The CyberWire Daily Briefing 03.22.13

Cyber Trends

We must end cyber warfare 'Wild West' or risk catastrophe (Public Service Europe) In pursuit of cyber-peace states need to develop international rules of engagement and seek limitations on the use of cyber arsenals against each other as they did with nuclear weapons in the 1940s. It's an increasingly acknowledged fact that the true battleground between nation states is now the cyber-world and not the traditional military field. The use of 'cyber-force' to push through political objectives is increasingly common, as is a shift in the identification of targets towards civilian critical infrastructure systems - which if taken down have the potential to cripple a nation and cause loss of life

Cyber Security a Growing Issue for Small Business (Entrepreneur) As more business owners utilize technology such as cloud computing and mobile devices and apps, the risk of hackers accessing money and sensitive business data becomes more real. The House Committee of Small Business addressed this issue today during a special hearing called, "Protecting Small Businesses Against Emerging and Complex Cyber-Attacks.""Small businesses generally have fewer resources available to monitor and combat cyber threats, making them easy targets for expert criminals," said Chris Collins, chairman of the House's Subcommittee on Health and Technology. "In addition, many of these firms have a false sense of security and believe they are immune from a possible cyber-attack

Security; The non-commodity (infosecisland) For most users and businesses, their primary contact with the world of security solutions is via antivirus. In an enterprise environment, a computer comes preloaded with Antivirus. Updates occur centralized and automatically

Does your practice need cyber insurance? (Pulse+IT Magazine) Mr Waite said Cyber Plus had also received industry advice from a number of antivirus expert companies like Trend Micro and Bitdefender to help design a

Legislation, Policy and Regulation

NASA Tightens Security In Response To Insider Threat (Dark Reading) NASA shuts down database and tightens restrictions on remote access following the arrest of a Chinese contractor on suspicion of intellectual property theft

Experts Tell Congress Serious Deterrence Needed to Impede Foreign Cyber Attacks (Threatpost) The House Foreign Affairs Subcommittee on Europe, Eurasia, and Emerging Threats typically is more concerned with economics and political issues than cyber attacks, but the members spent this morning in a hearing trying to come up with an answer to a fairly straightforward, but thorny question: What consequences are serious and meaningful enough that they will deter U.S. enemies from infiltrating the country's networks? After hearing from several witnesses and chewing the subject over, the members didn't emerge with a solid answer, but there seemed to be consensus around the idea that national laws alone would not solve the network security problem

U.S. cyber plan calls for private-sector scans of Net (Yahoo News) The U.S. government is expanding a cybersecurity program that scans Internet traffic headed into and out of defense contractors to include far more of the country's private, civilian-run infrastructure. As a result, more private sector employees than ever before, including those at big banks, utilities and key transportation companies, will have their emails and Web surfing scanned as a precaution against cyber attacks

DHS well positioned to carry out cybersecurity executive order, says panel (FierceGovernmentIT) The Homeland Security Department is well equipped to carry out the roll called for it by President Obama's Feb. 12 executive order, said panelists speaking at a March 15 event on Capitol Hill hosted by the Congressional Internet Caucus Advisory Committee

FITARA passes House Oversight committee (FierceGovernmentIT) A bill that would change federal information technology buying practices and authorities of IT officials passed the House Oversight and Government Reform Committee March 20 through a unanimous voice vote

CIA hangs on to everything--forever (FierceBigData) Contrary to what some experts have said about a high percentage of the volumes of data currently collected being suitable only for the landfill, Ira "Gus" Hunt, chief technology officer for the Central Intelligence Agency, said in a speech at the GigaOM Structure: Data conference in New York City this week that "The value of any piece of information is only known when you can connect it with something else that arrives at a future point in time." Since you can't connect dots you don't have, Hunt said, the agency tries to collect everything and hang on to it forever

Taxing big data, other software innovation (FierceBigData) Many experts have said that legislators, regulators and other government agencies need to catch up to the realities of emerging technologies such as big data. But they had in mind the issues around security, privacy and intellectual property. The state government in Massachusetts, however, is wasting no time catching up when it comes to taxation. The tech industry in and around Boston is none too pleased

Products, Services, and Solutions

LaserLock Technologies Files New Provisional Patent For Enhanced Document (Dark Reading) New embedded security features in paper can prevent theft and copying of sensitive documents

Palo Alto Networks GlobalProtect Solution Now Available For iOS On The App Store (Dark Reading) Enterprises can now extend next-generation firewall security policies to mobile users

Route1 Announces Release Of MobiLINK (Dark Reading) Authentication and secure access technology enables users to securely access internal Web-enabled applications and Web resources

Heads-Up - Premature product - not a proper product to be used for PCI approved Web Scanning (IT Central Station) v2 Review: Premature product - not a proper product to be used for PCI approved web scanningHaving done numerous penetration tests using various manual and automated tools, today we are focusing on a new tool called QualysGuard Web Application Scanning v2.4.1. In the process of doing a pentest, we often use a quality automated tool to check for standard issues while we focus on the much more difficult issues of the testing. As this reduces the time it takes to do a full test, allows us to work more efficiently, and besides who wants to waste time doing monotonous simplistic checking

Panda Security Offers Simplicity and Greater Profits to Partners (Virtual-Strategy Magazine) Partners can now offer a comprehensive security and system management service to customers, with Panda Cloud Office Protection, Panda Cloud Office

Technologies, Techniques, and Standards

When Active Directory And LDAP Aren't Enough (Dark Reading) Cloud and mobile pose problems to most enterprise's centerpiece identity and access management technology

Wipe the drive! Stealthy Malware Persistence - Part 4 (Internet Storm Center) This is my fourth post in a series called "Wipe the Drive - Malware persistence techniques". The goal is to demonstrate obscure configuration changes that malware or an attacker on your computer can leave behind to allow them to reinfect your machine. We will pick up the conversation with techniques #7 and #8. If you missed the first six techniques you can read about those here

Marketplace

Pentagon Urged To Stop Stalling, Start Planning Defense Cuts (Reuters) The Pentagon needs to stop stalling and start figuring out how to cut its budget by $50 billion annually for the foreseeable future in a way that preserves national security, defense analysts from across the political spectrum said on Thursday

Congress Approves Temporary Spending Bill To Keep The Government Open (Washington Post) Congress approved a short-term funding bill Thursday that ends the possibility of a federal government shutdown next week. But a broader budget battle about taxes and spending for the year is just beginning. The stop-gap spending resolution, approved on a broad bipartisan vote in the House, locks in the $85 billion across-the-board spending cuts known as the sequester through the Sept. 30 end of the fiscal year

NASA's redundant IT security tools costly, finds IG (FierceGovernmentIT) NASA has no effective process for tracking information technology security tool requirements or purchases, according to a March 18 NASA office of inspector general report. As a result, redundant technologies are costing the agency. In June 2012, the agency had 242 security assessment and monitoring technologies across nine different control areas--costing a total of $25.7 million

To fix IRS computer security, GAO recommends dozens of corrective actions (FierceGovernmentIT) Serious security weaknesses threaten sensitive taxpayer information, the Government Accountability Office says. The GAO says that in a report it did not release to the public, it recommended in detail that the Internal Revenue Service take 30 specific actions on newly identified information security weaknesses. The problems are related to identification and authentication, authorization, cryptography, audit and monitoring, and configuration management, the GAO says

Booz Allen Hamilton Holding Corporation : Booz Allen Hamilton to Provide Specialized Scientific Research to the National Geospatial-Intelligence Agency's InnoVision Future Solutions Program (4-Traders) Booz Allen Hamilton today announced it received a $315 million single award contract to support the National Geospatial-Intelligence Agency's (NGA) InnoVision Directorate. Booz Allen will provide specialized scientific and technical research and development subject matter expertise to all facets of the InnoVision Future Solutions Program (IFSP) through Nov. 2017. IFSP provides support to perform path-breaking scientific research and transitions innovative concepts and capabilities required to solve the Intelligence Community and Department of Defense's most complex problems

General Dynamics Fidelis Cybersecurity Solutions opens forensics lab in Columbia (Baltimore Business Journal) General Dynamics Fidelis Cybersecurity Solutions has opened a new forensic lab in Columbia. The new lab at 9055 Guilford Road in Columbia houses 15 forensic examiners who tackle cyber security threats for commercial clients. The company provides cyber security services and products for government agencies and commercial clients and has headquarters in Bethesda and Waltham, Mass

Research and Development

So It Begins: Darpa Sets Out to Make Computers That Can Teach Themselves (Wired Threat Level) The Pentagon's blue-sky researchers are eying computers that can learn on their own, which could make for some advanced new smart machines -- which are simple enough for non-experts to use as well

Security Patches, Mitigations, and Software Updates

Apple places kill date on apps that use 'UDID' device identifiers (ZDNet) Apple is finally putting a cap on UDIDs - often used for ad tracking - that establish a permanent link to iOS devices. Liam Tung

Temporary fixes released for Samsung Android lock-screen glitch (CSO) By manipulating the emergency call screen, an attacker could get persistent access to a device

Apple iCloud now comes with two-step verification (SlashGear) Two-step verification (also known as two-factor authentication) is becoming all the rage now. After the recent influx of security breaches and hacks on major services, companies are starting to implement two-step verification to prevent social engineers from

Cyber Attacks, Threats, and Vulnerabilities

Logic Bomb Set Off South Korea Cyberattack (Wired) A cyberattack that wiped the hard drives of computers belonging to banks and broadcasting companies in South Korea this week was set off by a logic bomb in the code, according to a security firm in the U.S

Cyber-attack on South Korea may not have come from China after all: regulator (Reuters) This week's cyber-attack on South Korean broadcasters and banks may not have originated in China after all as the IP address has been traced to one of the victim banks, the communications regulator said on Friday. But it couldn't rule

North Korea Still Chief Suspect In Cyber Attacks On South (TechWeekEurope UK) Despite evidence that the recent cyber attacks on South Korea were not…Trend Micro said it was aware of other attacks on South Korean firms

UPDATE 3-Hacking highlights dangers to Seoul of North's cyber-warriors (Reuters) The North's professional "cyber-warriors" enjoy perks such as luxury…security vendor Sophos said, noting the malicious software it detected was not

South Korea cyber attacks are linked back to China (Inquirer) Officials in South Korea have linked the recent cyber attacks in the…Sophos products have been able to detect the malware for nearly a year

Trend Micro detects multiple cyber attacks on South Korea (New Straits Times) Trend Micro, a provider of cloud security software, has detected multiple cyber attacks on South Korean banking corporations and media

Trend Micro Deep Discovery Protects South Korean Customers From Attack (PR Newswire) Crippling attacks on banks and media thwarted by advanced threat protection of Trend Micro Custom Defense. Trend Micro Incorporated announced today that customers using its Deep Discovery advanced threat protection product were able to discover and react to the recent cyber-attack before damage could be done. These attacks paralyzed several major banking and media companies, leaving many South Koreans unable to withdraw money from ATMs and news broadcasting crews cut off from their resources

South Korea bank attacks should prompt rethink in U.S. (CSO) DDoS attacks on U.S. banks were more advanced technically, but the attackers of the South Korean banks did much more damage. The simplicity of the malware that paralyzed the computer networks of three banks and two broadcasters in technically sophisticated South Korea is a warning that U.S. corporations need to rethink security. The cybercriminals did nothing out of the ordinary in penetrating the organizations' defenses on Wednesday. They used existing malware called "DarkSeoul," changed its signature to evade the organizations' firewalls and antivirus software, and targeted a well-known vulnerability in Internet Explorer (CVE-2012-1889)

South Korea Bank Hacks: 7 Key Facts (InformationWeek) Data-wiping attacks on Windows and Linux computers may have just focused on random targets to cause chaos, security researchers say

TD Bank hit by 'targeted' cyber attack that knocked out online services (Montreal Gazette) TD Canada Trust (TSX:TD) says it was hit by a "targeted" cyber attack, forcing its banking website and mobile banking service to go offline for several hours. The bank says the denial-of-service attack occurred mid-morning and prevented its customers from logging to its website and mobile site

DHS, ICS-CERT Warn of Siemens HMI Vulnerabilities (Threatpost) The Department of Homeland Security and the ICS-CERT issued an advisory yesterday warning of serious vulnerabilities in Siemens industrial control software deployed in a number of industries including water, gas and oil, and chemical

Recent Reports of DHS-Themed Ransomware (US-CERT) US-CERT has received reports of apparently DHS-themed ransomware occurring in the wild. Users who are being targeted by the ransomware receive an email message claiming that use of their computer has been suspended and that the user must pay a fine to unblock it. The ransomware falsely claims to be from the U.S. Department of Homeland Security and the National Cyber Security Division

TeamViewer-based cyberespionage operation targets activists, researchers say (Computer World) Security researchers have uncovered yet another ongoing cyberespionage operation targeting political and human rights activists, government agencies, research organizations and industrial manufacturers primarily from Eastern European countries and former Soviet Union states. The attacker group behind the campaign was dubbed TeamSpy because they use a malware toolkit built around the legitimate TeamViewer remote access application in order to control infected computers and extract sensitive information from them. The operation was analyzed by researchers from the Laboratory of Cryptography and System Security (CrySyS Lab) of the Budapest University of Technology and Economics, who collaborated with several antivirus companies, including Kaspersky Lab, Symantec and ESET

Guccifer strikes again: A major Silicon Valley venture capitalist's e-mail exposed (Quartz) While one hacker has been exposing wealthy Germans' financial secrets, another has been pulling more high-profile, but arguably more harmless tricks. A hacker going by the nom du pirate "Guccifer" has popped open the inbox of John Doerr, a partner at Kleiner Perkins Doerr, a firm that invested in early in tech giants like Google and Amazon. Doerr is a multi-billionaire and former Intel executive who is routinely cited as one of the most influential people in tech, even though he uses an AOL email account, which to most techies is practically like using pen and paper

Germany's offshore money and the hacker who helped expose it (Quartz) The German newspaper Sueddeutsche Zeitung has published the names (link in German) of wealthy Germans who were or are directors of companies in Panama, a country known as a tax haven. The directors included families behind major automakers, banks and businesses, many of whom denied keeping funds abroad for tax purposes or attributed the actions to now-deceased relatives

Security Hole in Control Panels of UK Registrars Led to Domain Hijacking (Softpedia) Last year, cybercriminals managed to steal around 300 domains by exploiting a vulnerability in the web hosting control panel of UK registrar 123-Reg. In addition to 123-Reg, its believed that four other registrars have been impacted. The Register has learned that a security hole in 123-Regs web hosting control panel allowed anyone with an account to gain access to other accounts simply by modifying the URL from the browsers address bar

PyCon Incident: Two People Fired, DDOS Attack Launched Against SendGrid Site (Softpedia) An incident at the recent PyCon Python developer conference has gotten way out of proportions, resulting in two people getting fired by their companies and distributed denial-of-service (DDOS) attacks being launched against two websites. It all started when two of the developers present at the conference started making jokes that were deemed inappropriate in nature by Adria Richards, a SendGrid developer evangelist. After becoming tired of the dongle and forked repository jokes, Richards took a picture of the two developers and posted it on Twitter

'Human Weakness' Helped Chinese Hackers Steal Secrets From US Companies (Business Insider) The APT1 hackers were able to crack into American companies' computer networks and systems by targeting "human weakness," according to [Mandiant founder, Kevin Mandia]. They would send emails to a company's employees that appeared to be from

Most Indian Websites Abused for Phishing Attacks Are from IT and Education (Softpedia) In the period between August and November 2012, 0. 11% of all phishing pages identified by Symantec were hosted on compromised websites from India. If in 2011, education sites were most targeted by phishers, in 2012, they dropped to second place, being overtaken by IT sites

Iran Is a More Volatile Cyber Threat to U.S. than China or Russia (CIO) As members of the intelligence, military and homeland security communities evaluate the emerging cyber threats emanating from hostile nation states, they must consider important distinctions in the capabilities and attack patterns of adversaries like China and Iran, cybersecurity experts told a House subcommittee on Wednesday. Testifying before the House Committee on Homeland Security's cybersecurity subcommittee, witnesses drew a sharp distinction between the threats from comparatively mature actors like China and Russia, with which the United States has longstanding--if strained--diplomatic and economic ties, and nations like Iran and North Korea

Academia

Cyber security startups find home at BWTech on UMBC campus (Baltimore Sun) Those entering the University of Maryland, Baltimore County, campus from Interstate 195 find it easy to mistake the buildings on the right side of the road for part of the school, or just miss them completely. Those five buildings make up the BWTech Research and Technology Park and house Life Sciences, Clean Energy and Cyber Security business incubators. The incubators provide office space, mentors, resources and collaborative opportunities for small startup companies in each of the three fields

Litigation, Investigation, and Enforcement

Microsoft Releases Report on Law Enforcement Requests (New York Times) Microsoft disclosed on Thursday for the first time the number of requests it had received from government law enforcement agencies for data on its hundreds of millions of customers around the world, joining the ranks of Google, Twitter and other

Design and Innovation

AngelHack Launches A Startup Accelerator, Bringing Its Hackathon To 30+ Cities This Spring (TechCrunch) AngelHack has always been a little different from your average hackathon -- rather than taking place in one place over one weekend, it has become a global event that takes place in multiple stages. As a result, the projects are usually pretty polished, though not yet at the level of full-fledged startups. Now it's taking another step in that direction with the launch of its very own accelerator