The CyberWire Daily Briefing 06.10.14

Summary

By The CyberWire Staff

Another Chinese unit, for now going by the nom de guerre "Putter Panda," has been fingered by researchers investigating cyber attacks on US and European defense and aerospace sectors. Crowdstrike associates Putter Panda with Unit 61486 of the People Liberation Army's (PLA's) Third General Staff Department, and says the cyber espionage crew has been operating since 2007. Five members of sister Unit 61398 were indicted in the US; official US response to this freshly identified unit is awaited. One interesting sidelight: a brochure for a yoga studio in Toulouse, France, appears to have been one of Putter Panda's more effective spyware vectors.

Sino-US relations remain vexed as an incipient trade war brews and China officially decries American "bellyaching."

The World Cup runneth over with phishing spam, cyber attacks on sponsors, and a social media boycott campaign. The final issue of this hacktivist and criminal activity remains in doubt, but Anonymous seems to have staked its reputation on delivering at the very least serious cyber nuisance.

RSA researchers find a modular ZeuS alternative for sale on the cyber black market.

A new exploit kit, RIG, is delivering CryptoWall ransomware in the wild.

A "red button" flaw exposes smart televisions to exploitation.

Worries about ATM security have recently focused on the machines' lingering dependence on Windows XP, but two teenagers find a simpler vulnerability hiding in plain sight: they were able to compromise Bank of Montreal ATMs after finding an operator's manual freely available online. (They're not crooks; they informed the bank.)

Notes.

Today's issue includes events affecting Australia, Canada, Brazil, China, Russia, United Kingdom, and United States..

We're filing today's issue from the Cyber 5.0 conference, meeting today on the campus of the Johns Hopkins University Applied Physics Lab in Laurel, Maryland, USA. Follow our conference tweets @thecyberwire, #MDgovconnects. We'll devote a special issue to Cyber 5.0 in tomorrow's CyberWire.

Selected Reading

Cyber Trends

How Much Did Cybercrime Cost the World in 2013? (CBR) Cybercrime cost the global economy an estimated $445bn last year, up to a fifth of the value generated by the internet, says security firm McAfee

Upsurge In Hacking Makes Customer Data 'Toxic' To Retailers (Reuters via Business Insider) With hackers stealing tens of millions of customer details in recent months, firms across the globe are ratcheting up IT security and nervously wondering which of them is next

What data breaches teach us about the future of malware: Your own data could dupe you (PCWorld via MSN Tech & Gadgets) When a eBay suffered a massive data breach a few weeks ago, most of the attention revolved around the compromise of passwords and the vulnerabilities in the site's security. While those are legitimate concerns, they obscure the most glaringly weak link in the security chain: people

GAO: Maritime security plans don't address cyber threats (FierceHomelandSecurity) Maritime security plans at three high-risk U.S. ports do not address how to assess, manage and respond to cybersecurity threats, according to a Government Accountability Office assessment of their policies and plans

Banks warn Britain's financial system remains at high-risk of cyber (The Drum) The British Bankers' Association is to host a conference of financial institutions, as well as Interpol and Europol, the United Nations, Cabinet Office and Home Office tomorrow as part of efforts to shore up Britain's vulnerable financial system from attack by criminals and enemy states

Have today's privacy policies made us a society of liars? (Help Net Security) The importance of data privacy is becoming more and more prevalent: From major retailer breaches to identity and healthcare theft, the general public is growing more aware of the risk of data breaches and the importance of data privacy in all aspects of their online lives. In fact, a recent GfK survey of U.S. citizens found that 88 percent of respondents are concerned about the privacy of their personal data

Breakdown of traditional security models and strategies (Help Net Security) Increasing adoption of a more mobile, social, data-driven and consumer-like workplace is causing the breakdown of traditional security models and strategies, according to Gartner, Inc

XPocalypse, not now (ComputerWorld) Didn't hackers get the memo? They were supposed to be exploiting the unpatched Windows XP

The Link between Windows XP Users and Spam Volume (eSecurity Planet) Second quarter IBM X-Force Threat Intelligence report finds an uptick in spam volume

Legislation, Policy and Regulation

Chinese military responsible for some cyber attacks on U.S. federal systems, DoD says (FierceGovernmentIT) The Defense Department said some cyber attacks to federal and other global computer systems can be "attributable directly to the Chinese government and military," in its annual report to Congress

Annual Report to Congress: Military and Security Developments Involving the People's Republic of China 2014 (US Department of Defense) The People's Republic of China (PRC) continues to pursue a long-term, comprehensive military modernization program

China Slams Pentagon Report on Its Military: End This Annual 'Belly-Aching' (CNSNews) Criticizing the latest Department of Defense report on Chinese military developments, Beijing called the legally-mandated assessment to Congress "annual belly-aching" that should be abandoned

NSA Reform Bill Could Allow The Agency To Spy On More Phone Calls (Daily Caller) The major National Security Agency surveillance reform bill currently under consideration in the Senate could "potentially" allow for even more spying on Americans' phone calls, according to testimony from the upper chamber

Big tech walking fine line on data (Politico) A year after Edward Snowden shocked citizens with details of how much of their lives are being snapped up by the National Security Agency, tech giants have sounded alarms about the government's practices — but maintained near radio silence about their own data-collection efforts

Whitehall considers security shake-up (Government Computing) Untangling of security groups mooted to beef up and simplify oversight and governance

Jennifer Kerber to Lead GSA's Cloud Credential Program (ExecutiveGov) Jennifer Kerber, executive director of the nonprofit Government Transformation Initiative for a year, will join the General Services Administration's office of citizen services and innovative technologies to oversee its cloud credential program

Products, Services, and Solutions

Lancope's StealthWatch Labs Conducts Advanced Research to Help Customers Fend Off Heartbleed and CryptoLocker Attacks (MarketWatch) Highly skilled research team provides tools for effective and continuous response to today's most damaging threats

Beepip unleashes email Snowden would be proud of (CoinTelegraph) When it comes to privacy, the shortcomings of email have been touted for years by various groups. Now an alternative seeks to use cryptography to decentralize private messaging over the internet

F-Secure releases one-click test for PCs infected by GameOver Zeus botnet (Beta News) Last week Microsoft boasted of aiding law enforcement in the take-down of the GameOver botnet, one of the leaders in the theft of banking information. However, Microsoft was not the only tech entity involved, and the death notice may have been a bit premature

Technologies, Techniques, and Standards

Kim Dotcom Can Encrypt Your Files. Why Can't Google? (Wired) On the one-year anniversary of Edward Snowden's first NSA document leaks, Bahaa Nasr spent the day in Beirut, teaching a roomful of Middle East activists how to thwart the kind of government-backed spying that Snowden so shockingly exposed

What you gonna do when they say good-bye? (FierceMobileIT) BYOD users could take more than their devices with them when they leave

NIST guidance helps agencies break from static IT system reauthorization cycle (FierceGovernmentIT) In a November 2013 memorandum, the Office and Management and Budget told agencies they could abandon a security reauthorization process required every three years in favor of ongoing authorization of information systems. Now, the National Institute of Standards and Technology is advising agencies on how exactly to make that transition

Supplemental Guidance on Ongoing Authorization Transitioning to Near Real-Time Risk Management (NIST, US Department of Commerce) Office of Management and Budget (OMB) Memorandum M-14-03, Enhancing the Security of Federal Information and Information Systems, stated that, "Our nation's security and economic prosperity depend on ensuring the confidentiality, integrity and availability of Federal information and information systems"and directs the National Institute of Standards and Technology (NIST) to publish guidance establishing a process and criteria for federal agencies to conduct ongoing assessments and authorization

New cyber security award launched to protect businesses online (Blackmore Vale Magazine) A new government cyber security scheme, which shows businesses' consumers that measures are in place to defend against common cyber threats, has been launched

Five ways to avoid costly compliance risks (Help Net Security) When it comes to violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules, the stakes can be high. Recently, the New York Presbyterian Hospital and Columbia University agreed to settle, in the amount of $4.8 million, charges that they potentially failed to secure thousands of patients' electronic protected health information (ePHI) held on their network

In Praise Of Shadow IT (InformationWeek) 80% of those employed by enterprises larger than 1,000 people circumvent IT to use cloud-based tools, new research says. I say let them

Marketplace

China-U.S. cyber spat risks corporate casualties (Reuters) China's security spat with the United States risks corporate casualties on both sides. The People's Republic has responded to U.S. allegations of cyber spying by targeting American tech companies. A continuing dispute could lead to blocked deals in the United States and lost sales in China. Though companies can try to ease concerns, it's hard for them to escape a political escalation

Microsoft, Qihoo 360 Sign Tie-up Deal (CRI) Microsoft and China's leading Internet security company Qihoo 360 on Monday signed a cooperation deal covering mobile Internet and artificial intelligence, underscoring the multinational's determination to further tap the Chinese market

MACH37™ Stars Mentor Network Begins Global Expansion Phase (Digital Journal) The MACH37™ Cyber Accelerator announced the expansion of its Stars Network with a global call for new members. The Stars Network includes successful cybersecurity entrepreneurs, domain experts, and industry thought leaders from throughout the United States. These mentors have committed to helping MACH37™ entrepreneurs validate their disruptive cybersecurity concepts and prepare their companies for investment

Microsoft founder Bill Gates sells off G4S shares (ComputerWorld) G4S is still recovering from an electronic monitoring scandal where it overcharged the UK government millions of pounds

DHS I&A workforce issues of significant concern, says GAO (FierceHomelandSecurity) The Homeland Security Department must address how it can develop and maintain a skilled workforce within the office of intelligence and analysis, says the Government Accountability Office

The new era of cyberinsurance (Examiner) Data breaches, work interruption and network damage along with the intangible losses to business reputation for security are among the issues facing businesses. Cyberinsurance has become a priority business expense in planning in the new era for cyber-attacks, according to The New York Times

Cyberattack Insurance a Challenge for Business (New York Times) Julia Roberts's smile is insured. So are Heidi Klum's legs, Daniel Craig's body and Jennifer Lopez's derrière. But the fastest-growing niche in the industry today is cyberinsurance

Cyber Insurance May Be Vital, But Not Widely Available (Live Insurance News) Retailers may need to begin taking cyber liability insurance more seriously. The world is becoming more digital and businesses are beginning to follow consumers into the digital space in order to better accommodate their needs. This means that a growing number of businesses are beginning to expose themselves to digital threats, and these businesses may not be equipped to handle these threats in their various forms. Businesses have yet to fully comprehend the risks that are inherent in digital world and as such are falling prey to malicious groups that would exploit sensitive information

Radware Receives Multi-Million Cyber-Attack Mitigation Contract From Global Cloud Provider (MarketWatch) Radware's attack mitigation system chosen to protect multiple datacenters in the U.S. and abroad

Research and Development

"Turing Test" allegedly defeated — is it time to welcome your robot overlords? (Naked Security) I'm sure you have heard of, and indeed at some time faced up to and solved, a CAPTCHA

Security Patches, Mitigations, and Software Updates

Google to flag 'right to be forgotten' censored search results (Naked Security) Google may be forced to forget about you, but it just might stick a flag on the search results it's reluctantly expunged

iOS 8 Will Randomize Mac Addresses to Help Stop Tracking (Threatpost) Apple enthusiasts have been poring over the feature list for iOS 8, due out this fall, geeking out over the tighter integration among all iOS devices, the improved mail app and myriad other bells and whistles. But perhaps the most important change is a subtle one hidden beneath the covers that will help prevent much of the tracking of mobile devices that's done through WiFi hotspots

Cyber Attacks, Threats, and Vulnerabilities

Second China unit accused of cyber crime (Financial Times) A second Chinese military unit has been accused of cyber crime, just weeks after the US charged five Chinese officers with alleged economic espionage

Chinese military tied to prolific hacking group targeting US aerospace industry (Ars Technica) In operation since 2007, "Putter Panda" is latest group to be implicated by researchers

Chinese cyberspies targeting U.S, European defense, space sectors (CSO) Security vendor CrowdStrike identifies group with ties to the Chinese military targeting U.S. defense and European satellite and aerospace industries

The World's Cup's biggest corporate sponsors are already being ambushed (Quartz) FIFA, the organization behind the World Cup, will reap an estimated $1.6 billion from corporate sponsorships of the 2014 edition of the planet's biggest sporting event. In exchange for large sums of money, multinational corporations can market their association with the tournament in their own ads, and get their brands seen by the enormous audiences the tournament will attract. So expect to see the following logos on plenty of field-side billboards over the next few weeks

Phishing Sites Intensify World Cup Campaigns (TrendLabs Security Intelligence Blog) With the 2014 FIFA World Cup in Brazil about to kick off in less than a week, it should be no surprise that phishing sites have intensified their own spam campaigns targeting Brazilians as well

#NotGoingtoBrazil hits Twitter: a campaign against 2014 World Cup in Brazil (HackRead) Protests against the FIFA World Cup 2014 to be held in Brazil has now turned to Twitter to garner support against the World Cup expenditure of nearly US$11 billion, which could have been otherwise used to address the prevalent poverty and its related issues in Brazil, according to media reports

RSA researchers discover new alternative to Zeus (CSO) The modular Trojan is being offered to criminals as an alternative to Zeus

RIG Exploit Kit Pushing Cryptowall Ransomware (Threatpost) With Cryptolocker quite possibly on its way to becoming yesterday's ransomware news after the successful takedown of part of its distribution infrastructure, alternatives are already available

RIG Exploit Kit Strikes Oil (Cisco) In the last month we have observed high levels of traffic consistent with the new "RIG" exploit kit (EK), as identified by Kahu Security. This new EK reportedly began being advertised on criminal forums in April, which coincides with when we first began blocking this traffic on April 24th

'Red button' flaw leaves smart TVs open to cyber attack (The Telegraph) A flaw in the standard that governs how broadcast streams are combined with web technologies leaves smart TVs open to cyber attack

Kids with operator's manual alert bank officials: "We hacked your ATM" (Ars Technica) Bank of Montreal gets schooled by teens who accessed owner's manual online

How 14-Years-Old coders hacked the ATM Machine (Hackers News Bulletin) The smallest security researcher we reported here is 14-Years-Old and again the same age students hacked a Bank of Montreal ATM in WINNIPEG and informed the BANK about how they were able to do that

Social Engineering Watch: UPATRE Malware Abuses Dropbox Links (TrendLabs Security Intelligence Blog) Threats like UPATRE are continuously evolving as seen in the development of the techniques used so as to bypass security solutions. UPATRE malware are known downloaders of information stealers like ZeuS that typically spread via email attachments. We recently spotted several spam runs that use the popular file hosting service Dropbox. These use embedded links lead to the download of UPATRE malware variants. What is noteworthy in these spam attacks is that it is the first instance we saw TROJ_UPATRE being deployed via URL found in an email message

Cybercriminals Steal News Headlines for KULUOZ Spam Campaigns (TrendLabs Security Intelligence Blog) Last April, we reported a KULUOZ spam campaign using the South Korean ferry sinking tragedy, one that came hot at the heels of the actual event itself

iOS Malware Does Exist (Fortinet Blog) With our FortiGuard Labs reporting that 96.5% of all mobile malware is Android based it would be easy to see why someone might opt for an iPhone. But, users beware. Don't write off iOS as the secure alternative to Android just yet! Despite, Android malware being nearly an epidemic, or as Tim Cook referenced, "a toxic hellstew", iOS is not immune

Walgreens Acknowledges Insider Breach (eSecurity Planet) An undisclosed number of customers' names, birthdates and Social Security numbers may have been stolen by a former employee

After Heartbleed, We're Overreacting to Bugs That Aren't a Big Deal (Wired) Here's something else to blame on last April's Heartbleed security bug: It smeared the line between security holes that users can do something about, and those we can't. Getting that distinction right is going to be crucial as we weather a storm of vulnerabilities and hacks that shows no sign of abating

Academia

Drop out of college; earn a six-figure salary coding (ITWorld) A four year degree isn't the only path to a great development job — if you have the coding chops

Litigation, Investigation, and Enforcement

How Much Did Snowden Take? Not Even the NSA Really Knows (Newsweek) It was just over a year ago this week that former U.S. intelligence contractor Edward Snowden leaked a trove of secret National Security Agency documents detailing the agency's massive online spy program. What and how much Snowden took remains a mystery. On Tuesday, James Clapper, the director of National Intelligence, told The Washington Post that Snowden took less than the agency previously thought

Watchdog rebuffed on EPA data turns to NSA (Washington Times) A pro-business watchdog group sued the National Security Agency on Monday, demanding that the spy agency turn over metadata logs for some phones registered to top EPA officials in a pioneering legal maneuver that seeks to use the government's own secret data to check up on other agencies

Did Microsoft hand the NSA access to encrypted messages? (CFO World) In July last year, when the news broke that Microsoft had allegedly collaborated closely with US intelligence services to allow users' communications to be intercepted, it severely dented the image of the tech giant

To defeat encryption, feds deploy the subpoena (Ars Technica) Drop boxes, secured or not, are all the post-Snowden rage and ripe for subpoenas

NSA: Our systems are so complex we can't stop them from deleting data wanted for lawsuit (Washington Post) The National Security Agency recently used a novel argument for not holding onto information it collects about users online activity: it's too complex

Ransom-taking iPhone hackers busted by Russian authorities (Naked Security) The mystery of the ransom messages from "Oleg Pliss," and the iDevice locking attack that popped up in Australia and the US last month, appears to have been solved

Hacker Fined $8,000 for Government Cyber Attack (eSecurity Planet) Delson Moo Hiang Kng placed an offensive image on the website of the president of Singapore's official residence

Tax Preparer Gets Five Years for Identity Theft (eSecurity Planet) Louis Francois was also ordered to pay $355,000 in restitution

Design and Innovation

German startup raises $2M for NSA-proof server (Help Net Security) A German startup has broken crowdfunding records as it managed to get pledges for 1.5 million Euros (around $2 million) in less than a few hours

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Cyber 5.0 Conference (Laurel, Maryland, USA, June 10, 2014) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure.

What to Consider when Preparing to Purchase Cyber Insurance Webinar (Webinar, June 11, 2014) With the many cyber/data breach insurance policies that are available today, there are important considerations that organizations need to know before purchasing cyber/data breach insurance coverage. Join Christine Marciano, Cyber Insurance Expert and President, Cyber Data Risk Managers for this informative webinar to learn what your organization needs to consider before purchasing cyber/data breach insurance coverage.

NRC Cyber Security Seminar/ISSO Security Workshop (Bethesda, Maryland, USA, June 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates. The event will be promoted agency-wide. Exhibit tables will be set-up just outside the Auditorium and companies will have the opportunity to demo their latest technologies to NRC's IT personnel. A complete agenda will be posted once all speakers are confirmed.

SC Congress Toronto (Toronto, Ontario, Canada, June 17 - 18, 2014) SC Congress Toronto is Canada's premier information security conference and expo experience. Join us for this year's SC Congress Toronto on June 17-18, 2014! The two-day gathering brings industry thought leaders together with the latest technology service solutions to provide you with the answers you need to secure your enterprise network.

MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on challenges, and discuss what is needed for the future of cyber security. This year's program will begin with a keynote from White House Federal Agency Cybersecurity Director John Banghart, followed by panel sessions on continuous diagnostics & mitigation (CDM), data breach, and identity management.

SANSFIRE (Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.

26th Annual FIRST Conference (Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.

Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.

AFCEA International Cyber Symposium (Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the AFCEA International Cyber Symposium will engage the key players, including the U.S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The operational theme "Cyber Awakening: Protecting a Nation's Cyber Security" will explore the aspects of operational security of U.S. Government, DoD and Industry Networks, cyber cooperation among Joint and Coalition partners, and discuss the training and development of the cyber workforce.

United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, June 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.

INSCOM Cyber Day (Fort Belvoir, Virginia, USA, July 9, 2014) Cyber-industry vendors are invited to participate in the upcoming Cyber Day hosted by the United States Army Intelligence and Security Command (INSCOM), located at Ft. Belvoir. U.S. Army Cyber (AR Cyber) is collocated with INSCOM. This event will provide industry vendors the opportunity to showcase the latest cyber products and demos to the Fort Belvoir INSCOM community in a one-day tradeshow.

SiliconExpert Counterfeit Electronic Component Detection & Avoidance (Webinar, July 10, 2014) Join us for a free 60 minute webinar with Dr. Diganta Das from the University of Maryland's Center for Advanced Life Cycle Engineering (CALCE), which is a research leader in the area of counterfeit electronics prevention and avoidance.

2nd Annual Oil & Gas Cyber Security Conference (Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT networks and building a technologically sound incident response plan that will enhance the security and protection of ICS and SCADA networks.

Security Startup Speed Lunch DC (Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch. You'll have 6 minutes to pitch your product to a Director or higher-level executive at a private table in an exclusive setting.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.