FireEye reports a significant attack on an unnamed industrial plant (Reuters, quoting Dragos, calls it a "watershed" event). The attacker hit Triconex industrial safety technology supplied by Schneider, a system widely used in the energy sector, including oil and gas, and nuclear power generation. Dragos says the affected plant was in the Middle East; CyberX says it's in Saudi Arabia.
FireEye suggests there's evidence the attackers were working on behalf of a nation-state. It thinks the attack may have been reconnaissance gone awry. The hackers appear to have inadvertently tripped safety systems into fail-safe mode, thereby shutting down plant operations. It's good the systems failed safe as opposed to failing deadly, but the possible implications of the reconnaissance are disturbing, since it seems to have been aimed at learning how to disenable safety systems during an attack.
TVs are found vulnerable. First, TripWire researchers have determined that many Android set-top boxes run old and insecure versions of Android, opening them to exploitation. Second, Trend Micro has disclosed that the Linksys WVBR0-25, the wireless video bridge DirecTV's parent AT&T provides customers, is susceptible to remote code execution. Trend Micro disclosed the issue to Linksys six months ago. They're going public with it because, they say, Linksys has both failed to fix the problem and ceased talking with the researchers who found it.
Anonymous, unhappy with the US decision to move its embassy in Israel to Jerusalem, has called for worldwide unremitting attacks on Israeli and US government sites. (Nothing so far.)
Today's issue includes events affecting France, Germany, Iran, Israel, Republic of Korea, NATO/OTAN, Russia, Saudi Arabia, United States, United Kingdom.
A note to our readers, and especially to our Patrons: Patreon has decided not to roll out the increased fees they'd announced recently for their service. We're happy to say Patrons will no longer be charged a large processing fee for their pledges. And we'd like to take this opportunity to again thank all of you who've signed up as Patrons. You help us keep the CyberWire up and running.
When 95% of breaches are human error, why is it on the last line of our security budget?
Probably because until now, you haven’t found a solution that works. NINJIO produces 3-4-minute-long animated Episodes that teach your end-users how not to get hacked. This is done through Hollywood story telling. A new Episode is produced every 30 days on the most current breaches. Your end-users emotionally connect with the first scene of every Episode, so they’re engaged throughout the Episode. NINJIO tells stories, not lectures and has a 98.5% renewal rate. NINJIO works. See a free in person demo.
Earn a master’s degree in cybersecurity from SANS(Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.
Cyber Attacks, Threats, and Vulnerabilities
Hackers halt plant operations in watershed cyber attack(Reuters) Hackers likely working for a nation-state recently invaded the safety system of a critical infrastructure facility in a watershed attack that halted plant operations, according to cyber investigators and the firm whose software was targeted.
Bitfinex restored after DDoS attack(ComputerWeekly) Bitcoin exchange Bitfinex says its systems have been restored after the company was hit by a second denial of service attack in just over a week.
Bitcoin fever exposes crypto-market frailties(Reuters) As bitcoin raced to another record high on Tuesday, one of the biggest providers of digital currency wallets, Coinbase, went down under the weight of traffic, leaving many of its more than 10 million customers unable to access their funds.
Slow browsing? Hackers could be mining bitcoin(The Straits Times) If you feel your Internet connection has been slower in the past few months, do not blame your service provider just yet - you may be a victim of a new form of malware...
1.4 Billion User Credentials in Database on Dark Web(Cylance) A cybersecurity firm that researches the Dark Web said they recently discovered that one interactive and easily searchable database of about 1.4 billion user credentials is being distributed. With a number that big, it’s quite possible that one or more of those sets of credentials belong to you.
WatchGuard Uncovers Surge in Script-based Attacks Amid Spike in Overall Malware Volume(RealWire) Quarterly Internet Security Report shows unrelenting growth of new attack techniques and malware 13 December 2017 – WatchGuard’s latest quarterly Internet Security Report, which explores the computer and network security threats affecting small to midsize businesses (SMBs) and distributed enterprises, has revealed massive increases in scripting attacks and overall malware attempts against midsize companies throughout Q3 2017
BlackEnergy: Exploring the darkness(Computer Business Review) Over the last 10 years, the BlackEnergy malware family has grown to include three variants that has been used to target the energy and industrial sectors.
Phishing Attacks on Retail Industry Ramp Up as the Holiday Shopping Season Approaches(Netskope) The end-of-year holidays are a lucrative time for phishing attackers and spammers as they try to leverage the festive season to victimize online consumers. This season also puts pressure on the retail industry to build up their inventory to meet the seasonal demand. Netskope Threat Research Labs has been tracking multiple campaigns where phishing emails...
Researchers find zero-day exploit discovered on DirecTV hardware(Cyberscoop) Researchers publicly disclosed a zero-day exploit in a piece of television hardware on Wednesday after trying to get the device maker to fix the flaw over the past few months. The device, Linksys WVBR0-25, is a wireless video bridge that DirecTV parent company AT&T gives to new customers for the satellite television service.
Verizon Galaxy S7 and S7 Edge Pick-Up December Security Patch(Droid Life) Just when it seemed as if Samsung was fully slipping on keeping its phones up-to-date, they team up with Verizon to push the December security patch to the Galaxy S7 and Galaxy S7 Edge. I say that not only because of the slow update rollout to their unlocked Galaxy S8 phones, but because their monthly …
Germany monitoring bitcoin market impact: FinMin(Reuters) Germany is carefully monitoring the impact of cryptocurrencies on markets, a finance ministry spokesman said on Wednesday, as bitcoin surged and the futures of the best known cryptocurrency made their world debut on a U.S. stock exchange.
Lockheed Martin Secures $77.7-Million Cyber Security Contract(NASDAQ.com) Lockheed Martin Corp . ( LMT ) recently secured a contract for providing cyber security support services to sustain the analysis, design, development, test, integration, deployment and operation of information technology systems and services for the cyber security workforce.
NetCentrics awarded DISA Encore III Contract Vehicle(Business Insider) NetCentrics Corporation, a leading provider of infrastructure, cloud, mission applications and cybersecurity for the U.S. government, has won a position on the Defense Information Systems Agency (DISA) Encore III contract vehicle for IT services across the Department of Defense (DoD). NetCentrics is one of 20 companies awarded the indefinite-delivery/indefinite-quantity (IDIQ) contract worth $17.5 billion over 10-years.
enSilo Helps Security Community Detect Far-reaching(Business Insider) enSilo, the company that provides unified endpoint security with NGAV and automated EDR for real-time pre- and post-infection protection, today announced a free audit that will help enterprises determine whether their deployed security products can defeat "Process Doppelgänging" evasions taking advantage of Microsoft Windows features to slip malicious ransomware and other threats past updated, market-leading AV and NGAV security products.
Avast makes 'RetDec' machine-code decompiler open source on GitHub(BetaNews) Open source is the future of computing. Don't believe me? Three of the most important technology companies -- Microsoft, Apple, and Google -- not only license open source software, but they contribute to open source projects too. While closed source will likely never go away, it is becoming less important.
Three plead guilty to causing massive US cyber attack(Financial Times) Three men on Wednesday pleaded guilty to causing a massive cyber attack that harnessed the power of ‘internet of things’ devices to bring down websites including Twitter, Spotify and the New York Times.
Rosenstein defends Mueller, sees no cause for firing(Maryland Daily Record) Deputy Attorney General Rod Rosenstein, facing congressional questions about anti-Donald Trump text messages exchanged between two FBI officials assigned to the Russia probe, defended …
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
NJEdgeCon2018(Whippany, New Jersey, USA, January 11 - 12, 2017) Featuring internationally-recognized digital economy leader, Amber Mac, as our Keynote Speaker Thursday evening, please join us for a two-day conference to participate in discussions and demonstrations...
2018 Leadership Conference(Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.
Connected Medical Device & IOT Security Summit(Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.