Germany's rough week continues, as Deutsche Telekom recovers from the evolved Mirai botnet that disrupted service Sunday. Flashpoint researchers confirm the denial-of-service attack was Mirai-based, and that the botmasters appear to be trying to rope in more devices. Germany leads infections by a wide margin, but there are also significant infestations in the UK, Brazil, Iran, and Thailand.
One of the alleged botmasters, "BestBuy" (who's in cahoots with "Popopret"), has been chatting with Motherboard, to whom he (she? they?) boasts of the ease with which control of the bots was wrested from other criminals. BestBuy also says sorry to Deutsche Telekom customers—they didn't mean any trouble.
German Chancellor Merkel says it's not yet known who the attackers were, but she and other German politicians are clearly looking east, toward Russia. (We note, for what it's worth, that BestBuy communicates in the kind of scriptwriter's broken English favored by the Shadow Brokers.)
Germany's other bad news concerns the arrest of a BfV domestic intelligence officer alleged to be an ISIS mole feeding the Islamist group information and helping plan terror attacks. His thinly pseudonymous social media activity brought him under suspicion.
ISIS has, in its online propaganda, now officially claimed the Ohio State attacker as its soldier. In a separate case, a young man pleads guilty to US Federal terrorism charges; his allocution describes the effect of ISIS inspiration.
A new Android malware strain, "Gooligan," is out in the wild. A million Google accounts are thought to have been breached.
Today's issue includes events affecting Brazil, Canada, Germany, Iran, Iraq, Israel, Ivory Coast, Morocco, Philippines, Russia, Syria, Thailand, United Kingdom, United States.
ON THE PODCAST
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our newest research partners, as Lancaster University's Awais Rashid introduces his university's program and tells us what they're working on. We'll also have as our guest Omri Iluz from PerimeterX, who'll offer some perspective on protecting yourself against bots engaged in DDoS, content scraping, price scraping, scalping, and other bad things.
A special edition of our Podcast up is up as well—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.
As always, if you enjoy the podcasts, we invite you to please consider giving it an iTunes review.
AlienVault USM Webcast(Live Webcast, December 1, 2016) Find threats lurking on your systems with host-based intrusion detection and AlienVault USM.
Was beim Router-Angriff passierte und hätte passieren können(Zeitungsverlag Waiblingen) Rund 900 000 Router der Deutschen Telekom sind durch eine Cyber-Attacke lahmgelegt worden. Der Angriff ist vergleichsweise glimpflich verlaufen. Doch was hätte alles geschehen können - und wie sicher ist der Datenverkehr?
TR-069 NewNTPServer Exploits: What we know so far(SANS Internet Storm Center) TR-069 (or its earlier version TR-064) is a standard published by the Broadband Forum. The Broadband Forum is an industry organization defining standards used to manage broadband networks. It focuses heavily on DSL type modems and more recently included fiber optic connections. "TR" stands for "Technical Report". TR-069 is considered the Broadband Forum's "Flagship Standard".  Many ISPs and device manufacturers are members of the broadband forum
FBI, Homeland Security aid Muni on cyber attack(SF Bay) The Department of Homeland Security and the FBI are now working with San Francisco Municipal Transportation Agency after the transit agency was hit by a cyber attack sometime Friday, transit officials said
SF Muni hacker gets hacked... twice(Thrillist) There is no justice more poetic than that of a hacker who -- in the sweaty-palmed throes of hacking -- gets hacked. Unless he gets hacked a second time, that is
Why the Ransomware Attack on San Francisco Is Such a Big Deal(Veracode) The day after Thanksgiving saw the San Francisco Municipal Transportation Agency hit with a ransomware attack. The attacker demanded 100 bitcoins (about $73,000) to unlock the computer systems and ticketing machines. According to security journalist Brian Krebs, the SFMTA wasn’t targeted for political reasons – it was a target of opportunity discovered by an attacker looking for vulnerable systems using widely available tools
Cerber Spam: Tor All the Things!(Talos Intel) Talos is continuously analyzing email based malware always looking at how adversaries change and the new techniques that are being added on an almost constant basis. Recently we noticed some novel ways that adversaries are leveraging Google and Tor2Web proxies to spread a ransomware variant, Cerber 5.0.1
Semi-competent gang found pushing new VindowsLocker ransomware(SC Magazine) A cybercriminal gang is putting a new, and somewhat confusing, spin on the classic tech support scam using a new strain of ransomware to lock up a victim's computer and then asking the person to call a Microsoft customer support number for help
Tech support scammers up their game with ransomware(Malwarebytes) For those of us tracking tech support scams and seeing the evolution from cold calls, to fake alerts and eventually screen lockers, we knew what the next phase was going to be. And yet when it did happen, it still shocked us to see a ransom note with the photo of a technical support agent waiting for victims to phone in
What Is Ransomware and How Has It Evolved over the Years?(Colocation America) Ransomware is a type of malware (malicious software) that cyber criminals use to block people and businesses from accessing certain files on their computers or networks. The victims of such an attack either need to pay a ransom to unlock their files, or risk losing those files forever. The money is usually sent via an untraceable online currency, so the criminals never risk getting caught
NetWire RAT Back, Stealing Payment Card Data (Threatpost) The remote access Trojan NetWire is back and this time making the rounds pilfering payment card data. The move is a shift for attackers behind notorious NetWire, that was once thought to be the first multi-platform RAT
158% increase in Android platform vulnerabilities(Help Net Security) A new Quick Heal report reveals an increase in vulnerabilities on the Android platform, as well as a 33 percent rise in mobile ransomware. Researchers also found a slight decrease in Potentially Unwanted Applications (PUA) and adware, dropping by three percent and 12 percent respectively
2017 Cybersecurity Predictions: The Year We Get Serious About IoT Security(Palo Alto Networks) 2017 Cybersecurity Predictions: The Year We Get Serious About IoT Security
By Zoltan Deak and Joerg Sieber
November 29, 2016 at 5:00 AM
Category: Cybersecurity, Predictions Tags: 2017 predictions
This post is part of an ongoing blog series examining “Sure Things” (predictions that are almost guaranteed to happen) and “Long Shots” (predictions that are less likely to happen) in cybersecurity in 2017. Throughout 2016, cybersecurity moved more into the public eye than ever before. Hacks into the Democratic National Committee, BitFinex, Yahoo, Dropbox, LinkedIn, and Verizon were just a few of the high-profile security breaches that grabbed headlines this year
SMEs more prone, but still quite oblivious, to cyberattacks(Help Net Security) Despite governments, organizations and brands intensifying their cybersecurity awareness campaigns in recent years, as well as several recent high-profile attacks and security breaches, it seems that many small and medium business owners still fail to realize the extent of risk for their companies from hacking, phishing, denial-of-service, and other types of common attacks
Employees rely largely on personally owned mobile devices in the workplace(Help Net Security) Mobile device adoption in the workplace is not yet mature, found a recent survey from Gartner. Although 80 percent of workers surveyed received one or more corporate-issued devices, desktops are still the most popular corporate device among businesses, with more than half of workers receiving corporate-issued desktop PCs
Cybersecurity Snapshot: What’s Ahead in 2017(Investopedia) The digital revolution has brought cloud, the Internet of Things (IoT) and mobile technologies to the forefront of the global business world. While the new digital landscape offers increased flexibility, efficiency and capabilities to organizations worldwide, many are learning the hard way about a concurrent cyber risk
How Symantec Will Use LifeLock (LOCK, SYMC)(Investopedia) Symantec Corp. (SYMC) announced plans to acquire identity theft and fraud protection platform LifeLock Inc. (LOCK) earlier in November. The deal, worth $2.3 billion, is set to close by the end of the first quarter of 2017, and follows consolidation in the emerging next-generation cybersecurity space evolving to meet the demands of the Internet of Things (IoT), cloud and mobile revolutions
Cybersecurity startup reports strong growth(Wouth Florida Business Journal) Aventura-based startup Zenedge is charging forward in the cybersecurity space, reporting robust growth metrics following a $6.2 million Series C round earlier this year
Cryptography Enables Turnkey Security for Connected Devices(IoT Evolution) Developers of Industrial IoT (IIoT) and connected embedded systems can now design in an added level of trust while also bringing their products to market faster, according to a recent release from Maxim Integrated products
Tufin Orchestration Suite Now Available on AWS Marketplace(Yahoo! Finance) Tufin®, a market-leading provider of Network Security Policy Orchestration solutions, has joined the Amazon Web Services (AWS) Partner Network (APN) and made Tufin Orchestration Suite available on AWS Marketplace to increase visibility with AWS customers
BAE launches free cyber risk assessment tool(ITWire) BAE Systems has launched its free cyber risk assessment tool specifically aimed at Australian small business to help them prepare for “when, not if, they are breached"
Ooma introduces internet security with Zscaler(Telecompaper) Ooma introduced Ooma Internet Security powered by Zscaler, a US-based cloud-based internet security service that is designed to protect all devices connected to the home network. Ooma Internet Security provides security and threat detection by blocking viruses, malware and phishing attempts triggered by browsing the internet. It also provides users the choice to block many categories of potentially objectionable web content
Tips for businesses to avoid being the next big headline(Help Net Security) Data integrity breaches are set to send shockwaves throughout the world in 2017, with at least one almighty breach disclosure of this type expected next year, according to Jason Hart, CTO Data Protection, Gemalto
How can we secure IoT devices?(eGov Innovation) As IoT proliferates and goes mainstream, we are beginning to see the hacking of smart devices to launch targeted attacks. Beyond network security, how can we secure the IoT device itself? eGov Innovation speaks with Duke Sexton, Head of Advanced Solutions Group at Thales e-Security, on security by design, IoT security frameworks and establishing international standards
The Tor Phone prototype: a truly private smartphone?(Naked Security) The Tor Project has long offered high-security alternatives for folk who are especially concerned about their privacy. But as the world goes mobile, and is increasingly accessed through smartphones, users become vulnerable to a whole new set of compromises
House votes to strengthen cyber ties with Israel(Washington Examiner) House lawmakers voted overwhelmingly on Tuesday in favor of deepening collaboration with the Israeli government to strengthen the cybersecurity defenses of both countries on Tuesday
Islamic State: OSU attacker was 'soldier' of group(USA Today) The media arm of the Islamic State claimed Tuesday that the Ohio State student who crashed a car into campus crowd and then lashed out with a butcher knife was a "soldier'' of the terror group who heeded appeals to strike the U.S., and its allies
20-year-old says he planned ISIS terror attacks in Virginia, North Carolina(Washington Post) Justin Sullivan plotted to kill hundreds of people in North Carolina and Virginia on behalf of the Islamic State and wanted a silencer for a gun. So he had one built from a flashlight and delivered to the Morganton, N.C., house he shared with his parents. When his parents asked what he planned to do with it, he tried to have them killed
Ross Ulbricht’s Lawyers Say They’ve Found Another Corrupt Agent in Silk Road Case(Wired) For two and a half years, the black market bazaar known as the Silk Road tempted thousands of drug dealers and customers with promises of anonymous commerce—as well as at least two corrupt law enforcement agents who tried to profit from the dark-web-based business they were meant to be investigating. Now the defense team of the site’s creator says it’s found signs of a third rogue cop tied to the Silk Road’s drug money. And this one, they say, remains at large
New Details Suggest Rogue Government Agent Deleted Evidence in Silk Road Case(Motherboard) The saga of the Silk Road online black market taken down by US law enforcement in 2013 continues to get nuttier: a still-unidentified rogue government agent may have sold information about the Silk Road investigation to the website’s operator and may have later deleted evidence of the arrangement
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CIFI Security Summit(Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security...
AlienVault USM Webcast(Online, December 1, 2016) Host-based intrusion detection systems (HIDS), work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating...
Cyber Threats Master Class(Turin, Italy, December 1 - 2, 2016) The UNICRI Masterclass on Cyber Threats aims to provide media and public relations professionals, as well as those planning a career in public information and communication, with a deeper understanding...
Disrupt London(London, England, UK, December 3 - 6, 2016) TechCrunch Disrupt is the world’s leading authority in debuting revolutionary startups, introducing game-changing technologies, and discussing what’s top of mind for the tech industry’s key innovators.
US Department of Commerce Cyber Security Trade Mission to Turkey( Ankara and Istanbul, Turkey, December 5 - 8, 2016) Now is the time to expand in Turkey! The growth and frequency of cyber-attacks in recent years has increased the demand to protect critical data and infrastructure of governments and businesses. Turkey...
Infosecurity Magazine Conference (Boston, Massachusetts, USA, December 6 - 7, 2016) Bringing together 100+ information security end-users, analysts, policy-makers, vendors and service providers, the meeting connects the information security community providing actionable information,...
Practical Privacy Series 2016(Washingto, DC, USA, December 7 - 8, 2016) This year, the Practical Privacy Series will return to Washington, DC, with its rapid, intensive education that arms you with the knowledge you need to excel on the job. We’re programming some stunningly...
CISO Southern Cal(Los Angeles, California, USA, December 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
SANS Cyber Defense Initiative 2016(Washington, DC, USA , December 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative...
Privacy, Security and Trust: 14th Annual Conference(Auckland, New Zealand, December 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.