The CyberWire Daily Briefing 07.03.14

Cyber Trends

Hackers Find Open Back Door to Power Grid With Renewables: Tech (Bloomberg) Making the electricity grid greener is boosting its vulnerability to computer hacking, increasing the risk that spies or criminals can cause blackouts

Report: DDoS attacks down, gov't increasingly a target (SC Magazine) Distributed denial-of-service (DDoS) attack traffic declined in the first quarter of 2014 and China held on to the top spot as the country from which the most attack traffic originated, according to observations disclosed by Akamai in its "State of the Internet Report" for the first quarter of 2014

IT Concerns Over Ransomware Increasing (VAR Guy) Security training awareness provider KnowBe4 released the results of its June survey on ransomware, which found that more IT professionals are concerned with falling victim to attacks that could compromise their enterprise data, compared to a similar survey conducted in January

A Lack of Communication on Cyber Security Will Cost Your Business Big (Infographic) (Entrepreneur) When it comes to cyber security, most CEOs don't get it. That was the conclusion of a recent survey of IT security professionals on the state of their companies' defenses against data leaks or malicious attacks

Stuxnet, just the beginning? (SC Magazine) As we rush into the Internet of Things, Mike Ellis suggests we remember Stuxnet, and how the data transferred between objects needs to be protected

Physical location of data will become increasingly irrelevant (Help Net Security) The physical location of data still matters, but will become increasingly irrelevant and will be replaced by a combination of legal location, political location and logical location in most organizations by 2020, according to a report from Gartner

Things get weird when objects get hooked up to the internet (Quartz) With the flood of new connected services and devices on the market, knowing how future users might hook them together or find unexpected new uses is a challenge, no matter what Silicon Valley's confident young bucks may tell us. A service called IFTTT is giving us an interesting peek into the practical, clever and slightly weird ways people want to use the Internet of Things (IoT)

Legislation, Policy and Regulation

Saudi Arabia Takes a Hardline Stance as Militants Make Gains (Defense News) Saudi Arabia's appointment of its deputy defense minister as the new intelligence chief on Tuesday — days after sacking him — and the appointment of former spy chief Prince Bandar bin Sultan as a special envoy marks a return to hardliner politics by the kingdom as militants approach its borders

Snooping Row: 'Unacceptable', Says India As It Summons Top US Diplomats (NDTV) A furious India today summoned senior US diplomats in Delhi to register its strong protest over a report that America's National Security Agency was authorized to snoop on the BJP. Calling it 'unacceptable', New Delhi sought an assurance from the US that it won't happen again

India seeks US assurance that NSA spying will stop (Bangalore Mirror) A visit to India by US Senator John McCain on Wednesday was overshadowed by a row over reports that the National Security Agency (NSA) was authorised to spy on Prime Minister Narendra Modi's party in 2010

US hopes NSA surveillance on BJP not to impact bilateral ties (Economic Times) The United States has hoped its National Security Agency surveillance on the BJP, revelation of which has highly been objected by New Delhi, would not have an adverse impact on the bilateral relationship between the two countries

Pakistan People's Party condemns snooping by National Security Agency (Economic Times) Pakistan People's Party on Wednesday condemned as totally unacceptable the US National Security Agency's snooping over it and asked the government to take up the issue at diplomatic level

Lew: U.S. will broach cybersecurity issues at upcoming Beijing meeting (Inside Cybersecurity) The United States will raise thorny cybersecurity issues with Chinese officials at the Strategic and Economic Dialogue in Beijing next week, Treasury Secretary Jacob Lew said, and the Obama administration remains hopeful that China will seize the opportunity to re-engage on cyber policy

New Zealand PM "irresponsible" in linking China to cyber attack: opposition party (Xinhua via the Shanghai Daily) New Zealand Prime Minister John Key linked China to a hacking attack on a government research institution supercomputer after being advised against speculating on the source of the attack, an opposition political party claimed Thursday, citing official papers

MP: government lacks cybersecurity backup plan (PC Pro) The government doesn't have a "plan B" for dealing with a major cyber attack — and that has the chair of the National Security Strategy Committee worried

DNI Clapper Statement on the FISA Section 702 Report of the Privacy and Civil Liberties Oversight Board (IC on the Record) We welcome the report of the Privacy and Civil Liberties Oversight Board on Section 702 of the Foreign Intelligence Surveillance Act. In this important report, the PCLOB confirms that Section 702 has shown its value in preventing acts of terrorism at home and abroad, and pursuing other foreign intelligence goals

My View: It's time to end the National Security Agency dragnet (Portland Tribune) One year ago this month, Americans learned their government was engaged in secret dragnet surveillance, which contradicted years of assurances to the contrary from senior government officials and intelligence leaders

Some People Want A Time Limit On The NSA's 'Zero-Day' Exploits — Here's Why That's A Terrible Idea (Business Insider) There has been some policy movement lately around the idea of restricting how the NSA and the Intelligence Community as a whole use software vulnerabilities to get their jobs done

Ex-Intelligence Chief McConnell Fears Major Cyber Attack (Techonomy) Former National Intelligence Director Adm. Mike McConnell (now at Booz Allen Hamilton) notes in this interview at Techonomy's recent Data Security Lab that our democracy has traditionally made decisions and developed legislation in reaction to events. That is unwise now, though, he says, if we wait until a major cyber event before imposing regulations to demand good cyber practices from business. Sadly, though, he suspects that we won't act until such an event happens

Products, Services, and Solutions

FireEye Adds Security Features to Email Threat Prevention Cloud (Talkin' Cloud) FireEye says new release includes advanced threat detection capabilities along with the traditional email security features of anti-spam and antivirus protection

eScan Unveils Products For Enterprise Security (CRN) The new products namely, eScan Corporate 360, eScan Corporate Edition and eScan Endpoint Security, can be easily integrated with cloud and also support hybrid networks

Autonomic Resources Unveils Gov't IT Continuous Monitoring Service (ExecutiveBiz) Autonomic Resources has launched a continuous monitoring program with the goal of helping cloud service providers and government customers meet federal security requirements

The Ultra-Simple App That Lets Anyone Encrypt Anything (Wired) Encryption is hard. When NSA leaker Edward Snowden wanted to communicate with journalist Glenn Greenwald via encrypted email, Greenwald couldn't figure out the venerable crypto program PGP even after Snowden made a 12-minute tutorial video

10 Free Crypto Apps To Help Protect Your Online Privacy (Hongkiat) Many of us have uploaded our lives onto the Internet, to the point that we cannot imagine living without it. We use online services that we entrust to keep our data secure and private. Unfortunately, many of us don't realize that it's not truly secure as they are subject to many third parties that can view its content, from the company providing the service to the government itself

Keep thieves from stealing your 2013 Mac Pro with a $49 lock adapter (Ars Technica) When you're already paying $3,000, what's another $50?

Technologies, Techniques, and Standards

Lessons Learned from 1,000 Data Breaches…and Counting (PropertyCasualty360) Companies are primarily focused on protections, when instead they should be considering what to do after the systems are breached

Gone But Not Forgotten: Protecting Your Business from Former Employees (BusinessNewsDaily) Former employees may no longer work at your company, but they may still have access to your systems, new research shows

Industry, administration quietly discuss survey of cyber framework use (Inside Cybersecurity) Trade groups could survey their own members and develop a baseline understanding of how the framework of cybersecurity standards is being used, according to industry sources who are quietly discussing such an initiative with Obama administration officials

OpenSSL describes its own sad state of affairs (ZDNet) On the road to recovery from the devastation of Heartbleed, the OpenSSL project has made a searching and fearless moral inventory of itself

The US military is already using Facebook to track your mood (Quartz) Critics have targeted a recent study on how emotions spread on the popular social network site Facebook, complaining that some 600,000 Facebook users did not know that they were taking part in an experiment. Somewhat more disturbing, the researchers deliberately manipulated users' feelings to measure an effect called emotional contagion

Why Your Application Security Program May Backfire (Dark Reading) You have to consider the human factor when you're designing security interventions, because the best intentions can have completely opposite consequences

Marketplace

Chinese government banned Microsoft Office 365 due to security concerns: Should American IT firms be worried? (TechTimes) Since the NSA debacle, the Chinese government has been taking a harsh stance on anything technology wise that comes from the United States. The company recently banned Windows 8 on the grounds that the operating system wasn't secure enough, and now the government has banned Microsoft's Office 365 Suite

State Department Seeks Info on Asset Discovery Tools (ExecutiveGov) The State Department is requesting industry to submit information on asset discovery tools for monitoring information technology equipment

NSA revamps processes to more quickly approve commercial technology (Federal News Radio) Federal officials say they've turned over a new leaf in a program that was originally intended to let agencies rapidly incorporate commercial hardware and software into national security systems, but so far has failed to keep up with the pace of commercial innovation

GSA, DHS about ready to turn the spigot on for a new set of cyber tools (Federal News Radio) The 17 vendors under the $6 billion continuous diagnostics and mitigation program are anxiously waiting for the first of six task orders under phase two of the program

Cyber security company Hexadite raises $2.5M (Vator News) Hexadite provides an automated cybersecurity incident response tool for the enterprise

Lunarline to Focus Growth in Dayton Area (AP via Columbus CEO) A Virginia-based cyber security firm has started hiring local workers for a new office to open later this year at Miami Valley Research Park in Kettering, the company's top official said Tuesday

IBM Named a Leader in Gartner Magic Quadrant for Security Information and Event Management (InsuranceNewsNet) IBM (NYSE: IBM) today announced that Gartner, Inc. has positioned IBMSecurity Systems as a leader in providing Security Information and Event Management software in the newly published Gartner Magic Quadrant for SIEM Technology

Imperva Named Web Application Firewall Vendor of the Year at 2014 Frost & Sullivan Asia Pacific ICT Awards (Wall Street Journal) Imperva, Inc. (NYSE: IMPV), pioneering the third pillar of enterprise security with a new layer of protection designed specifically for physical and virtual data centres, has been recognised as the Web Application Firewall Vendor of the Year at the 2014 Frost & Sullivan Asia Pacific ICT Awards

Noblis Renames National Security Partners Subsidiary to 'Noblis NSP;' Leslee Belluchie Comments (ExecutiveBiz) Noblis-NSPNoblis Inc. has rebranded its subsidiary National Security Partners LLC with a new company name, Noblis NSP LLC, in a move to highlight its dedication to customers

Research and Development

PMO asks for new tech to prevent 'cyber attack' (Deccan Chronicle) The Prime Minister's Office has asked the National Technical Research Organisation to develop a new and enhanced firewall technology to protect key government data, computers and sites from hackers and subversive elements

UK and Ireland regulators investigate Facebook over mood experiment (Computerworld) Regulators want to make sure user data privacy was respected

"We Never Meant to Upset You," Facebook Says of Study That Meant to Upset You (Slate) Facebook is sorry, a company executive said Wednesday. It's not sorry, mind you, for that study in which it tried to see if it could manipulate people's emotions by putting more positive or negative content in their feeds. Why would it be sorry for that? That was just "ongoing research"

The Facebook Experiment: Gambling? In This Casino? (Re/code) Critics have spent the last few days castigating Facebook for a large-scale experiment conducted by researchers who wanted to learn the effects of tweaking the dosage of positive or negative comments on a user's News Feed. Would people who are exposed to more negative comments than the average delivered to them by the Facebook algorithm be more or less prone to positivity themselves?

The only thing Facebook got to understand with its experiment is how Facebook works (Quartz) Facebook has always "manipulated" the results shown in its users' News Feeds by filtering and personalizing for relevance. But this weekend, the social giant seemed to cross a line, when it announced that it engineered emotional responses two years ago in an "emotional contagion" experiment, published in the Proceedings of the National Academy of Sciences (PNAS)

Security Patches, Mitigations, and Software Updates

Multiple Vulnerabilities in Cisco Unified Communications Domain Manager (Advisory ID: cisco-sa-20140702-cucdm) (Cisco Security Advisory) Cisco Unified Communications Domain Manager (Cisco Unified CDM) is affected by the following vulnerabilities

Cyber Attacks, Threats, and Vulnerabilities

BAE says it 'incorrectly presented' cyberattack (CNBC) An executive at a division of cybersecurity firm BAE Systems "incorrectly presented" an alleged cyberhacking incident involving a hedge fund, a company spokesperson said Wednesday

Why hasn't Russia unleashed a cyber attack on Ukraine? (CBS News) That the fragile cease-fire in Ukraine collapsed in the first dark hours of July should not surprise observers; Russia has pursued low-level cyber hostilities against Kiev nearly since the onset of the crisis, and certainly during the recent short-lived peace offensive. Nor should we be startled by reports that cyber warriors sought to sabotage May's presidential election in Ukraine with bogus vote tallies and came close to gifting far-right, pro-Moscow candidate Dmytro Yarosh with 37 percent when he really got less than 1 percent

CosmicDuke: Cosmu & MiniDuke Mash-Up (Dark Reading) F-Secure believes that the combo malware might have connections to the perpetrators of the miniDuke attacks

Miniduke is back: Nemesis Gemina and the Botgen Studio (Securelist) A 2014 update on one of the world's most unusual APT operations

US government warns of "Energetic Bear" cyber attacks (MyBroadband) Allegedly linked to the Russian government, hacking group Energetic Bear is accused of spreading malicious software

Utilities Report Cyber Incidents to Energy Department (Wall Street Journal) Subsidiaries of ITC Holdings, Duke Energy and NRG Energy tell DOE of suspected cyberattacks. Utilities have reported cyber incidents to the Energy Department involving one of the largest power plants in the U.S. and high-voltage transmission systems in Michigan and Iowa

UPDATE 1-Finland says it was spied on for years (Reuters) Foreign governments conducted a cyber attack against the Finnish foreign ministry and were able to spy on it undetected for years, gaining access to sensitive materials, the ministry and the Finnish secret service said on Wednesday

Israel's Justice Minister Condemns 'Incitement' on Facebook (New York Times) Israel's justice minister denounced an Israeli Facebook campaign on Wednesday that called for soldiers to take "revenge" on the Palestinian community as tensions spiked in Jerusalem, where an Arab teenager was kidnapped and killed hours after the funerals for three Jewish teenagers abducted last month in the West Bank

Android HijackRAT poised to hit mobile banking users (Help Net Security) A highly versatile piece of Android malware has been unearthed by FireEye researchers

MetaIntell Uncovers Significant Vulnerability With Popular Facebook SDK Affecting Numerous iOS and Android Apps and Potentially Billions of Installations (Sys-Con Media) MetaIntell, the leader in intelligent led Mobile Risk Management (MRM), announced today that it has uncovered a significant security vulnerability in the Facebook SDK (V3.15.0) for both iOS and Android. Dubbed Social Login Session Hijacking, when exploited this vulnerability allows an attacker access to a user's Facebook account using a session hijacking method that leverages the Facebook Access Token (FAT)

KIVARS With Venom: Targeted Attacks Upgrade with 64-bit "Support" (TrendLabs Security Intelligence Blog) In announcing the release of the 64-bit version for Chrome last month, Google mentioned that one of the primary drivers of the move was that majority of Windows users are now using 64-bit operating systems. The adoption rate for 64-bit for Windows has been a tad slower than what Microsoft had initially predicted, but it has been steady, and it is evident in the availability of support by software developers. Unfortunately, however, we've been seeing the same adoption being implemented by attackers through 64-bit malware

Evolved Cridex cyber attack found with 50,000 stolen credentials (V3) Criminals are using a new form of the infamous Cridex malware to automatically increase the size of their botnet empire and target enterprise customers

Exploit switches off Microsoft EMET's protection features (Help Net Security) By leveraging and modifying a "semi-random public exploit" researchers have managed to deactivate all protection features of the latest version of Microsoft's Enhanced Mitigation Experience Toolkit and "get shell" on the target system and execute code

Private crypto key stashed in Cisco VoIP manager allows network hijacking (Ars Technica) Update closes backdoor allowing unauthorized control of sensitive messaging gear

Simple Javascript Extortion Scheme Advertised via Bing (Internet Storm Center) Thanks to our reader Dan for spotting this one. As of today, a search for "Katie Matusik" on Bing will include the following result. The rank has been slowly rising during the day, and as of right now, it is the first link after the link to "Videos"

"Secure" UK hotel booking site leaking customer data (Help Net Security) An infosec consultant looking to book a hotel via HotelHippo.com, owned by HotelStayUK, has ultimately discovered that the website is definitely not to be trusted with private and card information, even though it sports the "COMODO — Authentic & Secure" trust seal

Support scammers — at your service! (Graham Cluley) The Windows Service Center. Sounds reassuring, doesn't it? Here's a typical scenario

Restaurant chains possible victims of POS data breach (FierceRetailIT) Another day, another data breach, this time effecting yet unnamed restaurants in the northwestern United States

Why the reseller ISS hack justifies third-party risk assessments (CSO) A risk assessment might have uncovered Information Systems & Suppliers' security weakness

Hackers hit more businesses through remote access accounts (Computerworld via CSO) More lessons in why companies must monitor third-party access to their networks

Researcher Finds Flaws In Key Oracle Security Feature (Dark Reading) Famed security researcher and Oracle database expert David Litchfield next month at Black Hat USA will present details of weaknesses he discovered in a widely touted new security feature in Oracle databases

Litigation, Investigation, and Enforcement

Hacked Companies Face SEC Scrutiny Over Disclosure (Bloomberg) The U.S. Securities and Exchange Commission has opened investigations of multiple companies in recent months examining whether they properly handled and disclosed a growing number of cyberattacks

Order restored to universe as Microsoft surrenders confiscated No-IP domains (Ars Technica) Of 23 addresses taken in controversial legal action, 18 have so far been returned

Microsoft legal action cramping other hacking campaigns, Kaspersky says (IT World) A variety of other sophisticated hacking campaigns used No-IP's infrastructure

Legitimate No-IP users still affected by Microsoft's domain takeover (Help Net Security) When Microsoft seized control of 23 free domain names usually controlled by dynamic DNS service No-IP on Monday, it disrupted malware networks used by cybercriminals to infect victims with NJrat and NJw0rm backdoors, as well as some APT operations

Was Microsoft Takedown 'Draconian?' (BankInfoSecurity) Microsoft on June 30 launched a botnet-focused takedown effort that did't just temporarily block small-scale campaigns tied to two pieces of malware, but also resulted in an estimated 4 million legitimate site names being disrupted

Microsoft Insists That No-IP 'Outage' Was Due To A 'Technical Error' Rather Than Gross Abuse Of Legal Process (TechDirt) Earlier today, we wrote about a ridiculous situation in which Microsoft was able to convince a judge to let it seize a bunch of popular domains from No-IP.com, the popular dynamic DNS provider, routing all their traffic through Microsoft servers, which were unable to handle the load, taking down a whole bunch of websites. Microsoft claimed that this was all part of a process of going after a few malware providers, though No-IP points out that Microsoft could have easily contacted them and the company's fraud and abuse team would have cut off those malware providers

Rising Use of Encryption Foiled the Cops a Record 9 Times in 2013 (Wired) The spread of usable encryption tools hasn't exactly made law enforcement wiretaps obsolete. But in a handful of cases over the past year—and more than ever before—it did shut down cops' attempts to eavesdrop on criminal suspects, the latest sign of a slow but steady increase in encryption's adoption by police targets over the last decade

Amazon Stands Up To FTC Demands For More Parental Controls (TechCrunch) Amazon is refusing to comply with a request from the Federal Trade Commission to implement stricter controls that would prevent children from making in-app purchases

Ex-Merrill Lynch CEO Story Excised From Google Search (CNBC) An article about the ousting of Stan O'Neal from Merrill Lynch has become one of an estimated 50,000 expunged from certain Google searches after a new European ruling on the "right to be forgotten"

Is Google trying to sabotage the "right to be forgotten"? (Quartz) British journalists are in a tizzy this morning. It started yesterday, when James Ball of the Guardian wrote a gently seething comment piece about notices his paper received from Google, warning it that six articles would no longer be listed on the search engine's European sites. This was followed by a post from the BBC's economics editor, Robert Peston, who complained that Google had removed "this example of my journalism"

Design and Innovation

Hacker Movies We Love & Hate (Dark Reading) Check out Dark Reading community members' favorite hacker movie hits and misses. Then add your picks in the comments section

The CyberWire Daily Briefing for 7.3.2014