The CyberWire Daily Briefing for 12.13.2013
A commercially available tool is found to enable cybercriminals to automatically register Tumblr accounts. (Criminal markets again mimic legitimate ones: where labor is scarce or expensive, automation fills the niche.)
CryptoLocker has a competitor in the ransomware black economy: a new (as yet unnamed) pay-to-install service for cyber gangs relies on Russian peer-to-peer payment services and does without the high-profile command-and-control infrastructure that so often betrays malware users. On the bright side, AV tools detect the ransomware at a high rate.
Security analysts don't think much of Gmail's new image download default: Ars Technica sniffs that "marketers, stalkers, and debt collectors" will welcome the new policy.
Details emerge on how a privilege-escalation exploit currently circulating in the wild breaks out of Adobe sandboxing.
Bitcoin is enjoying a speculative bubble, and therefore attracts corresponding attention from malware developers.
Google patches an Android flaw that has exposed users to SMS-based denial-of-service attacks.
mHealth 13 symposiasts warn of medical system vulnerabilities. Pacemakers are the most lurid example, but other classes of devices also present concerns.
Bots, both good and evil, now drive some 61% of Web traffic, says Incapsula.
The World Federation of Exchanges forms a new cyber group to help protect securities markets; Nasdaq OMX's CISO, Mark Graff, will lead the effort.
European countries push to develop national (not EU) cyber capabilities. The UK and Netherlands seem particularly ambitious.
In the US, Defense R&D lead Reginald Brothers describes cyber research priorities and the cyber industry's role. The CyberWire has the full interview.
Notes.
Today's issue includes events affecting China, Egypt, European Union, Kenya, Democratic Peoples Republic of Korea, Republic of Korea, Lithuania, Netherlands, Nigeria, Romania, Russia, South Africa, Ukraine, United Arab Emirates, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Hacker Tool Allows Cybercriminals to Automatically Register Tumblr Accounts (Softpedia) Researchers have come across an interesting commercially available tool that can be used by cybercriminals to automatically register Tumblr accounts
Tumblr under fire from DIY CAPTCHA–solving, proxies–supporting automatic account registration tools (Webroot Threat Blog) Next to the ubiquitous for the cybercrime ecosystem, traffic acquisition tactics such as, blackhat SEO (search engine optimization), malvertising, embedded/injected redirectors/doorways on legitimate Web sites, establishing purely malicious infrastructure, and social engineering driven spam campaigns, cybercriminals are also masters of utilizing social media for the purpose of attracting traffic to their fraudulent/malicious campaigns. From the efficient abuse of Craigslist, the systematic generation of rogue/bogus/fake Instagram, YouTube, and email accounts, the process of automatic account generation continues to take place, driving a cybercriminal's fraudulent business model, naturally, setting up the foundations for upcoming malicious campaigns that could materialize at any point in time
New crypto ransomware hits US, Russia and Europe (ZDNet) A gang distributing new crypto ransomware to pay-per-install crime gangs has opted to run its network without a command and control centre to avoid the eye of researchers
New Gmail image server proxies raise security risks (CNET) While Gmail's new policy of automatically loading images by default may have some people excited, it comes at a security sacrifice
Dear Gmailer: I know what you read last summer (and last night and today) (Ars Technica) How Gmail's image tweak is a boon to marketers, stalkers, and debt collectors
Cyber–Attack Dodges Sandbox to Hit Adobe Reader, Windows XP (eWeek) A technical analysis shows that a cyber-attack currently hitting systems in the wild is using two separate vulnerabilities to break out of the Adobe sandbox to infect Windows systems
Bitcoin–Related Malware Continues to Flourish (Threatpost) One good way to measure the popularity of an emerging technology or trend is to see how much attention attackers and malware authors are paying it. Using that as a yardstick, Bitcoin is moving its way up the charts in a hurry. The latest indication is some malware that researchers at Arbor Networks identified that is masquerading as a utility to alert Bitcoin owners of shifts in the currency's value, but is actually marked as a Trojan
Flaw in Nvidia's rendering software allows hijacking of "computer farms" (Help Net Security) A vulnerability in Nvidia mental ray, an extremely popular 3D-rendering software that is often used on "render farms", could allow attackers to take control of said farms, and use their massive computational power for their own nefarious purposes
Facebook users hit with phishing and malware combo attack (Help Net Security) An interesting phishing / malware delivery campaign has been spotted targeting Facebook users
The five most dangerous email subjects to watch for (ZDNet) Phishing campaigns are constantly evolving and it can be too easy to fall for them — so what types of email should you stay vigilant against
LinkedIn invites ranked as the year's most dangerous messages (CSO) Websense published a brief report on the state of Phishing on Wednesday, covering Q1-Q3 2013. According to the numbers, the percentage of Phishing attempts within all email traffic fell .5 percent in 2013, which might seem like a bit of a positive
China Espionage Malware Targeted Diplomats, Foreign Ministers During G20 Summit (Threatpost) European diplomats and ministries of foreign affairs have been targeted during recent G20 meetings by Chinese-speaking hackers conducting espionage campaigns using malware to siphon secrets from compromised computers
Despite Arrest, RAT Usage Grows (Industrial Safety and Security Source) Blackshades RAT is still popular among cybercriminals to the point where there has been an increase in its usage, all this despite the fact that police arrested who they feel was the developer, Michael Hogue
DOE didn't heed warning signs that led to July breach (FierceGovIT) The Energy Department had a number of early warning signs that personnel-related systems were at risk, but failed to correct cyber vulnerabilities that led to a major breach of its Management Information System—allowing outside access to the DOE Employee Data Repository database, finds a Dec. 6 office of inspector general report
SIU HealthCare Data Breach Affects 1,891 Patients (eSecurity Planet) A stolen laptop held 1,891 patients' names, birthdates, admission dates, medical record numbers, diagnoses, procedural codes, and some treatment data
HSBC Acknowledges Insider Breach (eSecurity Planet) A former employee misused customer data including names, Social Security numbers, personal identification numbers, phone numbers and account numbers
Home Office clumsily LEAKS data of 1,598 immigrants, blames 'transparency' (The Register) Nodding watchdog: We're looking closely at this one
SIU HealthCare Data Breach Affects 1,891 Patients (eSecurity Planet) A stolen laptop held 1,891 patients' names, birthdates, admission dates, medical record numbers, diagnoses, procedural codes, and some treatment data
HSBC Acknowledges Insider Breach (eSecurity Planet) A former employee misused customer data including names, Social Security numbers, personal identification numbers, phone numbers and account numbers
Horizon Blue Cross Blue Shield of New Jersey — Three data breaches in five years. (Prevendra) Earlier this week 839,711 members of Horizon Blue Cross Blue Shield of New Jersey received an early lump of coal, news that their information had been compromised by their healthcare insurer
Castle Cary website hacked in cyber attack (This is Somerset) Web users in Castle Cary were urged not to visit the town's website after it was hacked by a group claiming to be "The Nigerian Cyber Army" earlier this week
Security Patches, Mitigations, and Software Updates
Android 4.4.2 Update Fixes Flash SMS DoS Vulnerability (Threatpost) Google has patched a previously disclosed issue in its Nexus line of phones that could have opened users up to a nasty series of SMS-based denial-of-service attacks
Cyber Trends
Hackers Outsmart Pacemakers, Fitbits: Worried Yet? (InformationWeek) Mobile health devices aren't as secure as you might think. Look at how researchers plan to strengthen security for consumer devices and regulated medical devices
mHealth13: Preventable vulnerabilities often threaten med device security (FierceHealthIT) Several vulnerabilities—some entirely preventable—continue to plague medical devices when it comes to security, according to panelists speaking Wednesday at the mHealth Summit in Washington, D.C. For instance, said Kurt Finke, director of the Office of Healthcare Technology Management for the U.S. Department of Veterans Affairs, many hospitals today tend to attach such tools to their IT networks
Mobile data traffic to spur rapid growth in mobile monitoring, optimization gear market, says ABI (FierceMobileIT) Mobile operators are turning to self-optimizing networks and Wi-Fi offloading to handle mobile data traffic volume
Cybercrime: Africa needs a defense system (Security Affairs) Africa 's banking industry, tourism sector and plenty of other businesses are prone to cyber-related crime hence the urgent need to develop a defense system
Recent password breaches underscore need for multifactor authentication, fraud detection, says Centrify CEO (FierceITSecurity) Recent password breaches that compromised nearly two million accounts at Facebook, Google, LinkedIn, Twitter, Yahoo and other websites underscore the need for multifactor authentication and fraud detection, says Centrify CEO Tom Kemp
Infographic: DNS attacks are on the rise (FierceITSecurity) Attacks against the domain name system are on the rise, with a 200 percent rise in DNS attacks in the last year, according to data from Prolexic
Bots now running the Internet with 61 percent of Web traffic (CNET) Both good bots and bad bots can be found lurking online — looking to either drive traffic or wreak havoc
Research Shows 8 out of 10 Mobile Banking Apps Contain Security Weaknesses (Emag) Praetorian, a leading information security provider, today released a study that explores challenges faced by today's megabanks, regional banks, and credit unions while building and maintaining secure mobile banking apps
Despite the Escalation in Frequency and Complexity of DDoS Attacks, Survey Reveals Businesses Remain Ill Prepared to Protect Themselves Against the DDoS Menace (Wall Street Journal) New research from Corero Network Security (CNS: LN) reveals that many businesses are failing to take adequate measures to protect themselves against the threat of a DDoS attack. A survey of 100 companies revealed that in spite of the reports about the cost of downtime and the potential for DDoS attacks to mask greater threats, businesses are failing to put in place effective defenses or plans to mitigate the impact of a DDoS attack against their organization. More than half of companies lack adequate DDoS defense technology, and 44 percent of respondents have no formal DDoS attack response plan
Top security trend predictions for 2014 (Help Net Security) AppRiver released its list of the top IT security trend predictions for 2014
57 Percent of Enterprises Have Lost Devices Containing Sensitive Data (eSecurity Planet) A SailPoint survey also found that 45 percent believe employees would sell company data for the right price
Beware, your mobile phone may be under cyber attack (Gulf News) UAE records highest malicious Android app download volume in second quarter this year, study shows
Marketplace
Network security appliance market saw 3 percent year–over–year growth in third quarter (FierceITSecurity) Content security, secure socket layer virtual private network segments increased
UK.gov chucks another £260m at MOOC–based cyber security training (The Register) Doom-mongers warn cybercrime will destroy ALL — unless you buy their gear
CertiVox confirms it withdrew PrivateSky after GCHQ issued warrant (IT Security Guru) CertiVox has admitted that it chose to take its secure email encryption service PrivateSky offline after a warrant was issued by a division of GCHQ
George Little Joins Booz Allen in Marketing, Comm VP Role (GovConExecutive) George Little, former Pentagon press secretary, officially joined Booz Allen Hamilton Monday as a vice president of marketing and communications and will work at the firm's Rockville, Md. office
LMI hires longtime CIA veteran to support business development (Washington Business Journal) Dennis Bowden, who spent 26 years with the Central Intelligence Agency, has joined LMI to beef-up the company's corporate business development, the government consulting firm announced Thursday
Qualcomm Will Elevate COO Steve Mollenkopf To CEO Role In March, So Hands Off, Microsoft (TechCrunch) Qualcomm will replace current CEO Paul Jacobs with current COO Steve Mollenkopf starting on March 4, immediately following the company's annual shareholder meeting. This announcement comes only seven and half hours after a report from Bloomberg suggested Microsoft was considering Mollenkopf for the CEO role at its own company
Products, Services, and Solutions
Simple Text–Message Encryption Tool Broadens Base (MIT Technology Review) It took a torrent of NSA revelations to spur major new technology efforts to make Internet communications more private and secure
SnapOne, Inc. Partners with Bitdefender to Deliver The Market's #1 Android Antivirus to Individuals and Families (Digital Journal) SnapOne, Inc. bolsters security service for consumers with award-winning antivirus software that keeps data and devices safe from mobile threats
EventTracker and Secure Links Partner to Bring Better Network Visibility (Insurance Technology) EventTracker, a leading provider of award-winning SIEM solutions, today announced that Secure Links, a leading IT services company serving the Canadian market, has joined the Managed Security Service Provider (MSSP) Partner Program. Secure Links will provide and manage EventTracker's comprehensive suite of log management and SIEM solutions which offer security, operational, and regulatory compliance monitoring
Twitter immediately reverses course on changes to "block" behavior (Ars Technica) Critics said the new "mute" system made harassment easier for determined trolls
Technologies, Techniques, and Standards
World's stock exchanges move to combat cyber attacks (Financial Times) The world's stock exchanges have agreed to greater intelligence sharing and collaboration with authorities amid rising concerns about a cyber attack that could threaten financial systems
Nasdaq security chief to head new cyber crime unit (Financial News) The global exchange community has picked Nasdaq OMX's information security chief to head up a new cyber security unit
Microsoft Joins FIDO Alliance Board Of Directors (Dark Reading) Microsoft to work with the FIDO Alliance to produce open standards
Cloud Security Bolstered by Threat Modeling (SecurityWeek) Security cannot be extricated from an understanding of the threat landscape, and cloud environments are no exception
Tech Pick of the Week: Log anomaly detection tools (Futurice blog) An important part of creating successful digital services is the ability to monitor system's health and to respond to exceptional situations in a timely fashion. Log files contain information that a maintainer needs in figuring out causes for application failures or unexpected behavior. However, it is often difficult for a human to identify the explanations even if all the necessary information is in principle available in the logs because today's applications are so complex and consist of several interconnected software components
Five steps for successful bot removal from enterprise desktops (SearchEnterpriseDesktop) A few years ago, I worked on a project that investigated more than 10,000 computers that had been made into a botnet because of a targeted malware attack. Weak security practices, such as no vulnerability testing and an overreliance on traditional antivirus software, were part of the problem. We also discovered a communications breakdown among the security team, the help desk, IT administrators and other involved parties. It was ugly
Five Deadly Security Venoms — You're Still Doing it Wrong (Inf!ltrated) With all the hype and hooplah surrounding the US government's tapping of everything under the sun, I have seen an influx of articles related to security. "This is how you encrypt!", "this is how you secure!", "this is how…You're doing it wrong"
Advancing The IT Security DNA Through Risk Management (Dark Reading) Shifting focus from the bright shiny things to critical business processes can actually stand to advance security technical maturity along with true risk mitigation
Research and Development
Thwarting cyber–attacks and other threats is focus of new institute (Imperial College) Averting cyber-attacks and other threats to vital systems that control the UK's industry and infrastructure will be the focus of a new institute
Legislation, Policy, and Regulation
EU nations developing cyber 'capabilities' to infiltrate government, private targets (Euractiv) European countries have entered a global race to develop aggressive cyber attack capabilities, according to the latest threat landscape analysis published by the European cyber security Agency ENISA yesterday
Obama panel said to call for NSA overhaul (UPI) A presidential panel calls for the U.S. National Security Agency to be run by civilians instead of the military, people familiar with the panel's report said
About the Review Group on Intelligence and Communications Technologies (ODNI) On August 12, 2013 President Obama directed the establishment of a Review Group on Intelligence and Communications Technologies and tasked the Director of National Intelligence (DNI) to provide administrative support to the Review Group
Opening Remarks of NSA Director, General Keith Alexander: Continued Oversight of U.S. Government Surveillance Authorities (Senate Judiciary Committee via IC on the Record) Chairman, thank you. And, I'll keep my opening remarks short. But I would like to hit a few key things. First, NSA is a foreign intelligence agency. Those acts and tools that we do are to connect what we know about foreign intelligence to what's going on here in the United States
NSA: Show us a better way than collecting metadata (IT World) Keith Alexander asks US tech companies to offer better alternatives than the NSA's phone records collection program
New cyber bill builds on DHS efforts (FCW) New cybersecurity legislation aimed at protecting critical infrastructure would codify and strengthen a number of the Department of Homeland Security's current programs, including some that are focused on information sharing and cyber incident response
Cyber Security Research and Development in the US Department of Defense (The CyberWire) The CyberWire interviewed Dr. Reginald Brothers, who's served since December 6, 2011 as US Deputy Assistant Secretary of Defense for Research. Dr. Brothers is responsible for policy and oversight of Department of Defense (DoD) Science and Technology (S&T) programs from Basic Research through Advanced Technology Development. He also oversees the Department's laboratories and provides long-term strategic direction of Defense S&T programs. We heard from Dr. Brothers after he spoke at last week's SINET Showcase
Former Google Exec Takes Over U.S. Patent Office (Wired) The United States Patent and Trademark Office is getting closer and closer to the more progressive patent attitudes that dominate Silicon Valley
IT Reform Stripped from Defense Bill (Nextgov) The compromise version of a defense policy bill that appeared likely to pass the House and Senate on Thursday does not include an amendment that would fundamentally reform how the government buys and manages information technology
Cyber security vetting scheme is right move by government, but SMEs need more attention (V3) The security industry has welcomed the UK government's latest plans to establish a new Cyber Security Suppliers' (CSS) scheme, to attempt to boost the UK's annual cyber security exports past £2bn in the next three years. However, a lack of attention paid to SMEs may cause problems for the economy in the coming year
Litigation, Investigation, and Law Enforcement
NSA leaders split on giving amnesty to Snowden (CBS News) CBS News learned Thursday that the information National Security Agency leaker Edward Snowden has revealed so far is just a fraction of what he has. In fact, he has so much, some think it is worth giving him amnesty to get it back
Snowden invited to testify (Daily Caller) The European Parliament voted Thursday morning to invite Edward Snowden to testify on National Security Agency surveillance programs as early as January of next year
Co–founder of Cybercrime Marketplace 'Carderplanet' Gets 18 Years in Prison (SecurityWeek) A Ukrainian national who pleaded guilty in 2009 to creating a popular online marketplace for selling stolen financial account data has been sentenced to 18 years in prison, the Department of Justice said Thursday
Cybercrime Milestone: Guilty Plea In RICO Case (InformationWeek) Prosecutors use law designed to take down mobsters to fight online crime
Bulk telephony metadata program rests heavily on 1979 Supreme Court case (FierceGovIT) The legal justification for intelligence community storage of bulk telephone metadata rests heavily on a 1979 court case, a Justice Department official acknowledged to a Senate panel Wednesday--a case that one Supreme Court justice has said may require revisiting in light of technological developments
Cyber command's psychological warfare unit under probe over smear campaign (Yonhap) Widening its probe into the cyber command, the military has investigated all officials in charge of psychological warfare over an alleged smear campaign against the opposition candidate during the presidential election, military sources said Thursday
The Wish List of Money Launderers (TrendLabs Security Intelligence Blog) An iPad with a retina display, a blue iPhone and a Beats by Dr. Dre headphone set, please. This may read like a Christmas wish list of a spoiled child, but there's more: a red dot aimpoint for a rifle, six high-end hard drives from Intel, a GPS rescue device for sailors. These are uncommon requests for Santa Claus to receive, even from adults. This list is real though, and part of a much longer wish list of money launderers who instruct mules to ship expensive goods to Russia
Flashlight App Maker Settles Over FTC Privacy Allegations (Threatpost) The makers of a popular Android flashlight application have settled with the Federal Trade Commission over allegations that they covertly tracked the locations of the "Brightest Flashlight Free" users and sold that information to advertising firms
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
ACSAC 2013 (New Orleans, Louisiana, USA, Dec 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and to exchange practical ideas and experiences.
2013 ASE International Conference on Cyber Security (Orlando, Florida, USA, Dec 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of cyber security. The First ASE International Conference on Cyber Security provides a key forum for researchers and industry practitioners to exchange information regarding advancements in the state of art and practice of cyber security.
Cyber Defense Initiative 2013 (Washington, DC, USA, Dec 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify skilled personnel and as part of extensive hands-on training.
FloCon2014 (Charleston, South Carolina, USA, Jan 13 - 16, 2014) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, on January 13–16, 2014. This open conference provides a forum for operational network analysts, tool developers, researchers, and other parties interested in the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
NASA Langley Cyber Expo (Hampton, Virginia, USA, Jan 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer will be recruiting top federal speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions.This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location.
cybergamut Tech Tuesday: Malware Reverse Engineering - An Introduction to the Tools, Workflows, and Tricks of the Trade to Attack Sophisticated Malware (Columbia, Maryland, USA, Jan 21, 2014) Reverse engineering malware can be an integral part of every security team's calculus. This session provides a technical review of the tools, workflows, and advanced analytic insight a senior reverse engineer brings to the fight. It will help demystify the process and illustrate the value-proposition associated with deep analytics of malware. Moreover, understanding the detail available through reverse engineering gives the security professional deeper insight into the tactics and techniques the attackers use to circumvent their defensive solutions. The session empowers cyber security professionals at every level to make better-informed judgments on how to improve their response and remediation protocols.
Cybertech — Cyber Security Conference and Exhibition (Tel Aviv, Israel, Jan 27 - 29, 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber security. The conference will focus on commercial problem-solving strategies and solutions for cyber infrastructure experts across multiple sectors: energy, utilities, finance, defense, R&D, manufacturing, service sectors, health, government, telecommunications, transportation and more.
U.S. Census Data Protection & Privacy Day (Suitland, Maryland, USA, Jan 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees and contractors to discuss current data protection and privacy policy and to generate ideas to help evolve the current policies . The event will feature various participants from the U.S. Census Bureau as well as other government agencies and industry.
2014 Cybersecurity Innovation Forum (Baltimore, Maryland, USA, Jan 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations. The CIF will cover the existing threat landscape and provide presentations and keynotes on current and emerging practices, technologies and standards. The 2014 CIF will provide action-oriented outputs to fuel voluntary principle-driven consensus-based standards efforts, create opportunities for industry growth and drive research activities, and define use cases for subsequent exploration, which in turn will feed back into the subsequent CIF's, continually evolving the state of the art.