skip navigation

More signal. Less noise.

Daily briefing.

The attack on power distribution substations in Western Ukraine seems clearly to have been a cyber attack, but how its effects were accomplished remains unclear: BlackEnergy accompanied the attack, but it's not the mechanism by which the breakers were cycled.

Analysts continue to warn utilities to be on their guard. And Corero warns all to watch for what it's calling "dark DDoS": the increasing use of denial-of-service as a "smokescreen" for more serious attacks.

DDoS attacks remain a threat — Akamai reports a 180% increase in the frequency of such attacks in 2015 — but as Tripwire puts it, we're seeing greater numbers but a smaller punch.

ISIS has launched its own encrypted messaging app, but it continues to focus on information operations, offering not only emojis for inspiration across social media, but an online cyber warfare magazine ("Kybernetiq," published in German) and a news service (Amaq) that features early distribution of communiqués claiming responsibility for attacks.

A widow sues Twitter for negligently enabling her husband's murder by ISIS. Few expect the suit to hold up, but should it do so, the implications for online communication would be great.

The SlemBunk Android banking Trojan discovered last year acquires, FireEye reports, a longer attack chain and drive-by infection capability.

Researchers report Apple's patch of OS X's Gatekeeper is more porous than users might wish.

Fortune says cryptography guru David Chaum's PrivaTegrity, his contribution to ending the crypto wars, has been widely misunderstood as incorporating a backdoor. Instead, they say, it implements distributed control.


Today's issue includes events affecting Argentina, Australia, Canada, China, Djibouti, Egypt, European Union, Finland, France, Germany, Japan, New Zealand, India, Iraq, Israel, Jordan, Democratic Peoples Republic of Korea, Mexico, Russia, Syria, Sweden, Ukraine, United Kingdom, United States.

The CyberWire will be taking Monday off in observance of Dr. Martin Luther King, Jr. Day. We'll be back as usual on Tuesday, January 19th. Enjoy the holiday.

Cyber Attacks, Threats, and Vulnerabilities

Cyber Security for the Power Grid — Why We Should Fear Hackers (but not Squirrels) (The CyberWire) Applied Controls Solutions' Joe Weiss, an industrial controls systems security expert who's also the Managing Director of the ISA99 standards body spoke about the December 2015 cyber attack on the power grid in Western Ukraine, and the lessons both cyber security and controls system specialists should draw from it. He put the incident in context and explained to us why people should take cyber threats to controls systems very seriously indeed

More Signs Point To Cyberattack Behind Ukraine Power Outage (Dark Reading) 'KillDisk' and BlackEnergy were not the culprits behind the power outage — there's still a missing link in the chain of attack

Nuclear Facilities in 20 Countries May Be Easy Targets for Cyberattacks (New York Times) Twenty nations with significant atomic stockpiles or nuclear power plants have no government regulations requiring minimal protection of those facilities against cyberattacks, according to a study by the Nuclear Threat Initiative

As Final Head-of-State Nuclear Security Summit Approaches, Nunn and NTI Warn of Slowing Progress on Preventing Nuclear Terrorism (Nuclear Threat Initiative) 2016 NTI Nuclear Security Index finds countries unprepared for cyber attacks on nuclear facilities; introduces new "sabotage ranking"

'Dark DDoS' — a growing cyber security threat for 2016 (Infosecurity Magazine) Today's DDoS attacks are almost unrecognizable from the simple volumetric attacks that gave the technique its name. No longer the preserve of bad actors coding in their bedrooms to carry out protests, today's attacks have the power to wreak significant damage — as all those affected by the TalkTalk and Carphone Warehouse breaches last year will know

#TangoDown: The 'biggest ever' web attack that wasn't (ZDNet) A hacker group attacked the BBC's website on New Year's Eve, which was later claimed as the "biggest ever" attack. But that claim unraveled when basic facts got in the way

DDoS Attacks Increased by 180% Compared to 2014, Reveals Akamai Report (Tripwire: the State of Security) Last September, CloudFlare detected a large-scale browser-based L7 flood

Defense One: Islamic State has written its own encrypted communications app (Network World) It's the scenario predicted by those opposed to government encryption backdoors

EXCLUSIVE: ISIS Inspires Terrorism Emoji Trend (Vocativ) Groups ranging from Lebanon's Hezbollah to Yemen's Houthi rebels created their own set of stickers for Telegram in ISIS' footsteps

ISIS supporters launch online cyberwar magazine (C4ISR & Networks) Supporters of the Islamic State group have published the first issue of Kybernetiq, an online magazine intended to arm prospective jihadists with cyberwarfare knowledge

A News Agency With Scoops Directly From ISIS, and a Veneer of Objectivity (New York Times) The San Bernardino shootings. The killing rampage this week in a Baghdad mall. On Thursday, it was the explosion that ripped through a Starbucks in Jakarta. In each of those terrorist attacks, an outlet called the Amaq News Agency was first with the news that the Islamic State was going to claim responsibility. The agency has been getting the scoops because it gets tips straight from ISIS, and for those of us on the terrorism beat, that has made Amaq a must-read every time a bomb goes off

'Acedia' And An ISIS-Centered Life Full Of Toxic Purpose (MEMRI) Some might say that the spirit of the modern age, at least in the developed West, is all about an exaltation of the self, or about the primacy of personal choice, or about sexual fulfillment and other hedonistic pleasures. Some critics might point to a spiritual malaise with ancient roots

SlemBunk Android Banking Trojan Gets More Dangerous (Infosecurity Magazine) The SlemBunk Android banking trojan identified late last year has turned out to be more persistent than originally thought — and is being used as part of an ongoing and evolving campaign

How malware developers could bypass Mac's Gatekeeper without really trying (Ars Technica) New researcher pokes holes in Apple's whack-a-mole approach for fixing Gatekeeper

Apple's 'Targeted' Gatekeeper Bypass Patch Leave OS X Users Exposed (Threatpost) Apple has had two cracks at patching a vulnerability that allows malicious apps to bypass its OS X Gatekeeper security feature, and twice has taken a shortcut approach to the fix, said the researcher who reported the flaw

Advantech EKI Vulnerable to Bypass, Possible Backdoor (Threatpost) Researchers have uncovered yet another issue — and potential backdoor — in Advantech's beleaguered EKI-1322 serial device server

Malvertising — why fighting adblockers gets users' backs up (Naked Security) Making malware predictions is a popular but often frustrating pastime

Security Firm Finds Zero-Day Flaw by Turning Users Into Honeypots (eWeek) Kaspersky turned details of a Silverlight flaw into detection rules. When an attacker exploited the vulnerability, it had enough information to pinpoint the flaw

Exploit seller, Hacking Team CEO chat lead Kaspersky to zero-day vulnerability (SC Magazine) After Hacking Team, the controversial peddler of zero-day exploits, found itself hacked and the Italy-based company's data was leaked onto the BitTorrent protocol, researchers at Kaspersky Lab decided to follow a hunch.

Copyright Blocking Security Research: Researchers Barred From Exploring Leaked Archive (Tech Dirt) Two researchers for Kaspersky Lab, Costin Raiu and Anton Ivanov, have published an absolutely fascinating tale of how they successfully tracked down a zero day exploit in Microsoft Silverlight

Anonymous Releases 1GB of Data from Supreme Court of Thailand (Softpedia) Ten days after launching operation #BoycottThailand, the Anonymous hacker collective has just released 1GB of data stolen from the Supreme Court of Thailand

Top spy James Clapper is latest victim of (alleged) teen hackers (Naked Security) A few months ago, a "teen stoner" allegedly hacked into an AOL account belonging to the head of the CIA a few months ago and leaked information about him gleaned from private documents

IoT 'ding-donger' reveals WiFi passwords (SC Magazine) The Ring WiFi doorbell, an IoT device, allows users to view whoever is on their doorstep via the internet from a mobile device when they are not home

VTech lost kids photos, but still wants to help with yours… (Best VPN) On the 14 November 2015, toy manufacturer VTech had its Learning Lodge and Kid Connect applications hacked in a cyber attack

Cyber Trends

Hack the Toaster, Cyber National Guard & Why L0pht Didn't Shutter the Internet (New America) Chris Wysopal a.k.a Weld Pond, chief technology officer of application security firm Veracode, joins The Cybersecurity Podcast to discuss the suspected cyberattack on the Ukrainian power grid, ways to increase transparency about cybersecurity expertise at publicly-traded companies, and why the L0pht hacking collective he once belonged to didn't want to shut down the Internet back in the 1990s just to prove to senators it could

ShmooCon: Hackers and frozen hotel rooms (Day 0) (CSO) Salted Hash has traveled to the nation's capital for ShmooCon

Tripwire Study: Cyber Attackers Successfully Targeting Oil and Gas Industry (BusinessWire) Eighty-two percent of oil and gas IT professionals see significant increase in successful cyberattacks

Clawback: Reports Suggest Companies Paying To Reclaim Stolen Data (Guardian) A recent news report and a survey suggest that companies may be paying to get back data stolen more often than you'd think

Morale Remains Low Around Health and Fitness App Security (Threatpost) It seems little has changed over the last several years when it comes to how health and fitness apps go about securing user information

Report reveals scale of health record data breaches (ComputerWorld) 392 million protected health records disclosed globally

Who really owns your Internet of Things data? (ZDNet) In a world where more and more objects are coming online and vendors are getting involved in the supply chain, how can you keep track of what's yours and what's not?

Gazing into access control crystal ball for 2016 (Security Info Watch) Although access control may not generate the same amount of headlines that other product segments do when it comes technology innovation in the security industry, the fact is the market has experienced a proverbial whirlwind of change in recent years

Don't rely on government to defeat cyber crime: Business needs to get its act together (City A.M.) If 2015 taught us anything, it's that it is now a question of when, not if, our data will be compromised. Therefore, 2016 must be the year that business gets serious about the importance of cyber security

Privacy and Information Sharing (Pew Research Center) Many Americans say they might provide personal information, depending on the deal being offered and how much risk they face

This is how much spear phishing costs companies (CIO) Despite spending an average of $319,327 on spear phishing prevention in the past 12 months, an estimated 28 percent of attacks are getting through and are costing companies dearly

Infiziert — Hacker nehmen Mittelstand ins Visier (Unternehmeredition) Viele Unternehmen erwischt es auf dem kalten Fuß


Legal Mandates Fuel Cybersecurity Insurance Growth (Bloomberg BNA) The rise of state data breach notification laws, as well as federal breach notice and data security obligations affecting some businesses, largely created the demand for cybersecurity insurance, analysts told Bloomberg BNA

Raytheon Websense rebrands as Forcepoint, acquires Intel Security's Stonesoft (ZDNet) Cybersecurity firm Raytheon Websense has acquired Intel Security's firewall business, with the three companies to be known collectively as Forcepoint

IBM to tackle fraud with Iris Analytics (IDG via CSO) IBM is adding to its fraud prevention capabilities with the acquisition of a German software firm

Cyber security company Appthority raises $10 mln (PE Hub Network) San Francisco-based Appthority, a provider of mobile enterprise security services, announced this week it has raised $10 million in Series B funding from existing investors U.S. Venture Partners and Venrock, as well as new investors Blue Coat Systems and Knollwood Investment Advisory

CACI wins $81M Army intel contract (C4ISR & Networks) CACI has been awarded an $81 million Army contract to support intelligence-sharing systems

FirstNet RFP released (GCN) The final request for proposals for a nationwide, wireless, interoperable broadband communications network for first responders has been issued after a year of dialogue with public safety and industry leaders on its objectives and scope

Nick FitzGerald joins ESET as a Senior Research Fellow (Exchange 4 Media) Information security expert, Nick FitzGerald is joining ESET as a Senior Research Fellow. Working with ESET Australia, he will focus on the whole Asia-Pacific region, including his home country, New Zealand

Jim Holtzclaw joins Marsh Risk Consulting as Senior VP (Consultancy.UK) Jim Holtzclaw has joined the Cyber Security Consulting and Advisory Services practice at Marsh Risk Consulting (MRC) as Senior Vice-President. He brings more than 34 years of professional experience to the consultancy, and will be charged with providing the firm's offerings to its private and public client base

Products, Services, and Solutions

WatchGuard Announces New Secure Wireless Access Points so Customers Stay Safer Online (Sys-Con Media) AP300 combines modern wireless features with award-winning security to better protect against network attacks

Rambus Cryptography Research Launches CryptoMedia Platform to Provide Secure Access to Premium Digital Entertainment (BusinessWire) Platform to support VIDITYTM requirements for 4K UHD and High Dynamic Range programming

Check Point Aces Rigorous Testing to Achieve Prestigious Common Criteria Certification (CNN Money) Check Point® Software Technologies Ltd. (NASDAQ: CHKP), the largest pure-play security vendor globally, today announced it has achieved a Common Criteria (CC) certification for Check Point R77.30

Fortscale's user behavioral analytics solution provides full context when truly malicious behavior is detected (Network World) 82% of security attacks involve stolen user credentials. UBA is the best type of tool to determine when those credentials are being used for malicious purposes

Technologies, Techniques, and Standards

JavaScript Deobfuscation Tool (Internet Storm Center) Emails remain a nice way to infect people: Write a message with pertinent information, respect the format and style of the organization you're targeting, add some social engineering and you have good chances that your victim will open the attached malicious file

Compliance compounded by evolving threat landscape (Help Net Security) As industry business models change, compliance challenges are being compounded by an evolving threat landscape and by increased scrutiny from federal agencies looking to protect critical data

Server Hardening (Linux Journal) Server hardening. The very words conjure up images of tempering soft steel into an unbreakable blade, or taking soft clay and firing it in a kiln, producing a hardened vessel that will last many years. Indeed, server hardening is very much like that

Six Mistakes That Could Threaten The Security Of Your Web Applications (Forbes) When it comes to monitoring the security of your company's web applications, no detail (no matter how small) can be overlooked. After all, it only takes one vulnerability to take down your business and compromise your customers' sensitive data

Why thinking like a criminal is good for security (CSO) When planning an attack, criminals study their target victims looking for the weakest links.

Create a Back-Up Plan for Your Data (Stamford Advocate) Don't wait until Armageddon strikes

How To Run A Data Breach Fire Drill (Law 360) When a data breach hits a company, it delivers a healthy dose of stress, panic and urgency — and it's just about the worst environment for an incident response team to put its procedures into action for the first time

Design and Innovation

What Everybody Misunderstands About Privacy Pioneer David Chaum's Controversial Crypto Plan (Fortune) Can the online privacy master's scheme disrupt the "encryption wars"?

Building Security In versus Building Security On (SecurityWeek) Built in or bolted on? When have you ever seen "bolted on" as the first choice of anyone in just about any imaginable scenario? Yet for software security, "bolted on" is certainly the norm

Research and Development

ONR Research Seeks Quick-Reaction Capabilities, Breakthrough Technologies (Seapower) The director of the Office of Naval Research (ONR) said he divides his $2 billion science and technology budget into quick-reaction programs that can bring new capabilities to the fleet quickly, in efforts to mature technology that will produce better systems in three to four years, in "leap-ahead innovation" that could become operational within eight years, and into discovery and invention that can uncover new concepts to yield breakthrough capabilities for the warfighters a decade from now


UCF cyber defense club recognized as best in nation (Central Florida Future) After dominating the collegiate cyber defense circuit last year, Hack@UCF was recognized for best overall performance of the year based on 21 cybersecurity competitions spanning from June 2014 to May 2015

Legislation, Policy, and Regulation

Industry sceptical of new NIS directive passed today (SC Magazine) European member states face a new set of cyber-security rules following a vote in the European Parliament's Internal Markets Committee but industry experts were not impressed

France Moves to Better Coordinate Its Antiterrorism Efforts (Wall Street Journal) French intelligence agencies to share information and resources

In debate, Republicans call on tech sector to aid terrorism fight (Christian Science Monitor Passcode) In the wake of the terrorist attacks in Paris and San Bernardino, most Republican candidates are betting that public worries over national security may supersede concerns over free speech and privacy issues

Jeb Bush Proposes Putting NSA in Charge of Civilian Data, Cybersecurity (Fast Company) The GOP presidential candidate also proposed offering liability relief to tech companies that share data with law enforcement officials

Going Native: A Career Pipeline For U.S. Military Success Out in Silicon Valley (Foreign Policy) Just as we needed people who could interpret for us in Afghanistan and Iraq, so do we need soldiers who can do the same for us in Silicon Valley and other centers of technological innovation across the country

New York tries to force phone makers to put in crypto backdoors (Naked Security) The sport of holding Apple, Google and other tech companies over a barrel to demand backdoors now has a new player: New York

Bill aims to thwart strong crypto, demands smartphone makers be able to decrypt (Ars Technica) NY assemblyman: "Terrorists will use these encrypted devices" to plan attacks

FBI seeking permanent CIO (Federal Times) The FBI is looking for a new agency CIO to fill the vacancy left by its previous top IT manager who departed in August

Litigation, Investigation, and Law Enforcement

State designates Afghan ISIS a foreign terrorist organization (The Hill) The State Department has officially designated the Islamic State in Iraq and Syria's Afghanistan affiliate as a foreign terrorist organization

FTC Cautions Businesses on Big Data Use (Legaltech News) Companies must proceed with caution as they use consumer surveillance tools made possible in today's 'big data' era

Sen. Franken Questions Google About Student Data Privacy (re/code) Sen. Al Franken has asked Google to explain what it does with the personal, private data of students who use its Google Apps for Education products and Chromebooks

The Widow of a Man Killed in Islamic State Attack Is Suing Twitter (Reuters via Vice News) Twitter is being sued by the widow of an American killed in Jordan who accuses the social media company of giving a voice to Islamic State (IS), adding to the pressure to crack down on online propaganda linked to terrorism

Twitter, ISIS, and Civil Liability (Lawfare) A few months ago, we wrote a lengthy piece about the possibility that Apple could face civil liability for providing end-to-end encryption to criminals and terrorists. We got a lot of heat for this piece. But today it's looking pretty good

How Twitter quietly banned hate speech last year (Ars Technica) Company now emphasizes safety and free expression rather than lack of censorship

'Good enough' isn't good enough to secure NRC network center (FCW) The Nuclear Regulatory Commission's network security operations center meets the operational security requirements under an IT services contract, but there's room for improvement, according to a report from the commission's inspector general

The cyber law series: How data privacy and surveillance have crept into the workplace (Tech 2) Privacy concerns take two forms: data privacy and surveillance. The first is an issue that is being addressed, with laws in place protecting and restricting the collection of data

With new deal in place, Sweden asks to question Assange at embassy (Ars Technica) WikiLeaks founder still facing possible sex offense charges

Student who hacked college website escapes jail time, gets job offers (Naked Security) Ryan Pickren was only playing a prank, or so he thought until he found himself in jail on Christmas Eve 2014, facing charges of "computer trespassing"

Online predator busted after being intercepted by tech-savvy mom (We Live Security) Being a tech-savvy parent is one way to make your child's online experience secure, as a recent story has revealed. In what was an almost textbook example of online grooming that surfaced only a few days ago in Colonie, New York, a watchful mom uncovered and helped to arrest an online predator

Wanted man nabbed after he sends police a more flattering mug shot (Naked Security) You have to admit, he did look a bit puffy. Shiny cheeks don't help

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

VB 2016 (Denver, Colorado, USA, October 5 - 7, 2016) The 26th annual international Virus Bulletin conference meets this October in Denver

Upcoming Events

POPL 2016 (St. Petersburg, Florida, USA, January 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome,...

Automotive Cyber Security Summit — Shanghai (Shanghai, China, January 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards...

CyberTech 2016 (Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with...

Global Cybersecurity Innovation Summit (London, England, UK, January 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective...

Fort Meade IT & Cyber Day (Fort Meade, Maryland, USA, January 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products...

ESA 2016 Leadership Summit (Chandler, Arizona, USA, January 31 - February 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and...

SANS Cyber Threat Intelligence Summit & Training 2016 (Alexandria, Virginia, USA, February 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and...

BSides Tampa 2016 (MV Royal Caribbean Brilliance of the Seas, Tampa to Mexico, February 4 - 8, 2016) BSides Tampa is an annual IT security/hacking conference featuring hands on training classes and lectures from some of the greatest minds in the industry and academia

The Law and Policy of Cybersecurity Symposium (Rockville, Maryland, USA, February 5, 2016) This one-day symposium will cover the critical legal and policy issues, challenges, and developments in cybersecurity. Legal professionals, professionals who develop cybersecurity strategies and policies,...

National Cybersecurity Center of Excellence to Celebrate Opening of Newly Remodeled Facility (Rockville, Maryland, USA, February 8, 2016) The National Cybersecurity Center of Excellence is celebrating its dedication on February 8, 2016 at the center's newly remodeled facility at 9700 Great Seneca Highway

Insider Threat Program Development Training — California (Carlsbad, California, USA, February 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...

OPSWAT Cyber Security Seminar (Washington, DC, February 9, 2016) OPSWAT, along with our Washington DC partners, InQuest and Punch Cyber, will be hosting a half-day seminar to cover several threat detection and research technologies

Secure Rail (Orlando, Florida, USA, February 9 - 10, 2016) The first conference to address physical and cyber rail security in North America

Cyber Security Breakdown: Dallas (Dallas, Texas, USA, February 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.