The CyberWire Daily Briefing 08.12.14
Turla (a.k.a. Snake, a.k.a. Orobouros) seems to be slithering these days through the former Soviet republics and Warsaw Pact alumni of the Near Abroad. MIT Technology Review (reporting FireEye research) notes spikes in relevant malware command-and-control traffic immediately preceding Russia's incursion into Ukraine and Israel's operations against Hamas in Gaza. (While duly noting the (real but easily exaggerated) difficulty of distinguishing hacktivism from state-conducted cyber ops, one discerns a useful new entry into the catalogue of indications and warnings.) Belgium's Foreign Ministry says it's recovering nicely from its own earlier Snake infestation.
Bitdefender finds two new GameoverZeus variants active in the wild. The criminal botmasters, interestingly, appear to be upping their quality-control game.
The niche in the cybercriminal ecosystem formerly occupied by Blackhole is, Trustwave reports, being filled by the Magnitude exploit kit, which is largely devoted to spreading CrytoWall ransomware.
F-Secure finds that smartphone vendor Xiaomi's products have been quietly reporting user data back to its servers in China. Xiaomi apologizes and pushes an update to its customers.
US financial sector watchdogs and associations warn consumers against a too carefree adoption of virtual currencies.
Microsoft will patch two critical vulnerabilities later today, one affecting IE versions 6 to 11, the other in professional and business versions of Windows 7, 8, and 8.1.
Cyber value-at-risk remains difficult to estimate, as a study suggests executives routinely underestimate the costs data loss imposes on their companies.
NATO prepares for its September summit. Observers urge the alliance to clarify Article 5 for cyberspace.
Notes.
Today's issue includes events affecting Algeria, Belgium, Egypt, European Union, India, Israel, Morocco, NATO, Palestinian Territories, Russia, Tunisia, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Espionage programs linked to spying on former Soviet targets (Ars Technica) Same malware was previously linked to attacks on US and European targets
Malware Traffic Spikes Preceded Russian and Israeli Conflicts (MIT Technology Review) Government hackers apparently went to work as Israel and Russia ramped up military action this year
Belgian foreign ministry recovers from cyber-attack (Telecompaper) Belgium's foreign ministry finally has full internet access across all platforms, after it was the victim of repeat cyber-attacks in May, a spokesman for the ministry told the Wall Street Journal. The attack wasn't completely debilitating
Turla spyware: Defending against undetectable malware (TechTarget) Is there a way to detect malware that's designed to avoid detection? Nick Lewis explains how the Turla spyware works and how to defend against it
Two new Gameover Zeus variants in the wild (SC Magazine) Two new Gameover Zeus variants have been found in the wild. Just two months after international law enforcement and security companies teamed to dismantle the Gameover Zeus botnet, researchers have found two new variants of the malware in the wild
Magnitude exploit kit changes tack to make money from CryptoWall ransomware (TechWorld) But does Blackhole demise signal end of exploit kit era? The Russian Magnitude malware exploit kit has moved on to the territory vacated by the defunct Blackhole Exploit Kit after successfully developing a new and highly profitable business model, according to security firm Trustwave
Chinese Android smartphone firm Xiaomi caught collecting users' data (V3) Smartphones from Chinese vendor Xiaomi are collecting and sending their users' information to a server in China, according to research from F-Secure
China smartphone maker Xiaomi apologizes for unauthorized data access (Reuters via Yahoo! News) Xiaomi Inc said it had upgraded its operating system to ensure users knew it was collecting data from their address books after a report by a computer security firm said the Chinese budget smartphone maker was taking personal data without permission
Critical 0-days found in CPE WAN Management Protocol (Help Net Security) Check Point has released its findings of security concerns in CPE WAN Management Protocol (CWMP/TR-069) deployments, used by major ISPs globally to control business and consumer home internet equipment such as Wi-Fi routers, VoIP phones, amongst other devices
The oldest trick in the book: How did 1.2 billion credentials get stolen? (Cyactive Blog) "CyberVor", a Russian cybercrime gang, are reported to have acquired the largest known collection of stolen internet credentials. To achieve this they used victim systems in a botnet to identify SQL vulnerabilities, and exploited them on over 420,000 websites
CloudBot: A Free, Malwareless Alternative To Traditional Botnets (Dark Reading) Researchers take advantage of cloud service providers' free trials and lousy anti-automation controls to use cloud instances like bots
Millions of PCs Affected by Mysterious Computrace Backdoor (Threatpost) Nearly every PC has an anti-theft product called Computrace embedded in its BIOS PCI Optional ROM or its unified extensible firmware interface (UEFI). Computrace is a legitimate, trusted application developed by Absolute Software. However, it often runs without user-consent, persistently activates itself at system boot, and can be exploited to perform various attacks and to take complete control of an affected machine
Password manager LastPass goes titsup: Users LOCKED OUT (The Register) Customers can't get into their accounts as service topples
NSA-Proof "Blackphone" Gets Rooted Within 5 Minutes (Hacker News) The ultra secure NSA-Proof Blackphone titled as, "world's first Smartphone which places privacy and control directly in the hands of its users," has been rooted within 5 minutes at the BlackHat security conference in Las Vegas this weekend
Malware Infects Point-of-Sale System at Chicago Yacht Club (SecurityWeek) The Chicago Yacht Club has determined that a piece of malware was installed on one of its point-of-sale (PoS) servers between April 26 and June 21, the organization said on Sunday
Hacker hunts and pwns WiFi Pineapples with zero-day at Def Con (NetworkWorld) Before you use a WiFi Pineapple in Vegas during a hackers' security conference, you better know what you are doing
Twitter Account for Yahoo News Gets Hacked, Sends Tweet About Ebola Outbreak (Softpedia) We all know that Yahoo is prone to fail sometimes, especially when it comes to the uptime of its services, but it seems that this time around it wasn't exactly its fault when it scared the world on Sunday
Twitter admits that as many as 23 million of its active users are actually bots (Quartz) Twitter raised eyebrows last month when it suggested that many of its active users aren't actually human. Now we know how many
US financial protection agency warns against Bitcoin, Dogecoin use (Ars Technica) CFPB: "Virtual currencies are targets for highly sophisticated hackers"
Bitcoin: More than a Bit Risky (FINRA) Bitcoin and other digital currencies have garnered considerable attention. Media reports have focused on virtual currency's potential promise to businesses and consumers — but also on very real abuses and criminal activity associated with it. Government hearings have been held on virtual currencies. In 2013 the US Securities and Exchange Commission (SEC) charged a Texas man and his company with fraud involving an alleged Bitcoin Ponzi scheme. More recently, on February 19, 2014, the SEC suspended trading in the securities of Imogo Mobile Technologies Corp — which had announced testing of a new mobile platform for Bitcoin a few weeks earlier — because of questions about the company's business, revenue and assets. And on February 24, 2014, the Tokyo-based Mt. Gox, one of the largest bitcoin exchanges, stopped its operations. It subsequently filed for bankruptcy in Japan on February 27th and in the U.S. on March 10th
The dangers of backdoor passwords (Help Net Security) In an increasingly connected world, backdoor passwords have large implications on the Internet of Things, the medical world and industrial control systems
Click Fraud Malware Found Lurking Inside Image Files (Infosecurity Magazine) Researchers have discovered click fraud malware designed to "hide in plain sight" and evade traditional security tools by embedding data into an image file
Wie schlimm ist BadUSB wirklich? (Security Insider) Nachrichten zu einem möglichen Angriff mittels manipulierten USB-Geräten sorgten für Unruhe. Was genau dahinter steckt und wie dramatisch der Angriff wirklich ist war unklar. Auf der BlackHat wurden jetzt Details zum BadUSB-Angriff vorgestellt. Die gute Nachricht: Eine Attacke vorzubereiten ist deutlich komplexer, als es in ersten Berichten den Anschein hatte
Here Are The Most Terrifying Security Nightmares Revealed At Black Hat Conference! (EFY Times) Passwords hacking, hacked planes, harmful flash drives, demented Hotel automation — the most terrifying security stories out of the first hacker and security conferences held in Las Vegas
Bulletin (SB14-223) Vulnerability Summary for the Week of August 4, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
Microsoft To Patch 2 Critical Bugs (InformationWeek) Microsoft will fix two critical bugs on Patch Tuesday — but not for Windows 8.1 users who haven't installed the Windows 8.1 Update
Internet Explorer 8 Users Told Their Browser has Less Than 18 Months to Live (Lumension) The single most popular browser on computer desktops around the world is Internet Explorer 8 — and its days are officially numbered
Xiaomi Issues Update After Data Privacy Concerns (Infosecurity Magazine) Chinese smartphone poster child Xiaomi has been forced to issue an over-the-air update to its iCloud like messaging service after privacy concerns were raised over the amount of device and user details being silently sent to and stored on the company's servers
Blackphone Vulnerability Soon to Receive Full Fix (Softpedia) The famous Blackphone, the mobile built to offer encryption to all forms of communication it can manage (calls, emails, text and web browsing), has been rooted at the DefCon hacker conference in Las Vegas, but its makers say that all is to receive a fix in a short while
Cyber Trends
Company Leaders Misjudge Impact of Data Loss on Revenues: Research (SecurityWeek) A survey of nearly 5,000 IT security professionals globally suggests that many corporate leaders may be underestimating the impact data loss could have on their bottomline
Move Over Web Security, Embedded Devices are Darling of Black Hat (Threatpost) At the risk of diving headfirst into the Internet of Things fray, embedded device security emerged as a shiny new penny during last week's Black Hat and DEF CON festivities. Firmware is the new hacker black, and everything from USB sticks, to home routers, to automobiles is in play for exploits, data theft and privacy erosion
US switch to chip-and-PIN cards not a panacea for fraud (Help Net Security) The massive breach that Target suffered late last year was the proverbial straw that broke the camel's back and made the company decide to move to chip-and-PIN card technology
Most people think public Wi-Fi is safe. Seriously? (Naked Security) Most people who use public Wi-Fi couldn't care less about security, according to the recent 2014 Communications Market Report from Ofcom — the UK's Office of Communications/regulatory authority for telecommunications
Closing The Skills Gap Between Hackers & Defenders: 4 Steps (Dark Reading) Improvements in security education, budgets, tools, and methods will help our industry avoid more costly and dangerous attacks and data breaches in the future
Marketplace
CyberLightning Raises $4.2M To Bring 3D Interface To Industrial 'Internet Of Things' Monitoring (TechCrunch) When you think about the Internet of Things (IoT) you['re] likely think of consumer hardware products like smart thermostats, WiFi lightbulbs or Quantified Self gadgets, such as various fitness trackers and other gizmos. CyberLightning, however, is an IoT startup of a different kind. It offers a platform for industrial IoT usage, such as utility companies or other providers of infrastructure, to help them monitor their wares via a 3D user interface that makes complex 'big data' easier to get a handle of and which can be mission critical when managing smart city grids and other aspects of the industrial Internet of Things age
Square Launches Bug Bounty, Hires Top Security Researcher (Theatpost) The bug bounty phenomenon began mainly with major software vendors and security companies, which were the main targets for security researchers and attackers. But it is now moving to virtually every corner of the Web and software ecosystem, and the latest company to join the party is Square, the mobile payment company
Jacobs Provides Information Assurance Services (SIGNAL) Jacobs Technology Inc., Bedford, Massachusetts, has been awarded a $21,143,345 cost-plus-fixed-fee and cost-reimbursable contract modification (P00009) for FA8721-14-C-0018 to provide engineering and technology acquisition support services, which consist of disciplined systems/specialty engineering and technical/information assurance services, support, and products using established government, contractor, and industry processes
Products, Services, and Solutions
Central management console for security appliances (Pro Security Zone) Cyberoam Central Console provides enterprises with the ability to manage double the number of security appliances
Secure USB devices with BadUSB protection (Pro Security Zone) The IronKey range of secure USB devices from Imation isn't vulnerable to the BadUSB malware designed to attack the device itself
DIME for your TOP SECRET thoughts? Son of Snowden's crypto-chatter client here soon (The Register) Hardened email platform should be ready for Xmas
How Yahoo email encryption could help your business (CSO) Yahoo's browser plugin for end-to-end encryption could provide an easy-to-use solution for encrypting webmail
Why the Facebook Messenger app is not the privacy nightmare people think it is (Naked Security) There's good reason to be skeptical of Facebook when it comes to privacy, but the Facebook Messenger app isn't the privacy nightmare that some people think it is
Ecrypt Technologies Announces Impending Alpha Unit Release And Formation Of Strategic Partnerships (Broadway World) Ecrypt Technologies, Inc. has announced that the Alpha Unit for its state of the art, secure email system, Ecrypt One, is being tested in a newly developed "sandbox" that has been developed by the company for potential end users to test the system in a safe environment. The sandbox provides a virtual platform wherein qualified potential commercial customers are allowed to test the security of the technology without requiring the associated costs or labor of integrating it into their infrastructure
Bremer Bank Selects ForeScout CounterACT for Real-time Visibility, Guest Access and Control Automation (Globe Newswire) ForeScout Technologies, Inc., the leading provider of pervasive network security solutions for Global 2000 enterprises and government organizations, today announced that Bremer Financial Corporation has successfully deployed ForeScout CounterACT™. ForeScout's agentless approach enabled the bank to migrate off of its existing 802.1X infrastructure and provides comprehensive, real-time network visibility across all endpoints, resulting in improved compliance with security policies without negatively impacting user experience or productivity
Avast vs AVG: Which One Should Be Your Best Security Buddy (Streetwise Tech) When it comes to free online antivirus programs, both AVG and Avast have been making it to the limelight as AVG and AVast are highly reliable antivirus programs that can highly be depended upon when you speak of online protection from viruses and other malicious online threats. But looking at both, is there a big difference in the kind of protection that they offer? We'll take a closer look at their advantages
Technologies, Techniques, and Standards
Cyber Risk Dashboards: False Sense Of Control? (InformationWeek) Federal programs promoting the use of risk dashboards can boost real-time visibility, but only if they are used correctly
Detect and respond (Help Net Security) At a recent security and risk management conference I had an opportunity to talk with industry analysts about today's challenges in network security. It seems that many analysts' perspectives are driven by client inquiries that seek simple product recommendations to solve complex challenges. A recurring problem with this sort of inquiry is that oftentimes the right solution requires more than the purchase of a product
Facilities turn to best practices to keep patient data secure in high-risk cases (FierceHealthIT) When it comes to highly sensitive health situations, patients' privacy and security is a top concern. The recent spread of Ebola shows why healthcare organizations need to have plans in place
BYOD: 10 ways to fight back (Help Net Security) The adoption of BYOD policies in SMBs means that IT has to protect devices that they didn't even specify, procure or configure. In addition, most companies are now multi-platform, blending in Linux and the Mac with their mainstay Windows client and server systems
Report Outlines How Family Offices Can Keep Sensitive Data Out of Cyber Hacker Hands (Campden FB) A "shocking" number of family offices send confidential information via email, according to a family wealth IT expert, as new research outlines how family offices can protect themselves from cyber attacks
When Data Joins The Dark Side (InformationWeek) A big data stockpile may contain dark data — unstructured, unclassified information that you can't put to good use. Maybe it's time to find it
DefCon: Advice on Evading Black Helicopters (eSecurity Planet) You say 'paranoid,' I say 'careful.' Expert offers 'practical' advice on living the paranoid lifestyle
Here's What Cyber Security Experts Teach Their Kids About The Internet (Business Insider) How can you teach your children to use the internet safely? It's a question I've been thinking about a lot, as the father of five and seven year-old sons who are already adept with parental tablets and laptops alike
Design and Innovation
Mobile chips face lockdown to prevent hacks (IT World) Chip makers are adding more security layers to protect mobile device users from malicious attacks and code injection
15 technologies changing how developers work (IT World) The very nature of programming is evolving faster than you might think, thanks to these powerful tools
Research and Development
NIST test bed will probe industrial systems for cyber flaws (FCW) The National Institute of Standards and Technology is planning a test bed to examine industrial control systems for cybersecurity vulnerabilities
Synapse Program Develops Advanced Brain-Inspired Chip (DARPA) New chip design mimics brain?s power-saving efficiency; uses 100x less power for complex processing than state-of-the-art chips
Academia
School children to be trained in cyber warfare (Telegraph) A new cyber security training programme hopes to encourage more young people towards careers in STEM subjects
Young people training in cyber warfare a positive step (Pro Security Zone) Thales UK comments on the initiative to train UK young people as part of the Cyber Security Challenge being necessary in order to bridge the skills gap
Denver schools starting year with new STEM career classes (Denver Post) As Denver students get ready for school this month, officials are preparing to spend more than $7 million on new career-education classes to benefit about 1,000 students in the first year
Legislation, Policy, and Regulation
NATO's September Summit Must Confront Cyber Threats (Breaking Defense) Cyber is already an integral part of all conflicts and wars in today's world. But there is plenty of work and planning ahead before NATO, as an alliance, is a credible player in the cyber domain. Most urgently, in the ongoing hybrid warfare in Ukraine, where the border between peace and war is intentionally blurred and where armies do not take on the role of a direct aggressor, NATO must improve its collective capabilities in cyberspace and its interpretation of Article 5, the famous treaty provision which says an "armed attack" — a term never defined — on one member of the alliance is an attack against all. President Obama and his European counterparts must make tough decisions and clear guidelines at the NATO Summit in September
Russia bans anonymous wifi (ZDNet) Users will be required to provide a full name and ID and to identify hardware
Oracle blocking Java installs in Russia (ZDNet) Reports indicate that users in Russia who attempt to download and install Java are being told that a government embargo forbids it
Hagel Urges Expanded U.S.-Indian Defense Cooperation (DoD News) Defense Secretary Chuck Hagel today called for the United States and India to do more to transform their defense relationship through increased partnerships in production and technology, given the edge he said both nations have in science and innovation
Only 1 in 100 cloud providers meet proposed EU Data Protection requirements (Help Net Security) The EU General Data Protection Regulation is expected to be passed this year and take effect in 2015 but new research from Skyhigh Networks, suggests that only 1 in 100 cloud providers meets these requirements to date
Does your business need a 'Data Protection Officer?' (NetworkWorld) Anticipated new EU regulation may mean you do, notes consultancy PricewaterhouseCoopers
Security Experts Call for Government Action Against Cyber-Threats (NDTV) Alarmed by mounting cyber threats around the world and across industries, a growing number of security experts see aggressive government action as the best hope for averting disaster
Does U.S. Truly Want Cyber Peace? (BankInfoSecurity) The United States government does not want peace in cyberspace, contends cyber-conflict historian Jason Healey, a former White House cyber infrastructure protection director
Newly Declassified Documents Regarding the Now-Discontinued NSA Bulk Electronic Communications Metadata Pursuant to Section 402 of the Foreign Intelligence Surveillance Act (IC on the Record) Following a declassification review by the Executive Branch, the Department of Justice released on August 6, 2014, in redacted form, 38 documents relating to the now-discontinued NSA program to collect bulk electronic communications metadata pursuant to Section 402 of the FISA ("PRTT provision"). These documents are also responsive to a Freedom of Information Act request by the Electronic Privacy Information Center. The Intelligence Community previously released information about this program to the public on November 18, 2013
Litigation, Investigation, and Law Enforcement
U.S. can shield court orders, phone co's in surveillance cases-judge (Reuters) The U.S. government need not turn over a secret surveillance court's orders or the names of phone companies helping it collect call records, because it might reveal methods needed to protect national security, a federal judge decided on Monday
Court Rejects Deal on Hiring in Silicon Valley (New York Times) There is "ample evidence" that Silicon Valley was engaged in "an overarching conspiracy" against its own employees, a federal judge said on Friday, and it should either pay dearly or have its secrets exposed at trial
Tech Companies, ACLU Voice Support For Facebook In Data Search Warrant Case (TechCrunch) A group of tech giants and civil liberties groups voiced their support on Friday for Facebook as it continues its legal battle to return private data collected in a set of bulk search warrants to its users and prevent future searches
Checking In On Africa: The Latest Developments in Cybercrime (TrendLabs Security Intelligence Blog) In the early 2000s, Africa gained notoriety due to the 419 "Nigerian" scam. This scam involved making payments in exchange for a reward for helping so-called high-ranking Nigerian officials and their families. While all the scams may not have necessarily originated from Africa, the use of Nigerian officials was imprinted upon the public consciousness, thereby forever associating this scam with the continent
Amtrak employee sold customer data to DEA for two decades (Ars Technica) Hundreds of thousands of dollars were spent to circumvent official channels
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
DerbyCon 4.0 (Louisville, Kentucky, USA, Sep 24 - 28, 2014) Welcome to DerbyCon 4.0 — "Family Rootz". This is the place where security professionals from all over the world come to hang out. DerbyCon 4.0 will be held September 24-28th, 2014. DerbyCon 2013 pulled in over 2,000 people with an amazing speaker lineup and a family-like feel. We've listened to your feedback and plan on making this conference even better this year
Upcoming Events
SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, Aug 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training event and Summit that brings together cyber defense practitioners focused on defensive tactics as opposed to offensive approaches to thwart cyber attackers and prevent intrusions.
Resilience Week (Denver, Colorado, USA, Aug 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.
AFCEA Technology & Cyber Day (Tinker AFB, Oklahoma, USA, Aug 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only event of its kind held at Tinker AFB each year. This annual event allows exhibitors the opportunity to network with key information technology, cyber security, communications, engineering, contracting personnel and decision makers at Tinker AFB. Over 250 attendees participated in the 2013 event and we expect the same level of attendance in 2014.
c0c0n: International Information Security and Hacking Conference (, Jan 1, 1970) c0c0n, previously known as Cyber Safe, is an annual event conducted as part of the International Information Security Day. The Information Security Research Association along with Matriux Security Community is organizing a 2 day International Security and Hacking Conference titled c0c0n 2014, as part of Information Security Day 2014. c0c0n 2013 was supported by the Kerala Police and we expect the same this year too. Various technical, non-technical, legal and community events are organized as part of the program. c0c0n 2014 is scheduled on 22, 23 Aug 2014.
Build IT Break IT Fix IT: Build IT (Online, Aug 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th
The Hackers Conference (New Delhi, India, Aug 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security meet face-to-face to join their efforts to cooperate in addressing the most topical issues of the Internet Security space. This is the third edition of the Conference. Following the huge success of the conference last year the current edition of the conference brings back to you all the knowledge, all the fun in a better, grander way.