The CyberWire Daily Briefing for 1.2.2013
2013 has begun quietly, at least from a cyber perspective. Its biggest news so far involves the brinksmanship at the edge of the US "fiscal cliff," a fall over which seems to have been averted by a late-night compromise yesterday.
Whatever else the New Year may bring, it has not yet brought relaxed cyber relations between the US and Iran. PolicyMic regards those tensions as amounting to full-scale cyber war as Al Arabiya has details of Iran's cyber warfare exercises.
The Gauss banking Trojan (bracketed last year with Flame and Stuxnet as state-sponsored malware targeted against Middle Eastern enterprises) is noted for its sophisticated encryption scheme, but Kaspersky reports that scheme may soon be broken.
Kroll warns against "vampire data," data that reside in a corner of an enterprise, vulnerable but largely forgotten. Relatively easily compromised, vampire data can, Kroll breathlessly warns, return to "drain the life from an organization." Still, the vulnerability is a real one, as the US Army's Communication and Electronics Command's recent loss of old Fort Monmouth data attests.
Microsoft has issued a fix for the Internet Explorer vulnerability discovered (and exploited) late last week.
Eugene Kaspersky made Wired's list of the world's fifteen most dangerous people, largely on the strength of his alleged connections with Russia's FSB, but also for his firm's exposure of Flame and Gauss.
PricewaterhouseCoopers expects to see a wave of divestitures in the tech sector as companies concentrate on core capabilities and exploit savings made possible by migration to cloud services.
Today's issue includes events affecting Canada, India, Iran, Israel, Russia, and United States..
Cyber Attacks, Threats, and Vulnerabilities
War With Iran: US and Israel Cyber Warfare Against Iran Is Very Much Underway (PolicyMic) As 2013 rolls around, many unanswered foreign policy questions remain lingering for President Obama to tackle in his second term. But none are arguably as complex and potentially explosive as Iran and its troublesome nuclear program, which it claims is for peaceful purposes, but most of the international community worries is actually a weapons program in disguise
Iran for the first time stages cyber warfare drill: report (Al Arabiya) Iranian forces have carried out what they called cyber warfare tactics for the first time as the Islamic republics naval units staged maneuvers in the key Strait of Hormuz, media reports said on Monday. The navy launched a cyber-attack against the computer network of the defensive forces in order to infiltrate the network and hack information or spread virus, the English-language Iran daily reported, quoting Rear Admiral Amir Rastegari. Rastegari said the cyber-attack was successfully detected and blocked
ADVISORY: As New Year Approaches Android Malware Detection Growing (Dark Reading) As 2012 comes to a close, cyber-criminals are taking advantage of your Android app purchases with mobile malware. Be on high alert after you install new Android apps from third party markets and Google's
Tool Aids in Cracking Mysterious Gauss Malware Encryption (Threatpost) The mystery wrapped inside a riddle that is the Gauss malware's encryption scheme may be closer to falling. Late last week, researcher Jens Steube, known as Atom, put the wraps on a tool that should bring experts closer to breaking open the encryption surrounding the espionage malware's payload
Vampire data and 3 other cyber security threats for 2013 (Gov Health IT) Kroll Advisory Solutions has released its 2013 Cyber Security Forecast, spotlighting some of the pressing and perhaps unexpected privacy and security issues healthcare and other organizations may be grappling with in the coming year. While last years vulnerabilities will continue to haunt organizations that have yet to evolve their policies and procedures from encrypting data to regularly changing passwords there are many threats waiting in the wings, according to Kroll, which lists some things to think about in 2013.1. "Vampire data": Don't get bitten by data you didn't know you had
Security Patches, Mitigations, and Software Updates
FixIt Available for Internet Explorer Vulnerability (Internet Storm Center) Microsoft made a "Fix It" available for the currently unpatched vulnerability in Internet Explorer 6,7,8. Fix It's are not a patch, but an easy method to apply workaround configuration changes. At this point, it is highly recommended to apply the Fix it if you can't upgrade to Internet Explorer 9 or 10 or if you havne't already applied one of the workarounds. The Fix It will not conflict with the final patch
Facebook Fixes Midnight Delivery Flaw in Time for New Year (eSecurity Planet) Welsh student Jack Jenkins recently came across a significant vulnerability in Facebook's Midnight Delivery service, which was designed to send messages to friends at the stroke of midnight on New Year's Eve."By simple manipulation of the ID at the end of the URL of a sent message on the FacebookStories site, you are able to view other peoples Happy New Year messages," Jenkins writes. "At least I was when I edited the ID for myself.""The sender isnt visible when you look at the sent message, but the intended recipient and the contents of the message are shown," writes The Inquisitr's Kyle Murphy. "The avatar that normally would display the senders image would then be replaced by the unexpected viewers image
Our Annual Crystal Ball Issue (IEEE Spectrum) Spectrum previews the tech news of 2013—and saves you the embarrassment of being caught off guard
How cyber security helps combat espionage in the digital age (SBonline) Today's businesses are facing new kinds of threats, not physical ones but those that attack through the Web. Hackers have focused on the private sector, using technology to commit espionage against companies of all sizes, gaining access to secrets from U.S. businesses to leverage a competitive advantage. This has created a very real cyber war zone
Cliff avoided: Congress staves off tax hikes (Associated Press) Past its own New Year's deadline, a weary Congress sent President Barack Obama legislation to avoid a national ''fiscal cliff'' of middle class tax increases and spending cuts late Tuesday night in the culmination of a struggle
Kaspersky on Wired.com's Most Dangerous People in the World List (Voice of Russia) Evgeny Kaspersky, the founder of Kaspersky Lab., an IT company providing high-end computer protection for millions of users, has been put on the 15 Most Dangerous People in the World List by Wired.com. The list includes two US whistleblowers, Syria's president, a Mexican drug lord
Number 8: Eugene Kaspersky (Wired) Not long ago, the U.S. had a widespread online campaign to spy on and destroy the work of Iran's atomic scientists. Then along came a group of cybersecurity researchers who systematically identified each of Washington's malware projects — and in so doing, rendered the Stuxnet, Flame, and Duqu espionage programs useless
Innovate Or Die: Nokia's Long-Drawn-Out Decline (TechCrunch) There can be little doubt Nokia's mobile glory days are behind it. Samsung now occupies its former throne at the top of the global mobile tree and Google's Android is the dominant smartphone platform, while Windows Phone still lags Nokia's legacy OS Symbian. So where did it all go wrong for Nokia? What were its big missteps and how could the 147-year-old firm have stayed in the smartphone
Wave of tech divestitures coming in 2013 (IT World) Cheap credit and the move to cloud computing are among the factors, according to PricewaterhouseCoopers
Products, Services, and Solutions
References To iPhone 6, iOS 7 Reportedly Seen in Developer Log (TechCrunch) The iPhone 5 just finished its global rollout, but it looks like leaks about the iPhone 6 are already starting to surface. An iOS developer saw a device named "iPhone 6,1″ running iOS 7 making requests from an IP address within Apple's Cupertino campus, according to TNW. The iPhone 6 is expected to be released by the middle of next year. TNW says that "although OS and device data can be faked, the
Magnet Forensics Launches New Free Tool; Google Maps Tile Investigator (Forensic Focus) Magnet Forensics (formerly JADsoftware) has launched another free tool for forensic examiners; Google Maps Tile Investigator (GMTI). The software can be used by investigators to gain insight into a person's location searches in Google Maps by recovering tile files left behind on a computer
Passware Kit 12.1: Accelerated Password Recovery for MS Office 2013 (Forensic Focus) Passware, Inc. has announced that Passware Kit Forensic v.12.1 can recover passwords for files from the newly released MS Office 2013 (aka MS Office 15). This hardware-accelerated password recovery solution for MS Office 2013 files - Word documents, Excel spreadsheets, PowerPoint presentations, Outlook email accounts and PST files, OneNote files, as well as VBA projects - is the first on the market
Oxygen Forensic Suite 5.0 Released (Foresic Focus) The new release will come with a brand-new rooting method for Android 4.x devices and support more than 6300 different models supported including iPad 4, iPad mini, HTC Desire SV, Star Galaxy S3 and many others. Oxygen Forensic Suite 5.0 will also parse and display data from more than 120 apps including the newly added Android OS built-in Email client, MobiStealth Lite for iOS devices, ICQ Messenger, Kakao Talk Messenger, Zello and more
Design and Innovation
Innovation: Where Can We Go From Here? A Lot Of Places, Actually (TechCrunch) Just when you think that we've innovated all that we can, something new comes along and completely blows our mind. It could be an advancement in hardware, software or just a new way of thinking of things. Humans are pretty resilient when it comes to thinking up new things to tinker with and making our lives easier. This year was pretty awesome when it comes to innovation, and not the
Legislation, Policy, and Regulation
Calls for Canadian government to subsidise cyber security (Acumin) A research paper produced on behalf of the Canadian Security Intelligence Service (CSIS) has called for the federal government to subsidise cyber security for businesses in the country. The spy agency suggests that it is a matter of national security and that critical infrastructure must be protected as many aspects are run through online networks. These include electricity grids and transport systems and therefore deserve cash from the government to strengthen defences and employ more people in cyber security jobs, it reasons
Litigation, Investigation, and Law Enforcement
Lawmakers want more information on website defacement (Post and Courier) The recent defacement of the state workforce agency's website is evidence that South Carolina is now a prime target for additional cyberattacks following the massive breach at the S.C. Department of Revenue, lawmakers leading investigations of the attack say. Were at the top of the list for hackers to test, said GOP House Majority Leader Bruce Bannister of Greenville, who chairs a House committee investigating the Revenue Department breach. Anderson GOP Sen. Kevin Bryant, who leads a similar Senate panel, said the state can expect to see continued attacks like the one Dec. 22 that saw the homepage of the S.C. Department of Employment and Workforce replaced with an image stating, This site was hacked
India to set up data mining unit to fight fraud (ZDNet) Country's Corporate Affairs Ministry is creating a new intelligence unit to improve early detection of fraud and provide assistance to other investigations where needed. India's Corporate Affairs Ministry is setting up a new intelligence unit to carry out data mining that will help detection and investigation of fraud. In a Press Trust of India (PTI) report last Saturday, Indian Corporate Affairs Minister Sachin Pilot said the number of financial fraud cases in the country is increasing and by mining data from all possible sources, company wrongdoings can be detected at the earliest possible stage
Justice Wants Banks To Be Quasi Cops (NPR) Every year, banks handle tens of millions of transactions. Some of them involve drug money, or deals with companies doing secret business with countries like Iran and Syria, in defiance of trade sanctions. But if the Justice Department has its way, banks will be forced to change to spot illegal transactions and blow the whistle before any money changes hands
For a complete running list of events, please visit the Event Tracker.
tmforum Big Data Analytics Summit (Amsterdam, Netherlands, Jan 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates, panels, interactive sessions and networking opportunities that maximize every participant's opportunity to network and generate ideas that can be implemented immediately.
ATMiA US Conference 2013 (Scottsdale, Arizona, US, Feb 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
CTIN Digital Forensics Conference (Seattle, Washington, USA, Mar 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools, Data Carving, Registry Forensics, Placing the Suspect Behind the Keyboard, Triage and Live Forensics CDs, and more.
IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, Mar 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.