The CyberWire Daily Briefing for 7.8.2014
The Syrian regime continues its indirect approach to information operations, seeking advantage from regional ant-Israeli sentiment. The latest move (implausible, but it will probably find its audience) profiles ISIS/ISIL leader al-Baghdadi as an MI6/NSA tool who received his theological training from Mossad.
Crowdstrike reports increased Chinese attention paid to ISIS/ISIL's insurgency in Iraq. "Deep Panda" has shifted its interest toward the Iraqi oil sector, approaching its targets by compromising various US not-for-profit think tanks. The Wall Street Journal runs two interesting pieces on the PLA's cyber capabilities, one an overview of "3PLA," the principal Chinese electronic intelligence agency, the other a look at 3PLA's subordinate Shanghai command Unit 61398, famous as the workplace of Ugly Gorilla.
DragonFly, Havex, and Energetic Bear, increasingly regarded as aspects of a single complex cyber espionage and sabotage campaign probably run by Russian security organs, continue to infest European and US energy targets. Observers wonder at this effort's goals, but battlespace preparation for economic conflict over Russian re-assimilation of the Near Abroad seems likely. Meanwhile a cyber attack by Russian-sympathizing (and probably Russian-run) Cyber Berkut strikes a major Ukrainian bank.
MiniDuke is back, and the alleged cyber mercenaries behind the malware seem to be going after both drug dealers and governments.
Brazil's "Bolware" fraud seems to have siphoned off billions, and shows the current state-of-the-art in browser-based crime.
Android security vulnerabilities could enable apps to make rogue calls. Netgear switches are found with hard-coded passwords.
The US arrests alleged Russian carder "Track2." Russia cries provocation.
Notes.
Today's issue includes events affecting Australia, Brazil, China, France, Germany, Greece, Iraq, Israel, Italy, New Zealand, Poland, Romania, Russia, Serbia, Spain, Syria, Turkey, Ukraine, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Contractor with the U.S. National Security: Baghdadi underwent an intensive course at the hands of "Mossad" and received lessons in courses "theology" (Syrian Radio and TV) He revealed: "Edward Snowden," the contractor previously with the National Security Agency that the latter, and in cooperation with its counterparts British "MI6" and the Institute for Intelligence and Special Assignments "Mossad" paved the way for the emergence of "Daash"
Chinese Deep Panda hackers focus on Iraq over oil interests (V3) Security firm CrowdStrike has reported that a Chinese hacking group, which it has dubbed Deep Panda, has switched targets from the US to Iraq
Chinese Attackers Targeting U.S. Think Tanks, Researchers Say (Dark Reading) Government-backed group "Deep Panda" compromised "several" nonprofit national security policy research organizations, CrowdStrike says
Cyberespionnage massif dans le secteur énergétique européen (01Net) Un malware d'origine probablement gouvernementale a infecté des centaines d'organisations. Son objectif principal était le vol de données, mais il disposait aussi de capacités de sabotage
Motives Behind Havex ICS Malware Campaign Remain a Mystery (Threatpost) Since Stuxnet there have been few confirmed reports of malware targeting particular industrial control system software. But now we have a campaign using the Havex remote access Trojan that has three European energy sector vendors in its crosshairs — or does it?
Dragonfly is the latest advance in weaponised malware (Tech Guru Daily) The discovery of the Dragonfly attack pulls back the veil ever so slightly on some of the tradecraft used in modern espionage. If the researchers' conclusions prove even only partially correct, it confirms the adoption of tactics and techniques by nation states or their proxy groups in the use of weaponised malware
Pro-Russian Hackers Mug Key Ukrainian Bank (Nextgov) Hacktivist group Kiberberkut, sometimes called Cyber Berkut, accessed and published customer data from a major Ukrainian commercial bank co-owned by the head of the pro-government Dnipropetrovsk region
Dormant Miniduke APT campaign returns with better malware (CSO) Miniduke attackers build new malware for attacking governments, military, defense contractors and energy sector
MiniDuke hackers attack governments, hunt drug dealers (TechTimes) Cyber mercenaries MiniDuke not only attacked government bodies, but also used their hacking skills to hunt down drug dealers. The group has also released a new malware CosmicDuke, which can steal sensitive information
Brazil: Technology Security Company Uncovers Massive Cybercrime Ring (hetq) An American computer and network security company said it has uncovered a significant "malware-based fraud ring" that sought to take in online payment transactions made by Brazilians
RSA Discovers Massive Boleto Fraud Ring in Brazil (RSA) Boleto malware is a fraud operation and financial threat targeting individuals and companies in Brazil
Browser-Focused Banking Attacks Evolve (BankInfoSecurity) Banking Trojans combine sophistication with localization. Security firm RSA recently issued a warning over a fraud ring that targets the Boleto, which is one of Brazil's most popular payment methods
Travelers targeted by infected travel websites (Help Net Security) Proofpoint security researchers recently were the first to discover that a large number of travel destination websites had been compromised and were being used to deliver the Nuclear exploit kit
Security Vulnerability in Android allows any app to make phone calls (eHacking News) An application normally needs permission and should alert user that it needs permission to make phone call, when it is being installed
Hard-Coded Password Vulnerability Plagues Some Netgear Switches (Threatpost) A vulnerability in Netgear-branded ethernet switches could give an attacker full access to the hardware, including the ability to log into the device and execute arbitrary code
Critical Vulnerability and Privacy LoopHole Found in RoboForm Password Manager (Hacker News) Unless you are a human supercomputer, remembering [a] password is not so easy, and that too if you have a different password for each site. But luckily to make the whole process very easy, there is a growing market out there for password managers and lockers with extra layers of security
Trend Micro Research Ties SEFNIT/MEVADE Malware to Ukraine, iBario in Israel (Trend Micro Simply Security) Adware often lives in the shadow between legitimate software and malware. And for a long time InstallBrain lived in that grey world. At least it did until 2013 when it crossed the line to become outright malware by installing SEFNIT/MEVADE on user's systems without their consent. While this connection has been known, our research can now show clear ties between the people behind the SEFNIT/MEVADE malware and InstallBrain, the adware that installed it. Our research shows clear ties between the threat actors behind SEFNIT/MEVADE based in Ukraine and iBario, maker of InstallBrain, based in Israel
Remember macro viruses? Infected Word and Excel files? They're back… (Naked Security) Naked Security readers who are familiar with the name Virus Bulletin (VB) will probably associate it with an annual conference frequented by anti-malware researchers and security techies
Houston Astros hacked, trade data stolen (Digital Journal) The Houston Astros have become the latest victims in the growing cybercrime epidemic. Sensitive data related to purposed trades, some of which were actually executed, has been stolen and leaked online
Astros investigating security breach (MLB.com) The Astros reacted sternly Monday afternoon after text messages containing internal correspondence between team officials regarding trade talks with other clubs, some of which were about deals that came to fruition, were released on the website Deadspin.com
Hotel Hippo website goes belly-up after massive security failure (Graham Cluley) Hippo gone belly-upLast week I wrote about the catalogue of disasters that the Hotel Hippo accommodation booking website had brought upon itself after not taking its customers privacy and security seriously
HotelHippo Insecure, so I've herd (Scott Helme) I recently had the pleasure of booking a night away from it all at a nice little hotel in the Lake District. As I'm sure most people with an interest in security do, I couldn't help but shudder at the word 'Secure' being plastered across the site. Prompting some incredibly quick poking around, I easily discovered a method of extracting the personal and sensitive data of thousands of customers that had used the site before me. Not only could this kind of information allow an attacker to launch an effective and convincing phishing scam, there are other concerns too
What can the Hotel Hippo debacle teach us about testing? (Neil Studd) If you haven't heard about Hotel Hippo, you should start by reading Scott Helme's exposé. It contains a full blow-by-blow account of the problems that he uncovered, and sets the context for this testing-focused article
Phishers Use Luis Suarez Bite as Bait (Threatpost) The World Cup is the most popular sporting event on the planet, and not just among sports fans; attackers and scammers of all stripes love it as well, as it presents a unique opportunity to separate victims from their money. Phishing and malware scams tied to the World Cup in Brazil have been running rampant
Blue Shield leaks social security numbers (CSO) The whoops factor has reared its ugly head again
Individuals at the University targeted in phishing attacks (Daily Illini) During the past week, individuals at the University were targets of sophisticated phishing e-mails, according to a massmail from Joe Barnes, interim chief privacy and security officer
Security Patches, Mitigations, and Software Updates
Oracle: Future Java updates for Windows XP users may not arrive (TechTarget) Enterprises using Windows XP have already seen Microsoft pull security support for the nearly 13-year-old platform as part of its April end-of-life process. Now, in another blow for those clinging to the operating system, Oracle Corp. has informed XP users that they will not receive the latest security updates for Java, though some form of support remains a possibility in the near future
Google Project Zero Strengthens Apple OS X, iOS (eWeek) A Google research group is keeping busy helping Apple and others stay secure. The researchers reported several vulnerabilities to other companies
Cyber Trends
Cyber Criminals Never Sleep, Nor Should Your Fraud Prevention (Security Intelligence) If you thought we'd ever catch a break from the onslaught of cyber crime, think again: Cyber criminals never sleep, and Senior Fraud Prevention Strategist Etay Maor of Trusteer, an IBM company, illuminated this reality during his webinar "Cybercrime Threat Landscape: Cyber Criminals Never Sleep." Maor began his discussion with a bit of humor, demonstrating how a security team operating in isolation is doomed to work-arounds from both the constituency and the adversary with a visual: a security gate on a road with open field on either side
Payment Card Data Isn't The Only Lucrative Loot In A Data Breach (Forbes) Hackers love payment card information. After all, it's lucrative and easily sold on the black market. However, as we continue to see during our post-breach forensics investigations, payment card information is not the only popular loot. Criminals are diversifying, targeting any kind of information that they can turn into a profit
VSB attitude towards cyberthreats: dangerous but not too important (Kaspersky Lab) Alright, we said this before, now there is a statistical confirmation: According to a fresh Kaspersky Lab survey of businesses worldwide — 2014 IT Security Risks summary report, very small businesses (VSBs) with fewer than 25 employees are the least likely to view "IT Strategy" anywhere near the top of their strategic concern. Only 19% of VSBs worldwide reported IT Strategy as one of their top-two strategic concerns, compared to 30% of businesses with more than 100 employees, and 35% of enterprises with 5,000 employees or more. Alarmingly, this often-neglected business category includes internet and data security policies
3 questions about the future of cyber warfare (Safe & Savvy) "We're not creative enough when we imagine cyber warfare," F-Secure Security Advisor Sean Sullivan recently told me. "It's not kinetic explosions. It could be a guy whose crimeware business has dried up and is looking for new business"
Exploring the mobile security landscape (Help Net Security) In this interview, Adam Ely, COO of Bluebox, discusses the most significant mobile security challenges for enterprise security professionals, illustrates how BYOD is shaping the enterprise mobile security landscape, and offers advice for CISOs trying to protect data confidentiality and integrity while working with an increasingly mobile workforce
Scots firms urged to step up cyber security measures (BBC) Scottish firms are being urged to step up security measures to prevent their cyber supply chain being hacked
Marketplace
Finding the key to the next stage (Daily Record) Cybersecurity industry has the buzz but is lacking commercial customers
Why IAM will be worth over $10 billion by 2018 (Help Net Security) Enterprises are increasing their investment in Identity and Access Management (IAM) solutions. According to research firm MarketsandMarkets, the IAM Market is expected to grow 15.1% over the five years from 2013 to 2018. IAM isn't new, so what's driving adoption?
Intel, Samsung create Internet of Things group (C/Net) Tech giants join forces to create the Open Interconnect Consortium, setting up a rivalry with a similarly minded, Linux-focused group
Spark Labs Raises $4.9 Million For An Internet Of Things OS (TechCrunch) Spark Labs, the same folks that made this open-source Nest-like thermostat, has raised $4.9 million in Series A funding led by Lion Wells Capital, and with participation from O'Reilly AlphaTech Ventures, SOSventures, and Collaborative Fund, as well as a host of angel investors
BlackBerry Is One Of The Hottest Stocks Of 2014, Seriously (TechCrunch) Don't look now, but BlackBerry, you know, the butt of most cell phone jokes, is mounting an impressive comeback. BlackBerry's stock (NASDAQ:BBRY) is up 50% on the year and one of the best performers in its sector
Q&A: Panda Security Staging A Comeback (Dark Reading) New Panda CEO and former IBM security executive Diego Navarrete shares his strategy and insight into turning around the security company that has fallen off the radar screen over the last couple of years
Australian company StratoKey named finalist in RSA Conference for Most Innovative Company (CSO) StratoKey is pleased to announce it has been selected as one of four finalists for the RSA Conference "Most Innovative Company" awards for Asia Pacific and Japan. This event aims to showcase and name the most innovative new technologies in the information security space
Cyber Security Executive Got A Little Carried Away With His Hedge-Fund Hacking Attack 'Illustrative Scenario' (DealBreaker) Last month, BAE Systems' Paul Henninger breathlessly reported that a "major" U.S. hedge fund had fallen victim to a spear phishing cyberattack after an apparently dull employee clicked on link he or she shouldn't have. This was very bad news: The attack went on for two months and totally fucked up the hedge fund's high-frequency trading strategy — which vulnerability did not stop the hackers from wanting to steal it, which they also did, according to Henninger. "It was having a material impact on performance across the portfolio," he said, forcing the hedge fund's board to "review" it
Products, Services, and Solutions
G Data vs. BullGuard Antivirus — What Are Their Features? (Streetwise Tech) It would be difficult to combat a virus spreading into a system if you do not have any protection. This is the reason why you do need to have an antivirus installed in your PC. In this way, whatever virus or threat comes in, it will be eliminated and will not cause any damage to your system
eScan Launches Range of Advanced Products for Enterprise Security (IT News) eScan, an anti-virus and content security solution provider, has introduced three new lines of corporate products, all of which have cloud integration and support for hybrid networks — eScan Corporate 360, New eScan Corporate Edition (with Hybrid Network Support) and eScan Endpoint Security (with Hybrid Network Support). The launch of this new range of advanced products is a significant milestone of the brand's ongoing growth in the enterprise security market
Tutanota Encrypted Email Service Launches (eSecurity Planet) 'Email encryption is the best tool to stop mass surveillance on the Internet,' says company co-founder Matthias Pfau
Technologies, Techniques, and Standards
Hide your crypto like a real spy (ZDNet) The German government employee recently arrested for spying for the US had his encryption software hidden using a kind of steganography
Password confessions of a security professional (Graham Cluley) I have a confession, it's hard to admit and I know it might make me a bit of a social pariah and an outcast in the industry I work in but I need to get this off my chest
How to Remember All Your Passwords and Keep Them Safe (Government Executive) In the days after the Heartbleed story broke, Internet users were strongly advised to change the compromised passwords on their online accounts to protect their data
New FFIEC Cyber Exams: What to Expect (BankInfoSecurity) Early feedback, tips from institutions in pilot program
Android security boss says users don't need anti-virus. He's wrong wrong wrong (Hot for Security) Adrian Ludwig is the lead engineer for Android security at Google. In this role, he is responsible for the security of the Android platform and Google's applications and services for Android
Design and Innovation
New Apple patent will let iPhone 'feel safe' based on location and unlock itself (TechTimes) Touch IDApple follows after Google and other device makers, and files a patent for a new technology that allows the iPhone to ramp up or down its security levels based on the user's location
In the Logical Shadows of Cryptography Relating to Blackjack (BlackJack Champ) The code breakers of World War Two began a process that developed into a way of thinking that Claude Shannon would define as information theory
Legislation, Policy, and Regulation
From Mountains, Island, Secret Town, China's Electronic Spy Shop Watches (Wall Street Journal) Military organization 3PLA is tasked with monitoring worldwide electronic information
Why Section 702 Reform Matters (TechCrunch) A recent report in the Washington Post delved into the National Security Agency's (NSA) Section 702 surveillance activities, and although it found that the program returns useful information to the agency, it also revealed broad use of the legal authority to collect data and communications from non-target parties
NSA catches only 10% of data legally, but is it a fair trade off? (Naked Security) Up until now, Edward Snowden has revealed the techniques and tools used by the National Security Agency (NSA) in its surveillance activities, but he's kept the actual content of intercepted messages close to the vest, assuring journalists and the public that his evidence would eventually show that the spy agency pretty much sees all, knows all
Senators Clueless About NSA Bombshell (Daily Beast) These are the men and women who are supposed to keep watch over the nation's spies. And they have no idea about the latest revelations of inappropriate NSA snooping
Dem calls NSA 'best hacker in the entire world' (The Hill) The National Security Agency is the "best hacker in the entire world," according to Rep. Alan Grayson (D-Fla.), and Congress needs to do something to stop it
Push ahead on spying reforms (Denver Post) Edward Snowden's days on the front page have waned, but the debate sparked by his disclosures of government spying has not
Banks Dreading Computer Hacks Call for Cyber War Council (Bloomberg BusinessWeek) Wall Street's biggest trade group has proposed a government-industry cyber war council to stave off terrorist attacks that could trigger financial panic by temporarily wiping out account balances, according to an internal document
Big push this month for more widespread cybersecurity effort (SFGate) In an 11-story office building in the Washington suburbs, hundreds of U.S. cybersecurity analysts work around the clock to foil hackers. Possible breaches of government networks show up as red flashes on screens that line the walls
UK 'Porn Filters' Block One Fifth Of All Websites (Forbes) One in five of all websites are blocked by at least one default ISP filter in the UK, an anti-censorship campaign group has found
'Wake up Germany and smell the cyber-coffee' (The Local — German Edition) As chests puff in Germany once again over the behaviour of the US intelligence services, the Tagesspiegel's Malte Lehming argues it's time for Germany to stop complaining and wake up — and tool up — in the cyber age
Litigation, Investigation, and Law Enforcement
Secret Service Arrests One of the World's Most Prolific Traffickers of Stolen Financial Information (Imperial Valley News) Saturday, the U.S. Secret Service arrested Roman Valerevich Seleznev. A Russian national, Seleznev was indicted in the Western District of Washington in March 2011 for hacking into point of sale systems at retailers throughout the United States between October 2009 and February 2011
Prominent Carder "Track2" Arrested by the U.S. Secret Service (Softpedia) Russian hacker Roman Valerevich Seleznev has been arrested on July 5 by the U.S. Secret Service. He is accused of hacking into the POS systems of restaurants across the United States, stealing credit and debit card information, and selling it on multiple carding forums
Moscow accuses United States of 'kidnapping' Russian hacker (Reuters) Russia accused the United States on Tuesday of violating a bilateral treaty and "kidnapping" a Russian accused of hacking into U.S. retailers' computer systems to steal credit card data
Who is UglyGorilla? On the Trail of China's Alleged Cyber-Thieves (Wall Street Journal) Where does UglyGorilla work? The U.S. Justice Department said in an indictment last month that "UglyGorilla" is the online handle of Wang Dong, a man it alleged is a People's Liberation Army officer and cyber-thief responsible for pilfering corporate secrets
Is there a second NSA leaker after Snowden? (The Hill) Top experts say there could be a new person leaking details about the National Security Agency, in addition to former contractor Edward Snowden
The Ex-Google Hacker Taking on the World's Spy Agencies (Wired) During his last six years working as an elite security researcher for Google, the hacker known as Morgan Mayhem spent his nights and weekends hunting down the malware used to spy on vulnerable targets like human rights activists and political dissidents
Spamhaus says denial of service suspects are still at large (The Inquirer) Wants arrests in US, Russia and China
25 fake government websites closed down (ITPro) Five people have been arrested for running fake scam websites, imitating government services
Police dog catches paedophiles by sniffing out their hidden hard drives (Naked Security) When it comes to uncovering child pornographers, investigators sometimes just get lucky
Noted investor "Bitcoin Jesus" raises over $150,000 for Silk Road suspect (Ars Technica) Entrepreneur Roger Ver talks up support for fellow libertarian Ross Ulbricht
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
INSCOM Cyber Day (Fort Belvoir, Virginia, USA, Jul 9, 2014) Cyber-industry vendors are invited to participate in the upcoming Cyber Day hosted by the United States Army Intelligence and Security Command (INSCOM), located at Ft. Belvoir. U.S. Army Cyber (AR Cyber) is collocated with INSCOM. This event will provide industry vendors the opportunity to showcase the latest cyber products and demos to the Fort Belvoir INSCOM community in a one-day tradeshow.
SiliconExpert Counterfeit Electronic Component Detection & Avoidance (Webinar, Jul 10, 2014) Join us for a free 60 minute webinar with Dr. Diganta Das from the University of Maryland's Center for Advanced Life Cycle Engineering (CALCE), which is a research leader in the area of counterfeit electronics prevention and avoidance.
2nd Annual Oil & Gas Cyber Security Conference (Houston, Texas, USA, Jul 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT networks and building a technologically sound incident response plan that will enhance the security and protection of ICS and SCADA networks.
SINET Innovation Summit (New York, New York, USA, Aug 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration on mutual Cybersecurity research projects.
Security Startup Speed Lunch DC (Washington, DC, USA, Jul 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch. You'll have 6 minutes to pitch your product to a Director or higher-level executive at a private table in an exclusive setting.