Ukrainian officials confirm that December's power outages were caused by a cyberattack.
The Ukrainian government, Politico also reports, is quietly trying to mend fences with the incoming US Administration after evidently having conducted some quiet, minor influence operations of its own on behalf of the President-elect's opponent. In any case, observers are busy telling as surprising many unsurprising stories of influence operations over the years. President-elect Trump has also said he now thinks the Russians hacked the DNC.
The strange arrest of two Italian citizens—a brother and sister—for hacking high-profile Italian figures (and at least one high-profile Cardinal in the Vatican) draws attention to EyePyramid malware. Trend Micro describes this as a data exfiltration package delivered as a malicious email attachment. In this case EyePyramid was used to siphon more than 87 gigabytes of data, "including usernames, passwords, browsing data, and filesystem content." The hackers' motives are unclear: they appear political, but Italian police think they were financial.
Hamas is using catphish as honeytraps to install spyware on Israeli soldiers' smartphones. The IDF thinks the damage minimal, but with the troops one never knows—one thing does lead to another, sir.
Criminals are turning to botnets for increasingly creative schemes.
The peace sign hack may be joining the Gummibear hack as a way stealing fingerprints for biometric registration, according to Japan's National Institute for Informatics. It's a lot quicker and a lot less sticky.
In industry news, Arxan buys Apperian; Infocyte wins $3.4 million in Series A funding.
Today's issue includes events affecting Brazil, China, European Union, France, Germany, Holy See, Israel, Italy, Philippines, Russia, South Africa, Thailand, Ukraine, United Arab Emirates, United Kingdom, United States.
A note to our readers: this coming Monday, January 16th, is observed in the US as Martin Luther King Jr. Day, and we'll be observing it here as well, taking a day off from publication. We'll be back as usual on Tuesday, January 17th.
If you've been enjoying the podcasts, please consider giving us an iTunes review.
A special edition of our Podcast is also available. It covers buying cyber security. Every day there seems to be a new security product on the market, with many of them claiming to provide something that you simply can’t live without. Companies appear and disappear, and businesses are faced with difficult, confusing, and often expensive choices. In this CyberWire special edition, we explore how businesses are navigating the process of choosing products and technologies in a crowded marketplace. We talk to some key stakeholders to find out what drives their purchasing decisions, and what they wished their vendors knew before they came knocking on their doors.
Cyber Security Lunch & Learn(Norfolk, VA, USA, February 2, 2017) Learn how to build a better security incident response program in 2017 from a SANS instructor and enterprise CISO! Earn CPE Credits.
Cyber Attacks, Threats, and Vulnerabilities
Ukraine power cut 'was cyber-attack'(BBC) A power cut that hit part of the Ukrainian capital, Kiev, in December has been judged a cyber-attack by researchers investigating the incident
Ukraine Power Outage Confirmed as Cyber Attack(Infosecurity Magazine) Ukrainian investigators have confirmed that last month’s power outage in the country was the result of a cyberattack by the same group that struck in December 2015, claiming they may be practising for major attacks elsewhere
How Cyber Propaganda Influenced Politics in 2016(TrendLabs Security Intelligence Blog) Throughout history, politically motivated threat actors have been interested in changing the public opinion to reach their goals. In recent years the popularity of the Internet gave these threat actors new tools. Not only do they make use of social media to spin the news, spread rumors and fake news, but they also actively hack into political organizations
This Is How Russian Spies Could 'Crack' Telegram(Motherboard) A 35-page leaked report on President-elect Donald Trump makes a series of explosive—and mostly unverified—claims, including the fact that the Russian government can blackmail the former reality TV-star with compromising and embarrassing information
ShadowBrokers Selling Windows Exploits, Attack Tools(Threatpost) The latest Shadowbrokers dump of alleged NSA tools—a cache of Windows exploits—surfaced over the weekend. And for the first time since these unannounced releases started last summer, analysts don’t have the luxury of a free set of files to dig in to
The Eye of the Storm: A Look at EyePyramid, the Malware Supposedly Used in High-Profile Hacks in Italy(TrendLabs Security Intelligence Blog) Two Italian citizens were arrested last Tuesday by Italian authorities (in cooperation with the FBI) for exfiltrating sensitive data from high-profile Italian targets. Private and public Italian citizens, including those holding key positions in the state, were the subject of a spear-phishing campaign that reportedly served a malware, codenamed EyePyramid, as a malicious attachment. This malware was used to successfully exfiltrate over 87 gigabytes worth of data including usernames, passwords, browsing data, and filesystem content
Peace Sign Pics Could Give Hackers Your Fingerprints(Infosecurity Magazine) Researchers at Japan’s National Institute of Informatics have claimed they can accurately copy fingerprints from digital photographs, raising fears that the security of biometric authentication systems could be undermined
Alice: A Lightweight, Compact, No-Nonsense ATM Malware(TrendLabs Security Intelligence Blog) Trend Micro has discovered a new family of ATM malware called Alice, which is the most stripped down ATM malware family we have ever encountered. Unlike other ATM malware families, Alice cannot be controlled via the numeric pad of ATMs; neither does it have information stealing features. It is meant solely to empty the safe of ATMs. We detect this new malware family as BKDR_ALICE.A
Hack Exposes Reams of Private Jabber Chats(Motherboard) Often when a website or service is hacked, it's only usernames or passwords that are exposed. But in one case, hackers made off with months worth of private messages between users of an instant messaging service
Ransomware Rising On The Plant Floor(Dark Reading) Cybercriminals are successfully reaching ICS/SCADA networks with their ransomware, including energy firms and manufacturing plants
Beware phishing scams in Amazon listings(Naked Security) Be careful what you click: There’s a new phishing scam hitting Amazon listings that look like legitimate deals, offering great prices on “used – like new” electronics
Russian Cyber Crime Group Steals $5 Million Per Day via Bot(Read IT Quick) A Russian cyber criminal group has been stealing up to $5 million per day from US-based companies, since the past few months. The hack, revealed by a company called White Ops, is being carried out with a botnet, which siphons off advertisement earnings by posing as a fake publishing company. This is one of the largest hacks in today’s times, amounting to aggregate losses between $3 million to $ 5 million per day. The hack was first noticed by the company in September 2015
What If Deep Learning Was Given Command Of A Botnet?(Forbes) Not a day goes by without some fascinating new advance in deep learning, yet most of the conversation around deep learning in the cybersecurity realm has focused on its defensive capabilities, using AI algorithms to hunt through network and server logs to ferret out anomalous activity. This raises the fascinating question of what deep learning might be capable of as an offensive weapon of cyberwarfare
The Dumb ‘Smart’ Gear That Someone’s Gonna Hack in 2017(Wired) Another year, another menagerie of devices that inexplicably connect to the internet. And while you can debate the usefulness of putting Wi-Fi in every last appliance in your home, it undoubtedly gives hackers more easy targets
Security Patches, Mitigations, and Software Updates
Adobe, Microsoft Push Critical Security Fixes(KrebsOnSecurity) Adobe and Microsoft on Tuesday each released security updates for software installed on hundreds of millions of devices. Adobe issued an update for Flash Player and for Acrobat/Reader. Microsoft released just four updates to plug some 15 security holes in Windows and related software
SAP Security Notes January 2017: Continued Security Focus on SAP for Defense(Onapsis) So, 2017 begins... and the first Patch Day has arrived. Today, SAP published its first Security Notes post of the year, making a total of 24 notes (21 published today) since the last Security Notes Tuesday in December. The amount of security corrections for each month starts consistent with last year (keeping the average of 25 SAP Security Notes per month). Today SAP published, for the second month in a row, SAP Security Notes for SAP ERP Defense Forces and Public Security. Along with our Research Labs analysis, SAP is working on several security improvements for these solutions that are used by many large organizations around the world
Microsoft fixes botched patch(Enterprise Times) Microsoft has brought forward a replacement patch for CVE-2016-7237. The details were released by Nicolas Economou from Core Security. The replacement patch was due for release on February 14. However, after Core Exploit issued an embargoed blog about the issue to press, Microsoft told them they would bring the patch release forward. It is now live as part of yesterday’s Patch Tuesday release
Threat researcher sees no end to ransomware’s growth(Silicon Angle) Intel Corp.’s McAfee Labs raised some eyebrows in the security community in November with its prediction that “the volume and effectiveness of ransomware attacks will go down in the second half of 2017.” The security firm based its prediction on improvements in preventive technology, better industry coordination, education and stepped-up law enforcement pressure for its optimism. But Allan Liska doesn’t agree
Businesses Bracing for Year of Uncertainty, According to Allianz Risk Barometer 2017(BusinessWire) Businesses increasingly fear impact of non-physical damages, market uncertainties and political perils. Companies greatly fear the impact of rising protectionism and other potential shocks to markets. Business interruption continues to lead risk rankings as new non-physical damage triggers emerge. Cyber risk concerns rise to #2 in the US and Europe, globally top 3; driven by impact of indirect attacks, regulatory threats and technical and employee error in digitalized production environment
Cloud Report(Netskope) Half of all users of a sanctioned cloud storage service have a personal instance of the same service
Cyber Security Worries Driven by Naïve Staff, Says Report(Acumin) In spite of the view that hackers remain the biggest cyber threat to organisations, insiders, including naïve or careless staff, are now considered to pose just as great a threat, says a new study from firewall provider Preempt, conducted by Dimensional Research
GlobalSign opens regional office in Dubai(Trade Arabia) GMO GlobalSign KK, a leading provider of trusted identity and security solutions and one of the longest established certificate authorities in the world, has announced the inauguration of its new office in Dubai
Kaymera Launches Fully-secured Version of Google Pixel Phone(Yahoo! Finance) Kaymera Technologies Ltd, the leader in mobile security for enterprises and Government organizations, has today announced the launch of the Kaymera Secured Pixel, a unique fully-hardened and secured version of Google’s flagship smartphone
Cryptzone Transforms Network Security with New AppGate Release(IT Business Net) Cryptzone, the Software-Defined Perimeter company, today announced the newest version of AppGate, which enables organizations to easily deploy a Software-Defined Perimeter (SDP) for granular access control. The release of AppGate 3.0 furthers Cryptzone's vision for transformational network security where all network services adopt an identity-centric security model
Huawei and AlgoSec to deliver integrated security policy management to drive network agility(Your Industry News) Huawei announced a partnership with AlgoSec, the market leader for business-driven security policy management. Through this partnership, Huawei security integrates its full range of firewall-related solutions with AlgoSec’s security policy management solution to enable joint customers to streamline and automate security management operations, enhance visibility and improve security, compliance and business agility
CTO Insights: The General Data Protection Regulation (GDPR) Is Coming, What Now?(TrendLabs Security Intelligence Blog) Based on the incidents we saw in 2016, I recommend that organizations enter 2017 with caution. From the growth of Business Email Compromise (BEC) attacks to cybercriminals using more effective ways to exploit Internet of Things (IoT) devices, these security issues should serve as a reminder for businesses and individuals to be more vigilant
Advancing Infosecurity Standards Through Consensus(Infosecurity Magazine) More than 40 million Target shoppers were caught off guard when their credit card accounts were hacked in 2014, but it came as no surprise for many security researchers, who had been predicting an authentication attack for more than a decade. The incident prompted Americans to join the rest of the world and start the (sometimes rocky) transition to EMV chip cards
What Reaction To The Russian Hacking Report Teaches Us About Data Science(Forbes) From a data science standpoint, one of the most fascinating criticisms of the US Government report on Russian hacking of the US presidential election is that for all its hyperbolic claims, the actual hard detailed evidence presented in the report is relatively weak and the evidence it does present ends up hurting the report’s conclusions more than supporting them
The rewards of advanced agile and DevOps adoption(Help Net Security) In today’s fiercely competitive environment for customer satisfaction and brand loyalty, agile and DevOps are driving happier customers and employees. Results from a new CA Technologies global study reveal that advanced users of agile or DevOps realized significant increases of up to 52 percent in customer satisfaction and up to 50 percent in employee productivity
On the banality of attacks and on mindful engineering(Medium) Over the years of my experience assisting journalists and dissidents with matters of computer security, and researching the nature of the threats they face, I learned that those who don’t have access to security solutions and do not operate in a managed environment, are often not best served by the consumer technology they are normally provided with
Meet the man responsible for teaching some of the NSA’s best young hackers(CyberScoop) The National Security Agency is an enormous organization by nearly any corporate standard, with more than 35,000 employees. Former Deputy Director Chris Inglis once joked that the spy agency is “the biggest employer of introverts.” More frequently though, the NSA refers to itself as the largest employer of mathematicians. In recent years, while the U.S. has continuously confronted new threats in cyberspace, the agency has increasingly become a training ground for young, talented, highly educated computer security professionals
Opinion: Trump’s internet opportunity(Christian Science Monitor Passcode) Instead of adding to hostilities toward internet freedom, Trump has a chance to help safeguard digital liberties. That means crafting a cybersecurity policy in his first 100 days to reinforce appropriate behavior in cyberspace
If Trump Wants a ‘Hacking Defense’ Strategy, He Should Just Use Obama’s(Wired) In his first press conference as president-elect, Donald Trump said Wednesday that the United States is too vulnerable to cybersecurity threats, and that he plans to work with defense and intelligence officials to release a “major report on hacking defense” within 90 days of taking office. To do so, he’ll need a much firmer grasp on “the cyber” than he’s demonstrated so far. As the Obama administration already showed with its own comprehensive cybersecurity plan, there’s no such thing as a quick fix
Trump accepts Russia's role in political hack(Christian Science Monitor Passcode) For the first time, the president-elect said he believes Russia meddled in the election. In Washington, a growing cadre of Senators want a wider investigation to determine the extent of Moscow's interference
Trump denounces 'disgrace' of reports of Russian ties to him(Military Times) A defiant President-elect Donald Trump on Wednesday adamantly denied reports that Russia had compromising personal and financial information about him, calling it a "tremendous blot" on the record of the intelligence community if material with any such allegations had been released
How credible are reports that Russia has compromising information about Trump?(PBS Newshour) On Tuesday evening, CNN reported unsubstantiated claims that Russian intelligence compiled a dossier on the president-elect during his visits to Moscow; BuzzFeed later published 35 pages of content from the alleged dossier. But Mr. Trump dismissed the developments as “fake news.” Judy Woodruff speaks with former NSA lawyer Susan Hennessey and former CIA officer John Sipher for analysis
FBI, CIA, DNI, NSA all agreed: Tell Trump about explosive Russia claims(Washington Post via McClatchy DC) As the nation's top spies prepared to brief President Barack Obama and President-elect Donald Trump on Russian interference in the 2016 election, they faced an excruciatingly delicate question: Should they mention the salacious allegations that had been circulating in Washington for months that Moscow had compromising information on the incoming president?
The Deep State Goes to War with President-Elect, Using Unverified Claims, as Democrats Cheer(Intercept) In January, 1961, Dwight Eisenhower delivered his farewell address after serving two terms as U.S. president; the five-star general chose to warn Americans of this specific threat to democracy: “In the councils of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the military-industrial complex. The potential for the disastrous rise of misplaced power exists and will persist.” That warning was issued prior to the decadelong escalation of the Vietnam War, three more decades of Cold War mania, and the post-9/11 era, all of which radically expanded that unelected faction’s power even further
China-Based Hacking Case Against U.S. M&A Firms Illustrates Cyber Security and Enforcement Issues(Forbes) In late December, the U.S. Attorney for the Southern District of New York announced the arrest of a Macau resident and unsealed an indictment against him and two others for hacking U.S. law firms for information related to pending U.S. mergers and acquisitions transactions and insider trading on that information. At the same time, the U.S. Securities and Exchange Commission filed a civil securities law complaint against those individuals, seeking injunctive relief and disgorgement of wrongful gains
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Southern Virginia - Cyber Security Lunch & Learn(Norfolk, Virginia, USA, February 2, 2017) Cyber security experts discuss security incident response. Dealing with cyber security risk is an exercise in managing daily chaos. Organizations know they need to improve their posture but common roadblocks...
Workplace Violence & Response To Active Shooter Events Meeting(Laurel, Maryland, USA, February 9, 2017) The National Insider Threat Special Interest Group (NITSIG) will be hosting a meeting on February 9, 2017, at the Johns Hopkins University Applied Physics Laboratory, Laurel, MD. The meeting will be exclusively
Cybersecurity: The Leadership Imperative(New York, New York, USA, March 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed.
SANS Security East 2017(New Orleans, Louisiana, USA, January 9 - 14, 2017) Start the year off right by choosing from outstanding, cutting-edge courses presented by our top-rated instructors. SANS is looking forward to an exciting kickoff of 2017 with SANS Security East 2017 in...
S4X17 ICS Security Conference(Miami Beach, Florida, USA, January 10 - 12, 2017) Three Days of advanced ICS cybersecurity on three stages with the top 500 people in ICS security. Main Stage - The big names (Richard Clarke, Renee Tarun, ...) and forward looking topics (ICS certification,...
Suits and Spooks DC 2017(Arlington, Virginia, USA, January 11 - 12, 2017) “What we are creating now is a monster whose influence is going to change history, provided there is any history left.” (John von Neumann) When John von Neumann said those words in 1952, he didn’t mean...
Cybersecurity of Critical Infrastructure Summit 2017(College Station, Texas, USA, January 11 - 13, 2017) An inaugural event to convene thought-leaders, experts, and strategic decision makers from government, industry, and academia to discuss the technology and policy implications of the ever-evolving cyber-threats...
ShmooCon 2017(Washington, DC, USA, January 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...
SANS Las Vegas 2017(Las Vegas, Nevada, USA, January 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you...
BlueHat IL(Tel Aviv, Israel, January 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel.
Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.
SANS Cyber Threat Intelligence Summit & Training 2017(Arlington, Virginia, USA, January 25 - February 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but...
Blockchain Protocol and Security Engineering(Stanford, California, USA, January 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.