The CyberWire Daily Briefing 07.15.15
ISIS information operations worry governments as evidence of online recruiting and command-and-control success continues to accumulate. Afghanistan's president warns against underestimating ISIS, and a piece in Foreign Policy speculates about how the US might counter the Caliphate's messaging (by emulating aspects of Russian and Chinese operations).
Fingerprints lost in the OPM breach (and no one's yet sure whose, or how many were taken) are called a "counterintelligence disaster" and "battle[space] preparation." OPM has a new Director: she faces both an enormous cleanup challenge and a Congress in a do-something-now mood.
A smaller, different breach (data lost through mishandling in transit) affects current and former soldiers of the US Army Reserve National Guard.
Chinese hackers of uncertain provenance phish US Government personnel and reel them in with a Flash zero-day.
A new version of the Dyre banking Trojan infests Spanish networks.
TeslaCrypt evolves into a more dangerous form even as researchers tell BlackHat that most ransomware remains, truth be told, pretty dumb. Dumb, but dangerous.
SSL redirects show up in malvertising.
Malwarebytes says that affinity marketing has become a leading distributor of PUPs (potentially unwanted programs).
Acunetix looks at business websites and doesn't at all like what it finds: half of them would flunk a PCI standards check.
Systems administrators are dealing with patches from Oracle, Abode, and Microsoft, some of which close vulnerabilities disclosed in the Hacking Team breach. SAP has also patched. BT Security gives Land Rover high marks for its handling of a recall for automotive software bugs.
Notes.
Today's issue includes events affecting Afghanistan, Australia, Bosnia, Brazil, China, Colombia, Denmark, European Union, Germany, India, Iran, Iraq, Italy, Japan, Democratic Peoples Republic of Korea, Netherlands, New Zealand, Romania, Russia, Saudi Arabia, Serbia, Spain, Sweden, Syria, United Kingdom, United States, and and Vietnam.
Cyber Attacks, Threats, and Vulnerabilities
'Al-Qaeda was terrorism version 1, ISIS is version 6' — Afghan President Ghani to RT (RT) Islamic State cannot be dismissed as a "medieval" cult, and the world is encouraging its growth by allowing more failed states to emerge, Afghan president Ashraf Ghani told RT
FBI agent weighs in on threat of terrorism in heartland (KETV) As the airstrikes continue against ISIS targets, there is a growing trend the FBI in Omaha finds troubling. "One of the reasons is that Isis is taking the utilization of the Internet to a new level as far as recruitment of people across the world," FBI Special Agent in Charge Thomas Metz said
A Few Good Twitter Trolls (Foreign Policy) Why the United States needs to take a page from the Chinese and Russian playbooks when it comes to combating the Islamic State online
How Much Damage Can the OPM Hackers Do With a Million Fingerprints? (National Journal) The pilfering of 1.1 million fingerprints is "probably the biggest counterintelligence threat in my lifetime," one former NSA official said
Feds targeted in Clandestine Wolf phishing campaign (FCW) A tenacious team of Chinese hackers targeted several large federal agencies in June with a new spear phishing campaign that uses an undiscovered flaw in Adobe Flash Player
Another "Hacking Team" zero-day surfaces — this time in IE, not Flash! (Naked Security) Yet another zero-day has been dragged out of the data dump from hacked Italian security outfit Hacking Team
El malware Dyre se toma sus vacaciones de verano en España (IBM Security Intelligence Blog) Una nueva configuración del Troyano Dyre persigue a 17 bancos españoles. ¿Qué hay de nuevo?
New Version of Teslacrypt Changes Encryption Scheme (Threatpost) A new version of the nasty TeslaCrypt ransomware is making the rounds, and the creators have added several new features, including an improved encryption scheme and some details designed to mimic CryptoWall
Most Ransomware's Not So Bad (Dark Reading) Although some ransomware is getting smarter and scarier, most of it is pretty dumb, as one researcher will show at Black Hat
Report: Malvertisers now using SSL redirects (CSO) An AOL-owned advertising network has begun serving up malicious advertising that disguises itself with multiple SSL redirects
PUP makers, Digital Snake Oil Part 3 (Malwarebytes Unpacked) But wait, there's more! We have explained our recent changes to our PUP classification, where we have decided to include Registry Cleaners and Driver Updaters behaving aggressively
Almost ALL websites have serious security vulnerabilities, study shows (Information Age) 50% of businesses would fail at PCI compliance, according to a study of 15,000 websites
Hideouts for Lease: The Silent Role of Bulletproof Hosting Services in Cybercriminal Operations (TrendLabs Security Intelligence Blog) What do LeaseWeb, Galkahost, and Spamz have in common? All of them, at one point or another, have functioned as cybercriminal hideouts in the form of bulletproof hosting services (BPHS)
Interesting geographic attack vector from a Russian launched cyber counter-attack (Geek Slop) I love the Russians. I know, strange to hear that from an American in modern day with a new "cold war" (seemingly) beginning to gain steam —>[in my most-convincing whiner voice] Can't we all just get along?<—
Google Photos still grabs your snaps, even after you delete the app (Graham Cluley) A newspaper editor recently discovered that Google Photos continues to backup all photos stored on an Android device even after the app has been uninstalled
Tour de France leader Chris Froome has had his data hacked, claims Team Sky (We Live Security) Chris Froome is currently leading the legendary Tour de France race, and wearing the famous yellow jersey
Current, former Guard members warned of data breach (Army Times) A recent security breach that may have involved Social Security numbers, home addresses and other personal information belonging to more than 850,000 current and former Army National Guard members was caused by an improperly handled data transfer, not hackers, a spokesman said Tuesday
Federal agency outlines steps to help victims of cyber attack (Fayetteville Observer) Fort Bragg is sharing information about a recent cyber attack that could have affected current and former Fort Bragg troops and civilian employees
Customers of Anthem say ID theft proliferating (Indianapolis Business Journal) Anthem Inc.'s massive data breach reported early this year is now generating real cases of identity theft, according to allegations in a small but growing number of lawsuits filed across the country
5 months after data breach, health insurer to offer free identity theft protection service (Philadelphia Business Journal) Independence Blue Cross, the Philadelphia region's largest health insurer, said Tuesday it will offer identity protection services — at no charge to eligible members and their dependents — starting Jan. 1, 2016
Security Patches, Mitigations, and Software Updates
Oracle Critical Patch Update Advisory — July 2015 (Oracle) A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes
Security update available for Adobe Shockwave Player (Adobe Security Bulletin) CVE number: CVE-2015-5120, CVE-2015-5121. Platform: Windows and Macintosh. Adobe has released a security update for Adobe Shockwave Player for Windows and Macintosh. This update addresses critical vulnerabilities that could potentially allow an attacker to take control of the affected system
Security updates available for Adobe Flash Player (Adobe Security Bulletin) Vulnerability identifier: APSB15-18. CVE number: CVE-2015-5122, CVE-2015-5123. Platform: Windows, Macintosh and Linux. Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that exploits targeting these vulnerabilities have been published publicly
Did Firefox listen to Facebook and just kill Flash? (No, but there's another patch!) (Naked Security) Just like Flash exploits, it seems that Flash exploit stories come along in bunches, too, like those pesky buses you wait for
Microsoft patches Internet Explorer vulnerability offered to Hacking Team (CSO) The use-after-free flaw was discovered within the Hacking Team emails
Microsoft Security Bulletin Summary for July 2015 (Microsoft Security TechCenter) This bulletin summary lists security bulletins released for July 2015
Anyone still running Windows Server 2003 is now at risk (ComputerWeekly) Businesses still running Windows server 2003 are vulnerable to attack from hackers looking to exploit security holes
The never-ending Zero Day: Microsoft shuts down antimalware support for Windows XP users (Heimdal Security) Today is the day that leaves hundreds of millions of users exposed to malware attacks
SAP Security Notes July 2015 (ERPScan) SAP has released the monthly critical patch update for July 2015. This patch update closes a lot of vulnerabilities in SAP products, some of them belong in the SAP HANA security area. The most popular vulnerability is Missing Authorization Check
Land Rover praised for recall over software security bug (ComputerWeekly) BT Security head Mark Hughes says Land Rover's recall of vehicles to fix a software security flaw is a sensible step to address evolving criminal threats
Cyber Trends
Why Cybersecurity Leadership Must Start At The Top (Forbes) If the past year has shown us anything, it's that companies should no longer ask if they are going to be hacked and instead when. With every company becoming digital, the pace of change is only accelerating and our ability to make the right decisions on cybersecurity needs to move even faster. Some estimate that between $9 and $21 trillion of global economic value creation could be at risk if companies and governments are unable to successfully combat cyber threats
Shared Passwords And No Accountability Plague Privileged Account Use (Dark Reading) Even IT decision-makers guilty of poor account hygiene
The soaring cost of malware containment (Help Net Security) Organizations are dealing with nearly 10,000 malware alerts per week, however, only 22% of these are considered reliable, according to a new report from The Ponemon Institute, which surveyed 551 IT and IT security practitioners across EMEA
The most damaging ramifications of DDoS attacks (Help Net Security) More than half of IT security professionals (52 percent) said loss of customer trust and confidence were the most damaging consequences of DDoS attacks for their businesses, according to a survey conducted at RSA Conference 2015 and Infosecurity Europe 2015 by Corero Network Security
Sixty Percent of Enterprise Application Vulnerabilities Go Unmitigated (Dark Matters) A survey conducted at the recent Gartner Security and Risk Management Summit revealed that two-thirds of the more than 100 senior security professionals queried admit that sixty percent or more of the security vulnerabilities discovered in applications deployed on enterprise networks go unmitigated
Connected devices will challenge user attitudes toward privacy, trust, passwords, report says (ZDNet) Report shows 77% of digital consumers interested in alternatives to usernames, passwords
Poor Priorities, Lack Of Resources Put Enterprises At Risk, Security Pros Say (Dark Reading) In Black Hat survey, security professionals say misplaced enterprise priorities often leave them without the time and budget they need to address the most critical threats
Hackers Make Financial Services Firms Top Target (eSecurity Planet) Hackers target financial services firms 300 percent more than companies in other verticals, says Websense Security Labs
Half ANZ IT managers report weekly cyber breach (Scoop) Centrify survey reveals that one in eight IT managers believe security breach attempts occur in their organisation every 60 seconds
Marketplace
NYSE trading halt an insurance coverage wake-up call (Business Insurance) Last week's disruption of the New York Stock Exchange because of an apparent computer glitch may not have had a dramatic impact on the markets, but it should serve as a reminder to companies to examine their insurance coverage should they face similar problems
Cybersecurity 'Not Owned' by Compliance but Shared: FINRA Exec (ThinkAdvisor) At BD Compliance Seminar, CEO Lon Dolber sees rising instances of cyber impersonators
China's Tsinghua Unigroup Plans $23 Billion Offer for Micron (BloombergBusiness) The investment arm of one of China?s top universities is planning to offer $23 billion for chipmaker Micron Technology Inc., a person familiar with the matter said, in a deal that would be the largest takeover of a foreign firm by a Chinese company. Micron surged in Frankfurt trading
Hacking Team CEO insists tools were not compromised (CSO) The founder of the Italian surveillance software company that suffered a disastrous data breach last week sought to reassure clients on Tuesday about the gravity of the intrusion, insisting that Hacking Team's anti-terrorism work has not been jeopardized
Dell scotches closure rumours by expanding Edinburgh Security Operations Centre (ComputerWorld) Wheels out political support to underline commitment
This REIT Is Backed By Cyber Security Properties (Seeking Alpha) Last week, three events made headlines as unintended access shut down critical functions for the New York Stock Exchange, The Wall Street Journal, and United Airlines. There's someone racing around New York City right now on a brand new bicycle thanks to a hack on my by bank account a few months ago. Although COPT is a niche REIT, its unique capabilities enable the company to exploit market knowledge as a local sharpshooter in strategic markets
Products, Services, and Solutions
Who killed Proxyham? (Naked Security) Earlier this month, security researcher Benjamin Caudill unveiled a new, cheap anonymizing device called Proxyham that set the security press a-buzz
New Research Finds Cyber Exploits Can Be Anticipated With an Accuracy of 83% (Recorded Future) Security teams have the daunting task of trying to keep abreast of unpatched and zero-day vulnerabilities inside their organization. With so many threats and exploits in the wild, it?s difficult to know which vulnerabilities will result in an actual exploit and cause harm. Making early assessments can help security managers discover possible threats in advance and prioritize vulnerability management
NSA Releases Systems Integrity Management Tool (SIMP) on GitHub (Softpedia) NSA releases free tools for boosting security protocols. The NSA has released a batch of tools codenamed SIMP (Systems Integrity Management Tool) on a special GitHub account set up just for this, and following their Technology Transfer Program (TTP)
New EventTracker 8 Addresses the Detection Deficit in Data Security (MarketWatch) Latest version of EventTracker offers advanced solution for Threatscape 2015 and beyond
ImageWare Systems Licenses Biometrics Platform to Lockheed (ExecutiveBiz) ImageWare Systems' biometrics platform will be incorporated into Lockheed Martin's Identity as a Service offering in the cloud as part of a three-year licensing agreement between both companies
Savvius Now Shipping Savvius Vigil Security Appliance (MarketWired) Savvius Vigil availability brings industry-leading visibility to security breach forensics
Scitor Corp., an SAIC Company, Adopts NexDefense Sophia™ software to Assess and Secure its Customers' Industrial Control Systems (ICS) (PRWeb) After successful evaluation, Scitor deems NexDefense Sophia network anomaly detection software a cornerstone technology for its control systems users; Strategic alliance driven by increase in frequency and sophistication of ICS-specific attacks in critical infrastructure
You Probably Can't Jailbreak This Tablet Made For America's Prisoners (TechCrunch) Private corrections service JPay introduced the JP5mini tablet last week, a tablet made specifically for the nearly two million incarcerated Americans that the company services in correctional facilities across 34 states
Technologies, Techniques, and Standards
Automobile Industry Gears Up For Cyber-Threat Intel-Sharing (Dark Reading) New auto industry ISAC is now official, with major automakers as the charter members
Pen testing tool or exploit? 6 samples of ways hackers get in (ITWorld) Attackers use the same tools in attacks that pen testers use to test. Six sample vulnerabilities and exploits
The difficult task of meeting compliance needs (Help Net Security) Compliance is a complex issue in many industries and organizations know all too well that there are major fines and potential punishments for not meeting the laws and regulations. Some major compliance regulations in the United States, including the Health Insurance Portability and Accountability Act (HIPPA), the Control Objectives for Information and Related Technology (COBIT) and Sarbanes Oxley Act (SOX), require businesses to ensure certain standards within their organizations, including protection of data and full disclosure
The myth of human weakness in security: How to turn staff into active network defenders (ZDNet) In a Q&A with ZDNet, Rohyt Belani, co-founder and CEO of PhishMe explains how employees can become a vital layer of defense for enterprise networks
Research and Development
Researchers build a transistor from a molecule and a few atoms (Phys.org) n international team of physicists has used a scanning tunneling microscope to create a minute transistor consisting of a single molecule and a small number of atoms. The observed transistor action is markedly different from the conventionally expected behavior and could be important for future device technologies as well as for fundamental studies of electron transport in molecular nanostructures
Academia
Illinois' Elite Cybersecurity Talent to Participate in U.S. Cyber Challenge Competition This Friday (CSSIA) This Friday, the state's top cybersecurity talent will compete in a cyber-attack and defense competition at the annual US Cyber Challenge (USCC) Cyber Camp hosted at Moraine Valley Community College in Palos Hills, Illinois. This "Capture the Flag" competition is the final skills assessment activity after a week of classes covering such subjects as packet crafting and pen testing. The winners of the competition will win an (ISC)2 scholarship voucher
Money talks: Send your kid to cybersecurity school (CSO) Parents may want to think about cybersecurity as an alternative to medicine and law for their ambitious college-bound kids
Legislation, Policy, and Regulation
Why government-mandated encryption backdoors are bad for US businesses (TechRepublic) Cybersecurity experts once again issue a stern warning about repercussions of adding US government-accessible backdoors
Should Some Secrets Be Exposed? (CNN via Schneier on Security) Recently, WikiLeaks began publishing over half a million previously secret cables and other documents from the Foreign Ministry of Saudi Arabia. It's a huge trove, and already reporters are writing stories about the highly secretive government
Adopting a Cooperative Global Cyber Security Framework to Mitigate Cyber Threat (Before it's too Late) (Voodoo Technology) The recent OPM cyber breach at the U.S. Government's Office of Personnel Management (OPM) provided a wakeup call to the seriousness and sophistication of the cyber security threat aimed at both the public and private sectors. The fact is that over 43% of companies had breaches last year (including mega companies such as Home Depot, JPMorgan, and Target. Moreover, the intrusion threats are not diminishing. For example, British Petroleum (BP) faces 50,000 attempts at cyber intrusion every day
Lawmakers take aim at accountability in U.S. cybersecurity (C4ISR & Networks) In the wake of the cybersecurity breach at the Office of Personnel Management that exposed sensitive data of more than 22 million people, Congress is looking to shore up federal cybersecurity while also making sure the government is held accountable when things go wrong
What Cobert brings to OPM (FCW) Beth Cobert is leaving her relatively sleepy perch as deputy director for management at the Office of Management and Budget to take over the scandal-wracked Office of Personnel Management
Transcom Nominee Pledges to Address Cyber Concerns (DoD News) President Barack Obama's nominee to be the next commander of U.S. Transportation Command told the Senate Armed Services Committee today that problems in the cyber domain worry him, and that he will emphasize operations to make that domain safer if he's confirmed
Deborah Lee James: Future USAF Cyber Hub to House Collaboration for Soldiers, Industry (ExecutiveGov) A future facility at the Air Force Academy in Colorado Springs will seek to give soldiers an environment for collaborations with industry and academia in the field of cybersecurity, the service branch?s top civilian leader has told ExecutiveGov
Criticism Continues on ICANN Proposal Over Lack of Anonymity (Legaltech News) Under the plan, website owners who use domains for commercial uses may need to provide a direct contact address when registering web addresses
Litigation, Investigation, and Law Enforcement
Court asked to kill off NSA's 'zombie dragnet' of Americans' bulk phone data (Guardian) ACLU accuses government of continuing to collect Americans' call records until end of year on basis of law which federal court has ruled prohibits exactly this
Authors Guild demands ISPs monitor, filter Internet of pirated goods (Ars Technica) "Technology that can identify and filter pirated material is now commonplace"
Dozens arrested in international crackdown on Darkode crime forum (Ars Technica) Arrests by FBI, Europol, and others reportedly take place in 18 countries
Europol 'dismantles' Spanish cyber-crime group (SC Magazine) EU law agency Europol and Spanish police mount operation 'Walker' to crack premium number phone scam
Photojournalist Convicted in Data Theft (NL Times) A 22 year old freelance 112 photo journalist from Drunen has been found guilty of computer intrusion after he found login details of a secure system online, used it to log in to the system and then spread the information. The court in Oost-Brabant sentenced him to 80 hours of community service, 40 of which are conditionally suspended
Hacker Gets 13 Years in Prison for Massive International ID Theft (Office of Inadequate Security) There's an important update in the case that involved Court Ventures/U.S. Info/Experian, and Dun & Bradstreet, although the government doesn't name the businesses in its press release
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, Jul 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program. There is no cost to attend this meeting
National Cybersecurity Center of Excellence (NCCoE) Speaker Series: Janet Levesque, Chief Information Security Officer at RSA (Rockville, Maryland, USA, Jul 16, 2015) Traditional security models are failing. While the idea of a shift from prevention to detection has gained traction, most current approaches to detection rely heavily on the same techniques that have rendered preventative tools ineffective. The ultimate goal — disrupting and stopping attacks — has continued to elude security experts. The next stage in the industry's evolution is to move to a stance of "dynamic defense," which combines the ability to detect an attack and fully understand its scope and potential impact on the business, and then use the information to disrupt the attack before adversaries can accomplish their goals
SINET 16 Application Deadline (San Francisco, California, USA, Jul 17, 2015) Innovative solutions frequently come from new and small companies. Our goal is to provide entrepreneurs from all over the world an opportunity to increase their product awareness to a select audience of sophisticated investors, builders and buyers. In order to participate, companies must have annual revenues of approximately fifteen (15) Million dollars or less. The application deadline is this Friday
TakeDownCon Rocket City (Huntsville, Alabama, USA, Jul 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their knowledge, giving delegates the opportunity to learn about the industry's most important issues. With two days and two dynamic tracks, delegates will spend Day 1 on the Attack, learning how even the most protected systems can be breached. Day 2 is dedicated to Defense, and delegates will learn if their defense mechanisms are on par to thwart nefarious and persistent attacks
The APTs are coming (New York, New York, USA, Jul 21, 2015) With cyberespionage and Advanced Persistent Threats (APTs) on the rise, it's important to understand today's threat landscape-and the ways you can keep your company safe. Join LIFARS, Kaspersky Lab, Cyphort, and vArmour for an informative breakfast discussion on the most effective solutions available for stopping advanced threats
California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation
CyberMontgomery 2015 (Rockville, Maryland, USA, Jul 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen other Federal agencies, plus regional State and local agencies, educational institutions (such as Montgomery College, the Universities at Shady Grove, a satellite campus of Johns Hopkins, and the Bethesda-based SANS Institute), plus scores of cyber companies, ranging from start-ups to multinational corporations such as Lockheed Martin, employing upwards of 37,000 people in cyber-related jobs. With cybersecurity constituting a major growth engine in the region for many years to come, and with leading Federal government, industry and academic assets already in place in the region, the annual CyberMontgomery conference serves to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. In that light, CyberMontgomery provides clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in the County, and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders
Career Discovery in Cyber Security: A Women's Symposium (New York, New York, USA, Jul 30, 2015) Our annual conference brings together some of the best minds in the industry, with the goal of guiding women with a talent and interest in cyber security into top-flight careers