The CyberWire Daily Briefing 11.21.14
Hong Kong independent media sites remain the target of what Cloudflare and Forbes are calling the largest distributed denial-of-service campaign ever seen. The jamming paces the activists' operations. The Great Firewall is also rising to partially block at least one major content delivery network, EdgeCast, and watchdog GreatFire reports several major international outfits (the Atlantic, Sony Mobile, and Firefox among them) are affected.
US NSA Director Rogers tells the House Intelligence Committee that China and "one or two other" nations could shut down the North American power grid, and that what appears preparatory reconnaissance has long been detected. He also warns that it's unclear whether Cold-War-style deterrence would work in cyberspace (probably not, the tenor of his remarks suggests). He declined to name the one or two other threats, but said NSA was keeping a close eye on them.
Those one or two others almost certainly would include Russia, which has actively engaged in the kind of reconnaissance Rogers describes. Recorded Future has released a report on the three major cyber campaigns attributed to Russia, and sees in those campaigns evidence of close tactical coordination.
British officials continue to warn the financial sector of the risk of ISIS-conducted (or inspired) cyber attack.
Recently patched vulnerabilities are being exploited in the wild — nota bene, system administrators.
Researchers warn of medical device vulnerabilities, this time with more specificity than usual.
In industry news, CyberSquared gets Series-A funding and renames itself ThreatConnect, after its flagship product.
France leads Europol's sweep of RAT operators.
Notes.
Today's issue includes events affecting Australia, Brazil, China, Colombia, European Union, France, Ireland, Netherlands, Organization of American States, Romania, Russia, Turkey, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
The Largest Cyber Attack In History Has Been Hitting Hong Kong Sites (Forbes) The intense skirmishes inside Hong Kong's Occupy Central protests haven't just taken place on the streets, but online too. The largest cyber attack in history has been carried out against independent media sites in Hong Kong over the past few months, according to the company protecting them, increasing in their intensity each time pro-democracy activists announced new activities or developments
NSA Director: Yes, China Can Shut Down Our Power Grids Read more: (Business Insider) China and "one or two" other countries are capable of mounting cyberattacks that would shut down the electric grid and other critical systems in parts of the United States, according to Adm. Michael Rogers, director of the National Security Agency and head of U.S. Cyber Command
Breaking the Code on Russian Malware (Recorded Future) Russia poses a serious cyber threat to industrial control systems (ICS), pharmaceutical, defense, aviation, and petroleum companies. Russian government cyber operations aim to use malware to steal information on files, persist on ICS equipment, and commit espionage. According to a 2014 GData Red Paper, Uroburos malware's "modular structure allows extending it with new features easily, which makes it not only highly sophisticated but also highly flexible and dangerous." Understanding these threats posed by the malware and Russia's objectives will go a long way to securing networks
Russian Cyber Espionage Under The Microscope (Dark Reading) New report shows level of coordination and strategy by three main groups of cyberspies out of Russia
Postal Service 'functioning normally' after cyber breach, official says in testimony for hearing (Washington Post) The U.S. Postal Service is "functioning normally" after a recent cyber breach that compromised customer and employee data, and the agency has yet to find evidence that hackers used the information for identity theft, according to the agency's head of digital security
Financial Sector Terrorism Threat Grows (BankInfoSecurity) Risk posed by ISIS continues to increase, experts warn
Windows Kerberos bug: How to detect signs of exploitation before the update? (Help Net Security) Microsoft has shared more details about the critical elevation of privilege bug found in Microsoft Windows Kerberos Key Distribution Center (CVE-2014-6324) which is being exploited in "limited, targeted attacks" in the wild, and has once again urged admins and users to apply the issued patch
Windows RCE Vulnerability Exploited in the Wild (SecurityWeek) Security companies have started detecting attacks that leverage a critical remote code execution (RCE) vulnerability in Windows, which Microsoft patched last week
The Other Side of Masque Attacks: Data Encryption Not Found in iOS Apps (TrendLabs Security Intelligence Blog) Based on our research into the iOS threat Masque Attacks announced last week, Trend Micro researchers have found a new way that malicious apps installed through successful Masque Attacks can pose a threat to iOS devices: by accessing unencrypted data used by legitimate apps
Attackers Using Compromised Web Plug-Ins in Cryptophp Blackhat Seo Campaign (Threatpost) Researchers have discovered a group of attackers who have published a variety of compromised WordPress themes and plug-ins on legitimate-looking sites, tricking developers into downloading and installing them on their own sites. The components then give the attackers remote control of the compromised sites and researchers say the attack may have been ongoing since September 2013
Akamai Warns of Yummba Webinject Tools and Banking Fraud (PRNewswire) Crime kit used on machines compromised by Zeus and other malware
XSS vulnerabilities open the door to drive-by downloads (Beta News) Cross-site scripting (XSS) vulnerabilities allow attackers to inject script into web pages in order to infect client computers
Security: DVMRP Ask Neighbors2: an IGMP-based DDoS/leak threat (Team Cymru) At Team Cymru, we have got into the habit of using BLUF, bottom line up front. Allow me to do so here as well. There exists a little known IP multicast tracing and troubleshooting capability referred to as DVMRP Ask Neighbors2 (the request) and DVMRP Neighbors2 (the response) that can leak router configuration detail and be abused in amplification and reflection attacks. Now, for a fuller accounting of the story
45% of North American businesses targeted by rudimentary hack (San Francisco Chronicle) A rudimentary and increasingly popular form of hacking causes huge financial loss for businesses, despite the fact such attacks can be mitigated for comparatively small prices, according to a new study
Examining 1 billion transactions for fraud (Help Net Security) ThreatMetrix analyzed nearly one billion transactions and is able to provide a representative summary of activity including account creation, payment and login fraud across industries
Governments act against webcam-snooping websites (PC World) Government officials in the U.S. and the UK are warning people to secure their webcams after websites that broadcast the contents of those cameras have sprung up online
Cybersecurity Experts Warn of Medical Device Vulnerabilities (iHealthBeat) Medical devices contain common vulnerabilities that could enable hackers in search of lucrative patient medical records to gain access to the devices, according to some cybersecurity experts
Pacemakers Get Hacked On TV, But Could It Happen In Real Life? (Daily Signal) Jay Radcliffe breaks into medical devices for a living, testing for vulnerabilities as a security researcher
$670 Billion Served: An Interview with Redhack Hacktivist Collective (Cryptosphere) Is it just me, or is Turkey one of the most interesting countries on the planet right now?
Hackers blamed for unusual tweets from Jeremy Clarkson, Colombian FARC rebels (Naked Security) TV presenter Jeremy Clarkson and Colombian militia group FARC may not have much in common, but this week they were linked by headlines blaming hackers for potentially embarrassing Twitter messages
Internet scammer adopts face of Army officer from Pasco (Tampa Tribune) Norma Jean Culpeper of Mullins, South Carolina, says the man who scammed her out of $1,200 by claiming to be an Army officer stationed in Afghanistan was able to do so, in part, because of the picture he emailed her
Security Patches, Mitigations, and Software Updates
WordPress 4.0.1 Security Release (WordPress) WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately
PayPal takes 18 months to patch critical remote code execution hole (Register) Dusty patch paid out
Cyber Trends
8 cybercrime trends that will shape IT (Help Net Security) Cybersecurity created headlines and headaches in 2014, with large-scale data breaches at retail chains, attacks on data stored in the cloud and massive vulnerabilities revealed in decades-old code
Retail Security Not Getting Any Better, BitSight Study Finds (eWeek) External indicators of network security compromises continue to rise among the majority of retailers, according to data collected by BitSight
Warning! When Big Data Turns Bad (Smart Data Collective) Big data is proving its usefulness in fields as diverse as improving healthcare and cutting crime. However, as with all game-changing technologies, it has the potential to be used for evil, as well as good
How the threat landscape is shaping the network security business (Help Net Security) Pat Calhoun is the Senior Vice President & General Manager, Network Security, at McAfee. In this interview he talks about constructing the strategic direction for McAfee's Network Security business, he defines the Next Generation Firewall of the future, and much more
Using company devices for personal activities leads to data loss (Help Net Security) GFI Software released the findings of an independent study into how workers use company provided computers and laptops for personal activities, and the direct impact that personal use can have on the organization
State tabs top investor threats (Reedsburg Times-Press) The Wisconsin Department of Financial Institutions recently named emerging threats facing investors in 2015. They include schemes involving marijuana-related businesses, digital currencies, stream-of-income investments and binary options
Marketplace
Cyber Security: Protect Yourself And Profit (Seeking Alpha) Cyber-security is a very important industry to address a very real, powerful, and relentless threat. To prevent the devastating effects of cyber-attacks on individuals, businesses, and the government, many companies are taking on this challenge to keep us secure
How the threat landscape is shaping the network security business (Help Net Security) Pat Calhoun is the Senior Vice President & General Manager, Network Security, at McAfee. In this interview he talks about constructing the strategic direction for McAfee's Network Security business, he defines the Next Generation Firewall of the future, and much more
Uber, facing public backlash, will rethink privacy (IDG via CSO) Silicon Valley-based ride-sharing company Uber is looking eastward to inject some wisdom into how it handles user data
Grotech Ventures, others lead $4 mln Series A funding in Cyber Squared (Reuters PE Hub) Grotech Ventures and other strategic partners have led a $4 million Series A funding in Cyber Squared Inc., a cyber security company. The company will begin operations as ThreatConnect, Inc. Grotech General Partner Steve Fredrick will join ThreatConnect's board of directors
Cyber Squared gets $4M in funding, changes name (Washington Business Journal) Arlington-based cybersecurity company Cyber Squared Inc. has closed on $4 million in financing from a group of investors led by Grotech Ventures
Delta Partners to invest USD 10 mln in CipherCloud startup (Telecompaper) Delta Partners Capital has announced that it will be investing USD 10 million in cloud security platform startup CipherCloud
ManTech's head of acquisitions retiring (Washington Business Journal) The man promoted by ManTech International Corp. to lead an effort to rev up acquisitions is moving on
Products, Services, and Solutions
Free Automated Malware Analysis Services (Lenny Zeltser) In the course I teach at SANS, I explain how to reverse-engineer malicious software. It is an interesting, but time-consuming process if you don't have the right skills and tools at hand. There are several free automated malware analysis services that can examine malicious artifacts to save us time and provide a sense about the specimen's capabilities, so that analysts can decide where to focus their more manual analysis efforts
Made in IBM Labs: Protecting Personal Data in the Cloud (MarketWatch) IBM (NYSE: IBM) today announced it has patented the design for a data privacy engine that can more efficiently and affordably help businesses protect personal data as it is transferred between countries, including across private clouds
Microsoft Identity Manager to Support Hybrid Cloud User Access (eWeek) A new preview of Microsoft Identity Manager, formerly Forefront Identity Manager, will support hybrid cloud user access and control scenarios
Promisec Launches Integrity Health Check to Detect Endpoint Risk (PRNewswire) Promisec, a pioneer in endpoint detection and remediation, announced a critical update to its Promisec Integrity service designed to help small-to-medium enterprise organizations with endpoint risk detection through its new Endpoint Health Check
OPSWAT Releases Next Generation of OESIS SDK for Endpoint Posture Assessment and Remediation (Virtual Strategy Magazine) Single streamlined development interface enables technology vendors to develop solutions to easily manage and remediate thousands of installed security applications
AVG Protection PRO (PC Magazine) Windows PCs are a prime target for malware writers, simply because they're so numerous. However, Android devices are just as ubiquitous, and Mac OS devices aren't risk-free. A single cross-platform security suite to protect all three is a great idea for the modern multi-device household. Your subscription to AVG Protection PRO ($59.99 per year) lets you install AVG's security suite on all your PCs, and antivirus protection on all your Macs and Android devices
Google's New Service Kills Ads on Your Favorite Sites for a Monthly Fee (Wired) The web is funded by ads. But so many people hate seeing them, and they often resent all the data tracking that props them up. It's a clash that has become a major pain point for news websites and other publishers. The rise of ad blockers, which let people surf the web without these annoying ads, is also blocking their revenue
New Synology NAS optimized for encryption and intensive tasks (Help Net Security) Synology introduced its newest Plus series DiskStations, the DS1515+ and DS1815+. Both multi-bay NAS servers are designed to facilitate intensive data exchange, collaboration, and backups for SMBs
Technologies, Techniques, and Standards
Good App/Bad App: Is Investigating Mobile Apps Necessary? (TrendLabs Security Intelligence Blog) These days, when you see someone staring intently or tapping at their mobile phones, chances are that they're busy with an app. This comes as no surprise as 80% of consumers' time on mobile devices apps is spent in apps for gaming, news, productivity, utility, social networking, and more
Microsoft advises organizations to take holistic approach to fighting cybercrime (WinBeta) In a mobile-first, cloud-first world, cyber crime is rampant and malicious attackers have taken the opportunity to steal high-value data from a large number of digital resource pools. Unfortunately, it can be so easy for cyber criminals to get their hands on sensitive information, that the methods they use to obtain it doesn't involve any form of hacking at all
How to delete your old, embarrassing, now-much-easier-to-find tweets (Naked Security) Twitter on Tuesday announced that every single public tweet made since the dawn of Twitter — that would be AD 2006 — is now being indexed
Raising awareness quickly: Holiday tips and tricks (CSO) Here's a quick list of security-related tips and tricks that can be emailed to the staff
Avoiding the Bait: Helpful Tips to Protect Yourself Against Phishing Scams (Tripwire: the State of Security) Phishing scams come in all shapes and sizes. But one thing is for certain: they are all around us
Design and Innovation
Cities Find Rewards in Cheap Technologies (MIT Technology Review) Mobile apps, sensors, and other technologies help cities handle growing challenges
Finally, a New Clue to Solve the CIA's Mysterious Kryptos Sculpture (Wired) In 1989, the year the Berlin Wall began to fall, American artist Jim Sanborn was busy working on his Kryptos sculpture, a cryptographic puzzle wrapped in a riddle that he created for the CIA's headquarters and that has been driving amateur and professional cryptographers mad ever since
Research and Development
Machine Learning Will Make Its Mark On The Sciences (Dataversity) In a data-deluged world, novel science depends on putting Machine Learning into practice
Legislation, Policy, and Regulation
China firewalls the cloud (Channel Eye) China has expanded its Great Firewall of China to include a major hosting and cloud services company
Defense experts talk cybersecurity at NVTC panel (Loudon Times) To deal with cybercrime, government agencies and the private sector need consistent and cooperative collaboration, the intelligence community needs more staffing and the U.S. must play both "offense and defense" to combat threats and attacks, said homeland security experts at a Northern Virginia Technology Council event in Tyson's Corner Tuesday
Anti-hacking advocate lands key House panel (The Hill) An advocate of laws to protect consumers from corporate and government data breaches will soon lead a House subcommittee vital to getting those laws passed
Litigation, Investigation, and Law Enforcement
Users of Remote Access Trojans Arrested in EU Cybercrime Operation (Europol) This week, Europol and several law enforcement and judicial authorities carried out an action against EU citizens, mainly teenagers and young adults, who are suspected of using remote access trojans (RATs) to commit cybercrimes. The action and house searches resulted in the arrest of 15 individuals in several European countries
Multiple UK arrests in international operation to combat computer hijackers (National Crime Agency) Five people have been arrested in the UK as part of an international operation targeting users of software designed to remotely take over, control and steal information from computers
FTC cracks down on massive 'PC cleaner' security scam (BGR) The Federal Trade Commission and the State of Florida on Wednesday announced plans on fighting a type of online scam that cons unsuspecting PC users into paying up to hundreds of dollars for alleged security protection for their computers, which turns out to be fake software supposed to fix inexistent malware threats. Such businesses have fooled many individuals and companies into paying over $120 million for Internet security
Privacy and security concerns at stake in iPhone debate (Boston Globe) "We need to construct a balance between police requests for information and legitimate privacy concerns and the need for American companies to innovate," Ed Markey says
Feds proposed the secret phone database used by local Virginia cops (Ars Technica) New docs: Prosecutors offered one-stop shop for seized phone data in Virginia
Australian Government Data Breach Linked to Poor Security Training (eSecurity Planet) Data from an Excel spreadsheet containing 9,250 asylum seekers' personal information was mistakenly embedded in a Word document published online
OpenDNS Partners with Irish Reporting and Information Security Service to Fight Internet Threats (Herald Online) OpenDNS's Andrew Hay to present new research on threats facing Irish Internet users
Trend Micro Collaborates with Latin American Leaders on Cybercrime (Trend Micro: Simply Security) The region's cybercriminal underground is flourishing and is now at the forefront of the international arena with Russia and China
USPS delayed breach notification so as not to tip off hackers (FierceGovernmentIT) The Postal Service didn't notify some 800,000 USPS employees immediately when it was believed their personally identifiable information was compromised because it did not want to jeopardize the investigation and alert the perpetrators, said a USPS official Nov. 19 before a House Oversight and Government Reform subcommittee. In fact, the investigation is still very much underway, said Randy Miskanic, vice president of secure digital solutions at USPS
Examining Data Security at the United States Postal Service (House Committee on Oversight and Government Reform) [Archived hearing webcast and prepared testimony.]
Will Veterans' Data Ever Truly be Secure? (Nextgov) For two hours yesterday, members of the House Veterans' Affairs Committee poked and prodded a slew of Department of Veterans Affairs officials over glaring information security weaknesses that potentially put millions of veterans' personal information at risk of exposure
Poland Opens Probe Into Electoral Hacking (AP via ABC News) Prosecutors are investigating a hacking attack on the website of Poland's voting commission, while a top official has resigned over irregularities that are delaying the vote count in recent local elections
FBI offers $1 million reward for anybody who can help catch online car scam fugitive (Naked Security) The alleged kingpin behind a multimillion-dollar online car selling scam, Romanian fugitive Nicolae Popescu, just made it onto the FBI's 10 Most-Wanted Cyber Fugitives list
Herts Constabulary sets up new unit to combat cyber criminals (Herts and Essex Observer) The growing threat of online crime has prompted Herts police to set up a new specialist Cyber and Financial Investigation Unit (CFIU)
12-year-old’s online life brings an abductor to her doorstep (Ars Technica) On November 10, a 12-year-old girl left her home in the Baltimore suburb of Nottingham at 7:30am, heading to her middle school. She never returned home. When her mother called the school later, she discovered that her daughter had not even arrived. Suddenly, Baltimore County Police were calling in the FBI to assist in their search for a missing person
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Deepsec 2014 (Vienna, Austria, Nov 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research and experience from the fields' leading experts.
Cyber Security World Conference 2014 (New York, New York, USA, Nov 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused on protecting today's enterprises. Cyber security experts will discuss topics such as protecting individuals and companies against cyber-attacks, biometrics as the future of security, risks brought by mobile computing, and protecting corporate and national infrastructure against foreign attacks
Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, Nov 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial growth, international trade and global integration for sub-Saharan Africa as a whole.
BSidesVienna (Vienna, Austria, Nov 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned
BSidesToronto (Toronto, Ontario, Canada, Nov 22, 2014) This year the conference is bigger, better, faster and…well, still one day in length but, we have an awesome line up. And no I'm not just paying "lip service"
DefCamp5 (Bucharest, Romania, Nov 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs, academic, private and public sectors
Cybergamut Tech Tuesday: Receiver Operating Characteristic (ROC) statistics and their successful use in medical studies, Nigerian scams, and APT detection (Columbia, Maryland, USA, Dec 2, 2014) Receiver Operating Characteristic (ROC) statistics have been a practical tool in the field of clinical medicine for more than 50 years, an area where stakes can be very high and test results are understood to be inherently uncertain. ROC statistics and that half-century body of knowledge also usefully inform networked system security across a range of activities including system design, analytics tuning, and operational tactics. This discussion first introduces ROC statistics in the context of clinical medicine, uses those concepts to explain why you can shortly expect a very well written Nigerian scam email, and then examines how ROC statistics can be used for practical improvements to networked system defense against Advanced Persistent Threat activity
5th Annual Raytheon Cyber Security Summit: "The Unassailable Enterprise" (Reston, Virginia, USA, Dec 2 - 3, 2014) We invite commercial and government entities to attend the 5th Annual Cyber Security Summit where we will explore the "unassailable enterprise" in 2014 and beyond. We bring together some of the most acclaimed cyber security experts and thought leaders in the industry to explore all aspects of cyber security
Healthcare Cyber Security Summit 2014 (San Francisco, California, USA, Dec 3 - 10, 2014) SANS is teaming up with the National Health Information Sharing & Analysis Center (NH-ISAC) to offer the 2nd Annual Healthcare Cyber Security Summit
SINET 16 (Washington, DC, USA, Dec 3 - 4, 2014) Innovative solutions frequently come from new and emerging companies. Each year, SINET invites sixteen innovative Cybersecurity companies to present their technology solutions to a select audience of prominent builders, buyers, investors and researchers. Our goal is to provide entrepreneurs from around the world an opportunity to increase awareness of their Cybersecurity products and solutions to US Federal Governmental agencies and commercial enterprises, key investors and venture capitalists. Applications close August 29, 2014
SINET Showcase (, Jan 1, 1970) "Highlighting and Advancing Innovation." Showcase provides a platform to identify and highlight "best-of-class" security companies that are addressing industry and government's most pressing needs and requirements. The chosen SINET 16 Innovators present their technological solutions to representatives from the ecosystem of the entrepreneur: venture capital, investment banking, system integration, academia, science, legal, policy, private industry and executives from the Federal Government, including civilian, intelligence and military professionals. Showcase's objective is to increase awareness of innovative solutions that may lead to an investment in, or the purchase of, advanced technologies that will help secure our nation's critical infrastructure and command-and-control systems.
Tax Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, Dec 9, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (including cyber, research, security clearance, and secured space tax credits) and get the latest details on the Maryland Small Business Financing Authority's newest program for small businesses looking for investment dollars
International Conference for Internet Technology and Secured Transactions 2014 (London, England, UK, Dec 8 - 10, 2014) The ICITST is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology evolution
(ISC)² Security Congress EMEA (London, England, UK, Dec 8 - 10, 2014) Building on the experience of the US-based (ISC)² Security Congress, now in its fourth year, (ISC)² Security Congress EMEA will offer a complementary and unique opportunity within the Europe Middle East and Africa region to participate in a comprehensive education program — over five focused tracks — and to connect with fellow colleagues in their international professional community. The themes are: Governance, Risk & Compliance; Mobile Security; Human Factor; Architecture; Data Security
ACSAC 30: Annual Computer Security Applications Conference (New Orleans, Louisiana, USA, Dec 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters, and works-in-progress. Our speakers, presenters and instructors are experts involved in applied security work and research. Collectively, we explore practical solutions for computer security challenges across all phases of the system life cycle. ACSAC highlights the overall threat landscape, latest hacks and exploits, and the best prevention and defense innovations
ICFPT 2014 (Shanghai, China, Dec 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices promise the flexibility of software with the performance of hardware