The first week of 2017 continues to offer skeptical takes on various attributions. The conclusions being called into question range from the debunked (hacking of the Vermont power grid) through the newly controversial (Russian malware-enabled counterfire against Ukrainian guns) to the generally accepted (Russian intrusion into US political party networks).
KrebsOnSecurity has a particularly good round-up of the grid-hack-that-wasn't, with a reflective account of how the story gained currency.
Taia Global's Carr calls bunkum on CrowdStrike's "Danger Close" report on Android X-Agent targeting of artillery positions (more promised at Suits and Spooks—in the meantime SecurityWeek says that CrowdStrike stands by its report).
And many observers continue to express disappointment over the level of detailed evidence contained in the FBI-NCCIC Joint Analysis Report on Fancy Bear's election hacking (many of those same observers also note the difficulty of making such a case without disclosing more about sources and methods than would be prudent).
The Daily Beast has an account of how Islamist exploitation of social media and other online platforms for information operations has proven amphisbaenic: successful for recruiting and inspiration, but risky. Many leaders have been targeted when their phone chatter exposed their location.
Recorded Future publishes its forecast of ransomware's future—contra McAfee Labs, it sees digital extortion growing in 2017. Their first prediction is that "Ransomware will become just another tool in the hacker utility belt." Carbonite argues in its own study of ransomware trends that such attacks will serve increasingly as diversions (the way DDoS has).
Today's issue includes events affecting Brazil, China, Iran, Mozambique, Philippines, Russia, Ukraine, United Kingdom, United States.
ON THE PODCAST
In today's CyberWire podcast, we hear from our partners at Accenture Labs, as Malek Ben Salem discusses Deep Learning.
If you've been enjoying the podcasts, please consider giving us an iTunes review.
A special edition of our Podcast is also available. It covers buying cyber security. Every day there seems to be a new security product on the market, with many of them claiming to provide something that you simply can’t live without. Companies appear and disappear, and businesses are faced with difficult, confusing, and often expensive choices. In this CyberWire special edition, we explore how businesses are navigating the process of choosing products and technologies in a crowded marketplace. We talk to some key stakeholders to find out what drives their purchasing decisions, and what they wished their vendors knew before they came knocking on their doors.
The GRU-Ukraine Artillery Hack That May Never Have Happened(LinkedIn) Crowdstrike’s latest report regarding Fancy Bear contains its most dramatic and controversial claim to date; that GRU-written mobile malware used by Ukrainian artillery soldiers contributed to massive artillery losses by the Ukrainian military. “It’s pretty high confidence that Fancy Bear had to be in touch with the Russian military,” Dmitri Alperovich told Forbes. “This is exactly what the mission is of the GRU”
Caution: Cybercriminals may use ransomware as a diversion(Carbonite) Ransomware computer viruses are becoming more sophisticated—and so are the attacks that make use of ransomware. In some cases, ransomware is used to disable access to a machine so criminals can perform further actions without being tracked. Criminals have also used ransomware to cause chaos and avoid detection after hacking into a network and stealing data
Thugs developing cat-themed ransomware for androids and hitler ransomware for pcs _ computerworld bitcoin as a currency(Financial Handbook) Thugs developing cat-themed ransomware for androids and hitler ransomware for pcs _ computerworld bitcoin as a currency What do a cute cat and Hitler have in common? Both are featured in ransomware; Hitler targets PCs and the cat-themed ransomware targets Androids. Both are also considered to be under development at this time, meaning neither are currently big, bad boogeyman threats let loose in the wild to infect the masses. Accept bitcoin Things could change if either ransomware is fully developed
Leet IoT Botnet Bursts on the Scene with Massive DDoS Attack(Infosecurity Magazine) Just 10 days before the end of 2016, researchers from Imperva uncovered a massive 650Gbps DDoS attack generated by a new internet of things (IoT) botnet, dubbed “Leet” after a character string in the payload. It’s the first that can rival Mirai
Dyn DDoS: What It Means for Supply Chain Security(Tripwire: the State of Security) By now, you have probably heard about one, maybe two massive Distributed Denial of Service (DDoS) attacks that occurred near the end of 2016. The first was Brian Krebs being subjected to a 620 Gbps DDoS. The second, and more noticeable, attack targeted DNS provider Dyn and took down parts of Twitter, Amazon, and other Dyn clients’ infrastructure on the East Coast in the process
Pentagon subcontractor leaks classified personnel data(Federal Times) A security researcher at the MacKeeper Security Research Center has revealed a Pentagon subcontractor exposed sensitive U.S. military health care personnel data thanks to an insecure server backup protocol
LA Valley College Hit By Cyber Attack(CBS Los Angeles) Los Angeles Valley College in Valley Glen was subject to a cyber attack over the winter break but it is not known how large the breach was, officials said Tuesday
ICO ‘Breached Public Data’ Several Times Since 2013(Infosecurity Magazine) Data protection watchdog the Information Commissioner’s Office (ICO) has been forced to take action several times over the past few years to prevent breaches at its own offices, according to a new investigation
Security Patches, Mitigations, and Software Updates
Box[.]com Plugs Account Data Leakage Flaw(Threatpost) Box.com has changed the way it handles publicly shared accounts and folders after a researcher found confidential documents and data belonging to Box.com users via Google, Bing and other search engines. While Box.com maintains this is a case of its customers unintentionally over-sharing, it says it has “fixed” the issue
7 Ransomware Trends to Watch for in 2017(Recorded Future) In November McAfee Labs released its 2017 Threat Predictions report and one of the predictions that has gotten a lot of press is that McAfee expects ransomware attacks to decrease in 2017
CEOs Reveal Cyber Naiveté as Incidents Rise and Losses Mount(Information Management) A new cybersecurity study from RedSeal finds that more than 80 percent of CEOs are very confident in their firm’s cybersecurity strategies, despite the fact that security incidents have surged 66 percent since 2009 according to PricewaterhouseCoopers’ 2017 Global State of Information Security Survey
The Biggest Security Threats Coming in 2017(Wired) Whether it was a billion compromised Yahoo accounts or state-sponsored Russian hackers muscling in on the US election, this past year saw hacks of unprecedented scale and temerity. And if history is any guide, next year should yield more of the same
Cybersecurity Stocks for 2017(Investopedia) Investors were drawn to cybersecurity stocks in 2016 in light of headline-making data breaches and a heightened demand for cloud and Internet of Things (IoT) protection. But at the same time, many cybersecurity stocks suffered from increasing competition, slowing sales growth and low profitability as they evolved to meet the demands of a disrupted sector
Sirius Acquires Continuum Security Solutions(Military & Aerospace Electronics) Sirius Computer Solutions, Inc., a leading national IT solutions integrator, has acquired Continuum Worldwide Corporation, dba Continuum Security Solutions (Continuum), an information security company based in Omaha, Nebraska. The acquisition was finalized on December 30 and expands Sirius' security and compliance solutions portfolio
Md. firm gets Verizon certification for ‘game-changing’ IoT device(Baltimore Record) An Annapolis company specializing in low-power networking has received certification for a device that lets manufacturers connect sensors or embedded apps to the internet through a cellular network. Link Labs Inc.'s low power LTE Cat-M1 sensor suite has been certified by Verizon for its 4G LTE Network
Bitdefender’s Box 2 promises to be the security solution for your smart home(Yahoo! Tech) Bitdefender on Tuesday announced the second-generation Box, a revamped security system for your home network and smart home devices. Promising to provide unparalleled protection from fraud, phishing, and network attacks, the Box 2 could be the security solution for your superconnected smart home
ClickSSL Announces Platinum Partnership with Comodo – #1 Certification Authority(Sat Press Releases) ClickSSL, a foremost leader in SSL certificate providers, today unveils its new gem named Comodo CA to be added to its authenticated certificate authorities — now becoming a platinum partner of Comodo certificate authority to support its current and potential customer base by providing vast SSL certificate products
Gemalto helps AT&T for secure IoT applications(Business Standard) Digital security giant Gemalto is supplying American telecommunication giant AT&T with a remote subscription management solution that will enable its customers to deploy a secure Internet of Things (IoT) applications in the US and globally
Technologies, Techniques, and Standards
How to Build a Culture of Cybersecurity(Infosecurity Magazine) It is clear from the headlines about breaches that many people still do not take cybersecurity seriously. The majority of these breaches were enabled by an employee inadvertently taking an action that enabled the breach. In spite of the highest levels of management insisting that it is a priority to protect data, why is it that some of us take those enabling actions? Why isn't everyone on board with cybersecurity?
Ford and Toyota launch consortium to help developers build in-car apps(TechCrunch) Drivers expect their cars and smartphones to seamlessly work together. Both Apple and Google offer their respective services for connecting phones to a car’s infotainment system, but the car industry isn’t ready to completely cede the center console to Silicon Valley. Ford and Toyota have long been unlikely allies in this area. A few years ago, with AppLink, Ford started giving a select number of mobile app developers the ability to integrate their smartphone apps with its Sync infotainment system. It then open-sourced it under the SmartDeviceLink moniker back in 2013 and Toyota was one of the first third-party car manufacturers to adopt it for its cars
Russian Election Hacking Allegations Top US Senate Agenda(Defense News) Russian hacking allegations will take center stage in the US Senate this week, and in the coming weeks, as Armed Services, Foreign Relations and Intelligence committee leaders meet to set an agenda for a series of cybersecurity hearings
The Download on the DNC Hack(KrebsOnSecurity) Over the past few days, several longtime readers have asked why I haven’t written about two stories that have consumed the news media of late: The alleged Russian hacking attacks against the U.S. Democratic National Committee (DNC) and, more recently, the discovery of malware on a laptop at a Vermont power utility that has been attributed to Russian hacker groups
What the Washington Post’s Hacked Electrical Grid Report Got Wrong(Fortune) A Washington Post report on Friday said that Russian hackers had breached the nation's power grid via a utility in Vermont, citing unnamed U.S. officials. Almost immediately, digital security experts panned the story, criticizing it as prematurely alarmist and lacking key details
Claims that Russia hacked the US election and power grid are ‘overblown’(Naked Security) The Washington Post has walked back a story claiming Russian malware was found in the systems of a Vermont utility. The paper earlier linked it to the same operation US officials say was used to interfere with the 2016 presidential election, and flagged it as a potentially larger threat to the nation’s power grid
Russia did not hack Vermont electric utility: report(The Hill) Russian hackers do not appear to be behind an attack on a Vermont electric utility, reports the Washington Post, citing officials close to the investigation of a potential activity first reported by the Post last week
Trump Says Intelligence Officials Delayed Briefing on Russian Hacking(New York Times) President-elect Donald J. Trump said Tuesday that intelligence officials had delayed briefing him on their conclusion that Russia interfered in the 2016 election and suggested, with no evidence, that they might be buying time to assemble a more substantial case
Washing machine will turn detective(Times) Fridges, coffee makers, washing machines and lightbulbs will soon provide alibis or important crime scene evidence, according to Scotland Yard’s head of digital forensics
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
S4X17 ICS Security Conference(Miami Beach, Florida, USA, January 10 - 12, 2017) Three Days of advanced ICS cybersecurity on three stages with the top 500 people in ICS security. Main Stage - The big names (Richard Clarke, Renee Tarun, ...) and forward looking topics (ICS certification,...
OWASP Annual AppSec EU Security Conference(Belfast, UK, May 8 - 12, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative...
CES® CyberSecurity Forum(Las Vegas, Nevada, USA, January 5, 2017) Now in its second year, the CES® CyberSecurity Forum presented by CyberVista is designed to ensure all stakeholders in developing high tech solutions understand the complexity and the need for action in...
SANS Security East 2017(New Orleans, Louisiana, USA, January 9 - 14, 2017) Start the year off right by choosing from outstanding, cutting-edge courses presented by our top-rated instructors. SANS is looking forward to an exciting kickoff of 2017 with SANS Security East 2017 in...
Suits and Spooks DC 2017(Arlington, Virginia, USA, January 11 - 12, 2017) “What we are creating now is a monster whose influence is going to change history, provided there is any history left.” (John von Neumann) When John von Neumann said those words in 1952, he didn’t mean...
Cybersecurity of Critical Infrastructure Summit 2017(College Station, Texas, USA, January 11 - 13, 2017) An inaugural event to convene thought-leaders, experts, and strategic decision makers from government, industry, and academia to discuss the technology and policy implications of the ever-evolving cyber-threats...
ShmooCon 2017(Washington, DC, USA, January 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...
SANS Las Vegas 2017(Las Vegas, Nevada, USA, January 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you...
BlueHat IL(Tel Aviv, Israel, January 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel.
Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.
SANS Cyber Threat Intelligence Summit & Training 2017(Arlington, Virginia, USA, January 25 - February 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but...
Blockchain Protocol and Security Engineering(Stanford, California, USA, January 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.