The CyberWire Daily Briefing for 12.24.2012
Industrial Safety and Security Source reports that people inside the US CIA told it, on deep background, that the data annihilation attack Iran reported last week was in fact a US-Israeli operation. No one else thinks this likely. Kaspersky has been unable to attribute the "Batchwiper/GrooveMonitor" attack to any agent, but neither it nor Symantec, AlienVault Labs, or SophosLabs believe it was the work of a nation-state.
The SpamSoldier Android Trojan has now been found in all major mobile networks. Symantec announces detection of new banking malware—Trojan.Stabuniq—in US banking systems. This Trojan appears to be collecting information from compromised systems in preparation for a major financial fraud campaign. Verizon denies it suffered a breach over the weekend, but the telecommunication company does say that a third-party marketing company (so far unnamed) may have leaked about 300,000 records.
The crimeware black market seems to have some new customers—national intelligence and security services. Some of the goods on offer appear to have originated, at least remotely if not proximately, within government agencies, and those agencies may be inclined to buy some of it back. This would obviously increase the difficulty of attack attribution.
Microsoft, Google, VMWare, and Oracle all release minor patches and upgrades to widely used products.
Organizations continue to lack BYOD policies, and employees continue to use their own devices. The trend is particularly notable in health care.
The US NSA's "Perfect Citizen" project is allegedly penetrating utility SCADA systems with a view to assessing their vulnerability.
Notes.
Today's issue includes events affecting China, Georgia, India, Iran, Israel, Russia, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Report: U.S., Israel Fingered In Latest Data-Annihilation Attack (Dark Reading) Remember that rudimentary data-wiping malware found on a few computers in Iran this month? Most security experts pegged it as a simple, unsophisticated copycat of more sophisticated data-destruction malware attacks. But in the latest twist, Industrial Safety and Security Source reported this week that the malware was courtesy of a U.S.-Israel attack, citing unnamed CIA sources who also say the attacks preceded the August Shamoon attack that hit Saudi Aramco and Iran's oil ministry
The New type of Agent Fighting Against Terror (iHLS) These are the silent agents. They do not explode in a big bang and flames. They are aimed at deception that at the end of the day may result in leaving the triggers unsqueezed. In that context the issue may be a major war or just planned terror attack
Android botnet detected on all major mobile networks (SC Magazine) Spammers have amassed the first-known Android botnet, consisting of compromised devices running on all the major U.S. mobile networks, and it's being used to deliver SMS spam, researchers said this week. Spotted in early December by two San Francisco-based security firms, Cloudmark and Lookout Mobile Security, the botnet grows when users unwittingly install a malicious game application that contains the SpamSoldier trojan. Infected devices then communicates with a command-and-control server, receiving instructions to send SMS messages to more than 100 phone numbers
After hacker disappears from Twitter, Verizon reveals customer data was leaked by a marketing firm (The Next Web) Verizon is sharing more details about the alleged leak of customer data that occurred over the weekend. The company still insists there was no breach, but the carrier has now revealed to TNW that an unnamed third-party marketing firm is to blame. On Saturday, a self-proclaimed hacker leaked some 300,000 records (including serial numbers, names, addresses, date they became a customer, passwords, and phone numbers) which he claimed belonged to Verizon Wireless customers, and then later Verizon FiOS customers
Symantec finds a new trojan that steals data from US banks, customers (Ars Technica) Nearly half of detected infections are on financial institutions' servers. Symantec has discovered a new piece of malware that appears to be targeting financial institutions and their customers in the US. Dubbed Trojan.Stabuniq by Symantec, the malware has been collecting information from infected systems--potentially for the preparation of a more damaging attack
Antivirus Solutions Still Have Problems in Blocking Fake AV, Experts Say (Softpedia) Zscaler researchers make an interesting point about fake antiviruses, also known as scareware. Despite the fact that they've been around for several years, many security solutions are still incapable of blocking these threats. Researchers highlight the fact that, overall, scareware has remained the same as it was a few years ago
Cyberattacks in 2013: Nation States Expected to Turn to the Private Market (Softpedia) Over the past period, the malware economy has taken an interesting turn. The underground markets used to be a place frequented only by cybercriminals, but now they're becoming a valuable resource for both researchers and nation states. According to experts from security firm Zscaler, now that the value of a zero-day vulnerability has gone into the six-figure range, other actors are joining the scene
Modern Malware Blurs the Line Between Cyber Crime and Cyber War (Softpedia) Imperva has released its set of predictions for 2013 and, according to their studies, the number one trend is that government malware goes commercial. Experts believe that just as the technological advancements in military aircraft have influenced commercial aviation, the techniques used in state-sponsored attacks will have a similar impact on modern malware. Technologies previously attributed to state sponsored attacks are going to become commercialized (or commoditized), further blurring the difference between Cyber Crime and Cyber War, Imperva noted in its latest report
Cyber Crime on the Rise in Georgia (Finchannel) Cyber crime including cyber espionage is on the rise in Georgia as a result of the increased computerization rate of Georgian society. Georgian society on the whole, including state organizations and private businesses, tends to be moving toward an electronic format without clear knowledge of all the risks involved, Georgian digital security experts say. The countrys information protection indicator is very low and cyber crime does not encounter any particular obstacles in Georgia, experts agree
Security Patches, Mitigations, and Software Updates
Microsoft re-releases MS12-078 (Internet Storm Center) Just another quick update informational message for you. Microsoft has re-released MS12-078 (This is the Open Type and True Type Font vulnerability)…If you are running an affected Windows OS, you may want to take a look
Google to scan Chrome extensions, bans auto-install (The Register) Google has taken two steps to prevent its Chrome browser becoming an attack vector for malware that runs as extensions to the browser. Like many other browsers, Chrome allows users to install extensions, apps that add functionality. Google even runs the Chrome Web Store to promote extensions
VMware Patches Zero Day Flaw In Desktop Virtualization Software (CRN.com) VMware issues security patches for zero day vulnerability in its View desktop virtualization software, including View Connection Server
Java 7 update offers more security options (Fierce CIO: TechWatch) A recent Java 7 update (Update 10) has added more security options that will appeal to security conscious users and businesses. A new option under the Java control panel, for example, allows users to disable Java applications from running inside their browsers by clearing the "enable Java content in the browser" checkbox
Cyber Trends
Security experts warn of 'January Effect' cyberattacks (PCWorld) The world didn't end with the Mayan calendar. But it still might be a good idea for those in the information security business to be wary of this time of year. Jeffrey Carr, an author on cyberwarfare and founder and CEO of Taia Global, noted in a post on Infosec Island this week that he has noticed a major breach or act of cyber warfare that kicks off the New Yearevery year since 2009
Sum-Up of Cyberattacks Aimed at Organizations - Infographic (Softpedia) Panda Security's anti-malware laboratory, PandaLabs, has released a clever infographic to sum up the cyberattacks aimed at organizations, and their effects
Infographic: Reputational Risk (CSO) Reputation is considered one of the most important intangible business assets. But many companies fall short in managing their reputation strategically. This Zurich infographic presents the hard data. It makes a compelling business case why managing your company's reputation has become a strategic imperative
9 Ways Hacktivists Shocked The World In 2012 (InformationWeek) Despite the arrests of alleged LulzSec and Anonymous ringleaders, ongoing attacks -- including Muslim hackers disrupting U.S. banks -- prove hacktivism remains alive and well
Nurses turning to un-authorized smartphones to meet data demands (Network World) A new study finds that more than two-thirds of nurses are using their personal smartphones for clinical communications. Yet 95% of nurses in the sample say hospital IT departments don't support that use for fear of security risks. The report, "Healthcare without Bounds: Point of Care Computing for Nursing 2012," by Spyglass Consulting Group, points to the collision of healthcare information demands on nurses, and the limits of mobile and wireless technology, at the point of care -- typically the patient's bedside
Twitter poll finds less than one-third of companies have a BYOD policy (Fierce Mobile IT) More than two-thirds of employees use their personal devices at work, yet less than one-third of companies have a policy in place governing the use of those devices, according to a Twitter poll
Marketplace
Did Microsoft Improve Security in 2012? (eSecurity Planet) Microsoft had a lower patch count and fewer vulnerabilities this year, but there were still a few interesting security flaws. Looking at the raw numbers, Microsoft had a good year for security in 2012. In 2011, Microsoft released a total of 100 security updates. In contrast, for 2012 Microsoft was able to reduce that number to
Revealed: NSA targeting domestic computer systems in secret test (CNET) Newly released files show a secret National Security Agency program is targeting the computerized systems that control utilities to discover security vulnerabilities, which can be used to defend the United States or disrupt the infrastructure of other nations. The NSA's so-called Perfect Citizen program conducts "vulnerability exploration and research" against the computerized controllers that control "large-scale" utilities including power grids and natural gas pipelines, the documents show. The program is scheduled to continue through at least September 2014
Pentagon greenlights Army's cloud-based intelligence system (Army News) The Pentagon has given the Army the go-ahead to begin deploying a system that's designed to take nine separate IT systems for intelligence gathering and analysis into a single cloud-based architecture. The service has been developing the program, the Distributed Common Ground System-Army (DCGS-A), for a decade, and is a variant of the DCGS systems each of the military services are working on. The goal is to abandon the stovepiped systems the military has been using to collect and analyze intelligence and give tasking to its intelligence collectors -- many of which use proprietary data formats and don't interoperate easily -- and replace them with a family of systems that speak a language that's common across the intelligence community.…Ditching proprietary data systems that couldn't easily talk to one another was a major step forward for the Army, said Maj. Gen. Stephen Fogarty, the commander of the Army's Intelligence and Security Command.…DCGS-A received some unwanted national media attention over the past couple of years when service members wanted to use Palantir instead of the Army's program of record, believing it performed some functions for intelligence analysts that DCGS-A didn't. Greene said the Army actually has deployed Palantir based on requests from commanders. Out of 13 requests, it fulfilled nine of them. But for now, the system doesn't comply with the information sharing imperative for data interoperability
CGI to Host Railroad Retirement Board's Financial System in Cloud (ExecutiveBiz) CGI Federal has won a $21 million contract from the Railroad Retirement Board to host the agency's financial management system in a cloud computing environment, the company said Thursday
CrowdStrike Partners with Coverity to Ensure Software Security (Digital Journal) High profile security startup builds Coverity development testing into its secure development lifecycle. Coverity, Inc., the development testing leader, announced today that CrowdStrike, a security startup focused on protecting enterprises and governments against advanced cyber attacks, has partnered with Coverity to ensure the quality and security of its software
Citigroup consolidates 70 data centers to 20 (Fierce CIO: TechWatch) Wall Street & Technology had a feature this week detailing how Citigroup has managed to consolidate its global data center footprint with considerable success. After performing a review of its 70 data centers, Citi decided to close a large number of the older facilities, even as it built eight brand new data centers, to achieve greater efficiency
Cloud Jobs: 7 Million In 3 Years, IDC Says (InformationWeek) Microsoft-sponsored IDC report says there are currently 1.7 million open cloud positions just waiting to be filled
Red Hat Buys ManageIQ, Gains Hybrid Cloud Tools (InformationWeek) Red Hat will pay $104 million to fill out self-provisioning and performance management for its virtualization environment, get multi-hypervisor capability
Products, Services, and Solutions
Where OS X security stands after a volatile 2012 (Ars Technica) And where are we going with OS X security in 2013? 2012 was an "exciting" year for OS X security--at least if you're a security expert or researcher. There were plenty of events to keep people on their toes. Although Apple took some egg on the face for some of them, overall, the company came out ahead when it came down to keeping users safe
Google and Motorola draw up plans for 'X phone' (Ars Technica) Google's hoping to one-up Apple with some sweet new tech. According to the Wall Street Journal, Motorola has been working furiously on a new handset with Google. Referred to only as the "X phone," the device will be separate from other phones in development at Motorola that are exclusively sold by Verizon Wireless
ZTE Launches a Videoconferencing Endpoint with a Firewall (Telepresence Options) Multi-billion dollar Chinese multinational ZTE is better known for mobile handsets and wireless telecom equipment than videoconferencing, but the $13.7 Billion USD company makes a short line of solid, standards-based videoconferencing appliances and video network infrastruture. This week they were celebrating the launch of their newest videoconferencing endpoint with a built-in hardware-based firewall, their partnership with Baltimore-based cyber-security firm CyberPoint, and the fascinating and timely way they got American "Pro-Modified" Chinese videoconferencing gear on the US government's GSA schedule
New blog post highlights company experience with Amazon EC2 (Fierce CIO: TechWatch) Thinking of using Amazon's (NASDAQ: AMZN) EC2 infrastructure for your business? Before you dive right in, it may be a good idea to read the candid and detailed analysis of its strengths and limitations that social marketing analysis firm awe.sm outlined in a new blog post this week
New tool targets BitLocker, TrueCrypt full disk encryption (Fierce CIO: TechWatch) Russian digital forensics firm ElcomSoft has unveiled a new Forensic Disk Decryptor software that it says can make it possible to decrypt encrypted file volumes protected by tools such as BitLocker, PGP and TrueCrypt. To be clear, the tool does not actually defeat the security mechanisms behind tools such as BitLocker, but instead recovers the security keys from the computer's operating memory. This can be done by working from memory dumps captured using forensic tools or through a live FireWire attack
Technologies, Techniques, and Standards
Tech Insight: Using Penetration Tests To Gauge Real Risk (Dark Reading) A quality pen test can ferret out the real risk that vulnerabilities pose to a company and its data
Protecting Data In The Cloud Without Making It Unusable (Dark Reading) Encrypting data in the cloud is an important security step, but without the proper handling, it can make processing the data--from searching to number crunching--much more difficult
India Developing Its Own Secure Operating System (Softpedia) According to The Times of India, 150 engineers from all across the country have already been working on the project for over one year and a half, but it will take another three before the operating systems can be rolled out. The director general of the DRDO has explained that India needs its own operating system to strengthen cyber security. He has emphasized that the current operating systems used in India, regardless whether theyre Windows or Linux-based, contain numerous security holes
Design and Innovation
Tim O'Reilly's Key to Creating the Next Big Thing (Wired) Entreprenuer, author and investor Tim O'Reilly has been seeing around corners for decades now. Here's what he sees coming next
Academia
AACC Cyber Forensics Wins First Place In International Competition Again (Eye On Annapolis) For the second consecutive year, an Anne Arundel Community College cyber forensics team won first place in the Community College Division of the U.S. Department of Defense Cyber Crime Center (DC3) Digital Forensics Challenge! Additionally, the team was ranked 23rd of 1,209 teams internationally (including grad school, industry and military teams). This years team, Mad Hatters, includes Marcelle Lee of Severna Park and Dustin Shirley of Odenton
Legislation, Policy, and Regulation
Accumulo language watered down in conference defense authorization bill (Fierce Government IT) Legislative language that could have cast doubt on defense and intelligence agencies' ability to utilize a National Security Agency-developed big data open source database has been significantly watered down in a compromise version of the fiscal 2013 national defense authorization bill unveiled Dec. 18. The DoD has made a determination that Accumulo is "a successful open-source project" supported by commercial companies
Congress Defeats E-Mail Privacy Legislation — Again (Wired) The Senate late Thursday forwarded legislation to President Barack Obama granting the public the right to automatically display on their Facebook feeds what they're watching on Netflix. While lawmakers were caving to special interests, however, they cut from the legislative
Regulator Tells Banks to Share Cyber Attack Information (Bloomberg) A U.S. banking regulator told financial institutions to report cyber attacks to law enforcement and alert customers to their impact as
Lessons of HSPD-12 (CSO) Government agencies have been slow to comply with the directive, showing how hard it can be to implement broad security measures across multiple organizations
Litigation, Investigation, and Law Enforcement
UK court rules against Motorola's 'sync messages' patent (Ars Technica) On Friday, the High Court in London issued a ruling that said that one of Motorola's patents covering technology to synchronize messages across several devices should be invalidated. Originally, the patent covered the synching of messages across multiple pagers, but recently Motorola has used the patent in lawsuits against Apple and Microsoft for using similar message-syncing services in iCloud and on the Xbox, respectively
Google Privacy Convictions Overturned By Italian Court (InformationWeek) Four Google executives had been convicted of violating Italian privacy law after a video of a boy being bullied was uploaded to Google Video
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
tmforum Big Data Analytics Summit (Amsterdam, Netherlands, Jan 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates, panels, interactive sessions and networking opportunities that maximize every participant's opportunity to network and generate ideas that can be implemented immediately.
ATMiA US Conference 2013 (Scottsdale, Arizona, US, Feb 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, Mar 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.