The CyberWire Daily Briefing for 6.17.2014
Iraq's government moves to block social media as ISIS insurgents adeptly use Twitter in information operations.
With #OpWorldCup Anonymous succeeds in counting coup against various Brazilian sites. The principal successes appear to have been data breaches (achieved through phishing); denials-of-service and webpage defacements are also reported.
US officials (and satellite users) mull the significance of an increasingly sophisticated Chinese anti-satellite capability. While kinetic interceptors will draw the most headlines, cyber attack is the more proximate threat.
Rex Mundi's attack on French and Belgian Domino's Pizza has exposed the personal information of 650,000 customers and is now revealed as a cyber extortion caper: the crooks want €30,000 or they'll publish the stolen data. (One of our stringers remains shaken by the news that 650,000 francophones apparently eat take-out pizza.)
Last week's P.F. Chang's hack remains under investigation, with analysts so far seeing little stolen paycard data offered for sale. The Digital Citizens Alliance criticizes Google for not doing more to eliminate blackmarket paycard advertising from YouTube.
Caveat emptor: G DATA reports finding pre-loaded malware in Star's N9500 Android phone.
A new banking remote access Trojan (RAT), called either "Dyreza" or "Dyre," has surfaced. It introduces novel man-in-the-middle functionality. CSIS says Bank of America, Natwest, Citibank, RBS, and Ulsterbank are among the targets.
"Svpeng" financial ransomware has moved on from Russian targets and is now active in the US. In some good news, a decryption solution for Simplelocker has been released.
In the UK, GCHQ expands both web surveillance and cyber-intelligence sharing.
Notes.
Today's issue includes events affecting Belgium, Brazil, China, France, Germany, Iraq, Republic of Korea, Netherlands, Russia, Tunisia, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Iraqi government blocks social media (ComputerWeekly) The government in Iraq is reportedly blocking access to social media sites amid growing armed conflict in the country
How ISIS Games Twitter (The Atlantic) The militant group that conquered northern Iraq is deploying a sophisticated social-media strategy
#OpWorldCup: Anonymous Hacks Brazilian Govt, Police, Court, Globo TV and Cemig Telecom (HackRead) Anonymous has fulfilled its promise of conducting cyber attacks on the government of Brazil during football World Cup
Brazil's World Cup Of Cyber Attacks: From Street Fighting To Online Protest (Forbes) Spear-phishing, DDoS attacks, malware. While people are protesting in the streets of São Paulo or Rio de Janeiro against the organizers of the FIFA World Cup, which they see as a useless waste of money, taking place while the majority of the population is still struggling to make a living, another conflict is raging online
New Chinese Threats to U.S. Space Systems Worry Officials (National Defense) Last year, China launched a mysterious missile from its southwest region. While Chinese news sources said it was a scientific experiment, there is widespread speculation that the payload was a more advanced anti-satellite test
Hackers target Domino's Pizza, demand $40,000 ransom for customer data (Neowin) Hackers have targeted Domino's Pizza servers and claim to have downloaded details of over 650,000 customers. The group, calling itself Rex Mundi, has said that unless the company pays up €30,000 EUR (around $40,600 USD / £24,000 GBP) by today, it will publish the full database online
600,000 customer details compromised at Domino's (Help Net Security) Today's news that 600,000 customer records have been stolen from Domino's France and Belgium yet again raises questions about just how seriously large corporations and big brands are taking data protection. It is the second time in less than a month that we have seen customers' personal details compromised after the records of 145 million people were affected by the eBay breach
Domino's breach underlines value of personal data, say experts (ComputerWeekly) The latest cyber breach to hit a high-profile brand underlines the high value of personal data and the need for businesses to increase defences around such data, say security experts
P.F. Chang's Breach: 6 Key Developments (BankInfoSecurity) While the restaurant chain P.F. Chang's China Bistro has warned customers that their debit and credit card information may have been compromised in a data breach, several fraud experts say they have yet to see a related increase in fraud
Stolen Credit Card Info Relatively Easy to Find Via YouTube, Group Says (Re/Code) Thieves routinely sell stolen credit card numbers and other personal information via videos on YouTube, a new report by a nonprofit group alleged Monday
Android smartphone shipped with spyware (G DATA Security Blog) G DATA discovers dangerous computer malware in firmware of Android device
Another RAT crawls out of the malware drain (The Register) Dyreza/Dyre MITMs SSL sessions. Yet another banking trojan has appeared, using browser hooking to steal data from Internet Explorer, Chrome and Firefox users. Dyreza, or Dyre, is pitched the usual way, via a phishing e-mail (a lesson that's never learned well enough for the approach to fail), and the e-mail contains what purports to be a zipped document that actually drops the malware payload
Project Dyre: New RAT Slurps Bank Credentials, Bypasses SSL (Phishme) When analyzing tools, tactics, and procedures for different malware campaigns, we normally don't see huge changes on the attackers' part. However, in the Dropbox campaign we have been following, not only have the attackers shifted to a new delivery domain, but they have started to use a new malware strain, previously undocumented by the industry, named "Dyre". This new strain not only bypasses the SSL mechanism of the browser, but attempts to steal bank credentials
New banker trojan in town: Dyreza (CSIS) We have been analyzing a new piece of banking malware, which is targeting some major online banking services. Among many, we have verified the following to be on the target list: Bank of America, Natwest, Citibank, RBS, Ulsterbank
Malicious Web-based Java applet generating tool spotted in the wild (Webroot Threat Blog) Despite the prevalence of Web based client-side exploitation tools as the cybercrime ecosystem's primary infection vector, in a series of blog posts, we've been emphasizing on the emergence of managed/hosted/DIY malicious Java applet generating tools/platforms, highlighting the existence of a growing market segment relying on 'visual social engineering' vectors for the purpose of tricking end users into executing malicious/rogue/fake Java applets, ultimately joining a cybercriminal's botnet
Financial ransomware now targeting U.S. users (Help Net Security) Although the GameOver Zeus botnet and CryptoLocker ransomware have been disrupted, it is still too early for a victory celebration. First, the two week deadline expires on June 17th, leaving just one week left before cybercriminals could regain control of their botnet. Second, stories of the GameOver Zeus and CryptoLocker campaign have already spawned a number of copycats among mobile malware writers
Police tell UK public they have only hours to combat GameOver Zeus malware (Graham Cluley) Two weeks ago, the National Crime Agency had a scary message for computer users up and down the United Kingdom
Mobile protection from botnets and ransomware (ProSecurityZone) David Emms of Kaspersky Lab comments on the disruption of GameOver Zeus and CryptoLocker and the need for mobile users not to lower their guard
Evernote forum hacked, some users warned passwords could be exposed (Graham Cluley) Evernote's official discussion forum has suffered a security breach, which has allowed hackers to access user's profile information and (in some cases) password hashes
Hacked Synology NAS systems used in high-profit cryptocurrency mining operation (ComputerWorld) A hacker exploited publicly known vulnerabilities to install malware on network-attached storage systems manufactured by Synology and used their computing power to generate Dogecoins, a type of cryptocurrency
Hacking into someone's webcam isn't funny (Graham Cluley) Last year I described how American comedian Jack Vale had demonstrated how careless Twitter and Instagram users were with their privacy, and duly freaked them out
DNS servers still sitting ducks inside many organisations, IDC survey finds (TechWorld) Awareness of risk high but protection low
If It Sounds Too Good To Be True… (Krebs on Security) The old adage "If it sounds too good to be true, it probably is" no doubt is doubly so when it comes to steeply discounted brand-name stuff for sale on random Web site, especially sports jerseys, designer shoes and handbags. A great many stores selling these goods appear to be tied to an elaborate network of phony storefronts and credit card processing sites based out of China that will happily charge your card but deliver nothing (or at best flimsy knockoffs)
The latest stage in the evolution of content piracy is apps that look like they're legal (Quartz) Online streaming companies are booming. Netflix has now amassed more than 46 million paying subscribers for its video content, both original and licensed. Spotify has convinced 10 million people to pay it each month for unlimited and offline access to its vast library of music
1-15 June 2014 Cyber Attacks Timeline (Hackmaggedon) It just looks like attackers are enjoying the beginning of the Summer, since the first half of June confirms the decreasing trend
Security Patches, Mitigations, and Software Updates
For Internet Explorer 11 users, no update now means no security fixes (Ars Technica) Windows Update no longer offers patches for the original IE11 release
Windows 2003: Microsoft's next support sinkhole (InfoWorld) Microsoft won't support Windows Server 2003 after July 2015, and businesses need to think about migration sooner, not later
Analysis of 3000 vulnerabilities in SAP (Help Net Security) According to official information from SAP portal, more than 3000 vulnerabilities have been closed by SAP
Comcast is turning your home router into a public Wi-Fi hotspot (KSPR 33) So far, company has turned 3M home devices into public ones
Cyber Trends
Cyber security (Energy Global) Energy firms are facing an ever-increasing risk from cyber-attacks. According to global insurer Willis, the future cost of such attacks will reach US$ 1.87 billion by 2018. Robin Somerville, Communications Director for Willis' Global Energy Practice, believes a major cyber-attack on the energy industry 'is only a matter of time'
Cyber technology gap divides financial and energy sectors (E&E news) The Citadel cybercrime connection, which has raided bank accounts around the world, was hit hard last year by a team of software firms and a sophisticated financial services organization that is deploying automated systems to share, analyze and block cybersecurity threats in tandem with the Department of Homeland Security
The public/private imperative to protect the grid (Federal Times) Last week, three high-powered flares erupted from the Sun in a single 24-hour period, emitting electro-magnetic energy particle toward Earth and throughout the Solar System. The flares were categorized as X-class flares, capable of inflicting damage to the electrical grid
Is full disclosure always a good idea? (Talk Tech to Me) Today's public demands far more transparency than in the past — from government agencies, publicly traded corporations, even privately held companies and individuals. The clamor for "full disclosure" comes from both sides of the political aisle and extends across a wide range of industries. We want to know everything about everything: top secret war plans, business financials, what celebrities wear (or don't wear) to bed — and yes, what security vulnerabilities have been discovered in computer software
Marketplace
Cyber security an economic opportunity, says UK government (ComputerWeekly) "Cyber security should not be seen as a necessary evil," says Francis Maude, minister for the Cabinet Office
Microsoft to cooperate with Qihoo 360 amid security concerns in China: Xinhua (Business Recorder) Microsoft Corp will work with Chinese Internet security specialist Qihoo 360 Technology Co on mobile Internet and artificial intelligence technology, state media reported, as the U.S. software giant fights security concerns in the country
Black Lotus Communications Launches New Scrubbing Centers in Virginia and Amsterdam (Broadway World) Black Lotus Communications, a provider of availability security and distributed denial-of-service (DDoS) protection, today announced that two new network traffic scrubbing centers in Ashburn, Virginia and Amsterdam, Netherlands are now live
Q&A: Black Lotus Strives to Get Ahead of DDoS Curve (Channelnomics) As cyberspace evolves, security, speed and reliability are ongoing concerns. That is why Black Lotus, a provider of distributed denial of service (DDoS) solutions, is focused on building strategic relationships that offer the company new avenues to improve the customer experience
Procera Networks Receives ContentLogic Order From Tier 1 EMEA Mobile Operator (MarketWatch) Follow-on software order delivers parental control services on existing PacketLogic solutions
Vodafone buys into Internet of Stuff, sinks fangs into Cobra (The Register) Gets vehicle-tracker tech for a cool €145m
BofA/Merrill Lynch Downgrades Booz Allen Hamilton (BAH) Two-Notches to Underperform (StreetInsider) BofA/Merrill Lynch downgraded Booz Allen Hamilton (NYSE: BAH) from Buy to Underperform with a price target of $22.00
Former National Security Agency Internet specialist gets funds for e-mail security tool (Washington Post) A District-based cyber start-up founded by two brothers, one of whom is a former National Security Agency Internet specialist, is receiving $10 million from big-name investors who are betting that the firm's product will set a standard for universal e-mail security
Good steps up mobile security push with Fixmo acquisition, new tools (IDG via NetworkWorld) Mobile device management company Good Technology is stepping up its efforts to attract organizations that want to leave BlackBerry behind by acquiring assets from Fixmo and launching a new secure mobile collaboration app
Products, Services, and Solutions
Bitdefender vs Kaspersky — An Overview of Features and Drawbacks (The Fuse Joplin) Both the antivirus softwares are verified as effective and efficient softwares to battle Trojans, malwares, spyware and viruses and both are available as boxed softwares
AhnLab's mobile security software recognized (Korea Times) AhnLab, a leading security software firm in Korea, proved its technological caliber in the mobile security software sector with its product receiving high marks from an international test agency
Lynis v1.5.6 Released (Toolswatch) Lynis is an auditing tool which tests and gathers (security) information from Unix based systems. The audience for this tool are security and system auditors, network specialists and system maintainers
User-shaming robot Pic Nix banned by Instagram (Naked Security) Is your Instagram experience polluted by people who post too many selfies? Cat photos? Pictures of food?
Cyberdéfense : Bertin IT déploie une plateforme pilote de sécurisation de linformation à l'état major des armées (Theatrum-Belli) Bertin IT vient de lancer le déploiement expérimental de sa plateforme logicielle de sécurisation des systèmes d'information sensibles, PolyXene, à l'Etat-Major des Armées. Ce déploiement, qui s'étalera jusqu'à fin 2014, s'inscrit dans le cadre d'une longue collaboration de Bertin avec la Direction Générale de l'Armement (DGA), menée au travers du Programme d'Etude Amont (PEA) SINAPSE. Le système sera en démonstration sur le stand de la DGA à Eurosatory
Amazon AWS continues to use TrueCrypt despite project's demise (IDG via CSO) The first paragraph of the story "Amazon AWS continues to use TrueCrypt despite project's demise," posted Friday, mischaracterized the limitations on the options for encrypting data imported to or exported from the Amazon Simple Storage Service (S3). It is the AWS Import/Export tool that only supports TrueCrypt as a means of encryption
Technologies, Techniques, and Standards
Five great computer security tips that few people follow (Help Net Security) If you're an infosec professional, you probably know a ton of security tips and best practices; use a firewall, update antivirus, patch regularly, adhere to the least privilege principle, don't click unsolicited attachments, and so on. Chances are, you probably have implemented most, if not all, of those important best practices already
How Not To Respond To A DDoS Attack (Dark Reading) Common mistakes made by victims of distributed denial-of-service attacks
A Roadmap for CIOs & CSOs After the Year of the Mega Breach (Dark Reading) The journey starts with three steps: Engage the C-suite, think like a hacker, and look at the big picture
How to Anonymize Everything You Do Online (Wired) One year after the first revelations of Edward Snowden, cryptography has shifted from an obscure branch of computer science to an almost mainstream notion: It's possible, user privacy groups and a growing industry of crypto-focused companies tell us, to encrypt everything from emails to IMs to a gif of a motorcycle jumping over a plane
Simplelocker Gets Decrypted (Softpedia) Simon Bell, the UK student that presented an in-depth analysis of the Simplocker code, has just released the solution for decrypting the files taken hostage by the ransomware
A new defense against kernel-mode exploits (Help Net Security) Over the past many years, there've been a plethora of security solutions available for Windows-based endpoints, but most of them are helpless against malicious code targeting the kernel — even when we employ layered security and stack them one upon the other
You can't spell "cryptography" without a "why" (Amtel) When considering adding cryptography to an embedded system (or any other information system) manufacturers always ask: "Why do I need cryptography?" That is, unless they have already been burned by a security breach. The answer is quite simple: "Because you have a lot to lose and the dangers are multiplying every day"
Design and Innovation
FTC Launches Contest at DEF CON 22 to Help Track Down Perpetrators of Illegal Robocalls (Federal Trade Commission) The Federal Trade Commission is looking to expand the technological arsenal that can be used in the battle against illegal phone spammers by challenging DEF CON 22 attendees to build the ultimate "honeypot" to lure in and identify perpetrators of illegal robocalls. A robocall honeypot is an information system designed to attract robocallers, which can help experts and law enforcement authorities understand and combat illegal calls
Research and Development
Accountable HTTP seeks to increase data privacy through transparency (ITWorld) MIT researchers have a developed a protocol to let us see who's using our information
Academia
Britain's Top Code Breakers Announced as Cyber Security Challenge Schools Champs (Infosecurity Magazine) Cabinet Office co-sponsors pioneering program to find best country's best young coders
Cyber Students face off at Louisiana Tech University (Bossier Press) With the school year ending in May, most high school teachers and students are enjoying a well-deserved summer vacation pool-side, on beaches, or in the mountains. However, over 30 teachers and 90 students from high schools across the region have spent the beginning of their summer break in the world of cyberspace at the 7th annual Cyber Discovery camp at Louisiana Tech University
Legislation, Policy, and Regulation
British Spy Agencies Are Said to Assert Power to Intercept Web Traffic (New York Times) In a broad legal rationale for collecting information from Internet use by its citizens, the British government has reportedly asserted the right to intercept communications that go through services like Facebook, Google and Twitter that are based in the United States or other foreign nations, even if they are between people in Britain
GCHQ to share threat intel — and declassify SECRET inventions (The Register) Inspector Gadget watch? IP with no 'secret applications', sadly
UK's cyber security strategy enters collaborative phase (SC Magazine) Cabinet Office Minister Francis Maude looks back at two years of the National Cyber Security Programme and says that public-private collaboration is key to protecting British businesses from cyber attacks
The digital arms race — and what is being done to fight it (The Guardian) With surveillance-security software on the rise, the fight against the use of espionage malware on citizens is gathering steam
Canada's Anti-Spam Legislation (CASL) 2014 (Internet Storm Center) Canada recently passed anti-spam legislation. Starting July 1 2014, organizations now need consent to send unsolicited emails or other electronic communications, which includes text messages, faxes and anything else you might think of. This doesn't cover just mass marketing, a single email to a single person is covered in this new legislation
Litigation, Investigation, and Law Enforcement
LinkedIn Faces Lawsuit Over Privacy Violation (InfomationWeek) US federal judge orders LinkedIn to face a lawsuit that claims the social network sent emails to users' contacts without their consent
UK Supreme Court Extends Pool of Whistleblowers (Willis Wire) The cornerstone of protection for UK employees against discrimination based on whistleblowing is Section 2 of the UK Public Interest Disclosure Act 1998
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
SiliconExpert Counterfeit Electronic Component Detection & Avoidance (Webinar, Jul 10, 2014) Join us for a free 60 minute webinar with Dr. Diganta Das from the University of Maryland's Center for Advanced Life Cycle Engineering (CALCE), which is a research leader in the area of counterfeit electronics prevention and avoidance.
2014 Spring National SBIR Conference (Washington, DC, USA, Jun 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs that encourage small businesses to engage in Federal Research/Research and Development (R/R&D) and to commercialize your technological innovations.
18th Annual Colloquium for Information Systems Security Education (, Jan 1, 1970) The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's goal is to work together to define current and emerging requirements for information assurance education and to influence and encourage the development and expansion of information assurance curricula, especially at the graduate and undergraduate levels.
MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, Jun 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on challenges, and discuss what is needed for the future of cyber security. This year's program will begin with a keynote from White House Federal Agency Cybersecurity Director John Banghart, followed by panel sessions on continuous diagnostics & mitigation (CDM), data breach, and identity management.
Suits and Spooks New York (, Jan 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks New York will return to Soho House on October 2-3, 2014. Stay tuned for our speaker list and agenda coming this summer.
SANSFIRE (Baltimore, Maryland, USA, Jun 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.
26th Annual FIRST Conference (Boston, Massachusetts, USA, Jun 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.
Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, Jun 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.
AFCEA International Cyber Symposium (Baltimore, Maryland, USA, Jun 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the AFCEA International Cyber Symposium will engage the key players, including the U.S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The operational theme "Cyber Awakening: Protecting a Nation's Cyber Security" will explore the aspects of operational security of U.S. Government, DoD and Industry Networks, cyber cooperation among Joint and Coalition partners, and discuss the training and development of the cyber workforce.
AFCEA Information Technology Expo at Joint Base Lewis-McChord (JBLM) (, Jan 1, 1970) Federal Business Council, Inc. (FBC) and the Armed Forces Communications & Electronics Association (AFCEA) Pacific Northwest Chapter (PNC) will be partnering once again to co-host the 4th Annual Information Technology Expo set to take place at Joint Base Lewis-McChord (JBLM) on Thursday, June 25, 2014. The purpose of this annual event is to allow JBLM personnel the opportunity to evaluate the latest Information Technology advancements, as well as to learn about cyber security best practices and remediation strategies.
United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, Jun 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.
2nd Annual Oil & Gas Cyber Security Conference (Houston, Texas, USA, Jul 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT networks and building a technologically sound incident response plan that will enhance the security and protection of ICS and SCADA networks.
SINET Innovation Summit (New York, New York, USA, Aug 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration on mutual Cybersecurity research projects.
Security Startup Speed Lunch DC (Washington, DC, USA, Jul 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch. You'll have 6 minutes to pitch your product to a Director or higher-level executive at a private table in an exclusive setting.