The CyberWire Daily Briefing 10.29.12

Cyber Trends

Half of PC's have malicious programs, says Kaspersky (The Standard Digital News) He pointed out that growing economies like Kenya are often tracked by cyber-criminals for potential targeting. According to statistics carried out by Kaspersky Lab, Kenya falls within the countries where users run the most serious risk of infection via

Trend Micro's Anthony O'Mara: firms need to get the balance right on public vs private cloud (SiliconRepublic) Trend Micro senior VP (EMEA) and head of global business operations Anthony O'Mara urges, however, that firms can still be brave and don't need to allow fear to halt innovation – the key, he says, is getting the balance right

Two-thirds of enterprises are expected to adopt MDM by 2017 (Fierce Mobile IT) Close to two-thirds of enterprises are expected to adopt mobile device management products for their corporate users by 2017, predicted Phil Redman, research vice president at Gartner

Laptop data breach can cost 70 times more than firm-wide encryption (Fierce Mobile IT) A data breach from a lost or stolen laptop can cost 70 times more than the cost of putting encryption on all of an organization's laptops, said John Girard, wireless and mobile security analyst with Gartner

Legislation, Policy and Regulation

Cleansing the Internet of Terrorism (Infosec Island) A new project aimed at countering illegal use of the Internet is making headlines. The project, dubbed CleanIT, is funded by the European Commission (EC) to the tune of more than $400,000 and, it would appear, aims to eradicate the Internet of terrorism. European Digital Rights, a Brussels-based organization consisting of 32 NGOs throughout Europe (and of which EFF is a member), has recently published a leaked draft document from CleanIT

Obama executive order expands Homeland Security reach into local law enforcement (Daily Caller) President Barack Obama signed an executive order Friday that expanded the Department of Homeland Security's ties to local law enforcement.

Obama has yet to review cybersecurity executive order, Napolitano says (Fierce Government IT) A draft of the executive order on cybersecurity has circulated in the Obama administration, but President Barack Obama himself has yet to review it, Homeland Security Secretary Janet Napolitano said Oct. 25. In the meantime, she said, the administration has reached out to the private sector and other stakeholders for their feedback about what the order should look like if Obama does choose to issue one

Obama order would beef up cyber security, a former aide says (Los Angeles Times) He says it will clarify the relationship between the Department of Homeland Security and agencies that deal with technology, including those that contract with private companies. It will also spell out the level of DHS involvement with infrastructure

Cybersecurity bill likely dead (The Hill) After Panetta warned in a speech last month that the cyber threat facing the United States represents a "pre-9/11 moment," Senate Majority Leader Harry Reid (D-Nev.) said he planned to bring cybersecurity legislation to the…The timing is bad

US, Canada launch joint cyber-security plan (NDTV) The action plan, under the auspices of the US Department of Homeland Security and Public Safety Canada, aims to better protect critical digital infrastructure and improve the response to cyber incidents

Industry, government find common ground in cyber realm (FederalNewsRadio.com) Some examples could be found at the National Security Agency or the U.S. Cyber Command, he said. "I think the government sometimes gets a bad rap, but they're the ones developing [or funding] a lot of the cutting-edge technology

Defending Critical Infrastructure (GovInfoSecurity) Low Visibility into Privately Owned Systems A Concern. Defending Delaware's critical infrastructure is a top challenge since a large part is owned by the private sector, says State Homeland Security Adviser Kurt Reuther, who details the challenges

Killer Apps: The Army is building cyber into its combat exercises (Foreign Policy) To address this, Campbell had representatives from U.S. Army Cyber Command embed with his commanders for the exercise, hosted by III Corps this summer, so that the traditional combat troops could learn how to use cyber in a conflict

Army training centers incorporating cyberthreats into exercises at brigade level (Stars and Stripes) "What you will see over time evolving is cyberspace becoming more mainstream in all our training avenues across the Army," said Patrick Manners, a development director for Army Cyber Command. The focus of current training is threefold

The Netherlands Wants the Power To 'Render Inaccessible' Data on Foreign Servers (Slate) Evading online surveillance is becoming easier as more tools offering anonymous encrypted storage and communication become available. But the trend is starting to worry authorities. Last week, the government in the Netherlands proposed a new law that would help it circumvent encryption by hacking into computers and infiltrating servers

Products, Services, and Solutions

Privilege Guard 3.6 released (Help Net Security) Avecto released Privilege Guard 3.6, which introduces a number of new features, including a challenge/response capability to easily authorize applications for remote users and an application control

Real user monitoring for web developers (Help Net Security) AppNeta announced Real User Monitoring (RUM) capabilities designed for web development and application performance. As a key feature of AppNeta's TraceView application performance management (APM) solution

Windows 8: A Bridge Too Far For Enterprises? (InformationWeek) Windows 8 may end up marking the moment when people stopped caring about PC operating systems

Windows 8: CIOs Get Enterprise Road Warrior (InformationWeek) Microsoft has long been king of the desktop, but Windows 8 has enterprise IT leaders experimenting with new, mobile business tools

No widespread deployment of Windows 8 by enterprises until 2014, says Gartner (Fierce CIO TechWatch) For all the appeal of Windows 8 in the consumer market, "there are no compelling business imperatives to drive legacy devices in business toward Windows 8," says Gartner Senior Vice President of Research Peter Sondergaard. He spoke at Gartner's Symposium/ITexpo conference held this week in Orlando, Florida, where the research firm said it predicts that 90 percent of enterprises will bypass broad deployments of Windows 8 until 2014, at least

8 reasons to upgrade to Windows 8 (Fierce CIO TechWatch) After years in the making, Windows 8 was launched around the world on Thursday and goes on sale today. I was invited down to the regional launch in Singapore on Thursday evening where I had the opportunity to get some hands-on time with dozens of devices hours before they went on sale

Windows 8: A Win For Enterprise Security (InformationWeek) Windows 8 makes securing enterprise PCs and tablets easier--and shows that the future of enterprise Windows security is proper control of applications

Windows 8 security focuses on early malware detection (CSO Salted Hash) Security experts say Windows 8 is the most secure Microsoft OS to date, but that doesn't mean malware won't evolve to exploit it

Technologies, Techniques, and Standards

Hurricane Sandy-Frankenstorm: Some biz continuity planning resources (CSO) Weather forecasters are sounding a loud alarm over an unprecedented storm that could cause massive destruction along the east coast next week. Instead of panicking, dust off those emergency business continuity plans and calmly prepare

Monitoring To Detect The Persistent Enemies (Dark Reading) Subtle attackers who are after intellectual property are hard to find. Monitoring can help, but a good analyst can help even more

DoD adopts NIEM, will no longer support UCore development (Fierce Government IT) Following an Oct. 16 meeting with the intelligence community's Information Sharing Environment program office, the Defense Department is drafting a memo specifying the National Information Exchange Model as the basis for its data exchange strategy

Ten Ways To Secure Web Data Under PCI (Dark Reading) PCI compliance can create headaches for companies that do online commerce. Is your e-business ready? Download the Dark Reading November 2012 special issue on securing Web data Download Dark Reading's special November issue securing Web data. Whether they're brick-and-mortar or online, merchants find the Payment Card Industry's requirements for protecting credit card data challenging and confusing

Prevent Web Attacks Using Input Sanitization (eSecurity Planet) What do three of the five most common website attacks have in common? Yes, a lack of input sanitization. Find out why it's important and what to do about it. Three of the top five most common website attacks – SQL injection, cross-site scripting (XSS), and remote file inclusion (RFI) – share a root cause in common: input sanitization

The Security Reality of Road Warriors (Infosec Island) Sales and marketing are often considered to be two sides of the same coin. While those who have worked on either side of the proverbial coin can attest to their vast differences, one fact remains -- both professionals typically require substantial working from the road. And while accessing corporate documents from outside of the firewall always raises some security flags, a recent survey[1] that we conducted of 1,900 sales and marketing professionals shows those who work in sales and marketing are particularly at risk

The anatomy of cyber security exercises (Help Net Security) In its new report, the EU's 'cyber-security agency' ENISA (the European Network and Information Security Agency) examines 85 national and international cyber-exercises between 2002 and 2012

Latest Amazon outage shows the importance of a Multiple Zone strategy (Fierce CIO TechWatch) Amazon (NASDAQ: AMZN) Web Services experienced an outage that started with some Elastic Block Storage volumes in an availability zone in the US-East-1 region, and snowballed into a larger issue that was felt throughout the day. Sites such as Reddit, Netflix, Github, Minecraft, Airbnb, FastCompany, and FourSquare were all affected to some extent, according to InformationWeek. This latest outage once again highlights the importance of using multiple availability zones

Marketplace

IT Security Spending To Grow Even More In 2013, Study Says (Dark Reading) Nearly half of enterprises plan to increase security spending next year, according to 451 Research study

Why Wall Street Is Battering Tech's Biggest Names (Wired Business) Wall Street's patience with tech companies that for much of the year could do little to disappoint has started to wane

DHS S&T Directorate Awards 34 Contracts for Cybersecurity Research (HSToday) Thirty-four contracts totaling $40 million were awarded this week to 29 academic and research organizations by the Department of Homeland Security's (DHS) Science and Technology Directorate (DHS S&T) to research and develop solutions to cybersecurity

US Fighting Cyber Warfare (Moneynews) The Army is interested in leading the cyber war effort through its new Army Cyber Command, according to Defense Tech, a military technology website. The command's ranks now include 21,000 soldiers, civilian employees and contractors. Developing cyber

NATO Briefs Industry on Potential $2.58B C4ISR Investments (Govconwire) More than 600 senior North American and European industry representatives attended a NATO conference in Rome this week to discuss potential opportunities in C4ISR (command, control, communications, computers, intelligence, surveillance and reconnaissance)

KEYW lasers in on private-sector security (Baltimore Business Journal) KEYW Holding Corp. made its name selling cyber security systems to government intelligence and counterterrorism agencies. Now, the 4-year-old Hanover cyber

CSC to Sell its Italian Consulting Business to Dedagroup (Govconwire) CSC (NYSE: CSC) has entered into an agreement to sell its consulting and systems integration services business to Dedagroup ICT Network for an undisclosed amount. Dedagroup will acquire CSC's pan-Italian consulting and systems integration projects and fashion industry software products and services. CSC will retain its corporate financial services products, solutions and services for international accounts

Boeing Acquires Supply Chain Specialist Miro Technologies (Govconwire) Boeing Co.'s (NYSE: BA) defense, space and security business has acquired Miro Technologies for an undisclosed amount and added the firm to its global services and support operations. La Jolla, Calif.-based Miro specializes in managing enterprise assets, supply chains and performance-based logistics for government and commercial customers and has offices in Saudi Arabia, Oman and the U.K

Research and Development

ST's experts win cryptography competition by NIST (EE Herald) Three cryptography experts from STMicroelectronics' Secure Microcontroller Division and Advanced System Technology Group won an international competition to develop a new global industry standard for digital security, the Secure Hash Algorithm SHA-3

Security Patches, Mitigations, and Software Updates

Patch Available for Broadcom Mobile Device Firmware DoS Vulnerability (Threatpost) Older versions of Broadcom firmware found in a number of mobile devices from major vendors including the Apple iPhone, iPad, Samsung Galaxy S and HTC Droid Incredible are vulnerable to a denial of service attack. Researchers Andres Blanco and Matias Eissler of Core Security Technologies reported the vulnerability in August, and this week published details on proof-of-concept exploit code

Firefox 16.02 Released (Internet Storm Center) Just a quick note today to say thank you to one of our readers, Paul, for the note that Firefox 16.02 has been released. Firefox classifies this fixes addressed in this release as 'Critical'

Cyber Attacks, Threats, and Vulnerabilities

Taxpayer data exposed in cyber attack on South Carolina agency (Chicago Tribune) As many as 3.6 million Social Security numbers and 387,000 credit and debit card numbers used by state taxpayers could have been exposed to a hacker in recent cyber attacks on the state Department of Revenue

Who Hacked South Carolina's Revenue Department? (FITSNews) The Palmetto State has received millions of dollars in cyber security grants from the U.S. Department of Homeland Security (USDHS) in recent years. Not only that, the state reportedly paid "a boatload of money" to Carnegie Mellon's internationally

Help added to SC cyber attack hotline (WACH) "South Carolina has come under attack, but South Carolina will fight back," says Governor Nikki Haley. It's this statement by the Governor that's causing many across the Palmetto State to be on high alert

France Euromillions site hit by religious hackers (BBC) The French site of the Euromillions lottery has been hacked, with the homepage replaced by a passage from the Koran condemning gambling. The hackers, calling themselves "Moroccanghosts", posted the message in Arabic and French. The Koranic verses call games of chance and alcohol "works of the devil" intended to turn people away from God

Anonymous Operation Payback (Cyberwarzone) Anonymous has hacked the servers of the Italian State Police. He claimed the same group on the page Facebook around 2 last night and on Twitter with the announcement invitation-users: more than 1 GB of data from the servers of the State Police released, check the booty

Anonymous Is Going After Zynga For Mistreating Employees, It Has Leaked Confidential Documents And Games (TechCrunch) As you know, gaming company Zynga laid off employees last week and shut down a few of its offices right before its quarterly earnings call. Well, Zynga has pissed off the online group Anonymous, and it's quite serious. Here's a video just released by them, discussing exactly what it plans to do and why

Cyber war elevates mistrust and hostility between Iran and US to new heights (Payvand) First, the cyber attacks against Iran are continuing. Preliminarily, the Stuxnet, then Flame, and now Mini-Flame have hit Iran. According to The Guardian, "Two leading computer security laboratories - Kaspersky Lab and Symantec - have been studying a

Official Calls for Iran's Smart Confrontation with Enemy's Cyber Threats (Farsnews) The enemy is developing, mastering and using the hi-tech to strike at Iran and Tehran should adopt a smart civil and cyber defense strategy against this approach, Head of Iran's Civil Defense Organization Brigadier General Gholam Reza Jalali said. Addressing a ceremony in Tehran on Sunday, Jalali said his organization aims to harness and reduce threats against Iran, "so, threats determine the direction of our movement". Noting that the threats in the cyber space are changing qualitatively and quantitatively, he said that the enemy is enhancing its technologies using smart systems to have their control wherever these technologies are used

Frankenstory: Attack Of The Iranian Cyber Warriors (InformationWeek) On the cyber-attack front, however, where's the hard evidence that ties Iran to all of these attacks? Well, that's classified. Furthermore, at least in the case of Shamoon, this week anonymous government officials admitted to Bloomberg that the

DHS Warns of 'Hacktivist' Threat Against Industrial Control Systems (Krebs on Security) The U.S. Department of Homeland Security is warning that a witches brew of recent events make it increasingly likely that politically or ideologically motivated hackers may launch digital attacks against industrial control systems. The alert was issued the same day that security researchers published information about an undocumented software backdoor in industrial control systems sold by hundreds different manufacturers and widely used in power plants, military environments and nautical ships

Software backdoor makes critical infrastructure vulnerable to attacks (Help Net Security) Ever since Stuxnet managed to disrupt the workings of the Natanz nuclear facility, the security of industrial control systems (ICS) has deservedly received a lot of attention

Flaw in boarding pass check system puts fliers in danger (Help Net Security) Everybody knows by now that airline boarding passes have barcodes that, when decoded, show a series of letters and numbers that "summarize" the main information about one's flight - name, flight number

Most U.S. Drones Openly Broadcast Secret Video Feeds (Wired) our years after discovering that militants were tapping into drone video feeds, the U.S. military still hasnt secured the transmissions of more than half of its fleet of Predator and Reaper drones, Danger Room has learned

Hackers can turn data into cash (Greenville News) "There is a lot of spoofing and head fakes going on to make it seem like an attack is originating from a different region," says Kurt Baumgartner, senior security researcher at Kaspersky Lab. Generally speaking, the more sophisticated cyber attacks

Misconfigured open DNS resolvers used in DDoS attacks (Fierce CIO TechWatch) Hackers are increasingly using open DNS resolvers as a means to perform DDoS, or Distributed denial-of-service, attacks against their targets, says a new report by HostExploit, a voluntary organization that tracks and promotes awareness of cyber crime activities

Google's email security flaw embarrassing, but no catastrophe (CSO) DomainKeys Identified Mail (DKIM) vulnerability highlights need to upgrade to stronger keys as they improve

Cyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant (Internet Storm Center) Here on Day 26 of Cyber Security Awareness Month, as the ISC focuses on standards, we received a very interesting email from David at Lamp Post Group, the IT provider for Access America Transport. Per David: "Access America owns a US Trademark and the domain accessamericatransport.com. On Tuesday, October 23, a malicious user registered the domain accessamericatransport.net and immediately began sending phishing emails under the domain. Purporting to be Access America Transport, some emails were sent to several of our carriers with a link to a fake "Rate Confirmation" ("rate confirmations" is a normal term in the 3PL industry) or carrier "Claim" which in fact linked to an executable containing a virus"

Main computer security threats: Trojan Horses (Panda Labs) Do you want to know a little bit more about Trojan Horses? We have created this infographic about them

Supply Chain Woes: Human Error or Something Else Entirely? (Dark Reading) How easy are plausibly deniable bugs really introduced to the supply chain, and are recent fears concerning foreign technologies more hype than fact

Japan woefully vulnerable to cyber-attack (The Japan Times) Some locked themselves in a room and spent six hours analyzing a malware worm called Gumbler that had tampered with the websites of Japanese companies like Honda in 2009. Others spent hours writing code to check the vulnerability of websites

[Denmark] 'increasingly vulnerable' to cyber-attack (The Copenhagen Post) Cyberwarfare is now the greatest single threat to national security, according to a new threat assessment Forsvarets Efterretningstjeneste (FE), the military intelligence agency's. Speaking in conjunction with the release of the 2012 Intelligence Risk

Nigeria easy target for cyber criminals (BusinessDay) Symantec Corporation on Thursday said Nigeria is becoming a huge attraction for cyber criminals. The steady growth of the economy and increased bandwidth capacity emanating from the increasing number of submarine cable systems

Academia

Training cyber defenders (Buffalo News) The Department of Homeland Security in 2011 received 198 reports of attacks on the companies that control this country's critical infrastructure, up from nine such incidents in 2009, according to CNN's Security Clearance blog. "These attacks keep

College of Engineering Partners with Boeing to Further Research on Aircraft Systems (Avionics Intelligence) The College of Engineering at Tennessee State University is continuing a decade-long partnership with the Boeing Company when it was recently announced that Boeing would provide nearly $600,000 worth of funding for the College to help address some of the aircraft challenges facing the company.

Team of Centennial, Reservoir students place second at Cyber Challenge (Baltimore Sun) The competition was sponsored by the Science Applications International Corp., the University of Maryland, Baltimore County and the National Cyber Security Alliance. Together, Centennial seniors Reuven Rosenthal, Huang Xue, Franz Payer, Aneesh

California State University ditches Cisco, saves $100 million (Fierce CIO TechWatch) California State University's decision to replace its 23-campus network with Alcatel-Lucent will save the university a whopping $100 million over eight years, according to a report by Network World early this week. The largest four-year university in the United States, it spans 23 campuses and its network is used by almost 430,000 students and 44,000 faculty and staff

Litigation, Investigation, and Enforcement

Washington Briefs: Landrieu criticizes report (The Advocate) Mary Landrieu, D-La., is blasting a recent Senate subcommittee report that was strongly critical of the Department of Homeland Security's fusion centers that are meant to coordinate counterterrorism efforts with local officials

As of today, the FBI is working 24/7 to investigate hackers and network attacks (The Next Web) The Federal Bureau of Investigation (FBI) is finally stepping up its game when it comes to hackers. Maybe it was Anonymous that did it or maybe it was statements from the US Secretary of Defense two weeks ago, but either way, the FBI is now hunting hackers 24/7. You're not the only one who was under the impression that the FBI was already doing this. Yet only today, the agency announced that it has been working on this new initiative for the past year. Its goal is to "uncover and investigate web-based intrusion attacks and develop a cadre of specially trained computer scientists able to extract hackers' digital signatures from mountains of malicious code"