The CyberWire Daily Briefing 12.01.14

Cyber Trends

What to expect in the unpredictable world of IT security? (Help Net Security) 2014 has been particularly busy for IT security professionals. Many of the threats that we predicted at the start of the year duly emerged, while other significant issues caught the entire sector by surprise

The failure of the antivirus industry (IT News) The interesting thing about nostalgia is things were seldom better in the past

Speeding Up Breach Detection (BankInfoSecurity) Organizations must balance technology, process improvements

Information Security Professionals Focus on Firefighting Rather Than Strategic Security Priorities, Research Shows (Nasdaq) New research on endpoint security conducted by Enterprise Strategy Group (ESG) on behalf of Digital Guardian, shows that information security professionals overwhelmingly covet a single, comprehensive endpoint security solution. Today, however, endpoint security deployment is tactical and driven more by firefighting than strategy

Firewalls are the cornerstone of security (IT Online) Despite claims of its demise, the firewall is still the foundation stone of security deployments. Doros Hadjizenonos, Check Point South Africa sales manager, looks at how it has adapted to combat three decades of threats

Internet of Things is not just about consumers: AVG (Reseller News) Security vendor foresees the channel having to expand its support capabilities are more devices connect

Cyber-crime in Colombia reaching worrying level, say police and internet experts (Colombia Reports) A recent report suggests that cases of cybercrime rose by more than forty percent in 2013 alone and yet nearly half of technology users do not have suitable protection on their devices

Poland slammed over holes in cyber-defence landscape (ZDNet) An upcoming audit has found massive failings across Polish institutions when it comes to digital threats

Legislation, Policy and Regulation

U.N. committee spotlights 'highly intrusive' digital spying (Reuters) A United Nations General Assembly committee on Tuesday expressed concern at digital spying and said unlawful or arbitrary mass surveillance, interception and collection of online data are "highly intrusive acts" that violate the right to privacy

German loophole allows BND spy agency to snoop on own people (Guardian) Intelligence agency can legally intercept calls and emails from Germans working abroad for foreign firms, MPs discover

Cyber security poised to be China's next social campaign (Want China Times) As internet firms propel Chinese business to the next stage, cyber security must become a top priority to prevent a potential Achilles' heel for rapid industrial development

Turnbull should spare us all airline-magazine-grade cloud hype (Register) Box-hugger is not a dirty word, Minister. Box-huggers make the cloud WORK

TechUK publishes guidelines for UK cyber security exports (ComputerWeekly) Technology trade association TechUK has published a guide to help UK cyber security firms assess the legal and reputational risks associated with the export of cyber security products

Canadian Government Was Worried About Disclosure Of Telecom Surveillance Info: Memo (Canadian Press via the Huffington Post) A move by telecommunications firms to be more forthcoming with the public about their role in police and spy surveillance could divulge "sensitive operational details," a senior Public Safety official warned in a classified memo

Privacy czar doesn't get chance to testify on CSIS powers (Toronto Star) Privacy Commissioner Daniel Therrien says the Conservatives' bill to broaden CSIS?s foreign spying powers does not include adequate safeguards against possible future human rights violations, or enough oversight

Australian government reviews cybersecurity (ZDNet) Over five years since the last review, the Australian government has announced a new wide-ranging review into cybersecurity

How to evaluate national cyber security strategies (Help Net Security) ENISA issued an Evaluation Framework on National Cyber Security Strategies (NCSS) addressed to policy experts and government officials who design, implement and evaluate an NCSS policy

Qatar cracks down on cybercrime with new laws (Gulf Times) Qatar's Law number 14 of 2014, the Anti-Cybercrime Law (Law), was issued on September 15, 2014, and seeks to target aggressively a wide range of crimes and abuses relating to electronic data and online activity through the imposition of significant penalties

The Cooperative Effort of Cyber Defense (Armed with Science) "Cyber blur" is an enormous challenge to those seeking to defend the nation?s networks, said Navy Adm. Michael S. Rogers, the National Security Agency's director

Senate Cybersecurity Vote Not Likely in Lame Duck (Roll Call) Senate Intelligence Chairwoman Dianne Feinstein, D-Calif., has acknowledged that a Senate vote on her cybersecurity bill likely isn't going to happen before the 113th Congress ends

Obama facing uphill battle in curbing NSA snooping (Washington Times) New GOP majority likely to back data storage

FDA Scrutinizes Networked Medical Device Security (InformationWeek) Federal agencies are trying to address threats to the privacy and security of people using connected medical devices

AHA: Medical Device Makers Should Be Accountable for Cybersecurity (iHealthBeat) On Friday, the American Hospital Association sent a letter to FDA encouraging the agency to continue to pursue efforts that will hold medical device manufacturers accountable for cybersecurity

Navy nominates officer to take over for hamstrung 3-star intel boss (Navy Times) After a year in limbo, the Navy has decided to move ahead and replace the service's top intelligence officer, whose tenure has been hamstrung by suspected ties to a disgraced defense contracting firm

Ruppersberger nearing end of 12-year run on House intel committee (Baltimore Sun) When Rep. C.A. Dutch Ruppersberger joined the House committee that oversees the nation's intelligence agencies, Osama bin Laden was still alive, Edward Snowden was still in college and the government's response to the threat of cyber attacks was still in its infancy

Products, Services, and Solutions

FireMon Extends Network Security Monitoring to AWS and OpenStack (Policy Charging Control) FireMon, the industry leader in proactive security intelligence solutions, has unveiled FireMon Security Intelligence Platform, an expanded network security monitoring capabilities for cloud services, including Amazon Web Services (AWS) and OpenStack Icehouse

Quick Heal solution for safe online banking (The Hindu) Quick Heal 16.00 has been designed to combat the dangers of online financial transactions such as paying bills, banking and shopping

Bitdefender Launches BRAIN-Powered Total Security Multi-Device 2015 (BusinessWire) Defeats even unknown malware, protects privacy, prevents fraud and more on all your devices

Tier-3 builds on strengths in analytics, compliance, automation and incident response with Huntsman® 5.75 (Business Computing World) Tier-3 Pty Ltd, a leading vendor of Security Information and Incident Management software, and manufacturer of Huntsman® technology today released the latest version of its market leading Defence-grade Huntsman® cyber security monitoring solution

Promisec Updates Endpoint Health Check Platform (eWeek) After the health check, users can create a report containing the results for remediation activities and address compliance-reporting requirements

MegaCryption Adds Record-Level Encryption for Increased Cryptographic Control and Flexibility (IT Business Net) MegaCryption now offers the ability to encrypt and decrypt individual records for usage in a specific program or transaction, commonly known as record-level encryption (RLE). As a record-level and file-level cryptography solution, MegaCryption provides a comprehensive approach to encrypting virtually any record and file in your z/OS environment while complementing any communication level encryption process you may already have in place. MegaCryption offers support of the most secure non-proprietary and well-known algorithms available today, ensuring security and compatibility with other standard implementations

AVG Antivirus latest version now brings new features — adds additional security layers (The REM) AVG has been a leading name in the world of antivirus software and programs

Review: Oxygen Forensic Suite 2014 (Forensic Focus) Oxygen Forensic Suite 2014 is specialist software aimed squarely at mobile phone forensics. It claims to have the "widest range of supported devices" with over 8,400 models listed and is geared towards smart-phones with a particular emphasis on the analysis of data recovered from them

Security/Projects/Bandit (Openstack) Bandit provides a framework for performing security analysis of Python source code, utilizing the ast module from the Python standard library

Crunch — Password Cracking Wordlist Generator (Kitploit) Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations

Technologies, Techniques, and Standards

FEDRAMP to Release New Standards Draft for High-Impact Systems (ExecutiveGov) The Federal Risk and Authorization Management Program plans to release a draft document on cloud services standards for high-impact systems this month due to demand from government agencies

5 Ways PCI is Becoming More Security-Conscious Next Year (CIO) Here are the top five changes in the standard

Leveraging network intelligence and deep packet inspection (Help Net Security) Tomer Saban is the CEO of WireX Systems, a provider of network intelligence solutions. In this interview he talks about how deep packet inspection helps with identifying emerging threats, the role of network intelligence, and illustrates what the information security industry needs to in the next 5 years to combat highly targeted attacks

Dynamic Cybersecurity Needs: Reassessing Security (SmartDataCollective) As a recent report on Defending Data by Nuix found, cybersecurity needs are dynamic — 73 percent of surveyed participants report that their organization's cybersecurity needs have changed in the past year. Another 69 percent expect their needs to change again within another year

Proactive Infosec (CSO) Ongoing security incidents, are we spending in the right places?

The Pando Tor conspiracy troll (Errata Security) Tor, also known as The Onion Router, bounces your traffic through several random Internet servers, thus hiding the source. It means you can surf a website without them knowing who you are. Your IP address may appear to be coming from Germany when in fact you live in San Francisco. When used correctly, it prevents eavesdropping by law enforcement, the NSA, and so on. It's used by people wanting to hide their actions from prying eyes, from political dissidents, to CIA operatives, to child pornographers

SEC Risk Factors: How To Determine The Business Value Of Your Data To A Foreign Government (Digital Dao) The SEC's Cybersecurity Disclosure Guidance of 2011, President Obama's Executive Order 13636 on Critical Infrastructure Cybersecurity (2013) and the launch of NIST?s Cybersecurity Framework (2014) has had a major impact on publicly traded companies and financial institutions who are struggling with quantifying their risk analysis in the new domain of cyberspace

The importance of Street Cred (SC Magazine) Among the many elements that make up a successful information security programme, street cred is one with many ramifications and consequences says Josh Goldfarb

User activity monitoring is just as critical as asset monitoring (TechTarget) User Activity Monitoring is as important as asset monitoring for enterprise network security, finds research from Enterprise Management Associates

The fine art and hardest part of crafting BYOD policy (mHealthNews) Whereas many healthcare organizations are still grappling with exactly how best to proceed with bring-your-own-device (BYOD) policies, Penn Medicine is in the final steps of completing one

Extracting data from dump of mobile devices running Android operating system (Forensic Focus) In this article, we are going to tell about opportunities of utilizing programs that are used on a day-to-day basis in computer forensics and examination for analysis of mobile devices running Android operating system

Marketplace

The Impact of Collaboration in Cyber Risk Insurance (National Law Review) Former FBI Director Robert Mueller once said, "There are only two types of companies: those that have been hacked and those that will be. Even that is merging into one category: those that have been hacked and will be again." This is the environment in which risk managers must protect their businesses, and it isn't easy

Health companies should invest in analytics to ward off cyber attacks, says report (Computing) Healthcare firms are at greater risk than ever before from malicious cyber attacks, and should start to invest in threat intelligence reporting to combat the danger, an IDC report has warned

Extending cybersecurity protection to the supply chain (Business-Cloud) Companies spend a lot of time and effort securing their own enterprise but pay little to no attention to their supply chain making it an easy target for hackers

BAE beefs up cyber division with graduate intake (Telegraph) Defence group places more than a third of its graduates into cyber division as it seeks new markets to counter declining military spending

Cyber security among six UK industries competing for skills, says IET (ComputerWeekly) Cyber security is among six fast-growth industries that could boost the UK economy significantly if they are not hampered by a lack of skills, warns a report

Non-traditional employee recruitment may remedy security hiring woes (TechTarget) With viable job and training opportunities finally emerging, the time is now for CISOs and hiring managers to boost infosec's ranks with non-traditional candidates

In Time to Protect Holiday Shoppers, Security Startup Zenedge Aims to Fight Hackers (re/code) Black Friday is upon us, and if you're one of 70 million consumers who were affected by the massive breach of credit card data at the retail giant Target last year, it's an anniversary you'd prefer to forget

Infoblox Names Jesper Andersen President and Chief Executive Officer (BusinessWire) Infoblox Inc. (NYSE:BLOX), the network control company, today named Jesper Andersen to the positions of president and chief executive officer, effective December 8, 2014. He will also become a member of the company's board of directors

Research and Development

How to detect fraudulent activity in a cloud without invading users' privacy (Help Net Security) A group of researchers have found a clever way for cloud providers to detect fraudulent activities in their clouds without actually probing into the kind of activity a user performs, but by using privacy-friendly billing data

Bitcoin laid bare: Boffins beat anonymity (Register) Up to 60 per cent of transactions can be linked to IPs

Security Patches, Mitigations, and Software Updates

Siemens pushes out emergency SCADA updates (Help Net Security) Siemens has released an out-of-band update for the SIMANTIC WinCC SCADA system, which is integrated in its PCS7 distributed control system and its TIA Portal, engineering software for SIMATIC products that is deployed across several industrial sectors primarily in the US and Europe

SSA-134508: Vulnerabilities in SIMATIC WinCC, PCS 7 and WinCC in TIA Portal (Siemens Security Advisory by Siemens ProductCERT) The latest software update for SIMATIC WinCC fixes two critical vulnerabilities. One could allow unauthenticated remote code execution. Siemens has released software updates for WinCC, PCS 7 and TIA Portal. Siemens is working on updates for further versions of the affected products and recommends specific countermeasures until fixes are available

Siemens Enhances Reliability, Flexibility of Control Center Software (Control Engineering Asia) Siemens's TeleControl Server Basic software Version 3 includes numerous functions for even greater flexibility, reliability and security

Cyber Attacks, Threats, and Vulnerabilities

Syrian Electronic Army Thanksgiving Hack of Microsoft, NBC, Dell, Forbes Used Gigya Comment Platform (Softpedia) On Thanksgiving, the Syrian Electronic Army has managed to place pop-ups promoting its existence on a number of websites, including big ones like NBC, Forbes, The Chicago Tribune, NHL, The Telegraph, The Independent and more, and the group has now claimed responsibility for the strike, although its reasons remain somewhat unclear at the moment

Syrian Electronic Army hackers: Who are they and why are they targeting the media (CBCNews) Yesterday morning, visitors to CBCNews.ca and other news websites around the world saw a pop-up message that read: "You've been hacked by the Syrian Electronic Army (SEA)." The incident raised questions about who the group is, why it's targeting the media and just how dangerous it is

Lessons On Censorship From Syria's Internet Filter Machines (TechDirt) Norwegian writer Mette Newth once wrote that: "Censorship has followed the free expressions of men and women like a shadow throughout history." As we develop new means to gather and create information, new means to control, erase and censor that information evolve alongside it. Today, that means access to information through the internet, which motivates us to study internet censorship

Defaced websites leading to Dokta Chef Exploit Kit and CVE-2014-6332 (ZScaler Threat Labs) Defacing websites has been the main stay for hacktivist groups to spread their message. During recent research, we found multiple compromised websites containing a malicious link

France UMP: Cyber attack fails to halt leadership vote (BBC) Members of France's centre-right UMP party have continued with an online leadership ballot despite an early cyber attack which slowed voting

So, who *did* write the Regin malware? (Graham Cluley) No-one knows for sure who created the highly-sophisticated Regin malware that appears to have been spying on organisations in the telecommunications, energy and health sectors for some years

Is it possible to attribute the backdoor Regin to the cybercrime? (Security Affairs) The popular cyber security expert Raoul Chiesa commented the hypothesis that backdoor Regin is a product of organized cybercrime

New Cyber-Weapon Belies Spy Agencies' National Security Claims (WhoWhatWhy) Washington's cyber spies haven't been resting on their laurels since unleashing the infamous Stuxnet computer worm in 2009

With Regin, U.S. has gone on the cyberwar offensive (Bloomberg via the Herald and News) America must be ready to face threats from the modern technological world

Latest underground big data project: Regin (FierceBigData) While there is much hand-wringing over privacy invasions by governments and corporations involved in big data projects, it's prudent to remember that not all privacy threats come from friendly fire. Quite a bit of data collection is actually underground and decidedly malicious. Case in point: Regin, a malicious platform that spies on GSM networks worldwide. Can you hear me now? Because a gazillion spies can hear you perfectly fine

Regin — The Marauder Malware and its Invisibility Cloak (Cyactive) Regin, the newest member of the state-sponsored malware club, has been operating since 2008, reusing many stealth techniques along the way. We are sure to see more of it in the foreseeable future

Regin malware: Why did it take so long to uncover? (TechTarget) Industry observers say the unveiling of the Regin malware, which came after more than half a decade in the wild, highlights the need for better detection methods

AV Firms Defend Regin Alert Timing (GovInfoSecurity) Vendors could have issued warnings sooner, critics allege

Why Regin Malware Isn't the Next Stuxnet (Tripwire: the State of Security) Earlier this week, Symantec issued a report about the Regin family of malware. The malware itself appears to be sophisticated enough that many security analysts and researchers believe it was developed by a government specifically for cyber espionage

Aggressive Chinese IP Highlights Attribution Issues (Infosec Institute) Recently, the Norse DarkWolf Labs noted that the IP address 218.77.79.43 had jumped into the top quadrant for malicious activity. Investigation into the activity and the IP itself highlights the many challenges in accurately attributing such events to known actors, as illustrated in this article

Cyber-Threats Ascribed to Russia Crafted to Hunt Specific Data (eWeek) Three cyber-espionage campaigns attributed to Russia each focuses on a different type of data collection, according to an analysis by data-intelligence firm Recorded Future

Sony's New Movies Leak Online Following Hack Attack (Variety) Brad Pitt's 'Fury,' 'Annie' among titles being downloaded

Sony probes North Korea link to cyber attack after threats over Seth Rogen and James Franco movie (Australian Broadcasting Coporation) Sony Pictures Entertainment is investigating if hackers working for North Korea are responsible for a cyber attack that knocked out the studio's computer network earlier this week, the technology news site Re/code is reporting

Sony hires Mandiant to help clean up after cyber attack (Reuters) Sony Pictures Entertainment has hired FireEye Inc's Mandiant forensics unit to clean up a massive cyber attack that knocked out the studio's computer network nearly a week ago, three people with knowledge of the matter said on Sunday

Sony employees face 'weeks of pen and paper' after crippling network hack (Register) Megastars' details may have been pinched

Sony hack: Firms must learn from its mistakes (V3) Big businesses need to learn from the latest hack on Sony or risk the same fate, according to experts from the security community

Hackers With Apparent Investment Banking Background Target Biotech (New York Times) For more than a year, a group of cybercriminals has been pilfering email correspondence from more than 100 organizations — the vast majority publicly traded health care or pharmaceutical companies — in apparent pursuit of information significant enough to affect global financial markets

Cybercriminals Testing New PoS Malware 'Poslogr' (Security Week) Researchers at Trend Micro have come across a sample of a new point-of-sale (PoS) malware that appears to be under development

New DareDevil PoS Malware Also Infects Ticket Machines and Electronic Kiosks (Softpedia) A new strain of malware designed for point of sale systems has been discovered by security experts to also infect ticket vending machines and electronic kiosks

AGbot DDoS Attacks Internet VNC Servers (Fortinet Blog) Update: After further analysis, we found that this bot will attempt to download another exploit tool from an FTP server once it is able to connect successfully. We will update you once we have more information

Zero-day hacking group resorts to UNICORN SMUT-SLINGING (Reigister) Playboy ploy not beneath APT3

New tool catches surveillance malware masquerading as legitimate bookmark manager (PCWorld) A variant of the Remote Control System (RCS) malware developed by an Italian company called Hacking Team is masquerading as a bookmark management application called Linkman, according to the main developer of a new malware scanning tool

Skimmer Innovation: 'Wiretapping' ATMs (KrebsOnSecurity) Banks in Europe are warning about the emergence of a rare, virtually invisible form of ATM skimmer involving a so-called "wiretapping" device that is inserted through a tiny hole cut in the cash machine's front. The hole is covered up by a fake decal, and the thieves then use custom-made equipment to attach the device to ATM's internal card reader

Cyber attacks can funnel through trucking companies to shippers (Truck News) Trucking companies may be inadvertently creating security holes in their customers? computer networks

Time's up: Google releases attack code for serious Adobe Reader bug (ZDNet) Google's Project Zero bug hunters have published details of a critical vulnerability in Adobe Reader for Windows that was patched in September

Exploiting MS14-066 / CVE-2014-6321 (aka "Winshock") (Security Sift) I think enough time has passed now to provide a little more detail on how to exploit MS14-066 schannel vulnerability (aka "Winshock"). In this post I won't be providing a complete PoC exploit, but I will delve into the details on exactly how to trigger the heap overflow along with some example modifications to OpenSSL so you can replicate the issue yourself

Stolen Cards Tested on Charity Sites (BankInfoSecurity) Cybercriminals exploit sites, automate card verification

Black Friday, Cyber Monday for Crooks, Too! (KrebsOnSecurity) Underground cybercrime shops that sell credit and debit card accounts stolen from retailers are slashing prices and promoting their own Black Friday and Cyber Monday sales as fraudsters gear up for the busy holiday shopping season

JoomDonation Compromised (Sucuri Blog) We are receiving reports from many users of the popular JoomDonation platform that they received a very scary email from someone that supposedly hacked into JoomDonation. The emails went to the registered accounts and contained the full names, so it looks like JoomDonation did in fact get breached

Simms Fishing Products Retailer Informs of Security Breach (Softpedia) A new data breach has been recorded in the state of Vermont, with customers of Simms, retailer of high-end fishing gear, being caught in the hook by the cybercriminals

Coming soon: Murder by Internet (ComputerWorld) Security experts believe the Internet of Things will be used to kill someone

Bulletin (SB14-335) Vulnerability Summary for the Week of November 24, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Litigation, Investigation, and Enforcement

Ex-counter-terror chief: criticism of Facebook over Rigby murder is unfair (Guardian) Richard Barrett says it is impractical for social media firms to monitor millions of messages a day for terrorist intent

Vodafone in the Dock After Leaking Hacks' Records to Cops (Infosecurity Magazine) Vodafone accidentally leaked the records of over 1,700 News UK journalists and staffers to the Metropolitan Police Service (MPS) after the cops requested the details of just one hack under investigation last year, it has emerged

DOJ scores two cyber crime wins (The Hill) The Justice Department scored several more punches blows against cyber criminals this week. In separate cases, a judge imprisoned another member of a massive bank hacking ring and the government secured a guilty plea in its first ever conviction for selling smartphone stalking software

Spyware app StealthGenie's CEO fined $500K, forfeits source code (Naked Security) In the US, it's a federal crime to sell spyware

European Parliament votes to break up Google (MicroScope) The European Parliament has voted in favour of breaking up a Google, claiming that it gives preference to its commercial services in search results

School employee charged in cyber attack (Sarasota Observer) The Sarasota County Sheriff's Office charged 28-year-old Michael Levanti with two second-degree felonies for installing malware that affected the district's email system. Deputies arrested a Sarasota County School District technology support employee this morning for allegedly disrupting the school system's computer network in a cyber attack last month

Kim Dotcom beats US bid to get him thrown back in jail (Ars Technica) New Zealand judge finds Megaupload founder did not violate bail conditions

Design and Innovation

How iboss Network Security approaches innovation (Enterprisers Project) Every company talks about being innovative as a strategic advantage. Paul Martini co-founder and CEO of iboss Network Security sees innovation as a way to solve problems for customers. He and his executive team guide their staff to concentrate on solving problems for customers and use innovative thinking as a way to arrive at their goals

This Artist's Images Integrate Code From Malware Like Stuxnet and Flame (Wired) For years, sophisticated state-created malware like Stuxnet and Regin has fascinated and vexed the security research community and launched a new foreign policy debate. Now it's infecting the art world, too