The CyberWire Daily Briefing 07.22.14

Cyber Trends

It's Time to Get Ready for Cyberwar (Real Clear Defense) Military and national security operations in cyberspace have made headlines with increasing frequency

3 questions about the future of cyber warfare (F-Secure: Safe & Savvy) "We're not creative enough when we imagine cyber warfare," F-Secure Security Advisor Sean Sullivan recently told me. "It's not kinetic explosions. It could be a guy whose crimeware business has dried up and is looking for new business"

The NASDAQ Hack and Coming Global Cyberwar (H+) It was October 2010 when the FBI started an investigation on alleged malware-based cyber attacks against on NASDAQ, probably related to the operation of a state-sponsored group of hackers. After more than 12 months in which the FBI has worked with NSA, the US intelligence concluded that a major attack against the NASDAQ caused a significant danger

Cyber Risks Not Adequately Assessed During Acquisition Deals, Survey Finds (Bloomberg BNA) Despite the increasing regulatory focus on cybersecurity, a new survey concludes that the issue still is not analyzed in great detail in the mergers and acquisitions context

Reputation damage, biz disruption by cyber attacks worries cos (Business Standard) Enterprises are most concerned about reputational damage and disruption of businesses as a result of cyber attacks, a report by consultancy firm KPMG today said

Study examines the problems with metadata and file sharing (CSO) A study by Workshare, a company focused on secure file sharing applications, says that 68 percent of the 800 professionals surveyed failed to remove metadata before sharing documents

UK lags US in application security investment (ComputerWeekly) UK enterprises are lagging behind US enterprises in application security programmes, a study has revealed

Workaholic Brits expose sensitive data by taking their devices with them on holiday (ITProPortal) A survey of 1,000 UK consumers by ESET found that 44 percent of respondents will be taking their work-enabled mobile device abroad this year. While 67 per cent of respondents will carry work-related data on the mobile device they take on holiday; over a third admit to having no security on the device what-so-ever to protect the data

Cyber-crime a real threat to small business in Britain (UPI) Small British companies are vulnerable to cyber-crime and data loss but are in the dark on protecting their data, Kaspersky Lab reports

Dirty Dozen Spampionship — which country is spewing the most spam? (Naked Security) With the 2014 World Cup complete, and the Commonwealth Games just round the corner, we thought it was a good time to publish the latest SophosLabs Spampionship charts

Cyber Security In Health Care Needs Senior Leadership (American News Report) One of the leading voices in health care information assurance thinks some in his industry are approaching information security the wrong way

Internet of Things: Security For A World Of Ubiquitous Computing (Dark Reading) Endpoint security is hardly dead, and claiming that it is oversimplifies the challenges corporations face now and in the not-very-distant future

Legislation, Policy and Regulation

Iran's Ruling Elite Embrace Facebook, While Ordinary Citizens Are Arrested Over It (Slate) On July 13, Iran's official state news agency reported that eight people had been sentenced to a combined term of 127 years in prison for their activities on Facebook. The eight youths reportedly were charged with "acting against national security, spreading propaganda against the establishment, insulting the sacred, and insulting the heads of the Islamic Republic." The Iranian judiciary has not revealed the identities of those sentenced, or the particulars of this offensive activity. Iranian activists both in and outside the country seem to know almost nothing more about the case

White House urged to articulate new standard for vital cybersecurity (Inside Cybersecurity) The White House should vow to prevent cyber risks from undermining the U.S. government's decisions and actions on fundamental national security policy, according to an independent study by a key administration adviser

U.S. Chamber mounts a push for Senate information-sharing bill (Inside Cybersecurity) Seeking to improve the odds for action in the Senate, the U.S. Chamber of Commerce today is urging Majority Leader Harry Reid (D-NV), Minority Leader Mitch McConnell (R-KY) and all other senators to take up the cybersecurity information-sharing bill passed recently by the Intelligence Committee

New York To Bitcoin Startups: Get Permission Or Get Out (TechCrunch) Bitcoin allows people to build financial technology without asking for permission, but if New York state has its way, this won't be the case for long

Can New York's BitLicense Prevent Another Mt. Gox Catastrophe? (BayPayForum) The release of proposed digital currency business regulations by the New York Department of Financial Services (NYDFS) has raised numerous questions, many of which focus on the threat to innovation in the space and the impact on broader adoption. Yet one question that may be worth considering is this: will these regulations stop another Mt. Gox catastrophe?

Cyber Defense Requires National Coordination (Hartford Courant) It does not take an overactive imagination to picture the fallout from a cyber attack on an American public utility. The consequences of knocking out the generation and/or distribution of electricity, water, natural gas or communications could ripple so far and wide, it could be considered an act of war. No wonder that some call the efforts that nations, individuals and groups make to "test" our systems and conduct intrusions "battlefield preparations"

Products, Services, and Solutions

Townsend Security Brings Two Factor Authentication to Leading IBM i Security Solutions (IT News Online) Townsend Security, a leading authority in data privacy solutions, today announced that their leading IBM i security solutions now support two factor authentication. This major update allows organizations to reduce the security weakness of relying on passwords as their only authentication mechanism

Kiwi business boost as WatchGuard's IT security rules the roost? (TechDay) "If IT is difficult then you're doing it wrong," says Dave Wilson, Business Development Manager at iT360, an outsourced IT department service in New Zealand

Army Intelligence System Pulled from Key Test (AP) The Army's troubled intelligence system has suffered another setback

Win XP antivirus compared — last time? (ZDNet) AV-Test, an independent lab, has tested Windows XP antivirus products, perhaps for the last time. Many products do very well

Cloud Service Provides Remote Access to Plant Control System Data Streams (Control via InfoSecHotSpot) Company develops product to provide access for industrial applications via a secure cloud server

EFF releases Chrome, Firefox plugin to block third-party tracking (ComputerWorld) One feature aims to stop tracking tied to clicking the Facebook 'like' on outside sites

Technologies, Techniques, and Standards

Cybercom event explores agency roles in cyber incident response (Fedscoop) Cybersecurity and incident response are practices engrained in most every 21st century federal agency. But when it comes to a massive cyber attack requiring the aid of multiple, partnering groups, which agency does what? Last week, the U.S. Cyber Command demonstrated a specific framework for how several critical agencies can play complementary roles in the national cyber incident response process

Malware Analysis | Part 1 (Sys-Con Media) How to use a number of tools to analyze a memory image file from an infected windows machine

Old and Persistent Malware (Cisco Blogs) Malware can find its way into the most unexpected of places. Certainly, no website can be assumed to be always completely free of malware. Typically, there are many ways that websites can be compromised to serve malware

FakeNet Malware Analysis (eHacking) FakeNet is a tool that aids in the dynamic analysis of malicious software. The tool simulates a network so that malware interacting with a remote host continues to run allowing the analyst to observe the malware's network activity from within a safe environment

OWASP Zed Attack Proxy (Internet Storm Center) Affectionately know as ZAP the OWASP Zed Attack Proxy in an excellent web application testing tool. It finds its way into the hands of experienced penetration testers, newer security administrators, vulnerability assessors, as well as auditors and the curious. One of the reasons for its popularity is the ease of use and the extensive granular capability to examine transactions

Marketplace

Cybersecurity startups to bank $788 million (CNN Money) Online privacy is on the tips of everyone's tongues these days, and investors are rushing to pour money into cybersecurity startups. Venture capital firms are expected to funnel $788 million into early-stage cybersecurity startups this year

Cybersecurity firms among top recipients of venture funding in Maryland (Baltimore Sun) Maryland companies raised $64 million in venture capital funding this spring, with some of the biggest payouts flowing to Baltimore cybersecurity startups

Security Software Service Firm Edgewave Raises $11M (TechCrunch) EdgeWave, which sells infsecurity software and services, has raised $11 million in equity and debt financing to boost sales and marketing efforts for its technology

Monument Capital Group Holdings Appoints World Class Team of Science and Data Experts to Advise on Security and Technology Acquisitions (MarketWatch) Leading figures in the world of cryptology and data security have joined the expert team at global security industry investment firm Monument Capital Group Holdings (MCGH)

IBM-Apple Deal: Turning Point for Banks? (BankInfoSecurity) Experts weigh pros, cons of broader Apple device use

Activist Investor Pushes EMC to Break Up (Wall Street Journal) Elliott Management says spin-off of VMware would boost stock price

Israeli hi-tech firm to launch Energy Cyber Security Center (Jerusalem Post) Aiming to tackle threats to infrastructure around the globe, the company plans to launch its Energy Cyber Security Center in Hadera on September 15

Growing IT layoffs add to recruiter feeding frenzy (FierceCIO) As reported by FierceCIO last Thursday, news that Microsoft will lay off close to 18,000 workers caught even the most critical analysts off guard, with the media now scrambling to figure out what it all means for the tech giant. But one thing that was immediately agreed to is that the announcement means 'open season' for recruiters

Bloodiest tech industry layoffs of 2014, so far (IT World) Microsoft leads the way, but has plenty of company on jobs cut front

Schafer to assist DARPA innovation office with cyber, analytics and computing (C4ISRNet) The Schafer Corporation has been awarded a three-year task order to provide scientific, engineering and technical assistance to support DARPA's Information Innovation Office

Raytheon breaks ground on new Richardson corporate campus (Dallas Business Journal) When Steve Van Amburgh was picking out the groundbreaking shovels for the kick off of Raytheon Co.'s new corporate campus in Richardson, he spared no expense

Vectra Networks Recognized by CRN as a 2014 Emerging Vendor (Digital Journal) Vectra Networks, the leading innovator in real-time detection of in-progress cyber-attacks, today announced it has been recognized as one of 2014's hottest emerging technology vendors by CRN, the top news source for solution providers and the IT channel

Netskope Recognized as a 2014 Emerging Vendor by CRN (Broadway World) Netskope, the leader in cloud app analytics and policy enforcement, todayannounced it has been recognized as one of 2014's hottest emerging technology vendors by CRN, the top news source for solution providers and the IT channel

Lastline Recognized by CRN as a 2014 Emerging Vendor (Fort Mill Times) Lastline, a global advanced malware protection provider, announced today it has been recognized as one of 2014's hottest emerging technology vendors by CRN, the top news source for solution providers and the IT channel. The annual Emerging Vendors list identifies up-and-coming technology vendors that have introduced innovative new products, creating opportunities for channel partners in North America to create high-margin, cutting-edge solutions for their customers

Prof. Bruce Porter, Chairman of the Dept. of Computer Science at UT Austin, Joins SparkCognition Advisory Board (Digital Journal) SparkCognition, the world's first Cognitive Security Analytics company, announced that eminent Artificial Intelligence researcher and Chairman of the Department of Computer Science at the University of Texas at Austin, Prof. Bruce Porter, will be joining the company's Board of Advisors

Research and Development

Talk on cracking Internet anonymity service Tor canceled (Reuters) A highly anticipated talk on how to identify users of the Internet privacy service Tor was withdrawn from the upcoming Black Hat security conference, a spokeswoman for the event said on Monday. The talk was canceled at the request of attorneys for Carnegie Mellon University in Pittsburgh, where the speakers work as researchers, the spokeswoman, Meredith Corley, told Reuters

Security Patches, Mitigations, and Software Updates

IBM Fixes Code Execution, Cookie-Stealing Vulnerabilities in Switches (Threatpost) IBM recently patched a handful of vulnerabilities in some of its KVM switches that, if exploited, could have given an attacker free reign over any system attached to it

How Apple iOS MAC address spoofing affects location-based services (TechTarget) Apple iOS 8 will add a MAC address spoofing feature to iPhones and iPads for wireless privacy. It could interfere with Wi-Fi location-based services used by many consumer-facing businesses

Cyber Attacks, Threats, and Vulnerabilities

#OpSaveGaza: Hackers leak login credentials of 4000 Israeli users (HackRead) A group of hackers going with the handle of @IzzahHackers on Twitters are claiming to leak login credentials along with other details of over 4,000 Israeli citizens. The leaked data was posted online which shows names, emails, phone numbers and some passwords. The breach was conducted under the banner of #OpSaveGaza earlier today in which hackers have claimed

How Web archivists and other digital sleuths are unraveling the mystery of MH17 (Washington Post) In the agonizing quest to pin down exactly what happened when Malaysia Airlines Flight 17 went down over Ukraine last week, Web archivists and other digital sleuths are playing an unusual — potentially pivotal — role

Cyber Fraudsters Tweet Malicious MH17 URLs Hours After Incident (Infosecurity Magazine) As always, online gangs are among the first to react to tragic news

MH17 scam central: False Facebook profiles (Emirates 24/7) Users bombarded with dubious advertisements

Fresh threat to critical infrastructure found in Havex malware (V3) A dangerous open-platform communication (OPC) scanner that could be used to launch cyber attacks against critical infrastructure areas has been discovered in a variant of the Havex malware

Havex, It's Down With OPC (FireEye) FireEye recently analyzed the capabilities of a variant of Havex (referred to by FireEye as "Fertger" or "PEACEPIPE"), the first publicized malware reported to actively scan OPC servers used for controlling SCADA (Supervisory Control and Data Acquisition) devices in critical infrastructure (e.g., water and electric utilities), energy, and manufacturing sectors

Lights Out: Dragonfly Is On the Move (Cyactive) A large, possibly state-backed operation named Dragonfly\Energetic Bear, which has been running since 2011, was recently discovered infecting US and European energy and Industrial Control System (ICS) equipment manufacturers. The operation reused both exploits and RAT's in its attacks. A large, possibly state-backed operation named Dragonfly\Energetic Bear was recently discovered in a number of US

Russian cyberweapons cross-pollinating commercial malware, analysis claims (TechWorld) 'Gyges' malware shows ominous mixing of forms

Kenya Defence Forces Twitter account hacked (BiztechAfrica) The Twitter account of the Kenya Defence Forces (KDF) has been infiltrated

Funny Facebook video scam leaves unamusing Trojan (Help Net Security) A new funny video spreading on Facebook leaves a not-so-hilarious Trojan in its wake on users' computers, according to research by Bitdefender. The malware, believed to originate from Albania, can access a large amount of data from the user's internet browser

Exploit Dealer: Snowden's Favourite OS Tails Has Zero-Day Vulnerabilities Lurking Inside (Forbes) Researchers have warned of critical unpatched flaws in the privacy-focused operating system Tails, which was made famous by global surveillance whistleblower Edward Snowden

Critical de-anonymization 0-days found in Tails (Help Net Security) Tails, the security-focused Debian-based Linux distribution favoured by Edward Snowden, journalists and privacy-minded users around the world, sports a number of critical vulnerabilities that can lead to the user's identity to be discovered by attackers

The dangers of social media (DVIDS) A Marine is using social media when a female he does not recognize sends him a friend request. He enjoys meeting new people, so he accepts her request. They begin to chat and soon decide to meet. Before they meet, she tells the Marine he must contact, a man who knows the woman. The man tells him he must pay money or the Marine and his family and friends will be in danger

How cyber attacks ran rampant at the 2014 World Cup (AppsTechNews) After a month of fierce competition, exciting matches, and phenomenal goals, the 2014 World Cup in Brazil has finally concluded. While Germany is celebrating another impressive victory and the world looks back on what turned out to be a thrilling tournament, it's also important to look at some of the less than fantastic behind-the-scenes details

'Zombie Zero' Cyber-Attacks Hit Logistics, Robotic Firms for Months (eWeek) The supply-chain cyber-attack infiltrated logistics firms and robotics manufacturers for more than a year, according to new details provided by TrapX Security

Researcher finds backdoors in Apple iOS (IDG via CSO) Jonathan Zdziarski says the services added to the firmware of Apple devices can bypass backup encryption while copying more personal data 'than ever should come off the phone'

Hidden network packet sniffer in MILLIONS of iPhones, iPads — expert (The Register) But don't panic — Apple's backdoor is not totally open for all, guru tells us

Identifying back doors, attack points, and surveillance mechanisms in iOS devices (Digital Investigation) The iOS operating system has long been a subject of interest among the forensics and law enforcement communities. With a large base of interest among consumers, it has become the target of many hackers and criminals alike, with many celebrity thefts (For example, the recent article "How did Scarlett Johansson's phone get hacked?") of data raising awareness to personal privacy

The 'Fingerprinting' Tracking Tool That's Virtually Impossible to Block (Mashable) A new, extremely persistent type of online tracking is shadowing visitors to thousands of top websites, from WhiteHouse.gov to YouPorn.com. The type of tracking, called canvas fingerprinting, works by instructing the visitor's web browser to draw a hidden image, and was first documented in a upcoming paper by researchers at Princeton University and KU Leuven University in Belgium. Because each computer draws the image slightly differently, the images can be used to assign each user's device a number that uniquely identifies it

Chip and PIN security no panacea against payment card fraud (TechTarget) In June 2011, Alex Gambin had his wallet stolen while on the Spanish island of Mallorca. A few minutes later, unauthorized charges of more than $1,800 were made to his HSBC credit card, despite the fact that his card contained a security chip designed specifically to prevent that kind of theft and that any transactions should have required a personal identification number

Finding Holes in Banking Security: Operation Emmental (TrendLabs Security Intelligence Blog) Like Swiss Emmental cheese, the ways your online banking accounts are protected might be full of holes. Banks have been trying to prevent crooks from accessing your online accounts for ages. Passwords, PINs, coordinate cards, TANs, session tokens — all of these were created to help prevent banking fraud. We recently come across a criminal operation that aims to defeat one of these tools: session tokens. Here's how they pull it off

Significant Deficiencies Found in Treasury's Computer Security (Nextgov) Weaknesses in Treasury Department computer systems that track federal debt are severe enough to disrupt accounting, according to a government audit

FDIC Made Progress in Securing Key Financial Systems, but Weaknesses Remain (GAO) The Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. Because of the importance of FDIC's work, effective information security controls are essential to ensure that the corporation's systems and information are adequately protected from inadvertent or deliberate misuse, improper modification, unauthorized disclosure, or destruction

Goodwill Industries probes possible payment card breach (ComputerWorld) Federal authorities and payment card industry fraud units notified Goodwill on Friday

Students hack Tesla Model S, make all its doors pop open IN MOTION (The Register) Toot the horn, too

Ivan's Order of Magnitude (Internet Storm Center) ISC reader Frank reports seeing a couple odd DNS names in his DNS resolver log

Third-Party Software Library Risks To Be Scrutinized at Black Hat (Threatpost) Third-party software libraries introduce efficiency and risk into enterprise applications. Two researchers will identify some of the most vulnerable libraries during a talk at the upcoming Black Hat conference

Vulnerabilities in LZO and LZ4 compression libraries (US-CERT) Recently disclosed vulnerabilities in the LZO and LZ4 compression libraries could allow remote code execution under certain circumstances. While these libraries are used by a large number of platforms and applications, not all programs may be vulnerable to exploitation

New search engine Indexeus unmasks malicious hackers (Naked Security) I don't know if it's because every hacker on the planet was frantically trying to look up their details before their enemies found them or what, but Indexeus, a new search engine that exposes personal data, was offline on Monday

Bulletin (SB14-202) Vulnerability Summary for the Week of July 14, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

1-15 July 2014 Cyber Attacks Timeline (Hackmageddon) It's time for the first cyber attacks timeline of July reporting the main cyber events happened (or discovered) during the first half of the month

Academia

Towson University students are getting a direct path to NSA jobs (Baltimore Business Journal) Students studying cyber security at Towson University now have rare access to internships with the National Security Agency

Litigation, Investigation, and Enforcement

Identifying cyber-criminals is No. 1 challenge, high-profile lawyer says (Pittsburgh Tribune) Federal investigators in Pittsburgh indicted Russian Evgeniy Bogachev on hacking charges last month, but used only nicknames for four other hackers in a related civil suit

IRS gives full account of lost Lerner emails (Politico) The IRS declared under oath and penalty of perjury on Friday that Lois Lerner's hard drive is irrecoverable after being wiped clean by tech staff and recycled with an outside contractor, according to a court filing

6 questions about the IRS's missing emails, from IT experts (Washington Post) Did the IRS intentionally lose e-mails to cover up potentially incriminating communications relating to the agency's targeting controversy, or did the records go missing because of bad technology management?

Your Gmail account is fair game for cops or feds, says US judge (Naked Security) A New York court on Thursday opened up our entire Gmail accounts to feds or cops with warrants, in spite of two recent decisions that went against similar requests

Activist group sues US border agency over new, vast intelligence system (Ars Technica) The Electronic Privacy Information Center (EPIC) has sued the United States Customs and Border Protection (CBP) in an attempt to compel the government agency to hand over documents relating to a relatively new comprehensive intelligence database of people and cargo crossing the US border

Apple and Google told to stop misleading consumers about 'free' apps (Naked Security) The European Commission (EC) has been working with national authorities and app store owners to address concerns over in-app purchases, especially where those transactions are undertaken by children

Spionage-Angriff auf Siemens in Österreich (Kronen Zeitung) Mitten in die Diskussion um NSA-Agenten und die Wiener US-Botschaft platzt jetzt ein echter Wirtschaftskrimi: Siemens Österreich soll Opfer einer Spionage-Attacke geworden sein. Ein Ex-Manager soll seinem Nachfolger Geld für ein gut gehütetes Betriebsgeheimnis geboten haben. Es geht um einen Riesenauftrag und Hunderte Arbeitsplätze

League of Legends hacker was making over $1,000 per day (Tweaktown) Shane 'Jason' Duffy was making over $1,000 per day as a League of Legends hacker

How genealogy data can lead to identity theft (Privacy Blog) Irish Data Protection Commissioner Billy Hawkes has stepped in to have a database of civil registration records removed from the website IrishGenealogy.ie. The problem is that the database contains information on living persons which is often used for identity verification

Design and Innovation

Metadata-hiding Dark Mail protocol soon to be reality (Help Net Security) At the Hackers on Planet Earth (HOPE) conference held this weekend in New York, NSA whistleblower Edward Snowden called for hackers, coders and developers to "help build a better future by encoding our rights into the programs and protocols upon which we rely everyday"

EFF invites hackers to test, secure its Open Wireless Router (Help Net Security) The Electronic Frontier Foundation (EFF) has released Open Wireless Router, an experimental alpha release of wireless router software that is meant to improve some and add new capabilities to existing routers

NSA whistleblower Edward Snowden plans to work on easy-to-use privacy tools (CSO) Edward Snowden has some plans for the future and they include making privacy and encryption tools easier to use