The CyberWire Daily Briefing for 12.12.2012
Syria's civil war appears to be entering its final stages, and the conflict carries over into information operations in cyberspace. Wired describes the "Assadosphere"—the online supporters of President Assad's regime. Elsewhere in the Middle East the Iranian-inspired Izz ad-Din al-Qassam Cyber Fighters make their promised reappearance, warning they intend to hit five US banks with distributed denial-of-service attacks this week: U.S. Bancorp, JPMorgan Chase, Bank of America, PNC Financial Services Group and SunTrust are the targets.
Russia's space agency joins NASA and Japan's JAXA in falling victim to cyber attack. (This latest exploit appears to originate in the Republic of Korea.)
The Kelihos botnet is back and updated with new TLD and USB attack capabilities. More details emerge on Tor-cloaked botnet Skynet.
CyberWire readers are doubtless too aware of holiday scams to be easily taken in, but you may have less sophisticated friends and relations. Consider sharing Daily Finance's twelve frauds of Christmas with them.
British researchers find that 007 and Jason Bourne movies have created a despairing public quietism about cyber security: if hacking is so easy, why bother fighting it? BYOD in health care enterprises is found to be "a data breach waiting to happen." A RAND study shows that law enforcement organizations are looking for better secure knowledge management systems. SafeNet's incoming CEO will emphasize cloud services.
Ben Gurion University is establishing a cyber security incubator. Quartz looks for lessons in incubators and other communities of innovation. The European Union agrees to a common patent system.
Notes.
Today's issue includes events affecting European Union, Germany, Iran, Israel, Republic of Korea, Russia, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Meet the Assadosphere, the Online Defenders of Syria's Butcher (Wired Danger Room) Meet the Assadosphere, the defenders of Syria's bloodthirsty dictator on the web, Instagram, YouTube, Facebook and Twitter
Dexter malware infects point-of-sale systems worldwide, researchers say (CSO) Dexter malware stole data for tens of thousands of payment cards in recent weeks, Seculert researchers say. Researchers from Israel-based IT security firm Seculert have uncovered a custom-made piece of malware that infected hundreds of point-of-sale (PoS) systems from businesses in 40 countries in the past few months and stole the data of tens of thousands of payment cards
Kelihos Update Includes New TLD and USB Infection Capabilities (Threatpost) There's a little Michael Myers in the Kelihos botnet; maim it, kill it and it keeps on coming back to wreak more havoc. The 2011 takedown of the Kelihos botnet was one of Microsoft's high-profile success stories against spambots and the like, yet Kelihos was back for more at the start of 2012 using dynamic fast-flux techniques to avoid detection and further shutdowns
Tor-Powered Botnet Linked to Malware Coder's AMA on Reddit (Threatpost) In the process of analyzing a seemingly new and fairly small botnet called Skynet, Rapid7 security researchers determined that this was precisely the same network described by its creator in a particularly bold 'Ask Me Anything' (AMA) on the social news site Reddit earlier this year
Skynet, the potential use of Tor as a bulletproof botnet (infosec island) In September 2012 the German security firm G Data Software detected a botnet with a particular feature, it is controlled from an Internet Relay Chat (IRC) server running as a hidden service of the Tor. There are pros and cons for this design choice, of course the greatest advantage resides in the difficulty for the localization of the command and control servers (C&C), due the encryption of the connections interior to the network and the unpredictability of the routing of the information, most important disadvantages are the complex implementation and latency in the communication
5 Banks Targeted for New DDoS Attacks - Hacktivist Group Warns of 'Widespread' Strikes (Bank Information Security) Izz ad-Din al-Qassam Cyber Fighters has announced the "second phase" of its hacktivist campaign, saying five major U.S. banks will be the victims of new distributed-denial-of-service attacks starting this week. U.S. Bancorp, JPMorgan Chase, Bank of America, PNC Financial Services Group and SunTrust Banks are the latest targets, according to the group, which announced its plans in a Dec. 10 Pastepin posting."In [this] new phase, the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks," the group writes. Each of these five banks suffered DDoS attacks during phase one of the hacktivist group's campaign, which ran roughly from mid-September to mid-October
Sanny Malware Targeting Russian Space, IT, Telecom Industries (Threatpost) Attackers, purportedly hailing from Korea, have been targeting individuals in Russias aerospace, IT, education and telecommunication industries with hopes of extracting their passwords and credentials. According to a post on FireEyes Malware Intelligence Lab by researchers Alex Lanstein and Ali Islam, the attacks are coming in the form of a rigged Cyrillic Word file. That malicious file, nicknamed Sanny by the researchers, looks clean but actually drops another executable, along with a pair of . DLL files when the exploit is launched
Two-Factor Authentication is Not What it Used to Be (Security Bistro) Banking customers in Europe were recently ripped off for millions of Euros by a very sophisticated series of malicious compromises targeting users computers and cell phones. In effect, two-factor authentication was defeated for about 30,000 customers at more than 30 different banks. This proves that with persistence, organization, and economic incentives, people can be duped and two-factor authentication precautions can be easily overcome
Chubb Cyber Endorsement Addresses Increase In Bank Account Takeover Frauds (Dark Reading) Endorsement expands the definition of fraudulent communications
Human error knocks Gmail offline (Fierce CIO: TechWatch) Google's (NASDAQ: GOOG) Gmail was down for some 40 minutes on Monday. Rumors hinted at first at a Denial of Service attack, fueled in part by Google's initial silence on the matter. However, updates that were provided by the company later showed it as an outage caused by a server misconfiguration
Top Mobile Vulnerabilities And Exploits Of 2012 (Dark Reading) Spoofing, banking attacks, authentication flaws, and more top the list of 2012's biggest mobile security headaches
12 Holiday Cyber Scams to Watch Out For (Daily Finance) As more consumers pick up their smartphones and tablets to go holiday shopping, cyber crooks are trying just about everything to dupe them out of their hard-earned money. Forty percent of identity theft victims were targeted while making online purchases in 2011, according to an identity fraud report by Javelin Strategy & Research. Meanwhile identity fraud increased by 13 percent, with more than 11
Security Patches, Mitigations, and Software Updates
Critical Vulnerability Fixed in Chrome 23 (Threatpost) It's Patch Tuesday, and not just for Microsoft and Adobe. Google also patched a number of security vulnerabilities in its Chrome browser today, including one critical flaw and three high-severity ones
Adobe Patches Memory Flaws in Flash Player and Sandbox Vulnerability in ColdFusion (Threatpost) ColdFusion patchAdobe's second set of security updates coinciding with Microsoft's monthly patch releases were made available today. The two bulletins include patches for vulnerabilities in Adobe Flash Player and Adobe ColdFusion. The Flash vulnerabilities for Windows are rated most severe by Adobe and successful exploits could result in crashes, or an attacker being able to remotely execute code
Microsoft fixes critical Windows 8, IE10 flaws for Patch Tuesday (ZDNet) Microsoft has released five critical security updates for Windows 8 and Windows RT in order to protect against a range of vulnerabilities identified in the recently released software. All in all, there are seven updates for Windows users, with five rated "critical" that could lead to remote code execution, while two are rated "important," which fix flaws that could result in the operating system's security features being bypassed. Critical updates are generally those that could compromise the security of a device or system data, while important updates are reserved for those that could lead to an increased scope of attack by malware or hackers
Cyber Trends
Survey Of IT Professionals Reveals Discrepancy Between Support Of And Implementation Of Desktop Privilege Control (Dark Reading) Nearly half of respondents, however, report privileged accounts widespread on company desktops and laptops
Bond And Bourne Fuel Belief That Cyberhacking Is Easy So Why Fight It, U.K. Study Shows (Dark Reading) Adults across the U.K. are increasingly fatalistic about their level of online risk, according to a new study by YouGov plc for Kaspersky Lab
Survey Exposes New Cloud Security Flaws (Dark Reading) SailPoint's survey found that business users have gained more autonomy to deploy cloud applications without IT involvement
Smart grid ICS cyber security market to grow (Help Net Security) Smart grid industrial control systems (ICS) remain in a state of flux. Security is still viewed as a cost-limitation exercise by many utilities, and advances toward meaningful regulations remain halti.
With BYOD, data breaches just waiting to happen (CSO) Smartphone insecurity means healthcare patient information, for one, remains at high risk, studies find
Nine out of 10 hospitals lost personal data in last two years (SC Magazine) Take out a quarter and flip it four times. It's unlikely the coin will land on heads (or tails) four times in a row -- a one-in-16 chance to be exact. Yet tossing four consecutive heads or tails is a likelier outcome than being a hospital that hasn't been breached over the past two years
Economic Espionage - The Reality (Security Watch) There is a lot of rhetoric in the media lately about cyber warfare and cybercrime. While a lot of this coverage is hyperbole and is often backed by vendors trying to promote their products, there is a reality that we should acknowledge. Espionage has been going on ever since man organised himself into tribes
Competing standards could damage cloud industry (ComputerWeekly.com) Current cloud computing standards organisations include The Green Grid, Cloud Security Alliance, the Institute of Electrical and Electronics Engineers
Cloud Alliance Fights to Secure the Ether (Virtualization Review) The Cloud Security Alliance is a who's who of important cloud vendors, everyone from eBay to Citrix to Microsoft and VMware
Utilities have double challenge with smart grid, big data (Fierce Big Data) Eventually, smart grid technology and big data will go together like peanut butter and jelly. But in the implementation phase, they pose distinct challenges for power companies. Smart grid technology will surely compound the need for big data solutions. The latest issue of Intelligent Utility said, "The smart grid revolution is unleashing torrents of data. Utilities face an imperative to develop ways to transform those bytes into system improvements and innovative services." It is not dissimilar to the drivers in other industries
Marketplace
Slide Show: 10 Security-Service Startups To Remember In 2012 (Dark Reading) With the security services market growing by more than 23 percent per year, it's no wonder that 2012 had its share of startup launches and young companies taking off
Law enforcement desires better knowledge management systems, says Rand (Fierce Government IT) In a report released Dec. 5 that's based on interviews and focus groups with 26 law enforcement agencies selected to be roughly representative of the size and geographic location of U.S. state and local police departments, Rand researchers say the technology priorities officials cited the most often were for basic knowledge management systems
Panetta Repeats White House Veto Threat On Defense Measure (Bloomberg.com) U.S. Defense Secretary Leon Panetta reaffirmed the threat by President Barack Obamas advisers to veto a defense authorization bill unless a House-Senate conference committee makes changes
General Dynamics…Tech Support For Top Secret Enterprise (SatNews) General Dynamics Information Technology, a business unit of General Dynamics (NYSE: GD), has been awarded a two-year, $6 million task order by the Air Force Intelligence, Surveillance and Reconnaissance Agency to provide technical support services to the Air Force Joint Worldwide Intelligence Communications System (AF JWICS) Enterprise. General Dynamics will help the Air Force streamline its communications networks and integrate with national-level Intelligence Community Information Technology Enterprise (IC ITE) and Desk Top Enterprise (DTE) initiatives
SafeNet's new CEO focuses on cloud technology, Maryland tech community (Bizjournals.com) SafeNet has been involved in the state's CyberMaryland initiative, which supports businesses in cyber security. "We have a lot of talented people who could
Unisys Board OKs $50M Share Buyback (Govconwire) The board of directors at Unisys Corp. (NYSE: UIS) has approved a plan to repurchase up to $50 million of the company's shares through Dec. 31, 2014. Both common stock and mandatory convertible preferred stock are covered under the plan, the company said. Purchases can include transactions in the open market, including 10b5-1 plans, or through
MacAuley-Brown Names CIA, ManTech Vet Mark Chadason Natl Security Group SVP (Govconwire) MacAulay-Brown has appointed Mark Chadason senior vice president for the newly-formed national security group, reporting directly to President and CEO Sid Fuchs. The company said Chadason, a three-decade veteran of the U.S. Marine Corps and CIA, will be responsible for building and maintaining relationships with customers in the U.S. defense, homeland security and national intelligence
Did HP Just Lose $5 Billion Through Bad Accounting? (Slate) How could Hewlett-Packard find a $5 billion-plus hole in an $11.1 billion deal? The U.S. tech giant claims to have uncovered all kinds of accounting nasties at Autonomy, the British software outfit it bought last year. But HP won't say quite how the allegations - strongly denied by Autonomy's ex-boss Mike Lynch - could produce such a colossal writedown. Breakingviews tries a spot of reverse-engineering to see how it could be possible
8 biggest myths about managing geeks (IT World) Tech pros are more than the sum of their stereotypes. Here are eight commonly held misperceptions about managing the techie set
Products, Services, and Solutions
Rapid7 Releases Nexpose 5.5 (Dark Reading) Introduces new capabilities for configuration assessment and enhanced reporting
Ixia Unveils IxNetwork 7.0 (Dark Reading) Update to IxNetwork gives users visibility into the performance of complex converged networks
Metasploit Goes Phishing (eSecurity Planet) Leading open source penetration testing framework adds phishing attacks to its arsenal. What can and should an enterprise do
Linux 3.7 released, bringing generic ARM support with it (Ars Technica) Like Windows RT before it, Linux seeks to bring sanity to ARM processor support. Linus Torvalds has officially announced that version 3.7 of the Linux kernel has gone stable, and that means good news for developers who work with ARM-based CPUs: among its other changes, Linux 3.7 is the first Linux kernel to include generic support for multiple ARM CPU architectures, reducing the amount of effort required to get Linux-based operating systems running on phones, tablets, and ARM-licensed developer boards like the Raspberry Pi.
Ultra-secure memory sticks with anti-malware features (Help Net Security) Kingston Digital has partnered with ESET and ClevX. The combination extends ClevX DriveSecurity powered by ESET's proactive portable anti-malware technology to Kingston's DataTraveler 4000 (DT4000
McAfee mobile security app gets new privacy technology (Help Net Security) McAfee released an enhanced version of McAfee Mobile Security featuring App Lock, an app privacy technology, as well as a completely refreshed user interface. The security solution provides Android
Free anti-spam software for the Mac (Help Net Security) Cloudmark announced DesktopOne for Mac, that enables Mac users to filter email to eliminate messaging threats, protecting consumers and small businesses against spam, phishing and email-borne viruses
Amazon opens AWS to Microsoft developers (Fierce Big Data) Amazon (NASDAQ:AMZN) wants to rule the cloud and to that end, opened its Amazon Web Services platform to Microsoft (NASDAQ: MSFT) developers hoping to grow their inventory of big data applications
What If Google Ignores BlackBerry 10? (InformationWeek) Google's long-time support for RIM's BlackBerry platform seems to be waning. Will BlackBerry 10 be able to win back Android and iPhone users without mobile apps from Google
Red Hat Speeds Up Open Source Virtualization Race (Information Week) KVM-based Enterprise Virtualization 3.1 enables extra-large virtual machines and better live migration across more storage systems than before
13 Big Data Vendors To Watch In 2013 (InformationWeek) From Amazon to Splunk, here's a look at the big data innovators that are now pushing Hadoop, NoSQL and big data analytics to the next level
Technologies, Techniques, and Standards
Hauling That 50lb Sack of Compliance (Dark Reading) Done wrong, your compliance efforts can needlessly weigh your team down
When 'anonymous' data isn't anonymous (IT World) What do Web trackers do when the 'anonymous' data they gather reveals your identity? They redefine the word "anonymous"
High-frequency traders use 50-year-old wireless tech (IT World) In the world of high-frequency trading, where being ahead of the competition by a few milliseconds can mean profits worth millions of dollars, finance firms are increasingly looking to decades-old microwave technologies for a competitive edge
Israel's Cyber Defenses Protect Government Sites from 44 Million Attacks (infosec island) As Israels Iron Dome missile defense shield blocks hundreds of incoming missiles from hitting their target, their cyber defense is also hard at work blocking millions of incoming cyber attacks. There have been millions of hacking attempts against government sites that have been intercepted with reportedly only one successfully taking down its target. And that for only a few minutes
Inside an IT asset disposal facility (CSO) A look at the machines and steps taken inside the Las Vegas-based facility of U.S. Micro, an IT asset disposition company, as they disassemble, destroy and then recycle IT assets securely
Design and Innovation
Lessons for Apple, Instagram, and others from Polaroid's past and present (Quartz) The rise and fall and hesitant rise again of Polaroid is both a cautionary tale and an inspiration for businesses. Once a revolutionary think-tank churning out innovations, 30 years after its inception, Polaroid found itself to be a one-product company fighting tooth and nail to preserve its patents
What it really takes to foster a startup community (Quartz) Innovation and entrepreneurship are the engines of economic growth. For decades now, cities and communities across the United States have tried to infuse themselves with those two properties by emulating Silicon Valley, a never-ending quest to become the next Silicon Somewhere
Research and Development
Hacking the Human Brain: The Next Warfighting Domain (Wired Danger Room) This new battlespace is not just about influencing hearts and minds. It's about involuntarily penetrating, shaping, and coercing the mind in the ultimate realization of Clausewitz's definition of war: compelling an adversary to submit to one's will.
Can scientific misconduct derail big data? (Fierce Big Data) Scientists have a tough enough job trying to make a superstitious and paranoid public face reality. And over the last 10 years, the number of retracted scientific papers increased tenfold, which won't help their cause when they try to get the world to believe what big data analytics are telling them
Academia
Israel cyber security incubator program established by Ben-Gurion University of the Negev (Homeland Security Newswire) Ben-Gurion University of the Negev (BGU) and its technology transfer company,BGN Technologies, will create Israels first cyber security incubator in Beer-Sheva under the Israeli Office of the Chief Scientist Incubator Program. The incubator program will be established in partnership with Israeli venture capital firm Jerusalem Venture Partners (JVP). The exciting initiative is taking place in the wake of rising cyber threats, as well as increasing attacks on critical infrastructure in Israel and around the world, says Doron Krakow, executive vice president, American Associates, Ben-Gurion University of the Negev.
Legislation, Policy, and Regulation
Broadband requires FCC to modernize policies, says Genachowski (Fierce Government IT) The Federal Communications Commission announced Dec. 10 an agencywide task force to conduct a review and provide recommendations to modernize the commission's policies as the nation's broadband communications migrate from circuit-switched to packet-switched, and from copper to fiber and wireless-based networks
After decades of discussion, EU votes for unified patent system (Ars Technica) Cost of getting a patent will drop; but that's not necessarily a good thing. The European Parliament voted today to create a unitary patent system and patent court, after discussing the idea for more than 30 years. The proposal, which passed on a 484-164 vote, may lower the cost of getting a European patent by as much as 80 percent. The unitary patent court will come online on January 1, 2014, or when at least thirteen member states ratify the proposal
Litigation, Investigation, and Law Enforcement
Anon on the run: How Commander X jumped bail and fled to Canada (Ars Technica) "You scared?" asks the fugitive in the camouflage pants as he sidles up to our pre-arranged meeting point in a small Canadian park. He wears sunglasses to hide his eyes and a broad-brimmed hat to hide his face. He scans the park perimeter for police. "Cuz I'm scared enough for both of us." It's a dramatic introduction
Legal Merits of 'Hack Back' Strategy - Attorneys Discuss Whether Best Cyberdefense is a Strong Offense (Govenment Information Security) From point-of-sale hacks to malware and DDoS attacks, the top cyberthreats of 2012 have been aggressive and strong. Is it time for organizations to adopt a "hack back" strategy against perceived attackers? This is a question being discussed by members of the American Bar Association, and it was a hot discussion topic among three leading security/privacy attorneys in a year-end roundtable panel with Information Security Media Group
Trustwave Named In Lawsuit Surrounding South Carolina Data Breach (Security Week) The lawsuit against South Carolina followingthe recent Department of Revenue data breach has been expanded to include data security company Trustwave. John Hawkins, a former South Carolina state senator and attorney, filed an amendment to the lawsuit claiming Trustwave "violated and failed to comply with the duties imposed upon them to encrypt data and to expeditiously disclose the breach of security," according to an Associated Press report. South Carolina hired Chicago-based Trustwave back in 2005 to secure its databases and meet its requirements under the Payment Card Industry's PCI-DSS standard
Is the U.S. Government Really A Spy Machine? (MIT Technology Review) A former NSA employee says the government collects all e-mails you write. But the government says it's impossible. Who do you believe? The role government plays in surveillance has long been a topic of debate. For years, we've heard stories of the U.S. government accessing data from citizens unbeknownst to them or those with whom they're communicating. And time and again, privacy advocates argue that our rights are being violated
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
SANS SEC 504 - Hacker Techniques, Exploits & Incident Handling (Linthicum Heights, Maryland, USA, Dec 10 - 14, 2012) Rescheduled after Hurricane Sandy, this SANS Institute program provides information on how to recognize and respond to hacking.
tmforum Big Data Analytics Summit (Amsterdam, Netherlands, Jan 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates, panels, interactive sessions and networking opportunities that maximize every participant's opportunity to network and generate ideas that can be implemented immediately.
ATMiA US Conference 2013 (Scottsdale, Arizona, US, Feb 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.