The CyberWire Daily Briefing for 10.26.2012
The Voice of America confirms analyst reports that the Aramco attack was the work of amateurs sponsored by Iran. The US Deputy Assistant Secretary of Defense for Cyber Policy says details of the attack were declassified to educate industry on the magnitude of the cyber threat. The ongoing DDoS campaign by the Cyber Fighters of Izz ad-din Al Qassam (also apparently the work of state-directed hacktivists) holds lessons for small and medium businesses; banks in particular are advised to improve security. Elsewhere in the Middle East, Israeli police disconnect their systems from civilian networks in response to intelligence of an imminent malware attack.
AVG releases a report on new ways cybercriminals monetize exploits, and the Russian cyber gangster who organized this month's banking wire fraud campaign posts a video boasting of his untouchability.
Researchers at Stanford and the University of Texas find SSL vulnerabilities in non-browser packages. Delta's e-ticketing is exploited to deliver malware. Dark Reading wonders why small and medium businesses still run Telnet (and advises them to stop). Finfisher and Loofzon, originally developed for legitimate intercept purposes, continue to morph into malware.
Adobe Shockwave and CyanogenMod are patched. SAP's Sybase also gets a patch, but this one fails to close ten critical vulnerabilities.
Signature-based anti-virus products show disappointing results. Canadian policymakers continue to grapple with critical infrastructure vulnerabilities. The US and India continue to negotiate common cyber interests. Some industry observers find US Congressional suspicion of Huawei quixotic; others implicate the telecom company in tech transfer to Iran.
Today's issue includes events affecting Algeria, Armenia, Australia, Azerbaijan, Canada, China, Czech Republic, Egypt, France, Germany, India, Israel, Iran, Kenya, Morocco, Nigeria, Norway, Russia, Saudi Arabia, Slovakia, South Africa, Spain, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Saudi Cyber Attack Seen as Work of Amateur Hackers Backed by Iran (Voice of America) Digital security experts say a major August cyber-attack at Saudi Arabia's top oil company appears to be the work of amateur hackers working on behalf of a nation state, and several signs point to Iran as their sponsor. The experts say
Code in Aramco Cyber Attack Indicates Lone Perpetrator (Bloomberg) Roel Schouwenberg, who examined the viruses independently, says the Wiper virus may have inspired the Aramco technique, but the two don't use the same code. Schouwenberg is senior researcher for Woburn, Massachusetts-based Kaspersky Lab Inc
Aramco cyber attack intel declassified to show threat to private industry (Government Security News) U.S. intelligence on the devastating malware attack that crippled the Saudi Arabian oil company Aramco's computers last August was declassified to illustrate the looming threat of cyber assault to private industry, said a Department of Defense official
SMB Lessons From DDoS Cyber Attack Wave (Midsize Insider) The U.S. Department of Homeland Security suggested that companies should pool together resources to counter recent cyber attacks on American banks. A recent Computerworld article reported on the comments made by deputy undersecretary for
Banks told to step up security over DDoS attacks (Finextra) With more than a dozen major bank Web sites targeted in DDoS attacks over the last month, financial institutions need to take steps to ensure they don't become the latest victims, warns the US Financial Services Roundtable's technology unit, Bits. Bank of America, HSBC and Wells Fargo have been among the organisations to see their online services disrupted in recent weeks, with sites overwhelmed by floods of traffic. A group calling itself the Cyber Fighters of Izz ad-din Al Qassam has claimed credit for the attacks, which it says are in retaliation for the release of a film mocking the prophet Mohammed
Police computers disconnected from network for fear of cyber attack (YNet) Officers ordered to refrain from using media devices, disconnect their computers from civilian network following virus warning. Official: It happens all the time. In light of an intelligence warning indicating that a virus would be inserted into Israel Police's central computer system via a USB drive or CD, all districts and officers were instructed on Thursday to disconnect their computers from the civilian web network
New cybercrime monetization methods (Help Net Security) AVG's new report investigates a number of malicious software developments including the newly launched 2.0 version of the Blackhole Exploit Toolkit, the evolution in malware targeting mobile banking
Brazen gangsters show how cybercrime pays (Washington Times) A Russian cybergangster who openly tried to recruit a hacker army for an online crime spree against U.S. banks and their customers posted a Web video of himself showing off luxury cars, a newly built suburban home and other ill-gotten gains, all the while boasting that he is untouchable
SSL Vulnerabilities Found in Critical Non-Browser Software Packages (Threatpost) The death knell for SSL is getting louder. Researchers at the University of Texas at Austin and Stanford University have discovered that poorly designed APIs used in SSL implementations are to blame for vulnerabilities in many critical non-browser software packages
Delta-themed spam run delivers deficient malware (Net Security) Delta Airlines customers are targeted in the latest malicious spam campaign to hit email inboxes:The email claims that the ticked for the flight booked by the recipient is attached to the email, and that it should be downloaded and printed out. But the attached Delta_A_Ticket_Print_Document_3477. zip is actually a variant of the infamous Bredolab Trojan, whose main goal is to download more malware on to the compromised computer, and this particular variant is currently detected by only 3 of the 43 AV solutions used by VirusTotal
Bogus MS 'Windows license delivery' email leads to malware (Help Net Security) A fake Microsoft email is doing rounds, tempting users to follow the offered link that "delivers" a license for the Windows OS: Experienced users will probably have a quick glance at the stark
Anonymous hacks police forum, sends emails to police officers (Help Net Security) Anonymous is mostly known for their real-life and online protests, DDoS attacks, and shaming of businesses and government organizations by publicly releasing confidential data stolen from their server
Survey: 38% Of SMB professionals Must Run Telnet (Dark Reading) Respondents were asked how their companies handled five insecure network configurations
WikiLeaks Says Releases Hacked U.S. Detainee Rules (Reuters) The WikiLeaks website began publishing on Thursday what it said were more than 100 U.S. Defense Department files detailing military detention policies in camps in Iraq and at Guantanamo Bay in the years after the September 11 attacks on U.S. targets
The Cloud under Threat; the Top Three Enemies (UCStrategies) John Howie, COO of the Cloud Security Alliance, pointed out that "when you are running in the cloud and you are shifting your data and applications to a cloud provider, you have no visibility over risk within their infrastructure. You can't cite"
Phishing websites proliferate at record speed (Help Net Security) A new phishing survey released by the Anti-Phishing Working Group (APWG) reveals that while the uptime of phishing websites dropped during the first half of 2012, cybercriminals were driving substantial increases in the numbers of phishing websites they established to steal from consumers.
Cybercrime: Mobile Changes Everything — And No One's Safe (Wired Treat Level) The FBI recently put out a mobile malware alert warning against Finfisher and Loofzon, which spies on our data and leaks GPS positions to track our movements. While these threats appear to have been developed for government surveillance purposes, they
Why mobile malware is big in China and Russia (Net Security) According to Lookout's State of Mobile Security Report 2012, Toll Fraud malware has become the most prevalent type of malware within the past year due to the global ubiquity as a phone payment mechanism. Mobile malware has become a profitable industry but, naturally, there are places on this globe of ours where it's more profitable than in others - namely China, Russia and Iran. There are several reasons behind the malware writers' obvious preference for these countries
Armenia has high risk of cyber threats--Kaspersky Lab (Information-Analytic Agency NEWS.am) Sixty percent of Russian users were attacked by malicious programs, says the report on 22 countries issued by Kaspersky Lab jointly with B2B International. Every second a malicious program appears, Kaspersky Lab expert Denis Maslennikov said
Security Patches, Mitigations, and Software Updates
Six critical vulnerabilities in Adobe Shockwave patched (Naked Security) If your Windows or Mac computer uses the Adobe Shockwave Player, it's time to update your systems
CyanogenMod Fixes Flaw That Logged Users Unlock Codes (Threatpost) CyanogenMod, a popular open source firmware replacement for Android phones, has patched a hole in its code that was locally logging swipe gestures used to unlock phones. The problem, which stemmed from a line of code that was never intended for release, was fixed in an update posted for download on the firmware's review site earlier this week
SAP's Sybase RDMS Patches Fail to Repair 10 Critical Vulnerabilities (Threatpost) Patches released this week by database and mobile management vendor Sybase did not completely repair serious privilege escalation and remote code execution vulnerabilities in versions 15.0.3 and later of its Adaptive Server Enterprise (ASE) product. Researchers at Application Security Inc., which specializes in database security, reported a dozen vulnerabilities to the SAP company in July. AppSec also sent along proof-of-concept exploit code with details of the vulnerabilities
When Data Errors Don't Matter (Dark Reading) I ran across this short video comparing MySQL to MongoDB, and it really made me laugh. A tormented MySQL engineer is arguing platform choices with a Web programming newbie who only understands big data at a buzzword level. Do be careful if you watch the video with the sound on because the latter portion is not child-friendly, but this comical post captures the essence of the argument relational DB architects have against NoSQL: Big data systems fail system architects' criteria for data accuracy and consistency. Their reasoning is if the data's not accurate, who care's whether it's "Web scale?" It's garbage in, garbage out, so why bother? But I think the question deserves more attention. In fact, I ask the question: Does some bad data in a big data cluster matter? I think that the answer is, "No, it does not"
Cyber security landscape in Africa (SecurityAffairs) Let me present you a very interesting study on cyber security landscape in Africa, conducted by IDG Connect, division of International Data Group (IDG), to which I gave my humble contribution. According the Economist data related to the first decade of this millennium shows that six of the worlds fastest growing economies were in sub-Saharan Africa. The entire African continent is profoundly changing pushed by a rapid adoption of new technologies, according HSBC within 2050 different African countries will be part of top 50 world economies, lets think to Egypt, Nigeria, Kenya and South Africa
The Challenge of Protecting Critical Infrastructure against Cyber-Attacks (ISN) There has been a lot of discussion recently on the possible consequences of a sophisticated cyber-attack on critical infrastructure. In response, it has been suggested that this discussion – much of which is not based on real intelligence about
Strata/Hadoop World speakers set high expectations for big data (Fierce Big Data) After two days at the Strata Conference & Hadoop World all I can say is, Whew! Big data sure has some high expectations to meet
Antivirus Tool Fail: Blocking Success Varies By 58 percent (InformationWeek) Only two of 13 endpoint security software scanners blocked more than 80% of known exploits, NSS Labs study reports
Cash-Strapped States Under Siege (Dark Reading) New survey of state government agency CISOs finds cost of data breaches range from $1 million to $5 million in some states
Cyber security efforts won't necessarily fall victim to budget cuts, says intel official (GSN) Even though the axe stands ready to fall on the defense budget in the coming months, it wont necessarily sever cyber security efforts underway in some intelligence operations, said a top government official. In remarks at the SINET D.C. Showcase in Washington on Oct. 25, Stephanie OSullivan, principal deputy director of national intelligence at the Office of the Director of National Intelligence (ODNI) said that although the threat from deep budget cuts in the new year are another game-changer for U.S. intelligence and cyber security, her agency remains committed to maintaining and advancing some core capabilities and research
At DoD, A Big Step Toward Apple And Android (FederalTimes.com) The Defense Department has taken a major step to expand a mobile strategy that could topple the BlackBerry as its dominant mobile device
5 Goals to Improve Infosec Skills at DHS (GovInfoSecurity) Top Department of Homeland Security officials, including Secretary Janet Napolitano and Deputy Undersecretary Mark Weatherford, over the past few days have been emphasizing the need for the department to increase its IT security workforce and skills
BYOD, cloud security concerns make military and intelligence agencies hesitate (Techworld.com) In a panel discussion Tuesday at a government IT conference, Debora Plunkett, information assurance director at the National Security Agency, joked that she would break out into hives at the mere mention of the term "BYOD." But just as private-sector
DOD Official Encourages Private-sector Technology Innovation (Department of Defense) Much progress, he said, is now housed in the private sector, prompting the Defense Department, the services and agencies such as Defense Information Systems Agency, Defense Advanced Research Projects Agency and National Security Agency to create
SAIC to Help DHSS Add New Info For Blue Button (Govconwire) Science Applications International Corp. (NYSE: SAI) will work with the Defense Health Services System to add new types of medical information in the Blue Button system, the company announced Wednesday. The company won a potential $11 million contract, which includes a six-month base period, two option years and a three-month transition period
Blue Button won't spontaneously get better, government concedes (Fierce Government IT) Perhaps realizing that the private sector may not spontaneously improve Blue Button downloadable medical record design, the Office of the National Coordinator for Health Information Technology within the Health and Human Services Department is mounting a $51,000 (total) challenge for people to stop making it "look and feel like a receipt." A downloadable Blue Button record can be "unwieldy because of the lack of presentation and hierarchy," ONC notes, stating in an Oct. 22 Federal Register notice that it will judge submissions in four categories. First prize for best overall design will get $16,000
VA data exchange practices lack security (Fierce Government IT) Veterans Affairs Department medical centers are not effectively or securely sharing data with research and university facilities, according to an Oct. 23 VA office of inspector general report. "VA's data governance approach has been ineffective to ensure that research data exchanged are adequately controlled and protected throughout the data life cycle," write report authors
Huawei Proposes Security Test Center (InformationWeek) In a bid to address regulators' security fears, Chinese telecom company Huawei wants to establish a cyber security test center in Australia
Smartronix $2.5B GSA Email Team Includes Terremark (Govconwire) Smartronix's team to provide government agencies cloud computing-based email services under a $2.5 billion General Services Administration blanket purchase agreement includes Terremark and Verizon. Smartronix said in a release the team also includes two other companies certified to provide agencies with Microsoft products, as Microsoft technology will be a central offering from the team
PV Puvvada Comments on Unisys $2.5B GSA Cloud Email BPA Position (GovConExecutive) Unisys holds a position on a potential $2.5 billion General Services Administration blanket purchase agreement to provide cloud computing email services to government agencies
AT&T Receives GSA Approval to Provide Agencies Cloud Storage Services (The New New Internet) AT&T's government solutions business has received authorization from the General Services Administration to offer cloud computing-based storage services to federal agencies, the company announced Thursday
Products, Services, and Solutions
General Dynamics TNE Cyber Security Capability Approved for Classified Government Networks using Red Hat Linux Enterprise Platform (Sacramento Bee) Trusted Network Environment (TNE) version 11 allows users to view and share classified information across security boundaries
Microsoft releases Windows 8 (Help Net Security) Microsoft today announced the global availability of Windows 8. Beginning Friday, Oct. 26, consumers and businesses worldwide will be able to experience all that Windows 8 has to offer
Looking Forward to Windows 8--A Look Back at Windows Security (Abhishek Singh) Let's dive into the analysis of one zero-day CVE-2011-0654 which was reported on February 14, 2011, for Windows 7 and 2008 servers to understand the factor that seems to have been missed to ensure the safety of Windows
Panda Security Achieves Certification for Windows 8 Compatibility (MarketWatch) Panda Security, The Cloud Security Company, today announced that both its consumer and corporate
Steganos Privacy Suite 14 released (Help Net Security) The newly released Steganos Privacy Suite 14 is designed for individuals who want privacy protection for their data and Internet activities – including on their smartphones and USB sticks
AlienVault Launches Threat Intelligence Resource Center & iOS Mobile Apps (Dark Reading) AlienVault Open Minds Exchange provides, tools, and insights from the AlienVault security experts and community
App's Humor Engine Learns What Makes You Laugh (Wired Business) Whether videos of someone falling on their face or political cartoons get you rolling on the floor laughing, there is plenty of humor on the internet to go around. Tired of digging through all the sites and video
Technologies, Techniques, and Standards
How Does Mobility Change IT Risk Management? (Dark Reading) Understanding the mobile issues that will measurably affect risk posture
Cyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire (Internet Storm Center) In previous Diary's niche layer 2 protocols for different network areas have been covered. In keeping with that theme, this diary will cover three in particular. Two that are widely deployed (and may already be in your network) protocols and discuss one emerging protocol. Ethernet truly is everywhere and most everything is converging, if not already, to an Ethernet transport model
Competency database helps retention, says TIGTA (Fierce Government IT) Information technology managers who say their familiarity with workers' skills negates the need for a competency database overlook the need for an enterprisewide view of skills at hand and make it harder to plan training. That, in turn, makes employee retention a challenge, says the Treasury Inspector General for Tax Administration in an Sept. 21 report released earlier this month
Legislation, Policy, and Regulation
Feds Reject Legalizing DVD Cracking, Game Console Modding (Wired Threat Level) Copyright regulators are rejecting proposals to make it lawful to jailbreak videogame consoles and to copy DVDs for personal use
Its time to get serious about cyber security (National Post) Last week, the Canadian government announced that it would invest $155-million in cyber security over the next five years. The announcement was clearly designed to pre-empt a damning report by federal Auditor-General Michael Ferguson, released on Tuesday. But the sad fact is that $155-million wont even begin to fix the damage caused by years of government inaction
Protecting Canadian Critical Infrastructure Against Cyber Threats (OAG) Critical infrastructure consists of physical and information technology assets, such as the electricity distribution networks, telecommunications networks, banking systems, manufacturing and transportation systems, as well as government information systems and services that support the continued and effective functioning of government. Elements of critical infrastructure can be stand-alone or interconnected and interdependent within and across provinces, territories, and international borders. Most of Canada's critical infrastructure is owned by the private sector or by municipal, provincial, or territorial governments, and much of it is connected to other systems
US-India Cyber Diplomacy: A Waiting Game (Huffington Post) They previously agreed on cooperation between the Computer Emergency Response Teams (CERT) of both countries, and India participated in an international cyber war game hosted by the US Department of Homeland Security
Hacker Attack Warnings Don't Budge Opposing Sides on Cyber Bill (Businessweek) There are pieces of infrastructure that, if crippled by a cyber attack, could damage the country and the economy, Daniel said. Senate Republicans in August blocked a cybersecurity bill backed by Obama that would have set voluntary cybersecurity
Napolitano: Administration will act on cybersecurity if Congress fails to pass legislation (The Hill) Napolitano outlined the variety of initiatives the Department of Homeland Security has dedicated toward this effort, including the joint program it sponsors with the National Security Agency at universities to train college students in cybersecurity
Safety or surveillance: What is the NSA's Utah Data Center? (ksl.com) One of the biggest and most mysterious construction projects in Utah history is roughly halfway completed near the Point of the Mountain. It's a vast computer center for one of the nation's most secretive agencies, the National Security
United Kingdom commits to 1 government website (Fierce Government IT) The United Kingdom officially launched a single government website called Gov.uk Oct. 17--rounding out consolidation efforts that had already brought the country's 820 national government websites down to just two domains, Directgov and Business Link, in less than 2 years. The single government portal had been in beta since Jan. 31
NASCIO says 'compliance' good for cybersecurity (Fierce Government IT) Even as the word "compliance" gets increasingly weighted with negative connotations in federal cybersecurity, a report from the National Association of State Chief Information Officers says it should be a lever utilized by state chief information security officers when securing their own and contractor-based infrastructure
Litigation, Investigation, and Law Enforcement
Following The Letter Of The Law: Apple Publishes Non-Apology To Samsung On Its Website To Comply With U.K. Court Ruling (TechCrunch) After losing an appeal in a UK high court last week against a judgement that Samsung's Galaxy Tab tablets do not infringe the design of the iPad because their design is just not cool enough, Apple has now published an acknowledgement of the court's judgement on its U.K. website — in line with the court order. You can't call it an apology — quite the opposite
Attorneys Warn of Increased Risk of Big Data Breach Lawsuits (Threatpost) Two attorneys for a prominent law firm warn that courts are starting to look more favorably on class-action lawsuits brought by data breach victims, who historically have had trouble proving actual damages from the thefts
'Huawei partner' tried to sell US tech to Iran (The Register) Chinese telecoms kit maker Huawei narrowly avoided the wrath of US investigators last year after a business described by Reuters as a Huawei supplier* offered to sell American-made equipment to Iran in a deal that would have broken sanctions, it has emerged. Tehran-based Soda Gostar Persian Vista was ready to sell 36 cell tower antennas to operator MTN Irancell before the error was spotted, according to a Reuters report. The existence of the intended transaction is recorded in a purchase order seen by Reuters
It's My Way or the Huawei (UC Strategies) A few months ago, I read an article in the Economist that highlighted the fact that Huawei had just surpassed Ericsson to become the world's largest telecom equipment manufacturer. These gains were attributed to the provision of high quality equipment at a low price. However, the article also highlighted the various concerns related to cyber-warfare exploits being propagated by Chinese actors
For a complete running list of events, please visit the Event Tracker.
Cyber Security: A National Imperative (Washington, DC, Oct 29, 2012) Lockheed Martin is hosting a panel discussion on Cyber Security: A National Imperative – An in-depth view of Cyber Security from the world's leading defense contractor on Monday, Oct. 29, 11:00am at the National Press Club.
TechExpo Cyber Security Careers (Columbia, Maryland, Nov 1, 2012) Profit from presentations by leading industry figures and networking opportunities designed for serious job-seekers.
Anatomy of an Attack (New York, New York, Nov 15, 2012) Join Sophos security experts in exploring how threats like malware, Trojans, worms and spyware actually work and what you can do to protect your company, even if you're on a tight budget.
ZeroNights (Moscow, Russia, Nov 19 - 20, 2012) ZeroNights is an international conference dedicated to the technical side of information security. The mission of the conference is to disseminate information about new attack methods, threats and defense tools. Another purpose is to create a communication venue for skilled professionals in the field of information security.
Digital Security Summit (Riyadh, Saudi Arabia, Dec 1 - 2, 2012) A major conference to discuss the growing threat to digital security in the Middle East, especially in Saudi Arabia.
Passwords^12 (, Jan 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO FreeBSD, inventor of scrypt), Simon Marechal (John the Ripper co-developer), Frank Stajano (Cambridge) and many more, this will be the premier event for everything and anything related to password security. Passwords^12 is the first and only conference of its kind, bringing together academic institutions, researchers and security professionals from around the world. It's a not-for-profit and non-commercial conference. No sales personnel, no marketing managers and deep technical talks.
BayThreat (Sunnyvale, California, Dec 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.