skip navigation

More signal. Less noise.

Daily briefing.

Ukraine continues investigation into December's attack on its power grid, now thought to have been long-prepared, with reconnaissance beginning some six months earlier. Latest statements from Ukrainian officials offer more evidence of a Russian connection — Russian ISP, phone calls from within Russia — but stop short of attribution to the Russian organs.

Palo Alto looks at Fysbis, Linux malware widely used by the Sofacy group (a.k.a. APT28 or Sednit, and believed to be connected to Russia). Fysbis is thought to succeed because of what Palo Alto characterizes as businesses' underdeveloped awareness of Linux malware.

ESET describes how criminals used Corkow malware to manipulate Energobank's currency trading platform. Corkow is described as both evasive and capable, but it's unclear how its masters profited from their attack. Not directly, but they may have traded in futures markets or enabled profitable third-party speculation. Or the incident may have been a trial run.

Los Angeles' Hollywood Presbyterian Hospital works to recover from an unusually tough-to-remediate ransomware attack. (Pricey, too: with a $3.6 million ransom.)

Some good ransomware news: Emsisoft decrypts HydraCrypt and UmbreCrypt.

Securities markets have given cyber companies a rough ride recently, but Forbes thinks fears of cyber security bear market are wildly overblown. New growth is forecast after the correction. Barron's looks at the US Federal budget and sees "tailwinds" for security companies, notably FireEye, Imperva, Fortinet, Proofpoint, Palo Alto Networks and CyberArk. BAE's new COO is expected to push into commercial cyber markets.

Police in the UK close in on the Crackas.


Today's issue includes events affecting Australia, Austria, Canada, China, France, Germany, India, Israel, Democratic Peoples Republic of Korea, Republic of Korea, New Zealand, Pakistan, Russia, Saudi Arabia, South Africa, Thailand, Ukraine, United Arab Emirates, United Kingdom, United States.

In today's Daily Podcast, we'll hear from the University of Maryland's Jonathan Katz on how Bitcoin works. The podcasts will be up later this afternoon.

Cyber Attacks, Threats, and Vulnerabilities

Power Grid Cyber Attack Was Months in the Making, Ukrainian Energy Ministry Says (Motherboard) Months after malware enabled a power-blackout in parts of Ukraine, more clues about the perpetrators of the attack, as well as the potential scale of the hacking campaign have come to light

Ukraine sees Russian hand in cyber attacks on power grid (Reuters) Hackers used a Russian-based internet provider and made phone calls from inside Russia as part of a coordinated cyber attack on Ukraine's power grid in December, Ukraine's energy ministry said on Friday

A Look Into Fysbis: Sofacy's Linux Backdoor (Palo Alto Networks) The Sofacy group, also known as APT28 and Sednit, is a fairly well known cyber espionage group believed to have ties to Russia

Fysbis: The Linux Backdoor Used by Russian Hackers (Softpedia) Malware linked to Russian cyber-espionage group APT 28

Ex-Guantanamo detainee prominently featured in al Qaeda propaganda (Long War Journal) Ex-Guantanamo detainee prominently featured in al Qaeda propaganda

Anonymous Hacks South Africa's Department of Water Affairs (Softpedia) Members of the World Hacker Team, one of Anonymous' subdivisions, have breached South Africa's Department of Water Affairs (DWA) as part of the group's #OpAfrica and #OpMonsanto campaigns

South Korea raises alert against North Korean cyber attack (Korea Herald) South Korea has upgraded its military information surveillance status in response to growing threats of North Korean cyber attacks, a military official said Sunday

Evidence Suggests the Sony Hackers Are Alive and Well and Still Hacking (Wired) The massive hack against Sony in late 2014 was sudden and loud

Sony Hackers Still Active, 'Darkhotel' Checks Out Of Hotel Hacking (Dark Reading) How some cyber espionage and other advanced attack groups don't go dark anymore after being outed

Teenage Hackers Promise More Government Hacks After Alleged Leader's Arrest (Motherboard) Government officials might have let out a sigh of relief this week after the UK police arrested a teenager suspected of being behind the long series of hacks and pranks targeting US government agencies and high-level officials

Exposed database allowed read/write access to Microsoft's career portal (CSO) Configuration errors exposed data and enabled full control over the website's HTML

How malware moved the exchange rate in Russia (We Live Security) One Friday, around about lunchtime, a Russian bank placed a set of orders totaling more than 500 million USD on an interbank currency trading system

Security Alert: Mazar BOT Spotted in Active Attacks — the Android Malware That Can Erase Your Phone (Heimdal Security) Our team at Heimdal Security has recently analyzed a text message sent to random mobile numbers. The Geographical extent is so far unknown, so please exercise caution

New malware targets Android users through text messages (IT Pro Portal) Malware is a common security threat on desktop operating systems but now it is also gaining more of a foothold on mobile. A new Android-based malware has been discovered, which is able to grant itself administrator privileges and completely take over a users' device

Symantec Warns of Malware Posing as Netflix Apps (eWeek) A bogus Netflix app delivers more than just free movies; it also delivers malware and could steal the credentials of legitimate users too

Old malware rears its ugly head in new attacks: ESET (ARN) Dangerous botnet malware, Bayrob, targets A/NZ

Android malware spread via porn websites to generate fake ad revenue (Graham Cluley) Researchers have spotted a new type of mobile malware that roots Android devices with the purpose of generating fraudulent ad revenue for its operator

PwnPhone: Default passwords allow covert surveillance. (Paul Moore) A few weeks ago, I was asked to observe an installation of several wireless access points & VoIP phones, with a view to making recommendations on how best to improve security while maintaining ease of deployment

Don't Forget to Whisper Near Your Samsung Smart TV, It May Be Listening (Softpedia) Samsung SmartTV privacy policy has a shade of 1984

Researchers detail FireEye bug that let hackers whitelist malware (CSO) FireEye customers should update their security appliance after researchers have explained how it can be made to temporarily turn a blind-eye to malware

Valentine's Day Inspires DDoS Attacks Against Online Florists (Dark Reading) Security vendor Imperva says it has observed a sharp increase in automated bot traffic directed at florist sites

How White Hat Hackers Stole Crypto Keys from an Offline Laptop in Another Room (Motherboard) In recent years, air-gapped computers, which are disconnected from the internet so hackers can not remotely access their contents, have become a regular target for security researchers. Now, researchers from Tel Aviv University and Technion have gone a step further than past efforts, and found a way to steal data from air-gapped machines while their equipment is in another room

Hackers Demand $3.6 Million from Hollywood Hospital Following Cyber-Attack (Softpedia) The Hollywood Presbyterian Medical Center, a 430+ bed hospital in the middle of Los Angeles, has been hit by a cyber-attack, and its systems are now being held hostage by hackers that are demanding a ransom

Crypto-Malware — Don't become a victim! (Check & Secure) Last week saw another disturbing example of the indiscriminate damage that crypto-malware can wreak. On Wednesday the Lukas Hospital in Neuss, Germany was crippled by the trojan TeslaCrypt 2.0. It seems that a worker at the hospital opened an attachment in a mass email, leading to the hospital mainframe being paralysed and thousands of patient health records being encrypted

Secret Facebook groups being used by pedophiles to swap obscene images (Naked Security) Pedophiles — including one who's been convicted and is already on the sex offenders' register — are using secret groups on Facebook to post and swap obscene or suggestive images of children, according to the BBC

Security Patches, Mitigations, and Software Updates

Reflecting on Recent iOS and Android Security Updates (Zimperium) The last thirty days proven to be yet another exciting time for the mobile security ecosystem. Apple and Google released updates for their respective mobile operating systems that fix several critical issues

Cyber Trends

Why companies are becoming more likely to pay when struck by ransomware (Network World) A study found that cybersecurity insurance is making companies more likely to pay up when confronted by a ransomware attack

Big Data Analysis Makes Breaches a Greater Threat to Cyber-Security (eWeek) While the theft of employee information is a problem for the staff at government agencies, the fact is that it's also a threat to national security once it's part of a big data research effort

Risk managers missing out on big data opportunities (Business Insurance) The market may still not be ready for all the sophisticated functionalities that technology companies have to offer risk managers, a Business Insurance survey concludes

Public-private cyber threat intelligence sharing necessary in electricity industry (CSO) Cybersecurity professionals are hungry for a strategic advantage to battle current and emerging digital threats. The electricity industry has started to combat the issue through timely cyber threat intelligence and partnerships with federal partners

Behind the CTO's Back, 'Plug and Play' Apps are Fueling the Rise of Shadow IT (Legaltech News) Custom-made business apps are improving company efficiency and productivity — all without the IT department's approval

Study: IT staff pressured to buy useless cybersecurity products (TechTarget) A new study found that IT managers feel pressured to purchase new cybersecurity products even if they don't have the skills to implement the technology properly

Connected Devices Are Transforming the Medical World, but Pose Security Challenges (IBM Security Intelligence Blog) Connected devices — from regular smartphones to specialized gadgets such as fitness trackers — are storming the world of health care on multiple fronts, transforming everything from the mechanics of health records and payment processes to how people track their own health and seek care when needed

Good Security Managers Are Like Parents (The Analogies Project) Startled, bleary eyed and tired, you're woken by what you assume to be the sound of wild animals attacking a family pet


Reports Of A Cybersecurity Market Slowdown Have Been Greatly Exaggerated (Forbes) There have been some reports of a cybersecurity market slowdown. But a statistical look at the industry suggests it is surging

Six Security Picks Boosted by Fed Budget (Barron's) FireEye, Imperva, Fortinet, Proofpoint, Palo Alto Networks and CyberArk could see tailwinds from the budget plan

4 Trends Drive FireEye Security Revenue Growth (eSecurity Planet) Growing cybersecurity risk and complexity mean more business opportunity, says FireEye CEO

FireEye banking on 'strategic partners' to help drive growth (Channelnomics) Slowing cyber security market to blame for mixed results, vendor says

CyberArk Software Ltd Earnings Boosted by Higher Privileged Account-Security Spending (Motley Fool) Businesses are increasingly turning to the cyber attack-prevention specialist to safeguard the most vital aspects of their IT infrastructure

BAE Systems Poised to Name Charles Woodburn Chief Operating Officer (Wall Street Journal) Move will put him in line to eventually succeed CEO Ian King

BAE's Uncharted Waters (Bloomberg Gadfly) U.K. aerospace and defense group BAE Systems looks to be preparing the ground for Charles Woodburn, an oil industry executive, to become CEO. By hiring an outsider, it's taking a leaf from Rolls-Royce's playbook

Billion-dollar mistake: How inferior IT killed Target Canada (ZDNet) Unmanageable deadlines and disastrous IT wrecked this top US retailer's attempt at international expansion. The moral of the story: IT drives the enterprise

Products, Services, and Solutions

General Dynamics to Help Secure German Bundeswehr's IT Networks (PRNewswire) General Dynamics Mission Systems' partner QGroup received a contract from the Bundeswehr (German Federal Armed Forces) to deploy and maintain QTrust Server security appliances for their secure IT networks. QGroup's QTrust Server is based on General Dynamics Mission Systems' PitBull Trusted Operating System (PitBull)

Sticking to the facts with Windows 10 privacy debate (FierceCIO) While it is probably fair to say that Microsoft's opaque data collection in Windows 10 will not be winning any popularity contests any time soon, an almost surreal report on Forbes earlier this week suggested that the telemetry issue is actually much worse than previously believed due to how Windows 10 is "phoning home" thousands of time a day

Cambridge's Trustonic keeping new apps safe from cyber criminals (Cambridge News) A Cambridge company has launched a new platform to help developers ensure their new mobile apps are safe and secure

Intercede launches two-factor biometric authentication solution for mobile devices (Biometric Update) Intercede has launched RapID, a two-factor biometric authentication solution that delivers password and token free access to cloud services from mobile applications

SurfWatch Labs Announces Latest Release of its Threat Intelligence Suite (Virtual Strategy Magazine) SurfWatch Labs, a provider of cyber threat intelligence solutions, announces the latest release of the SurfWatch Threat Intelligence Suite, which extends visibility into security gaps and risks across the supply chain

G DATA bringt VPN-Modul für Android (Online Computer) G DATA integriert Schutzfunktion für WLAN und Funknetz in seine mobilen Sicherheitslösungen. Das VPN-Feature erscheint zunächst für Android und ist demnächst auch für iOS erhältlich

RLI Executive Products Group Creates New Cyber Liability Unit (Sys-Con Media) RLI Insurance Company and its Executive Products Group announced today the creation of a new business unit to offer Cyber Liability Insurance

Four Antivirus Apps Provide Perfect Android Protection (Tom's Guide) Android is arguably the most versatile mobile operating system in wide usage, but that also makes it one of the most frequently attacked

Technologies, Techniques, and Standards

HydraCrypt and UmbreCrypt Ransomware Cracked, Decrypter Available for Download (Softpedia) Fabian Wosar, Emsisoft security researcher at day and ransomware killer at night, has made two new victims after releasing a new decrypter for the HydraCrypt and UmbreCrypt ransomware families

Mobile security Q&A: Securing the mobile minimum viable app (CSO) As enterprises struggle to keep up with their internal demand for mobile apps, more are turning to rapid development workflows. What does this mean for security?

How to prevent shadow IT (CSO) Security execs chime in on how to keep users from taking IT into their own hands

Anonymous networks 101: Into the heart of the Darknet (Help Net Security) Here's a riddle

Communication essential for healthcare to survive cyberattacks reputation intact, expert says (Healthcare IT News) WE Communications' senior vice president Nicole Miller shares advice ahead of her HIMSS16 session on managing customer messaging in a cybersecurity situation

Tips for Parents on How to keep their Little Gamers Safe? (Information Security Buzz) Many children these days play games online and as harmless as this may seem, they are probably unaware that they are potential targets for cybercriminals

Design and Innovation

Follower: the 'creepiest social network' that follows you in real life (Naked Security) It's been called "the creepiest 'social network' ever": you sign up, and some woman follows you around all day, watching your every move

When security meets sarcasm: Taylor Swift brings infosec to the masses (ZDNet) A parody Twitter account has stirred thousands of people to talk cybersecurity


Protecting the grid (Ames Tribune) In an attempt to protect their simulated cities from a cyber attack, 15 teams from around Iowa and the Midwest faced off Saturday in the country's first Cyber-Physical System Cyber Defense Competition at Iowa State University

NSA Designates Eastern Michigan University As A Top School For Data Security Training (WEMU) The next generation of cyber security professionals could be trained in Ypsilanti, as Eastern Michigan University has received accreditation in data security education

Cyber security degree coming to Iowa Western (Daily Nonpareil) As the Internet of Things starts to tether our cars, appliances, homes, offices and even wearable devices together into common platforms for convenience and efficiency, securing our digital lives becomes more and more of a priority.

Legislation, Policy, and Regulation

The Challenge of China's Bid for Cyber Suzerainty (World Politics Review) The Internet revolution began in the 1990s, when China was still recovering from the damage done during Mao Zedong's reign and the world was adjusting to the West's post-Cold War pre-eminence

India Eyes Russia As It Makes First Move on Chessboard of Cyber Geopolitics (The Wire) Months after the Indian government endorsed the "multistakeholder" model of internet governance — at the 53rd meeting of the Internet Corporation for Assigned Names and Numbers (ICANN) — the Indian position is being carefully calibrated

A Unifying Theory — and Plan — for Defeating ISIS Propaganda (Defense One) As it stands, the international coalition is far from winning the information war against the Islamic State

CIA Director Says Cyber Terrorism Is What Keeps Him "Up All Night" (Inverse) The CIA's John Brennan thinks a cyber war with ISIS is a real threat

Hacker Lexicon: What Counts as a Nation's Critical Infrastructure? (Wired) As the US government contemplates the recent hack of Ukraine's power grid, which is only the second hack of this kind against critical infrastructure since the Stuxnet attack against Iran's nuclear program was discovered in 2010, the implications for the US power grid are clear

Can 'Hacking Back' Be An Effective Cyber Answer? (Government Technology) With the exponential growth in data breaches over the past few years, the concept of 'hacking back' is growing in popularity

Can Export Controls Tame Cyber Technology?: An Israeli Approach (Lawfare) Concerted efforts to regulate cyber capabilities have borne little fruit, prompting policy makers to look to existing regulatory systems as a basis for action

The end in sight, Obama wants a cyber blueprint for next president (EE News) The new Cybersecurity National Action Plan announced Tuesday by the White House aims at protecting federal agencies from cyberattacks, an urgent need dramatized by the ransacking of the Office of Personnel Management's aged computer systems by hackers two years ago

Why John McCain Is Wrong About Silicon Valley's Role in War on Terror (eWeek) U.S. Senator John McCain wants to enlist Silicon Valley in the war on terrorism, but at the cost of eroding citizens' privacy and compromising U.S. technical superiority

Cyber Breaches at the Department of Justice, IRS Concern Lawmakers (NewsMax) The Obama administration has been downplaying cyber breaches at the Department of Justice and the Internal Revenue Service this week, but lawmakers are complaining that the intrusions show how weak the government's defense are against such crimes

Should Banks Expect New Cybersecurity Guidance? (Data Breach Today) Experts say FDIC publication suggests no formal action coming

Does the UK need a chief information security officer? (SC Magazine) While most of the media understandably covers the search for a new President of the United States, we couldn't help but notice another job going begging at the White House: CISO. Which got us to thinking

Litigation, Investigation, and Law Enforcement

U.K. Teen Arrested in Connection with FBI and DHS Hacks May Have Committed More High Profile Cyber Attacks (Inquisitr) A U.K. teenager has been taken into custody on suspicion of a recent FBI and DHS data hack. The young boy of just 16 years is believed to have committed more high profile cyber-attacks

Teenage admin of anonymous XMPP service arrested in connection to fake bomb threats (Help Net Security) The teenage administrator of the XMPP service has been arrested last Monday by the French police, in connection to the wave of false bomb threats that were made against several French schools on January 26 and February 1, 2016, and later against educational institutions around the world

Un lycéen risque la prison pour un outil de communication chiffré (Numerama) Le lycéen de Dijon mis en garde à vue dans le cadre de l'affaire des fausses menaces à la bombe avait mis à disposition un serveur Jabber (XMPP) sécurisé, utilisé pour communiquer anonymement. Il risque jusqu'à 5 ans de prison pour son refus de fournir ses clés de déchiffrement

What If Vladimir Putin Has Hillary Clinton's Emails? (Forbes) Despite a clear warning received almost three years ago, it has taken a heated presidential campaign and an FBI investigation to make us aware of the national security threat of Hillary Clinton's unsecured state department e-mails

Brit spies can legally hack PCs and phones, say Brit spies' overseers (Register) Blighty's spying nerve center GCHQ has a license to hack computers and devices at will, a UK intelligence oversight court has ruled

Russian police prevented massive banking sector cyber-attack (SC Magazine) Russian Interior Ministry cyber-crimes department thwarts Russian banking cyber-crime group

Apple: Dear judge, please tell us if gov't can compel us to unlock an iPhone (Ars Technica) Lawyers: Federal prosecutors told us they will continue to invoke 18th-century law

iPhone Error 53 Prompts Lawsuit Against Apple (InformationWeek) Following on reports of the iPhone Error 53, Apple is being taken to task for bricking the iPhones of consumers who sought out cheaper repairs

PBX phone system hacking nets crooks $50 million over four years (Register) Dial G for guilty — one miscreant admits laundering role

Zenefits leadership reportedly pushed software to employees that duped required online licensing course (FierceCIO) Some Zenefits leaders reportedly developed and encouraged the use of software that helped sales reps dupe a state-mandated online course for California health insurance brokers

VTech 'is responsible' for kids' data says UK watchdog (BBC News) The UK's data watchdog has said that VTech's new terms and conditions would not absolve it of liability in the case of future hack attacks

Stung by stingrays: NYPD reveals over 1000 cellphone interceptions (Naked Security) The New York Police Department recently admitted using so-called "stingray" devices to intercept cellphone communications over 1,000 times since 2008

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Department of the Navy (DON) IT Conference, West Coast 2016 (San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that...

2016 Cyber Security Division R&D Showcase and Technical Workshop (Washington, DC, USA, February 17 - 19, 2016) The cybersecurity threat continues to evolve and in order to keep ahead of the threat; new cutting-edge cybersecurity technologies are needed. The Cyber Security Division (CSD) within the Department of...

National Insider Threat Special Interest Workding Group: Insider Threats From A Human Resources & Legal Perspective (Laurel, Maryland, USA, February 18, 2016) This meeting will be focused on "Insider Threats From A Human Resources & Legal Perspective." Mrs. Jordan C. Meadows, Security Program Analyst at Rolls-Royce North America will present from the Human Resources...

ICISSP 2016 (Rome, Italy, February 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information...

CISO Canada Summit (Montréal, Québec, Canada, February 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges...

Interconnect2016 (Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...

cybergamut Tech Tuesday: Neuro Cyber Analytics: Understanding the Patterns of Human Cognition in the Cyber Domain (Elkridge, Maryland, Middletown, February 23, 2016) This presentation will discuss Neuro Cyber Analytics. Humans use context-specific neurocognitive patterns for receiving and processing internal and external sensory information. Stated differently, people...

Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...

CISO New York Summit (New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

BSides San Francisco (San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...

CISO Summit Europe (London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...

RSA Conference 2016 (San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016

Cybersecurity: Defense Sector Summit (Troy, Michigan, USA, March 1 - 2, 2016) The National Defense Industrial Association (NDIA) Michigan Chapter Cybersecurity: Defense Sector Summit is to provide a forum to foster educational dialog between government, industry and academia in...

International Academic Business Conference (New Orleans, Louisiana, USA, March 6 - 10, 2016) The Clute Institute of Littleton Colorado sponsors six academic conferences annually that include sessions on all aspects of cybersecurity. Cybersecurity professionals from industry and academics are...

CISO Chicago Summit (Chicago, Illinois, USA, March 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.