The CyberWire Daily Briefing 04.03.14

Cyber Trends

Kaspersky Lab Study: About One Third of All Phishing Attacks Aimed at Online Financial Institutions (MarketWatch) Kaspersky Lab today released results from the study, Financial Cyber Threats in 2013 , which found that about one third (31.45 percent) of phishing attacks targeted online financial institutions including, banks, online stores and e-payment systems. Of those financial phishing attacks, 70.6 percent used fake bank webpages to acquire confidential user information and steal money from bank accounts, showing the strong trend of cyber criminals exploiting online financial services

Cyber attack biggest terrorist threat for UK (The HR Director) UK's Cyber Emergency Response Team (CERT-UK) goes live. As part of a £650m government investment in cyber security, the unit's aim is to bolster the country's online defences. With the number of cyber-attacks on the rise though, it is questionable whether these steps go far enough

Study: Security Fears Continue To Block Cloud Deployment (Dark Reading) "Fear of the unknown" still haunts cloud adoption

Legislation, Policy and Regulation

While Warning Of Chinese Cyberthreat, U.S. Launches Its Own Attack (NPR) The U.S. government has long complained about Chinese hacking and cyberattacks, but new documents show that the National Security Agency managed to penetrate the networks of Huawei, a large Chinese telecommunications firm, gathering information about its operations and potentially using equipment it sells to other countries to monitor their computer and telephone networks as well

Democratic senators: Obama was 'misleading' about NSA surveillance (Washington Examiner) Two Democratic senators denounced the National Security Agency for conducting "warrantless searches of the content of Americans' personal communications," and, more broadly, the senior government officials — including President Obama — who were "misleading" in denying that such searches took place

Conor Friedersdorf: NSA reforms should go beyond phone calls (Orange County Register) Snooping limits should include Internet use, other records. Almost 10 months after Edward Snowden revealed that the U.S. government is spying on virtually all of us, using dragnet surveillance that tracks and stores all phone numbers we dial, President Obama has finally issued a proposal for reforming the National Security Agency

What's Behind the NSA Battle (US News and World Report) This is another round in the long tug of war between Congress and the president over national security

NSA's domestic surveillance draws both sides together to debate issue (New Hampshire Union Leader) The National Security Agency's monitoring of domestic communication is either a violation of Constitutional rights or is a valid tool to provide security and safety for the American populace

Ralph Nader talks whistleblowers and national security at Yale (New Haven Register) Political firebrand Ralph Nader tore into the Obama administration's claims of transparency Tuesday at Yale University, saying government spying and unchecked executive authority leaves the U.S. teetering on the verge of being a police state

NAPOLITANO: What if secrecy, NSA trump the Constitution? (Washington Times) Spying on Americans elicits many questions but few answers

Is whistleblower advocate for nation's spies under attack? (McClatchy) The Pentagon's inspector general is trying to suspend and possibly revoke the top secret access of the Defense Department's former director of whistleblowing, triggering concerns in Congress that he's being retaliated against for doing his job

Big data need not end Americans' privacy, argues CDT (FierceBigData) The era of big data need not herald the end of traditional privacy, argues the Center for Democracy and Technology in comments submitted to the White House

Cuba's rulers were right: The US was trying to use social media to overthrow the regime (Quartz) The Associated Press has a bombshell: The US Agency for International Development (USAID), which is responsible for administering American foreign aid and development funds, spent years covertly establishing an SMS-only social network in Cuba, in the hopes that it might develop into a "Cuban Twitter" that would undermine the island's communist government

EU votes net neutrality into law, abolishes mobile roaming charges (IT World) Blocking and throttling Internet traffic will become illegal in the European Union following a parliamentary vote on Thursday

Products, Services, and Solutions

Trend Micro Deep Discovery Earns Top Breach Detection Score in NSS Labs Testing (Trend Micro Simply Security) With a number of security companies talking a big game about detecting targeted attacks and advanced threats, Trend Micro is going beyond the hype. And, we can back it up—big time. In the NSS Labs Breach Detection Appliance Report released today, Trend Micro Deep Discovery 3.5 achieved the highest performance rating in overall breach detection among a field of six providers

FireEye, AhnLab score low in lab test of breach detection systems (NetworkWorld) NSS Labs gives 'below average' score to both vendors' breach-detection products

Yahoo adds more security to thwart surveillance (AP via Bloomberg BusinessWeek) Yahoo has added more layers of security in its effort to shield people's online lives from government spying and other snooping

LastPass adds two-factor authentication from Duo Security (Help Net Security) LastPass integrated Duo's mobile-based two-factor authentication solution to the LastPass password management platform to provide an additional layer of credential security

Post Breach Security: The CARM After the Storm (InfoSecurity Magazine) An initiative that cuts across the security vendor landscape is one way that Exclusive Networks helps customers turn their preventive technologies into a problem solver in the aftermath of a data breach incident

AlcaLu Extends SDN, DPI in Enterprise Gear (Light Reading) The Enterprise division of Alcatel-Lucent (Euronext Paris and NYSE: ALU) is today unveiling new technology to address the challenges created by pervasive mobility and the explosion of new applications being introduced within enterprises

Arbor Networks Unique Global Attack Intelligence Integrated into Local Protection (Broadway World) Arbor Networks, Inc., a leading provider of DDoS and advanced threat protection solutions for enterprise and service provider networks, announced today a new reputation-based threat feed as part of its ATLAS Intelligence Feed (AIF) service. AIF is a research-driven feed of security policies designed to update Arbor's Pravail products quickly and accurately by identifying threats based on real-world attack activity, reputation and behavior

Technologies, Techniques, and Standards

CESG defends CCP as UK cyber security skills foundation (ComputerWeekly) GCHQ's information assurance arm has defended the validity of its cyber security professional certification scheme as a foundation for cyber skills development in the UK

Cloud Security Strategy: Encryption Keys (Midsize Insider) A strong cloud security strategy is important for midsize firms to truly innovate with the cloud. One way of approaching that strategy is by using encryption keys. Midsize firms that have a better understanding of encryption can better protect their cloud data

Updating Your Awareness Training (SANS Securing the Human) A common mistake I often see organizations make with their security awareness program is failing to plan long term. Quite often organizations get caught up in the initial roll-out of their training, but forget to plan on updating their program at some point. Its key that you update your program at a minimum once a year

Whose fault is it that users are the weakest link? (CSO) An organization can spend mountains of cash on best of breed network defenses and security tools, but it can all come crashing down with one click from a user. Users are the weakest link when it comes to network and computer security, but a new survey from Globalscape reveals that the users themselves aren't entirely to blame

Talking insider threats at the CSO40 Security Confab and Awards (CSO) These days, the threat landscape for most companies is massive. But while there is a litany of outside threats that their security teams need to worry about, there is often an even greater danger much closer to home. Insider threats are an issue that no company is safe from, with breaches not just occurring at the hands of a disgruntled or malicious employee, but also unintentionally as a result of ignorance

Watching the watchers (Internet Storm Center) A lot of companies today have various IDS and IPS devices implemented in their internal network (especially if you must be compliant with PCI DSS, for example). So these devices get implemented to monitor various traffic at various interfaces/perimeters in a company, but the question I got asked is how can we be sure that the IDS/IPS is doing its job?

Using the Immunity Debugger API to Automate Analysis (Sourcefire VRT) While analyzing malware samples I came across many simple but annoying problems that should be solved through automation. This post will cover how to automate a solution to a common problem that comes up when analyzing malware

Operation Stop The Exfiltration (Dark Reading) Determined cybercriminals and cyberspies will find their way to the data they want, but there are ways to trip them up on their way out

API-First: 3 Steps For Building Secure Cloud Apps (Dark Reading) When it comes to protecting data traveling to and from the cloud, today's choices are daunting. Here are three steps for making the application programming interface your new best friend

How Boeing merges its data centers with the Amazon and Microsoft clouds (Ars Technica) Carving data up into "puzzle pieces" keeps sensitive information secure

Marketplace

Consumers are souring on Web, post-NSA, survey says (USA Today) The National Security Agency has left more than a black mark on the reputations of tech companies: It is now hurting them financially. Americans are less likely to bank and shop online because of lingering doubts over the NSA's digital-snooping activities

Lockheed taps local startup to join tech heavyweights (Baltimore Daily Record) A young Baltimore startup has been pulled up to the big league of cybersecurity warriors. CyberPoint International, a 4-year-old, 160-employee tech firm, is the newest addition to Lockheed Martin Corp.'s Cyber Security Alliance, becoming the youngest and only privately held company to join a team that includes the likes of Microsoft, Verizon and Cisco…"This company is not only innovating, they're growing," said [Lockheed Martin's] Mann. "We don't have concerns of them going away at all"

KEYW Launches New Advanced Cyber Research and Training Center (Nasdaq) Names Greg Dixon as Sector Vice President for Advanced Cyber Operations and signs lease for 90,000 square-foot facility to build KEYW's Advanced Cyber Research and Training Center

Mandiant Deal Not Disrupting Partners, Says FireEye Channel Chief (CRN) FireEye's $1 billion acquisition of endpoint security and incident response services firm Mandiant is having no serious impact on the ability of the company's partners to deliver services, said FireEye Channel Chief Steve Pataky

Rob Zitz on Leidos' Transition to a Standalone Business, Cyber Trends and Infrastructure Support for DHS (ExecutiveBiz) Rob Zitz joined Leidos in August 2011 — when it was known as Science Applications International Corp. — as senior vice president and chief ISR systems architect after a three-decade government career that culminated in a deputy director role at the National Reconnaissance Office

The Right Stuff: Staffing Your Corporate SOC (Dark Reading) What makes a top-notch security analyst? Passion, experience, and communication skills trump certifications and degrees. But you get what you pay for

Cyber Insurance Covers That? 7 Items You Might Not Know (eSecurity Planet) Data breaches and data losses are just the beginning when it comes to cyber insurance. Policies may also cover such items as data forensics

BrightLine Joins Cloud Security Alliance as Corporate Member (Broadway World) BrightLine CPAs & Associates, Inc., a leading provider of compliance and attestation reporting services, is pleased to announce that it has joined the Cloud Security Alliance (CSA) as a Corporate Member Read more at

Mark Owen, Former Air Force 1-Star General, Named Civergy CEO (GovConWire) Mark Owen, a retired U.S. Air Force brigadier general and formerly an executive vice president at Civergy, has been appointed CEO of the Landover, Md.-based contractor

Fortinet bolsters UK team with former F5 staffers (Microscope) Fortinet continues to develop its UK management team with the arrival of a regional sales director for UK and Ireland tasked with working with the channel to expand the reach for the networking security specialist

Research and Development

New algorithm classifies everything from gene data to POTUS speeches (Ars Technica) Accurately determines whether a State of the Union is pre- or post-Reagan

Security Patches, Mitigations, and Software Updates

With just days to go, just how many PCs are still running Windows XP? (We Live Security) Next Tuesday, April 8 2014, Microsoft will release the last ever security patches for Windows XP. And if you look at the figures from Net Market Share, things aren't looking too good

A Banking View on Windows XP and the End of Support: See it, block it (Trend Micro Simply Security) We are less than a week away from a proverbial red letter day: the end of security support for Windows XP on April 8, 2014

The dangers of using outdated software (Help Net Security) Buy something and keep it long enough, and in time it will become vintage: cool, unique and a throwback to days gone by. But while vintage works for fashion, furniture and cars, when it comes to business software, old is a blatant security risk. An F-Secure survey shows that many businesses are risking company assets by using outdated software

Cyber Attacks, Threats, and Vulnerabilities

Anti-media cybercrime spree continues: Al Arabiya hacked by NullCrew (ZDNet) After hacking and humiliating Comcast in February, NullCrew is back with HorsemenLulz in a successful hack on the mail servers of the second biggest media company in the Arab world, Al Arabiya

Egyptian Armed Forces Training Authority Website Hacked and Defaced (HackRead) On 31st March, 2014, a hacker going with the handle of "YMH" hacked and defaced the official website of Egyptian Armed Forces Training Authority. Hacker left a deface page along with a message in Arabic language. However, it does not appose or support the opposition or the government, infect it talks about leaving politics aside and enjoy

DDoS fear as 24 million home routers fuel hidden DNS amplification attacks (TechWorld) Nominum discovers home router pwnage

24 million routers expose ISPs to DNS-based DDoS attacks (Help Net Security) DNS-based DDoS amplification attacks have significantly increased in the recent months, targeting vulnerable home routers worldwide. A simple attack can create 10s of Gbps of traffic to disrupt provider networks, enterprises, websites, and individuals anywhere in the world

Researchers Divulge 30 Oracle Java Cloud Service Bugs (Threatpost) Upset with the vulnerability handling process at Oracle, researchers yesterday disclosed more than two dozen outstanding issues with the company's Java Cloud Service platform

Win32/Sality newest component: a router's primary DNS changer named Win32/RBrute (We Live Security) Win32/Sality is a family of malware that has been using a peer-to-peer botnet since at least 2003. It is a file infector and a trojan downloader, the latter of which is mainly used to send spam, although it has been used for different purposes such as faking advertising network traffic, distributed denial of service or VoIP account cracking. All commands and files exchanged through Sality's P2P network are digitally signed, making it resilient to protocol manipulation. Its modular architecture as well as the longevity of the botnet shows good programming practice and an efficient software design

GameOver Zeus: Three Things You Should Know (Malcovery) The Zeus banking trojan is a popular topic in the security world these days. It's not new, but it still garners attention as one of the most successful and prolific trojans in use today

Fake Bitdefender Antivirus Plus 2015 offers lead to malware and scams (Help Net Security) Scammers are taking advantage of Bitdefender's good reputation and are luring victims in with promises of free downloads of "Bitdefender Antivirus Plus 2015," the company warns

Tinder users targeted by spamming bots (Help Net Security) Spammers are taking advantage of the popularity of the Tinder dating app to promote a game via bots posing as attractive women

Most Sophisticated Android Bootkit Malware ever Detected; Infected Millions of Devices (The Hacker News) Hardly two month ago we reported about the first widely spread Android Bootkit malware, dubbed as 'Oldboot.A', which infected more than 500,000 Smartphone users worldwide with Android operating system in last eight months, especially in China

Macro-Enabled Files Used as Infection Vectors (Again) (TrendLabs Security Intelligence Blog) Macro-based attacks were popular in the early 2000s, but they gained much notoriety with the much publicized coverage of the Melissa virus. However, macro-based attacks soon began to drop off the radar. One major reason for this would be the security measures implemented by Microsoft to address malicious macro files. Another probable reason would also be that cybercriminals simply moved on, exploiting the latest and popular

Coinbase denies security breach, defends spamming-friendly features (Help Net Security) Popular Bitcoin exchange and online wallet service Coinbase has denied that it had suffered a breach and claims that the list of some 2,000 Coinbase user names and emails recently published on Pastebin was probably compiled from other sources

Crap battery life? Criminals may be using your phone to mine bitcoins (Silicon Republic) Shorter battery life on your Android smartphone may be caused by malware that is involved in mining for various digital currencies, including bitcoin and dogecoin, according to security firm Trend Micro

DVR Infected with Bitcoin Mining Malware (Threatpost) Johannes Ullrich of the SANS Institute claims to have found malware infecting digital video recorders (DVR) predominately used to record footage captured by surveillance camera systems

Cyber attack creates mortgage meltdown, freezes VA mortgages (WWBT NBC 12) A malicious cyber attack froze mortgages and put home ownership in jeopardy for thousands this week, leaving moving trucks and future plans in Virginia on standby

Passwords, messages of 158k+ Boxee.tv users leaked (Help Net Security) The forum database of Web TV service Boxee.tv has been ransacked and the attacker made off with — and has subsequently made available for download — a dump containing personal and account information of over 158,000 of its users

Unauthorized access gained to about 800 JSTOR accounts (SC Magazine) Digital library JSTOR is notifying approximately 800 users that their personal information may be at risk after their MyJSTOR accounts were accessed by an unauthorized third party

SendGrid hands customer to hacker (ITNews) Silver-tongued swindler sways staffer. A staffer at popular email delivery system SendGrid was tricked by a hacker who used access granted to them to break into US-based cloud hosting provider ChunkHost

Medical staffers fall for phishing emails, data on 8,300 compromised (SC Magazine) About 8,300 patients of Washington-based Franciscan Medical Group (FMG) are being notified that their personal information may have been compromised after nearly 20 employees responded to information requests in phishing emails purporting to come from FMG's parent company, Catholic Health Initiatives

550k+ card details stolen in 17-month long Spec's breach (Help Net Security) Texan liquor chain Spec's has been breached, and personal and financial information of over half a million of its customers has been compromised in a breach that lasted nearly a year and a half

Parliamentary computers crash 90 minutes after IT assurances (ComputerWeekly) Parliament was hit by another computer crash within 90 minutes of an assurance to MPs, peers and their staff that the system had been fixed

CryptoDefense ransomware attacks 100 countries but has 'fatal flaw' (SC Magazine) The US and UK are the biggest targets of CryptoDefense, a major new ransomware campaign that has stolen over £20,000 in its first month - but which has one major design flaw

Who Built the ID Theft Service SSNDOB.ru? (Krebs on Security) Previous stories on this blog have highlighted the damage wrought by an identity theft service marketed in the underground called ssndob[dot]ru, which sold Social Security numbers, credit reports, drivers licenses and other sensitive information on more than four million Americans. Today's post looks at a real-life identity behind the man likely responsible for building this service

Who's Behind the 'BLS Weblearn' Credit Card Scam? (Krebs on Security) A new rash of credit and debit card scams involving bogus sub-$15 charges and attributed to a company called "BLS Weblearn" is part of a prolific international scheme designed to fleece unwary consumers. This post delves deeper into the history and identity of the credit card processing network that has been enabling this type of activity for years

You don't have to be a major Hollywood studio to see the IP risks in cloud file locker services (Graham Cluley) Andy Green of Varonis argues that to better protect their intellectual property and sensitive data, companies need to take more proactive measures — closely auditing and monitoring access to confidential documents

Academia

UMBC receives $750 million grant from NSA (The Retriever Weekly) Funds to establish new hacking education program and security/data analytics lab

Knowing Is Half the Battle: Combating Big Data's Dark Side Through Data Literacy (Slate) The White House Office of Science and Technology Policy is nearing the end of its 90-day review of big data and privacy. Soon, industry leaders, privacy advocates, engineers, and developers expect to learn regulators' key questions and priorities for balancing innovation in predictive analytics while protecting against harm or discrimination

Why CTF (Plaid Parliament of Pwning) A recent blog post has been going around talking about the differences between competitions like CCDC (Collegiate Cyber Defense Competition) and CTFs (Capture the Flag). It's a good read and I thought a lot of interesting points were brought up, and figured it could be beneficial to try to respond to them some place to encourage discussion (and besides, our blog needs any excuse it can get for new content). For what it's worth, I didn't watch Chris Eagle's presentations, though I imagine I don't agree with everything he said. Likewise, I don't disagree with everything from Matt Weeks' blog post. This post is mostly motivated by the fact that while a discussion on security competitions is going, it makes sense to talk about some related things I have been thinking about

Litigation, Investigation, and Enforcement

Banks withdraw lawsuit against Chicago's Trustwave (Crain's Chicago Business) The two banks that sued technology-security firm Trustwave Holdings Inc. in connection with the Target Corp. hacking incident have withdrawn their suit

Target catches a break in data breach lawsuit (FierceRetailIT) While Target (NYSE: TGT) executives would love to be able to pin the retailer's massive card data breach on IT vendors, it may not be able to do so

Secure protocols for accountable warrant execution (Freedom to Tinker) Last week the press reported that the White House will seek to redesign the NSA's mass phone call data program, so that data will be held by the phone companies and accessed by the NSA, subject to a new warrant requirement. The Foreign Intelligence Surveillance Court will issue the warrants. Today Josh Kroll and I, with colleagues at Stanford University, released a draft paper on how to use cryptography to implement warrants to data in a secure, private, and accountable way

What, besides phone records, does the NSA collect in bulk? (Ars Technica) Gun purchases? Financial transactions? A coalition of orgs wants answers

Bankruptcy judge orders Mt. Gox CEO to answer questions in US by April 17 (Ars Technica) Mark Karpeles needs to answer questions in person to proceed with Chapter 15