best-of-episodes from 2016, including new material in extended interviews with some of our most interesting partners and guests. We'll return to our normal programming on January 3rd. If you've enjoyed the podcasts, please consider giving us an iTunes review.
In Ukraine, more evidence of a hacking group's Kremlin ties(Military Times) For those searching for stronger evidence of Russia's connection to the hack of the Democratic National Committee, the tale of an infected Ukrainian Android app used for cellphones or tablets may help, according to a cybersecurity firm
This Android Malware Ties Russian Intelligence To The DNC Hacks(Forbes) The most convincing evidence yet tying Russia's GRU intelligence agency to the hack of the Democratic National Committee has been found in a bizarre tale involving an Android app developed by a Ukrainian military officer, security firm CrowdStrike claimed today
Fancy Bear Hack of Ukrainian Artillery Fighters Shows Future of War(Motherboard) Hackers believed to be working for the Russian military were able to track the position of Ukrainian fighters thanks to a booby-trapped Android app originally used to improve the aim and accuracy of Ukraine’s own artillery units, according to a new report
New attacks on wallets and AdWords correlate with Bitcoin price surge(Cisco Umbrella) Over the past year as cryptocurrency has steadily increased well past $800, OpenDNS Labs has been diligently tracking Bitcoin wallet phishing campaigns. With this most recent uptick in price we have observed a recent rise during this holiday season in phishing domains to steal access to online wallets
Firefox to Expand Sandbox Security Feature(Bleeping Computer) Mozilla announced plans to expand the Firefox sandbox security features with the introduction of a second sandboxing system for working with the browser's new multi-process e10s (Electrolysis) feature
Facebook kills off exact location sharing in Nearby Friends, adds “Wave”(TechCrunch) Nearby Friends didn’t turn into the Foursquare-killer it could have been, but Facebook is still trying to help people meet up in person… with a few changes. Facebook has removed the precise location-sharing feature from Nearby Friends, which now only lets you opt-in to broadcasting your approximate distance from friends and current neighborhood
Amid Yahoo hacks, a churn of security officers(San Francisco Chronicle) When Yahoo experienced the nation’s largest hacking attack, with information stolen from more than 1 billion user accounts in August 2013, it lacked a permanent information security chief
Cyber Security ETFs in Focus After Yahoo Hack Report(Nasdaq) Cyber security continues to be in the limelight as we approach the end of 2016 owing to numerous data breaches. While there were speculations of the Russian government resorting to hacks and sending contents to WikiLeaks to help Trump get to the White House, the biggest was probably Yahoo YHOO admitting to a high-profile data-security breach earlier this month
SentinelOne Honored as 2016 Industry Innovator by SC Media(Yahoo!) SentinelOne, the company transforming endpoint security by delivering real-time protection powered by machine learning and dynamic behavior analysis, today announced that it was recognized as an Innovator in the Data Protection category in SC Magazine's December 2016 Reboot issue. The company's next-generation Endpoint Protection Platform was recognized for its innovative threat detection technology and groundbreaking product guarantee against ransomware. SC Magazine's Innovator designation recognizes cybersecurity companies that have shown extraordinary innovation in the last year, not just in their technology but in their approach to the market as well
Veris to use Endgame solution to enhance detection, eliminate threats(GSN) Endgame, a leading endpoint security platform to close the protection gap against advanced attackers, today announced that Veris Group's Adaptive Threat Division (ATD), an industry-leading provider in adversary simulation and detection services, will utilize Endgame's endpoint detection and response platform to enhance detection, response, and threat hunting capabilities to eliminate security threats faster and with greater accuracy for customers
Technologies, Techniques, and Standards
NIST Guide Provides Way to Tackle Cybersecurity Incidents with Recovery Plan, Playbook(NIST) “Defense! Defense!” may be the rallying cry from cybersecurity teams working to thwart cybersecurity attacks, but perhaps they should be shouting “Recover! Recover!” instead. Attackers are increasingly racking up points against their targets, so the National Institute of Standards and Technology (NIST) has published the Guide for Cybersecurity Event Recovery (link is external) to help organizations develop a game plan to contain the opponent and get back on the field quickly
NIST Special Publication 800-184: Guide for Cybersecurity Event Recovery(NIST) In light of an increasing number of cybersecurity events, organizations can improve resilience by ensuring that their risk management processes include comprehensive recovery planning. Identifying and prioritizing organization resources helps to guide effective plans and realistic test scenarios. This preparation enables rapid recovery from incidents when they occur and helps to minimize the impact on the organization and its constituents
NIST crowdsources quantum-proof encryption(The Stack) The National Institute of Science and Technology has called for cryptographers to create the next generation of cryptography keys, intended to withstand attack by a quantum computer
CDM: A Government Program Worth Emulating and Fully Funding(Lawfare) The federal government isn’t often held up as a model for IT innovation and efficiency, but there are areas where they should be. An example of a policy directive that has paid dividends is the Continuous Diagnostics and Mitigation (CDM) program, whose aim is to give civilian government agencies a sensible, cost-effective way to upgrade their cybersecurity posture
Before You Pay that Ransomware Demand…(KrebsOnSecurity) A decade ago, if a desktop computer got infected with malware the chief symptom probably was an intrusive browser toolbar of some kind. Five years ago you were more likely to get whacked by a banking trojan that stole all your passwords and credit card numbers. These days if your mobile or desktop computer is infected what gets installed is likely to be “ransomware” — malicious software that locks your most prized documents, songs and pictures with strong encryption and then requires you to pay for a key to unlock the files
Password Alternatives: How to Secure your Enterprise's Data(Infosecurity Magazine) Passwords are still a popular target for hackers. While small password hacks that go unnoticed, they can still have a catastrophic effect. Take for example this year’s Yahoo password leak that compromised more than 500 million accounts, and affected the likes of Dropbox, LinkedIn, KFC, the Office of Personnel Management and many more
How to Protect and Harden a Computer against Ransomware(Bleeping Computer) 2016 is almost over and it definitely taught us one thing; Ransomware is here to stay and it's only going to get worse. With even the smaller ransomware developers earning a lot of money, the ransomware explosion is going to continue with more innovative techniques used in 2017
Autonomous cars seen as smarter than human drivers(TechCrunch) PwC released the results of its latest survey on the future of automotive technology, and it seems Americans are coming around to the idea of autonomous cars, ride hailing and car sharing. So much so that 66 percent of respondents said they think autonomous cars are probably smarter than the average human driver
Blog: Greater Integration Across the EMS Needed for Battlefield Dominance(SIGNAL) There’s no disputing technology’s role in the rapidly changing face of modern warfare. The convergence of commercial services with military applications, such as delivery of real-time data from anywhere using various devices, has changed the physical nature and understanding of what constitutes a combat environment. The U.S. military seeks to define a strategic approach to these converged operations
Inquiry says Snowden in contact with Russia’s spy services(Washington Times) Former National Security Agency contractor Edward Snowden remains in contact with Russian intelligence services, according to a bipartisan congressional report released at a time when Russia is considered a top national security concern
Berlin Attack Suspect Is Killed by Police Near Milan(New York Times) Anis Amri, the chief suspect in the deadly terrorist attack on a Christmas market in Berlin this week, was killed by the police in a shootout outside Milan around 3 a.m. Friday, ending a brief but intense manhunt across Europe, Italian officials announced
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CES® CyberSecurity Forum(Las Vegas, Nevada, USA, January 5, 2017) Now in its second year, the CES® CyberSecurity Forum presented by CyberVista is designed to ensure all stakeholders in developing high tech solutions understand the complexity and the need for action in...
SANS Security East 2017(New Orleans, Louisiana, USA, January 9 - 14, 2017) Start the year off right by choosing from outstanding, cutting-edge courses presented by our top-rated instructors. SANS is looking forward to an exciting kickoff of 2017 with SANS Security East 2017 in...
Cybersecurity of Critical Infrastructure Summit 2017(College Station, Texas, USA, January 11 - 13, 2017) An inaugural event to convene thought-leaders, experts, and strategic decision makers from government, industry, and academia to discuss the technology and policy implications of the ever-evolving cyber-threats...
ShmooCon 2017(Washington, DC, USA, January 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...
SANS Las Vegas 2017(Las Vegas, Nevada, USA, January 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you...
BlueHat IL(Tel Aviv, Israel, January 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel.
Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.
SANS Cyber Threat Intelligence Summit & Training 2017(Arlington, Virginia, USA, January 25 - February 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but...
Blockchain Protocol and Security Engineering(Stanford, California, USA, January 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.