The CyberWire Daily Briefing 10.15.15

Summary

By The CyberWire Staff

As Russia and the West (and particularly that part of the West the United States comprises) move into harsher discord and more open competition over Ukraine and Syria, observers discern a sharper edge to Russian cyber operations. A Bloomberg piece describes a "second front" in cyberspace, and characterizes Russian operations there as increasingly "brazen and destructive."

The Internet Storm Center looks at some recent Cisco reports on exploit kits and sees in them a trend: more Angler, less Nuclear.

The recent international takedown of Dridex has yielded one collar of an alleged botmaster. Many see the operation as a sign that law enforcement is making progress against at least this form of cyber crime. Dridex was the heir apparent to Gameover Zeus as the black market leader, but its reign was much shorter than expected. (Other observers see a greyer drizzle from the Dridex story: you, gentle reader, as a user are the weakest link.)

Android and (to a lesser but noticeable extent) iOS devices continue to exhibit vulnerabilities. Some believe that firms selling legal "rooting kits" for Android are enabling a great deal of illegal activity. And security researchers may, according to some, be falling out of their honeymoon love for OS X, if honeymoon it ever was.

In industry news, Symantec hints at more acquisitions to come. FireEye exhibits the share-price vagaries of any story stock. Blackberry says its regaining its rightful security "mojo."

New EU data protection rules are coming, and their likely effects are much debated.

Notes.

Today's issue includes events affecting China, Cyprus, European Union, Russia, Syria, Ukraine, United Kingdom, United States

Selected Reading

Cyber Trends

Former MI5 director optimistic about cyber security (ComputerWeekly) Cyber security is well on its way to maturing into a recognised threat internationally, with established ways of managing it, says former MI5 director

Internet of Things Security Issues Require a Rethink on Risk Management (Wall Street Journal) The mass adoption of the Internet of Things may be coming at the expense of thorough safeguards

Why blockchain heralds a rethink of the entire banking industry (ComputerWeekly) Blockchain, the distributed ledger technology behind bitcoin, is both a threat and an opportunity for financial services — and the banks are taking it very seriously

Stop focusing on gaps to gain influence as a security leader (CSO) A relentless focus on gaps in security negatively impacts our performance and degrades our influence. It's time for a change in approach

Consumers think IoT security is a piece of cake; IT pros have another name for it (IDG via CSO) Surveys find consumers are confident while security professionals are wary

Only 24% of IT pros are proactive when it comes to wearable security (Help Net Security) If you're an IT professional and nervous about the influx of wearable technology in the workplace and the security and management implications that come with that, you're not alone

The Cyber Threat (Cipher Brief) Africa faces some unique challenges pertaining to the security of mobile communications

Blog: 7 Technologies That Together Will Disrupt Humanity (SIGNAL) Remember this scene from The Graduate?

Legislation, Policy and Regulation

The countdown to the EU Data Protection Regulation (Help Net Security) The scope of the changes under the proposed shift to a single EU Data Protection Regulation, means that organisations should be doing the groundwork now to ensure they're not playing catch-up with compliance when the Regulation comes into force

Snowden showed need for new laws, says former MI5 director (ComputerWeekly) There is a lot of work to be done in building trust and accountability in the wake of the Snowden revelations, says former MI5 director

Opinion: Why we all have a stake in encryption policy (Christian Science Monitor Passcode) Rapid advances in technology could soon turn science fiction notions of effortless encryption into a reality. But ensuring that we can trust that technology will take more public vigilance against government and corporate eavesdropping

Influencers: Revise copyright law so researchers can tinker with car software (Christian Science Monitor Passcode) In light of the Volkswagen scandal, the US should revise copyright laws so that people can legally tinker with automotive software, a majority of Passcode Influencers said

DISA's evolving fight to defend DoD networks (C4ISR & Networks) As can be inferred by the organization's name, the Defense Information Systems Agency is in the business of defending IT security

Dateline

2015 AUSA Annual Meeting & Exposition, Day 3: Countering Extremist Threats, and Army Cyber Today and Tomorrow (The CyberWire) The third and final day of the AUSA Annual Meetings closed with a long and informative panel on the state and future of Army cyber. But a highlight of the afternoon was Secretary of Defense Ashton Carter's visit to the Cyber Pavilion. A number of speakers described the Secretary's strong interest in, and commitment to, Defense cyber capabilities. His conversations at the Cyber Pavilion gave some immediate currency to those descriptions

Internal DoD Effort Focuses on Individual Cybersecurity Responsibility (US Department of Defense) The Defense Department recently announced an effort to help individuals throughout the department do their part to protect the DoD Information Networks, or DoDIN

Officials: Be specific about cybersecurity during acquisition (C4ISR & Networks) The administration has been pushing agencies to include more cybersecurity language in contracts, specifically in citing control standards like those advanced by the National Institute of Standards and Technology. Some officials don't think those standards are enough and are encouraging agencies to get specific with vendors when writing cybersecurity requirements

'Threats in shadows': Experts discuss on-post active-shooter scenarios (Army Times) Every stateside soldier should know they may be targets of terrorist threats where they live, and every commander at a U.S. installation should know who to call if a threat appears at their gate, experts said at the AUSA convention on Wednesday

'Amber Alert' Type Warning System Sought for Army Bases (Army Times) With an eye on lone-wolf attacks against US troops, the Army official responsible for protecting its installations at home said he wants an "Amber alert" style notification system for Army bases

The next battle waged on the cyber range could be a DoD turf war (FierceGovernmentIT) Across the Defense Department, "cyber ranges" are being used to help the military train its cyber workforce and better test the information-technology weapons in its arsenal

Products, Services, and Solutions

New Partnership Taps Endpoint Modeling Techniques for Stronger Law Firm Security (Legaltech News) As Observable Networks founder Patrick Crowley explains, aging monitoring techniques have not caught up with evolving security standards, endpoint modeling offers a different path to identifying bad actors

Technologies, Techniques, and Standards

Global Internet experts reveal plan for more secure, reliable Wi-Fi routers (Help Net Security) In a letter submitted to the Federal Communications Commission (FCC), Dave Täht, co-founder of the Bufferbloat Project, and Dr. Vinton Cerf, co-inventor of the Internet, along with more than 260 other global network and cybersecurity experts, responded to the newly proposed FCC rules laid out in ET Docket No. 15-170 for RF Devices such as Wi-Fi routers by unveiling a new approach to improve the security of these devices and ensure a faster, better, and more secure Internet

NIST to fund identity ecosystem organization for another year (FierceGovernmentIT) The National Institute of Standards and Technology will fund the Identity Ecosystem Steering Group for another year, announced the nonprofit organization

Encryption is the only guarantee of data destruction in the cloud (Graham Cluely) Recently, American and British government leaders have made statements about the need to access encrypted information in order to hunt down criminals and prevent future terrorist attacks

An Atypical Approach To DNS (Dark Reading) It's now possible to architect network instrumentation to collect fewer data sources of higher value to security operations. Here's how — and why — you should care

Best Practices for Securing Remote Access (Infosec Institute) Most, if not all, of the day-to-day tasks performed in offices today rely heavily on technology, mainly computers, laptops, tablets & smart devices

Worried About Data Breaches? 7 Steps To Protect Yourself (Forbes) Did you apply for T-Mobile services anytime between September 1, 2013 and September 16, 2015 or have an account at Scottrade from the end of 2013 to early 2014?

Avoid Unwanted Applications (Webroot Threat Blog) Has your home page changed?

How to become a nightmare for cyber attackers (Help Net Security) Chris Nickerson, CEO of Lares Consulting, has been a penetration tester for the last 15 year or so. He headed red teams targeting systems and environments known and unknown, and wasn't always successful

Marketplace

Companies investing in cloud, security and Big Data are growing faster (Help Net Security) Organizations actively using cloud, mobility, big data or security technologies are experiencing up to 53 percent higher revenue growth rates than those that have not invested in these technologies, according to Dell

Secure networks are the key to unlocking A2P potential (Help Net Security) 75% of mobile network operators (MNOs) do not have the measures in place to control and monetize Application-to-Person (A2P) SMS traffic that traverses their network, according to research by analyst house mobilesquared

Women in security: Cultures, incentives that promote retention (CSO) While women remain in the minority in security positions, they are positioning themselves for success in the future of InfoSec

Symantec CEO: Expect security acquisitions after Veritas sale closes (Seeking Alpha) "You can definitely expect acquisitions from us," Symantec (NASDAQ:SYMC) CEO Michael Brown tells CRN

FireEye closes down 6.6% after Deutsche reports growing Palo Alto/Cisco competition (Seeking Alpha) Deutsche's Karl Keirstead (Hold) cut his FireEye (NASDAQ:FEYE) target by $9 to $35 today, while reporting reseller checks point to growing competition from Palo Alto Networks (NYSE:PANW) and Cisco (NASDAQ:CHKP), each of which offer cheaper rival malware-protection offerings (WildFire and Threat Grid, respectively)

BlackBerry aims to own mobile security and privacy (ComputerWeekly) BlackBerry views its transformation process as largely being about getting its "mojo" back around its "rightful place" in security and privacy

Research and Development

Forecasting cyber attacks not a rainy day goal for Intel community (Federal News Radio) Tornadoes have warnings; the flu season gets a prediction; even government unrest can be spotted before tempers flare — so why can't cyber attacks be spotted before they strike?

How the NSA can break trillions of encrypted Web and VPN connections (Ars Technica) Researchers show how mass decryption is well within the NSA's $11 billion budget

Security Patches, Mitigations, and Software Updates

Adobe says Flash fix will ship next week (CSO) New version to ship the week of October 19

October 2015 Patch Tuesday: Higher User Rights At Risk (TrendLabs Security Intelligence Blog) Microsoft released six patches this month, which included three rated as critical and the remaining as important

Microsoft improves security for Azure SQL Database (IDG via CSO) Security capabilities for managed database service help protect data

Cyber Attacks, Threats, and Vulnerabilities

Cyberspace Becomes Second Front in Russia's Clash With NATO (Bloomberg) Russian computer attacks have become more brazen and more destructive as the country grows increasingly at odds with the U.S. and European nations over military goals first in Ukraine and now Syria

Exploit kit roundup: Less Angler, more Nuclear (Internet Storm Center) Earlier this month, Cisco's Talos team published an in-depth report on the Angler exploit kit (EK)

Dridex Takedown Might Show Evidence Of Good Guys' Gains (Dark Reading) Researchers believe Dridex swooped in to fill Gameover Zeus' hole in the black market, but it didn't have time to grow as big as its predecessor before being stopped

YOU are the computer security problem! (Graham Cluley) Today law enforcement agencies warned the public about the Dridex malware that has been targeting customer of online banks for the last year or so

Uber error leaks US-based drivers' data (BBC) Uber has acknowledged that a flaw in its software caused it to leak personal data belonging to its drivers

87% of Android devices are exposed to at least one critical vulnerability (Naked Security) We already know that Android handset makers don't always deliver security updates in a timely way

'Legitimate' rooting apps paving way for malware (CSO) Companies that create tools for "rooting" Android phones may be within the law, but they may be inadvertently paving the way for malware developers

Hijacking phones with radio waves, Siri and headphones. Should we worry? (Naked Security) Personal assistants on smartphones — Siri on the iPhone, Google Now on Androids, and Cortana on Windows Phone — allow us to do a lot of things with only a voice command

Is Apple's security honeymoon on OS X ending? (IDG via CSO) Apple has hardened El Capitan, but OS X is under more scrutiny than ever

Opinion: Presidential campaigns' thirst for big data threatens voter privacy (Christian Science Monitor Passcode) Presidential campaigns are using sophisticated data mining and analytics software to gain the edge when it comes to courting voters. But the wholesale collection, storage, and sale of voters' political information raises serious questions over how potential supporters are targeted and how their information is exploited

The Web's 10 most shady neighborhoods (CSO) These 10 top-level domains are the Web's shadiest neighborhoods, the ones most associated with suspicious websites

Academia

Universities trying to safeguard sensitive student, parent data (Business Insurance) Universities have been requiring and retaining students' and parents' sensitive financial and medical information for decades and are taking steps to safeguard it from hackers

Federally funded education programs aren't effectively closing the cybersecurity skills gap, says panel (FierceGovernmentIT) Some federally managed university education programs focused on cybersecurity cannot, in their current state, address the skills gap for operational cyber defense talent in the federal government, according to a report

Litigation, Investigation, and Enforcement

Dridex botnet taken down, multi-million bank fraud suspect arrested (Naked Security) The US Department of Justice (DoJ) has just announced the disruption of an active botnet and the arrest of its alleged operator

Microsoft details takedown requests in expanded transparency report (IDG via CSO) Overall requests for data from Microsoft's services have grown

'Fixed' app that fights parking tickets blocked in 3 cities (Naked Security) San Francisco is extremely scrupulous about its extremely complicated parking rules

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

NASA Goddard Cyber Expo (Greenbelt, Maryland, USA (also available by webex), October 2, 2014) The 2014 Goddard Cyber Expo will be a dedicated Information Technology & Cyber Expo at this secure facility hosted by the Office of the Chief Information Officer. The OCIO will be recruiting speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions. This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location

7th Semi-Annual ENAM Conference: the Borderline Between Cybersecurity and Individual Freedoms (Vilnius, Lithuania, October 16, 2015) This half-day conference in Vilnius will address topics such as the latest cyber-threats, most recent developments in the European and US regulatory framework, as well the consequences of these developments for private individuals and businesses. Under discussion will be imperatives and challenges, solutions and ideas to make cyberspace resilient

BSides Portland (Portland, Oregon, USA, October 16 - 17, 2015) BSides PDX is a gathering of the most interesting infosec minds in Portland and the Pacific Northwest! Our passion about all things security has driven attendance from other parts of the country. Our goal is to provide an open environment for the InfoSec community to engage in conversations, learn from each other and promote knowledge sharing and collaboration

SecTor (Toronto, Ontario, Canada, October 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors

Cyber Defense San Diego 2015 (San Diego, California, USA, October 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have Certifications that are aligned with DoD Directive 8570/8140 and most courses at this event are associated with GIAC Certifications. SANS delivers unparalleled security training with world-class Instructors

2015 Cyber Risk Insights Conference (New York, New York, USA, October 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20, 2015

2015 Government Cybersecurity Forum (Washington, DC, USA, October 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate, the hottest debate in cybersecurity revolves around the balance between privacy, anonymity, technology and security. For the first time ever, join leading government, military, technology and policy experts as they gather in one room to help solve this urgent issue facing the government and industry in securing infrastructure

Münchner Cyber Dialog (München, Bayern, Germany, October 21, 2015) Die Konferenz stellt eine Dialogplattform zwischen Politik, Wirtschaft, Wissenschaft und Verwaltung dar, um die gesamtgesellschaftlichen Chancen und Risiken des Digitalisierungsprozesses zu erörtern. Der Schwerpunkt liegt dabei auf der Bedeutung hochwertiger, sicherer und vertrauenswürdiger IT-Infrastruktur als Basis industrieller Produktion und gesamtwirtschaftlicher Entwicklung in Deutschland. Der Dialog dient als Katalysator gemeinsamer Anstrengungen zur sicheren Gestaltung des Digitalisierungsprozesses

Cyber Security Summit: Boston (Boston, Massachusetts, USA, October 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services

Cyber Liability Summit (New York, New York, USA, October 21, 2015) Attendees of the CLM Cyber Liability Summit will come away with a full understanding of the risks, exposures, development of claim activity and trends in the areas specific to Data and Network Security, Privacy and Social Media, and the types of cases that result from such. The distinguished presenters will lead interactive sessions on essential cyber liability topics to ensure attendees have the most comprehensive and up-to-the-minute information needed to flourish in an ever-changing environment

Swiss Cyber Storm (KKL Lucerne, Switzerland, October 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The event also includes a cyber challenge competition held beforehand, which offers the best security talents a chance to be invited to the conference

DevSecCon (London, England, UK, October 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the best of both worlds

2015 North American International Cyber Summit (Detroit, Michigan, USA, October 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight year. As in the previous three sold-out summits, this year's event will bring together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use

ICS Cyber Security Week (Atlanta, Georgia, USA, October 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following sectors: energy, utility, chemical, transportation, manufacturing, and many more

Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, October 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at Peterson AFB on Tuesday, October 27, 2015 and at Ft Carson on Wednesday, October 28, 2015. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems

Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, October 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from financial services and other key industries. Viney Patel, Director, Global Head of Information Security at Citi Technology Infrastructure and Dan Reynolds, VP, Chief of Security and Information Architecture at Omnicom Media Group will be keynote speakers

Data Breach Summit Asia 2015 (Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent cyber security breaches as well as how to mitigate the situation should a breach occur. The summit will provide an unparalleled platform to the attendees to engage in dialogue on real-world solutions protecting their organisations

Technology & Cyber Awareness Day (Aurora, Colorado, USA, October 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and Intelligence personnel. FBC will invite personnel from all major units and tenants at Buckley AFB, including ADF personnel

CyberMaryland 2015 (Baltimore, Maryland, USA, October 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"

Cyber Security World 2015 (Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private sector attendees. Join us in Washington, D.C. for two days of deep dive discussion on cybersecurity management and strategy, operations, cybercrime, and privacy. You're sure to walk away with new ideas you can implement in your organization to combat the cyber threat

Hackito Ergo Sum (Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking, non-x86 exploitation, mobile hacking, offensive forensics, hardware & firmware hacking, brain hacking, automated hardware reverse engineering

8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, October 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.