The CyberWire Daily Briefing 08.06.14

Cyber Trends

DDoS attack volumes plummet as NTP servers got patched (Help Net Security) Wise to attackers' exploitation of the Network Time Protocol (NTP) vulnerability to create distributed reflection denial of service (DrDoS) attacks, information security executives thwarted these types of amplified assaults by patching weaknesses or making upgrades in their systems associated with the protocol, causing an 86 percent drop in the peak bit volume of NTP DrDoS attacks to 59 gigabits per second (Gbps) in Q2 2014

The weak links in an increasingly dynamic threat landscape (Help Net Security) The Cisco 2014 Midyear Security Report, released today at Black Hat U.S., examines the "weak links" in organizations — outdated software, bad code, abandoned digital properties, or user errors — that contribute to the adversary's ability to exploit vulnerabilities with methods such as DNS queries, exploit kits, amplification attacks, point-of-sale (POS) system compromise, malvertising, ransomware, infiltration of encryption protocols, social engineering and "life event" spam

Studies confirm epidemic of cyberattacks (FierceCIO) A majority of organizations experienced some sort of external cybersecurity incident in the past year, and cybersecurity breaches are now driving organizational strategy for most of them

Companies are ready to take a risk, ignoring IT strategy — study (Information Age) Despite the nearly-universal rate of encounters with cybercrime, businesses tend to prioritise IT spending — which includes IT security — quite differently depending on their size

Mobile device security in health industry 'immature' (FierceMobileHealthcare) The global healthcare industry is not keeping pace when it comes to mobile device security, specifically unsanctioned device and application use, according to a new survey by IDG Connect for security vendor ForeScout

What do you do when Facebook is spying on you? (Phys.org) Facebook, Twitter, Google Plus and other social media were designed to connect friends. But they are also used to connect extremely complex marketing and surveillance systems, all meant to subtly shape online interactions

Smart Building Technologies Could Expose Companies To A New Breed Of Cyber Attack (TechCrunch) Last month major corporations and household names such as Evernote, TweetDeck and Feedly were held ransom by Internet hackers. Many found this concerning, but even more serious is that some businesses may not realize how highly vulnerable they are to such an attack. What if it were your building that was held ransom? Are there things that could have been done to prevent a cyber attack?

Legislation, Policy and Regulation

Before a High-Stakes Standardized Test, Uzbekistan Shut the Whole Country's Internet Down (The Atlantic) One (very authoritarian) way to prevent cheating

Strategic Communications & NSA: Perfect Together (O'Dwyer's) When the National Security Agency — yes, the NSA — posted an opening last month for a Director, Strategic Communications, much of the reaction was skeptical and, in a word, snide

Aaron's Law Is Doomed Leaving US Hacking Law 'Broken' (Forbes) A bill named after the late internet activist Aaron Swartz that was supposed to update much-criticized US hacking law is almost certain to be left to wither in Congress, according to various sources with knowledge of the matter. A stalemate has emerged between Representative Zoe Lofgren, who was carrying the bill into the House, and the House Judiciary Committee headed up by Representative Bob Goodlatte, which has chosen not to discuss or vote on Aaron's Law

Products, Services, and Solutions

Next-Gen Splunk Serves Up Faster Threat Detection (CIO Today) When it comes to real-time Relevant Products/Services operational intelligence Relevant Products/Services, Splunk is vying for market leadership Relevant Products/Services. The company just rolled out version 3.1 of the Splunk App for Enterprise Security, complete with a new risk scoring framework that promises faster threat Relevant Products/Services detection and containment

Lumeta ESI Delivers Real-Time Network Situational Awareness into Splunk Enterprise (Digital Journal) Lumeta Corporation has enhanced the integration between its Lumeta ESI (Enterprise Situational Intelligence) software and Splunk Enterprise real-time operational intelligence software. Feeding Lumeta's comprehensive network intelligence into Splunk increases its effectiveness and provides joint customers with enhanced network situational awareness

Leaked docs reveal power of malware-for-government product 'FinFisher' (The Register) Win 8 Pro tip: Govt spyware can't tap Skype's Metro app

Alert Logic helps clckwrk secure business critical Oracle applications running on Amazon Web Services (Sys-Con Media) UK based IT consultancy and specialty cloud hosting company, clckwrk Limited, has selected Alert Logic's managed Security-as-a-Service solutions to secure Oracle applications it hosts on Amazon Web Services (AWS) cloud

Porticor Enhances Microsoft SQL Server Encryption With Cloud Key Management Security for Complete Database Protection (Broadway World) Porticor®, a leading cloud data security company delivering the only cloud-based data encryption and key management solution that infuses trust into the cloud and keeps cloud data confidential, today announced that it supports Microsoft SQL Server Transparent Data Encryption (TDE), securing Microsoft's database in cloud infrastructures with its Porticor Virtual Private Data (VPD)

CYREN Technology Integrated into Byzoro Security Appliances (Jakarta Post) CYREN (NASDAQ: CYRN) today announced that Beijing-based Byzoro Networks Ltd integrated CYREN Embedded Antivirus, Anti-Spam and URL Filtering technology inside its family of PatrolFlow security appliances

Universal Security Suite From eScan Officially Launched (Streetwise Tech) On August 1, 2014, Universal Security Suite a new product of eScan was launched in Kathmandu, Nepal. The company, Phoenix Trading, has officially launched the new product — Universal Security Suite. The new security suite is going to ensure users a more secured computing experience when it comes to various devices and across all different platforms such as Android, Macintosh, Linux and Windows using one license key. This is based on the statement given by the company

Detect threat patterns across your web and mobile assets (Help Net Security) RiskIQ announced an automated platform with global reach that enables organizations to discover, scan for malware and gather threat intelligence on all websites and mobile apps that are legitimately or illegally associated with their business

LogRhythm Introduces Honeypot Security Analytics Suite (LogRhythm) LogRhythm, The Security Intelligence Company, today released a new analytics suite that monitors honeypots to track would-be attackers, enabling customers to analyze nefarious tactics and generate targeted threat intelligence that facilitates an ongoing adaptive defense posture. The new Honeypot Security Analytics Suite is the latest in a series of innovations from LogRhythm Labs designed to expedite the detection, prioritization and response to advanced cyber threats

CrowdStrike launches Intelligence Exchange Program (Help Net Security) CrowdStrike announced the launch of the CrowdStrike Intelligence Exchange Program (CSIX)

General Dynamics Fidelis Cybersecurity Solutions Partners with CrowdStrike to Enhance Threat Intelligence (MarketWatch) General Dynamics Fidelis Cybersecurity Solutions announced that it has partnered with CrowdStrike to provide customers with access to shared threat intelligence that will further improve the prevention, detection, attribution and remediation of cyber-attacks in real-time. Supplementing the proprietary threat intelligence provided by General Dynamics Fidelis' threat research team, integrated YARA rules and other industry partnerships , the information from the CrowdStrike Intelligence Exchange provides Fidelis XPS customers with an even broader range of threat intelligence

Open source threat visualization engine for infosec pros (Help Net Security) OpenDNS has released OpenGraphiti, an interactive open source data visualization engine that enables security analysts, researchers and data scientists to pair visualization and Big Data to create 3D representations of threats

Hexis Cyber Solutions Unveils NetBeat Product Line for Simplified Network Visibility & Control (IT Business Net) Hexis Cyber Solutions (Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (Nasdaq:KEYW), and a provider of advanced cybersecurity solutions for commercial companies and government agencies, today launched its NetBeat product line featuring solutions built to provide organizations with simplified network monitoring, analysis and control. NetBeat MON and NetBeat NAC deliver 360 degree network visibility in a set of easy-to-use applications that improve organizational productivity

Technologies, Techniques, and Standards

Advanced threat detection is more than one moment in time (IT Pro Portal) The changing nature of the threat landscape, and the ever-growing sophistication of hackers, means that the way organisations protect themselves against advanced cyber-attacks must change too. Hackers are no longer focused on what was traditionally deemed to be their destination — the perimeter of the enterprise. They're now focused on the journey itself, leveraging an array of attack vectors, taking endless form-factors, launching attacks over time, and cleverly hiding the leakage of data

Cybersecurity Pilot Program Added to Exams (Credit Union TImes) Lindsey Richardson said she finds herself in the unusual position of a compliance consultant calling for more regulation of her clients

All 500,000 Cryptolocker victims can recover files for free (Computing) The 500,000 victims who had their files encrypted by malware can now unencrypt their files without having to pay cyber-extortionists behind the "ransomware" any money

How to foil SynoLocker and minimize the damage (Help Net Security) We wrote on Monday warning about Synology NAS users being targeted with SynoLocker, a customized version of the Cryptolocker ransomware, which encrypts the files contained on the devices and asks 0.6 BitCoin ($350) for the decryption key

iOS security myths and threats (Help Net Security) In this interview, Zuk Avraham, CEO of Zimperium, talks about iOS security myths and threats, discusses the difficulties in exploring iOS security vs. "breaking" Android and offers advice to those managing a variety of iOS devices in a large organization

ERP: Protecting the pipeline by focusing on business-critical platforms (CSO) Recent events highlight the need to focus on threats from within

Small business advice: The simple but vital security precaution that many firms neglect (Washington Post) A 5-step guide to your first line of defense

Marketplace

China Apparently Takes Apple Off Procurement Lists In Bid To Limit Overseas Influence (TechCrunch) China has removed iPads and MacBooks from its procurement lists for government agencies and officials, according to a new report from Bloomberg. The iPad, iPad Mini, MacBook Air, MacBook Pro and other products, totalling ten altogether, were left off a new procurement list distributed to government organizations in July, after initially appearing in a draft version in June, per the report. The move is just the latest example of China seeking to encourage sourcing of hardware and software from Chinese companies, and it's being billed as a security move by Chinese authorities

Cyber Spooks Are in Demand at Investment Banks (Wall Street Journal) The financial sector is looking to bolster its ranks in the war against cybercrime

Cyber security entrepreneurs: balancing secrecy and publicity (Financial Times) As an address, "Nimrod House, Enigma Business Park", seems particularly appropriate for a company involved in encryption and secure communications for the British military. A German Enigma machine was used by Allied codebreakers to decipher intelligence in the second world war, while the Nimrod was a UK maritime surveillance aircraft in the cold war

Governor O'Malley Announces KoolSpan, BrainScope Tapped for Follow-On Investments from InvestMaryland (Maryland Department of Business and Economic Development) The Maryland Venture Fund (MVF), the equity investment arm of the Maryland Department of Business and Economic Development (DBED), has made follow-on investments totaling $700,000 in two of its portfolio companies. KoolSpan, developer of a suite of patented, hardware-based mobile security encryption solutions, received $400,000

Vectra Networks Raises $25M to Empower Enterprises in Their Battle Against Cyber Attacks (Broadway World) Vectra Networks, the leader in real-time detection of cyber attacks in progress, today announced it has received $25M in an oversubscribed Series C financing round. Accel Partners led the financing round and Eric Wolford, partner at Accel Partners, has joined Vectra Networks' Board of Directors. Prior investors Khosla Ventures, IA Ventures and AME Cloud Ventures all participated in the round. In addition, Intel Capital and Juniper Networks, through its Junos® Innovation Fund, joined the round. The investment will accelerate research and development, sales and marketing to meet CIOs' growing demand for real-time detection of cyber attacks in progress

Cloud Security Provider Bitglass Boosts Its Bank Account (Wall Steet Journal) Cloud services keep getting more popular. But they pose some new security issues, creating an opening for companies like Bitglass to become a new kind of middleman

Former NSA Chief Defends Cybersecurity Venture (AP via ABC News) Even in an era when former officials routinely profit from business ventures linked to their public service, recently retired National Security Agency chief Keith Alexander raised eyebrows when he disclosed he is working on patents for what he calls a game-changing cybersecurity model

Cerner to acquire Siemens' health IT division for $1.3 billion (FierceMR) Cerner Corporation and Siemens AG have announced that they have entered into a definitive agreement for Cerner to acquire Siemens' health IT business unit, Siemens Health Services, for $1.3 billion in cash

BlackBerry Comeback Far From Certain (InformationWeek) BlackBerry is finally ready to resume growth, says CEO Chen — but first the company must overcome its crumbling device business

Cyber Security Challenge UK Searching for the Best Hackers in the UK (Backup Technology) Cyber Security Challenge UK is on the hunt for the best hackers in the UK after setting up a series of challenges which will test the skills of each competitor

Proofpoint Appoints New Senior Vice President of Human Resources to Support Continued Growth (CNN Money) Proofpoint, Inc. (NASDAQ: PFPT), a leading security-as-a-service provider, today announced Julie Currie has been named the new senior vice president of Human Resources

FireEye Announces John McGee as SVP, Worldwide Sales (MarketWatch) FireEye, Inc. FEYE -2.65%, the leader in stopping today's advanced cyber attacks, today announced that John McGee, formerly Executive Vice President, Worldwide Field Operations for Informatica, has joined FireEye as the company's Senior Vice President, Worldwide Sales

Research and Development

New type of cryptography that can better resist "dictionary attacks" (Phys.org) Cryptographers in China have have developed a new type of cryptography that can better resist so-called offline "dictionary attacks", denial of service (DoS) hacks, and cracks involving eavesdroppers. Their approach, reported in the International Journal of Electronic Security and Digital Forensics, extends and improves a type of cryptography that uses an intractable mathematical problem as its basis

Microsemi Continues its FPGA Security Leadership for Secure Boot with Extension of Cryptography Research Differential Power Analysis Patent License (MarketWatch) Significantly increasing security for critical communication, industrial and defense applications, patent solution provides resistance to DPA attacks

Is artificial intelligence as big a threat as nuclear weapons? (Naked Security) He brainstormed an 800 mph subsonic air travel machine made of friction-foiling aluminum pods, provided the concept behind what's now the second largest provider of solar power systems in the US, invested $100 million of his own money into putting people on Mars, and open-sourced electric car company Tesla's patents for the betterment of mankind — or, well, at least, to jump-start development of electric cars

Security Patches, Mitigations, and Software Updates

Symantec patches privilege escalation flaws in Endpoint Protection (IDG via IT World) Symantec has released a patch for privilege escalation flaws in its Endpoint Protection product, and the company which found the issues released the exploit code on Tuesday

Diablo 3 Console Patch Reduces Impact of Hacked Items, More Measures Planned (Softpedia) The development team at Blizzard has just announced how gamers will be able to transfer data related to Diablo 3 between a variety of home consoles, but behind the scenes, the company has also been working to address another big problem that gamers have been reporting lately

Cyber Attacks, Threats, and Vulnerabilities

Al-Qaeda and Snowden: Correlation, Causation, and Temporal Analysis (Recorded Future) Our recent research on Al-Qaeda encryption again generated a tremendous amount of interest which we were thrilled to see, with stories in NPR, Wall Street Journal, Ars Technica, ABC News, Washington Post, etc. Much of the reaction was very positive and underscored the combined value of open source analysis and reverse engineering

Operation Arachnophobia: Caught in the Spider's Web (CyberSquared) Cyber Squared Inc.'s ThreatConnect Intelligence Research Team (TCIRT) tracks a number of threat groups around the world. We first discovered a suspected Pakistani threat group in 2013, and have since followed their activity and found new observations and insight into the group and its tactics that we call, "Operation Arachnophobia"

Russian Gang Said to Amass More Than a Billion Stolen Internet Credentials (New York Times) A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion username and password combinations and more than 500 million email addresses, security researchers say

Biggest Cache of Stolen Creds Ever Includes 1.2 Billion Unique Logins (Dark Reading) A Russian crime ring has swiped more than a billion unique username-password combinations, plus a half-million email addresses

The Russian 'hack of the century' doesn't add up (The Verge) Yesterday, The New York Times dropped an exclusive account of what reporter Nicole Perlroth called "the biggest hack ever." By the numbers it certainly held up: 1.2 billion accounts, covering 500 million unique email addresses over 420,000 websites. The data had been captured by a Russian hacker group called CyberVor, and revealed by Hold Security. But as the smoke clears, the hack seems to be less of a criminal masterwork than the article might have you believe

All Passwords have been lost: What's next? (Internet Storm Center) Some of it may be hype. But no matter if 500 Million, 1.5 Billion or even 3.5 Billion passwords have been lost as yesterday's report by Hold Security states, given all the password leaks we had over the last couple years it is pretty fair to assume that at least one of your passwords has been compromised at some point

Backoff malware infects POS systems at 600 retailers (FierceITSecurity) The Backoff malware, detailed in a US-CERT alert on Friday, has already infected point-of-sale, or POS, systems at 600 retailers, according to security firm Trustwave

How 'Backoff' Malware Works and Why Banks Should Care (American Banker) Bankers, beware Backoff. The Department of Homeland Security sounded an alarm last week about this young strain of malicious software. The agency directed its warning mainly at retailers, but banks are also vulnerable to Backoff in several ways and need to put defensive mechanisms in place

Can Planes Be Hacked via Onboard Wi-Fi? (CIO Today) Are planes really at risk of cyberattack through the Wi-Fi connections we love to use while sky high? If you believe Ruben Santamarta, a consultant with cybersecurity firm IOActive, the answer is yes. But other security Relevant Products/Services researchers are skeptical

SaaS Security Risks: It's the Users, Stupid (eSecurity Planet) Black Hat workshop to discuss security concerns of software-as-a-service applications. Not surprisingly, uninformed users pose some of the biggest risks

Obfuscated malicious office documents adopted by cybercriminals around the world (Securelist) After going out of fashion for a number of years, malicious macros inside Office files have recently experienced a revival. And why not, especially if they are a lot cheaper than exploits and capable of doing the same job?

Teen researcher publishes PayPal 2FA bypass exploit (Help Net Security) Joshua Rogers, a teenage whitehat based in Australia, has found an extremely simple way to bypass PayPal's two-factor authentication feature

Anonymous Says It Hacked the US Government Personnel Database Before China (Motherboard) Chinese hackers made headlines last month for hacking into United States government servers in March, but they weren't the only ones poking around on those servers: Anonymous claims it was too

Hacking Tor and Online Anonymity (Infosec Institute) Tor is the acronym of "The onion router", a system implemented to preserve online anonymity. Tor client software routes Internet traffic through a worldwide volunteer network of servers that hide user information, eluding surveillance of government and other bad actors

Department of Defense Denies NSA Received Tor User Data After Research on Vulnerabilities (Reuters via Softpedia) The US Department of Defense denies the NSA received any personal data on users of anonymity service Tor following a project funded by the US government to detect vulnerabilities

Tor Anonymity Questioned After FBI Infected Visitors of Criminal Sites with Malware (Softpedia) It is already known that Tor is a thorn in the side of law enforcement because it provides complete anonymity to Internet users. It has already been reported that the NSA has been trying for a long time to snoop in on people using the intricate network providing complete protection by monitoring access points, but now it looks like the FBI is the one too curious

Chrysler, Nissan looking into claims their cars 'most hackable' (Reuters via CNBC) Chrysler and Nissan said they are reviewing a report by well-known cyber security experts that rates their vehicles among the three "most hackable" cars on the market, along with a General Motors model

Payment cards used on Wireless Emporium website compromised by malware (SC Magazine) After malware was discovered on the [Wireless Emporium] computer server, the company began notifying an undisclosed number of individuals that their personal information — including payment card data — might have been compromised

PF Chang's data breach lasted 8 months (Help Net Security) Asian-themed US restaurant chain P.F. Chang's China Bistro has finally provided some more details about the breach it suffered earlier this year, including the 33 restaurant locations where the security of their PoS systems was compromised

Academia

Osborne announces seven university technical colleges (ComputerWeekly) Chancellor George Osborne has announced seven new university technical colleges (UTCs) and four new studio schools, backed by employers to equip young people with the skills needed to secure high-tech jobs in the IT and engineering sectors

Litigation, Investigation, and Enforcement

OIG: ONC's inadequate oversight left EHRs vulnerable to hackers (FierceEMR) The Office of the National Coordinator for Health IT's lackluster monitoring of the Authorized Testing and Certified Bodies (ATCBs) under the temporary certification program did not fully ensure that test procedures and standards could secure and protect patient information in electronic health record, according to a new report by the U.S. Department of Health and Human Services' Office of Inspector General (OIG)

The Office of the National Coordinator for Health Information Technology's Oversight of the Testing and Certification of Electronic Health Records (Department of Health and Human Services Office of the Inspector General) The Office of the National Coordinator for Health Information Technology's oversight of the authorized testing and certification bodies did not fully ensure that electronic patient information in the currently available electronic health record applications was secure and protected

Standards lab overlooked spy agency's cryptography 'back door', say scientists (Physics World) The National Institute of Standards and Technology (NIST) lacks independence and uncritically adhered to the wishes of US electronic eavesdroppers in releasing a weakened random-number generator in 2006

NIST Cryptographic Standards and Guidelines Development Process: Report and Recommendations of the Visiting Committee on Advanced Technology of the National Institute of Standards and Technology (VCAT NIST) This report from Visiting Committee on Advanced Technology (VCAT) of the National Institute of Standards and Technology (NIST) to the NIST Director contains the VCAT's recommendations on how NIST can improve the cryptographic standards and guidelines development process

FBI used drive-by downloads to track child porn suspects hidden on Tor (Naked Security) US courts are forcing the FBI to justify drive-by downloads of spyware onto the computers of people visiting child porn sites hidden on Tor

The Tech War On Child Porn Is Not Limited To Google Scanning Gmail (Forbes) Google GOOGL +0.05% has suddenly become the poster boy for child porn searches after the search giant reported a child porn image in a Texas man's Gmail, leading to his arrest. Many in the tech community, including my colleagues here at Forbes seem shocked, saying we should "be afraid of Google's power" and that its pairing up with law enforcement like this is leading us into the Panopticon. I have news for you: Google is far from the only tech giant scanning your messages for child porn, and this is only one of the technological methods being used to try to eradicate the societal scourge that is kiddie porn

How Google handles child pornography in Gmail, search (MSN) Google's email-scanning practices are used to fight evil as well as target ads. The company revealed Monday that it's created a digital database of images displaying child sexual abuse, which it compares to images sent via Gmail

Wikimedia Attacks Europe's Right To Be Forgotten Ruling As Threat To Its Mission (TechCrunch) The Wikimedia Foundation, the not-for-profit organization behind Wikipedia, has strongly condemned the recent right to be forgotten (rtbf) ruling in Europe, warning the requirement to allow private individuals to request the de-indexing of links from search results associated with their name is going to have "critical repercussions" for its online crowdsourced encyclopedia

Support overwhelms privacy action against Facebook Ireland (Breaking News) A lawyer suing Facebook in a class action over online privacy will limit the scale of the lawsuit after being overwhelmed with support

17K join Austrian student's Facebook privacy class action lawsuit (Digital Journal) Thousands of Facebook users have joined an Austrian law student's class action lawsuit accusing the social media giant of violating their online privacy

Police: BYU student hacked into school computers to change grades (Herald Extra) A 26-year-old BYU student has been arrested on charges of hacking into the school's computer system and also the computer system of his employers