Yesterday, as the US Intelligence Community reported on Russian election hacking—it's calling the campaign "Grizzly Steppe"—the Government announced its first round of sanctions against Russian individuals and organizations. President Obama amended Executive Order 13964 (April 2015) to "address the national emergency with respect to significant malicious cyber-enabled activities," authorizing sanctions against those who interfere with elections. Two intelligence services (GRU and FSB), three companies supporting those services (STLC Ltd., Zorsecurity, and ANO PO KSI), and four named GRU officers were immediately sanctioned.
The State Department declared thirty-five Russian diplomats from the Washington embassy and San Francisco consulate persona non grata for actions "inconsistent with their diplomatic and consular status." State says the expulsions are prompted both by attempts to interfere with US elections and by "harassment" of US diplomatic personnel and activities.
Russian Foreign Minister Lavrov publicly recommended retaliation against a like number of US diplomats, but early this morning President Putin turned the recommendation down (for now), not wishing, he says, to descend to the Americans' low level.
The joint FBI-DHS report on Grizzly Steppe describes the campaign as the culmination of a decade of Russian intelligence services' hacking. US citizens are urged to be on the lookout for Bears.
Russian authorities deny hacking charges—RT sniffs at US evidence, citing in support of Russian innocence various IC-skeptical tweets and the alleged puerility of names like Fancy Bear and Cozy Bear.
A Guardian op-ed sums up by saying we're in the midst of an unacknowledged world cyberwar.
Today's issue includes events affecting Australia, Brazil, France, Germany, India, Israel, Democratic Peoples Republic of Korea, Republic of Korea, Lithuania, Pakistan, Russia, Singapore, Ukraine, United Kingdom, United States, and Vietnam.
A note to our readers: New Year's Day falls on Sunday, and so we'll take a break this Monday, January 2nd. We'll be back as usual on the 3rd. Best wishes for the new year from all of us at the CyberWire.
You can find information security lessons everywhere. We think we see some in the new Star Wars flick, "Rogue One." Here's a thought: the Empire's contractors on Eadu were apparently less than fully NISPOM compliant. Didn't Director Krennic require them to self-certify? (For background on NISPOM, see this account of a CRTC symposium, and lawyer up, padawans. Even the Empire has privacy and employment laws. We're pretty sure...although Krennic's HR policies seem a little strict...)
ON THE PODCAST
The CyberWire podcast this week offers a series of end-of-year long-form (but still brief) episodes. We're running extended interviews that include never-before aired conversations with some of our most interesting partners and guests. Our normal programming returns on January 3rd. If you've been enjoying the podcasts, please consider giving us an iTunes review.
Today we also have a new special edition of our Podcast. The topic is buying cyber security. Every day there seems to be a new security product on the market, with many of them claiming to provide something that you simply can’t live without. Companies appear and disappear, and businesses are faced with difficult, confusing, and often expensive choices. In this CyberWire special edition, we explore how businesses are navigating the process of choosing products and technologies in a crowded marketplace. We talk to some key stakeholders to find out what drives their purchasing decisions, and what they wished their vendors knew before they came knocking on their doors.
Cyber Attacks, Threats, and Vulnerabilities
OSCE victim of ‘major’ cyber attack(Guardian) The Organization for Security and Co-operation in Europe, an international election and war monitor, said Wednesday it had become the latest global institution to suffer a “major” cyber attack
Ukraine hit by 6,500 hack attacks, sees Russian 'cyberwar'(Reuters) Hackers have targeted Ukrainian state institutions about 6,500 times in the past two months, including incidents that showed Russian security services were waging a cyberwar against the country, President Petro Poroshenko said on Thursday
Recent Spam Runs in Germany Show How Threats Intend to Stay in the Game(TrendLabs Security Intelligence Blog) In early December, GoldenEye ransomware (detected by Trend Micro as RANSOM_GOLDENEYE.A) was observed targeting German-speaking users—particularly those belonging to the human resource department. GoldenEye, a relabeled version of the Petya (RANSOM_PETYA) and Mischa (RANSOM_MISCHA) ransomware combo, GoldenEye not only kept to the James Bond theme of its earlier iteration, but also its attack vector
Meet the Leet DDoS Botnet, Just as Powerful as Mirai(HackRead) Security experts from Imperva Security are describing Leet Botnet as more powerful than its counterpart botnet Mirai. In fact, Leet is being regarded as the winner of the title of most powerful DDoS (distributed denial of service) attack of 2016 with a humongous speed of 650 GBPS (gigabit per second) noticed recently by Imperva network. The attack launched through Leet on Imperva displayed this overwhelming traffic and thus, Mirai’s title as the most powerful DDoS attack was claimed by Leet
State IT chief says human error allowed DHHS data breach(Manchester Union Leader) A patient at the state psychiatric hospital was able to access confidential information on 15,000 clients of Health and Human Services because of human error, according to Denis Goulet, the state’s chief technology officer - See more at: http://www.unionleader.com/state-government/state-it-chief-says-human-error-allowed-dhhs-data-breach--20161229#sthash.oFEqC3Ly.dpuf
All at Sea(Infosecurity Magazine) When you watch Netflix, deal with your email or make a Skype call, the traffic travels along a relatively small number of routes to its destination. Like most of the world’s internet traffic, it travels via submarine cables, typically the width of a garden hose. Today, there are 356 of these cables spread across the world. How safe are they from attack or disruption?
Security Patches, Mitigations, and Software Updates
Threatpost 2016 Year in Review(Threatpost) Mike Mimoso, Tom Spring, and Chris Brook recap 2016’s biggest news stories, including the proliferation of IoT botnets, the rise of ransomware, the FBI vs. Apple battle, Yahoo, and a rash of old password breaches
The Next Sector To Invest In: Cybersecurity(BW Disrupt) “Global spending on cybersecurity products and services for defending against cybercrime is projected to exceed $1 trillion cumulatively over the next five years, from 2017 to 2021.” The Israeli startups are rushing to the Silicon Valley in search of funds for their cutting edge digital defense ideas. And the VCs are waiting with arms wide open
Tech stocks for your portfolio: FireEye, Inc. (FEYE), Brocade Communications Systems, Inc. (BRCD)(Independent Republic) FireEye, Inc. (FEYE) ended last trading session with a change of -3.51 percent. It trades at an average volume of 4.14M shares versus 3.83M shares recorded at the end of last trading session. The share price of $11.95 is at a distance of 9.94 percent from its 52-week low and down -46.84 percent versus its peak. The company has a market cap of $2.03B and currently has 170.25M shares outstanding. The share price is currently -7.93 percent versus its SMA20, -7.29 percent versus its SMA50, and -20.71 percent versus its SMA200. The stock has a weekly performance of -7.94 percent and is -42.38 percent year-to-date as of the recent close
How Symantec Transformed in 2016(Investopedia) Shares of cybersecurity pioneer Symantec Corp. (SYMC) are trading up about 16% year to date (YTD) at a price of $24.17 per share on Thursday afternoon
Quick Heal launches ad campaign focusing on the risks of free antivirus solutions(exchange4media News Service) Quick Heal Technologies Limited has released an ad campaign to draw consumers’ attention towards the risks associated with free antivirus solutions. Targeting the youth and working professionals in its TVCs, Quick Heal aims to create awareness on the security threats, which a free antivirus product is not capable to mitigate, as compared to the protection guaranteed by a purchased antivirus solution for safe banking, privacy protection, anti-ransomware, anti-phishing, enhanced firewall, and web security
Technologies, Techniques, and Standards
Your new year’s resolution: get ready for GDPR(Naked Security) By 2018, the General Data Protection Regulation (GDPR) will require any company doing business in the European Union to more securely collect, store and use personal information
Making Bugs Bountiful(Infosecurity Magazine) Apple recently joined the growing number of corporates to launch a vulnerability reward program, better known as a bug bounty scheme. Initially limited to a couple of dozen researchers already known to Apple, it will pay as much as $200,000 for a critical security vulnerability, which sounds a lot, until you learn that a small private firm called Exodus Intelligence offers as much as $500,000 for zero-day vulnerabilities in iOS
Skills Gap: How to Attract the Best Staff(Infosecurity Magazine) As the cybersecurity skills gap continues to plague the industry, it has never been more important for organizations to have a sound understanding of how to attract and retain the best staff
Obama Strikes Back at Russia for Election Hacking(New York Times) President Obama struck back at Russia on Thursday for its efforts to influence the 2016 election, ejecting 35 suspected Russian intelligence operatives from the United States and imposing sanctions on Russia’s two leading intelligence services
Obama retaliates against Russia for election hacking(AP via Federal News Radio) In a sweeping response to election hacking and other meddlesome behavior, President Barack Obama on Thursday sanctioned Russian intelligence services and their top officials, kicked out 35 Russian officials and closed down two Russian-owned compounds in the U.S. It was the strongest action the Obama administration has taken to date to retaliate for a cyberattack
Obama’s Russian Hacking Retaliation Is Biggest “Since the Cold War”(Wired) Since US intelligence agencies in October identified the Russian government as the source of hacker attacks that breached the Democratic party organizations and leaked private email conversations, President’s Obama’s White House has been searching for an appropriate response. Now, the administration has finally shot back, deporting Russian officials and calling out the individuals and organizations responsible for that hacking, in a set of measures never before seen in America’s digital diplomacy
Obama announces sanctions for Russian election hacking(TechCrunch) The Obama administration announced today that it will impose sanctions on Russian intelligence services and officials in response to the hacks of American political institutions during the election season
McConnell: New Russia sanctions an 'initial step'(The Hill) Senate Majority Leader Mitch McConnell (R-Ky.) on Thursday called new sanctions against Russia an "initial step" but reiterated that lawmakers will review Moscow's meddling in the U.S. presidential election next year
FACT SHEET: Actions in Response to Russian Malicious Cyber Activity and Harassment(The White House) Today, President Obama authorized a number of actions in response to the Russian government’s aggressive harassment of U.S. officials and cyber operations aimed at the U.S. election in 2016. Russia’s cyber activities were intended to influence the election, erode faith in U.S. democratic institutions, sow doubt about the integrity of our electoral process, and undermine confidence in the institutions of the U.S. government. These actions are unacceptable and will not be tolerated
Statement by the President on Actions in Response to Russian Malicious Cyber Activity and Harassment(The White House) Today, I have ordered a number of actions in response to the Russian government’s aggressive harassment of U.S. officials and cyber operations aimed at the U.S. election. These actions follow repeated private and public warnings that we have issued to the Russian government, and are a necessary and appropriate response to efforts to harm U.S. interests in violation of established international norms of behavior
Department of State Actions in Response to Russian Harassment(US Department of State) The State Department today declared persona non grata 35 Russian officials operating in the United States who were acting in a manner inconsistent with their diplomatic or consular status. The Department also informed the Russian Government that it would deny Russian personnel access to two recreational compounds in the United States owned by the Russian Government
Treasury Sanctions Two Individuals for Malicious Cyber-Enabled Activities(US Department of the Treasury) Building on the authority previously provided to the Secretary of the Treasury, the President amended Executive Order 13694, “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities,” which was issued by President Obama on April 1, 2015 to authorize sanctions against individuals and entities that threaten the national security, foreign policy, or economic health or financial stability of the United States through involvement in malicious cyber-enabled activities that constitute tampering with, altering, or causing a misappropriation of information with the purpose or effect of interfering with or undermining election processes or institutions. In an Annex to the amended E.O., the President imposed sanctions on five entities and four individuals in response to the Government of Russia’s interference with U.S. elections and processes in recent months
Russia Set to Expel 35 U.S. Diplomats in Response to Move by Obama(New York Times) Russia moved on Friday to impose tit-for-tat measures against the United States in the latest crisis in relations between the two countries, with the foreign minister recommending that the country expel 35 American diplomats and close two diplomatic facilities
The cybersecurity priority for DHS in 2017(Federal Times) As one of his first national security appointments, President-elect Donald Trump has selected retired Marine Gen. John F. Kelly to lead the Department of Homeland Security. Gen. Kelly is widely recognized for his expertise in counterterrorism, his dedication, composure and intellect. He is especially known for his excellent leadership skills honed by over 40 years of military service, including as the commander of U.S Southern Command
Litigation, Investigation, and Law Enforcement
Joint DHS, ODNI, FBI Statement on Russian Malicious Cyber Activity(US Department of Homeland Security) On October 7, 2016, Secretary Johnson and Director Clapper issued a joint statement that the intelligence community is confident the Russian Government directed the recent compromises of e-mails from U.S. persons and institutions, including from U.S. political organizations, and that the disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks are consistent with the Russian-directed efforts. The statement also noted that the Russians have used similar tactics and techniques across Europe and Eurasia to influence public opinion there
Joint DHS, ODNI, FBI Statement on Russian Malicious Cyber Activity(IC on the Record) On October 7, 2016, Secretary Johnson and Director Clapper issued a joint statement that the intelligence community is confident the Russian Government directed the recent compromises of e-mails from U.S. persons and institutions, including from U.S. political organizations, and that the disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks are consistent with the Russian-directed efforts. The statement also noted that the Russians have used similar tactics and techniques across Europe and Eurasia to influence public opinion there
GRIZZLY STEPPE – Russian Malicious Cyber Activity(US-CERT) This Joint Analysis Report (JAR) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The U.S. Government is referring to this malicious cyber activity by RIS as GRIZZLY STEPPE
FBI, DHS release report on Russia hacking(The Hill) The FBI and the Department of Homeland Security (DHS) on Thursday released a joint report detailing how federal investigators linked the Russian government to hacks of Democratic Party organizations
Full List of All Gov’t Docs in US Response to Russian Election Hacking–with summaries(Just Security) Below is a list of all the U.S. government documents released on Thursday as part of the Obama administration’s announced response to Russian interference in the U.S. election process. See also Kristen Eichensehr’s initial post in response to the announcement and released documents. And stay tuned for more coverage and analysis by Eichensehr and others at Just Security
Facebook stalls in lawsuit alleging its facial recognition tech violates Illinois law(TechCrunch) An Illinois law is proving a thorn in Facebook’s side as a class action lawsuit, alleging mishandling of biometric information, moves toward trial. The latest developments in the case have the social network objecting against releasing or even admitting the existence of all manner of data, but the plaintiffs aren’t taking “objection” for an answer
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CES® CyberSecurity Forum(Las Vegas, Nevada, USA, January 5, 2017) Now in its second year, the CES® CyberSecurity Forum presented by CyberVista is designed to ensure all stakeholders in developing high tech solutions understand the complexity and the need for action in...
SANS Security East 2017(New Orleans, Louisiana, USA, January 9 - 14, 2017) Start the year off right by choosing from outstanding, cutting-edge courses presented by our top-rated instructors. SANS is looking forward to an exciting kickoff of 2017 with SANS Security East 2017 in...
Cybersecurity of Critical Infrastructure Summit 2017(College Station, Texas, USA, January 11 - 13, 2017) An inaugural event to convene thought-leaders, experts, and strategic decision makers from government, industry, and academia to discuss the technology and policy implications of the ever-evolving cyber-threats...
ShmooCon 2017(Washington, DC, USA, January 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...
SANS Las Vegas 2017(Las Vegas, Nevada, USA, January 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you...
BlueHat IL(Tel Aviv, Israel, January 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel.
Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.
SANS Cyber Threat Intelligence Summit & Training 2017(Arlington, Virginia, USA, January 25 - February 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but...
Blockchain Protocol and Security Engineering(Stanford, California, USA, January 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.