The CyberWire Daily Briefing 12.31.13

Summary

By The CyberWire Staff

Reports from the region indicate that eleven private banks in Israel have been hit by a denial-of-service campaign mounted by Tunisian hacktivists. The cause is, as usual, support of Palestine.

Cyber criminals are selling counterfeit (and risky) versions of popular Android and iOS apps.

Network Time Protocol (NTP) attacks spiked last week, but seem now to have trailed off. The threat is nonetheless worth considering: the NTP version of a distributed denial-of-service attack abuses the monlist command in older versions of NTP, sending a small, spoofed query that requests a large amount of data. Symantec recommends either disabling monlist or upgrading NTP implementations to current versions.

Thieves in Europe are compromising ATMs by physically drilling into them, installing malware, patching the hole, then returning at some later time to withdraw cash illicitly from the terminal. The hack withdraws whatever cash a particular machine holds rather than draining customer accounts.

Scammers posing as recruiters infest LinkedIn at increasing rates. Hackers have shut down League of Legends and other massively multiplayer online game sites; in some cases they may have swatted players (that is, summoned police to a residence with a spoofed distress call—a very dangerous prank).

In industry news, disappointed vendors are swamping the US Department of Homeland Security's EAGLE II contract with protests. Midsized firms are showing an increased need (and appetite) for encryption technology.

US military services reduce their cyber attack surface by consolidating network access points: the Air Force has fused 120 such points into 16 gateways.

Notes.

Today's issue includes events affecting Australia, India, Indonesia, Israel, Japan, Taiwan, Tunisia, United Kingdom, United States.

The CyberWire will take a holiday tomorrow on New Year's Day. We'll resume normal publication Thursday. A happy new year to all our readers.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

11 Israeli Bank Websites Taken Down by Anonymous Tunisia and AnonGhost (Hack Read) Hacktivists going with the handles of Anonymous Tunisia and AnonGhost have taken down websites of 11 private Israeli banks in a DDoS attack. Anonymous Tunisia left a list of websites belonging to 11 different Israeli banks which were taken down few hours ago in support of Palestine. In a Tweet by Anonymous Tunisia, it was claimed that: This is just a just a beginning, this is just phase 1

Beware of counterfeit versions of top Android, iOS apps (Tech Hive) Cybercriminals are using third-party app sites to peddle reverse–engineered versions—essentially counterfeit or pirated—of almost all the most popular paid apps available on the Google Play and Apple App Stores, software firm Arxan has discovered

Attackers Wage Network Time Protocol–Based DDoS Attacks (Dark Reading) Attackers have begun exploiting an oft–forgotten network protocol in a new spin on distributed denial–of–service (DDoS) attacks, as researchers spotted a spike in so–called NTP reflection attacks this month

Thieves used USB sticks to infect ATMs, withdraw large amounts of cash (UPI Science News Via Acquire Media NewsEdge and TMC) Cyber thieves cut and drilled their way into European cash machines in order to infect them with malware this year, security researchers say

BBB warns job seekers of LinkedIn scams (Daily Journal) With many job seekers using LinkedIn to market themselves to potential employers, scammers also are finding ways to exploit the site by posing as recruiters, Better Business Bureau (BBB) warns

UPDATED: League of Legends, DOTA 2 and Other Servers Shut Down By Cyber Attack (Gamesided) UPDATE 7: 1:05am: After a long ordeal, all servers in League of Legends have been fully restored. The group has now taken down World of Tanks, however. Battle.net is also still having issues from Monday's event

Even tiny microSD cards have chips that can be hacked (BGR) Andrew "bunnie" Huang and Sean "xobs" Cross have discovered a way to hack even the small microSD cards that go inside current smartphones and tablets to increase their storage, as well as other flash–based memory solutions, presenting their findings at the Chaos Computer Congress (30C3). In a detailed blog post on bunnie:studios, Huang explained how the hack works, and why many flash cards are susceptible to being hacked and used for malicious purposes by people who are aware of this particular potentially serious security vulnerability

Another look at a cross–platform DDoS botnet (Semper Securus) I learned from a recent "Malware Must Die" post about a Linux malware sample that is associated with DNS amplification attacks. As mentioned in the MMD post, several researchers have posted on this, or similar malware. Since I'm particularly interested in Linux malware, especially if it has a DDoS component, I thought I'd also take a look

Barry University notifies patients records may have been hacked (Miami Herald) Barry University announced Monday night it is notifying patients of its Foot and Ankle Institute that their medical records and personal information may have been hacked

Employee sends info on 2,000 to personal email address, gets fired (SC Magazine) An employee with a private contractor for Colorado Medicaid was fired after sending an email to a personal account that contained sensitive information on almost 2,000 people

Mannix Marketing Acknowledges Data Breach (eSecurity Planet) Personal and credit card information for customers of Saratoga Sweets, Barkeater Chocolates, Olde Bryan Inn and Coffee Planet may have been exposed

7 sneak attacks used by today's most devious hackers (ComputerWorld) Most malware is mundane, but these innovative techniques are exploiting systems and networks of even the savviest users

UK CPNI Releases Spear Phishing Paper (US–CERT) The United Kingdom's Centre for the Protection of National Infrastructure (CPNI) has recently released a paper titled "Spear Phishing — Understanding the Threat;" this document provides guidance on how spear phishing attacks work, whether you are likely to be a target, and the steps organizations can take to manage the risks. CPNI is the UK's government authority for providing physical, personnel and information security advice to critical national infrastructure. US–CERT encourages users and administrators to review the CPNI document as well as US–CERT ST04-014, "Avoiding Social Engineering and Phishing Attacks"

Year of living dangerously — security breaches and scams of 2013 (Silicon Republic) The crushing impact of a cyber attack on individuals was brought to the public's attention on a number of occasions this year. In fact every year, the

Cyber Threats 2013: From Snowden to the Hunt for Red October (International Business Times) The last 12 months have seen the rise of mobile malware, the pernicious CryptoLocker ransomware and the emergence of Stuxnet's little sister. We look at 10 stories which encapsulate the turbulent and dramatic year that 2013 was in cyber security

Govt: Indonesia 'No. 1 Target' for Cyber Attacks (Jakarta Globe) The Communications and Information Technology Ministry has revealed that Indonesia was the world's most targeted country for cyber attack in 2013

India among six countries most affected by Bitcoin malware (NDTV) Bitcoin craze is turning into a fertile ground for cyber fraudsters as thousands

9 Notorious Hackers Of 2013 (InformationWeek) This year's hacking hall of shame includes members of Anonymous and the Blackhole cybercrime gang, plus state–sponsored groups

More companies file EAGLE II protests (Federal Times) The Department of Homeland Security's seven–year, $22 billion Eagle 2 information technology contract is getting buried under vendor protests, according to the Government Accountability Office

Air Force seeks better intelligence architectures (C4ISR & Networks) The Air Force is looking for assured cyber architectures technologies to improve the Defense Intelligence Information Enterprise

Encryption Technology: A Growing Need at Midsize Firms (Midsize Insider) This latest news is an example of the need for cryptographic technologies to protect corporate data. IT professionals at midsize firms who are

David Wolf, Fiona Barshow Named DNC Federal Civilian VPs (GovConWire) David Wolf, a 20-year project management veteran, has been appointed to serve as vice president of federal civilian programs at Data Networks Corp. Wolf will be responsible for executing business programs and growth strategies and overseeing customer satisfaction in federal civilian markets, DNC said

The Next Big Thing You Missed: Watchdox Builds Personal Bodyguard for Your Sensitive Files (Wired) With Dropbox exploding in popularity, Watchdox is betting people will want a highly protective and secure alternative

The Color of Money: Take action after Target breach (The Columbus Dispatch) One of the best parts of my job is helping address readers' financial concerns. The data breach at Target has a lot of people really worried

Don't Want Your Laptop Tampered With? Just Add Glitter Nail Polish (Wired) If you're traveling overseas, across borders or anywhere you're afraid your laptop or other equipment might be tampered with or examined, you've got a new secret weapon to improve security. Glitter nail polish

Software–Defined Networking Rises Above The Hype (InformationWeek) SDN earned plenty of hype in 2013, but the ability to program networks improves network performance and security in a more systematic and automatic fashion

Top ten SDN news stories of 2013: Cisco ACI, VMware NSX and more (Networking Digest) In 2013, the top ten SDN news stories were driven by two central themes: the rise of open networking and hardware vendors going software

Beginners' Guide To PGP (Bitcoin not Bombs) If you are new to Bitcoin it's likely you've heard some terms thrown around by Bitcoiners that you have no idea what they mean—PGP, Tor, VPN, OTR, etc. In most cases these are referring to various technologies that people use to protect their data and communications

Opinion: How infosec training is changing to stay ahead (TechTarget) Dr. Lynne Williams of Kaplan University shares her view on how infosec education is changing to keep pace with evolving attacks

Fearful of Cyber Attacks, Military Tightens Control Over Data Networks (National Defense Magazine (blog)) The Air Force's cyber command center so far has fused 120 network entry points into 16 gateways. "This already has improved our ability to secure the

Ex–NSA chief calls for Obama to reject recommendations (USA Today) Retired general Michael Hayden, former director of the National Security Agency and the Central Intelligence Agency, called on President Obama Monday to show "some political courage" and reject many of the recommendations of the commission he appointed to rein in NSA surveillance operations

What proof should be needed to show collecting intelligence that violates freedoms is worth it? (The Jerusalem Post) A perpetual battle in both the US and Israel over balancing fighting terror with violating privacy rights/freedoms has hit a crescendo this past week in the political and legal wars over the US NSA's (National Security Agency) electronic spying programs

Cyber spying? China points finger at US (The Hill) Congress is doubling down on its criticism of alleged Chinese cyber attacks despite recent revelations that the U.S. is engaged in massive spying of its own

U.S. Senator Issues Letter To Top 5 Wireless Carriers Urging Kill Switch Adoption (TechCrunch) U.S. Senator Amy Klobuchar of Minnesota has today taken up the battle cry of numerous legislators before her, calling for wireless carriers to enable new anti–theft technology on handsets. According to the Senator, one–third of robberies involve cell phone theft, resulting in an estimated $30 billion in lost or stolen phones. That said, Klobuchar has written a letter to the heads of the

Target Breach: Senators Seek Hearing (BankInfoSecurity) Three Democratic senators are calling on the Senate Banking Committee to examine whether stronger cybersecurity standards are needed to protect consumer data following a breach at Target stores that affected as many as 40 million debit and credit cards

Texas City Secretary Indicted for Insider Breach (eSecurity Planet) Lisa Moravitz allegedly forwarded Cuero Police Department e-mails to 'people who shouldn't have [them]'

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

FloCon2014 (Charleston, South Carolina, USA, January 13 - 16, 2014) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, on January 13–16, 2014. This open conference provides a forum for operational network analysts, tool developers, researchers, and other parties interested in the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.

NASA Langley Cyber Expo (Hampton, Virginia, USA, January 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer will be recruiting top federal speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions.This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location.

cybergamut Tech Tuesday: Malware Reverse Engineering - An Introduction to the Tools, Workflows, and Tricks of the Trade to Attack Sophisticated Malware (Columbia, Maryland, USA, January 21, 2014) Reverse engineering malware can be an integral part of every security team's calculus. This session provides a technical review of the tools, workflows, and advanced analytic insight a senior reverse engineer brings to the fight. It will help demystify the process and illustrate the value-proposition associated with deep analytics of malware. Moreover, understanding the detail available through reverse engineering gives the security professional deeper insight into the tactics and techniques the attackers use to circumvent their defensive solutions. The session empowers cyber security professionals at every level to make better-informed judgments on how to improve their response and remediation protocols.

CANCELLED DUE TO WINTER STORMS: cybergamut Tech Tuesday: Malware Reverse Engineering — An Introduction to the Tools, Workflows, and Tricks of the Trade to Attack Sophisticated Malware (Columbia, Maryland, USA, January 21, 2014) This talk has been cancelled. Please consult cybergamut for scheduling updates.

Cybertech — Cyber Security Conference and Exhibition (Tel Aviv, Israel, January 27 - 29, 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber security. The conference will focus on commercial problem-solving strategies and solutions for cyber infrastructure experts across multiple sectors: energy, utilities, finance, defense, R&D, manufacturing, service sectors, health, government, telecommunications, transportation and more.

U.S. Census Data Protection & Privacy Day (Suitland, Maryland, USA, January 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees and contractors to discuss current data protection and privacy policy and to generate ideas to help evolve the current policies . The event will feature various participants from the U.S. Census Bureau as well as other government agencies and industry.

2014 Cybersecurity Innovation Forum (Baltimore, Maryland, USA, January 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations. The CIF will cover the existing threat landscape and provide presentations and keynotes on current and emerging practices, technologies and standards. The 2014 CIF will provide action-oriented outputs to fuel voluntary principle-driven consensus-based standards efforts, create opportunities for industry growth and drive research activities, and define use cases for subsequent exploration, which in turn will feed back into the subsequent CIF's, continually evolving the state of the art.

Cyber Training Forum at NGA (Springfield, Virginia, USA, February 4, 2014) The 2014 Cyber Security Training Forum (CSTF) will take place at the NGA East Campus in Springfield, VA. This event is designed to provide education and training to the NGA Workforce, the Intelligence Community, and Industry. The CSTF will include keynotes, breakout sessions, and cyber security demonstrations from industry.

Security Analyst Summit 2014 (Punta Cana, Dominican Republic, February 9 - 13, 2014) The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community. The goal is to learn, debate, share and showcase cutting-edge research, new technologies and discuss ways to improve collaboration in the fight against cyber-crime.

The Insider Threat: Protecting Data and Managing Risk (Online, February 11, 2014) As recent events have demonstrated, the threats from inside government have the potential to be more harmful than the hacking activities of our enemies. Protecting sensitive government information from unauthorized disclosures by insiders, whether intentional or due to negligence, is becoming a huge priority across the board. No matter how sophisticated your training program is, some employees will intentionally or unintentionally commit the negligent discharge of classified information.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.