The CyberWire Daily Briefing 07.14.15
Anon Ghost, apparently firmly in ISIS's camp, hacks Malaysian police Facebook and Twitter accounts.
As the US Federal CIO warns that the Government's security "sprint" may well uncover more problems, the scope of the OPM breach continues to sink in. (It will sink in farther as general realization of how many people who never applied for clearances nevertheless had their personally identifiable information compromised on someone else's SF-86.) Consensus among observers is that the breach was the culmination of a long-standing Chinese espionage campaign whose long march into OPM began in several little-attended third-party sites.
Congress will soon hold more hearings on the breach, which has lent impetus to pending cyber security legislation (much of which paradoxically focuses on information sharing). Text of three pending bills is linked below. Director Archuleta's exit in the wake of OPM's breach prompts widespread industry reflection on executives' vulnerability to cyber fails.
The Hacking Team breach has turned up more Flash and Java exploits, some of the former now being exploited, FireEye reports, by Chinese criminal gangs. Adobe is working to patch Flash, but Mozilla (which has now blocked Flash by default in its Firefox browser) and Facebook seem to think Flash ultimately unfixable.
Telegram, a "security-enhanced chat app," is in the midst of a days-long denial-of-service attack on its Asia-Pacific service. No attribution yet, but Quartz thinks it significant that the DDoS campaign coincides with a Chinese crackdown on human rights attorneys.
A minor mystery: Rhino Security has withdrawn ProxyHam, for unclear reasons.
Today's issue includes events affecting Australia, Brunei, Canada, China, Ethiopia, Germany, India, Malaysia, Morocco, Nigeria, Pakistan, Qatar, Romania, Sudan, Turkey, Turkmenistan, United Arab Emirates, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Malaysian Police Facebook, Twitter Accounts Hacked by Pro-ISIS Hackers (HackRead) The Malaysian Police Facebook and Twitter added to the list of targeted government social media accounts — Monday afternoon saw the pages of these accounts modified and pro-ISIS group Anon Ghost took liability
Hacked in the U.S.A.: China's Not-So-Hidden Infiltration Op (BloombergBusiness) The vast cyber-attack in Washington began with, of all things, travel reservations
Federal CIO: Cyber review may uncover more intrusions (The Hill) The government official leading a review of federal network security acknowledged that investigators might discover more digital intrusions on the government's outdated systems
Expect more hacker attacks on government: Obama's tech chief (New York Post) Expect more news of hack attacks on US government computers, the feds' chief information officer said in an interview published Saturday
Recapped: A quick round up of developments since Hacking Team was hacked (CSO) One week later, here's a recap of the latest developments to come out of the Hacking Team incident
Hacking Team Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems (TrendLabs Security Intelligence Blog) The dissection of the data from the Hacking Team leak has yielded another critical discovery: Hacking Team uses a UEFI BIOS rootkit to keep their Remote Control System (RCS) agent installed in their targets' systems. This means that even if the user formats the hard disk, reinstalls the OS, and even buys a new hard disk, the agents are implanted after Microsoft Windows is up and running
Hacking Team broke Bitcoin secrecy by targeting crucial wallet file (Ars Technica) Leaked e-mails brag HT could see "who got that money (DEA: anyone interested? :P )"
Zero-Day Exploit Alert: Flash, Java (BankInfoSecurity) More Hacking Team Flash exploits, plus Java APT attack
Chinese hackers used tools leaked after attack on Italian cybersecurity firm Hacking Team (South China Morning Post) Two major hacking groups linked to China are believed to have used exploits revealed in the wake of a recent attack on Italian cybersecurity firm Hacking Team
Are You Vulnerable to New Java Zero-Day Exploit? (Lumension Blog) Are the computers in your organisation still running Java?
Facebook CSO suggests Flash moratorium to end its crash bang wallops (Inquirer) Aha! Saviour of the universe?
A cyber attack struck messaging app Telegram just as China was cracking down on human rights lawyers (Quartz) This past weekend Telegram, a security-enhanced chat app, was crippled in Asia by a cyber attack — though by whom so far remains a mystery
DDoS Attack Against Telegram's Asian Pacific Server Enters Fourth Day (Tripwire: the State of Security) A DDoS attack continues to affect the Asian Pacific servers of messenger app Telegram as of Monday morning
Researchers Found Critical Vulnerability in LG's Update Center Application (HackRead) The LG Update Center Application faces yet another threat of cyber attack as was discovered by SEARCH-LAB Ltd in November 2014
Suspected cyber attack forces termination of crucial Qantas pilot vote (Sydney Morning Herald) A suspected cyber attack has forced the termination of a crucial vote on a new wage deal by Qantas' long-haul pilots, which the airline wants passed before it will commit to buying a fleet of new planes
Revisiting The Bunitu Trojan (Malwarebytes Unpacked) This post describes the infection process of the latest version of the Bunitu Proxy Trojan as seen delivered by the Neutrino Exploit Kit via a malvertising campaign
Land Rover recalls 65,000 cars because of software bug that could lead to theft (Graham Cluley) BBC News is reporting that more than 65,000 Range Rover and Range Rover Sport cars are being recalled because of a software bug in their central locking system that can allow thieves to steal vehicles
True confessions: I wrote for an Internet content mill (Ars Technica) One former backlink spam writer returns to share how the sausage is made
Security Patches, Mitigations, and Software Updates
Adobe patches weaponised Hacking Team zero-day vulnerability (ComputerWeekly) Adobe is patching a zero-day vulnerability researchers say was weaponised immediately after data was breached from software firm Hacking Team
Adobe promises patch for latest wave of critical Hacking Team zero-day exploits (ZDNet) Adobe devs must be working overtime to fix the latest vulnerabilities revealed through the Hacking Team cyberattack
After Facebook called for its death, now Firefox is blocking Flash by default (Neowin) After a number of issues and exploits have been discovered recently, Mozilla has taken a big step and is now blocking Flash in all of its Firefox browsers
Kaseya Patches Two Bugs in VSA IT Management Platform (Threatpost) A researcher has uncovered a pair of vulnerabilities in the Kaseya VSA IT management platform, including an open redirect that could be used to force users to visit an attacker-controlled sites
Opinion: Timing is everything for securing wireless communications (Christian Science Monitor Passcode) Even though disrupting wireless communications — whether cellphone networks or GPS — could harm the US economy and put lives at risk, these networks remain far too vulnerable to attacks
Android users not securing devices, survey shows (ComputerWeekly) Nearly half of Android users polled are not using a security app on their smartphone, with same proportion saying they did not know they needed a security app
Is Cognitive Biometrics a Retailer's Best Friend? (PYMNTS) The problem with security of all kinds is best typified by an experience anyone reading this can relate to — going through the security lines at the airport. After September 11, there are exactly zero adults in the United States who do not understand the extraordinary importance of properly screening people before we let them board a pressurized, jet-fuel packed, aluminum tube that blasts through the air at ~500 miles per hour — since the consequences of insufficiently doing so are quite catastrophic
Cybersecurity Gains Higher Profile Among Chief Financial Officers (Dark Reading) Deloitte study shows CFOs view security risks as a top threat to financial health
14 Security Fails That Cost Executives Their Jobs (Dark Reading) Katherine Archuleta, the director of the Office of Personnel Management, is the latest casualty of a data breach, but she's certainly not the only one. There's no job security when your job is security
Airbus plots exit from government comms biz (Register) Defence mobile, spookery, cyber-sec on the auction block
CrowdStrike, Cybersecurity Services Provider, Raises $100 Million (New York Times) In the wake of computer attacks on the government and other prominent targets, investor interest in cybersecurity is unsurprisingly high
Exclusive: cybersecurity startup RedOwl raises $17 million series b (Fortune) This Baltimore cybersecurity startup routs insider threats
TrapX Security raises $9 million in Series B funding (Tech Bulletin) TrapX Security Inc, deception-based cyber security firm has raised $9 million in Series B round of funding led by investors Intel Capital and Liberty Venture Capital along with existing investors BRM Group and Opus Capital
Symantec bets on simplicity, cloud and mobile (ComputerWeekly) Symantec is not trying to be all things to all people, but is instead focusing on threats and protecting information in the mobile and cloud environments
Hacking Team Promises to Rebuild Controversial Surveillance Software (Threatpost) The aftermath of the Hacking Team attack raised legitimate questions about the controversial Italian surveillance software vendor's long-term viability. With reams of sensitive internal data and intellectual property posted online, how could the company survive?
Has FireEye Run Out Of Steam? (Seeking Alpha) With the growth of cloud computing, cyber attacks are expected to increase rapidly. FireEye offers innovative solutions to cyber attacks and is spending heavily on new innovations. I've discussed below the reason why investors shouldn't be worried about the company's inability to report a profit. The company's focus on increasing market share will lead to long-term profits. The risk-reward ratio is in FireEye's favor and I think the stock is still a buy
JPMorgan: Palo Alto can more than triple market share by 2024 (Seeking Alpha) Palo Alto Networks (NYSE:PANW) can grow its market share from a current 7% to 24% by 2024 "as companies large and small continue to migrate their network security over to next-generation firewalls — a trend we estimate is only half done," writes JPMorgan's Sterline Auty, launching coverage with an Overweight rating and $216 target
Accenture Subsidiary to Support VA Info Security Program for $300M (GovConWire) A subsidiary of Accenture's (NYSE: ACN) federal services business will provide support to the Department of Veterans Affairs' Continuous Readiness in Information Security Program under a one-year, $300 million contract
Healthcare needs more IT security pros — stat (CIO) Technology is bringing amazing changes to the healthcare industry, but it's also bringing the need for more IT security professionals. What's causing this lack of talent and if you're a security pro, how can you land a job in this growing field?
High-profile breaches spark explosive demand for security awareness training (IT Pro Portal) KnowBe4, provider of the world's most popular integrated platform for security awareness training and simulated phishing testing, has seen explosive growth for eight consecutive quarters
United Airlines pays hacker one million air miles in bug bounty reward (Naked Security) It didn't take Jordan Wiens very long to find a vulnerability in United Airlines' network, but the payoff was one million free air miles for about six hours of work
ThetaRay Launches U.S. Office (PRNewswire) Kris Robinson joins to build threat detection lead and market share
Cyber security firm in Clearwater hiring for 30 jobs (83DegreesMedia) A cyber security firm in Clearwater is expanding, recently relocating to a new office space to house the employees they plan to hire this year. ThreatTrack, which provides cyber threat prevention solutions to organizations to avoid and respond to cyber attacks, is experiencing growth due to the need for online security solutions
SC Magazine Names Norse's Mary Landesman a "Woman to Watch" in IT Security (Yahoo! Finance) Landesman recognized for her long-time leadership in threat data analytics
Products, Services, and Solutions
A $200 privacy device has been killed, and no one knows why (Ars Technica) ProxyHam creator offers no explanation for his abrupt decision to abandon it
Bromium and Microsoft fortify Windows 10 against threat of cyber attack (Business Weekly) A Cambridge-California technology collaboration between Bromium and Microsoft has been launched to advance security on Windows 10
Balabit bets big on Blindspotter (ComputerWeekly) At first glance behavioural analytics may seem a strange direction for security company Balabit — but it makes sense on closer inspection
Automatic PC repair uses IBM's tech to keep computers clean (Times of Israel) Fixico, with roots in the enterprise world, promises to relieve everyday users of checking disk health and running updates
SMEs should not just rely on employees to encrypt emails (Zertificon) According to a 2012 study by the German interior ministry, email is the most popular communication technology and is used by 98% of SMEs
Splunk Provides Adaptive, Operational Intelligence (Forbes) A Security Operations Center (SOC) typically monitors the internal network data while Security Incident and Event Management (SIEM) provides a dashboard view with bit more control of the alerts generated by the applications and systems hardware. Often these are both reactive activities, notifying system admins only when something has already gone wrong. But what if you could anticipate a problem, and based on the data, create new and better rulesets on the fly? In that way Splunk, a big data company that seeks to provide security intelligence, is like a SIEM on steroids
Bitdefender Box — The Perfect Security Solution for Your Home Network (Social Barrel) We've all seen futuristic movies that feature cool gadgets, interconnected appliances and give you a sneak peek into what the future technology might be capable of. The possibilities are endless, and the benefits go beyond perception. If only all of that was possible!
Thycotic Secret Server 8.8 Honored as Silver Winner in the 10th Annual 2015 Hot Companies and Best Products Awards in Security Software (PRNewswire) Winners and finalists from around the globe were honored by Network Products Guide on June 29, 2015 in San Francisco
ERPScan Security Monitoring Suite is a Gold winner in the 10th Annual 2015 Hot Companies and Best Products Award in IT Products and Services for Telecommunications (ERPScan) Network Products Guide, industry's leading technology research and advisory guide, has named ERPScan Security Monitoring Suite a Gold winner of the 10th Annual 2015 Hot Companies and Best Products Awards in the IT Products and Services for Telecommunications category
Searching the Enterprise for Known Indicators of Breach (Tripwire: the State of Security) Given the recent high-profile breaches, a key challenge facing government agencies and other security-minded organizations is rooting out malware that has already become embedded on key assets
Technologies, Techniques, and Standards
Why CTO's should enforce adblocking on their networks (ITsecurity) Recent research from Simon Fraser University in British Columbia has illustrated that blocking advertising on their enterprise network cut bandwidth usage by 25-40%. They used AdblockPlus, the most popular browser plugin in the world, for a period of six weeks and actively recorded how it impacted network traffic and bandwidth consumption
Mobile SSL failures: More common than they should be (Help Net Security) Securing your mobile application traffic is apparently more difficult than it should be, as researchers Anthony Trummer and Tushar Dalvi discovered when looking into SSL/TLS usage on the Android operating system and applications, as well as on iOS and Windows 8 mobile
SSL/TLS certificates beginner's tutorial (talPor Solutions) This is a beginner's tutorial on SSL certificates (which by now should be called TLS certificates, but old habits die hard). I'll cover both how they function, and how to create a SSl/TLS certificate using OpenSSL, either self-signed or signed by a CA
Inside A Vicious DDoS Attack (Dark Reading) What it's really like to fend off a relentless distributed denial-of-service attack
Breaches Are More Than Malware (SecurityWeek) Security teams must always keep the entire attack lifecycle in perspective
6 ways the banking industry could improve on cybersecurity (MarketWatch) The threat of a hack is among banks' biggest fears
Design and Innovation
Why webcam indicator lights are lousy privacy safeguards (Christian Science Monitor Passcode) A recent academic study found that few computer users notice indicator lights and even fewer realize that the camera is always recording when the light is on. The lack of awareness, say researchers, makes people more vulnerable to webcam spying
Research and Development
David Wajsgras: Raytheon Aims to Help DARPA Automate Cybersecurity (ExecutiveBiz) Raytheon's team is one of seven teams that will compete in the final round of a $2 million U.S. Defense Advanced Research Projects Agency-hosted program to build an automated system against cybersecurity threats
Partnership to Address Staffing Crisis (InfoRiskToday) Government leads initiative to develop 12,050 security pros
Facebook teams up with SJSU to get more women in cybersecurity (San Jose Mercury News) Fifth-grader Natalie Valencia thought that cybersecurity was a career path boys followed, not girls, but a weeklong summer camp at Facebook changed her mind
Camp Teaches Teens To Solve Cyber Crimes (WBUR) Teenagers around the country have the opportunity this summer to learn to solve crimes in cyber space. The "gen-cyber" camps are run by the National Security Agency, which is hoping to train the next generation of cybersecurity experts
Cybrary Partners with Cornerstone Program to Provide Refugee Women with Computer Literacy Training (PRWeb) July program aims to make tech a means to self-sufficiency
Legislation, Policy, and Regulation
Experts protest Aussie law banning crypto export (IT News) Defence Trade Controls Act threatens to "criminalise" cryptology
'Save the teachers!' 184 cryptologists send Oz Govt cleartext petition (Register) 'Clear exemptions' sought for researchers caught in crypto export net
WhatsApp, Facebook Messenger could be banned by UK's newly proposed bill (Naked Security) Popular messaging apps like WhatsApp, Facebook Messenger and Snapchat could soon be a thing of the past in the UK if the government gets its way
Thoughts on Encryption and Going Dark, Part II: The Debate on the Merits (Lawfare) On Thursday, I described the surprisingly warm reception FBI Director James Comey got in the Senate this week with his warning that the FBI was "going dark" because of end-to-end encryption. In this post, I want to take on the merits of the renewed encryption debate, which seem to me complicated and multi-faceted and not all pushing in the same direction
Build a cyber plan now (Federal Times) Unfortunately for Office of Personnel Management Director Katherine Archuleta, she was at the switch when one of the biggest hacks to hit the federal government occurred late last year and early this year. It surprised no one when she resigned July 10
Federal Cybersecurity Needs Improvement (Politico) Cybersecurity is a top priority for me, for President Barack Obama and for this administration. It is my personal mission to significantly enhance the Department of Homeland Security's role in the cybersecurity of this nation
Threat Intelligence Sharing Legislation Gains Momentum (Dark Matters) Three pieces of proposed legislation to create platforms for information sharing between the private sector and the federal government are currently making the rounds on Capitol Hill — two in the House and one in the Senate — but it is still unclear what form a final bill will take
H. R. 1560 (114th Congress) An act to improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, to amend the Homeland Security Act of 2002 to enhance multi-directional sharing of information related to cybersecurity risks and strengthen privacy and civil liberties protections, and for other purposes
H. R. 1731 [Report No. 114–83] (114th Congress) To amend the Homeland Security Act of 2002 to enhance multi-directional sharing of information related to cybersecurity risks and strengthen privacy and civil liberties protections, and for other purposes
S. 754 (114th Congress) To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes
Litigation, Investigation, and Law Enforcement
OPM data breach to be subject of hearings (Military Times) Members of the House Armed Services Committee will look into the military and national security impact of the recent data breach at the Office of Personnel Management, calling the reports so far "staggering and unacceptable"
Why was Oscar-winning Snowden documentarian detained 50+ times in US airports? (Ars Technica) Laura Poitras has filed suit to find out why she was stopped and searched
It's a New Age in Data Privacy and Cybersecurity Protection (LegalTech News) General counsel and data privacy officers from TiVo, Intel and eHarmony talk Big Data, following cybersecurity laws, and more at Legaltech West keynote
Former DC Mayor Fenty Reveals DC PD Were Clients of Secretive Software Firm (DCInno) He mentioned the connection during an a16z podcast episode featuring Mayor Bowser
Ethiopia spying case casts spotlight on cyber surveillance in US (Al Jazeera) Lawsuit alleges that Addis Ababa used private technology to monitor Internet communications of dissident-linked American
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
SINET 16 Application Deadline (San Francisco, California, USA, Jul 17, 2015) Innovative solutions frequently come from new and small companies. Our goal is to provide entrepreneurs from all over the world an opportunity to increase their product awareness to a select audience of sophisticated investors, builders and buyers. In order to participate, companies must have annual revenues of approximately fifteen (15) Million dollars or less. The application deadline is this Friday
Securing Your Digital Assets (New York, New York, USA, Jul 14, 2015) Privacy and data security are a growing concern across all industries, and any breach of corporate or personal digital assets threatens financial and reputational harm. With all of the news and educational offerings, you're probably aware of the vulnerabilities. But cyber security is not a task, it is a process. So what procedures do you have to put in place to plug the loopholes? Our expert panel will discuss some of the best current options for implementing effective digital safeguards
National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, Jul 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program. There is no cost to attend this meeting
National Cybersecurity Center of Excellence (NCCoE) Speaker Series: Janet Levesque, Chief Information Security Officer at RSA (Rockville, Maryland, USA, Jul 16, 2015) Traditional security models are failing. While the idea of a shift from prevention to detection has gained traction, most current approaches to detection rely heavily on the same techniques that have rendered preventative tools ineffective. The ultimate goal — disrupting and stopping attacks — has continued to elude security experts. The next stage in the industry's evolution is to move to a stance of "dynamic defense," which combines the ability to detect an attack and fully understand its scope and potential impact on the business, and then use the information to disrupt the attack before adversaries can accomplish their goals
TakeDownCon Rocket City (Huntsville, Alabama, USA, Jul 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their knowledge, giving delegates the opportunity to learn about the industry's most important issues. With two days and two dynamic tracks, delegates will spend Day 1 on the Attack, learning how even the most protected systems can be breached. Day 2 is dedicated to Defense, and delegates will learn if their defense mechanisms are on par to thwart nefarious and persistent attacks
The APTs are coming (New York, New York, USA, Jul 21, 2015) With cyberespionage and Advanced Persistent Threats (APTs) on the rise, it's important to understand today's threat landscape-and the ways you can keep your company safe. Join LIFARS, Kaspersky Lab, Cyphort, and vArmour for an informative breakfast discussion on the most effective solutions available for stopping advanced threats
California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation
CyberMontgomery 2015 (Rockville, Maryland, USA, Jul 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen other Federal agencies, plus regional State and local agencies, educational institutions (such as Montgomery College, the Universities at Shady Grove, a satellite campus of Johns Hopkins, and the Bethesda-based SANS Institute), plus scores of cyber companies, ranging from start-ups to multinational corporations such as Lockheed Martin, employing upwards of 37,000 people in cyber-related jobs. With cybersecurity constituting a major growth engine in the region for many years to come, and with leading Federal government, industry and academic assets already in place in the region, the annual CyberMontgomery conference serves to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. In that light, CyberMontgomery provides clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in the County, and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders
Career Discovery in Cyber Security: A Women's Symposium (New York, New York, USA, Jul 30, 2015) Our annual conference brings together some of the best minds in the industry, with the goal of guiding women with a talent and interest in cyber security into top-flight careers