The CyberWire Daily Briefing for 12.10.2012
German power distribution company 50Herz discloses a distributed denial-of-service attack it suffered at the end of November. Under botnet control, the attack disrupted systems for five days. It's believed this is the first confirmed attack on the European power grid.
The Saudi investigation into August's Shamoon attack on Aramco continues, and the Interior Ministry says the attacker's objective was to cripple the Saudi economy by disrupting oil production. No attribution has been announced. Elsewhere in the Middle East and South Asia, Anonymous turns its attention to Egypt's President Morsy and the Pakistan Cyber Army "declares war" on China and Bangladesh.
The Skynet botnet is hiding its command-and-control servers behind Tor. New email borne threats include spoofed hotel booking notices, UPS and FedEx notices, and Facebook cancellation requests. Webroot offers an interesting look at the criminal economy as seen through a boutique exploit shop. (Compare PC Pro's survey of the legitimate bug-hunter economy.)
Ponemon tells the healthcare industry that the root of its cyber problems is a general failure to realize how valuable its data are. India's information security market is expected to rise by 18% in 2013. IT World predicts "massive consolidation" in the cyber security sector, with Sophos, WebSense, Panda Security, Bit Defender, AVG, WebRoot and Avast called out as potential takeover targets.
Those interested in creating local community-based cyber security capabilities may find the experience of Washtenaw County, Michigan, of interest.
The US is not happy about ITU plans for the Internet, and threatens to exit the WCIT.
Today's issue includes events affecting Australia, China, European Union, Germany, Iran, Israel, Saudi Arabia, United Arab Emirates, United Kingdom, United Nations, and United States..
Cyber Attacks, Threats, and Vulnerabilities
European renewable power grid rocked by cyber-attack (EurActiv) A German power utility specialising in renewable energy was hit by a serious cyber-attack two weeks ago that lasted five days, knocking its internet communications systems offline, in the first confirmed digital assault against a European
Saudi Aramco says cyber attack targeted kingdom's economy (Al-Arabiya) Oil giant Saudi Aramco said on Sunday that an August cyber attack on its computer network targeted not just the company but the kingdom's economy as a whole. The interior ministry, which joined Aramco's investigation into the attack that affected some
Saudi Arabia says cyber attack aimed to disrupt oil, gas flow (NBC News) Saudi Arabia's national oil company, Aramco, said on Sunday a cyber attack against it in August which damaged some 30,000 computers was aimed at stopping oil and gas production at the biggest OPEC exporter. The attack on Saudi Aramco
Anonymous: Operation Egypt #OpEgypt (Cyberwarzone) Members of the hacktivist group known as "Anonymous" released a video on YouTube Tuesday warning Egyptian president Mohamed Morsy and Muslim Brotherhood that they risks cyberwarfare unless he relinquishes his claim to extrajudicial powers. DEAR CITIZENS OF THE WORLD,Anonymous can not, and will not stand idly while people are being denied their basic rights and human liberties. The people of Egypt have shown to the world the power of their struggle
Pakistan Cyber Army declares war on Chinese, Bangladeshi sites (The Register) Hacktivists claiming to hail from the Pakistan Cyber Army have defaced over 400 Chinese government web sites and also hit in excess of 20 Bangladeshi government sites. A hacker known as Code Cracker is claiming responsibility for the attack on the official web site of Xuchang City Peoples Procuratorate and a whopping 436 sub-domains, according to HackRead. The domains were posted to hackers favourite Pastebin and all now appear to have been taken offline, however there does not appear to have been any explicit message left for the local government aside from a generic Pakistan Cyber Army logo and the words hello admin
Tor network used to command Skynet botnet (CSO) Other botnet operators might use Tor to hide their command and control servers in the future, researchers say
You receive the electronic reservation? Malware attack poses as hotel booking email (Naked Security) Bogus hotel reservation emails have been spammed out widely, which claim to come from Booking.com but in reality carry malware designed to infect Windows computers
Malicious email simultaneously impersonates UPS and FedEx (Help Net Security) Malicious notifications supposedly coming from major courier delivery services companies are nothing new, but they still must catch enough users off guard. This latest one is particular enough
Beware of bogus Facebook account cancellation requests (Help Net Security) Bogus "Facebook Account Cancellation Request" emails are back, and this time the malicious senders didn't opt for making users infect themselves. The "click here" link will secretly redirect victims
A peek inside a boutique cybercrime-friendly E-shop (Webroot) Seeking financial liquidity for their fraudulently obtained assets, novice cybercriminals continue launching new DIY cybercrime-friendly e-shops offering access to compromised accounts, harvested email databases, and accounts that have been purchased using stolen credit card data, in an attempt to diversify their portfolio and, consequently, increase the probability of a successful purchase from their shops. In this post, Ill profile one of the most recently launched cybercrime-friendly e-shops, continuing the A peek inside a boutique cybercrime-friendly E-shop series. The E-shop currently offers RDP, Root and SSH accounting data, as well as DIY Spam Mailers and marketing leads, namely, harvested databases of email addresses, with the prices varying between $8-$15
IBM: Security Impedes Adoption Of Some Major Technologies (Dark Reading) New data from IBM shows how security has become a major part of the IT decision-making process for adopting new technologies -- and how much it shapes those choices. Security is one of the top two hurdles in adoption of business analytics, mobile, social business, and cloud, according to the new IBM 2012 Tech Trends Report. And in mobile and cloud, security is the No. 1 hurdle by far
What Is Big Data? (Dark Reading) When someone says big data, what do you think of? Do you think of mainframes? Data warehouses? Do you think of Oracle Grids, Exadata, or Teradata clusters? Perhaps you think of Hadoop, MongoDB, Cassandra, or CouchDB? Or maybe it's any NoSQL database? Or perhaps you think it's just a giant mass of data in one place? If you read press articles on big data, then it's all of these things
Awareness There, Policies Lacking: Results Of A New SANS Survey On Application Security Policies In Enterprises (Dark Reading) Survey shows organizations managing multiple applications, yet 28% can't determine what applications are under management
80% of cyber attacks in 2012 came from legit sites (Manila Standard Today) Anti-virus firm Sophos has released its year-end security report, Security Threat Report 2013, which labeled 2012 as a year of
'Cyber Pearl Harbor': Could future cyberattack really be that devastating? (Christian Science Monitor) "I do think it's a genuine concern," says Stewart Baker, a lawyer and former senior official at the National Security Agency and the Department of Homeland Security. "I'd love to think it's overstated, but that view is supported more by wishful
Cyber-warfare Hype and fear (The Economist) EVEN as anxiety about jihadi terrorist threats has eased, thanks to the efforts of intelligence agencies and drone attacks' disruption of the militants' sanctuaries, fears over Western societies' vulnerability to cyber-assaults have grown
The zero-day bounty hunters (PC Pro) Davey Winder explores the hidden world of the bounty-hunting security researcher, finding vulnerabilities for fun and profit. Fewer than 1% of the exploits detected by Microsoft in the first half of last year were against so-called zero-day vulnerabilities – those that were previously unknown. That figure raises a question: if the vast majority of real-world exploits are "known threats", what makes zero days so valuable that they have spawned a hidden industry of bounty-hunting researchers
Cloud-based services revenue to increase (Help Net Security) Cloud-based services revenue in two years is expected to comprise nearly twice its current share of provider revenue, even as providers believe that showing evidence of cost savings is the biggest bar
Q&A: It's crucial for organizations to value their data, says Larry Ponemon (Healthcare IT News) Healthcare records "substantially more valuable than other types of records." Three out of five healthcare organizations are not allocating enough resources to protect patient data – and among the reasons is a simple fact that the industry has no way to place a value on that information
DHS cost model shows benefit of data architecting (Fierce Government IT) Data architecting has a verifiable although delayed financial benefit, says a case study produced by the Homeland Security Department's office of chief information officer. An August 2012 unclassified study summary (.pdf), provided on condition of anonymity, says preliminary results made with an activity-based cost model show a return on investment of $5.8 for every $1 invested into data standardization
India's info security market to touch Rs 1,415 cr in 2013: PwC (Zee News) The country's information security market is expected to grow by 18 percent to reach Rs 1,415 crore in 2013 on the back of increased spending by companies to secure their information assets, a new report says."Size of the information security market in India in 2012 is Rs 1,200 crore and our estimate for 2013 is Rs 1,415 crore, a growth of 18 percent," PWC said in 'The State of Information Security Survey -India, 2013'. The report said said regulatory compliance is the key justification provided by executives for increasing information security spending. The report said a survey shows 75 percent respondents from India as compared to 45 percent of global peers expect an increase in information security spending
Womble Carlyle Completes Successful Acquisition for Cyber Security Firm (WCSR) A Womble Carlyle multidisciplinary teamguided Maryland-based cyber security firm Rsignia through its successful acquisition by federal defense contractor KEYW (a publicly listed entity). This strategic acquisition, which closed in late November, is closely related to Project G, KEYW's Cyber Awareness and Response platform
Wynyard Group Sign Strategic Alliance with Leading Global Security Company Northrop Grumman (Sacramento Bee) Wynyard Group, the specialists in intelligence-led solutions for protecting companies and countries from threat, crime and corruption, has entered into a strategic alliance with Northrop Grumman Corporation (NYSE:NOC) to market and develop joint offerings to the US public sector and commercial markets
Predictions: Massive consolidation in the security industry (ITWorld Canada) That leaves Sophos, WebSense, Panda Security, Bit Defender, AVG, WebRoot and Avast. I can see all of them getting acquired. In my mind WebSense holds the
A U.S. Apple factory may be robot city (IT World) Apple's planned investment of $100 million next year in a U.S. manufacturing facility is relatively small, but still important. Apple has the money, talent and resources to build a highly automated factory that turns out products that are potentially cost competitive with those it now makes in China
Apple, Google said to be pooling $500 million plus for Kodak patents (Ars Technica) The groups wouldn't bid enough on their own, so now they're working together
Products, Services, and Solutions
Stallman slams Ubuntu, calls Amazon integration 'spyware' (Computer World) Activist and free software guru Richard Stallman on Friday hammered Ubuntu for including what he termed spyware in new versions of the popular open-source operating system and urged GNU and Linux users to avoid the distribution
DataMotion unveils SecureMail Gateway (Help Net Security) DataMotion announced updated its SecureMail Gateway, an intelligent monitoring solution that uses policy-based encryption and Exact Matching functionality to prevent data leakage and protect sensitive
Damballa Failsafe 5.1 Unveils Breach Confirmation And Instant Replay Capabilities (Dark Reading) Damballa Failsafe 5.1 combines the C&C detection and malware analysis capabilities to deliver two first-of-their-kind innovations to the information
Check Point Annouces ThreatCloud Security Services (Biztech2) Check Point Software Technologies Ltd., has announced Check Point ThreatCloud Security Services, a set of new security service offerings to assist customers in protecting their organisation's networks from the most sophisticated threats and provide expert resources to help during any attack. These new services monitor events directly on customer security gateways, and are powered by Check Point's ThreatCloud security intelligence infrastructure, the collaborative network to fight cybercrime and deliver real-time threat data from a worldwide network of threat sensors
Metasploit Pro 4.5 released (Help Net Security) Rapid7 released a new version of Metasploit Pro, which introduces advanced capabilities to simulate social engineering attacks. With Metasploit 4.5, security professionals can now gain visibility
Technologies, Techniques, and Standards
Tech Insight: 5 Myths Of Software Security (Dark Reading) Why do vulnerabilities keep cropping up in software? Here are five reasons -- and what developers can do about them
Norman AS Presents Five Steps to Secure Industrial Control Systems in New Cyber Security Awareness Video Episode (SYS-Con) Norman AS, the global leader in threat discovery, malware forensics and analysis, and industrial control system (ICS) protection solutions, presents "Five Steps to Securing Critical Infrastructure." In this episode of the cyber security awareness video series, "Inside Network Security," Joe Weiss, a managing partner of Applied Control Solutions, delineates a comprehensive cyber security plan for IT management teams to activate within industrial control system operations
Password handling: challenges, costs, and current behavior (Help Net Security) Online passwords are a pain, and not just when you have to type them to access your online bank account or shop at your favorite digital emporium. Password pain extends to the people who have to manage
Design and Innovation
ONLINE SAFETY: Get involved in online safety (Heritage.com) Keeping our kids, businesses and personal information safe online is like a part-time job for some. There is no shortage of topics for me to write about each month because the Internet is so pervasive in our everyday lives. Staying safe will take raising awareness and education in each community
Legislation, Policy, and Regulation
US drops 'net regulation bombshell', threatens WCIT exit (The Register) As the ITU's WCIT conference rolls on in Doha, the head of the American delegation Terry Kramer has pointed to the big red button, threatening to veto any new treaty it believes puts the Internet at risk. America's delegation has become increasingly agitated at the content of proposed changes to the ITRs – International Telecommunications Regulations – coming from countries such as Russia and China. According to Australian telecommunications newsletter Communications Day, the veto threat was made to a Dow Jones journalist, with Kramer saying the US delegation could "walk away from the conference"
ITU agrees deep-packet inspection of internet traffic (Computing) Deep-packet inspection examines the data part (and possibly also the header) of a packet as it passes an inspection point, such as a firewall. The agreement paves the way for national governments to assert their rights to analyse all internet traffic
UAE leads the way in cyber security (THe National) The UAE is weeks away from establishing the first national authority for cyber security in the region, to combat online threats to military and critical installations. Speaking at the Gulf International Cyber Security Symposium, Maj Gen Mohammed Al Essa of the Ministry of Defence, said that the three services of the armed forces were working closely on enhancing the security of digital communications systems to sustain a high readiness to face any threat to national or regional stability. The UAE introduced the necessary legislation and regulations which culminated in a special federal decree issued by the President to establish a national authority for cyber security, Gen Al Essa said
Why AusCERT fell off Govt cybersafety service (IT News) DBCDE complains of failure to innovate. The Federal Government chose to drop AusCERT from its Stay Smart Online (SSO) security alert service because it felt the non-for-profit organisation "failed to innovate", freedom of information documents have revealed. The online security service was run by AusCERT for four years before the contract expired in
White House advisers push classification overhaul (Federal Times) A White House advisory panel is calling for a dramatic rethinking of how the government keeps its secrets. Among its proposals: Reduce classification levels from three to two as one way to reduce unneeded secrecy. Under the current system, in place since 1953, agencies classify information as top secret, secret or confidential. The board's proposal would divvy up classified information into two categories: top secret and a "lower level." Automatically declassify information that's sensitive for only a short time. Most records now remain classified for at least 25 years. Strengthen the National Declassification Center, a 3-year-old agency within the National Archives and Records Administration charged with declassifying old materials
10 years of DHS: Blessing or 'bureaucratic monstrosity'? (Fox News) Ten years after its creation, the Department of Homeland Security continues to push against a mixed record of accomplishments and setbacks, and a mission that experts say is still hard to pin down. "I don't think people understand what (DHS) does and
US Intelligence: Redundancy Increases As Budget Pressure Mounts (Albany Tribune) First, domestic security agencies were cobbled together under a newly created Department of Homeland Security and another layer of bureaucracy was added on top of them. Also, a new intelligence agency in that newly established department was created
'Leaked' Draft of White House Cyber Security Order Not Worth the Wait (CIO) At least it doesn't say the Department of Homeland Security should be in charge. It opens with the boilerplate ... The otherwise powerless Director of National Intelligence gets to track "all of these reports and notifications." I guess he finished
Defense bill would require contractors to notify DoD of cyber intrusions (Foreign Policy) In case you missed it, buried inside the 2013 defense authorization bill is a clause that would require defense contractors to notify the Pentagon any time they have suffered a "successful penetration." Section 936 of the bill requires that the Pentagon "establish a process" for defense contractors that have classified information on their networks to quickly report any successful cyber attacks against them to the Defense Department. Contractors must include a description of the "technique or method used in the penetration," and include samples of the "malicious software, if discovered and isolated by the contractor," reads the bill
Litigation, Investigation, and Law Enforcement
Report: EU report accuses Huawei, ZTE of competing unfairly in mobile gear (Computer World) Chinese networking vendors Huawei Technologies and ZTE are competing unfairly in the European mobile infrastructure market, according to an analysis being circulated by the European Commission, The Wall Street Journal reported on Friday
Secret Service launches investigation into 'immense' security breach as computer files left on Metro (Telegraph) The worker was taking the sensitive material from the Secret Service HQ in Washington to an off-site facility but left them on the train when he got off. The tapes contained backup case file information as well as extremely personal data about employees, including dates of birth and addresses. Adding to the embarrassment is that the tapes had only "very basic encryption", meaning that they could easily be hacked
Special Report: How foreign firms tried to sell spy gear to Iran (Reuters) In the summer of 2008, Iranian security agents arrived at the family home of Saleh Hamid, who was visiting his parents during a break from his university studies. The plain-clothes agents, he says, shackled him and drove him blindfolded to a local intelligence detention center. There, he says, they beat him with an iron bar, breaking bones and damaging his left ear and right eye
For a complete running list of events, please visit the Event Tracker.
2012 European Community SCADA and Process Control Summit (Barcelona, Spain, Dec 10 - 11, 2012) The European SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the principal cyber security risks to control systems and the most effective defenses.
SANS SEC 504 - Hacker Techniques, Exploits & Incident Handling (Linthicum Heights, Maryland, USA, Dec 10 - 14, 2012) Rescheduled after Hurricane Sandy, this SANS Institute program provides information on how to recognize and respond to hacking.
tmforum Big Data Analytics Summit (Amsterdam, Netherlands, Jan 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates, panels, interactive sessions and networking opportunities that maximize every participant's opportunity to network and generate ideas that can be implemented immediately.
ATMiA US Conference 2013 (Scottsdale, Arizona, US, Feb 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.