ISIS returns to the Internet with defiant videos, showing no signs of having been slowed down in cyberspace by either government action or worldwide revulsion. They've also got a new spokesman who's said to be "menacing," and they've increased the presence of children in their inspirational clips.
Twitter's crackdown on hate tweets is directed in part against Daesh, but ISIS social media operators have shown considerable resilience in the past. Governments experience some success in criminal investigations of ISIS-inspired terror, and intelligence services in Europe continue to pursue closer collaboration. As obvious as the ISIS general line may be, analysts find it difficult to reach ground truth about the details of jihadi plans and policies: bogus leaks seem to be clouding the operational picture.
Some ISIS sympathizers are attempting to use PayPal vulnerabilities to channel funds to Daesh.
Anti-ISIS hacktivists continue to display either scattershot aim or divers choice of targets. One group, "New World Hacking," possibly aligned with Anonymous, claims responsibility for DDoS operations against both the BBC and Donald Trump's campaign for the US Presidency. The BBC operation was, they say, just a test, with no harm intended. The Trump attack was directed against his policy positions. Both attacks were short-lived in their effects.
Ukraine investigates a cyber campaign against its electrical grid, which Ukrainian intelligence services unambiguously blame on Russia. ESET links the hacks to BlackEnergy, especially its Killdisk tool.
Today's issue includes events affecting Belgium, China, Estonia, European Union, France, Germany, India, Iraq, Israel, Japan, Latvia, Lithuania, Malaysia, Pakistan, Russia, Syria, Taiwan, Turkey, Ukraine, United Kingdom, United States.
Hackers Shut Down Donald Trump Election Campaign Website(Hack Read) The official Election Campaign website of American Presidential candidate Donald Trump was taken offline by hackers who earlier claimed to conduct a cyber attack on BBC websites. The group goes with the handle of New World Hacktivists (NWH) and associated with the hacker collective Anonymous but conduct its operation as an independent entity who conducted a layer 7 DDoS attack (What is layer 7 DDoS?) on the official website of Donald Trump forcing it to stay offline for half an hour
Paypal rolls out the welcome mat for hackers(Boing Boing) It's not bad enough that Paypal is prone to shutting down your account and seizing your dough if you have a particularly successful fundraiser — they also have virtually no capacity to prevent hackers from changing the email address, password and phone numbers associated with your account, even if you're using their two-factor authentication fob
BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry(We Live Security) The cybercriminal group behind BlackEnergy, the malware family that has been around since 2007 and has made a comeback in 2014 (see our previous blog posts on Back in BlackEnergy: 2014 Targeted Attacks in Ukraine and Poland and BlackEnergy PowerPoint Campaigns, as well as our Virus Bulletin talk on the subject), was also active in the year 2015
Ukraine: Russia hacks power plants, highlights U.S. weakness(Washington Times) According to Ukraine's security service, SBU, Russian special services planted malware inside the Ukrainian power grid and recently shut down power stations. The SBU says the malware was discovered and removed. The regional power companies also experienced a denial of service cyber attack, which overwhelmed their support call center
BTCC Bitcoin Trader Blackmailed with DDoS Attacks(Softpedia) BTCC is the latest victim of the Bitcoin-for-DDoS extortion scheme, but unfortunately for the attacker, the company was financially capable of implementing better DDoS protection measures and make the attacker go away
Fraudsters Automate Russian Dating Scams(KrebsOnSecurity) Virtually every aspect of cybercrime has been made into a service or plug-and-play product. That includes dating scams — among the oldest and most common of online swindles
Security firm Cyberoam turns victim in cyber attack(Hindu Business Line) Year 2015 did not end on a high note for the Indian cyber security firm Cyberoam that confirmed a cyber attack on its systems last week, resulting in possible leakage of its database that contained personal details of its customers and partners
New York begins turning its payphones into free Wi-Fi hotspots(Naked Security) Phone booths: they're so retro. So inextricably tied to Clark Kent and the quick donning of leotards. Wherever you find them, payphones seem antiquated in this era of cellular telephones. But in a sprawling metropolis such as New York, even though they're outdated, they're still ubiquitous. What to do with all that infrastructure? In New York, you replace them with Wi-Fi hotspots
More Secure Cyber Environment Could Be Coming in 2016 Print Comment Share:(Voice of America) There's little doubt that 2015 will not be remembered fondly by cybersecurity professionals. With millions of successful hacking attacks, and uncounted documents breached or stolen, it seemed at times that nothing could be done to stop the assault on the globe's computer systems
Six Things to Watch for in 2016(Threatpost) Well, if you thought you had it rough in 2014 because of big, bad Poodles and an irritating case of Heartbleed, things only got worse this year
Security Effort not Catching up(Information Security Buzz) What does 2016 have in store for businesses and consumers with regards to cyber security threats? A specialist in malware detection, RedSocks' malware intelligence team has formulated five predictions for the year ahead
2016: Cyber-Crime Becomes Big-Time(Electronics Weekly) It came as a shock to be told by an American when I was last over there in the autumn that he had to change his credit cards every month or two because of hackers. I assumed it was because he was a pretty rich guy and would be a prime target
Human Behaviour as the "Biggest Threat to Company Security"(Information Security Buzz) Global security intelligence and information management technology company Nuix has released the findings from a new survey of corporate information security practitioners that indicates a move toward a stronger focus on insider threats and more understanding of cybersecurity issues at the board level
Raytheon's New Cybersecurity Company Name To Be Announced(Forbes) In one of the biggest cybersecurity deals of the year, Raytheon Company and Vista Equity Partners completed a joint venture transaction this past May which created a new company that combined Websense, a Vista Equity portfolio company, and Raytheon Cyber Products, a product line of Raytheon's Intelligence, Information and Services business
Is FireEye An Acquisition Target In 2016?(Seeking Alpha) FBR predicts FireEye as an acquisition target of Cisco Systems. At $20, FireEye becomes a compelling investment if the company can instill more financial discipline. The recommendation is to continue watching the story play out for a better entry point
FireEye Or Palo Alto Networks: Which Stock Is Best For 2016?(Seeking Alpha) At $21, FEYE is a great investment opportunity. PANW is a great company, but too expensive for there to be significant upside in its stock. PANW and FEYE operate on different ends of the cybersecurity spectrum, although both ends are full of promise
One Million Cybersecurity Job Openings In 2016(Forbes) If you are thinking about a career change in 2016, then you might want to have a look at the burgeoning cybersecurity market which is expected to grow from $75 billion in 2015 to $170 billion by 2020
Infoblox Appoints Janesh Moorjani as Chief Financial Officer(CNN Money) Infoblox Inc. (NYSE: BLOX), the network control company, today announced that Janesh Moorjani has joined Infoblox as executive vice president and chief financial officer, effective immediately. Moorjani is responsible for managing the company's worldwide finance operations
How To Prepare Your Organisation For EU Data Protection Reform(TechWeek Europe) Whether you are part of a European company or a non-European company that trades or stores data inside Europe, it is likely that the new European data protection regulations coming into play will affect the way you handle employee and customer data
Gov't did buy spyware, tech blogger alleges(Free Malaysia Today) Keith Rozario uploads links to two telegraphic transfer slips that prove spyware was purchased although by Miliserv Technologies Sdn Bhd and not PM's Department per se
Monitoring of Terrorism Threats Has Risen, Official Says(New York Times) A senior European counterterrorism official said on Thursday that spy services in several countries had increased their monitoring and surveillance, and governments had put heightened security measures in place, even before recent arrests in Belgium and Turkey
Encryption in the Balance: 2015 in Review(Electronic Frontier Foundation) If you've spent any time reading about encryption this year, you know we're in the midst of a "debate." You may have also noted that it's a strange debate, one that largely replays the same arguments made nearly 20 years ago, when the government abandoned its attempts to mandate weakened encryption and backdoors
Industry pros defend data encryption(Westfair Communications) A national debate on data encryption has followed the recent terrorist attacks in San Bernardino, Calif., and Paris with some lawmakers calling for legislation to mandate access for law enforcement and government agencies to "backdoors" that will allow them to decipher encrypted data
Cyber Litigation: The Next Big Thing?(American Lawyer) It was the scandal of the summer: AshleyMadison.com, the dating and social networking service that markets itself to would-be cheaters, was cyberattacked, and the names and contact information of purported members — including celebrities, congressional staffers and evangelists — were revealed online. Soon after, plaintiffs lawyers lodged class action litigation on behalf of website users
Republicans seek answers from NSA on snooping(The Hill) Republicans on the House Oversight and Government Reform Committee have requested that the National Security Agency (NSA) provide them with all guidance given to employees on intercepted communications that involve members of Congress
Cellphone Contacts in Paris Attacks Suggest Foreign Coordination(New York Times) The terrorists who killed 130 people in Paris in November were in contact by cellphone with at least one person in Belgium during their attacks, suggesting that they may have been coordinated or monitored from abroad while killing, according to French police reports on the investigation
Friend of California shooter indicted on gun, terror charges(AP via Yahoo! News) A friend of one of the shooters in the San Bernardino massacre that killed 14 people was indicted Wednesday on charges that include conspiring in a pair of previous planned attacks and making false statements when he bought the guns used in this month's shootings, authorities said
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CES CyberSecurity Forum(Las Vegas, Nevada, USA, January 6, 2016) Premiering at CES 2016 — the global stage for next generation technologies — The CyberSecurity Forum will bring together security experts and technology visionaries with executives and policymakers...
FloCon 2016(Daytona Beach, Florida, USA, January 11 - 14, 2016) The FloCon network security conference provides a forum for large-scale network flow analytics. Showcasing next-generation analytic techniques, FloCon is geared toward operational analysts, tool developers,...
Cyber Security Breakdown: Chicago(Chicago, Illinois, USA, January 12, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...
Insider Threat Program Development Training Course — Georgia(Atlanta, Georgia, USA, January 12 - 14, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
FTC PrivacyCon(Washington, DC, USA, January 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer...
National Insider Threat Special Interest Group Meeting(Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.
POPL 2016(St. Petersburg, Florida, USA, January 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome,...
Automotive Cyber Security Summit — Shanghai(Shanghai, China, January 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards...
SANS Institute: Information Security Training(Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...
CyberTech 2016(Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with...
Fort Meade IT & Cyber Day(Fort Meade, Maryland, USA, January 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.