The CyberWire Daily Briefing 09.16.15

Summary

By The CyberWire Staff

A US Government audit of the Department of Homeland Security finds deficiencies in that Department's network security, particularly in the Secret Service and Immigration and Customs Enforcement. The findings call out deficiencies in training and pernicious effects of budgetary constraints.

Trend Micro reports on "Operation Iron Tiger," a presumably Chinese government action that began by targeting the Asia-Pacific region, but has recently turned its attentions to North America.

More notes appear on the Corebot botnet malware: cleverly crafted and unpleasantly elusive.

Security firms warn again of the risk of backdoored routers.

Securi observes hackers abusing Google webmaster tools to cloak and prolong their malicious activity.

A flaw in an iOS library is reported to permit writing of arbitrary files by Airdrop.

The legal conflict between FireEye and ERNW is seen as exemplifying (and clarifying) two different approaches to disclosure.

In industry news, the Carlyle Group and the Chertoff Group take a majority position in Coalfire. CRGT and Salient finalize their merger. IBM reveals more details of its positioning for the Internet-of-things market.

Nine major investment banks announce their backing of a blockchain standards initiative.

Observers are disappointed by US failure to follow up (so far) on plans to sanction China for cyber espionage. This is seen as indicative of how problematic deterrence remains in cyberspace.

Proposed US Defense acquisition regulations continue to draw industry ire. Opponents of the proposed rule find a Congressional champion in Senator McCain.

Twitter "eavesdropping" algorithms attract a class action suit.

Banks' suit against Target proceeds.

Notes.

Today's issue includes events affecting China, Denmark, New Zealand, Philippines, United Kingdom, and United States.

We continue our coverage of Borderless Cyber (organized by OASIS and the World Bank). Watch for live-tweeting from the event, #BorderlessCyber. Tomorrow we move on to the Sixth Annual Billington Cybersecurity Summit. Full coverage of the events will continue in the CyberWire through week's end.

Selected Reading

Cyber Trends

These Warring Security Firms Show Both Sides of the Security Vulnerability Debate (Slate) The ongoing battle between researchers and vendors over the public disclosure of security vulnerabilities in vendor products took a bizarre turn last week in a new case involving two security firms, FireEye and ERNW

Kitchen etiquette and birthdays get more attention than data security says Centrify report (SourceWire) One in three IT decision makers have to fight for stricter security protocols

Legislation, Policy and Regulation

Disconcerting U.S. Cyber Deterrence Troubles Continue (Lawfare) Two weeks ago the newspapers were filled with leaked threats that the U.S. government was "developing a package of unprecedented economic sanctions against Chinese companies and individuals who have benefited from their government's cyber theft of valuable U.S. trade secrets"

McCain comes out against DoD rule that requires more data from commercial contractors (FierceGovernment) Sen. John McCain (R-Ariz.) came out last week against a proposed rule that would allow Defense Department procurement officers to ask private companies for more information on costs and pricing before deciding on a contract

Senator McCain Urges Secretary Carter to Rescind Proposed Acquisition Rule (US Senate Armed Services Committee) U.S. Senator John McCain (R-AZ), Chairman of the Senate Armed Services Committee, sent a letter today to Secretary of Defense Ash Carter regarding a new proposed Defense Federal Acquisition Regulation rule on commercial item acquisition (DFARS Case 2013-D034). The new rule could effectively preclude any significant participation by commercial firms in defense programs

Defense Federal Acquisition Regulation Supplement: Evaluating Price Reasonableness for Commercial Items (DFARS Case 2013-D034) (Federal Register) A Proposed Rule by the Defense Acquisition Regulations System on 08/03/2015

Jeb Bush unveils cybersecurity plan (USA Today) Two days before the second Republican debate, Jeb Bush unveiled a cybersecurity plan Monday that he cast partly in terms of economics

Dateline

Borderless Cyber 2015 (OASIS) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices and tools

Challenges and Opportunities: Information Sharing in a Borderless Domain (The CyberWire) Borderless Cyber 2015 convened at the World Bank in Washington, DC, yesterday. Organized by OASIS, the not-for-profit open standards organization, the conference addressed the challenges and opportunities cyber information sharing presents internationally

Products, Services, and Solutions

Helping Banks Spot Vulnerable Servers … in Seconds (American Banker) When Orion Hindawi attended a dinner with executives from a global bank that recently became a customer of the cybersecurity company he co-founded

Palo Alto launches service for protecting enterprise cloud apps (Seeking Alpha) Palo Alto Networks (PANW +2%) today announced availability of Aperture, a new security-as-a-service offering to help organizations safely enable and strengthen security for sanctioned SaaS applications, such as Box, Dropbox, Google Drive, and Salesforce

InvizBox unveils Go prototype that provides mobile users a VPN over public Wi-Fi (FierceITSecurity) A major concern of IT security folks is when an employee uses insecure public Wi-Fi to connect to the corporate network

Xerox Unveils Printed Memory Labels for Anti-Counterfeit Product Efforts (ExecuitveBiz) Xerox has launched two electronic-based printed labels the company built to store data that can be used to track the condition and verify the authenticity of a product

Technology that predicts your next security fail (Computerworld) In 2013, the IRS paid out $5.8 billion in refunds for tax filings it later realized were fraudulent

Fortinet offers up SDN security framework (ChannelLife) Fortinet has announced a new software defined network security framework, which it says is the first of its kind and provides advanced threat protection through the integration of security directly into modern data centre environments

Kaspersky: Great product, dreadful installation/upgrade process (Computerworld) All companies need to pay more attention to the experience that ordinary users have when they try to install new products and upgrades

Agari and RiskIQ Join Forces to Share Threat Data to Fight Cybercriminals (Digital Journal) Agari, the leading provider of data-driven security solutions that detect and prevent advanced email cyberthreats, and RiskIQ, the Enterprise Digital Footprint Security company, today announced a strategic partnership to exchange threat intelligence data

Technologies, Techniques, and Standards

The Network's Role as a Security Sensor and Policy Enforcer (Network World) Networks can (and should) be used to improve risk management as well as incident prevention, detection, and response

The Cyber Resilient Organization: A Q&A with Dr. Larry Ponemon (Resilient Systems) "Cyber resilience" is a relatively new term, but it seems to be here to stay. Organizations globally realize it's a critically important part of their cybersecurity strategies

Blockchain initiative backed by nine large investment banks (Financial Times) Nine of the largest investment banks, including Goldman Sachs, JPMorgan and Credit Suisse, are planning to develop common standards for blockchain technology in an effort to broaden its use across financial services

Orrstown Bank CISO finds peace after struggle with app security (FierceITSecurity) Orrstown Bank, a community bank with hundreds of applications third-party vendors had provided, needed to secure those applications in a way that would meet strict financial security regulations

Gas stations beefing up security in wake of 'skimmers' (Fox 17) Thieves stealing right from your credit card as you pump gas

Marketplace

The Carlyle Group and The Chertoff Group Acquire Majority Stake in Coalfire Systems (BusinessWire) Investment to fuel innovation and growth at cybersecurity service and technology provider

Salient Federal Solutions and CRGT Announces Closing of the Merger Transactions (PRNewswire) The combined company will benefit new and existing customers through greater technical expertise, enhanced mission capabilities, and broader resources

4 Cybersecurity Stocks That Are Good Buys Right Now (The Street) Cybersecurity stocks have taken a tumble recently on fears that the sector may have gotten ahead of itself, but analysts are seeing some good buying opportunities amidst the downturn

Six Software Picks in Cybersecurity (Barron's) CyberArk and Palo Alto stand out but Check Point, FireEye, Fortinet and Proofpoint are also rated at Outperform

Top Growth Pick: The KEYW Holding Corporation (NASDAQ:KEYW) (Enterprise Leader) The KEYW Holding Corporation (NASDAQ:KEYW) has received a top Growth Style score from Zack's Research

Ex-Spies Join Cybersecurity Fight (Wall Street Journal) Firms turn to cloak-and-dagger tactics to infiltrate hacker groups and pre-empt attacks

L-3 Awarded Potential $193M DIA Intell Analysis Support Task Order (GovConWire) An L-3 Communications (NYSE: LLL) business segment has received a potential $193 million task order for intelligence analysis support under the Defense Intelligence Agency's Solutions for Intelligence Analysis II contract

IBM Announces the Creation of IoT Business Unit (Legaltech News) New unit will see $3 billion in investment over the next four years

IBM appoints leader for its Internet of things practice (Fortune) Harriet Green is taking on a well established collection of technologies and businesses related to connected sensors and data analytics

Cyber Attacks, Threats, and Vulnerabilities

Homeland Security websites vulnerable to cyber attack: audit (Reuters) The U.S. department charged with protecting government computers needs to secure its own information systems better, according to an audit released on Tuesday that showed lapses in internal systems used by the Secret Service and Immigration and Customs Enforcement

Operation Iron Tiger: How China-Based Actors Shifted Attacks from APAC to US Targets (TrendLabs Security Intelligence Blog) Key individuals, who are believed to be part of a China-based attack group, have been stealing years of valuable government and corporate information from defense and high technology organizations in the US since 2013 and political and government-related entities in China, Hong Kong, and the Philippines since 2010

Corebot cleverly written botnet malware with growth potential (CSO) There's a new botnet malware on the loose, called Corebot, that researchers believe has the potential to develop into a significant threat

Backdoored Business Routers An Emerging Threat (Dark Reading) Discovery of malicious implants in 14 Cisco routers, "tip of iceberg" FireEye says

Hackers target Google webmaster tools to prolong website infections (FierceITSecurity) Hackers who compromise websites are using additional measures to prevent legitimate owners from detecting the presence of malicious or spam content that is inserted into their sites, according to a report by security vendor Securi

Bug in iOS and OSX Allows Writing of Arbitrary Files via Airdrop (Threatpost) There is a major vulnerability in a library in iOS that allows an attacker to overwrite arbitrary files on a target device and, when used in conjunction with other techniques, install a signed app that the device will trust without prompting the user with a warning dialog

Malicious spam with zip attachments containing .js files (Internet Storm Center) On 2015-07-29, the ISC published a diary covering malicious spam (malspam) with zip archives of javascript

Would your IT manager go rogue for $2,000? (FierceITSecurity) Would your IT manager become a hacker for $2,000 or less? Maybe

Academia

NYU Launches Emerging Threats Initiative (Homeland Security Today) In today's era of cyberterrorism and human trafficking, Russia's annexation of Crimea and the black-flag legions of ISIS in Iraq and Syria

Litigation, Investigation, and Enforcement

Twitter Hit With Class Action Lawsuit for Eavesdropping on Direct Messages (Billboard) The lawsuit targets algorithms that "intercept" and replace links

Judge certifies class action over Target data breach (Business Insurance) A U.S. judge on Tuesday certified a class action against Target Corp. brought by several banks over the retailer's massive data breach in 2013

Danish man arrested after cyber attack on Auckland girl (Aukland Now) A Danish man has been arrested and charged with hacking private computers and posting photos online

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel

Hacker Halted 2015 (Atlanta, Georgia, USA, September 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities plaguing the virtual world. Hacker Halted will also feature several highly technical and advanced workshops that cover the most current security topics and will include EC-Council's most sought after certification classes. Hacker Halted runs concurrently with the invitation-only Global CSO Forum

EnergySec 11th Annual Security & Compliance Summit (Washington, DC, USA, September 14 - 16, 2015) For more than 10 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity to mingle with asset owners, government agencies, researchers, consultants, vendors and academia under one roof

Borderless Cyber 2015 (Washington, DC, USA, September 15 - 16, 2015) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices and tools. Hosted at The World Bank headquarters in Washington, DC, the conference will generate dialogue across government and business, combining high-profile guest speakers, interactive roundtable sessions, and moderated debates. Additional networking events will complement each day's agenda, offering opportunities for real-time collaboration

Detroit Secure World (Detroit, Michigan, USA, September 16 - 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Risk management and enterprise cyber defense strategies figure among the agends

Cyber Security Summit: New York (New York, New York, USA, September 17, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services

6th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 17, 2015) Join key leaders and decision makers from government, military and the private sector at this one-day intensive networking event as participants focus on the next generation of solutions to ensure this nation's cybersecurity

Hacker Halted (Atlanta, Georgia, USA, September 17 - 18, 2015) Hacker Halted is a global series of computer and information security conferences presented by EC-Council. The objective of the Hacker Halted conferences is to raise international awareness towards increased education and ethics in IT security

Cyber Security Summit: New York (New York, New York, USA, September 18, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services

Data Breach Investigation Summit (Dallas, Texas, USA, September 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations, agencies and individuals need to learn how to more effectively, identify/detect that the breach has occurred, respond to the breach in an effective and timely manner, investigate the breach, and prevent/defend the organization from future breaches

St. Louis SecureWorld 2015 (St. Louis, Missouri, USA, September 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. The security implications of the Internet-of-things will be among the topics discussed

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.