The CyberWire Daily Briefing 09.28.12

Cyber Attacks, Threats, and Vulnerabilities

As promised, Islamic hacktivists disrupt PNC Bank (CSO) Naming the targeted banks shows attackers are sophisticated, says one security expert. PNC Bank's website was disrupted on Thursday by a group of Islamic hactivists who have also claimed responsibility for downing the sites this week of Wells Fargo and U.S. Bank. The latest attack is identical to the other two in that hundreds of thousands of computers are used to overwhelm the sites' bandwidth, said Atif Mushtaq, a security researcher for FireEye who has been monitoring the attacks. The hactivists also claim to be behind the distributed denial of service (DDoS) attacks last week against Bank of America and JPMorgan Chase, as well as U.S. bank yesterday

US Banks Unable to Mitigate DDOS Attacks Despite Being Warned (Softpedia) A few days ago, hackers of the Izz ad-Din al-Qassam Cyber Fighters group have revealed their intentions of going after the websites of three other financial institutions: Wells Fargo, US Bank and PNC. Even though they knew their websites would be attacked by the hacktivists (called terrorists by some), the banks were unable to do anything to neutralize the attacks. ABCNews and the Los Angeles Times have interviewed experts who have reassured citizens that these attacks havent affected their financial assets and havent disrupted financial markets

Banks can only hope for best with DDoS attacks (CSO) As with Tuesday's attack on Wells Fargo, distributed denial of service attacks are said to be still crude but effective. Banks can only cross their fingers and hope the defenses they have in place can withstand cyberattacks like the one that disrupted the online banking site of Wells Fargo & Co., experts say

Cyber attack takes down PNC website for second day [The Pittsburgh Tribune (Equities.com) Cyber attack takes down PNC website for second day [The Pittsburgh Tribune-Review]. By Alex Nixon, The Pittsburgh Tribune-Review McClatchy-Tribune Information Services. Sept. 27--A cyberattack that one expert called the biggest of its kind to hit the

Cyber Attacks on US Banks Expose Computer Vulnerability (Businessweek) Such a sustained network attack ranks among the worst-case scenarios envisioned by the National Security Agency, according to the U.S. official, who asked not to be identified because he isn't authorized to speak publicly. The extent of the damage may

'Nothing new' in DDoS attacks (CSO) Two friends from Akamai take issue with the idea that there's something new about the nature of DDoS attacks targeting U.S. Bank, Wells Fargo and others

Are Hamas involved in a cyber war? (Al-Bawaba) And Thornton said there is already "a pretty good system for sharing threat data between the Department of Homeland Security and the financial services community today through a programme run by FS-ISAC (Financial Services Information Sharing Analysis

Shamoon Malware and SCADA Security - What are the Impacts? (Tofino Security) The latest post-Stuxnet discovery of advanced threats is a malicious malware known as Shamoon. Like Stuxnet, Duqu and Flame, it targeted energy companies in the Middle East, this time Saudi Aramco and likely other oil and gas concerns in the region including Qatars RasGaz. It is a new species however, because it did not disrupt an industrial process as Stuxnet did, nor did it stealthily steal business information as Flame and Duqu did

Breach a 'security disaster' for IEEE (CSO) Failure to encrypt data, usernames and passwords called "plain stupid." The IEEE (Institute of Electrical and Electronics Engineers) describes itself on its website as "the world's largest professional association for the advancement of technology." But after a data breach that left the usernames and passwords of 100,000 of its members exposed in plain text for a month, some security experts said it is clear both the organization and at least some of its members should also be in the business of the advancement of common sense security

USSD attack not limited to Samsung Android devices, can also kill SIM cards (CSO) The attack that can wipe data on Samsung devices remotely can also be used to disable SIM cards. A variation of the recently disclosed attack that can wipe data from Samsung Android devices when visiting a malicious Web page can also be used to disable the SIM cards from many Android phones, researchers say

Cyber attack on Philippines government sites (gulfnews.com) As early was Wednesday, Internet users trying to access the websites of the Bangko Sentral ng Pilipines (BSP or Philippine Central Bank) as well as the Metropolitan Waterworks and Sewerage System, the Department of Environment and Natural Resources

Energy giant confirms breach of customer project files (CSO) Telvent's systems are used to control pipelines in North America and Latin America

Chinese hackers linked to breach of control systems used in electric grids (Naked Security) Telvent tells customers that it's discovered that attackers breached its internal firewall and security systems, implanted malicious software, and stolen project files linked to its smart grid product. Experts detected digital fingerprints implicating a Chinese hacking group

Chinese hackers have control of US power grid (Techeye) The company whose software and services remotely administers and monitor large sections of the US energy industry began warning customers about a sophisticated hacker attack. Telvent Canada said that digital fingerprints left behind by attackers point to a Chinese hacking group tied to repeated cyber-espionage campaigns against key Western interests. It looks like the hackers managed to get past the company firewall and security systems

US group studying breach at Schneider unit (Chicago Tribune) Calgary-based Telvent, which is owned by France's Schneider Electric SA, quietly warned customers about the sophisticated attack, which affected its operations in the United States, Canada and Spain, the cyber security news site KrebsOnSecurity.com

Attack on SCADA Vendor Telvent Raises Concerns (Threatpost) SCADATelvent, the maker of a SCADA product used in a number of critical industries, said that its corporate network has been compromised by attackers and that some of the files used by customers on their own networks were changed. This attack is the latest in what looks to be a series of incidents of varying severity that have occurred at companies involved in either the production or use of SCADA systems in recent months

Valid Adobe Certificate Used to Sign Malicious Utilities Common in Targeted Attacks (Threatpost) Adobe announced today it was the victim of an APT-style attack after two malicious utilities commonly used in targeted attacks for privilege escalation and pivoting within a network were discovered signed by a valid Adobe digital certificate. Adobe said it will revoke the certificate next week. Adobe products and services senior director of security Brad Arkin said in a statement that a build server with access to the Adobe code signing infrastructure was compromised and is the source of the issue

US cyber warrior accuses China of targeting Pentagon (Reuters) The U.S. Cyber Command's top intelligence officer accused China on Thursday of persistent efforts to pierce Pentagon computer networks and said a proposal was moving forward to boost the cyber command in the U.S. military hierarchy. "Their level of effort against the Department of Defense is constant" while alleged Chinese attempts to steal corporate trade secrets has been growing, Rear Admiral Samuel Cox, the command's director of intelligence, told Reuters after remarks to a forum on the history of cyber threats

The Wicked Witches of Cyberspace (Infosec Island) Lately Ive been doing a deep dive on technologies that enable one to bypass filters, blocking and jamming, to get uncensored information into denied areas. Ive been talking with all the really big boys about how they get information virtually and physically into North Korea, China, Iran, and other places. Its very interesting and very dangerous at times

Analysis of nearly 1.7 billion shortened URL links (Help Net Security) Web of Trust (WOT) completed an analysis of nearly 1.7 billion shortened URL links and found that the URL shortening services are often used to drive traffic to suspicious websites

Fake Visa/Mastercard "Security incident" notifications doing rounds (Help Net Security) Bogus emails purportedly sent by the Visa/Mastercard "Identity Theft Department" are targeting the cards' users by trying to convince them that a "security incident" has put their online banking and

Security Patches, Mitigations, and Software Updates

Samsung fixes Galaxy S3 bug, researchers offer fix for other phones (Help Net Security) Given the amount of information we all keep on our smartphones, it's no wonder that the recently demonstrated Samsung Galaxy S3 remote data-wipe hack has ruffled quite a few feathers

Cisco Patches Numerous Bugs in IOS, UCM (Threatpost) Cisco has released nine security advisories for various products, including eight for its ubiquitous IOS operating system. Many of the vulnerabilities fixed in the patch release are denial-of-service flaws and none of them can give an attacker the ability to run code remotely on affected machines

Cyber Trends

Harris Survey Exposes Concerns About Employee Privacy For BYOD (Dark Reading) Fiberlink-commissioned poll shows nearly 80% of business users alarmed about employer oversight into location tracking, apps, and more

Profiling The Cybercriminal And The Cyberspy (Dark Reading) Insight into key characteristics, behaviors of cybercrime versus cyberespionage attackers can help -- but the threats aren't just from China and Eastern Europe

Cyber Security: 75% of data breaches are inside jobs (eGovmonitor) High profile data breaches are often the work of hacker collectives like Anonymous, but it turns out that many more come at the hands of a company's own employees. According to new research from Forrester, only 25% of data breach cases are the work of external attackers. That leaves a whopping 75% coming from inside the company

Cyber Weapons: Are They The Deadliest Means Of Modern Warfare? – Analysis (Eurasia Review) Amid the Senkaku/ Diaoyu islet chain disputes and violent demonstrations in China against Japan, a series of cyber attacks hit the websites of the Japan's Defense Ministry, Internal Affairs and Communications Ministry, and the Supreme Court including Japan's Statistics Bureau and Banking networks. Referring to various Japanese and U.S. sources, a recent news story by Bill Gertz in Washington Free Beacon on September 25, has claimed that these attacks were originated in China and worked as a preview of China's military behavior during the opening phase of a military campaign

US and Russian experts turn up volume on cybersecurity alarms (Chicago Tribune) Former National Security Agency Director Michael Hayden warned that the United States had yet to resolve basic questions about how to police the Internet, let alone how to defend critical infrastructure such as electric generation plants

Top 10 issues eroding cloud confidence (Help Net Security) Findings from a joint Cloud Security Alliance (CSA) and ISACA survey show that government regulations, exit strategies and international data privacy dominate the Top 10 areas where confidence in the

Marketplace

Official warns Pentagon managers not to plan for budget cuts (Washington Times) The Pentagon's No. 2 official has issued a new warning to Defense Department civilians and commanders not to make any plans for automatic budget cuts that are set to take effect Jan. 2, even as Congress and the White House show no sign of halting the cuts

Pentagon Spending Shouldn't Slow Before Cuts, Carter Says (Bloomberg) The Pentagon's No. 2 civilian directed military departments and acquisition personnel to proceed with normal operations, including training and contracting, even though action hasn't been taken to avert looming spending cuts. The Pentagon "needs to continue normal spending and operations," Deputy Defense Secretary Ashton Carter told Defense Department and military service heads in a memo obtained yesterday by Bloomberg News

Spectrum guessing game - What's sequestration mean for cyber? (Politico) A new GAO report out last night finds two thirds of the Department of Homeland Security's IT investments are "meeting their cost and schedule commitments" — but 21 programs totaling more than $1 billion

Defense rejects rigid supply chain security countermeasures (Nextgov) Dennis Bartko, special assistant for cyber at the Pentagon's National Security Agency who also spoke at the institute, added, "you may test and evaluate at one moment, but with upgrades, changes -- the devices themselves are often morphing and changing

GAO: Agencies have EA implementation gaps, but blame OMB (Fierce Government IT) Almost all agencies have established goals for their enterprise architecture, but executing on those goals is another challenge entirely, according to a Government Accountability Office report published Sept. 26. All 27 agencies reviewed in the report have fully or partially-defined goals, but only 11 have fully or partially established metrics for assessing their architectures and only five have fully or partially measured outcomes and benefits, say report authors

Unique challenges for Agile development in government (Fierce Government IT) Implementing Agile development with the federal government is not without unique challenges, members of a Sept. 26 panel said. Agencies are accustomed to the waterfall process, said Tim McCrosson, a senior policy analyst within the Office of Management and Budget office of e-government and information technology

Is Data Scientist the Sexiest Job of Our Time? (IEEE Spectrum) Blog Post: Harvard Business Review proclaims data scientist the "sexiest job of the 21st century

Contractor Survival Tactics: KEYW Continues To Make Acquisitions, Expands Into Commercial Market (GovWin) In today's challenging federal market, contractors of all sizes are evaluating their current strategies to achieve success over the next several years, while bracing for potential budget cuts that could significantly impact the way they do business moving forward. At FIA, we are always watching the federal marketplace, and I personally have an interest in what's going on in the mergers and acquisitions (M&A) arena surrounding cybersecurity, a market which is rapidly evolving and always seems to be in the news. With this in mind, one company which I have been watching closely for awhile is KEYW Holding Corp., a smaller niche firm which provides agile cyber superiority and geospatial intelligence solutions to U.S. intelligence and defense customers

EADS Won't Extend BAE Deal Deadline (Wall Street Journal) Mr. Enders said he doesn't see any reason the issues can't be cleared up by Oct. 10, the existing deadline. The two companies have agreed on everything necessary to merge, and now it is up to governments, Mr. Enders said

Lockheed expands cybersecurity alliance (Washington Technology) Verizon joins the likes of Dell, EMC, Hewlett-Packard, Intel, Microsoft, Cisco and Citrix in the alliance, which Lockheed formed as a way to bring companies together to collaborate on cyber issues. Verizon is the 18th company to join the alliance

The Zacks Analyst Blog Highlights: Northrop Grumman, General Dynamics (Military & Aerospace Electronics) Revenue and earnings growth continue to be driven by its strong presence in the current focus areas of cyber security, modernization of defense and homeland security assets, intelligence, surveillance and reconnaissance systems, advanced electronics

Fitch Affirms L-3 Communications at 'BBB-'; Outlook Stable (The Herald) On July 17, 2012, L-3 completed the spin-off of Engility while retaining its cyber, intelligence and security solutions businesses, which is called National

Unisys Moves DOE Idaho Lab to Google Cloud (New New Internet) Unisys has completed its transition of 5,000 personnel at the Energy Department's Idaho National Laboratory to a Google cloud-based email and collaboration platform, Unisys announced Wednesday

Bitcoin makes bid for respect with new foundation (Ars Technica) Bitcoin Foundation will support lead Bitcoin developer, organize conferences

BAE Names Frank Pope Enterprise Shared Services Lead, Erwin Bieber Head of Land & Armaments (GovConWire) BAE Systems Inc., the British contractor's U.S. subsidiary, has appointed Frank Pope president of the enterprise shared services organization, the company announced Thursday. Pope, currently president of land and armaments, will be succeeded by Erwin Bieber, vice president and general manager of business operations for the company's intelligence and security sector

Products, Services, and Solutions

Internet Explorer Blocks More Malware Than Firefox, Chrome, Safari (Dark Reading) NSS Labs browser tests show Google SafeBrowsing API weak link in catching click fraud malware. It hasn't been the best month for Internet Explorer given the recent zero-day attack, but the Microsoft browser got some good news today with a new test that shows it's by far better at stopping malware than Google Chrome, Mozilla Firefox, and Apple Safari

Mozilla's "just works" Persona login system hits beta (Ars Technica) Distributed login system eliminates passwords, simplifies identity management

Ill-informed haters go after MongoDB (IT World) NoSQL databases like MongoDB are great for some tasks but not for others. Is it MongoDB's fault if misguided developers use it to solve the wrong problem

RIM developer faithful find hope in BlackBerry 10 revival (IT World) BlackBerry app developers see turnaround for RIM, thanks to upcoming UI improvements and new development options

BlackBerry 10 Touch, Qwerty Devices Leak In Video; RIM Wants Lady Gaga To Help Sell BB10 (TechCrunch) RIM is still bathing in the afterglow of yesterday's Q2 2013 fiscal results not being as awful as some had feared. The company remains in the invidious position of having to flog an out-of-date OS (BB7) while it tries to get its next-gen OS, BB10, ready for lift off at the start of next year. The wait for BB10 devices goes on — but two of RIM's forthcoming BB10 phones have surfaced online in what appears to be an internal marketing video posted to Vimeo (but since taken down)

5 reasons to focus on Windows 7, not Windows 8 (IT World) With its new Start screen made of live tiles and its bold redesign, Windows 8 will have a challenging time getting consumers to embrace such radical change

Adding little on security, iPhone 5 may still be enterprise darling (IT World) The biggest "security" stories spun off from the release of Apple's iPhone 5 earlier this month were about managing crowds and riots. Here's what you might have missed on the real security front

MSP Seccuris Will Preview Cloud-Based Security Service Portal at MSPWorld (The Complete Managed Services Resource) Managed service provider (MSP) Seccuris Inc. is set to preview its new OneStone Information Assurance Portal at the upcoming MSPWorld 2012 in Austin, TX. MSPWorld will feature conferences and exhibits focused exclusively on MSPs and their

Lockheed Martin Delivers SolaS Hybrid Cloud Solution (Equities.com) The solution uses Lockheed Martin's intelligence-driven defense approach to provide proactive and continuous cloud security situational awareness, and real-time compliance and configuration management. These capabilities are delivered by leveraging

Fidelis XPS Collector network appliance released (Help Net Security) Fidelis Security Systems announced Fidelis XPS Collector, a new network appliance that enables the storage, query and correlation of all sessions on a network. The appliance helps security teams

Controller-less Wi-Fi solution for distributed enterprises (Help Net Security) Aruba Networks announced Aruba Instant Enterprise, a new software release that delivers a controller-less Wi-Fi solution for distributed enterprises. No physical or virtual controllers are required

GFI Software combines antivirus and patch management (Help Net Security) GFI Software launched VIPRE Antivirus 2013 and VIPRE Internet Security 2013, which build upon VIPRE's detection rates and low impact on PC performance, helping to not only protect users' PCs from malware

Poland's Bank BPH to roll out finger vein ID solution (ATM Marketplace) Hitachi Europe Ltd., a wholly owned subsidiary of Hitachi Ltd., today announced that it has finalized delivery of finger vein biometrics authentication for Krakow-based Bank BPH S.A., one of the largest banks in Poland and a member of the GE Capital group. Bank BPH has been running a pilot in several branches since June of this year, and will implement the system in 22 branch offices by the end of September. All 287 branch offices in Poland will be using it as a main method of authentication at teller counters by the end of 2012

Technologies, Techniques, and Standards

Slide Show: 10 Free Governance Risk And Compliance Tools (Dark Reading) While expensive risk management products can certainly help a GRC program, any organization can get started measuring risk and making more disciplined decisions using these tools and templates

ISC Feature of the Week: Glossary (Internet Storm Center) Our feature today is a page we just launched, the Glossary: Terms and Definitions page! This page allows for browsing and list filtering of Computer and Security-related terms and definitions

CSA releases new IAM guidance (CSO) The Cloud Security Alliance says its guidance report on Identity Access Management is the first of 10 components that make up the Defined Categories of Security as a Service (SecaaS) in the cloud environment

Research and Development

Exploring cybercriminal minds, safeguarding privacy among $50M worth of new NSF research projects (IT World) The National Science Foundation (NSF) this week awarded $50 million for more than 70 research projects focused on securing cyberspace in the United States

Academia

Norwich computer program partners with security software firm (Vermont Digger) Officials at Norwich University announced a partnership between the university's digital Threat Analysis Center (NTAC) and computer security software firm RazorThreat. The Michigan-based company provides cyber security software that monitors all network activity which has the potential to be the basis for next generation digital forensics, a focus of Norwich's Bachelor of Science in Computer Security and Information Assurance (BSCSIA) program

Cyber security students receive $1.6 million grant (University at Buffalo The Spectrum) The graduates went on to work for the Federal Trade Commission, National Security Agency, Central Intelligence Agency, Federal Bureau of Investigation, Security Exchange Commission and the Office of Inspector General. To prepare students for careers in

Legislation, Policy and Regulation

Why state regulators may soon be on your case about cyber security (and why it's a good thing) (Smartgridnews) With grid modernization underway, cyber security is recognized as an increasingly important factor in ensuring resiliency, reliability and safety. Indeed, it has become a top national security issue. Many cyber security events have already taken place, including Stuxnet, Aurora, RuggedCom, smart meter hacks and others

California Joins Ban on Employers Demanding Social Media Access (Threatpost) California today joined two other states making it a crime for employers and colleges to ask applicants or workers for their social media login information in order to access their private Web sites. The new laws -- one for companies and one for colleges -- go into effect Jan. 1, 2013. Gov. Jerry Brown signed into law a state bill that prohibits employers from demanding usernames and passwords from employees and job applicants

Killer Apps: Pentagon expanding public-private cyber information sharing program (Foreign Policy) DoD is now working with the Department of Homeland Security to develop a similar program that would allow companies responsible for maintaining critical infrastructure -- banks, utilities, Internet service providers, etc. -- the ability to share

Private Sector Cooperation Vital For National Cyber Defense, Officials Say (AOL Government) The one-year effort, which has been extended by the Obama Administration, consists of 17 defense firms working with the National Security Agency and national telecommunications firms to monitor their networks for intrusions and suspicious data

Litigation, Investigation, and Enforcement

ACLU forces government to reveal skyrocketing surveillance stats (Ars Technica) Feds got more peoples' phone call records in last 2 years than previous 10

Australian police disrupts sophisticated credit card fraud syndicate (Help Net Security) A husband and wife were arrested today in Ryde, New South Wales, following what was dubbed as one of the most most serious identity crime investigations undertaken by the Australian Federal Police