The CyberWire Daily Briefing for 10.19.2012

Cyber Attacks, Threats, and Vulnerabilities

BB&T's website affected by cyber attack (Bizjournals.com) A "denial of service" attack possibly linked to an Iranian hacker group affected BB&T's website, similar to those that have hit other major U.S. banks. But BB&T Corporation (NYSE: BBT) said the infiltration did not target any individual accounts

HSBC Hit By World-Wide Cyber Attack (CFO.com Magazine) HSBC websites worldwide were shut down for several hours today as they faced a "denial of service" cyberattack. The group website, hsbc.com, as well as several national and online banking sites including those in the United Kingdom, the United States

Ally Financial latest US bank to face cyber attack (Reuters) Ally Financial Inc said on Thursday it was monitoring "unusual activity" on its web site, the latest U.S. bank to report internet issues following recent cyber attacks that have been linked to Iran. Bank of America Corp (BAC.N), Wells Fargo

PNC 'pummeled' during cyberattack last month, CEO says (Equities.com) PNC Financial Services Group Inc. was "pummeled" in a cyber attack last month that limited access to its websites for two days, the Downtown-based bank's CEO said on Thursday. "We had 38 straight hours of attacks on our systems, and we had the

PNC official: Iran conducted cyberattack on bank (Washington Times) A senior U.S. banking executive said Thursday that Iran was behind an ongoing series of massive cyberattacks that have targeted nine major U.S. banks in recent weeks by slowing or interrupting access to their websites. Now theyre talking about they sourced it from Iran, James Rohr, chief executive of PNC Financial Services Group, told CNBC. It was not clear to whom exactly he was referring.

Citadel Trojan Updates with Dynamic Config Mechanism that Streamlines Fraud Activity (Threatpost) Citadel TrojanThe elusive authors of the Citadel Trojan have released a new version of their banking botnet malware and service. The latest version, the sixth since it debuted in January and dubbed Rain, includes a dynamic configuration mechanism that allows botmasters to inject malicious content to compromised browsers on the fly. This real-time interaction with bots avoids the need to send an updated configuration file to the entire botnet and lessens the risk of detection

7 IPv6 Security Risks (eSecurity Planet) Not many people consider security risks associated with IPv6, the newest version of the Internet Protocol. But maybe they should. The rise of IPv6 could give you some severe security headaches -- even if you have no current plans to implement the new networking protocol. That was the stark warning issued by Eric Vyncke, a security

National Weather Service website hacked by Kosova Hacker's Security (Sophos) Hackers have breached servers belonging to the US National Weather Service by exploiting a vulnerability in the weather. gov website, releasing sensitive data from the government systems

Warning: Here are three emails you don't want to see in your inbox (Naked Security) Spammers are disguising their emails to pretend to come from YouTube, Google and LinkedIn

Illegal content on YouTube? Beware spammed-out malware attack (Naked Security) Internet users are being warned about a malware attack that has been spammed out widely, posing as a communication from YouTube about copyrighted video content

"I'm getting paid!" - Websites hosted on WordPress hacked due to users' poor password security (Naked Security) Millions of blogs hosted on WordPress.com can breathe a sigh of relief - although a hacker did manage to break into thousands of sites and publish a make-money-fast advert, it wasn't because of any vulnerability on the WordPress.com site

Beware dodgy computer repair work - your data is at risk along with your wallet (Naked Security) Passing off old as new is dishonest in any industry - but it's more dangerous in some than in others. Hard disks may not wear out like chainsaw blades or cam belts - it's not what they may have lost in their life so far, but in what they have gained: other people's data

Requesting Sensitive Data Via Google Docs: Phishing Really is That Easy (Threatpost) Please leave your credit card number, its expiration date and security code, along with your full name and billing address in the comments section of this blog post. You're obviously not going to do this. You know better, I know better, but there are those who don't. So many, in fact, that scammers are not only comfortable with and willing to invest in scams no more or less complicated, but they are also confident that the scams will succeed

Phishing attacks increasingly target brands (Help Net Security) The number of brands targeted by phishing attacks sustained an all-time high of 428 in April of this year, the second record-breaking quarter for cybercrime brand abuse reported by the APWG this year

Saudi Insider Likely Key to Aramco Cyber-Attack (Inter Press Service) Last weekend's disclosure that Iranian cyber warriors had disabled some 30,000 computers owned by the Saudi oil giant Aramco is attracting considerable attention here, particularly in light of a warning last week by

Demo of "serious" networking vulnerabilities cancelled at HP's request (Ars Technica) Saturday's Toorcon talk was to discuss risks posed by gear from H3C and Huawei

Canadian energy sector rife with Chinese cyberespionage: reports (ipolitics) Canadian energy firms have been victims in a global wave of cyber attacks originating in China in recent years. Just last month, security experts revealed Telvent Inc., a Calgary-based IT provider specializing in electrical grids, and another unnamed Canadian energy firm were hacked by malware designed to steal information. Meanwhile, reports by the worlds leading cybersecurity groups claim that attacks against energy infrastructure are increasing, a worrying trend for an industry that depends on massive online networks to coordinate everything from fossil fuel drilling to power distribution

Most believe free Wi-Fi can lead to identity theft (Help Net Security) A new study by the Identity Theft Resource Center (ITRC) and PRIVATE WiFi, revealed that 79% of respondents believe that using a free Wi-Fi connection can lead to identity theft

Security Patches, Mitigations, and Software Updates

Apple Patches Java Flaws (Threatpost) Apple JavaApple has released a patch that fixes a laundry list of vulnerabilities in Java after Oracle pushed out a fix for the technology for users of Windows and other platforms. The patch from Apple also completely disables the Java plugin in users' browsers in order to prevent users from falling victim to new attacks on the oft-vulnerable application

Adobe Updates Sandbox in Reader, Acrobat XI (PC Magazine) Adobe added a number of new security features into Reader and Acrobat XI, such as support for elliptic curve cryptography and PDF whitelisting, as well as beefing up the sandbox. Protected Mode in Reader XI now has data theft prevention capabilities

Cyber Trends

Enterprise IT supply chains will be compromised (Net-Security) Enterprise IT supply chains will be targeted and compromised, forcing changes in the structure of the IT marketplace and how IT will be managed moving forward, according to Gartner. By 2017, IT supply chain integrity will be identified as a top three security-related concern by Global 2000 IT leaders. Supply chain integrity is the process of managing an organization's internal capabilities, as well as its partners and suppliers, to ensure all elements of an integrated solution are of high assurance

Nationwide Cyber Security Review reveals low awareness of risks by state and local governments (Fierce Government IT) A 2011 survey of state and local government cybersecurity practices by the Homeland Security Department finds that a majority have adopted some control framework or methodology, but that overall there exists a low awareness of the full risks

FDF - Federal Department of Finance [Switzerland]: Attacks on SMEs in the spotlight - the 15th MELANI semi-annual report (4-Traders) The Reporting and Analysis Centre for Information Assurance (MELANI) published today its report for the first half of 2012. The main topics covered include the multiplication of data theft incidents affecting SMEs, the hampering of client communication by phishing attacks, the cyber conflict during the Arab Spring and the plans for cooperation on information security at national and international level

Cybersecurity business, jobs expected to grow through 2016 (Baltimore Sun) And spending by intelligence agencies, which is often obscured and difficult to forecast precisely, is expected to climb from $2.3 billion last year, to $3.6 billion in 2016, he said. Part of what's fueling the increases: Government officials are

Advances Create Vulnerabilities, US Cybercom Commander Says (defpro) The U.S. lead in cyber technology innovation has created both advances and vulnerabilities, the commander of U.S. Cyber Command said here Wednesday night. Army Gen. Keith B. Alexander, who also is director

The New Cyber Wars: Out of the Flame and Into the Fire (Huffington Post) Unfortunately, we're no longer talking solely about lone cyber-terrorists, hacktivist groups, or even rogue states such as Iran. Chinese hackers were likely behind the large-scale cyber-strike on Google in 2010, as well as similar attacks on Northrop

CipherCloud Survey Shows Data Security, Privacy, And Other Concerns Delaying or Stopping Cloud Implementations at 66% of Organizations Polled (Dark Reading) Worries over data leakage topped the list with 52 percent of respondents

Cloud Computing? Studies Say It's a Gifted, High-Energy Kid (Midsize Insider) Or so says a recent survey by the Cloud Security Alliance (CSA) and IT certification group ISACA, as reported by Forbes. The 252 cloud users surveyed said that "platform and infrastructure service offerings are still in the infancy stage of maturity

Marketplace

Cyber-Security Stocks Slide -- Are They Now a 'Buy'? (TheStreet.com) …Shares of the cyber-security firms took a nosedive on Wednesday amid concerns about business spending

After slide, cyber security stocks look attractive (MSN Money) Fortinet and Check Point Software slide on disappointing results…Shares of the cyber security firms took a nosedive on Wednesday amid concerns about

Google shares dive after early release of poor earnings (IT World) Google surprised Wall Street today by prematurely releasing a lackluster earnings report hours ahead of schedule, the company's stock dove more than 9% before trading was suspended

Google's Woes Show Mobile Isn't Just a Facebook Problem (Wired Business) Android has helped craft Google's image as a master of mobile. But there's a problem: Mobile doesn't pay. At least not as much

Yahoo To Pull Out Of Korean Search By The End Of The Year, Its First Asian Market Exit (TechCrunch) Yahoo has announced plans to close its Korean business by the end of the year. In a statement the company described the move as part of ongoing efforts to streamline operations and realign its global business. The company hired a new CEO — former Googler Marissa Mayer — in July, replacing interm CEO Ross Levinsohn. Reuters notes that South Korea is the first Asian market Yahoo is leaving

Task force to DHS: Keep mission-critical jobs in house (Federal Times) You can see that at NSA [the National Security Agency] all the time, you can see that in the military all the time. It just wasn't true at DHS because the cool jobs were contracted out

Report Recommends Stronger Hiring, Development Practices for DHS Cyber (Security Management) The task force, called the Homeland Security Advisory Council Task Force on CyberSkills, was co-led by Alan Paller, director of research at the SANS Institute, a cyber security training organization; it was also led by Jeff Moss, founder of the well

Britain seeking 'Xbox generation' spies (ABC Online) Britain has launched a new spy recruitment drive aimed at "Xbox generation" youngsters without a university education but with social media and computer game skills to counter the threat of cyber attack. British foreign secretary William Hague launched

Inside Intel, part 2: The future IT security workforce (CSO) What will the information security department of the future look like? The future workforce will look somewhat different than the current workforce, according to Alan Ross, senior principal engineer at Intel. IT security functions will likely change because computing itself is changing so much--and Intel is at work preparing for the new security landscape

IRS challenged by logical access with HSPD-12 cards (Fierce Government IT) Efforts at the Internal Revenue Service to use the mandatory governmentwide identity cards required by Homeland Security Presidential Directive-12 for logical access threaten to run into more delays, says the Treasury Inspector General for Tax Administration

Weak cybersecurity at EPA, say auditors (Fierce Government IT) The Environmental Protection Agency office of inspector general faults the agency for weak network security practices

Army [knowledge management] systems disparate, say officials (Fierce Government IT) Knowledge management efforts have been embedded within the Army for years, but there is very little uniformity or interaction across the service, said Army officials Oct. 17 while speaking on a panel at KMWorld in Washington, D.C. "Inconsistency is the consistency," said Jim Bradley, deputy chief knowledge officer at Army training and doctrine command

SAIC Wins $152M to Help Run Army AMCOM Enterprise IT (Govconwire) Science Applications International Corp. (NYSE: SAI) has won a $152 million task order from the U.S. Army to provide information technology support services to the Aviation and Missile Life Cycle Management Command. According to a company release, this order runs for 37 months and was awarded through the Information Technology Enterprise Solutions-2 contract vehicle

Booz Allen Reports $295M in Wins on $873M NGA Tech Services IDIQ (InformationWeek) Booz Allen Hamilton (NYSE: BAH) has won $295 million in prime awards from the National Geospatial-Intelligence Agency since May under a potential $873 million contract for enterprise support and technical services. The company said Thursday NGA awarded the Enterprise Support to Management and Resources for Technical Services contract in May, through which it will acquire

Huawei, ZTE: 4 Security Fears (InformationWeek) Trojan equipment? Spy tool? Sloppy code? The information security debate rages on over these Chinese telecom equipment makers

Crowdstrike Puts APT Attackers On Notice (InformationWeek) Much-watched startup takes an offensive, not defensive, approach to enterprise security. Learn more in this video from Valley View

Nokia Reports Loss, Desperately Needs Hit Smartphone (InformationWeek) Nokia's disastrous third quarter highlights just how badly the company needs Windows Phone 8 and the Lumia 920 to reach the market ASAP

Products, Services, and Solutions

Windows 8 has a great story. Can Microsoft tell it? (IT World) Its two OSs in one, and a bridge between two worlds

Canonical's Mark Shuttleworth Tires Of Critics, Moves Key Ubuntu Developments Out Of Public Eye (TechCrunch) Canonical CEO Mark Shuttleworth says parts of Ubuntu 13.04 will be kept a secret, out of the public eye until its unveiling. The move, which he writes about on his blog, will sure to create a firestorm in the Ubuntu community

Mozilla Opens Its Firefox For Android Marketplace To Developers And Early Adopters (TechCrunch) Mozilla just launched the latest Aurora version of Firefox for Android and with this, the organization is also opening the Firefox Marketplace to early adopters and testers. The Firefox Marketplace is similar to the Google's Web Store for Chrome. Users can browse the store to find mobile web apps and developers can showcase their web apps. These apps run in full-screen mode and can also be pinned

FCC unveils updated online cyber tool for small businesses (The Hill) Nearly 10,000 businesses have used the tool since Genachowski first introduced it last year, according to the FCC. The agency partnered with Symantec, eBay, Visa, the Department of Homeland Security and others on updating the online cybersecurity tool.

Facebook seeks to improve its security image (Infosecurity Magazine) This, however, may well explain the latest announcements from Kaspersky Lab and Panda Security. Yesterday Kaspersky announced a new "partnership with

Seculert Brings Big Data Analytics to Forefront of Malware Detection (Dark Reading) Seculert Sense identifies advanced persistent threats and unknown malware

Check Point unveils security appliance with 110GB/s throughput (Help Net Security) Check Point launched its new 21600 Appliance that provides throughput of up to 110 Gbps, a 30 percent boost in SecurityPower units (SPUs) and ultra-low latency for transaction-oriented environments

ModSecurity 2.7.0 released (Help Net Security) ModSecurity makes full HTTP transaction logging possible, allowing complete requests and responses to be logged. Its logging facilities also allow fine-grained decisions to be made about exactly what

Windows 8 Administration Pocket Consultant (Help Net Security) Portable and precise, this pocket-sized guide delivers ready answers for administering computers running Windows 8. Zero in on core operations and daily tasks using quick-reference tables, instruction

Dell unveils new enterprise vision (Help Net Security) Dell announced plans to help businesses globally adopt modern, standards-based data center technologies that enable them to realize repeatable results and superior value at every scale

IBM releases ten integrated security solutions (Help Net Security) IBM announced a broad set of security software to help holistically secure data and identities. IBM's new software capabilities help clients better maintain security control over mobile devices

SAIC, McAfee Team on Updated Cyber Firewall Platform (The New New Internet) A Science Applications International Corp. subsidiary and McAfee have combined two of their cyber platforms to create an updated network firewall, SAIC announced Wednesday. SAIC said CloudShield will run McAfee's Firewall Enterprise, used by government and defense agencies worldwide, on the CloudShield CS-4000 cyber platform

Windows 8 PC Makers Face Touch Trouble (InformationWeek) Touch has a big role in Microsoft's marketing blitz for Windows 8. But many Ultrabooks set to go on sale this fall aren't touch-enabled

Antivirus evaluation puts Kaspersky and Symantec on top (CSO) Dennis Technology Labs released the results of its latest round of antivirus tests seeking to determine the effectiveness of several commercial anti-malware products, with Kaspersky and Symantec coming out on top. Dennis Technology Labs ran three basic sets of A/V tests -- one each for enterprise, small business and consumer home office -- looking at the relative strength of several different types of products to protect against threats and block malicious sites. Here's a quick rundown of the results for each of the three tests

Technologies, Techniques, and Standards

Comparative anti-malware tests: the RIGHT way to do them (Naked Security) The latest anti-malware tests performed by Dennis Technology Labs show that comparative testing can actually be a strong indicator of how well today's security offerings can protect a user

Cyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide (Internet Storm Center) Many vendors have security hardening guides - step-by-step guides to increasing the security posture of one product or another. We alluded to the Cisco guides earlier this month (Day 11), Microsoft also makes a decent set of hardening guides for Windows server and workstation products, as do most Linux distros - you'll find that most vendors have documents of this type

Fighting Hackers: Everything Youve Been Told About Passwords Is Wrong (Wired) Security is not just about strong encryption, good anti-virus software, or techniques like two-factor authentication. Its also about the fuzzy things involving people. Thats where the security game is often won or lost

Reverse-Engineering Twitter To Solve An Advertising Mystery (Fast Company) Recently I opened the Twitter app on my Mac and noticed something very strange: It was omitting promoted tweets from my timeline. In the side-by-side comparisons below, notice the "howaboutwe.com" promoted tweet from Twitter.com on the right is missing

Tips for protecting your privacy (Help Net Security) Every month more than 5,000 people take to Twitter to complain about how their mobile device has been snooped on or their visual privacy invaded. Who can't resist eavesdropping on a conversation

Academia

High school students talk Facebook, cybersecurity at Lockheed Martin (Gazette.Net: Maryland Community News Online) The company wants to make the Department of Homeland Security's cyber safety motto, "Stop, Think, Connect," as well known as fire-prevention mascot Smokey the Bear

Northrop Expanding Cyber Centers in Australia; Kathy Warden Comments (ExecutiveBiz) Northrop Grumman has won a contract to build a cyber testing range at an Australian military academy campus based in the country's capital, the company announced Wednesday. The University of New South Wales' Canberra campus

Legislation, Policy, and Regulation

Preparing Pakistan for a cyber war (Dawn) If there is anybody who can be considered a real-life Frankenstein, it is probably Berners-Lee, the inventor of the World Wide Web. Much like the monster created by the protagonist in the Mary Shelley classic, the internet has become an uncontrollable creature with its ever-expanding claws that keep on seducing everyone into its control

On Cybersecurity, India Begins to Embrace the Private Sector (Council on Foreign Relations ) This turned out to be a glass film that has been certified to prevent eavesdropping even by the U.S. National Security Agency and apparently adorns the windows of the White House. One can safely expect many more companies and fly-by-night operators to

Armed forces to pitch for three new commands before PM (New York Daily News) India's armed forces will Friday make a joint pitch before Prime Minister Manmohan Singh and members of the cabinet committee on security (CCS) on setting up three new commands to meet the threats to space assets and cyber infrastructure and for controlling commando operations

Oz banks baulk at data breach notification laws (Finextra) The Australian Bankers' Association has hit out at government proposals floating the introduction of mandatory data breach notification laws, claiming that they would cause "unnecessary alarm". Attorney-General Nicola Roxon has published a discussion paper on how to bolster privacy protections for Australians' personal information in digital databases. Roxon is seeking public input on the issue, asking whether mandatory data breach notification laws should be introduced; what sort of breaches and organisations they should cover; and what should be reported and how quickly

Intelligence Summit held in Albany (EmpireStateNews.net) The Summit was held in conjunction with the New York State Intelligence Center, in partnership with the NYS Division of Homeland Security and Emergency Services. The Summit welcomed the US Department of Homeland Security Principal Deputy

Intelligence sharing discussed at Nevada Homeland Security meeting (Carson Now) The Commission directed the Finance Committee to rehear, for consideration, three Department of Homeland Security (DHS) grant requests that were denied at the October 3, 2012 meeting. An update on the State Homeland Security Strategy (SHSS) was

Attack highlights security needs (Tribune-Review) His center works with local leaders on emergency response plans to cope with cyber-attacks and critical communications outages. The Department of Homeland Security, billed as a lead organization in national cybersecurity, simply "does not have the

Kaspersky CEO: Escalation of cyber-warfare requires international cooperation (AME Info) Kaspersky Lab also released their third quarter spam report for the GCC at this week's Gitex Technology Week. The results show Saudi Arabia to be the top source of spam in the region, with the UAE ranked second. All the GCC countries combined account

On battlefields of the future, need grows for legal clarity (The National) Having opened a can of worms with drone warfare and another with cyber-war, the US now must worry about other countries following, and also about legal issues

Capitol Hill Rhetoric Takes Aim at Wrong Cybersecurity Targets (Threatpost) Defense secretary Leon Panetta couldn't resist, could he? He couldn't fight the urge to dig deep into the information security cliche handbook and yank out that old chestnut about a Cyber Pearl Harbor

Litigation, Investigation, and Law Enforcement

French Law Endangers Google's 'Very Existence', Threatens Country-Wide News Boycott (TechCrunch) What happens if Google boycotts an entire country's news content? We might get to witness such a trade war if Google excludes French news from its search results because of a proposed law that requires search engines to pay for displaying snippets of content. Google believes the law "would threaten its very existence." France complains that Google is raking in advertising revenue

Kill the bots: FTC puts a bounty on the heads of robo-telemarketers (Ars Technica) FTC has offered $50,000 for a technical cure to the robocall plague

The White House Denies Ordering a Secret Report Clearing Huawei of Espionage (The Atlantic Wire) Cue the conspiracy theories: an 18-month, Reuters says it got its hands on "a White House-ordered review of security risks posed by suppliers to U.S. telecommunications companies" that cleared Chinese telecom giant Huawei of allegations of actively spying on the U.S. government. But we're not quite sure what to make of the report, since the White House has denied ordering the report in the first place. "The White House has not conducted any classified inquiry that resulted in clearing any telecom equipment supplier," White House National Security Council spokeswoman Caitlin Hayden told Reuters

Suspected Android SMS malware author arrested in France (Sophos) French police have arrested a 20-year-old man in Northern France, in connection with an attack that infected thousands of Android smartphones with money-making malware. According to the authorities, the man worked out of his parents basement in the city of Amiens, creating fake apps that pretended to be legitimate applications. The man's apps are said to have sent SMS text messages without the user's approval, allowing him to earn mobile payments

Embarrassment for RCMP as they arrest one of their own for alleged cyber attacks (National Post) The RCMP has arrested one of its own computer technicians over a series of alleged cyber attacks that targeted the website of the Quebec government six months ago as students were protesting tuition hikes. Janvier Doyon-Tremblay, 28, was working on

Megaupload Is Dead. Long Live Mega! (Wired Threat Level) Megaupload's takedown by the U.S. government spurs Kim DotCom to build a filesharing replacement that relies on encryption so owners can't be blamed for knowing that copyright infringing files are on company servers. That, DotCom thinks, will probably keep the

Inside the Mansion—and Mind— of Kim Dotcom, the Most Wanted Man on the Net (Wired Threat Level) Please Choose One of the Following Statements: A. Kim Dotcom is not a pirate. He's a hero. The savior of my online liberties. A visionary digital entrepreneur. His company Megaupload was a legitimate data-storage business used by hundreds of millions

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

Anatomy of an Attack (New York, New York, Nov 15, 2012) Join Sophos security experts in exploring how threats like malware, Trojans, worms and spyware actually work and what you can do to protect your company, even if you're on a tight budget.

ZeroNights (Moscow, Russia, Nov 19 - 20, 2012) ZeroNights is an international conference dedicated to the technical side of information security. The mission of the conference is to disseminate information about new attack methods, threats and defense tools. Another purpose is to create a communication venue for skilled professionals in the field of information security.

Passwords^12 (, Jan 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO FreeBSD, inventor of scrypt), Simon Marechal (John the Ripper co-developer), Frank Stajano (Cambridge) and many more, this will be the premier event for everything and anything related to password security. Passwords^12 is the first and only conference of its kind, bringing together academic institutions, researchers and security professionals from around the world. It's a not-for-profit and non-commercial conference. No sales personnel, no marketing managers and deep technical talks.

BayThreat (Sunnyvale, California, Dec 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.

25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.