The suspected attack on Ukraine's power grid around Kiev last month appears to have been confirmed. It appears to have been part of a larger campaign against a variety of sectors, and sources say the attack looks like the work of the same actors who took down electrical service around Ivano-Frankivsk in December 2015.
Famous for having wiped 30,000 Saudi Aramco computers in 2012, Shamoon returns. Palo Alto researchers say this time it comes with default credentials for Huawei's FusionCloud desktop virtualization solution. Shamoon, at least in its first go-round, was thought to have been an Iranian cyber weapon.
Emsisoft reports on Spora ransomware, being sold in darknet souks.
Microsoft patches Edge, Office, and Windows.
European governments, especially in France, Germany, and the UK, are looking to shore up election security in the face of hacking and influence operations Russia mounted against voting in other countries, especially the US. Consideration of those operations attracts new interest as the Guardian (sourced largely from Buzzfeed) reports rumors of compromise and collusion with Russia in President-elect Trump's campaign. The media treat the rumors with cautious but interested skepticism.
Embassies are tweeting a lot, and Russia's diplomatic tweets for some reason feature Pepe the frog's unedifying presence.
US DNI Clapper said yesterday that the Intelligence Community's report on Russian election hacking and influence operations was based on a mix of human intelligence, technical collection, and open sources (which is to say it was based on pretty much every kind of thing, we mean, INT).
Today's issue includes events affecting Austria, Bulgaria, China, Estonia, European Union, France, Germany, India, Israel, Kenya,the Philippines, Russia, Singapore, Tanzania, Tunisia, Ukraine, United Kingdom, United States.
A note to our readers: this coming Monday, January 16th, is observed in the US as Martin Luther King Jr. Day, and we'll be observing it here as well, taking a day off from publication. We'll be back as usual on Tuesday, January 17th.
If you've been enjoying the podcasts, please consider giving us an iTunes review.
A special edition of our Podcast is also available. It covers buying cyber security. Every day there seems to be a new security product on the market, with many of them claiming to provide something that you simply can’t live without. Companies appear and disappear, and businesses are faced with difficult, confusing, and often expensive choices. In this CyberWire special edition, we explore how businesses are navigating the process of choosing products and technologies in a crowded marketplace. We talk to some key stakeholders to find out what drives their purchasing decisions, and what they wished their vendors knew before they came knocking on their doors.
Cyber Security Lunch & Learn(Norfolk, VA, USA, February 2, 2017) Learn how to build a better security incident response program in 2017 from a SANS instructor and enterprise CISO! Earn CPE Credits.
Cyber Attacks, Threats, and Vulnerabilities
The Ukrainian Power Grid Was Hacked Again(Motherboard) An investigation into a power outage that left customers in Ukraine without electricity for an hour last month has concluded that the cause was indeed a cyberattack, sources tell Motherboard. This would be the second such known hack of a Ukrainian power facility following a massive December 2015 power outage affecting about 230,000 people, which was later blamed on the Russian government
It’s Not Just Pepe, The Russian Embassy Has Been Trolling on Twitter For Months(Motherboard) This week, the official Russian Embassy to the UK tweeted Pepe the Frog to British Prime Minister Theresa May, an apparent attempt to make a mockery of the UK’s relationship with both the US and Russia. Obviously not traditional procedure for such an institute, right? Fighting the good fight of national interest is fairly normal for embassies, sure, but using a politically volatile and racist meme? Less so
'Enemies of free speech' behind cyber attack: NUJP(ABS-CBN News) "Enemies of press freedom and of free expression." This was how the National Union of Journalists of the Philippines on Tuesday described the perpetrators of a cyber attack that shut down the NUJP official website
From Darknet with Love: Meet Spora Ransomware(Emsisoft Blog) Ransomware has been a growing threat, with new families cropping up every week. Emsisoft researchers are often involved in the discovery and analysis of new threats, and this ransomware is no different. Originally spotted on ID-Ransomware earlier today, it caught our attention due to a few unique features and the high level of professionalism in both implementation and presentation. We will not only go through the inner workings of Spora, but we will highlight its sophisticated commercial model and how you can keep yourself protected from this latest family of ransomware
Extortionists Wipe Thousands of Databases, Victims Who Pay Up Get Stiffed(KrebsOnSecurity) Tens of thousands of personal and possibly proprietary databases that were left accessible to the public online have just been wiped from the Internet, replaced with ransom notes demanding payment for the return of the files. Adding insult to injury, it appears that virtually none of the victims who have paid the ransom have gotten their files back because multiple fraudsters are now wise to the extortion attempts and are competing to replace each other’s ransom note
Hancitor/Pony/Vawtrak malspam(SANS Internet Storm Center) Until recently, I hadn't personally seen much malicious spam (malspam) using Microsoft office documents with Hancitor-based Visual Basic (VB) macros to send Pony and Vawtrak. It still happens, though. Occasionally, I'll find a report like this one from 2016-12-19, where Hancitor/Pony/Vawtrak malspam was disguised as a LogMeIn account notification, but I rarely come across an example on my own. And apparently, there's been a recent lull in Hancitor/Pony/Vawtrak malspam until yesterday
The Unpatched LSASS Remote Denial of Service (MS16-137)(Core Security) In November 8, 2016 Microsoft released a security update for Windows Authentication Methods (MS16-137) which included 3 CVEs: Virtual Secure Mode Information Disclosure Vulnerability CVE-2016-7220, Local Security Authority Subsystem Service Denial of Service Vulnerability CVE-2016-7237
Windows NTLM Elevation of Privilege Vulnerability CVE-2016-7238. Talking specifically about CVE-2016-7237, this fix was applied to "lsasrv.dll", which affected the LSASS service
No reason to believe cyber attack caused Singtel service outage: Yaacob(Today) The fibre broadband outage that hit Singtel customers last December was due to a technical issue that affected a SingNet server, Minister for Communications and Information Yaacob Ibrahim told Parliament on Monday (Jan 9), adding that there was no reason to believe it was a cyber attack
4 tips RSA Conference 2017 will teach you about cybersecurity(WTOP) You wouldn’t leave the door to your home unlocked when you go out for the day, right? No intelligent business person would. But while it might be second nature to you to check your physical locks, does your organization apply the same diligence to your digital assets?
New security concerns due to business complexities(Help Net Security) It is estimated that in 2016, more than $94 billion will be invested in security solutions, per industry analyst forecasts, yet nearly half of organizations report having had a breach – either internal or external – in the last twelve months
Northrop gets out of commercial cyber, sheds BluVector(Washington Business Journal) Falls Church-based Northrop Grumman Corp. (NYSE: NOC) is joining a growing list of large defense companies getting out of the commercial cyber business with an announcement Monday that it is selling its division to a Philadelphia-based private equity group, LLR Partners
After Verizon acquires Yahoo, ‘Altaba’ will be left behind(BGR) Yahoo was hit with two major security breaches in recent years that affected well over 1 billion user accounts. The company only discovered and admitted they happened in the second half of 2016, months after Verizon announced it was looking to purchase Yahoo in a deal worth almost $5 billion. On top of that, it was revealed that Yahoo helped the US government in a massive spying operation that allowed it to search everyone’s email for specific terrorism-related content
Microsoft and Qualcomm Are Backing This Israeli Security Startup Studio(Fortune) Microsoft (MSFT, -0.03%) and Qualcomm (QCOM, -0.03%) have invested an undisclosed sum in Team8, a cybersecurity startup studio founded by top veterans of Unit 8200, Israel's digital intelligence unit, often referred to as the country's National Security Agency-equivalent. Meanwhile, Citigroup (C, +0.02%) has joined its partnership program to help design new digital security startups
Could Microsoft Join Cisco In Hunt For Security Firms?(Investor's Business Daily) A pickup in takeover activity in 2017 could revive computer security software stocks, says UBS, which says potential buyers include Cisco Systems (CSCO), Check Point Software Technologies (CHKP), Fortinet (FTNT) and Palo Alto Networks (PANW), as well as cloud-computing companies, telecom firms and defense contractors
Phantom Announces $13.5 Million Series B Financing Led by Kleiner Perkins(Yahoo! Finance) Phantom, the first company to provide a community-powered security automation and orchestration platform, announced it has raised $13.5 million in Series B funding to accelerate growth in sales, marketing, and engineering. The latest round brings Phantom’s total funding to more than $23 million and is led by Kleiner Perkins. Existing investors TechOperators Venture Capital, Blackstone (BX), Foundation Capital, In-Q-Tel, Rein Capital, Zach Nelson, and John W. Thompson also participated in the round
CBS taps local tech expert for cybersecurity reality series(Charlotte Business Journal) A former White House executive whose expertise is cybersecurity on the trail of a group of renegades trying to stay off the grid sounds like a Jason Bourne movie — or part of the real-life Congressional hearings on the 2016 presidential election. In this case, it’s neither. Instead, it’s the latest adventure for Charlotte tech expert Theresa Payton, tapped as the “head of intelligence” as part of a CBS reality TV series debuting this month
Denim Group Announces Enhanced ThreadFix Platform(Yahoo! Finance) Denim Group, a leading independent application security firm, today announced the latest version of ThreadFix, the company’s application vulnerability resolution platform for application developers and security professionals. ThreadFix, a proven solution that provides unmatched, centralized vulnerability management and collaboration support across development and security teams, makes it straightforward to identify the most critical application vulnerabilities and systematically address them
Qualcomm and Verizon team up for new IoT modules(Business Insider) Verizon announced a partnership with Qualcomm to introduce ThingSpace-ready modules for deployment using the chip designer’s CAT-M1 LTE Modem, according to a press release from Qualcomm
Wa!, the multi-service mobile wallet from BNP Paribas, is secured by Gemalto(Yahoo! Finance) Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, is supplying BNP Paribas, a leading European bank, with Mobile Protector, a highly secure solution to protect Wa!, an innovative multi-brand, omni-channel mobile wallet that combines payments, shopping coupons and loyalty programs. Gemalto’s Mobile Protector encompasses an SDK (Software Development Kit), and both a customer enrollment and an authentication server. The solution delivers comprehensive security for all mobile payments made using Wa!. The bank is currently piloting Wa! in France with Carrefour, the world’s second biggest retailer with 12,300 stores across 35 countries
Technologies, Techniques, and Standards
NIST Releases Update to Cybersecurity Framework(NIST) The National Institute of Standards and Technology (NIST) has issued a draft update to the Framework for Improving Critical Infrastructure Cybersecurity—also known as the Cybersecurity Framework. Providing new details on managing cyber supply chain risks, clarifying key terms, and introducing measurement methods for cybersecurity, the updated framework aims to further develop NIST’s voluntary guidance to organizations on reducing cybersecurity risks
Addressing the challenges of vulnerability coordination(Help Net Security) The FIRST Vulnerability Coordination Special Interest Group (SIG) made available for public comment through January 31, 2017 the draft Guidelines and Practices for Multi-party Vulnerability Coordination
Art of Anti Detection 2 – PE Backdoor Manufacturing(Pentest Blog) This paper will explain several methods used for placing backdoors in PE(Portable Executable) files for red team purposes, in order to fully grasp the content of this paper, readers needs to have at least intermediate x86 assembly knowledge, familiarity with debuggers and decent understanding of PE file format
Password Expiry Ineffective, Says Cyber Expert(Acumin) Employing automatic password expiry for security purposes is no longer effective and can lead to increased costs, reduced production and vulnerable accounts, says the National Cyber Security Centre
Wary of Russian Cyber Threat, France Plans to Bolster its Army of ‘Digital Soldiers’(Foreign Policy) Bracing for the new cyber front in warfare, French Defense Minister Jean Yves Le Drian said France is ramping up its defenses and doubling its ranks of “digital soldiers.” In a nod to Russia’s meddling in the U.S. elections, he also acknowledged France’s infrastructure, media, and democracy are vulnerable to cyber incursions
Russia and China Are Making their Information Security Case(Cyber DB) In December 2016, Russian President Vladimir Putin approved a new information security doctrine, which updates the older 2000 version. The doctrine, a system of official views on the insurance of the national security of the country in the information sphere, regards the main threats to Russia’s security and national interest from foreign information making its way into the country, and sets priorities for countering them
Contrarian Thoughts on Russia and the Presidential Election(Lawfare) “We assess Moscow will apply lessons learned from its campaign aimed at the U.S. presidential election to future influence efforts in the United States,” says the U.S. intelligence community in the most important sentence in its dismayingly evidence-free report on Russian activities in the presidential election. But how is the United States going to check these future influence efforts?
The Real Russian Hacking Story: A Nation Underdefended From Cyberattack(Forbes) One of the most remarkable aspects of the breathless headlines over the last few months about Russian hackers targeting the US is that so much of it has centered on whether said hackers could have influenced the US presidential election and whether their intent was merely to sow distrust in the electoral system or whether they were focused on trying to get Donald Trump elected. This has been fed by similarly breathless statements from various US officials arguing that trust in our democratic way of life has been undermined or that the legitimacy of Trump’s presidency has been eroded. Yet, missing from all of this is the far more important story of just how the Russians could have managed to do all of this against the very nation that brought the modern Internet to life?
Trump Refuses to Budge as Russian Hacking Charges Mount(MarketWatch) Over the last year, U.S intelligence officials have accused Russia and its leader Vladimir Putin of cyber attacks in support of Donald Trump’s presidential campaign. Mr. Trump has pushed back hard in a story that continues to play out
Here’s Why Trump’s Intel Bashing Matters(Defense One) The president-elect’s denigration of the Russian hacking findings will make it harder to make a case against other U.S. adversaries, former officials say
Ethics Rules Are National Security Rules(Lawfare) The President-elect has failed to divest from his business holdings, refused to release his tax returns, and insisted that a federal anti-nepotism law won’t bar his children—who themselves retain private business interests—from serving in his White House. Days before scheduled confirmation hearings, the majority of his nominees have failed to complete statutorily-mandated ethics review
China is still deciding whether to allow Pokemon Go(Business Insider) Nintendo's hit smartphone app, Pokemon Go, and other augmented reality games are unlikely to be rolled out in China any time soon, after the state censor said it would not license them until potential security risks had been evaluated
Litigation, Investigation, and Law Enforcement
'Terror No Longer Has a Nationality'(Spiegel Online) The suspect in the December terror attack in Berlin, which killed 12, came from Tunisia. SPIEGEL spoke to the country's prime minister, Youssef Chahed, 41, about terrorism in his country and the problems facing its fragile democracy
Report: Surveillance Court Pushed Back Against Spying on Trump(Motherboard) Tuesday night, The Guardian reported a shocking story alleging that the FBI asked the US Foreign Intelligence Surveillance Court for permission to spy on four members of Donald Trump’s political team who were suspected of having suspicious contact with Russian government officials
How Spy Agency Vets Read That Bombshell Trump Report: With Caution(Wired) In the hours since a private firm’s intelligence document leaked to the web, alleging 35 pages of President-elect Donald Trump’s dirty laundry—complete with corrupt ties to Russian officials, blackmail, and bodily fluids—Twitter, Facebook, and cable news have become a feeding frenzy. Taken on its face, the report contains potentially devastating revelations. But former intelligence agents see it differently: To borrow the phrase often applied to Trump himself, they’re taking it seriously, not literally
Russia Hacked ‘Older’ Republican Emails, FBI Director Says(Wired) Since hackers stole emails from the Democratic National Committee and dispersed them across the internet last summer, the world has waited for a parallel leak of Republican secrets. Now on the other side of the election, that second reveal still hasn’t materialized. But FBI director James Comey has now told Congress new details of the Republican prong of those political intrusions, which US intelligence now believe were carried out by the Russian government: The attackers penetrated GOP organizations, and also stole Republican National Committee emails, albeit ones less current than those stolen from the DNC
Finjan Sues Cisco for Patent Infringement(Marketwired via Yahoo! Finance) Finjan Holdings, Inc. ( NASDAQ : FNJN ), a cybersecurity company, today announced that its subsidiary Finjan, Inc. ("Finjan") has filed a patent infringement lawsuit against Cisco Systems, Inc., a California Corporation, in the Northern District of California alleging infringement of five Finjan U.S. patents
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SANS Security East 2017(New Orleans, Louisiana, USA, January 9 - 14, 2017) Start the year off right by choosing from outstanding, cutting-edge courses presented by our top-rated instructors. SANS is looking forward to an exciting kickoff of 2017 with SANS Security East 2017 in...
S4X17 ICS Security Conference(Miami Beach, Florida, USA, January 10 - 12, 2017) Three Days of advanced ICS cybersecurity on three stages with the top 500 people in ICS security. Main Stage - The big names (Richard Clarke, Renee Tarun, ...) and forward looking topics (ICS certification,...
Suits and Spooks DC 2017(Arlington, Virginia, USA, January 11 - 12, 2017) “What we are creating now is a monster whose influence is going to change history, provided there is any history left.” (John von Neumann) When John von Neumann said those words in 1952, he didn’t mean...
Cybersecurity of Critical Infrastructure Summit 2017(College Station, Texas, USA, January 11 - 13, 2017) An inaugural event to convene thought-leaders, experts, and strategic decision makers from government, industry, and academia to discuss the technology and policy implications of the ever-evolving cyber-threats...
ShmooCon 2017(Washington, DC, USA, January 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...
SANS Las Vegas 2017(Las Vegas, Nevada, USA, January 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you...
BlueHat IL(Tel Aviv, Israel, January 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel.
Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.
SANS Cyber Threat Intelligence Summit & Training 2017(Arlington, Virginia, USA, January 25 - February 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but...
Blockchain Protocol and Security Engineering(Stanford, California, USA, January 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.