G Data reports discovering a new ransomware strain on Christmas Eve, DeriaLock, which demands $30 from its victims in equally subliterate all-dein-Basen-gehoren-uns German or English, take your pick. And Bleeping Computer describes an odd Koolova variant seen in development that offers decryption in exchange for the victim's downloading and reading two articles on ransomware—apparently a misguided educational initiative?
The skids at R.I.U. Star Patrol, known for their recent attack on Tumblr ("There is no sinister motive. It's all for light hearted [sic] fun," as the Patrol explains) said they planned Christmas denial-of-service attacks on Xbox One and Playstation 4 servers. The attacks are essentially motiveless. Outages have been reported early this morning; how extensive they are remains unclear.
Gamers seeking an unfair advantage over their online opponents face a targeted threat—a malicious cheat code for CounterStrike overwrites their Master Boot Record.
Two patches are particularly worthy of attention: Cisco offers an update to mitigate vulnerabilities in its CloudCenter Orchestrator, and PHP Mailer 5.2.18 closes a remote code execution hole in the widely used (WordPress, Drupal, Joomla, and elsewhere) software.
We are in the midst of 2016 retrospectives and 2017 predictions. Predictions generally project the past year's trends into the future (reasonably enough): an increasing military optempo in cyberspace, more adaptation of online media to influence operations, widespread attacks on (and via) the Internet-of-Things, the commodification of ransomware, a persistent appetite for surveillance among the world's governments, and the likelihood that emerging technologies will bring fresh threats to privacy.
Today's issue includes events affecting China, Egypt, European Union, Guyana, India, Russia, Sweden, Thailand, Ukraine, United Kingdom, United States.
A note to our readers: New Year's Day falls on Sunday, and so we'll take a break on Monday, January 2nd. Other than that we'll publish on our normal schedule. Best wishes for the new year from all of us at the CyberWire.
You can find information security lessons everywhere. We think we see some in the new Star Wars flick, "Rogue One." Here's a thought: the Empire's contractors on Eadu were apparently less than fully NISPOM compliant. Didn't Director Krennic require them to self-certify? (For background on NISPOM, see this account of a CRTC symposium, and lawyer up, padawans. Even the Empire has privacy and employment laws. We're pretty sure...although Krennic's HR policies seem a little strict...)
ON THE PODCAST
The CyberWire podcast this week offers a series of end-of-year long-form (but still brief) episodes. We're running extended interviews that include never-before aired conversations with some of our most interesting partners and guests. Our normal programming returns on January 3rd. If you've been enjoying the podcasts, please consider giving us an iTunes review.
You may also find the special edition of our Podcast of interest—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.
Cyber Attacks, Threats, and Vulnerabilities
Skeptics Doubt Ukraine Hack, Its Link to DNC Cyberattack(Voice of America) Malware used to hack Democratic National Committee servers during the 2016 elections was also used to hack an artillery-targeting app in Ukraine, and might have caused Ukrainian military losses to pro-Russian forces, according to a report released this week by CrowdStrike, a cybersecurity company
Faketivists Could Play Havoc with Euro Elections in 2017(Infosecurity Magazine) Security experts are warning of a rise in so-called “faketivists” – state sponsored operatives who take on the personas of solitary hacktivists in order to disseminate sensitive hacked material for political ends
How a Smart Toy Could Get Hacked(Panda) Almost a decade has passed since the arrival of Furby, which made quite a splash on the children’s toys market. That was just the beginning. Now, Christmas serves as a time to usher in new companions that, of course, come with their respective apps and are able to have full conversations, as though they were alive. The Internet of Things has come to the toy store
CounterStrike Hacking Tool Overwrites Cheaters' Hard Drive MBR(Bleeping Computer) CounterStrike gamers looking for an advantage over their competition might be in for a surprise this Christmas, as there's a booby-trapped cheat tool going around that will overwrite their hard drive MBR (Master Boot Record) and prevent their computers from booting
Koolova Ransomware Decrypts for Free if you Read Two Articles about Ransomware(Bleeping Computer) There have been a lot of strange twists and turns when it comes to ransomware this month. First, we had Popcorn Time that gave you the option of screwing over people by infecting them to possibly get a free decryption key. Now, we have a new in-development variant of the Koolova Ransomware that will decrypt your files for free if you educate yourself about ransomware by reading two articles
Fake Michael Kors Site Has Highest Volume For Non-Malware Attacks(PYMNTS) Tricking someone into clicking on a fake website and turning over their personal data has been a favorite scam of hackers, and it doesn’t seem to be abating, with security firm Cyren reporting a fake Michael Kors shopping website coming in as the highest volume non-malware attack of all of 2016
Sports-Related Website Targeted(Sports ISAO) A sports-related website has recently been under attack from what appears to be an automated system that attempts to login to the website with guessed credentials. Use of this strategy, known as a brute force attack, against WordPress websites are once again on the rise. Additionally, the vast array of plug-ins for WordPress provides ample opportunity for hacks if the site administrator is not up-to-date with patching
APWG Report: Record-Shattering Q2 Phishing Attack Wave Ebbed in Q3 2016(SAT Press Releases) The Anti-Phishing Working Group reports that the year’s record wave of phishing subsided in the autumn. According to the APWG’s new Phishing Activity Trends Report, the total number of phishing websites detected in the third quarter of 2016 was 364,424, compared with 466,065 in the second quarter — a decline of 25 percent
Security Patches, Mitigations, and Software Updates
Cisco Warns of Critical Flaw in Cloudcenter Orchestrator Systems(Threatpost) Cisco Systems released a critical security bulletin for a vulnerability that could allow an attacker to gain root privileges on affected CloudCenter Orchestrator systems. The company released workaround instructions to mitigate the flaw along with making a software fix available for download
Cyber Security Predictions For 2017(AEC News) The year is coming to a close and for the the internet and cyber security communities that means looking back at what problems the internet faced in 2016, what issues are likely to arise in the year ahead, and how we can protect ourselves
The Worst Hacks of 2016(Motherboard) It’s that time of the year again, where we recap the worst or biggest hacks of the previous 365 days, and try to convince you that, yes, this was the worst year for security ever
Year in Review: Militaries Got More Cyber in 2016(Council on Foreign Relations) This year marked a turning point in military uses of cyberspace. For the first time, the United States, United Kingdom, and Australia acknowledged deploying offensive cyber tools against the Islamic State. The fact that the United States, China, Russia, and others break into adversary computer networks is not new–intelligence organizations have done so since the early 1990s. But openly acknowledging that a military, as opposed to largely civilian intelligence organizations, is using malware to gain an advantage during an armed conflict breaks new ground
Top 4 Cyber Attack Vectors of 2016(The Merkle) It is evident that 2016, has been a year filled with all types of cybercrime. Ranging from DDoS attacks to malware, hacking to ransomware, and social engineering to skimming, a lot of havoc has been caused by select groups of individuals. But what were some of the top attack vectors exploited by criminals in 2016?
The Perils of Connectivity: Cyber Insecurity in 2016(Cipher Brief) From disruptive distributed denial of service (DDoS) attacks rendering entire swathes of the Internet including Netflix, Twitter, PayPal, CNN, The New York Times, and Amazon hosting services inaccessible, to nation-states inserting themselves into the democratic process of other countries’ self-determination, it has truly been a landmark year for cybersecurity—or lack thereof
Privacy is still alive and kicking in the digital age(TechCrunch) Our lives are lived in data. Data crossing borders and connected in virtual space. Most often, it appears, we live in open and too easily accessible data networks. States and corporations are watching us through data, and we are watching each other through data. What does individual privacy mean in this data saturated environment?
IBM's Astonishing Patent Strategy Shows Where It's Going Next(Nasdaq) IBM (IBM) is set to top the list of patent holders for the 24th year in a row in the U.S. This is no ordinary feat. IBM is the only company to have ever exceeded over 7,000 U.S. patent grants during a single year. During 2016 year-to-date, IBM has already crossed the 7,000-patent mark for the third consecutive year
Is Blockchain The Next IBM Strategic Imperative?(Seeking Alpha) Blockchain is generally associated with bitcoin, but it is much more than that. IBM is one of the pioneers in this industry. Here we report some basic definitions and examples of how blockchain is being developed. The global blockchain market is estimated to be worth $210M. We estimate that IBM is generating between $6M and $50M a year from its blockchain segment
Insider Q&A: Mimecast's Peter Bauer(ABC News) Email has become a crucial part of how companies communicate, but those systems are constantly being attacked by everything from inbox-clogging spam to phishing emails looking to steal secrets and money
R3's Corda blockchain platform now available on Microsoft Azure(Brave New Coin) Microsoft Azure is a cloud computing platform for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers. The platform offers a growing collection of integrated cloud services, including analytics, computing, database, mobile, networking, and storage
Russia offers technology to keep hackers at bay(The Hindu) Russian Quantum Center (RQC) said that it is ready to collaborate with India and offer its quantum technology that will prevent hackers from breaking into bank accounts. RQC plans to offer 'quantum cryptography’ that could propel India to the forefront of hack proof communication in sectors such as banking and national and homeland security
How to Enable Two-Factor Authentication on Slack(Electronic Frontier Foundation) For the twelfth and final day of the 12 Days of 2FA, we will look at how to enable two-factor authentication on Slack. If you are a member of multiple Slack “teams” (e.g. work.slack.com and school.slack.com), you will need to set up 2FA separately for each account you use
Hacker Lexicon: What Is the Attribution Problem?(WIred) After months of news about Russian meddling in this year’s US presidential election you’re probably sick of speculation and ready for answers: What exactly did Russia do and why? It sounds simple enough, but a fundamental concept in cybersecurity and digital forensics is the fact that it is sometimes extremely difficult after a cyberattack to definitively name a perpetrator. Hackers have a lot of technical tools at their disposal to cover their tracks. And even when analysts figure out which computer a hacker used, going from there to who used it is very difficult. This is known as the attribution problem
UK’s Nuclear Submarines runs Windows XP for Submarines™(MSPowerUser) In these days of strangely increasing nuclear tension it may amuse (or frighten) our readers to learn that Microsoft’s first commercial NT-based operating system is still in charge of the UK’s nuclear deterrent, powering the 4 nuclear submarines that protect UK’s interest
Wassenaar Arrangement: Still No Deal Reached(Infosecurity Magazine) Security researchers have been left in the lurch after negotiators failed to find a breakthrough in talks designed to update a controversial export treaty which currently treats white hat hacking tools like weapons
Obama moves to split cyberwarfare command from the NSA(Washington Post) With weeks to go in his tenure, President Obama on Friday moved to end the controversial “dual-hat” arrangement under which the National Security Agency and the nation’s cyberwarfare command are headed by the same military officer
The FBI investigates if China has been hacking The FDIC(USB Port) The Chinese military could be behind the cyber attacks the FDIC has suffered in different opportunities since 2010, and the Federal Bureau of Investigation (FBI) is going to open an investigation on the matter
2016 Presidential Campaign Hacking Fast Facts(Gant Daily) Here’s a look at hacking incidents during the 2016 presidential campaign and allegations by the US that the Russian government meddled in the election. Both Republicans and Democrats have issued calls for a deeper probe of Russian interference. President Barack Obama said that the US will take action against Russia and has ordered a complete review of elections going back to 2008 before he leaves office. President-elect Donald Trump has rejected suggestions of Russian influence, despite the CIA concluding that Russia acted to help Trump win
Inquiry says Snowden in contact with Russia's spy services(AP via Columbia Daily Tribune) Former National Security Agency contractor Edward Snowden remains in contact with Russian intelligence services, according to a bipartisan congressional report released at a time when Russia is considered a top national security concern
Intel Committee Releases Declassified Snowden Report(US House Permanent Select Committee on Intelligence ) The House Permanent Select Committee on Intelligence today released a declassified version of its investigative report on Edward Snowden, the former National Security Agency contractor who fled to China and then Russia after stealing an estimated 1.5 million classified documents. The report, including redactions for classified information, was the result of a two-year inquiry into Snowden’s background, likely motivations, and methods of theft, as well as the damage done to U.S. national security as a result of his actions. The report was completed in September 2016 and submitted to the Intelligence Community for a declassification review
Edward Snowden Fast Facts(CNN via KBKZ) Here is a look at the life of Edward Snowden, who has admitted to leaking information about United States surveillance programs to the press
Belatedly, a Defense of a Whistleblower(Consortium News) After vowing to run a transparent government, President Obama oversaw an unprecedented legal assault on whistleblowers, only now offering up a modest concession, as Linda Lewis explains
Vendor BlimeSub a.k.a BTH-Overdose busted(DeepDotWeb) Emil Babadjov, the person behind the vendor aliases “Blime-Sub” and “BTH-Overdose,” was arrested and made his initial court appearance on December 14 2016, in San Francisco. According to the indictment he sold heroin, fentanyl, and methamphetamine on Alphabay with both accounts having combined over 2300 sales
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CES® CyberSecurity Forum(Las Vegas, Nevada, USA, January 5, 2017) Now in its second year, the CES® CyberSecurity Forum presented by CyberVista is designed to ensure all stakeholders in developing high tech solutions understand the complexity and the need for action in...
SANS Security East 2017(New Orleans, Louisiana, USA, January 9 - 14, 2017) Start the year off right by choosing from outstanding, cutting-edge courses presented by our top-rated instructors. SANS is looking forward to an exciting kickoff of 2017 with SANS Security East 2017 in...
Cybersecurity of Critical Infrastructure Summit 2017(College Station, Texas, USA, January 11 - 13, 2017) An inaugural event to convene thought-leaders, experts, and strategic decision makers from government, industry, and academia to discuss the technology and policy implications of the ever-evolving cyber-threats...
ShmooCon 2017(Washington, DC, USA, January 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...
SANS Las Vegas 2017(Las Vegas, Nevada, USA, January 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you...
BlueHat IL(Tel Aviv, Israel, January 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel.
Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.
SANS Cyber Threat Intelligence Summit & Training 2017(Arlington, Virginia, USA, January 25 - February 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but...
Blockchain Protocol and Security Engineering(Stanford, California, USA, January 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.