The CyberWire Daily Briefing 03.27.13

Cyber Trends

Ogren Group Sees Strong Resurgence in NAC Market (Dark Reading) NAC market will grow at a 22 percent CAGR to $1,061 million by 2017

Follow the Dumb Security Money (Dark Reading) When security companies raise big funding rounds and spend big bucks at security conferences, be afraid. Very afraid. It was amazing to see how excited folks were at the recent RSA Conference. Things were great! Every company was doing great! It was like hanging out with Tony the Tiger for a week. When things seem too good, they usually are and the contrarian in me goes into overdrive. I'm constantly looking for chinks in the armor, and over the past weekend I found it. I read two articles over the past week all excited that venture capital money is flowing back into security. We are now seeing security companies raising huge rounds of funding at what must be huge valuations. Being an analyst, I'm approached by lots of new security companies overflowing with VC cash, trying to get my attention. Having seen this cycle more than once, I know what time it is. It's the time when the dumb money returns to security

ThreatMetrix Study Finds Nearly 40 Percent of Retail Organizations Have No Online Fraud Prevention (Dark Reading) Despite lack of fraud prevention for most, 85 percent of retail organizations consider it a high priority

Eleven Spring Survey 2013: Threat From Dangerous E-mails Continues (Dark Reading) Drive-by malware is the biggest threat - German IT decision makers: e-mail remains No. 1 business communication means - For e-mail security, the prevention of false positives is key

In Spite Of Improvement Healthcare Security Still Needs Treatment (Dark Reading) First quarter year-over-year data breach numbers declined in 2013, but data security black eyes still a symptom of healthcare's need for improved database security

The state of data breaches (ComputerWorld) Security breaches can mean loss of custom and affect share prices, warns expert. The implications of data breaches can be severe for companies with potential financial losses and loss of customer trust. One of the most well known examples was the Sony PlayStation Network hack from 2011 where an estimated 100 million online accounts were compromised. According to Sony, costs from the PlayStation Network data breach totalled US$171 million

Zero-Day Java Attacks Pose Risk for Businesses, Security Expert Says (DigitalJournal.com) Businesses will be vulnerable to viruses and other forms of cyber-attack if they fail to plan strategies to help minimise and respond to zero-day attacks on their systems, an IT expert has said. Adrian Spink, CEO at Company85, has used a new article on

An Education In Cyber Security (Automation World) For many in manufacturing, the age of cyber-innocence ended with Stuxnet. Since then there has been steady progress on the industrial cyber security front. Meanwhile, the speed with which new worms, viruses and other exploits arrive continues to increase. The answer lie in applying practical security measures, and making a commitment to continually educating yourself on the topic

Increase in wireless systems, cost benefits drive remote monitoring market (FierceMobileHealthcare) The market for advanced remote patient monitoring has been growing steadily as healthcare systems increasingly move to all-wireless systems, integrate data processing and transfer EMRs. The market clocked in at $10.6 billion in 2012--up 19 percent from 2011, according to a new report from market research firm Kalorama Information

Health, wellness wireless sensor networks worth $16B by 2017 (FierceMobileHealthcare) By 2017, more than 18 million health and wellness cloud-connected wireless sensor network (WSN) systems--excluding sports/fitness devices--will be shipped globally with annual revenues exceeding $16 billion, according to a report from San Diego-based technology research firm ON World

Legislation, Policy and Regulation

Government and private sector team up to combat cyber attack threats (V3) V3.co.uk The UK government has finally launched its long-awaited Cyber Security Information Sharing Partnership (CISP), ending the initiative's two year long trial run. The scheme will be officially unveiled to an audience of over 200 senior representatives

Services join forces to fight cyber crime (Financial Times) For years, the work of Britain's security services has been largely concentrated on the threat to the UK from jihadist terrorism. But increasingly, the security chiefs at MI5 and GCHQ are paying attention to another risk: the huge wave of state-sponsored cyber attacks by China and Russia on UK companies

Activists decry computer crime proposal (CSO) A proposal to expand computer crime law moves in the wrong direction, activists say. A proposal in the U.S. Congress to strengthen the penalties in the Computer Fraud and Abuse Act is a "giant leap in the wrong direction" for digital rights activists calling for changes in the law after the suicide of hacktivist Aaron Swartz earlier this year

US Computer Law Used Against Swartz Could Become Even Harsher (Eurasia Review) The most controversial computer law in the United States could finally be updated and its the exact opposite of what activists like Aaron Swartz have been fighting for. Advocates have urged Congress to reform the Computer Fraud and Abuse Act since way before 26-year-old hacker Aaron Swartz committed suicide in January while awaiting trial for a CFAA case that could have sent him to prison for decades and since then petitions to push for a new CFAA have come and gone. Members of both the US Senate and the House of Representatives have said that the legislation is too strict and needs adjustment, and meanwhile hackers like Andrew Auernheimer have had their lives turned upside down thanks to the governments arguably asinine interpretations of the CFAA

Draft House Judiciary cybersecurity bill would stiffen anti-hacking law (The Hill) A draft cybersecurity bill circulating among House Judiciary Committee members would stiffen a computer hacking law used to bring charges against Internet activist Aaron Swartz

Products, Services, and Solutions

SecureKey briidge.net Platform Brings Trust to Mobile and Online Transactions (Dark Reading) Privacy-enhanced identity and authentication-platform combines ID federation with device-based security

Technologies, Techniques, and Standards

Malware-detecting sandboxing tech no silver bullet (CSO) The security technology called "sandboxing" aims at detecting malware code by subjecting it to run in a computer-based system of one type of another to analyze it for behavior and traits indicative of malware. Sandboxing -- one alternative to traditional signature-based malware defense -- is seen as a way to spot zero-day malware and stealthy attacks in particular. While this technique often effective, it's hardly foolproof, warns a security researcher who helped establish the sandboxing technology used by startup Lastline

Marketplace

U.S. Nuclear Agency Enhances Cybersecurity With Cloud Computing (SIGNAL) Officials at the National Nuclear Security Administration are implementing a cloud computing solution known as Yourcloud that will improve security, cut costs and provide an anytime, anywhere, from any device networking capability. Officials aim to have a solution in place by year's end. The U.S. agency responsible for the management and security of the nation's nuclear weapons, nuclear proliferation and naval nuclear reactor programs is racing to put unclassified data on the cloud this year. Cloud computing is expected to provide a wide range of benefits, including greater cybersecurity, lower costs and networking at any time and from anywhere

DISA Lays Groundwork for Commercial Cloud Computing Contract (SIGNAL) One of the U.S. Defense Department's top information technology officials says work is beginning on a multiaward contract for commercial cloud computing services, but the official says he has no timeline or total value for the business

Raytheon To Merge Units, Cut 200 Jobs (Los Angeles Times) At a time when the aerospace industry is fretful about cuts in federal spending, military contractor Raytheon Co. announced that it plans to eliminate one of its business units and slash 200 jobs

Thomas Kennedy Named Raytheon COO In Realignment (GovConWire) Dr. Thomas Kennedy, a former Raytheon (NYSE: RTN) company vice president and president of the integrated defense systems business, has been promoted to executive vice president and chief operating officer

Red River and Stonesoft Join Forces to Help Federal Agencies Counter Cyber Security Challenges (MarketWatch) Federal and commercial agencies can now turn to a powerful combination of technologies and services to fight cyber crime. Red River, a national leader in providing IT products and services, has partnered with cyber security expert Stonesoft to deliver powerful and visionary solutions for federal and commercial agencies

FireEye has disrupted the security landscape for protection against next-gen threats: Ashar Aziz (ComputerWorld) Ashar Aziz is the "new kid on the block" when it comes to the IT security industry. Aziz is the founder of California-headquartered FireEye, one of the fastest growing security companies of today. Last year, Forbes recognized FireEye as "Silicon Valley's Hottest Security Start-up." Aziz is also vice chairman of the board, CTO and chief strategy officer of FireEye which was established in 2005. During his recent visit to India, Aziz spoke extensively to CIO Magazine on why it has now become imperative for Indian CISOs to align with their company's vision to fight next-generation threats. FireEye has been in the technology limelight over the past couple of years. What is the company up to?

Research and Development

Honeypot Stings Attackers With Counterattacks (Dark Reading) Researchers test the controversial concept of hacking back and gathering intelligence on attackers. A Russian researcher who built an aggressive honeypot to test the ability to hack back at attackers mostly ensnared fellow white hat researchers, script kiddies, and some of his friends in his experiment—but he discovered that he had also counterattacked the desktop of an intelligence agency in a nation formerly part of the Soviet Union

Security Patches, Mitigations, and Software Updates

LinkedIn Patches XSS and CSRF Vulnerabilities (Threatpost) LinkedIn has patched a number of exploitable vulnerabilities that could have led to phishing attacks, malware infections and the loss of credentials for users of the social network for business professionals

Google Fixes 11 Flaws in Chrome (Threatpost) Google Chrome 26, the latest version of the company's browser, is out and it contains a number of security patches, most notably a fix for a high-priority use-after-free vulnerability in the Web Audio component of the browser

Microsoft Internet Explorer CMarkupBehaviorContext Use-After-Free Remote Code Execution Vulnerability (Zero Day Initiative) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page

Cyber Attacks, Threats, and Vulnerabilities

Android Trojan Used in Attacks Against Tibetan and Uyghur Activists (Softpedia) Kaspersky experts have identified a new attack that relies on a malicious Android application. The attack was discovered after the email account of an important Tibetan activist was compromised and abused to send out spear phishing emails to individuals from his contact list. The malicious notifications contained details regarding the World Uyghur Congress, but they also carried an Android package file called WUCs Conference

Another cyber attack targets Wells Fargo website (Los Angeles Times) Wells Fargo & Co.'s online banking operations have been knocked out intermittently by a cyber attack, the latest in a series of assaults since September on the websites of major U.S. banks. The website sitedown.co, which enables customers to report

GCHQ attempts to downplay amazing plaintext password blunder (The Register) Red-faced crypto and intercept intelligence agency GCHQ has admitted emailing plain text password reminders to people who register on its careers micro-site. The issue came to light after prospective job applicant Dan Farrall blogged about his experience of receiving a plain text reminder of his GCHQ recruitment site password by email after filling out its forgotten password form. Farrall only got round to blogging about the issue this week, two months after the offending email

Spam dispute becomes 'largest cyber attack' in history of the internet' (Sydney Morning Herald) A squabble between a group fighting spam and a Dutch company that hosts websites said to be sending spam has escalated into one of the largest computer attacks on the internet, causing widespread congestion and jamming crucial infrastructure around the world. Millions of ordinary internet users have experienced delays in services like Netflix or could not reach a particular website for a short time

Anonymous to protest against Facebook censorship (CSO) A post at Anonnews.org, a website associated with hacktivist movement Anonymous, has called for a new 'Op', this time calling on Facebook users to protest against the social networking giant's alleged censorship

ICS Vulnerabilities Surface as Monitoring Systems Integrate with Digital Backends (Threatpost) Draped across the automobile's front license plate is a printout, attached like it came off a roll of Scotch Tape. On the printout is a SQL statement; probably the last thing anyone would expect to see as a hood ornament. No one knows where the photograph came from or whether someone was trying to be funny, or legitimately trying to compromise the backend system controlling the traffic camera in the same photo. But one thing is for sure, this clever stunt has helped shed light on the insecurity of control systems

Dirty smartphones: Devices keep traces of files sent to the cloud (NetworkWorld) Research shows Android devices, iPhones could be at risk; though cloud service encryption updates could help. When smartphone users upload files to cloud-based services, remnants of those files often remain on their handheld device, even if the data is meant to be stored only in the cloud, researchers have found

Java-based attacks remain at large, researchers say (ZDNet) According to security researchers at Websense, it's not just zero-day attacks which remain a persistent threat. Instead, Java exploits are now a popular tool for cybercriminals. With so many vulnerabilities, keeping browsers up-to-date can become an

The Scope Of The Java Problem (Dark Reading) New Websense data highlights why Java is attackers' favorite target: most end users run outdated versions of the app. Nearly 95 percent of endpoints actively running Java are vulnerable to at least a single Java exploit, according to new data from Websense

How your Webhosting Account is Getting Abused (Internet Storm Center) Following up on Kevin Liston's earlier post [How your Webhosting Account is Getting Hacked], there are some forms of abuse that can affect your hosted web site without anyone actually getting shell access. ISC reader Mark contacted us after he noticed a significant load on his Apache web server. Closer investigation revealed that his box was sending email like crazy. Even closer investigation revealed that the email being sent was one of those fake "Wedding Invitation" phishes that have been quite frequent this week

Share via e-mail (Boston Globe) Allston's Blanchard's Liquors has apologized to its customers, saying a "cyber attack" compromised customers' financial information, and said it would know more about the extent of the attack at the end of the week. In a message posted on the store's

Texas Tech University Health Sciences Center Admits Data Breach (eSecurity Planet) Approximately 700 patient billing statements were mistakenly sent to other patients' mailing addresses. Tech Texas University Health Sciences Center (TTUHSC) recently posted a notice on its Web site announcing that an error had occurred on February 18 while processing billing statements for approximately 700 patients, as a result of which patient billing statements were mistakenly sent to other patients' mailing addresses

University of Mississippi Medical Center Admits Security Breach (eSecurity Planet) The University of Mississippi Medical Center (UMMC) recently posted a notice on its Web site warning of a recent data breach that may have exposed patient health and personal information (h/t PHIprivacy. net). The medical center was apparently notified on January 22 that a password-protected laptop used by UMMC clinicians was missing

Experts doubt Anonymous Mossad spy outing claims are kosher (The Register) Hacktivists claim to have published leaked data on more than 30,000 Israeli officials, including members of Israel's Mossad secret service agency. The boast by members of Anonymous follows a denial of service attack against the Mossad website

9 classic hacking, phishing and social engineering lies (IT World) Whether it is on the phone, online or in person, here are ten lies hackers, phishers and social engineers will tell you to get what they want

Academia

Study Shows Higher Education Failing To Prepare Leaders For Era Of Cyberthreats (Dark Reading) Pell Center study shows prestigious U.S. graduate programs not properly preparing students

Litigation, Investigation, and Enforcement

Former City of Hoboken IT Manager Admits Accessing Mayor's E-mails (eSecurity Planet) Patrick Ricciardi faces up to 15 years in prison and a fine of up to $750,000. Patrick Ricciardi, 46, the former chief information technology officer for the City of Hoboken, N.J., has admitted intercepting e-mails sent to city mayor Dawn Zimmer and other top officials, then forwarding those communications to other e-mails

Romanian citizen sentenced to five years in phishing scheme (CSO) Cristian Busca was part of a Romania-based group that created fraudulent payment cards to loot accounts

Gangbangers' online M.O. remarkably normal (CSO) While not your typical cyberattacker, however, they're more likely to engage in criminal online behavior than non-gang peers, researchers note. Street gang members act much like other young adults online -- although they do have a higher tendency to engage in deviant behavior, say criminal justice researchers. "Much of what they do is age appropriate," one of the researchers, David Pyrooz, an assistant professor at the College of Criminal Justice at Sam Houston State University in Huntsville, Texas told CSO

Alleged cyber-riddler who issued Japan Airlines bomb threat to be indicted (Japan Daily Press) Yusuke Katayama, the alleged cyber-riddler who used a virus to issue online threats from other peoples PCs, is set to be indicted over the Japan Airlines bomb threat from August 2012. He is also believed to have been involved in several other incidents which led to four false arrests in 2012. The Tokyo District Public Prosecutors Office will charge Katayama, a 30 year old information technology employee, with violating the hijack prevention law, among other violations

A Sirious matter: Apple hit with patent lawsuit in China while media bay for blood (Quartz) Apple is appearing in a Shanghai court today to face China's Zhi Zhen Internet Technology, which says that Apple's dulcet-toned voice interface violates its patent. Zhizhen started developing the Xiao i—or "small i"—robot, a "voice-activated personal assistant", in 2003 and was granted a patent in 2006. Xiao is remarkably similar to Siri, down to the tones it uses on activation and the icon design—and it's the latest in a very long list of intellectual property lawsuits filed by Chinese firms against Apple

Wisconsin Man Charged In Cyber Attack On Koch Industries (KAKE) Wisconsin Man Charged In Cyber Attack On Koch Industries. March 26, 2013. A Wisconsin man has been charged with taking part in a cyber-attack on Koch Industries that was organized by a group called Anonymous, the U.S. Attorney's office said today

Design and Innovation

At 17, App Builder Rockets to Riches From Yahoo Deal (Wall Street Journal) Seventeen-year-old Nick D'Aloisio is taking some time off from school in London, where he lives with his parents. He will let mom and dad help manage his money. Those are the decisions of a newly minted teenage millionaire

Device and Application Data from iOS Devices (4:Mag) People in mobile device forensics often ask, "How can I tell where the phone was at a given time?" Most people in our field know that most mobile devices have services running that allow applications to determine the device's location

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

CSO40 (Braselton, Georgia, USA, Apr 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.

Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.

An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, Apr 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.

Cyber 1.3 (, Jan 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.

HITBSecConf2013 (Amsterdam, the Netherlands, Apr 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team, a brand new kernel level exploit affecting _all versions_ of Microsoft Windows up till Windows 8 and even a presentation on remotely hacking airplanes.

SANS Northern Virginia 2013 (Reston, Virginia, USA, Apr 8 - 13, 2013) This event features comprehensive hands-on technical training fand includes several courses that will prepare attendees for DoD 8570 and GIAC approved certification exams. Four of the courses can apply to a SANS Technology Institute's Master of Science Degree in Information Security Management or Master of Science Degree in Information Security Engineering.

INFILTRATE 2013 (Miami, Florida, USA, Apr 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.

Software Engineering Institute Invitational Career Fair (Pittsburgh, Pennsylvania, USA, Apr 11 - 12, 2013) Attention software engineers and cyber security professionals, the Carnegie Mellon Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing on April 11 & 12 at their offices in Pittsburgh to fill immediate local positions. All candidates must be eligible to obtain a Security Clearance. Interviews are by appointment only. At the SEI you will have opportunities to make an impact on internet security and work with some of the most talented people in the field.

Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, Apr 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness to learn from and work with industry partners. .

InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.

Cyber Guardian 2013 (Baltimore, Maryland, USA, Apr 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection, perimeter protection, hacker techniques, penetration testing, and advanced forensics. Cyber Guardian will feature the popular SANS NetWars Tournament on April 18-19, a hands-on, interactive training exercise.

A Dialogue on Cyber Warfare from Legal and Corporate Perspectives (New York, New York, USA, Apr 16, 2013) Conversation on Cyber Warfare and the LawThe Journal of Law & Cyber Warfare in partnership with the Columbia Society of International Law is honored to host this first cutting edge conference on the complex issues of cyber warfare.States are faced with the multi-faceted challenges of cyber warfare. No longer confined to the world of technology professionals and spies, these threats are a growing part of the daily lives of corporations and individuals. The constitution and legislation are both scarce and obsolete and the bench and the bar lack the resources and expertise to decide or advocate on these issues.

Infosec Southwest 2013 (Austin, Texas, USA, Apr 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.

Mobile Device Security for Defense and Government (Alexandria, Virginia, USA, Apr 23 - 24, 2013) This Defense Strategies Institute conference addresses the challenges of operating mobile devices in networks whose security is mission critical. The symposium's overall theme will focus on DOD's plan to maximize the potential uses of mobile devices. Within specific key areas: wireless infrastructure, mobile devices and mobile applications. The thought leadership and community goal of this event is to advance flexible and secure mobile devices to benefit the warfighter and keep pace with changing technology.

Infosecurity Europe (London, England, UK, Apr 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every segment of the industry, it's the most important date in the calendar for Information Security professionals across Europe.

INSA Leadership Dinner Featuring Betty Sapp, Director, NRO (Reston, Virginia, USA, Apr 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community. Registration will open on Thursday, March 14 and will close Thursday, April 18.

23rd Annual Government Procurement Conference (Washington, DC, USA, Apr 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network with procurement officials from federal, state and local government agencies under one roof.

The CyberWire Daily Briefing for 3.27.2013