The US is said to be preparing retaliation for Russian intelligence and influence operations conducted during the 2016 election season. The nature of the response is unspecified, but it's being described as "proportionate," and as in all likelihood including some covert operations in cyberspace. Members of both major parties in Congress have been pushing the Administration to act, urging among other measures exposure of personal corruption in the Russian leadership. (This would resemble Russian doxing of the Democratic National Committee, which good-government advocate Putin has observed, without acknowledging responsibility, was actually a contribution to American political transparency. That's one way of looking at it.)
Investigation of Russian influence operations continues. The US Intelligence Community blogged on December 16 that it wouldn't share further information until the inquiry is complete and reported to Congress. Journalists who filed a Freedom of Information Act request for access to preliminary results filed suit in a Federal court seeking to require the IC to be more forthcoming.
Security Research Labs (SRL) revealed the discouraging results of their inspection of air travel booking systems yesterday at the Chaos Communications Congress. The three major services that handle some 90% of airline bookings—Amadeus, Sabre, and Travelport—were found, according to SRL, to lack meaningful authentication (not even "a first authentication factor"). Passenger itineraries and personal information are easily exposed, stolen, and manipulated.
Some financial analysts think the Yahoo! breaches will have little effect on the company's deal with Verizon: customers, they think, have grown blasé about breaches.
Today's issue includes events affecting Botswana, Brazil, China, Democratic Republic of Congo, Germany, India, Indonesia, Iran, Israel, Italy, Kenya, Republic of Korea, Mexico, NATO/OTAN, Nigeria, Romania, Russia, South Africa, Spain, Switzerland, Taiwan, Thailand, Uganda, Ukraine, United States.
A note to our readers: New Year's Day falls on Sunday, and so we'll take a break on Monday, January 2nd. Other than that we'll publish on our normal schedule. Best wishes for the new year from all of us at the CyberWire.
You can find information security lessons everywhere. We think we see some in the new Star Wars flick, "Rogue One." Here's a thought: the Empire's contractors on Eadu were apparently less than fully NISPOM compliant. Didn't Director Krennic require them to self-certify? (For background on NISPOM, see this account of a CRTC symposium, and lawyer up, padawans. Even the Empire has privacy and employment laws. We're pretty sure...although Krennic's HR policies seem a little strict...)
ON THE PODCAST
The CyberWire podcast this week offers a series of end-of-year long-form (but still brief) episodes. We're running extended interviews that include never-before aired conversations with some of our most interesting partners and guests. Our normal programming returns on January 3rd. If you've been enjoying the podcasts, please consider giving us an iTunes review.
You may also find the special edition of our Podcast of interest—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.
Cyber Attacks, Threats, and Vulnerabilities
Iranian officials inexplicably exaggerate years old Nitro Zeus cyber threat(Space Watch Middle East) Senior officials from Iran’s Civil Defence Organisation warned a conference audience in Tehran of an imminent U.S. and Israeli cyber attack against Iran code-named Nitro Zeus. The only problem is that Nitro Zeus has been shelved by the U.S. and Israel for several years, and was even featured in an acclaimed and popular documentary
Android Trojan Switcher Infects Routers via DNS Hijacking(Threatpost) A new Android Trojan uses victims’ devices to infect WiFi routers and funnel any users of the network to malicious sites. The malware doesn’t target users directly – instead its goal is to facilitate further attacks by turning victims into accomplices
It's Incredibly Easy to Tamper with Someone's Flight Plan, Anywhere on the Globe(Motherboard) It’s easier than many people realize to modify someone else’s flight booking, or cancel their flight altogether, because airlines rely on old, unsecured systems for processing customers’ travel plans, researchers will explain at the Chaos Communication Congress hacking festival on Tuesday. The issues predominantly center around the lack of any meaningful authentication for customers requesting their flight information
Legacy booking systems disclose travelers’ private information(Security Research Labs) Travel bookings worldwide are maintained in a handful of systems. The three largest Global Distributed Systems (GDS) Amadeus, Sabre, and Travelport administer more than 90% of flight reservations as well as numerous hotel, car, and other travel bookings
Kaspersky: Romanian government institutions are vulnerable to cyberattacks due to old IT systems(Business Review) Cyber espionage is a phenomena that will expand next year, Romania having a medium exposure to it, taking into account that the country has very good specialists, but low budgets and the vulnerabilities are present especially in the government institutions due to the old IT systems, said, Stefan Tanase, senior security researcher within the Russian producer of cybersecurity services Kaspersky Lab, according to News[dot]ro
‘5 African countries vulnerable to cyber attack’(Vanguard) Latest study just released by Check Point has revealed that five African nations were among the top 10 most attacked countries in November 2016 as cybercriminals made increasing use of ransomware attacks using the Locky and Cryptowall viruses
Security Patches, Mitigations, and Software Updates
Microsoft Admits Serious Windows 10 Upgrade Error(Forbes) I was saying this long before it was fashionable: Microsoft MSFT +0.05% crossed the line with its Windows 10 upgrade tactics by employing seriously dirty tricks - and now, at long last, the company has admitted it
The Year Encryption Won(Wired) Between the revelations of mega-hacks of Yahoo and others, Russia’s meddling in the US electoral system, and the recent spike in ransomware, it’s easy to look at 2016 as a bleak year for security. It wasn’t all so, though. In fact, the last 12 months have seen significant strides in one of the most important aspects of personal security of all: encryption
2016 State of Business application security(ERPScan) In the wake of several high-profile incidents involving business applications over the outgoing year, there is an increasing focus on business software security. In this blog post, we gathered together the milestones of this topic for 2016
17 Security Experts Share Predictions for the Top Cyber-Trends of 2017(eWeek) Enterprises, governments and end users faced no shortage of security challenges in 2016. As the year draws to a close, we wonder: What security trends will continue into 2017? What will be the big security stories of the year to come? Many trends emerged in 2016 that are very likely to remain key issues for organizations of all sizes and shapes in 2017. Among them is the continued and growing risk of ransomware, which emerged in 2016 as a primary attack vector for hackers aiming to cash in on their nefarious activities. In 2016, nation-states once again were identified by multiple organizations as being the source of serious cyber-threats, and there is no indication that will change in the year ahead. Among the emerging trends that could become more prominent in the new year are the widespread use of containers and microservices to improve security control
2017 — A potluck holiday feast of predictions(CyberScoop) It’s that familiar season again — chestnuts roasting on an open fire, sleigh bells jingling … and the usual round of cybersecurity predictions for the new year. We’ve been reading, so you don’t have to
SecureWorks sees 2017 held to ransom(Enterprise Times) Managed Security Provider (MSP) SecureWorks has said it expects ransomware threats to keep growing in 2017. This should come as no surprise despite some ransomware owners giving up in 2016. The number of ransomware families released in 2016 more than trebled from the previous year
Digital Shadows Report Reveals that the Mirai Botnet Isn’t Going Away(OpenPR) Digital Shadows, a provider of cyber situational awareness, released its new report Mirai and The Future, Forecasting the DDoS Landscape in 2017. The emergence of the Mirai botnet - a type of malware that automatically finds Internet of Things (IoT) devices to infect - earlier this year was hailed as a major development in malware but according to the report, this could be a tip of the iceberg as cybercriminals rush to adapt and develop the original Mirai code
The carrot and stick of data breaches(TechCrunch) Data breaches are on the rise. Just recently we saw new reports confirming Yahoo! suffered another large, embarrassing breach (this time of more than one billion user accounts in August 2013). And the story continues to unfold around whether or not Russia breached United States cyber systems in hopes of influencing the 2016 presidential election. It seems like putting personal information in a website today feels a bit like getting into a car 50 years ago — with minimal seatbelts, no airbags and no testing, you just had to hope to avoid a crash
Thai cybersecurity lagging(Bangkok Post) Thailand's cybersecurity market growth next year will lag behind that of its Asean neighbours as its investment in the sector remains low
Cujo adds parental controls to its home firewall device(TechCrunch) Cujo certainly felt like the right product at the right time when the smart firewall’s creators took to the Disrupt stage to debut the device back in May. Since its debut, IoT attacks have grown in prominence as users add more and more failure points to their home security ecosystem one connected device at a time
Security Keys: The Answer For Account Takeovers?(PYMNTS) Account takeovers, even of high-profile people, has become a common occurrence in this era of sophisticated cyberattacks and hacks, but researchers think they’ve found a way to fight back against account takeovers: cryptographically based security keys
Top House Intel Dem to Obama: Expose Putin's corruption(The Hill) The leading Democrat on the House Intelligence Committee is endorsing a suggestion that the Obama administration quickly fire back on Russia for its alleged election interference by exposing embarrassing information about President Vladimir Putin
McCain: NATO key to stopping 'Russian misbehavior'(The Hill) Sen. John McCain (R-Ariz.) said Tuesday that a strong North Atlantic Treaty Organization (NATO), an organization President-elect Donald Trump has promised to reexamine, is crucial to stopping future Russian aggression
Senator alleges CIA intimidation of committee staff, seeks protections(Federal News Radio) Congress has passed laws to protect whistleblowers from retaliation, but what about Congress’ own staff? That’s something Sen. Sheldon Whitehouse (D-R.I.) would like his colleagues to address, to ensure Congress can perform its constitutional oversight of the executive branch
China renews calls for tighter cyberspace security(Interaksyon) China’s top cybersecurity body reaffirmed its commitment to heightened cybersecurity surveillance on Tuesday, calling for increased scrutiny of local and foreign technology used in industries deemed critical to the national interest
CERT Switzerland Temporarily Cripples Tofsee Botnet(Bleeping Computer) Last week, the Swiss Governmental Computer Emergency Response Team (GovCERT), together with SWITCH, the registrar of .ch top-level domain names, have taken action against the Tofsee malware botnet that was abusing Swiss domains to host its dynamic command and control (C&C) servers
An Amazon Echo may be the key to solving a murder case(TechCrunch) Internet-connected devices may start helping in criminal cases. As first reported in The Information, police in Bentonville, Arkansas have issued a warrant to Amazon, asking the company to hand over data from an Echo device to help prosecute a suspected murderer
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CES® CyberSecurity Forum(Las Vegas, Nevada, USA, January 5, 2017) Now in its second year, the CES® CyberSecurity Forum presented by CyberVista is designed to ensure all stakeholders in developing high tech solutions understand the complexity and the need for action in...
SANS Security East 2017(New Orleans, Louisiana, USA, January 9 - 14, 2017) Start the year off right by choosing from outstanding, cutting-edge courses presented by our top-rated instructors. SANS is looking forward to an exciting kickoff of 2017 with SANS Security East 2017 in...
Cybersecurity of Critical Infrastructure Summit 2017(College Station, Texas, USA, January 11 - 13, 2017) An inaugural event to convene thought-leaders, experts, and strategic decision makers from government, industry, and academia to discuss the technology and policy implications of the ever-evolving cyber-threats...
ShmooCon 2017(Washington, DC, USA, January 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...
SANS Las Vegas 2017(Las Vegas, Nevada, USA, January 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you...
BlueHat IL(Tel Aviv, Israel, January 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel.
Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.
SANS Cyber Threat Intelligence Summit & Training 2017(Arlington, Virginia, USA, January 25 - February 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but...
Blockchain Protocol and Security Engineering(Stanford, California, USA, January 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.