skip navigation

More signal. Less noise.

Recorded Future

Get threat intelligence on hackers and vulnerabilities FREE every day with the Recorded Future Cyber Daily. Sign up today.

Daily briefing.

Social media remain a field for conflict among states and aspiring states, as ISIS resumes its push to inspire the disaffected, and disturbing levels of pro-Russian trolling resume in the Baltic States.

Pakistan considers its long-term interests in cyberspace as Google removes an app—SmeshApp—Pakistan's ISI allegedly used in espionage against Indian targets.

Anonymous undertakes an animal-rights campaign against Japanese targets.

Preliminary reports on the hack of Bangladesh's central bank suggest that the thieves were patient and sophisticated, covering their tracks and planting malware intended to support the apparent legitimacy of their fraudulent transactions. Reports differ on how much was stolen—they range from a low of $81 million to high of $101 million—but the crooks aimed much higher.

The US FBI is said to be assisting authorities in Bangladesh with the investigation. Suggestions that biometric data required to authenticate transactions were properly provided have, among other suspicions, moved Bangladesh's finance minister to assert that bank officials were complicit in the crime.

Administrators of the finance industry's SWIFT messaging system are working to reinforce recommended security measures with banks that use the system.

Pwn2own wrapped up last week. Observers see an increased interest in achieving privilege escalation by exploiting OS kernel flaws.

Late last week the Department of Justice asked for an evidentiary hearing in the case of the San Bernardino jihadist's iPhone. Apple is said to regard this as a sign that the Justice Department is losing confidence in its case. Hearings are set for this week.

Notes.

Today's issue includes events affecting Bangladesh, Bahrain, Canada, China, Estonia, European Union, India, Iran, Iraq, Israel, Japan, Kuwait, Latvia, Lithuania, Oman, Pakistan, Saudi Arabia, Syria, United Arab Emirates, United Kingdom, United States, and Yemen.

The CyberWire is pleased to welcome new research partners Level(3) and QuintessenceLabs. See our full list of research partners here.

2016 National Conference of Minority Cybersecurity Professionals (Washington, DC, March 23 - 24, 2016) The landmark ICMCP conference will elevate the national dialogue on the necessary measures needed to attract and develop minority cybersecurity practitioners to address the cross-industry cybersecurity skills shortage.

Women in Cybersecurity (WiCYS) 2016 (Dallas, TX, March 31 - April 2, 2016) The 3rd annual conference brings together women (students, faculty, researchers, professionals) in cybersecurity from academia, research organizations and industry for the sharing of knowledge and experience, networking and mentoring.

Cyber Attacks, Threats, and Vulnerabilities

The Baltic Elves Taking on Pro-Russian Trolls (Daily Beast) What at first looked like as a social-media grudge match could be a precursor to invasion, war, and resistance in the Baltics

Experts: IS expanding its global reach through social media (Jakarta Post) Law enforcement officials believe the San Bernardino massacre and a stabbing attack on a California college campus were done by lone wolves inspired by the Islamic State group, and counterterrorism experts say both show how the organization is expanding its reach through social media

Google Removes SmeshApp Allegedly Used by Pakistan’ ISI to Spy on Indian military (Hack Read) The rivalry between India and Pakistan is known to the whole world with militaries of both countries at war for several times after getting independence from the Brits — Now the tools of battle are changing and governments are relying on the cyber warfare

Anonymous Leak Data from Japan’ Safari Land-Natural Zoo For Animal Rights (Hack Read) Karmasec from Anonymous Leaked a Trove of Data from Japanese Prefecture to Raise Voice Against Animal Cruelty in the Country

Hackers attack Switzerland’s largest party, claim huge personal data theft (Russia Today) A hacker group claims to have cracked the database of Switzerland’s largest political party, the conservative Swiss People’s Party (SVP) and stolen the personal data of over 50,000 people, including the names and email addresses of SVP supporters

America accuses Iran of hacking the dam, cyber-squirrels rejoice (Engadget) While America is worrying about nation states, our infrastructure is being terrorized by rodents

How cyber criminals targeted almost $1bn in Bangladesh Bank heist (Financial Times) The printer failure that greeted Jubair Bin Huda, joint director for accounts at Bangladesh’s central bank, when he went to its Dhaka headquarters one morning last month was frustrating but not particularly alarming

Hackers Stalked Bangladesh Bank for Two Weeks Before Big Heist (Bloomberg) Hackers who stole $101 million from Bangladesh’s central bank stalked its computer systems for almost two weeks beforehand, according to an interim investigation report seen by Bloomberg

Bangladesh Central Bank 'Complicit' in Heist: Minister (Security Week) The Bangladesh finance minister has accused central bank officials of being complicit in an audacious $81 million theft from an overseas account, in an interview with a leading Bengali newspaper published Friday

Bangladesh gets FBI help on bank heist, cyber expert missing (Reuters) Bangladesh police met an official of the U.S. Federal Bureau of Investigation (FBI) in Dhaka on Sunday to try to track down culprits in an attempted $951 million cyber heist from the country's central bank

Exclusive: SWIFT to advise banks on security as Bangladesh hack details emerge (Reuters) The SWIFT messaging system plans to ask banks to make sure they are following recommended security practices following an unprecedented cyber attack on Bangladesh's central bank that yielded $81 million, a spokeswoman for the group told Reuters on Sunday

Android adware infiltrates devices’ firmware, Trend Micro apps (Help Net Security) Dubbed Gmobi by Dr. Web researchers, the malware comes in the form of a software development kit (SDK), and has been found in several legitimate applications by well-known companies, as well as in firmware for nearly 40 mobile devices

275 million Android phones imperiled by new code-execution exploit (Ars Technica) Unpatched "Stagefright" vulnerability gives attackers a road map to hijack phones

A VAST Malvertising Attack (Proofpoint) On March 13, 2016, Proofpoint researchers observed a large malvertising campaign hitting many highly-ranked websites including MSN.com, foxnews.com and many others. We also surmised (and later confirmed) that there was a video malvertising involved in this campaign

Malvertising Gets Nastier with Fingerprint Technique (eSecurity Planet) Malvertising attacks get more targeted, tougher to detect with fingerprinting

Lenovo Startpage Pushed Angler (F-Secure) Based on upstream detection reports from our customers… it appears that a Lenovo related website was compromised on March 13th. For some (relatively short) period of time, the portal site “startpage.lenovo.com” redirected visitors towards the infamous Angler exploit kit – a source of no small amount of crypto-ransomware

Security Alert: TeslaCrypt 4.0 – Unbreakable Encryption and Worse Data Leakage (Heimdal) Confirming the trends that security specialists have been announcing for 2016, a new version of Teslacrypt has just been launched

Locky Ransomware Infecting 90,000 Systems Daily (Credit Union Times) Ransomware is quickly becoming a mainstream form of malware, according to the Clearwater, Fla.-based cybersecurity firm KnowBe4, and one driving factor is the significant amount of cash being racked up by the notorious Dridex banking Trojan gang with its new Locky strain

ICIT: Ransomware will 'wreak havoc' in 2016; healthcare already 'relentlessly' targeted (FierceHealthIT) Report authors say hospitals need improved training, awareness

FBI investigating cyber-attack at Methodist Hospital in Henderson (WAVE3) A cyber security breach, striking Methodist Hospital in Henderson. We're learning the FBI is investigating this right now, but there's some good news

Pwn2Own contest highlights renewed hacker focus on kernel issues (IDG via CSO) All Pwn2Own exploits this year achieved privilege escalation, mostly through OS kernel flaws

The next generation of APTs: Highly successful but surprisingly simple (SecurityBrief) The number and reach of cyber threats continues to grow, and while reports of increasing sophistication and complexity dominate the news, some of the most highly targeted attacks are surprisingly simple

95% of HTTPS Servers Vulnerable to Trivial MTM Attacks (Information Security Newspaper) Only 1 in 20 HTTPS servers correctly implements HTTP Strict Transport Security, a widely-supported security feature that prevents visitors making unencrypted HTTP connections to a server

Johns Hopkins researchers poke a hole in Apple’s encryption (Washington Post) Apple’s growing arsenal of encryption techniques — shielding data on devices as well as real-time video calls and instant messages — has spurred the U.S. government to sound the alarm that such tools are putting the communications of terrorists and criminals out of the reach of law enforcement

PIN problems: our smartphones aren't as safe as we think (Techradar) TouchID hacked using Play Doh - is phone security really that fragile?

Bitcoin Trading Platform BitQuick down 2 to 4 Weeks after Cyber Attack (CryptoCoinNews) In light of the recent Cryptsy debacle where millions of dollars worth of Bitcoin and other cryptocurrencies went missing after a malicious attack, another cryptocurrency exchange in BitQuick has become victim to hackers

Edmonton-area River Cree Resort and Casino hit by cyberattack (Edmonton Journal) A cyberattack at the River Cree Resort and Casino in Enoch resulted in the theft of customer and employee information

Security Patches, Mitigations, and Software Updates

Critical FreeBSD bug squashed (Register) Time to upgrade, Unix-like OS-havers

Cyber Trends

Cyber war — bigger than ever — is here to stay (Washington Post) When the widely respected national security mandarin Robert Gates was appointed secretary of defense in late 2006, his daily intelligence reports on the cascade of cyberattacks directed against the United States left him incredulous

How the United States Learned to Cyber Sleuth: The Untold Story (Politico) A secret Moscow meeting, a disappeared general and the start of modern cyber-war

Demand for advanced DDoS mitigation on the rise (Help Net Security) The increasing popularity of DDoS attacks as a tool to disrupt, harass, terrorize and sabotage online businesses is boosting demand for mitigation solutions. In the face of universal vulnerability to attacks, end users are looking for cost-effective solutions that can defend against the most sophisticated and large scale attacks

Data Security Trends: Shifting perceptions on data security (Dell) Business and IT decision makers are finally carrying the banner of data security, recognizing not only the safety it brings, but also the opportunity

IoT Security Could Crack Quickly In The Quantum Era (InformationWeek) Internet of Things security is only beginning to get serious attention. However, it might already be too late. In the era of quantum computing, the fragile security that protects IoT devices may crumble faster than you think

IT Pros Are Choosing Between Productivity and Security (Infosecurity Magazine) In an era where operational agility can be a significant differentiator, IT shops face a dilemma: should they adopt security systems that tend to slow down networks and processes with inspections and filtering, or apply a lighter security framework in the name of productivity?

GCC firms to spend $1b on cyber security by 2018 (Khaleej Times) 'GCC organisations are among the world's most advanced in deploying solutions that proactively protect devices, user information, and corporate data'

Lessons for Pakistan on how to gear up for cyber security (Express Tribune) While Middle East countries have faced humanitarian disasters spawned by Syria and Yemen since time immemorial, a greater problem now faces these countries; cyber-crime

English language used the most for cyber attacks: Report (International Business News) English language was the highest spam sending language in 2015 with 84.1 per cent spammers using it for cyber-attack followed by Chinese (2.6 per cent) and German (1.7 per cent) on second and third spots, a report by Trend Micro Incorporated said

Marketplace

Cyber security in 2016: 4 of the biggest and most notable cyber security acquisitions so far this year (Computer Business Review) 2015 saw several large IPOs in the cyber security sector, including Sophos and Rapid7. This year has already seen several big companies buying up smaller, privately held firms as they look to plug the gaps in their solutions

What Does a Typical Fortune 100 CISO Look Like? (SecurityWeek) What does a CISO look like? You may think that's a tough question--and it is. But the folks at cybersecurity firm Digital Guardian have done some research and profiled the typical CISO at a Fortune 100 enterprise

Comodo CEO Doubles Down on Security Disclosure (eWeek) Melih Abdulhayoglu, Comodo CEO and chief security architect, discusses how he wants to work with researchers like Google Project Zero

Q&A: Symantec CEO On Split, New Security-Focused Channel Vision And Apple Vs. FBI (CRN) It's only March, but 2016 has already been a busy year for Symantec

Apple Hires Corporate Security Chief Amid Legal Battle With FBI (Fortune) Addition comes as the tech giants battles with the FBI over iPhone data

Microsoft adds OneDrive to bug bounty program (IT News) Will pay up to $19,700

Products, Services, and Solutions

Cylance® Partners With CoreSec to Bring CylancePROTECT® to the Nordics (Cylance) Partnership will enable government and enterprises in the Nordics for the first time to stop cyber-attacks before they ever execute

Siemens Unveils 3 Cybersecurity Ops Centers for Industrial Facility Protection (ExecutiveBiz) Siemens logoSiemens has unveiled three Cyber Security Operations Centers located in Milford, Ohio, in the U.S. and in Lisbon, Portugal, and Munich, Germany, for industrial facilities protection

Siemens eröffnet Cyber Security Operation Center (Computer-Automation) Siemens hat in Lissabon, München und Milford (Ohio/USA) 'Cyber Security Operation Center' (CSOC) für Dienstleistungen zum Schutz von Industrieanlagen eröffnet

Swiss encrypted email service now available to the public (FierceCIO) ProtonMail, an encrypted email startup based in Switzerland, announced its public launch Thursday. The free email service, which has been in beta since May 2014, is now accepting registrations from the general public

Comodo's "default deny" approach keeps known and unknown malware from endpoints (Network World) Many endpoint protection solutions allow files to open if they are not confirmed as malicious. Comodo denies unknown files access until they are proven to be benign

Visualizing the Entire Attack Surface (BankInfoSecurity) Skybox Security CEO Gidi Cohen on the Evolution of Total Visibility

iGov and NIKSUN Partner to Provide Critical Technology for DISA JRSS (PRNewswire) iGov, a Federal Systems Integrator (FSI) and Value Added Reseller (VAR), headquartered in Reston, VA, together with NIKSUN, an industry leader in providing a suite of scalable, forensics-based cyber security and network performance monitoring solutions, are pleased to announce their work to support the Defense Information Systems Agency (DISA) and the Department of Defense (DoD) by providing a turn-key capability to satisfy DISA Joint Regional Security Stack (JRSS) requirements for full packet capture (FPCAP), analysis and retention

Eris Industries and Ledger Partners for a Secure Blockchain (Bitcoin News Service) Eris Industries and Ledger have partnered together to provide fast, secure and easy to use blockchain solution to the clients

Technologies, Techniques, and Standards

Detect observation and evade theft of sensitive data (Help Net Security) In this interview [Jacob Torrey] talks about architectural tells that can be utilized to detect the presence of analysis tools, and offers practical tips for researchers

How to better protect your Google account with Two-Step Verification (2SV) (Graham Cluley) Enable 2SV on your Gmail, YouTube, Google Docs and other Google accounts

Toolkit boosts Army network visibility, cybersecurity compliance (GCN) The Army is adopting tools to give soldiers greater network visibility to fight off hackers

Robocalls: where is RoboCop? (We Live Security) Some years ago I came across the story – I can’t say whether it’s true – of a decommissioned server that, at the time it was powered down for good, still had a task left unfinished after something like seven years

Hackers crack OS X, Windows, web browsers' security to net $460,000 (Register) Tencent Security Team Sniper crowned Master of Pwn

Microsoft and Apple get a whupping in Pwn2Own 2016 (ITWire) The annual Pwn2Own security-busting competition took place last week, revealing a total of 20 new vulnerabilities

Israel Cyber Cadets Train on Harry Potter-Inspired Battlefield (Bloomberg) The Israeli military’s elite Cyber Command is honing its skills at Hogwarts

Design and Innovation

MIT, Harvard researchers push new way for users to control access to personal data (Computerworld) Called Sieve, the approach could pose challenges to companies storing users' personal data and government searches

Opinion: Why End User Devices are Locked Down For Security, and Why They Have To Be (XDA Developers) I started cutting my teeth on Android here on XDA back in the days of rocking a Kyocera Zio

Privacy by Design: What it is and where to build it (Help Net Security) People tend to think about privacy in terms of the individual, but it is also critically important for the proper functioning of any business organization

Research and Development

Georgia Tech to Conduct C4I & Cyberspace Tech Research Under $84M Navy Contract (GovConWire) Georgia Tech Research Institute has landed a $84.5 million sole-source contract from the U.S. Navy to conduct research as a Defense Department university affiliated research center

Academia

Hacker High School Teaches Cyber Security Skills To Teens (Forbes) High school students thinking about a college education and career in the cybersecurity field may want to begin preparing now

Legislation, Policy, and Regulation

China calls for FBI cooperation in internet security, counter-terrorism (Reuters) China wants to have deeper internet security, anti-terrorism and corruption cooperation with the United States, Chinese security officials told the visiting director of the FBI, state news agency Xinhua said

No More Safe Harbor (Harvard Political Review) I accept the terms and privacy policy

Is the New Post-Safe Harbor Data Privacy Law a Silver Bullet or a First Step? (Nextgov) On Feb. 24, President Obama signed into law the Judicial Redress Act

Bank of England teams with new UK cyber security outfit (Stack) In its first project the UK’s new national cyber security centre will work with the Bank of England, according to a government announcement

A UK Surveillance Bill that Allows Government Hacking Has Passed Its First Legislative Hurdly (Nextgov) The Investigatory Powers bill, which will grant the British government broad powers to collect user data and hack communications systems and networks, has passed its first legislative hurdle. Parliamentarians voted overwhelmingly in favor of the bill yesterday (Mar. 15), with 281 “ayes” to 15 “noes"

The threat of cyberterrorism (Dawn) Over three billion users access the internet today, compared to a measly 400 million in 2000

Can tech community battle Islamic State online without breaking the Web? (Christian Science Monitor Passcode) At the South By Southwest Interactive festival this week, privacy advocates and technologists looked for ways to knock Islamic State militants offline without compromising free speech

Strong Intelligence Oversight Can Happen Within the Executive Branch (Just Security) That the American public is divided on the current showdown between Silicon Valley and the national security state is to be expected

DoD, Intel Leaders Partner on Space Capabilities (DoD News) Space is crucial to U.S. national security, and the Defense Department and intelligence agencies are working together well to ensure the United States dominates that domain, officials told the House Armed Service Committee’s strategic forces subcommittee March 15

New Jersey Utility Board Mandates Cybercrime Prevention (MobiPicker) The New Jersey Board of Public Utilities announces that they adopted a new set of regulations and policies against cyber attacks to different sectors such as the state’s electricity, natural gas, water and wastewater utilities

Litigation, Investigation, and Law Enforcement

US government pushed tech firms to hand over source code (ZDNet) Obtaining a company's source code makes it radically easier to find security flaws and vulnerabilities for surveillance and intelligence-gathering operations

Long Before the Apple-FBI Battle, Lavabit Sounded a Warning (Wired) Three years ago, Ladar Levison, the founder of the now-defunct secure email service known as Lavabit, was in the same position Apple finds itself today: facing off against a formidable government foe with unlimited resources and an aggressive determination to break his tech company’s defiance

Apple sees weakness in FBI hearing request (CSO) Last minute request for witnesses could indicate a change in FBI thinking, says Apple

The Feds Are Wrong to Warn of “Warrant-Proof” Phones (MIT Technology Review) Throughout history, communications have mainly been ephemeral. We need to be sure we can preserve that freedom

Why the NSA shouldn’t crack the San Bernardino shooter’s iPhone for the FBI (BGR) The iPhone 5c that belonged to San Bernardino shooter Syed Farook is susceptible to certain malicious attacks that could get the FBI what it wants: unrestricted access to a device that might hold some evidence linking the shooter to other potential suspects

Former Homeland Security Chief Talks Apple, FBI, And Encryption (Fortune) Michael Chertoff sits down with Fortune to talk Apple, the FBI, and data

Hillary Clinton Failed to Acknowledge the Security Risk of Using a Smartphone to Conduct Government Business, Report Claims (Inquisitr) A new report claims that, although officials warned Hillary Clinton that using a smartphone to conduct government business was a security risk, she failed to take heed to the warning and did it anyway

Will Hillary get charged, or what? (New York Post) FBI chief James Comey and his investigators are increasingly certain presidential nominee Hillary Clinton violated laws in handling classified government information through her private e-mail server, career agents say

ZTE Document Raises Questions About Huawei and Sanctions (New York Times) When the United States government punished ZTE of China this month, saying it had done business with Iran, it released internal company documents that it said detailed how the electronic equipment maker had done it — and that also suggested the problem might not be limited to one Chinese company

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Rock Stars of Risk-based Security (Washington, DC, USA, April 12, 2016) Virtually every company will be hacked, and today, experts accept that a 100% security solution is not feasible. Advanced risk assessment and mitigation is the order of the day. Rock Stars of Risk-Based...

Upcoming Events

CISO Summit France (Paris, France, March 22, 2016) A forum for innovative IT thought leaders across France. Despite economic instability in the euro zone amid an on-going global financial crisis, IT spending worldwide is expected to increase in the coming...

cybergamut Tech Tuesday: Providing Consistent Security Across Virtual and Physical Workloads (Elkridge, MD, Calverton, March 22, 2016) Data centers today are being tasked with many more requirements. This has been increasing as companies leverage server virtualization in new ways. This has made the data center a rich source of information...

Risk Management Summit (New York, New York, USA, March 22 - 23, 2016) The Business Insurance Risk Management Summit is a unique two-day conference serving the information and networking needs of senior risk managers, benefits managers and related decision makers from the...

International Consortium of Minority Cybersecurity Professionals (ICMCP) Inaugural National Conference (Washington, DC, USA, March 23 - 24, 2016) The conference will focus on the public, private and academic imperatives necessary to closing the growing underrepresentation of women and minorities in cybersecurity through diversification of the workforce.

Artificial Intelligence and Autonomous Robotics (Clingendael, the Netherlands, March 23 - 24, 2016) Artificial Intelligence (AI) has been a feature of science fiction writing for almost a century, but it is only in more recent years that the prospect of truly autonomous robotics — even those that...

Commonwealth Cybersecurity Forum 2016 (London, England, UK, March 23 - 24, 2016) The Commonwealth, built on consensus and mutual support, is an ideal platform to build international cooperation on various aspects of cybersecurity. CTO's Commonwealth Cybersecurity Forum brings together...

Black Hat Asia 2016 (Singapore, March 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two...

TU-Automotive Cybersecurity USA 2016 (Novi, Michigan, USA, March 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem.

Insider Threat Summit (Monterey, California, USA, March 29 - 30, 2016) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical...

SecureWorld Boston (Boston, Massachussetts, USA, March 29 - 30, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

Women in Cyber Security 2016 (Dallas, Texas, USA, March 31 - April 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional...

SANS Atlanta 2016 (Atlanta, Georgia, USA, April 4 - 9, 2016) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts...

Billington CyberSecurity INTERNATIONAL Summit (Washington, DC, USA, April 5, 2016) On April 5, in Washington, D.C., join leading cybersecurity officials from across the globe at the Billington CyberSecurity INTERNATIONAL Summit to engage in an intensive information exchange between leading...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.