skip navigation

More signal. Less noise.

Recorded Future

Get threat intelligence on hackers and vulnerabilities FREE every day with the Recorded Future Cyber Daily. Sign up today.

Daily briefing.

According to "officials familiar with the investigation," the US will publicly attribute the 2013 hack of a small dam in Rye, New York, to Iran. The Justice Department is expected to indict Iranian operators next week. Iran has long been the leading suspect. This news, together with legislation pending in the Senate designed to protect the power grid, makes it worth reviewing recent expert presentations on ICS security.

ISIS itself suffers a data breach. A disgruntled jihadist, dismayed by what he saw as an excessive Baathist presence in the Caliphate, stole a USB drive with data on 22,000 ISIS fighters. Sky News and German intelligence services have the information.

ISIS retains its formidable social media presence: estimates of sympathetic Twitter accounts ranging up to 90,000.

Cyber espionage against Tibetans (presumably the work of Chinese security services) adapts its techniques to accommodate changes in the Tibetan community's online behavior.

Zscaler continues to track the Android Marcher Trojan—it's now moved from fake Google Play to (presumably real) adult sites.

Adobe issues an emergency patch for Flash; the vulnerability is being exploited in the wild. Oracle patches Java—a 2013 fix is found to be easily bypassed.

The North American Securities Administrators Association has updated its exams to test cyber knowledge.

The US Congress deliberates what's being called "anti-encryption" legislation.

The US Patriot Act's anti-terrorism surveillance provisions are said to have bled over into other forms of law enforcement.

Apple and the FBI move into the "open hostilities" phase of their case.

Notes.

Today's issue includes events affecting Bangladesh, Canada, China, Egypt, France, Germany, India, Iran, Israel, Morocco, Russia, Saudi Arabia, Syria, Tunisia, Ukraine, United Arab Emirates, United Kingdom, United States..

2016 National Conference of Minority Cybersecurity Professionals (Washington, DC, March 23 - 24, 2016) The landmark ICMCP conference will elevate the national dialogue on the necessary measures needed to attract and develop minority cybersecurity practitioners to address the cross-industry cybersecurity skills shortage.

Women in Cybersecurity (WiCYS) 2016 (Dallas, TX, March 31 - April 2, 2016) The 3rd annual conference brings together women (students, faculty, researchers, professionals) in cybersecurity from academia, research organizations and industry for the sharing of knowledge and experience, networking and mentoring.

Cyber Attacks, Threats, and Vulnerabilities

First on CNN: U.S. plans to publicly blame Iran for dam cyber breach (CNN) The Obama administration is preparing to publicly attribute a 2013 cyber attack against a New York dam to Iranian hackers, according to U.S. officials familiar with the investigation

Report: US preparing to publicly blame Iran for NY cyberattack (The Hill) The Obama administration is preparing to publicly blame Iranian hackers for the 2013 cyberattack on a New York dam, according to CNN

Joe Weiss on Industrial Control Systems (GUIRR) Joe Weiss's keynote presentation at the winter meeting of the Government-University-Industry Research Roundtable (GUIRR) on "Critical Infrastructure Security: The Role of Public-Private Partnerships," which took place on February 23-24, 2016

In the Age of Cybercrime, the Best Insurance May Be Analog (Bloomberg BNA) Old-fashioned mechanical systems, plus humans, may help avert catastrophic breaches

IS defector steals USB stick revealing 22K members identities (Naked Security) A disillusioned fighter has defected from the Islamic State (IS), bringing with him a stolen USB drive containing a wealth of intelligence about the group’s members

ISIS member leaks thousands of jihadi member details to Sky News (FierceITSecurity) Even Islamic radicals can become victims of data theft, as evidenced by a treasure trove of data that a former member of ISIS has turned over to Sky News

ISIS Data Leak Exposes Names of 22,000 Recruits (Softpedia) Annoyed ISIS fighter steals USB drive from high-raking Daesh official and gives it to the British press

Data Breach Notification: Islamic State Human Resources & Recruiting (CSO) While it's unlikely IS will issue a legitimate notification, Salted Hash felt one should be produced nevertheless

ISIS expanding digital footprint with 90,000 Twitter accounts, counterterrorism adviser says (Washington Times) There are as many as 90,000 Twitter accounts associated with or sympathetic to the Islamic State terror group, whose digitally-savvy recruiting operation “produced nearly 7,000 slick pieces of propaganda” in 2015

Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans (Citizenlab) This report describes the latest iteration in a long-running espionage campaign against the Tibetan community. We detail how the attackers continuously adapt their campaigns to their targets, shifting tactics from document-based malware to conventional phishing that draws on “inside” knowledge of community activities. This adaptation appears to track changes in security behaviors within the Tibetan community, which has been promoting a move from sharing attachments via e-mail to using cloud-based file sharing alternatives such as Google Drive

Android Marcher now marching via porn sites (Zscaler ThreatLab Blog) Android Marcher Trojan was first seen in 2013 scamming users for credit card information by prompting fake Google Play store payment page

Update Flash now – targeted attacks exploiting security holes (Hot for Security) Windows, Mac and Linux users are being urged to update their installations of Adobe Flash, after the company pushed out a security patch addressing 23 reported vulnerabilities in the software

Two-year-old Java flaw re-emerges due to broken patch (IDG via ITWorld) A patch released by Oracle in 2013 can be easily bypassed to attack the latest Java versions, security researchers said

Critical bug in libotr could open users of ChatSecure, Adium, Pidgin to compromise (Help Net Security) A vulnerability in “libotr,” the C code implementation of the Off-the-Record (OTR) protocol that is used in many secure instant messengers such as ChatSecure, Pidgin, Adium and Kopete, could be exploited by attackers to crash an app using libotr or execute remote code on the user’s machine

Android trojan intercepts SMS messages to raid bank accounts (Graham Cluley) If your 2FA codes are being sent to your mobile, you had best ensure your mobile doesn't have malware

Pompous Ransomware Dev Gets Defeated by Backdoor (Bleeping Computer) A new ransomware was released yesterday that was based on the open-source EDA2 ransomware. This ransomware encrypts your data using AES encryption, appends the Locked extension, and then demand .5 bitcoins to get the decryption key. There have been quite a few EDA2 ransomware variants, but what makes this story different is how this ransomware developer is such a pompous ass and that we were able to get the victim's keys back

Crypto-ransomware: king of cybercrime attack modes (SC Magazine) Crypto-ransomware has surpassed botnets as the most popular attack method of choice for cyber-criminals

DDoS hack attacks are growing at an alarming rate (Business Insider) A DDoS attack can make websites collapse under the weight of traffic

DDoS protection biz Incapsula knackers its customers' websites (Register) An unwelcome PITSTOP

Hackers Target Anti-DDoS Firm Staminus (KrebsOnSecurity) Staminus Communications Inc., a California-based Internet hosting provider that specializes in protecting customers from massive “distributed denial of service” (DDoS) attacks aimed at knocking sites offline, has itself apparently been massively hacked

Hackers Claim Breach Of Ku Klux Klan's Security Company (Forbes) A website run by the Ku Klux Klan has been downed as part of what appears to be a significant breach of its host and security provider Staminus. The company, which promises to protect users from distributed denial of service (DDoS) attacks, was exposed by a crew going by the name of FTA, which leaked data online yesterday

CCTV cameras: security gear which doubles as free DDoS kit (SC Magazine) Cloud-based video surveillance company Cloudview has published new research showing that, while the majority of CCTV systems may protect an organisation's physical assets, they provide an open door to cyber attackers

How a hacker's typo helped stop a billion dollar bank heist (Reuters) A spelling mistake in an online bank transfer instruction helped prevent a nearly $1 billion heist last month involving the Bangladesh central bank and the New York Fed, banking officials said

FireEye hired to help probe Bangladesh Bank heist-sources (Reuters) FireEye Inc's Mandiant forensics division is helping investigate a cyber heist at Bangladesh's central bank last month that netted more than $80 million, people familiar with the matter told Reuters on Thursday

Bloomington, Ind.-based Premier Healthcare Reports Possible Data Breach Affecting 200K Patients (Healthcare Informatics) Premier Healthcare, a Bloomington, Ind.-based physician-led multispecialty provider healthcare group, has reported a possible data breach that could affect more than 200,000 patients after a laptop containing patient information was stolen

High school freshman suspended after allegedly using smartphone app to crash school's Internet (KMBC) Student suspended 10 days, possibly longer

Security Patches, Mitigations, and Software Updates

Flash zero-day prompts emergency update from Adobe (Naked Security) Just two days after this month’s Adobe Patch Tuesday, the company published an emergency fix for Flash

Adobe Releases Security Updates for Flash Player (US-CERT) Adobe has released security updates to address multiple vulnerabilities in Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system

Citrix Releases Security Update (US-CERT) Citrix has released updates to address a vulnerability in its Citrix Licensing Server. Exploitation of this vulnerability could allow a remote attacker to take control of an affected server

Samsung Windows Laptop Owners Urged to Download Fix to MITM Vulnerability (Threatpost) Samsung laptop owners are being urged to update their Windows PCs after the discovery of a vulnerability that can allow remote attackers to download files onto a targeted system and gain complete control over the laptop

Cyber Trends

Before Moving on From RSA… (Network World) A few last thoughts I had while fighting through the crowds at the Moscone Center

All of Your Security Is Broken, Please Buy Our Security (Techspective) Every year at the RSA Conference hundreds—maybe thousands—of security vendors crowd into the Moscone Center in San Francisco with claims that their products or services are better

Survey: Large enterprises see 5 or more network security breaches per year (FierceITSecurity) Almost three-quarters of Global 2000 companies experienced five or more network-based security incidents in the past 12 months — largely due to a lack of visibility as to what's going on inside the corporate perimeter

Small providers increasingly likely to be hack targets (Health Data Management) Too many small hospitals and small or mid-sized physician practices believe defending against cyber attacks is pointless and they’re just hoping to be saved by being obscure

Marketplace

Average Breach Falls Below Cyber Insurance Policy Deductible, Study Shows (Dark Reading) New report shines light on what cyber insurance can and can't do for enterprises that suffer data breaches

9 out of 10 CIOs admit new EU data law will leave them exposed (Information Age) CIOs lack confidence in the security of their current data sharing processes, while board-level priorities don’t match up to reality

Symantec pops on an RBC upgrade to Outperform (Seeking Alpha) Declaring Symantec (NASDAQ:SYMC) to be a "value stock that doesn’t have to get a lot right for shares to move higher," RBC's Matthew Hedberg has upgraded the security software vendor to Outperform

Why Cisco is winning the IoT race (MicroScope) Everyone is vying for a spot in the Internet of Things things race. How has Cisco managed to take pole position?

Cisco Lights a Fire in Its Security Business (eWeek) In 2013, Cisco acquired Martin Roesch's company Sourcefire for $2.7 billion, and since then Sourcefire's technology has become a foundation for Cisco's network security portfolio. Today, Roesch is still with Cisco, serving as vice president and chief architect of Cisco's Security Business Group

Cisco, McAfee drop security appliance market share in 2015 (Infotechlead) Enterprise networking major Cisco has dropped its security appliance market share to 16.2 percent in 2015 from 17.4 percent in 2014, according to IDC. The gainers in the security appliance market were Check Point, Palo Alto Networks and Fortinet. Check Point, the #2 security appliance vendor, increased market share marginally to 12.8 percent from 12.7 percent

IBM Job Cuts Affect 14,000 Workers, Analyst Firm Estimates (InformationWeek) Financial analyst firm Bernstein has estimated that at least 14,000 workers will be affected by IBM's Q1 job cuts. IBM has declined to provide details on the size of a "workforce rebalancing" effort, which employees have said began March 2

Drake Resources Ltd heads for clearer air with Israeli cyber security acquisition (Proactive Investors Australia) Drake Resources Ltd (ASX:DRK) will head for fairer climes with a proposal to acquire an Israeli cyber security firm Genome Technologies Ltd for A$11,000,000

ISACA Acquires Global Capability Maturity Leader CMMI® Institute (BusinessWire) Acquisition expands opportunities to help organizations optimize their use of technology, increase stakeholder value and improve business performance

Investing in Security's Future (BankInfoSecurity) Security veterans join new venture capital firm

Products, Services, and Solutions

Security Training for Incident Handlers: What’s Out There? (IBM Security Intelligence) Information technology, and especially information security, is a quickly evolving playing field. Those working in incident handling and incident response always need to stay on top of what’s new and what is trending in their area of expertise

Damballa Failsafe to Provide Deeper Visibility into Threat-Related Network Activity (BusinessWire) New Failsafe 6.2 adds retroactive analysis, greater throughput, and policy integration to help customers accelerate and automate their threat response

A Sentinel That Cuts Through Clutter (BloombergBusiness) Darktrace’s software studies a network’s pattern of life

Technologies, Techniques, and Standards

NASAA Updates Exams to Test Social Media, Cyber Smarts (ThinkAdvisor) BD agents, IA reps taking the Series 63, 65 and 66 exams will be tested on data protection and social media starting July 1

IAITAM Warns U.S. Corporations, Gov't Agencies: Don't Be The Next San Bernardino County, Get Your Employee Mobile Devices Under Control Now (PRNewswire) Expert believes "a quarter to a third" of U.S. corporations, cities, counties, state & Federal agencies have same "sloppy and dangerous" approach to mobile device management (MDM) as county employer of suspected terrorist

How to stay ahead of cyber criminals in the data breach era (The Next Web) It’s no secret that cyber attackers are becoming increasingly sophisticated, stealthy, and motivated

Has your network been compromised? Use RITA to find out (Help Net Security) Have you heard about RITA? Real Intelligence Threat Analysis is a an open source tool – a framework, actually – aimed at helping organizations find malicious activity on their network

Tips for Improving Your Online Security: “Out-of-wallet” security questions are not as secure as you think (Journal of Financial Planning) Cybercriminals continue to steal extensive amounts of personal data with alarming regularity

The terrifying connection between malware, Google Search Console, rogue subdomains and AdWords (Search Engine Land) In the midst of a malware emergency or want to ensure you never have to deal with one? Columnist Glenn Gabe provides recommendations based on his experience helping clients with security situations

Design and Innovation

Fostering a Culture of Innovation Across Government through Acquisition Innovation Labs (The White House) Today, we announced a new initiative to accelerate the establishment of Acquisition Innovation Labs in Federal agencies

NSA sniffing around Skunk Works to help acquisition process (Federal News Radio) Industrial base concerns are plaguing the Defense Department, especially the National Security Agency, as the organization is trying to shift its acquisition strategies for the future

Forget fingerprints, ears are so next season in biometrics (Naked Security) We’ve had our fingers, voices and irises scanned, but there’s now a new biometric en vogue – ears

Research and Development

Army, Silicon Valley to tackle social media challenge (Defense Systems) The Defense Department’s latest foray in its developing partnership with the Silicon Valley on innovative projects is looking to ways to contend with how adversaries use of social media against U.S. interests

Academia

National Collegiate Cyber Defense Competition kicks off (Homeland Preparedness News) The 2016 National Collegiate Cyber Defense Competition (NCCDC) kicked off on Friday to showcase college students from more than 180 schools in a contest to determine who best protects their computer network against real-world cyber attack scenarios

Halting Hackers From Sabotaging Computer Systems (CSUF News Center) CSUF Center Experts Study Cyberthreats

Legislation, Policy, and Regulation

Indian cabinet approves cyber security deal with UAE (Khaleej Times) The agreement would pave the way for both countries cooperating mutually in combating cyber crime, particularly through coordination and exchange of information in relation with cyber crime and training in cyber crime investigation, an official statement said

Senate Intel encryption bill could come next week (The Hill) The chairman of the Senate Intelligence Committee says a bill to give law enforcement access to encrypted data could come as early as next week

Senate bill will impose fines on tech companies that refuse to unlock smartphones (ZDNet) The bipartisan bill, set to be formally announced next week, will force tech firms to help law enforcement bypass encryption or face hefty fines

US Anti-Encryption Legislation Is Imminent: Report (InformationWeek) US Senators Feinstein and Burr are preparing legislation that would punish tech companies that refuse to cooperate with investigators, Reuters reports. French lawmakers recently backed a similar mandate that goes one step further by threatening jail time for execs who don't cooperate with law enforcement

Intel Security Guru Says Regulating Encryption Is Difficult (Fortune) Encryption is really just math, and is not a moral issue

Senate bill wants DHS to help states fight hackers (The Hill) A new bipartisan Senate bill aims to give state and local governments access to the federal resources to combat cyber crime

With Power Plants Getting Hacked, Senate Looks For Ways To Keep The Lights On (Foregin Policy) A new measure is designed to make it harder for cyber attackers to take down the nation's electrical grid, but will it do more harm than good?

FCC wants ISPs to get customer permission before sharing personal data (IDG via CSO) The proposed rules would also require broadband providers to report data breaches

Surprise! NSA data will soon routinely be used for domestic policing that has nothing to do with terrorism (Washington Post) A while back, we noted a report showing that the “sneak-and-peek” provision of the Patriot Act that was alleged to be used only in national security and terrorism investigations has overwhelmingly been used in narcotics cases

‘Must Haves’ & ‘Must Dos’ For The First Federal CISO (Dark Reading) Offensive and defensive experience, public/private sector know-how, 'mini-NSA' mindset and vision are top traits we need in a chief information security officer

Corps’ acquisition arm pursues accelerated cyber acquisition to respond to needs of force (DVIDS) Marine Corps Systems Command is tackling cyber acquisition head-on with enhanced oversight and governance, and new streamlined processes to better respond to the needs of the force

Presidential Candidates Get Graded On Their Cybersecurity Stances (Dark Reading) Trump, Clinton, Sanders, Cruz, Rubio, Kasich, are all unified when it comes to blaming China -- but no one gets higher than a "C" average grade in any category

Litigation, Investigation, and Law Enforcement

Apple and the Justice Department enter the ‘open hostilities’ phase of iPhone unlocking case (TechCrunch) A 43-page rebuttal from the Justice Department today characterized Apple’s earlier response to an iPhone unlocking request as ‘corrosive’. Shortly thereafter, an Apple press conference attended by TechCrunch provided a rejoinder from two Apple executives, including General Counsel Bruce Sewell, who said that “the tone of the brief reads like an indictment"

Feds fire back on San Bernardino iPhone, noting that Apple has accommodated China (Ars Technica) Also, DOJ says failed iCloud backup irrelevant as it's a poor substitute for phone

U.S. Attorney General defends FBI case against Apple on Stephen Colbert’s show (TechCrunch) As the iPhone unlocking case becomes more heated, United States Attorney General Loretta Lynch went on late night television to defend the Federal Bureau of Investigation’s stance

Watch how easy it is for someone to hack your iPhone (TechCrunch) With all the hoopla surrounding the FBI-Apple controversy, it may surprise you how easy it is to hack into an iPhone

Can the Apple code be misused? (Errata Security) The government is right that the software must be signed by Apple and made to only work on Farook's phone, but the situation is more complicated than that

Facebook in Germany: definitely NOT a “Like” (Naked Security) It’s one of the world’s most well-known icons. It’s experienced by hundreds of millions of people every day. It’s Facebook’s Like button – and it’s at the heart of Europe’s newest data privacy controversy

Feds want convicted journalist to serve 5 years, his lawyers ask for no prison time (Ars Technica) DOJ: 40-minute hack was "an online version of urging a mob to smash the presses"

Man jams “annoying” fellow commuters’ phone signals, gets charged with felony (Naked Security) A Chicago man has been accused of jamming his fellow train passengers’ “annoying” phone signals as part of a morning ritual that lasted months before he was caught with his contraband, five-antenna jammer on Tuesday

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

The Atlantic Council's Cyber 9/12 Student Challenge (Washington, D.C. USA, March 11 - 12, 2016) Now entering its fourth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges...

SANS 2016 (Orlando, Florida, USA, March 12 - 19, 2016) It is time we unite, join forces, and show that if we work together, we can make a measurable difference in security. It is our pleasure to announce that SANS 2016 is back in Orlando, Florida March 12-21 ...

CONAUTH/EKMS/COMSEC Information Sharing and Key Management Infrastructure (ISKMI) 2016 (Waikiki, Hawaii, USA, March 14 - 18, 2016) The ISKMI will draw global-wide participation and Allied (Five Eyes and NATO) attendees. Information sharing will be centralized to Key Management Infrastructure (KMI), Cryptographic Modernization (CM),...

Pwn2Own 2016 (Vancouver, British Columbia, Canada, March 16 - 17, 2016) Since its inception in 2007, Pwn2Own has increased the challenge level at each new competition, and this year is no different. While the latest browsers from Google, Microsoft, and Apple are still targets,...

Insider Threat Symposium & Expo™ (San Antonio, Texas, USA, March 17, 2016) The Insider Threat Symposium & Expo was created in the wake of the recent data breaches affecting the U.S. Government (WikiLeaks, NSA Breach), and the continued damaging and costly insider threat incidents...

ICCWS 2016 (Boston, Massachusetts, USA, March 17 - 18, 2016) ICCWS 2016 will cover the complex but exciting aspects of international cyber warfare and security

CISO Summit France (Paris, France, March 22, 2016) A forum for innovative IT thought leaders across France. Despite economic instability in the euro zone amid an on-going global financial crisis, IT spending worldwide is expected to increase in the coming...

Risk Management Summit (New York, New York, USA, March 22 - 23, 2016) The Business Insurance Risk Management Summit is a unique two-day conference serving the information and networking needs of senior risk managers, benefits managers and related decision makers from the...

Artificial Intelligence and Autonomous Robotics (Clingendael, the Netherlands, March 23 - 24, 2016) Artificial Intelligence (AI) has been a feature of science fiction writing for almost a century, but it is only in more recent years that the prospect of truly autonomous robotics — even those that...

International Consortium of Minority Cybersecurity Professionals (ICMCP) Inaugural National Conference (Washington, DC, USA, March 23 - 24, 2016) The conference will focus on the public, private and academic imperatives necessary to closing the growing underrepresentation of women and minorities in cybersecurity through diversification of the workforce.

Commonwealth Cybersecurity Forum 2016 (London, England, UK, March 23 - 24, 2016) The Commonwealth, built on consensus and mutual support, is an ideal platform to build international cooperation on various aspects of cybersecurity. CTO's Commonwealth Cybersecurity Forum brings together...

Black Hat Asia 2016 (Singapore, March 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two...

SecureWorld Boston (Boston, Massachussetts, USA, March 29 - 30, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Insider Threat Summit (Monterey, California, USA, March 29 - 30, 2016) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical...

TU-Automotive Cybersecurity USA 2016 (Novi, Michigan, USA, March 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem.

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

Women in Cyber Security 2016 (Dallas, Texas, USA, March 31 - April 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.