Late December's cyber attack on a Ukrainian electrical utility has been linked to a variant of the BlackEnergy Trojan long disseminated by the "SandWorm" threat actors. The attack produced rolling blackouts in Western Ukraine, but ESET researchers believe the operation sought to affect a much wider area than a single oblast: they've found the malware in at least two other utilities' networks.
The attack was accompanied by a flood of calls to utility support centers, effectively distracting responders through misdirection and some telephony denial-of-service. BlackEnergy includes both persistence and file destruction functionality.
Ukraine's SBU security service unambiguously blames Russia for the operation (the Kremlin has not commented) and Western observers tend to agree. The nature of the attack, ongoing tension between Ukraine and Russia, and the absence of an obvious criminal motive strongly suggest state activity. Coming after revelation of Iranian reconnaissance of a small New York State dam's control system, this attack exacerbates concerns about infrastructure cyber vulnerabilities.
Hackers DDoS the Saudi Ministry of Defense to protest a leading Shiite cleric's execution. (Iran says the hackers are Saudi Shiites.)
As authorities hunt for "Jihadi John," the latest murderous online face of ISIS, the case for Daesh's effective use of crypto strikes observers as increasingly weak.
PlayStation succumbed to a DDoS attack last night (responsibility claimed by the PhantomSquad skids).
Emsisoft reports finding new Java-based ransomware, "Ransom32." It's evasive and works across several operating systems.
Cisco Jabber is vulnerable to man-in-the-middle attacks. No patch or workarounds are as yet available.
Today's issue includes events affecting Canada, China, Estonia, European Union, Iran, Iraq, Ireland, Israel, New Zealand, Poland, Russia, Saudi Arabia, Syria, Ukraine, United Kingdom, United States.
Ukraine faces world's first blackout caused by hackers(The NextWeb) While 2015 was rife with news of hackers stealing data from governments, health insurers and adultery sites, it looks like targeting our energy infrastructure might be the next big thing in cyberattacks
Українські ЗМІ атакують за допомогою Black Energy(CERT-UA) Нещодавно декілька українських ЗМІ у дні проведення місцевих
виборів було атаковано невідомими зловмисниками. Про це у мережі
оприлюднювалась досить дозована інформація про успішні хакерські
атаки, напрямлені на них. До CERT-UA також звернулись з цього
приводу і ми вважаємо за важливе повідомити про деякі деталі
Experts separate fact from hype in reports of Iranian hacking(Christian Science Monitor Passcode) Recent stories suggest that foreign hackers are making dangerous inroads into utilities, putting critical infrastructure at risk of devastating cyberattacks. Yet, experts say these breaches aren't cause for panic
The 'mind-boggling' risks your city faces from cyber attackers(MarketWatch) During a 2014 cybersecurity drill New York City officials held with intelligence agencies in 2014, the Federal Bureau of Investigation posed several scenarios. What if the city noticed that the 911 system had shut down? What if criminals attempted to coordinate a computer attack on emergency infrastructure with a physical attack?
STARTTLS downgrade vulnerability in the Cisco Jabber client(Synacktiv) The Cisco Jabber client exists for different platforms (Windows, iOS, BlackBerry, and Android). This software uses the Jabber1 protocol (XMPP), SIP and SRTP streams to help collaborators, but also partners and customers to communicate more quickly and securely without running a VPN as it is mentioned in the Cisco website
The Curious Case of Creepy @FFD8FFDB Twitter Bot Spying and Posting Images(Hack Read) A while ago we reported about a creepy website was showing live footage from 73,000 private security cameras. Now, a Twitter Bot with the aforementioned account name is posting uncanny images with random, incomprehensible pieces to text regularly. Only recently, the man behind the bot has revealed that the Bot posts images from unsecured webcams that it looks for and discovers
2015: The Year Of 'Attacks on Trust'(Dark Reading) Nine attacks that leveraged stolen, compromised, or unprotected cryptographic keys and digital certificates show how easy it is for cybercriminals to bypass security controls and hide their actions
Security Patches, Mitigations, and Software Updates
Google Patches Another Critical Mediaserver Vulnerability(Threatpost) Since last summer's Stagefright vulnerabilities toppled the Android world for a few weeks, researchers inside and out of Google have been taking a close look at not only the maligned media playback engine, but also at Mediaserver where it lives
FireEye acquisition rumors resurface(FierceEnterpriseCommunications) Last spring, Cisco executives squashed rumors that it was planning to acquire network threat prevention vendor FireEye, but a Seeking Alpha article has brought those rumors to the forefront again
Corero Network Security wins order for defence system(DigitalLook) AIM-listed online protection solutions provider Corero Network Security has won a significant order for its SmartWall Threat Defense System (TDS) from a US hosting provider valued at over $400,000 (£272,000)
Testing for DNS recursion and avoiding being part of DNS amplification attacks(Internet Storm Center) Yes, it has been said too many times, but still there are too many DNS servers out there allowing recursion to devices outside their network, which could be used for DNS amplification attacks. How? The attacker sends a spoofed DNS request with the victim IP address, usually from a botnet. When the misconfigured DNS answers will send the packet to the victim IP address causing a DDoS attack
IPv6 celebrates its 20th birthday by reaching 10 percent deployment(Ars Technica) Twenty years ago this month, RFC 1883 was published: Internet Protocol, Version 6 (IPv6) Specification. So what's an Internet Protocol, and what's wrong with the previous five versions? And if version 6 is so great, why has it only been adopted by half a percent of the Internet's users each year over the past two decades?
5 sins cybersecurity executives should avoid(CSO) With the advent of 2016, I was tempted to touch upon my thoughts on what the future of the cyberlandscape will hold, prognosticating trends and shifts and what the next big threat would be
Phpsploit — Stealth Post-Exploitation Framework(Kitploit) PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes
Tips to Protect Your Personal Information While Online(IRS Security Awareness Tax Tip Number 7) The IRS, the states and the tax industry urge you to be safe online and remind you to take important steps to help protect your tax and financial information and guard against identity theft. Treat your personal information like cash — don't hand it out to just anyone
Design and Innovation
The Nature Lover's Guide to Cyber Security(Wall Street Journal) Biomimicry is catching on in the cyber security field as engineers take inspiration from nature to develop improved technologies for protecting data and thwarting cyber crime
From sci-fi to real life: Government's changing role in tech innovation(C4ISR & Networks) Anyone who ever saw an episode of the original "Star Trek" TV series will recognize the similarity between a flip phone and the show's communicator, the device that Starfleet personnel use to talk to one another across vast distances with no need for wires and dials
Approved — Cybersecurity Act of 2015 (Lexology) It is official, on December 18, 2015 President Obama signed the Cybersecurity Act of 2015, which encompassed the Cybersecurity Information Sharing Act of 2015 ("CISA"), into law
Clearance Process Will Include Social Media Checks(Security Clearance Jobs Forum) One of the items included in the 2016 omnibus appropriations bill is the Enhanced Personnel Security Program. Why is this significant? Because it will direct agencies to screen social media sites twice within every 5 years as a part of the continuous evaluation process
IG questions DoD cloud computing oversight(FierceGovernmentIT) The Defense Department doesn't have a standard definition for cloud computing or a comprehensive inventory of cloud computing service contracts, according to findings in a recent DoD Office of Inspector General report
DoD Needs an Effective Process to Identify Cloud Computing Service Contracts(Inspector General, US Department of Defense) Our objective was to determine whether selected DoD Components performed a cost-benefit analysis before acquiring cloud computing services. In addition, we were to identify whether those DoD Components achieved actual savings as a result of adopting cloud services
Air Force bolsters its cyber ranks by 40 percent(Defense Systems) With the projected completion of the Defense Department's Cyber Mission Force slated for 2018, the individual services are staffing up to fill their requirements to the overall force, expected to number more than 6,000
Exclusive — Pete Hoesktra: NSA Spying on Congress Requires Suspending State of the Union Invite(Breitbart) Elected officials and leaders of the U.S. Intelligence Community (IC) must maintain the integrity of America's vast intelligence enterprise as a lawful, neutral, independent and fair arbiter of facts. Recent news that the Obama White House obtained intelligence containing private conversations of members of Congress and American Jewish organizations from the National Security Agency (NSA) suggests the integrity of our intelligence agencies have been undermined
The hunt to unmask the new 'Jihadi John'(Washington Post) The hunt is on to identify the new "Jihadi John," the masked, British-accented Islamic State militant who on a newly released video calls British Prime Minister David Cameron an "imbecile" and then helps slaughter five men suspected by the group of spying for Britain
Britain denounces Islamic State video showing 'spies' shot(Reuters) An Islamic State video showing a young boy in military fatigues and an older masked militant who both spoke with British accents is "desperate" propaganda from an organization that is losing ground, Prime Minister David Cameron said on Monday
CES CyberSecurity Forum(Las Vegas, Nevada, USA, January 6, 2016) Premiering at CES 2016 — the global stage for next generation technologies — The CyberSecurity Forum will bring together security experts and technology visionaries with executives and policymakers...
FloCon 2016(Daytona Beach, Florida, USA, January 11 - 14, 2016) The FloCon network security conference provides a forum for large-scale network flow analytics. Showcasing next-generation analytic techniques, FloCon is geared toward operational analysts, tool developers,...
Cyber Security Breakdown: Chicago(Chicago, Illinois, USA, January 12, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...
Insider Threat Program Development Training Course — Georgia(Atlanta, Georgia, USA, January 12 - 14, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
FTC PrivacyCon(Washington, DC, USA, January 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer...
National Insider Threat Special Interest Group Meeting(Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.
POPL 2016(St. Petersburg, Florida, USA, January 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome,...
Automotive Cyber Security Summit — Shanghai(Shanghai, China, January 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards...
SANS Institute: Information Security Training(Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...
CyberTech 2016(Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with...
Fort Meade IT & Cyber Day(Fort Meade, Maryland, USA, January 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.