The CyberWire Daily Briefing for 4.8.2013
The Anonymous attacks against Israel over the weekend appear to have fizzled, despite some annoying outages. Perhaps all of North Korea's military bluster is meant to divert attention from their real intent — cyber warfare against the US. German Skype users are attacked with malware.
Energy companies of the US beware — DHS warns of a concerted spear phishing attack. Bitcoin suffers a DDoS attack at its leading exchange, Mt. Gox in Tokyo. The company thinks the culprit(s) will never be found. The Dutch banking system was hit with a DDoS attack on Friday. Again, no culprit has been identified. Pakistan's elections commission fends off a cyber attack. Companies in the United Arab Emirates face a particular cyber security danger.
Wells Fargo system is up and running again after an attack that caused a 'cyber traffic jam'. Could a 'hidden law' hurt government agencies' IT purchases? A new advanced persistent threat evades detection via mouse clicks. Pakistan's elections system suffers another cyber attack. In the battle against state-sponsored cyber attacks, the question may not be how to stop them but how to keep the penetration shallow.
Quantum signals could be set aloft. The administration wants federal agencies to work harder to keep up with hackers.
Perhaps we're doing this all wrong—there's a proposed strategy of allowing hackers in and confusing them with misleading information. The Army and DoD are at odds over mobile devices.
In the silver linings department—could poor security practices open up unprecedented investment opportunities?
Notes.
Today's issue includes events affecting Bahrain, Democratic People's Republic of Korea, Germany, Israel, Netherlands, Pakistan, United Arab Emirates, and United States..
Cyber Attacks, Threats, and Vulnerabilities
German net users targeted by Skype email malware attack (Naked Security) SophosLabs has intercepted a malware attack, hitting many German internet users today, disguised as an email from Skype with the title 'Wir haben Ihre Bestellung geliefert'
Google Uses Reputation To Detect Malicious Downloads (Dark Reading) Using data about Web sites, IP addresses and domains, researchers find that they can detect 99 percent of malicious executables downloaded by users, outperforming antivirus and URL-reputation services
We're losing the battle against state sponsored attacks (Help Net Security) In my daily interaction with Government bodies, Police and other public sector authorities, we are seeing a huge rise in attacks which are state sponsored and targeted at the Critical National Infrastructure. The real fight isn't from stopping them getting in, it's actually about how far within your organization you can stop them reaching
North Korean cyber attack on cards, says defector (New Zealand Herald) Regime's next move could be to break into US computer networks to steal information and spread viruses, says one-time insider. South Korea is bracing for a protracted standoff with the North that could include at least one missile test-launch and a border skirmish
Israel 'weathers' cyber attack campaign (Independent Online) A pro-Palestinian cyber attack campaign was launched against Israeli government websites on Sunday but did not cause serious disruption, an Israeli statement said. Over the weekend, email messages and websites using the name of the Anonymous hacking group said a campaign had been launched in solidarity with the Palestinian people to "erase Israel from cyberspace" on Sunday
Anonymous targets Israel, JPost repels hackers (Jerusalem Post) "Concerted and pointed attempt to bring down the JPost website," part of cyber attack which also targets Yad Vashem site. A limited cyber attack was launched on Israeli websites on Sunday, as hackers affiliated with the Anonymous group succeeded in leaking databases of small websites but failed to cause significant disruption. Major government websites remained functional throughout the day
Anonymous launches massive cyber assault on Israel (RT) Hacktivist group Anonymous has launched a second massive cyber-attack against Israel, dubbed #OpIsrael. While the hackers claim to have caused multi-billion dollar damage, Israel declares there haven't been any major disruptions. Anonymous threatened to "disrupt and erase Israel from cyberspace" in protest over its mistreatment of Palestinians. Dozens of Israeli websites were unavailable as of early Sunday, with one of the latest being the Israeli Ministry of Defense online page, according to Anonymous on Twitter
Cyber attacks the 'clear, present danger' to UAE's most important companies (The National) Cyber attacks, such as the recent example that slowed the internet around the world, have been described by a security expert as a danger to the UAE's most important companies
DHS warns of spear-phishing campaign against energy companies (Computerworld) Attackers used information from company website to craft attacks. The Department of Homeland Security (DHS) has a warning for organizations that post a lot of business and personal information on public web pages and social media sites: Don't do it. Phishers, the agency said in an alert this week, look for such information and use it to craft authentic looking emails aimed at fooling people in large organizations into opening and downloading things they shouldn't
APT attackers getting more evasive, even more persistent (CSO) Fear of discovery fuels sneakier tactics by writers of persistent malware. Stealth has always been a hallmark of Advanced Persistent Threats (APTs), but writers of the malignant malware are ratcheting up their efforts to evade detection by system defenders. Not only have they honed their skills at simulating legitimate documents likely to be opened by the targets they're sent to, but they're also sharpening their delivery techniques to avoid detection
Hackers again attack ECP's web site (Internatinal News Network) Amid the preparation of general election, the Election Commission of Pakistan's website was once again attacked by hacker on Saturday, the commission however said, it defended the attack. The attack came at a time when the traffic on the website increased ahead of the general elections
Cyber attacks (The News International) Anybody under the misapprehension that cyber attacks, state-to-state, are little more than childish pranks needs an urgent re-think. Cyber attacks are developing into key weapons of modern warfare and may define who wins and who loses in the context of future conflicts. The recent tit for tat cyber attacks on Pakistani and Indian electoral websites are a good example of the way in which this battlefront is heating up
Sneaky malware hides behind mouse movement, experts say (PC World) Researchers from security vendor FireEye have uncovered a new advanced persistent threat (APT) that uses multiple detection evasion techniques, including the monitoring of mouse clicks, to determine active human interaction with the infected computer. Called Trojan.APT.BaneChant, the malware is distributed via a Word document rigged with an exploit sent during targeted email attacks. The name of the document translates to Islamic Jihad.doc
Wells Fargo's website working again after another cyber attack (Minneapolis St. Paul Business Tribune) Enlarge Wells Fargo's website was operating normally Friday after a suspected cyber attack - yes, another one - Thursday. The bank warned customers from its Facebook page and Twitter account that wellsfargo.com and mobile apps suffered intermittent outages from denial of service attacks, likening the result to a cyber traffic jam
The Biggest Cyber in Attack in History Slows Down the Internet (Gadgets + Gizmos) Have you noticed the internet going really slowly in the last few days? Well, it wouldn't be a surprise if you did, as it has been under attack. In fact, it has been described as the largest cyber attack in the history of the world. It apparently all kicked off with a fight between a Dutch hosting firm called Cyberbunker and an anti spam organisation called Spamhaus, which has bases in both the UK and Switzerland. The attacks are so serious that there are currently police forces in 5 different countries involved in the investigation
Dutch internet banking problems due to a cyber attack (Dutch News.nl) Friday's internet banking problems at a string of Dutch banks were caused by a cyber attack, the Dutch banking association NVB said. Both the internet banking system iDEAL and ING bank were out of action for several hours because of the attack on Friday afternoon. It was not a hack and internet banking security was not compromised, Nos television quoted NVB as saying
Cyber-security Experts Demonstrate Java Attack (Engineering & Technology Magazine) Cyber-security experts yesterday demonstrated how the latest zero-day vulnerabilities in Java could be used in a cyber-attack. Researchers from Context Information Security showed visitors how an attacker could develop and use a Java-based exploit against a major fictional corporate bank, before providing advice on how to protect a corporate environment without resorting to a blanket "uninstall Java" approach
Dual cyber-attacks hit Bitcoin virtual currency systems (RT.com) The soaring virtual currency Bitcoin suffered a cyber-blow after its leading exchange, Tokyo–based Mt.Gox, was hit with a DDoS attack. The government-free tender also faced a hacker attack on its Instawallet database, forcing the site to be shut down
New malware uses multiple techniques to avoid detection (FierceCIO: TechWatch) Researchers from security vendor FireEye have discovered a new malware that utilizes multiple techniques to evade detection. In a new entry on FireEye's company blog, researcher Chong Rong Hwa outlined the inner workings of the Trojan.APT.BaneChant in detail
Security Patches, Mitigations, and Software Updates
Microsoft to issue 9 security updates on Tuesday, critical for all IE versions, reboot required (Naked Security) Microsoft has issued its usual advance notification for the coming week's Patch Tuesday. If you use Windows you're probably affected, and you'll probably need to reboot all your PCs and most of your servers
Cyber Trends
How to Protect Macs in the Enterprise (eSecurity Planet) Mac OS X has developed a reputation for security – which means many people ignore measures they should take to secure Macs in the enterprise. If you've ever consulted with a computer security expert and they seemed a little paranoid, consider it a good thing – paranoia is an essential component to effective security
The rise of everyday hackers (Help Net Security) Veracode released its annual State of Software Security Report, which includes research on software vulnerability trends as well as predictions on how these flaws could be exploited if left unaddressed and what this may mean for organizations' security professionals. Research suggests there will be a rise in everyday hackers. A simple Google search for SQL injection hack provides 1.74 million results, including videos with explicit instructions on how to exploit SQL injection vulnerabilities
Leveraging DoD wireless security standards for automation and control (InTech) Over the last several years, the use of wireless networks in control systems has yielded a number of benefits to critical infrastructure while revolutionizing operations in key areas of industry, such as energy and transportation. Apart from the benefits of eliminating signal and power wiring, wireless sensor networks can enable measurement applications in sites that are hard to access, or where the wiring cost cannot be justified
Pandemic Cyber Security Failures Open An Historic Opportunity For Investors (Seeking Alpha) Cyber Security failures in the Western World have reached a pandemic stage. Research conducted by the National Security Agency (NSA), in conjunction with the Department of Defense, FBI, Department of State, local law enforcement, civilian security agencies, and large security providers such as Mandiant and McAfee have shown that government and industry alike suffer from poor security practices
A Different Approach To Foiling Hackers? Let Them In, Then Lie To Them. (Forbes) Most systems administrators describe the task of network security as something like defending a castle. Kristin Heckman talks about fighting hackers in terms that sound more like a job as a Walmart greeter
Marketplace
Demonstrating Space and Cyberspace Innovations (NDUSTRY NEWS) Boeing to highlight its latest achievements in human spaceflight and exploration, during the National Space Symposium. "We're collaborating with our NASA, defense, and commercial customers to provide affordable, innovative solutions in space exploration, satellites and cyber operations," said Roger Krone, president of Boeing Network and Space Systems
Products, Services, and Solutions
Windows XP death watch: 365 days remaining (Naked Security) On April 8th, 2014, Microsoft will terminate Extended Support for Windows XP. That means no more security updates. Be prepared and upgrade now
HP to unveil Moonshot hyperscale servers next week (FierceCIO: TechWatch) Hewlett Packard is gearing up to unveil the next generation of "Project Moonshot" servers at a webcast next Monday. The servers are essentially low-power servers designed for hyperscale environments, and are aimed at large data centers looking at alternatives beyond traditional x86 Intel Xeon or AMD Opteron microprocessors
Technologies, Techniques, and Standards
Quantum signal sent from aircraft (Physics World) Quantum cryptography is ready for take-off Physicists in Germany are the first to transmit quantum information from a flying aircraft to a ground station. The sender and receiver were separated by about 20 km and the aircraft was travelling at nearly 300 km/h. The team says that its demonstration shows that it should be possible to exchange quantum information between ground stations and satellites – something that could lead to wider use of quantum cryptography
Academia
Cyber education key to security (Politico) Today, cyberspace is woven into the fabric of our daily lives. According to recent estimates, cyberspace now encompasses more than 2 billion people with at least 12 billion computers and devices, including global positioning systems, mobile phones, satellites, data routers, desktop computers and industrial control systems that run our power plants, water systems and more
Legislation, Policy, and Regulation
Powerful new personal data disclosure bill proposed by California lawmaker (Naked Security) The Right to Know Act of 2013 would force companies to tell Californians what personal data they have on consumers and how it's trafficked
AT&T Joins Boeing Backing Cyber Bill Facing Privacy Fight (Bloomberg) The House Intelligence Committee may this week pass a cybersecurity proposal that provides lawsuit immunity sought by companies including AT&T Inc. (T) and Boeing Co. (BA) and alters privacy provisions to overcome a veto threat
Bahrain sets up internal affairs ministry (NZWeek) Bahraini King Hamad bin Isa Al Khalifa on Sunday issued a decree to set up the Ministry of State for Interior Affairs and appoint an intelligence chief to head it, Bahrain News Agency said
Keeping up with hackers (Security InfoWatch) In February, President Barack Obama issued a cybersecurity executive order that directs U.S. intelligence agencies to share information on potential cyber threats with private businesses that are considered part of the nation's critical infrastructure. The order also gives government agencies a year to devise a "baseline framework" for cybersecurity that incorporates peer-based standards and industry best practices
State hopes changes will thwart cyber attacks (Montgomery Advertiser) The state Department of Homeland Security has contracted with several information technology experts to help state agencies close holes in their online security —a move the department hopes will stop a string of attacks over the past 15 months that has compromised the personal information of thousands of Alabamians
Army, DOD IG disagree over mobile device management (FCW) Are the Army's policies regarding commercial mobile devices strong enough? (Stock image) Army officials have taken issue with a recent Defense Department Inspector General report that found the Army is deficient in tracking, configuring and managing its commercial devices
'Hidden' Law Could Hamper Gov't Infosec (Bank Infosecurity.com) Agencies' IT Security Might Suffer from Act Aimed at the Chinese. A mysterious lawmaker shielded by congressional rules covertly added language into a new law that could make the purchase of IT security wares very difficult for the departments of Commerce and Justice, NASA and the National Science Foundation
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
cybergamut Technical Tuesday: Secure VoIP & Messaging for Mobile Platforms (Laurel, Maryland, USA, Apr 23, 2013) Phil Zimmermann of Silent Circle will show you how to communicate securely without relying on PKI. cybergamut Technical Tuesday is for cyber professionals to exchange ideas and discuss technical issues of mutual interest.
cybergamut Technical Tuesday: Identifying TLS/SSL Encrypted Network Exploitation Activity Using Traffic Externals (Columbia, Maryland, USA, May 14, 2013) Jeff Kuhn of CACI describes recently completed CACI research using adaptive data analytics to distinguish encrypted exploitation activity from legitimate network traffic based on traffic externals in a real world environment.
cybergamut Technical Tuesday: Remote Digital Forensics (Columbia, Maryland, USA, Jul 16, 2013) 'The remote control changed our lives. The remote control took over the timing of the world. Within three seconds, click, click, click. So can we do remote forensics?' Ken Zatyko of Assured Information Security will present results of a study into this question, including a look at related research and a trade study of the current state of the digital forensics industry. If you are interested in triage, validation, high speed networks, forward analysis, agents, and cloud computing this presentation is for you.
Cyber 1.3 (, Jan 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.
Hack in the Box 2013 (Amsterdam, the Netherlands, Apr 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team, a brand new kernel level exploit affecting all versions of Microsoft Windows up till Windows 8 and even a presentation on remotely hacking airplanes.
SANS Northern Virginia 2013 (Reston, Virginia, USA, Apr 8 - 13, 2013) This event features comprehensive hands-on technical training fand includes several courses that will prepare attendees for DoD 8570 and GIAC approved certification exams. Four of the courses can apply to a SANS Technology Institute's Master of Science Degree in Information Security Management or Master of Science Degree in Information Security Engineering.
INFILTRATE 2013 (Miami, Florida, USA, Apr 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
Software Engineering Institute Invitational Career Fair (Pittsburgh, Pennsylvania, USA, Apr 11 - 12, 2013) Attention software engineers and cyber security professionals, the Carnegie Mellon Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing on April 11 & 12 at their offices in Pittsburgh to fill immediate local positions. All candidates must be eligible to obtain a Security Clearance. Interviews are by appointment only. At the SEI you will have opportunities to make an impact on internet security and work with some of the most talented people in the field.
Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, Apr 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness to learn from and work with industry partners. .
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
Cyber Guardian 2013 (Baltimore, Maryland, USA, Apr 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection, perimeter protection, hacker techniques, penetration testing, and advanced forensics. Cyber Guardian will feature the popular SANS NetWars Tournament on April 18-19, a hands-on, interactive training exercise.
A Dialogue on Cyber Warfare from Legal and Corporate Perspectives (New York, New York, USA, Apr 16, 2013) Conversation on Cyber Warfare and the LawThe Journal of Law & Cyber Warfare in partnership with the Columbia Society of International Law is honored to host this first cutting edge conference on the complex issues of cyber warfare.States are faced with the multi-faceted challenges of cyber warfare. No longer confined to the world of technology professionals and spies, these threats are a growing part of the daily lives of corporations and individuals. The constitution and legislation are both scarce and obsolete and the bench and the bar lack the resources and expertise to decide or advocate on these issues.
SANS 20 Critical Security Controls Briefing (Washington, DC, USA, Apr 18, 2013) The SANS Institute presents an Executive Briefing on the 20 Critical Security Controls.
Infosec Southwest 2013 (Austin, Texas, USA, Apr 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.
Mobile Device Security for Defense and Government (Alexandria, Virginia, USA, Apr 23 - 24, 2013) This Defense Strategies Institute conference addresses the challenges of operating mobile devices in networks whose security is mission critical. The symposium's overall theme will focus on DOD's plan to maximize the potential uses of mobile devices. Within specific key areas: wireless infrastructure, mobile devices and mobile applications. The thought leadership and community goal of this event is to advance flexible and secure mobile devices to benefit the warfighter and keep pace with changing technology.
Infosecurity Europe (London, England, UK, Apr 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every segment of the industry, it's the most important date in the calendar for Information Security professionals across Europe.
INSA Leadership Dinner Featuring Betty Sapp, Director, NRO (Reston, Virginia, USA, Apr 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community. Registration will open on Thursday, March 14 and will close Thursday, April 18.
23rd Annual Government Procurement Conference (Washington, DC, USA, Apr 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network with procurement officials from federal, state and local government agencies under one roof.
cybergamut CompTIA Security+Certification Boot Camp Training Program (Baltimore, Maryland, USA, Apr 29 - May 2, 2013) Security+ certification training delivers a foundational proficiency in the network security arena. Security+ Certified Professionals are better able and positioned to support small and medium-sized organizations that are at increased risk of cyber crime and other forms of security-related threats. Security+ certified professionals may now apply the CompTIA Security+ certification towards the Microsoft MCSA and MCSE Security certifications.
TechExpo Cyber Security Hiring Event (Columbia, Maryland, USA, Apr 30, 2013) A hiring event for experienced cyber security professionals, with many leading companies in attendance and interviewing on-the-spot. Learn from the distinguished speakers' panel, details of which will be forthcoming on the event site. All job-seekers should be US citizens with cyber security or IT experience. A security clearance is not required, but preferred.