The CyberWire Daily Briefing 01.03.13

Cyber Trends

Mr. Mitnick, I presume? Africa's coming cyber crime epidemic (IT World) For much of the past quarter century, computer crime has been a decidedly First World problem. But that's about to change, security experts say

Report: 94% of US hospitals suffered data breaches, and 45% had quintuplets (Naked Security) Competent healthcare providers are great at medical things, be it measuring fasting blood sugar to diagnose diabetes, swabbing the backs of our throats, or clearing plaque off our grubby molars. Securing electronic devices or health records? Not so much

Growing confidence in cloud security (ComputerWorld) Cloud computing is blowing into 2013 on the winds of confidence, with IT professionals increasingly convinced that the security controls are adequate, but still very, very leery

5 Cloud App Trends To Expect In 2013 (InformationWeek) We'll see more mobile options and embedded analytics, of course, but surprises will include growth in financial apps and big-data insights

5 Data Center Trends For 2013 (InformationWeek) Energy efficiency will continue to be a major focus of data center operations over the coming year, but that's not all we'll see

5 Social Business Predictions For 2013 (InformationWeek) Expect evolution, not revolution, and a Facebook fail

Worldwide telehealth market to grow 55% in 2013 (Fierce Mobile Health Care) Fueled by healthcare reform aimed at reducing in-patient costs and post-acute care strategies designed to reduce readmissions, the worldwide telehealth (remote patient monitoring) market will grow by 55 percent in 2013 in terms of device and service revenues, according to a recent report from InMedica, the medical technology research division of U.K.-based market research consultancy IMS Research

Increased device adoption will make 2013 a banner year for mHealth (Fierce Mobile Health Care) By any account, 2012 was a breakout year for mobile healthcare. When measuring the progress of mHealth over the past year, the best metrics are perhaps the raw statistics that show physicians, providers and other healthcare professionals are using smartphones, laptops and tablets in their work in unprecedented numbers

4G smartphones will spur rapid rise in semiconductor revenues (Fierce Mobile IT) Demand for semiconductors in smartphones and tablets is expected to offset weak semiconductor demand in other segments and push semiconductor revenues up 4.9 percent to reach $319 billion this year, according to the latest IDC stats

Legislation, Policy and Regulation

Patient safety requires coordinated public-private strategy, says ONC plan (Fierce Government IT) Promoting the healthcare industry's use of health information technology to make care safer is the primary objective of a Dec. 21 plan from the Office of the National Coordinator for Health IT

Israel preparing Cyber Iron Dome Shield (The Hacker News) Israel's Prime Minister officially opened a new national program to train teenagers in the art of cyberwarfare. The program named "Magshimim Le'umit", is to prepare them for their future role in the military and intelligence community. Israel Prime Minister Binyamin Netanyahu said the country's computer systems are facing attacks from Iran and other countries, and such attacks are set to increase in the digital age

UK to launch public cyber security awareness campaign (ComputerWeekly) The Cabinet Office is to launch a public cyber security awareness programme early this year aimed at improving the online security of consumers and small and medium enterprises (SMEs). The initiative is part of the governments cyber security strategy, aimed at ensuring the UK can manage the risks and harness the benefits of cyberspace. Marking the strategys first anniversary last month, minister for the Cabinet Office, Francis Maude, said business and government needed to continue to educate customers so that everyone using the internet is better informed of the potential risks and how to protect themselves online

South Korea Budgets For Sunnier Ties With Reclusive North (Reuters) South Korea has increased its budget to fund North Korea-related projects this year, government data showed on Thursday, with a new president seeking closer relations due to take office in Seoul and signs of an opening from Pyongyang.

FCC streamlines approval process for in-flight Wi-Fi systems (Fierce Mobile IT) Busy executives view long plane trips as an opportunity to catch up on work using mobile devices that are able to access the Internet on in-plane Wi-Fi systems. The aircraft is able to provide Wi-Fi access by connecting to special wireless towers or through satellite links

Products, Services, and Solutions

Driver software to be tweaked to reduce Radeon frame latencies in series of updates (Ars Technica) Portion of AMD's driver code needs love to perform optimally

Intel prepares to launch combo cable and streaming TV service (IT World) Could 2013 be the year of the TV for the high-tech industry? With Apple chomping at the bit to revolutionize TV and Google renewing its efforts in the market, now Intel appears to have its ducks in a row to launch its own TV offering

Why Windows To Go is perfect for BYOD (IT World) Is your business still using Windows XP? If so, you're not alone. But, you should also seriously consider moving to a newer operating system. You could just step up to Windows 7, but there's also a pretty strong case to be made for moving to Windows 8--particularly Windows 8 Enterprise

Can BB10 kill iPhone 5? RIM's new BlackBerry phones to hit UAE in February (Emirates 24/7) Unlike Apple, RIM plans to simultaneously release new phones across the world along with the US and Europe

Ubuntu comes to the phone (Help Net Security) Canonical announced a smartphone interface for its operating system, Ubuntu, using all four edges of the screen for a more immersive experience. Ubuntu gives handset OEMs and mobile operators the ability

The Ubuntu Phone OS Doesn't Stand A Chance (TechCrunch) Of course proponents will say that the mobile market is still in its infancy and there is a need for an open OS. While I agree, I am not convinced that Ubuntu will become a winner on the scale of Android, its Linux counterpart. Years will pass before Ubuntu sees developer traction for an Ubuntu phone. The device does not yet have a manufacturer or an operator

Technologies, Techniques, and Standards

Now pirated iOS apps can be installed without jailbreak (CSO) Online services demonstrate ability to install pirated apps on iPhone and iPad without users having to have jailbreak the device

Memory acquisition traps (Internet Storm Center) Last week at the CCC conference in Hamburg, my colleague Luka Milkovic presented his work on memory acquisition tools…Since memory acquisition is becoming increasingly popular in any incident forensics, I think it is very important for every incident handler to be aware of deficiencies in this process. So how does the memory acquisition process work? Once executed, all memory acquisition tools install a driver to get kernel access through it and then start reading memory and either dumping it to a file or over the network

Interesting solution to cyber theft problem (Fierce Finance IT) Cyber-attacks against banks remain a huge issue in the industry, as Trojan-oriented attacks on customer accounts continue to proliferate. Unfortunately, in the minds of some, these attacks represent a cost of doing business, as it is assumed that at some point hackers will be able to drain money from accounts. The real goal may be to reduce the success rate of attackers

RIM patent aims to make 'spy cam' shots a thing of the past (ZDNet) RIM has patented a new process that would stop a camera from taking photographs unless it was properly focused on the subject, thereby preventing 'spy cam'-type shots that can be the source of information leaks within a company. The patent filing was granted by the United States Patent and Trademark Office (USPTO) on Tuesday."The camera restriction prevents a user from taking a picture of a subject if the device has not been steadily focused on the subject in question for a predetermined period of time," RIM said in the patent filing

A New Way of Detecting Cybersecurity Attacks (Digital Communities) Rajeev Bhargava is an acknowledged pioneer in the networking and software industry, and CEO of Toronto-based Decision Zone Inc. His career spans more than 30 years within the engineering and IT industry, and he has been closely associated with many of its major developments. Rajeev has advised many of North America's largest organizations within the telecom, financial, high tech, military, retail, aerospace and government industries. He is the inventor of an anomaly detection solution used for applications in network security, data quality, audit, information management and risk functions within organizations around the world

Why hire a hacker? (Help Net Security) I'm not advocating the hiring of computer criminals. If you are being held to ransom by someone claiming to have control of your infrastructure, and demanding payment to prevent further damage or exposure

Marketplace

Obama Signs Fiscal Cliff To Raise Taxes On Wealthy, Delay Spending Cuts (Washington Post) President Barack Obama has signed a bill that boosts taxes on the wealthiest Americans, while preserving tax cuts for most American households

Delay May Increase Pain Of Potential DoD Cuts (Army Times) By delaying, but not preventing, sequestration, the agreement leaves the Defense Department at risk of being forced to cut $57 billion to $63 billion from the 2013 budget while also giving them less time, which means less flexibility, in making the cuts

Weapons Makers Try Health Care Amid Defense Cuts (Bloomberg) Top weapons makers Lockheed Martin Corp. and General Dynamics Corp. are pursuing and winning health-care projects as the Pentagon weighs hundreds of billions of dollars in cuts

Defense Contractors Gain Temporary Reprieve On Cutbacks (Bloomberg) Defense contractors led by Lockheed Martin Corp., General Dynamics Corp. and Raytheon Co. gained a reprieve from U.S. spending cuts that may prove short-lived

Many Threats Are Left Intact (Washington Post) The deal to which the House gave final approval late Tuesday will head off the most severe effects of the "fiscal cliff" by averting a dangerous dose of austerity but still leaves the economy vulnerable to both immediate and more distant threats

Panetta Urges Congressional Action On U.S. Deficit (Defense News) The day after Congress passed a bill delaying defense spending cuts for two months, U.S. Defense Secretary Leon Panetta continued to press lawmakers to pass a balanced deal to lower the nations deficit

Tax Deal Delays Pentagon Notification Of Possible Furloughs (Security Clearance) The Pentagon has delayed plans to notify up to 800,000 civilian workers about possible furloughs now that any big spending cuts under the fiscal cliff have been averted

Federal Agencies Bracing For Cuts After The Accord (Washington Post) Defense Secretary Leon E. Panetta said Congress has "prevented the worst possible outcome by delaying sequestration for two months." But he warned that the "the specter of sequestration" threatens national security

Budget Uncertainty Is Just Around Corner (Washington Post) But "now" is no more than two months. The future remains uncertain for federal employees because the legislation, passed less than 24 hours into 2013, delays the budget reductions known as sequestration only until early March

Next Defense Secretary Will Face Challenges (Miami Herald) Experts who study U.S. security agree that the easy part for the next secretary will be getting the job. A shrinking budget will pose a big challenge

U.S. Arms Sales To Asia Set To Boom On Pacific 'Pivot' (Reuters) U.S. sales of warplanes, anti-missile systems and other costly weapons to China's and North Korea's neighbors appear set for significant growth amid regional security jitters

DISA Hands Down $1B Engineering, IT Services IDIQ (Govconwire) The Defense Information Systems Agency has awarded seven contractors positions on a potential $1.42 billion contract for engineering and information technology services supporting an information systems network. According to the Defense Department, the agency received nine offers for the indefinite-delivery/indefinite-quantity contract via FedBizOpps. This multiple-award contract was set aside for small businesses, the Pentagon said

CACI Buys Health IT, Data Analytics Firm IDL (Govconwire) CACI International (NYSE: CACI) has acquired Wisconsin-based healthcare information technology and analytics firm IDL Solutions for an undisclosed amount, CACI announced Wednesday. CACI said it made the acquisition to grow its presence in the federal healthcare market, which the company values at $33.5 billion, and complement its November acquisition of Emergint Technologies

General Dynamics to strengthen engineering programs with acquisition of Applied Physical Sciences (Military and Aerospace Electronics) General Dynamics (NYSE: GD) has acquired Applied Physical Sciences Corp., a provider of applied research and development services based in Groton, Conn., in a cash transaction for an undisclosed price. Applied Physical Sciences will complement the engineering programs of General Dynamics Electric Boat, a wholly owned subsidiary of General Dynamics. Applied Physical Sciences offers research, development, engineering and prototyping services to government and commercial customers. The company specializes in the areas of acoustics, signal processing, marine hydrodynamics and electromagnetics

RIM sells NewBay cloud unit as part of BlackBerry focus (Fierce Mobile IT) Research in Motion (NASDAQ: RIMM) has sold its NewBay cloud unit to Synchronoss, a Bridgewater, N.J.-based mobile content management firm, for $55.5 million in cash

Google Executive Chairman Reportedly Plans To Visit N. Korea (Washington Post) Google Executive Chairman Eric Schmidt, a pioneer for free and open communication, is planning a trip to North Korea, an isolated police state that prohibits nearly all of its citizens from using the Internet

6 Things Microsoft Must Do In 2013 (InformationWeek) This could be a make or break year as Microsoft looks to establish itself in mobile, cloud and other hot new markets while fending off challenges to its Windows franchise

Reverse brain drain: India beckons non-resident citizens home with plum salaries (Emirates 24/7) The overseas Indian community (non-resident Indians, NRIs) is estimated at over 25 million and is spread across every major region in the world. Many of these, now overseas residents, went abroad to study and many never came back

CIA Vet Jose Rodriguez Joins Novitas Group to Help Lead Strategic Affairs (Govconwire) Jose Rodriguez, former director of the National Clandestine Service at the CIA, has joined strategy and professional services firm Novitas Group LLC as managing director for global strategic affairs. The company said Rodriguez, who also served as deputy director for operations, will help bring the company's capabilities to government, business partners and organizations worldwide

Gary Shankman Joins Serco as CFO for U.S. Operations, Chris Sullivan as CIO (Govconwire) Gary Shankman has joined Reston, Va.-based Serco Inc. as chief financial officer, the same position he previously held within SAIC's defense solutions segment. The more than 30-year government contracting veteran is a certified public accountant and earlier consulted and audited government contractors with Arthur Andersen, focusing on federal acquisition and cost accounting standards compliance

Research and Development

Quantum measurements on one island determine behavior on another (Ars Technica) A quantum eraser works instantly over 144km. A key feature of quantum physics is the wave-particle duality: the tendency of physical systems to exhibit both wavelike and particle-like behaviors. One particularly striking example of the wave-particle duality is the quantum eraser. In a typical experiment, two photons are entangled in a particular way and sent along different paths. As is usual in entanglement, a measurement performed on one photon reveals the outcome of related measurements on the second. In the specific case of the quantum eraser, however, the measurement dictates whether the second photon will exhibit wave- or particle-like characteristics

A Tiny City Built to be Destroyed by Cyber Terrorists, So Real Cities Know What's Coming (Scientific American) CyberCity takes up a mere 48 square feet, but it has a working electric grid, transportation system, and banking network

Security Patches, Mitigations, and Software Updates

Vulnerability in Internet Explorer Could Allow Remote Code Execution (Microsoft Security Tech Center) Microsoft is investigating public reports of a vulnerability in Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8. Internet Explorer 9 and Internet Explorer 10 are not affected by the vulnerability. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8. Applying the Microsoft Fix it solution, "MSHTML Shim Workaround," prevents the exploitation of this issue. See the Suggested Actions section of this advisory for more information

Microsoft issues quick fix for critical zero-day hole in IE (Network World) There seems to have been no rest for Microsoft over the 2012 holidays as it issued a quick fix for a zero-day IE vulnerability that attackers were actively exploiting via drive-by download attacks. It may have felt like a flashback for the company as

iPhone Do Not Disturb bug fix coming January 7 (TrustedReviews) Apple has responded to a recent iPhone bug that has seen handset's 'Do Not Disturb' features failing to turn off when scheduled, suggesting the issues will continue until January 7. Sparked by the recent jump from 2012 to 2013, the new Do Not Disturb

Cyber Attacks, Threats, and Vulnerabilities

Post-Holiday DDoS Attack Hits Citi (Technology Banker) Financial organisations were lulled into a false security when no attacks happened on Christmas day, as previously warned by the hacktivist group, Izz ad-Din al-Qassam Cyber Fighter As Christmas day came and went without any report of any attacks, analysts even went as far as saying that financial organisations are now better equipped and therefore managed to counter any attack before it causes any interruption. However, it looks like their optimism is premature as Citigroup experience website interruptions on 26 December 2012 which started late afternoon that day. Commenting on the report, the bank's spokesman, Andrew Brent, refused to confirm that the high volume traffic and website interruptions experienced by its customers were caused by Distributed-Denial-of-Service attack

Number of Banks Targeted by DDoS Attacks May Increase (Security Bistro) The holidays have passed and its time to balance the ol checkbook. But wait Having trouble accessing your banks customer portal yet again? It may be a circumstance that we all need to become accustomed to as the extremist group Izz ad-Din al-Qassam Cyber Fighters are threatening to expand the number of financial institutions being targeted by Distributed Denial of Service (DDoS) attacks

Energy Manufacturer Also Victimized by IE Zero Day in Watering Hole Attack (Threatpost) This week's watering hole attack exploiting a zero-day vulnerability in Internet Explorer was not limited to the influential Council on Foreign Relations site. A Metasploit contributor said an energy manufacturer's website has been serving malware

New IE Zero-Day Attack Bypasses Key Microsoft Security Measures (Dark Reading) Aside from the drama of a New Year zero-day attack, the exploits highlight yet another APT-type attack employing drive-by website or so-called "watering hole" techniques. This is not your typical spearphishing APT attack, where the attackers use email

EMET 3.5: The Value of Looking Through an Attacker's Eyes (Internet Storm Center) So it's probably worth talking about the recent IE 8.0 0-day. While the use-after-free exploit specifically targets IE 6 through IE 8 web browsers, its worth of mentioning because of its widespread use in targeted attacks seen in the US, China, and Taiwan. The security company, Fireye found the exploit rigged on a compromised page on the Council on Foreign Relations website among other locations. As a defender, you probably find yourself asking the wrong question when it comes to defending against this exploit. Is there a patch available? What is the Microsoft approved Fixit solution until a patch can be developed? Is there an antivirus signature for it? Don't fret, as previously noted, Microsoft Tech Net has a temporary fix in place. While useful in preventing this specific attack, the fix is the wrong way of thinking about a solution to the bigger problem. As a defender, you need to start understanding that 0-day is out there

Cyber-attack 'stole secret trade info' (The Daily Yomiuri) Highly confidential documents related to sensitive trade negotiations are suspected to have been stolen from computers at the farm ministry, government sources said. The sources said a cyber-attack originating overseas is thought to have obtained more

HighTech Brazil HackTeam Hits Hundreds of Sites Worldwide (eSecurity Planet) Compromised sites included South African satellite TV service TopTV and the Greek National Printing Office. The HighTech Brazil HackTeam today welcomed the new year with a flood of attacks on several hundred Web sites worldwide, compromising the Web sites for the South African satellite TV service TopTV, the Greek National Printing Office, Indian wireless Internet provider Reliance Netconnect, and many other

LulzSec Peru Hackers Hit Argentina's Ministry of Defense (eSecurity Planet) LulzSec Peru recently defaced the Web site for Argentina's Ministry of Defense and published stolen data on AnonPaste. The following statement was posted along with the data dump: "According to statements by the DEPARTMENT OF ARGENTINA DEFENSE the computer systems area say they had a system impossible to hack, thing turned otherwise. The event should not be taken as terrorism, was for the simple fact to prove that the system was totally vulnerable

Anonymous Hackers: Expect Us in 2013 (eSecurity Planet) Anonymous recently published a brief statement suggesting ways for new members to join the movement, including connecting on Twitter and IRC."Anonymous also posted a short video bragging of its dealings in 2012, including the temporary shutdown of the U.S. Department of Justice and other sites in protest of the U.S. government targeting MegaUpload," writes Maximum PC's Paul Lilly. "Also in the video are various clippings related to the organization's effort to thwart Westboro Baptist Church members from protesting the funeral of Newtown, Connecticut shooting victim Principal Dawn Hochsprung

Anonymous in decline? Don't bet on it (CSO) McAfee predicts a steep decline for Anonymous in 2013, but we could simply be seeing a conversion

Chrome Clickjacking Vulnerability Could Expose User Information on Google, Amazon (Threatpost) An apparent clickjacking, or UI redress vulnerability, in Google's Chrome web browser could make it possible for attackers to glean users' e-mail addresses, their first and last names and other information according to recent work done by an Italian researcher

Be careful opening bikini screensavers - malware hides inside (Naked Security) A Trojan horse has been spammed out across the net, posing as zipped-up bikini images inside a screensaver. Seriously, think for one minute before opening emails like this or face the consequences

Your Firm is Small, But Still An Attractive Target (ReadWriteWeb) In an October 2012 survey released by the National Cyber Security Alliance, states that US small- and medium-sized business owners and operators clearly

APT Targets The Little Guy (Biztech2.com) APT Targets The Little Guy - In 2012, Imperva saw the continuing trend of smaller businesses being hit by cyber criminals

The NYSE's Year of Living Dangerously Ends With Yet Another Glitch (IEEE Spectrum) In an apropos finale, the New York Stock Exchange suffered one last trading glitch on New Year's Eve. According to Dow Jones Business News, the NYSE issued "an alert to traders at 3:19 p.m. EST that its equity market was experiencing an issue with one of its engines that matches 'buy' and 'sell' orders and that 26 issues were affected, including BBX Capital Corp. (BBX), Verso Paper Corp. (VRS) and TransAlta Corp. (TAC)

Academia

Teachers targeted by pupils using social media, says SSTA chief (CSO) Female teachers are particularly vulnerable

Litigation, Investigation, and Enforcement

Write Gambling Software, Go to Prison (Wired Threat Level) In a criminal case sure to make programmers nervous, a software maker who licenses a program used by online casinos and bookmakers overseas is being charged with promoting gambling in New York because authorities say his software was used by

Court Backs Obama On Secrecy (Washington Post) The Obama administration acted lawfully in refusing to disclose information about its targeted killings of terrorism suspects, including the 2011 drone strikes that killed three U.S. citizens in Yemen, a federal judge ruled Wednesday

Design and Innovation

Aberdeen analyst sees future of corporate innovation in video collaboration (Fierce Mobile IT) Mobile video collaboration needs to be integrated with desktop and room-based video collaboration systems "to realize its full value," noted Andrew Borg, senior research analyst for wireless and mobility communications at the Aberdeen Group