The CyberWire Daily Briefing 12.21.12

Summary

By The CyberWire Staff

Malware coders respond to advances in automated detection with what observers call a "low-tech" approach—their malicious packages wait for human input (like a mouse-click) before executing. This latest trend succeeds previous approaches that relied on sheer volume, obfuscation, or detection of virtual machines.

Iran's CERT says (with righteous dudgeon) that it's discovered a new targeted malware campaign, but Sophos for one is unimpressed: the code is primitive, easily thwarted, and not apparently targeted at anyone at all. Wired runs a summary of the ways in which Russian surveillance technology continues to dominate domestic collection in former Soviet republics.

Al Qaeda's networks continue to suffer from a crippling attack: they've been impaired for the last couple of weeks. India reveals details of a July exploit that exploited 10,000 official email addresses. Excel-based Sudoku proves infected with a form of malware spread by macros, and researchers wonder why such a retro approach has resurfaced.

Threatpost offers an interesting look at the crimeware black market and the ways in which its structure mirrors that of legitimate businesses. In that black market a new exploit kit—"Sweet Orange"—seems poised to surpass Blackhole as the sector leader.

In the US, Defense budget austerity inches closer to reality, and Secretary Panetta tells Department employees not to worry about unpaid furloughs—yet. The US Army's DCGS/Palantir controversy heats up as senior generals are rolled out to defend investment in DCGS. Observers see the Benghazi consulate attack as auguring a boom in private security contracts.

Notes.

Today's issue includes events affecting Armenia, Belarus, Canada, China, European Union, Finland, India, Iran, Kazakhstan, Kyrgyzstan, Russia, Tajikistan, Ukraine, United States and Uzbekistan.

Selected Reading

Cyber Trends

The mobile game changer (CSO) How smartphones and tablets are forcing CSOs to approach ID and access management differently

Legislation, Policy and Regulation

Forge.mil requirement stripped from conference fiscal 2013 defense authorization (Fierce Government IT) The compromise fiscal 2013 national defense authorization bill unveiled by conferees Dec. 18 excludes language from the Senate version that would have required the use of a repository for all software code owned by the government or to which it has use rights and an official designation of DoD collaborative software development environments, "such as Forge.mil managed by the Defense Information Systems Agency

White House strategy on security information sharing and safeguarding (Internet Storm Center) Today, the White House published its new national strategy for information sharing and safeguarding. The document touches a key point that has in the past often stymied cooperation and information sharing between the government and the private sector. In my experience, the gov organizations were always very open to receive and soak up information shared with them by private enterprise, but were far less forthcoming with returning the favor. Very rarely did I ever receive intel from government contacts that wasn't either mostly public knowledge, or that I hadn't received already anyway from peers in the industry

FTC expands Children's Online Privacy Protection Act (CSO) New provisions in the Children's Online Privacy Protection Act cover apps, exempts 'platforms' like App Store and Google Play and requires parental approval before companies can gather kids' photos, videos or geographic location

EU Plans Rules to Bolster Cyber-Attack Defenses in Bloc (Bloomberg) European Union regulators plan guidelines for how governments should bolster defenses from Internet-based attacks, the European Commission said today

Products, Services, and Solutions

Windows 8 Security Stresses Exploit Prevention (Dark Reading) A look at some of the key security features in the Microsoft's new OS

Forensic access to encrypted BitLocker, PGP and TrueCrypt containers (Help Net Security) ElcomSoft released Elcomsoft Forensic Disk Decryptor, a forensic tool providing access to information stored in disks and volumes encrypted with BitLocker, PGP and TrueCrypt

WatchGuard enhances XCS security appliances (Help Net Security) WatchGuard Technologies announced the availability of its enhanced Extensible Content Security (XCS) solutions for SMBs. The XCS 580 and XCS 280 provide the same trusted content protection

Lancope releases new threat intelligence for detecting attacks (Help Net Security) Lancope released new threat intelligence for monitoring global cyber attacks. Through its StealthWatch Labs Intelligence Center (SLIC), Lancope is now delivering two new Threat Scope maps to display

Technologies, Techniques, and Standards

Software Security: BSIMM's Holistic Approach (eSecurity Planet) BSIMM 4 adds new practices for improving software security. The path to building a secure enterprise begins with building secure software. One of the many ways that developers can build secure software is by following the tenets of the Building Security in Maturity

Online reputation management tips (Help Net Security) AVG announces twelve tips for individuals to safeguard their reputations while engaging in heightened e-commerce and social media activities during the holidays. "It's only natural that our times

FCC Offers Guide for Improving Mobile Security (eWeek) With mobile security threats up more than 350 percent since 2010 and smartphones…The Federal Trade Commission, The National Cyber Security Alliance

Marketplace

Blackwater Wins the Battle of Benghazi (Wired) U.S. embassy security in the post-Benghazi era is shaping up to be a financial bonanza for security contractors

Army greenlights controversial intelligence system (FCW) A critical intelligence-sharing system used in combat recently received a green light for full deployment, marking a turning point for a program that earlier this year was embroiled in controversy over its effectiveness versus a competing system. The Army's Distributed Common Ground System, or DCGS-A, is a tool the military uses for processing, exploiting and disseminating intelligence between troops and their mission partners, including intelligence community organizations. It is part of the service's broader modernization strategy, according to Army officials

Army Rolls Out Brass To Defend Anti-IED Software (Washington Times) The Army presented two two-star generals and three intelligence specialists Thursday to defend its $2.5 billion battlefield intelligence processor, which has failed operational tests and has been criticized by soldiers as being too slow to analyze the enemy and help find buried bombs in Afghanistan

Panetta Reassures Pentagon Civilians On Looming Budget Cuts (Reuters.com) U.S. Defense Secretary Leon Panetta sought to reassure civilian Pentagon employees on Thursday about the impact of looming budget cuts, saying no workers would face immediate unpaid leave after Jan. 2, but warning that furloughs might ultimately be necessary

RIM cuts losses, treads water while waiting for BlackBerry 10 release (Ars Technica) Sales even slimmer, but some companies have BB 10 in beta ahead of 1/30 launch

Levy Named Chairman and Chief Exec of Thales (DefenseNews.com) The board of Thales has named Jean-Bernard…management practices that recognize collective intelligence within a strict

Research and Development

New Machine Puts Quantum Computers' Utility to the Test (IEEE Spectrum) Quantum boson sampling machine could show whether future quantum devices will really be faster than conventional computers

7 Codes You'll Never Ever Break (Wired) The history of encryption is a tale of broken secrets. But there are the few elusive codes that no one has ever managed to crack

Security Patches, Mitigations, and Software Updates

Java 7 update 10 introduces important new security controls (Naked Security) Last week Oracle released Java 7 update 10 to the world without fixing a single vulnerability. That doesn't mean there aren't serious security improvements though. New settings could make Java users much safer from here forward

VMware Patches Directory Traversal Vulnerability in View Server and Security Server (Threatpost) Virtualization vendor VMware has patched a critical vulnerability in its VMware View desktop virtualization product that could have led to a directory traversal attack and an attacker reading or downloading files without the need for authentication

Cyber Attacks, Threats, and Vulnerabilities

Automated Malware Analysis Under Attack (Dark Reading) Malware writers go low-tech in their latest attempt to escape detection, waiting for human input--a mouse click--before running their code

Iran claims discovery of new targeted malware (Naked Security) Iran's CERT has issued a warning about a new targeted malware attack that erases hard drives. Is this really the next Stuxnet? Hardly

In Ex-Soviet States, Russian Spy Tech Still Watches You (Wired) The Kremlin isn't just upgrading its electronic surveillance to monitor protesters. It's using that tech to extend Moscow's influence over its neighbors in the former Soviet Union

Malware-Infested Sudoku Puzzles Researchers (Threatpost) A "blast from the past" surfaced recently among those who play Microsoft Excel-based Sudoku puzzles: malware spread by macros. Spreading malicious code via macros was the rage among the digital underground in the late 1990s, so much so that Microsoft eventually disabled them by default

Samsung Acknowledges Exynos Root Exploit (Threatpost) Samsung downplayed a root exploit vulnerability in some of its Exynos processors, and promised a patch for the flaw, according to a company statement acquired by AndroidCentral.

Over 10,000 email IDs hit in 'worst' cyber attack (Financial Express) New Delhi: In what is being termed as the biggest cyber attack on the country's official computer networks, over 10,000 email addresses of top government officials were hacked in a single day on July 12 this year. The IDs included those of officials

Al-Qaida hit by cyber attack (WTOP) Key al-Qaida websites were knocked offline more than two weeks ago and are still dark, according to U.S. intelligence sources. This is one of the longest disruptions the organization has experienced since it set up its online distribution

Cosmo Strikes Again, Taking Over Another Westboro Twitter Account (Wired) It feels a little bit like hacker Groundhog Day. After hijacking a Westboro Baptist Church leader's Twitter account on Monday, Wired has confirmed that the 15-year-old hacker known as Cosmo the God took over another account belonging to one of

Crimeware Enterprises Mirror Legitimate Businesses (Threatpost) Not too long ago, it would have been extremely far-fetched to imagine buying crime services a la carte. But that's the dynamic that emerged in 2012 to plague cybercrime victims on both the consumer and corporate end of the spectrum. The black-market infrastructure that supports cybercriminals is increasingly backboned by packaged malware, exploit kits, as well as hacks and fraud as a service. Expect that to continue and evolve in 2013, experts say

Will the Sweet Orange exploit kit dethrone Blackhole? (Help Net Security) There's a new exploit kit being offered for sale and it seems to be slowly but surely gaining in popularity. Dubbed Sweet Orange, the kit uses exploits for Java, PDF, IE and Firefox vulnerabilities

Cyber arms race set to heat up in 2013 (BCS) Panda Security has also identified software vulnerabilities in programs such as Java and Adobe products as the "preferred method" of infection for malware

OS X in 2013 Will Not Be as Safe as It Is Today, Says Panda Security (Softpedia) Panda Security has released an advisory stating that vulnerabilities will be the main target for cybercriminals in 2013, and that Mac users should exercise

It was inevitable: Malware-infested PowerPoint exploits Mayan Doomsday fears (CSO) Researchers at Sophos say a booby-trapped PowerPoint presentation titled "Will the world end in 2012?" is circulating

The 'January Effect' for cyberattacks is real, say experts (SCO) It's the most wonderful -- and dangerous -- time of the year, most information security experts agree. If you're reading this, then the world hasn't ended per the Mayan calendar. But it still might be a good idea for those in the information security business to be wary of this time of year. Jeffrey Carr, an author on cyberwarfare and founder and CEO of Taia Global, noted in a post on Infosec Island this week that he has noticed a major breach or act of cyber warfare that kicks off the New Year -- every year since 2009

Academia

RSA Opens New Anti-Fraud Command Center In Collaboration With Purdue University (Dark Reading) RSA AFCC staffed by fraud analysts who work to detect, track, block, and shut down phishing, pharming, and mobile-app based attacks

Litigation, Investigation, and Enforcement

Nokia And RIM Bury The Patent Hatchet, Nokia Wins Payment Award From RIM (TechCrunch) Perhaps because there is not really any use in wasting energy fighting down rather than up the competition chain, today the beleaguered handset maker Nokia announced that it has settled all of its patent disputes with the equally challenged BlackBerry maker RIM. Nokia had different claims against RIM, and it looks like RIM is coming out the net loser here: Nokia says that it is getting a one-off

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

tmforum Big Data Analytics Summit (Amsterdam, Netherlands, January 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates, panels, interactive sessions and networking opportunities that maximize every participant's opportunity to network and generate ideas that can be implemented immediately.

ATMiA US Conference 2013 (Scottsdale, Arizona, US, February 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.

#BSidesBOS (Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..

TechMentor Orlando 2013 (Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.

e-Crime Congress 2013 (London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.

IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, March 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.

The Future of Cyber Security 2013 (London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.

Cloud Connect Silicon Valley (Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.

InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.

25th Annual FIRST Conference (Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.