skip navigation

More signal. Less noise.

Daily briefing.

Israeli officials said yesterday that the country's electrical grid came under cyber attack this week. Energy Minister Steinitz called the attack "severe," but said it was being successfully mitigated. Electrical power seems not to have been disrupted; efforts at defense continue. There's no public attribution.

Nothing new from Anonymous in its war against ISIS (now in its third month). But the hacktivist collective does punish Costa Rico's Foreign Ministry over complicity in objectionable (to Anonymous) free trade agreements. LulzSec adherents join in the action.

Palo Alto Networks describes a new campaign by the Chinese ATP group Codoso. Best known for compromising a portion of Forbes's website, Codoso appears engaged in espionage against targets in the telecommunications, tech, legal services, education, and manufacturing sectors. This time it appears to be going after servers.

China's People's Daily offers some insight into current PLA thinking on cyber deterrence. Much reflects familiar deterrence theory, but there's also considerable sentiment in favor of tactics (aggressive reconnaissance and battlespace preparation) Western intelligence services regard as highly destabilizing.

Symantec reports a different campaign, affecting some 3500 servers worldwide, involving injection code attacks that appears to represent reconnaissance and battlespace preparation for some future, more damaging attack.

Core Security reports vulnerabilities in Lenovo's ShareIT product, which Lenovo's now patched.

Belgian's Crelan bank reports losing €70 million in a business email compromise.

US fast food chain Wendy's investigates a possible paycard breach.

France moves to gain investigative access to data in foreign servers, advises European partners to do likewise.

Notes.

Today's issue includes events affecting Belgium, China, Costa Rica, Egypt, Iran, Israel, Mali, Russia, Turkey, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Israel's Electrical Grid Targeted by 'Severe Cyber-attack' (Haaretz) Energy Minister Steinitz says Israeli electric authority succeeded in mitigating attack by shutting down systems to prevent virus from spreading

Israel's electric authority hit by "severe" hack attack (Updated) (Ars Technica) Israel's Electricity Authority experienced a serious hack attack that officials are still working to repel, the country's energy minister said Tuesday

Al Qaeda group releases video of Swiss hostage: monitor (Reuters) Al Qaeda in the Islamic Maghreb (AQIM) released a video of a Swiss nun who had been kidnapped in northern Mali nearly three weeks ago in the first claim of responsibility for the hostage-taking, according to SITE Intelligence Group

Social Media Made the Arab Spring, But Couldn't Save It (Wired) Five years ago this week, massive protests toppled Egyptian President Hosni Mubarak, marking the height of the Arab Spring

Anonymous Hacks Costa Rica's Ministry Of Foreign Affairs For OpPuraVida (Hack Read) Anonymous and supporters of the LulzSec group breached into the server of Cosa Rican government website for OpPuraVida

A new wave of attacks linked to the Codoso ATP Group (Security Affairs) According to Palo Alto Networks' Unit 42 the Chinese APT group Codoso has been targeting organizations in various industries in a new wave of cyber attacks. The group of experts at Palo Alto Networks Unit 42 have uncovered a new cyber espionage operation conducted by the Chinese AT Codoso (aka C0d0so0 or Sunshop Group)

Symantec detects 3,500 servers infected with a malicious script (SC Magazine) Symantec reported the worldwide infection of 3,500 public servers with a malicious script that redirects victims to other compromised websites that could be used to download malware and which the company said could be part of a recon effort for future attacks

New Magic ransomware abuses open-source 'educational' code (SC Magazine) Malware based on open-source code, created for educational purposes only, has been spotted in the wild by Bleeping Computer's Lawrence Abrams

Ransomware Author Blackmails Security Researcher Who Refuses to Give In (Softpedia) The author of the Magic ransomware strain has agreed to release all decryption keys for free, if Utku Sen, a Turkish security researcher, takes down his Hidden Tear open-source ransomware project from GitHub

Lenovo ShareIT Multiple Vulnerabilities (Core Security) SHAREit is a free application from Lenovo that lets you easily share files and folders among smartphones, tablets, and personal computers. Lenovo SHAREit for Windows and Android are prone to multiple vulnerabilities which could result in integrity corruption, information leak and security bypasses

Critical Java bug found in PayPal servers (Naked Security) Up until last month, PayPal's servers had been vulnerable to a critical type of bug that security researchers have known about for years but have assumed — incorrectly — was theoretical and too hard to exploit

BGP Route Hacking — An Overview (Team Cymru) BGP is the mechanism by which autonomous networks exchange "reachability" information between each other

How Amazon customer service was the weak link that spilled my data (Ars Technica) Even when doing everything right, an Amazon account is all it takes to get breached

The Wi-Fi router with a password that takes just 70 guesses… (Naked Security) When you buy a new device, especially for use at home, you probably want to unpack it, connect it up and start using it as quickly as possible

IoT doorbell gave up Wi-Fi passwords to anybody with a screwdriver (Naked Security) Here's the physical security that the Wi-Fi enabled, Internet of Things Ring smart doorbell gives you: 1) automatic activation and notification on your mobile phone when people come close to your home or loiter around it, and 2) a CCTV camera and high-quality intercom to talk to whomever comes knocking, even if you're miles away

Wendy's Probes Reports of Credit Card Breach (KrebsOnSecurity) Wendy's, the nationwide chain of fast-food restaurants, says it is investigating claims of a possible credit card breach at some locations

Belgian bank Crelan loses €70 million to BEC scammers (Help Net Security) Belgian bank Crelan has become a victim of fraudsters. According to a statement (in Dutch) published last week, the bank has lost over 70 million euros (around $75,8 million)

Business Email Scam: How Much Does a Million Dollar Cost? (Fortinet) Earlier this month, the Daily Mail published an article regarding foreign crime gangs stealing millions through hacking email accounts of house buyers and sellers. The con is simple — use malware to steal email credentials, study the content of compromised emails, and then use the collected information to social-engineer your way into siphoning out victims' money

Security Experts Say That Hacking Cars Is Easy (Time) New car features come at a cost

Security Patches, Mitigations, and Software Updates

Mozilla Releases Security Updates (US-CERT) Mozilla has released security updates to address multiple vulnerabilities in Firefox. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system

Lenovo has fixed its crap password problem (Inquirer) Holy Cow! Lenovo has fixed vulnerabilities in ShareIT that it created by using the sort of password that a dog would use

Cyber Trends

Is Cybercrime Just a Cost of Doing Business? (Security Magazine) Where cybercrime is going and what you can do about it

The dismal state of payment data security (Help Net Security) With acceptance of mobile and other new forms of payments expected to double in the next two years, a new global study shows a critical need for organizations to improve their payment data security practices

Survey says: Data breaches in other industries will damage financial institutions (SC Magazine) Respondents to a new survey from Silicon Valley-based software company FICO unanimously agreed: Data breaches this year in other industries will damage financial institutions

Internet of things security years away from being fully baked, says Forrester (ZDNet) Forrester's take on the Internet of things isn't that shocking — the industry has developed with little thought about security — but the time frames are jarring nonetheless

The Cybersecurity Challenge Every Business Should Prepare for (Fortune) While much of the conversation in Davos centered around Europe's refugee crisis, cybersecurity dominated the agenda

Video: 'It's asymmetrical warfare' between the hackers and defenders (SC Magazine) Mushrooming numbers of BYOD and IOT devices is putting corporate networks at risk, says ForeScout CEO Michael DeCesare in an exclusive video interview

Marketplace

BDs Lagging in Cybersecurity Safeguards (Wealth Management) When it comes to cybersecurity, independent broker-dealers lag the wider industry on utilizing basic safeguards to protect customer information and prevent fraudulent activity

IDC Survey: Western Europe Utilities Sector Considers Cybersecurity Top Investment Priority in 2016 (ExecutiveBiz) A new International Data Corp. survey has found that utilities companies in Western Europe will prioritize spending on cybersecurity efforts, such as cloud and mobile security and data loss prevention, over the next 12 months

New government scheme to provide boost for cyber-security startups (SC Magazine) The UK government has announced a new programme which will support cyber-security start-ups in order to help develop innovative technical solutions to keep the UK safe from cyber-attacks. Running in partnership with Cyber London and the Centre for Secure Information Technologies, it will operate out of the Queen's University campus in Belfast

DHS Issues RFI on Open Source, Social Media Analytics Tools (ExecutiveBiz) The Department of Homeland Security is soliciting information on open-source and social media analytics technology that can be used to facilitate agency efforts to guard the U.S. against threats

Bell ID acquired by chip maker Rambus' digital security division (NFC World) Tokenization and mobile payments specialist Bell ID has been acquired by chip maker Rambus

Bain's Blue Coat Said to Target $500 Million IPO This Year (BloombergBusiness) Blue Coat Systems Inc., the Internet security-software company backed by Bain Capital, will seek to raise as much as $500 million in an initial public offering this year, people with knowledge of the matter said

Lockheed Martin passes government IT unit on to Leidos in $5B deal (Denver Post) Aerospace and defense giant Lockheed Martin Corp. will combine its information systems and global solutions unit with national security company Leidos Holdings in a tax-free tie-up valued at $5 billion

Is It Time To Buy FireEye, Inc? (Motley Fool) Has this beaten-up cybersecurity firm finally bottomed?

Companies look beyond firewalls in cyber battle with hackers (Reuters) With firewalls no longer seen as enough of a defense against security breaches, companies are looking at new tools to foil hackers trying to enter a computer network

8 tips for recruiting cybersecurity talent (CIO via CSO) Finding cybersecurity talent isn't easy, but it's even harder if you use the same methods that work for other IT talent specialties. Here's how to get it right

Why Cybersecurity Certifications Matter — Or Not (Dark Reading) Job candidates with a certification make more money, but there's more to the equation for cybersecurity professionals

Solutionary Appoints Former IBM Executive Consultant John Petrie as Chief Information Security Officer & Senior Security Strategist (CNN Money) Industry veteran to drive information security strategy and manage the Solutionary Security Program

Denis Cashman Appointed EMC CFO; Zane Rowe Named CFO at VMware (GovConWire) Denis Cashman, chief accounting officer at EMC (NYSE: EMC) and chief financial officer of the firm's information infrastructure business, has been appointed corporate CFO at the company

Products, Services, and Solutions

Google says it blocked 780 million bad ads last year (Hot for Security) What is Google? If you answered a powerful internet search engine then you're only partly right

Tenable Network Security now supports Microsoft Azure (ARN) Aims to enhance security visibility

Startup Cybric aims to reduce time between detecting and remediating breaches (Network World) By screening clone images of networks, FabricVUE can deliver results in near real time without affecting production networks

Ultimate Data Protection — Leveraging the Power of Quantum (CTO Vision) QuintessenceLabs, the Australian cybersecurity company whose products leverage quantum science as well as deep security expertise, has received global recognition for their game-changing cyber security systems

Technologies, Techniques, and Standards

NetFlow Or sFlow For Fastest DDoS Detection? (Dark Reading) It's still not an easy choice, but combined with the faster NetFlow exporters that have recently come to market, the speed advantage of sFlow is starting to fade

Security policy samples, templates and tools (CSO) New threats and vulnerabilities are always emerging. Are your security policies keeping pace?

Preparation lowers long-term post-breach costs (CSO) Preparation can significantly lower the long-term costs of a breach, according to a SANS report released this morning

Design and Innovation

The Rise of Biometric Security and the "Ultra-Hack" (Finance Magnates) Ashley Madison's data breach was nothing compared to what could happen if hackers steal identities rather than information

An internet 'backdoor' — a way to safeguard privacy while fighting terror online? (EconoTimes) Since so much of life has moved online, a clash has emerged between the opposing values of internet freedom, and internet control

Security industry should embrace the dark web to root out cyber threats (V3) Underground marketplaces on the dark web are a breeding ground for hackers and cyber attack tools, and browsing these places using Tor can lead to the murky world of arms trading, malware sales and drug suppliers

A possible future for IoT security (Help Net Security) There are many problems with Internet of Things devices, and security is one of the biggest ones

There's no turning back: Say goodbye to the perimeter (Help Net Security) If you've been following the announcements from this year's Consumer Electronics Show is Las Vegas, you couldn't have missed Ford's partnership announcement with Amazon

Research and Development

Unmasking malware coders (GCN) Writers, chefs and craftsmen all have recognizable signature styles. The same can be said for programmers — including those who write malware

Legislation, Policy, and Regulation

France to Ratchet up Legal Capacity to Access Overseas Data (ABC News) France's government wants to increase the legal tools available to demand data from overseas tech companies during cybercrime investigations

From China, an Expansive and Dangerous View of Cyber Deterrence (Defense One) One military researcher suggests pursuing it in ways that could prove destabilizing

The new IDF Cyber Defense Brigade divided between two military branches (Debka) A cyber defense war room was integrated for the first time in one of Israel's large-scale national military exercises which took place last week

Israeli Gov't Reaches Out Before Clamping Down on Cyber Exports (Defense News) Gives industry, private sector until March to review policy update

Senators take cyber push to corporate boardooms (The Hill) Two members of Congress think the public has a right to know if companies have cybersecurity expertise at the top

Congressional Cyber Leadership through a Joint Committee (Jurist) No one should doubt that Congress's record on cyberspace issues is dismal

Does anyone really want the government deciding encryption policy? (CSO) Security and privacy debates are highly nuanced, allowing for much interpretation, balancing acts and differences of opinion

NSA's Information Assurance Directorate at a crossroads (FCW) Although often overshadowed by the far bigger Signals Intelligence Directorate, IAD's mission of protecting sensitive information on government networks is more important than ever

New America: FCC has 'statutory mandate' to protect user data from ISPs (FierceGovernmentIT) When the Federal Communications Commission reclassified Internet service providers in its net neutrality ruling last year, it received not only the legal authority to protect user privacy, but a "statutory mandate" to do so, according to a prominent think tank

Proposed State Bans on Phone Encryption Make Zero Sense (Wired) American politics has long accepted the strange notion that just a pair of states — namely Iowa and New Hampshire — get an outsize vote in choosing America's next president

Litigation, Investigation, and Law Enforcement

Government Agencies Audit for Juniper Backdoor (Threatpost) Most U.S. government agencies have until Feb. 4 to audit their IT infrastructure for the use of backdoored Juniper Networks' Netscreen firewalls

FBI looks into cyber attack:TRMC NETWORK BACK UP (Daily Tribune) Reports from Titus Regional Medical Center are that the electronic medical record system is back up and running

FBI Investigates University of Virginia Data Breach (Infosecurity Magazine) The Federal Bureau of Investigation recently notified the University of Virginia (UVA) of a data exposure following an extensive law enforcement investigation

Ethics charges filed against DOJ lawyer who exposed Bush-era surveillance (Ars Technica) Thomas Tamm exposed "the program" which provided the fodder for a Pulitzer Prize

Nursing home workers caught sharing nude patient images on Snapchat (Naked Security) An employee at a nursing home was arrested earlier this month for filming a mostly nude, 93-year-old Alzheimer's patient and sharing the video on social media

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

OPSWAT Cyber Security Seminar (Washington, DC, February 9, 2016) OPSWAT, along with our Washington DC partners, InQuest and Punch Cyber, will be hosting a half-day seminar to cover several threat detection and research technologies

SecureWorld Charlotte (Charlotte, North Carolina, USA, February 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

SecureWorld Boston (Boston, Massachussetts, USA, March 29 - 30, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

SecureWorld Philadelphia (King of Prussia, Pennsylvania, USA, April 20 - 21, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Upcoming Events

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...

CyberTech 2016 (Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with...

Global Cybersecurity Innovation Summit (London, England, UK, January 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective...

Fort Meade IT & Cyber Day (Fort Meade, Maryland, USA, January 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products...

ESA 2016 Leadership Summit (Chandler, Arizona, USA, January 31 - February 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and...

SANS Cyber Threat Intelligence Summit & Training 2016 (Alexandria, Virginia, USA, February 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and...

BSides Tampa 2016 (MV Royal Caribbean Brilliance of the Seas, Tampa to Mexico, February 4 - 8, 2016) BSides Tampa is an annual IT security/hacking conference featuring hands on training classes and lectures from some of the greatest minds in the industry and academia

The Law and Policy of Cybersecurity Symposium (Rockville, Maryland, USA, February 5, 2016) This one-day symposium will cover the critical legal and policy issues, challenges, and developments in cybersecurity. Legal professionals, professionals who develop cybersecurity strategies and policies,...

National Cybersecurity Center of Excellence to Celebrate Opening of Newly Remodeled Facility (Rockville, Maryland, USA, February 8, 2016) The National Cybersecurity Center of Excellence is celebrating its dedication on February 8, 2016 at the center's newly remodeled facility at 9700 Great Seneca Highway

Insider Threat Program Development Training — California (Carlsbad, California, USA, February 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...

Secure Rail (Orlando, Florida, USA, February 9 - 10, 2016) The first conference to address physical and cyber rail security in North America

Cyber Security Breakdown: Dallas (Dallas, Texas, USA, February 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...

Suits and Spooks (Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...

2016 Cyber Security Division R&D Showcase and Technical Workshop (Washington, DC, USA, February 17 - 19, 2016) The cybersecurity threat continues to evolve and in order to keep ahead of the threat; new cutting-edge cybersecurity technologies are needed. The Cyber Security Division (CSD) within the Department of...

Department of the Navy (DON) IT Conference, West Coast 2016 (San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that...

ICISSP 2016 (Rome, Italy, February 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information...

Interconnect2016 (Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...

CISO Canada Summit (Montréal, Québec, Canada, February 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges...

cybergamut Tech Tuesday: Neuro Cyber Analytics: Understanding the Patterns of Human Cognition in the Cyber Domain (Elkridge, Maryland, Middletown, February 23, 2016) This presentation will discuss Neuro Cyber Analytics. Humans use context-specific neurocognitive patterns for receiving and processing internal and external sensory information. Stated differently, people...

Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...

CISO New York Summit (New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

BSides San Francisco (San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...

CISO Summit Europe (London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...

RSA Conference 2016 (San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.