The Organisation for Security and Cooperation in Europe (OSCE) sustained a cyber espionage attack last month. OSCE disclosed the attack yesterday, but said it had insufficient evidence to attribute it to any particular actor. Le Monde is not so coy: their sources (in an unnamed "western intelligence service") tell them it's Fancy Bear. OCSE is an intergovernmental human rights and confidence-building organization that has been monitoring the fighting in eastern Ukraine.
Fancy Bear is widely believed to be Russia's GRU, and is generally thought responsible for supporting Russian hybrid warfare in Donbass and compromising networks of US political parties during the last election cycle. That latter activity may still prompt long-threatened US retaliation—Senators are talking about sanctions, and observers think covert US cyber operations against Russian targets a possibility.
Another large distributed denial-of-service attack was observed before Christmas. Imperva says its Incapsula network mitigated a 650 Gbps attack that had nothing to do with any Mirai botnet. Mirai exploits IoT devices, but IP spoofing has so far made it impossible to determine what devices were compromised into this new botnet, called "Leet." Unlike Mirai, Leet used relatively large SYN packets in its attack traffic.
Two threats affecting Android systems come to light. One, the "Switcher" Trojan, gets to TP-Link routers via Android devices on the routers' WiFi networks, then hijacks DNS settings. The second threat is to smart TVs—a Cyber.Police ransomware variant bricks LG TVs. LG seems to have been able to help affected customers unbrick their sets.
Today's issue includes events affecting Canada, China, Germany, India, Israel, Democratic Peoples Republic of Korea, Nigeria, Russia, Ukraine, United States.
A note to our readers: New Year's Day falls on Sunday, and so we'll take a break on Monday, January 2nd. Other than that we'll publish on our normal schedule. Best wishes for the new year from all of us at the CyberWire.
You can find information security lessons everywhere. We think we see some in the new Star Wars flick, "Rogue One." Here's a thought: the Empire's contractors on Eadu were apparently less than fully NISPOM compliant. Didn't Director Krennic require them to self-certify? (For background on NISPOM, see this account of a CRTC symposium, and lawyer up, padawans. Even the Empire has privacy and employment laws. We're pretty sure...although Krennic's HR policies seem a little strict...)
ON THE PODCAST
The CyberWire podcast this week offers a series of end-of-year long-form (but still brief) episodes. We're running extended interviews that include never-before aired conversations with some of our most interesting partners and guests. Our normal programming returns on January 3rd. If you've been enjoying the podcasts, please consider giving us an iTunes review.
You may also find the special edition of our Podcast of interest—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.
Is Russia Responsible for a Cyber Attack Against the OSCE?(Foreign Policy) The Organization for Security and Cooperation in Europe, a rights watchdog that for more than two years has monitored the ground war between Ukrainian forces and Russian-backed separatists, acknowledged Wednesday it had been hacked. The likely culprit, according to Le Monde: Russia
Malware in Ukraine armed forces app linked to DNC hackers(SC Magazine) A malicious remote access toolkit recently found in an app used by Ukrainian military forces is an Android version of the same proprietary malware that helped hackers steal files from the Democratic National Committee, researchers from CrowdStrike have reported
650Gbps DDoS Attack from the Leet Botnet(Imperva Incapsula) As the end of the year approaches, it’s natural to contemplate the future and look for signs of things to come. Sometimes, however, you don’t have to search too hard. Sometimes, these “signs” hit you like a ton of bricks
Android Trojan Switcher Infects Routers via DNS Hijacking(Threatpost) A new Android Trojan uses a victims’ devices to infect WiFi routers and funnel any users of the network to malicious sites. The malware doesn’t target users directly – instead its goal is to facilitate further attacks by turning victims into accomplices
Android Ransomware Infects LG Smart TV(Bleeping Computer) Security firms have been warning us for more than a year about the possibility of Android malware jumping from phones and tablets to other Android-powered devices, such smart TVs
Ransomware Economics: Why the Threat is Here to Stay(Infosecurity Magazine) The concept of extorting a victim for money is nothing new; in fact it’s older than the internet by many centuries. Over the years, however, malware has evolved from spying on users and harvesting information, to promoting malicious links for clickbait, to the current straight forward tactic of ‘give us your money'
Updated Sundown Exploit Kit Uses Steganography(Trend Micro) This year has seen a big shift in the exploit kit landscape, with many of the bigger players unexpectedly dropping out of action. The Nuclear exploit kit operations started dwindling in May, Angler disappeared around the same time Russia’s Federal Security Service made nearly 50 arrests last June, and then in September Neutrino reportedly went private and shifted focus to select clientele only. Now, the most prominent exploit kits in circulation are RIG and Sundown. Both gained prominence shortly after Neutrino dropped out of active circulation
Holiday Inn Parent IHG Probes Breach Claims(KrebsOnSecurity) InterContinental Hotels Group (IHG), the parent company for more than 5,000 hotels worldwide including Holiday Inn, says it is investigating claims of a possible credit card breach at some U.S. locations
Four New Normals for 2017(Threatpost) Let’s not talk about cybersecurity predictions for 2017. Let’s talk instead about new normals, things that have ceased to be novel because, well, they happen all the time and everywhere
What's Ahead for 2017: Predictions from the RSAC Advisory Board(RSA Conference) After an eventful year, it can be comforting to put a framework around the uncertainty of the future and try to look ahead at what next year may bring. And it’s in that spirit that we talked to the RSA Conference Advisory Board to find out what they think will happen in the world of cybersecurity as we enter 2017
Encryption in 2016: Small victories add up(Computerworld) The move from SHA-1 to SHA-2, a Congressional victory over backdoors, and the rise of encrypted communications are leading us toward a more secure world
Burrowing Bad? Ransomworms Deepen Crypto-Ransomware Threats in 2017(IBM Security Intelligence Blog) What’s worse than ransomware? Ransomworms. According to CSO Online, 2017 may be a rough year for information security teams. Combined with evolving cryptography and ransomware techniques, cybercriminals are hoping to burrow even deeper into corporate networks. Here’s a look ahead
Gemalto Index highlights credentials concern(Planet Biometrics) Gemalto has released the findings of its Authentication and Identity Management Index, which revealed that 90% of enterprise IT professionals are concerned that employee reuse of personal credentials for work purposes could compromise security. However, with two thirds (68%) saying they would be comfortable allowing employees to use their social media credentials on company resources, Gemalto’s research suggests that personal applications (such as email) are the biggest worry to organisations
How Companies Need to Address Cybersecurity Risks in 2017(Wall Street Journal) Peter Beshar, executive vice president and general counsel of Marsh & McLennan Companies, a global professional services firm that includes Marsh, an insurance brokerage and risk advisor, speaks about the current state of cyberthreats, what companies should be doing to protect themselves and the potential impact the Trump administration will have on cybersecurity
FireEye Inc's Best Moves in 2016(Fox Business) I've generally been bearish on FireEye (NASDAQ: FEYE), the once-promising cybersecurity firm that lost over 40% of its value in 2016. The company's declining revenue growth, widening GAAP losses, unstable cash flow, and executive exodus all indicate that the stock could fall further next year. However, those challenges shouldn't completely overshadow its accomplishments this year. Let's take a look back at three of FireEye's smartest moves in 2016
Agencies embrace bug bounty programs(Government Matters) Federal Times editor Aaron Boyd discussed the proliferation of bug bounty programs across government and the January launch of Sightline Media Group’s new cybersecurity hub, FifthDomain.com
illusive networks named 'Industry Innovator' by SC Magazine(GSN Magazine) illusive networks today announced that its pioneering Deceptions Everywhere® cybersecurity was selected by SC Magazine as a Next-Generation Security Monitoring and Analytic Innovator in its award-winning annual Reboot '16 Innovators issue
5 Great 'Starter' Cybersecurity Certifications(Business News Daily) Looking for a career change in the new year? There's no better time to consider a career in cybersecurity: U.S. businesses and government agencies are spending billions of dollars each year to protect their data and assets from malicious attacks, with Forbes reporting that $170 billion will be spent worldwide by 2020
Here’s North Korea’s Totalitarian Android Tablet(Motherboard) When you think of North Korea, the first thing that springs to mind is probably not a well-featured tablet PC. But that's just what researchers at the Chaos Communication Congress hacking festival revealed on Tuesday
Technologies, Techniques, and Standards
FDA issues new security guidelines so that your pacemaker won’t get hacked(TechCrunch) This week, the US Food and Drug Administration issued a set of recommendations for securing medical devices that could jeopardize the safety and privacy of their users. The report, titled “Postmarket Management of Cybersecurity in Medical Devices,” focuses on security throughout the lifecycle of a device, emphasizing that robust cybersecurity is an ongoing process that requires maintenance and regular software updates, just like any non-medical piece of hardware would
Postmarket Management of Cybersecurity in Medical Devices: Guidance for Industry and Food and Drug Administration Staff(US Food and Drug Administration) The Food and Drug Administration (FDA) is issuing this guidance to inform industry and FDA staff of the Agency’s recommendations for managing postmarket cybersecurity vulnerabilities for marketed and distributed medical devices. In addition to the specific recommendations contained in this guidance, manufacturers are encouraged to address cybersecurity throughout the product lifecycle, including during the design, development, production, distribution, deployment and maintenance of the device
The Non-Refundable Fundamentals: Estimating the Cost of a Data Breach(Infosecurity Magazine) Quantifying the financial impact of a data breach before it occurs is like assuming you can win roulette using insider trading. How is that? The average cost of a breach per record stolen today is roughly $221, according to research released earlier this year by the Ponemon Institute. Of that figure, one-third is a predictable direct measurement. When estimating the monetary ramifications of a data breach, calculating the direct costs for resolution matters – such as technical services and notifications – is easier than predicting indirect expenditures such as customer retention and employee loss
What is ISR in non-physical domains?(C4ISRNET) Ask commanders what they want more of, and one of the top responses is more intelligence, surveillance and reconnaissance. ISR has become a critical asset in planning operations and understanding trends within a commander’s battlespace. Non-physical domains and maneuver spaces are becoming more prominent in emerging and future conflicts. But how will commanders be able to “see” in cyberspace or the electromagnetic spectrum?
Are APT Reports Still Valuable or Have They Become Marketing Fluff?(LookingGlass) Now that APT reports have been exposed, the “thrill” of discovering and calling out suspected nation state actors engaged in clandestine cyber activity has become almost routine. Excitement over what was once considered a difficult thing to do (detecting “advanced” cyber adversaries) is now expected. And therein lies the problem. The rush to attribute and increase marketing visibility in the wake of such incidents has taken the place of adding value through the exchange of actionable information
33C3: Understanding Mobile Messaging and Its Security(Hackaday) If you had to explain why you use one mobile messaging service over another to your grandmother, would you be able to? Does she even care about forward secrecy or the difference between a private and public key is? Maybe she would if she understood the issues in relation to “normal” human experiences: holding secret discussions behind closed doors and sending letters wrapped in envelopes
PayThink 'Threat intelligence' technology can fight big box data breaches(Payments Source) Financial institutions and e-commerce merchants have become targets of massive financial fraud as cyber criminals have used stolen payment card data from major data breaches, such as the ones involving Wendy’s restaurants in 2015, Home Depot in 2014, and Target in 2013 to make illegal purchases online
Design and Innovation
Mixing biology with technology: what could possibly go wrong?(Naked Security) If you were in the security business a dozen years ago, you’ll remember all the speculation around cellphone malware. The iPhone and other smartphones weren’t yet ubiquitous and attacks against such devices were discussed in the context of some distant future
China renews calls for tighter cyberspace security(Pakistan Observer) China’s top cy-bersecurity body reaffirmed its commitment to height-ened cybersecurity surveil-lance on Tuesday, calling for increased scrutiny of local and foreign technology used in industries deemed critical to the national interest
‘Meltdown’ over international cybersecurity agreement(Naked Security) How do you keep dangerous exploit software away from bad guys (and countries) and still let the good guys (security researchers, white-hat pentesters) have it when they need it? It’s never been easy – and it’s even tougher when 41 countries need to agree. They’ve been trying all year… and, for the moment, they’ve just given up
U.S. losing cyberwar, security chief tells NJ-Israel Commission(New Jersey Jewish News) Christopher Rodriguez, the director of New Jersey’s Office of Homeland Security and Preparedness, warned members of the New Jersey-Israel Commission Dec. 20 that the United States is losing battles of cyberwarfare with “our adversaries"
The 2016 Election Wasn’t Hacked, But the 2020 Election Could Be(Motherboard) After partial vote recounts in certain states, US election officials found no evidence that votes had been manipulated by a cyberattack on voting machines, security researchers told an audience at the Chaos Communication Congress hacking festival on Wednesday. But, the researchers called for a vast overhaul in voting machine security and related legislation, warning that an attack is still possible in a future election
Lawmakers urge Pentagon to probe Huawei deal(Washington Times) Three Republican members of Congress are urging Defense Secretary Ash Carter to investigate the security risks to American facilities and military forces in South Korea posed by a Chinese telecommunications company’s role in a new wireless network in the country
Islamic State arrests reveal jihadi threat near seat of U.S. government(Washington Times) Law enforcement agencies have arrested nine Northern Virginia residents on charges of aiding the Islamic State since the terrorist group rose to power in Syria and Iraq in 2014 and launched social media propaganda to attract followers, a government message to police states
21 Biggest Cybercriminal Busts Of 2016(Dark Reading) This year has been a tornado of major cyberattacks and hacker arrests. Here, we look back on the 21 most interesting 'cyberbusts' of 2016
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CES® CyberSecurity Forum(Las Vegas, Nevada, USA, January 5, 2017) Now in its second year, the CES® CyberSecurity Forum presented by CyberVista is designed to ensure all stakeholders in developing high tech solutions understand the complexity and the need for action in...
SANS Security East 2017(New Orleans, Louisiana, USA, January 9 - 14, 2017) Start the year off right by choosing from outstanding, cutting-edge courses presented by our top-rated instructors. SANS is looking forward to an exciting kickoff of 2017 with SANS Security East 2017 in...
Cybersecurity of Critical Infrastructure Summit 2017(College Station, Texas, USA, January 11 - 13, 2017) An inaugural event to convene thought-leaders, experts, and strategic decision makers from government, industry, and academia to discuss the technology and policy implications of the ever-evolving cyber-threats...
ShmooCon 2017(Washington, DC, USA, January 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...
SANS Las Vegas 2017(Las Vegas, Nevada, USA, January 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you...
BlueHat IL(Tel Aviv, Israel, January 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel.
Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.
SANS Cyber Threat Intelligence Summit & Training 2017(Arlington, Virginia, USA, January 25 - February 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but...
Blockchain Protocol and Security Engineering(Stanford, California, USA, January 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.