The CyberWire Daily Briefing 01.05.15

Cyber Trends

In 2015, hackers will evade arrest by framing the innocent (BusinessTech) Fortinet, a network security firm, says that in 2015, advanced evasion techniques will evolve in order for cyber attackers to cover their tracks

Emerging global cyberlaw trends in 2014 (Business Standard) 2014 was the year when dark web started emerging, primarily due to the iCloud hacking of celebrities' pictures

Cyber criminals demand a modern approach to security (Stuff) Craig Richardson is chief executive of Wynyard Group, a market leader in risk management and crime fighting software. He looks at trends in the industry for 2015

The biggest security debacles of 2014 show that enterprises are still failing at the basics (VentureBeat) As 2014 wraps, it's safe to say that we have had some of the most publicized, devastating data breaches in years, including massive hacks on Target, JP Morgan Chase, and Sony

Cyber Security Professionals Predict Their Biggest Concerns For 2015 (Forbes) With 2014 in the rear view mirror, it is fun to look forward to the year ahead and see if we can predict what may happen over the next twelve months. At the same time, predictions can prove to be very useful for businesses that are planning budgets and spending. So every December, cyber security experts begin to make their predictions on the future of information and network security

Number of cyber attacks on retailers drops by half (Help Net Security) Despite an 50 percent decline in the number of attacks against U.S. retailers, the number of records stolen from them remains at near record highs. IBM Security researchers report that in 2014, cyber attackers still managed to steal more than 61 million records from retailers despite the decline in attacks, demonstrating cyber criminal's increasing sophistication and efficiency

One billion more cyber threats in 2014 (iolscitech) Online security company Kaspersky Lab's experts report considerable growth in the number of malicious attacks on user computers and mobile devices, further development of financial malware and a change in the vectors of web attacks

Long-Running Cyberattacks Become The Norm (Dark Reading) Many companies are so focused on the perimeter that they have little idea what's going on inside the network

Botnets in 2014: ZeuS surge, lax policies place Web users at risk (ZDNet) Financial and personal data increases in value, botnet use rises. Are companies doing enough to stem the flow?

New year, new threats — The top 10 emerging threats of 2015 (Channelnomics) Join us every day for the next 10 days to find out what you should be worrying about in 2015

Keeping Safe in the New Year (US News and World Report) After a year of major hacks, cybersecurity resolutions for 2015

Pretty much every smart home device you can think of has been hacked (News) At this time last year, numerous pundits were calling 2014 the year of the Internet of Things. The prediction was everywhere. Of course there were some sceptics, but buzz around smart homes, the quantified self, and general interconnectivity felt ubiquitous

Sony Attack: an Australian Perspective (CSO) The cyber-attack on Sony Pictures Entertainment in late November is not the first time that the Sony Corporation has been a target for cyber-criminals and if anything can be learned from the attacks, it is that corporations are not taking cyber-security seriously

Kansas faces stream of cyber threats, official says (Kansas City Star) Sony is the latest example of a big organization getting hacked, including (possibly) by a nation-state like North Korea. But everybody gets attacked now, and nearly every day. Including the state government of Kansas

Legislation, Policy and Regulation

India lifts block on Vimeo; Pastebin, Internet Archive, others still banned (ZDNet) The Indian government's internet block on 32 websites, affecting nearly 300 million citizens, was lifted on four websites but still blocks Pastebin, Internet Archive, and others for allegedly hosting terrorist content

Israel Seeks Space, Cyber Cooperation with Japan (Defense News) The Israeli Cabinet on Sunday approved an investment plan aimed at strengthening trade ties with Japan across a spectrum of sectors, including space- and cyber-related research and development

Sony and the problem of deterrence against cyber-attack (Communites Digital News) The attack on Sony may not have come from North Korea or China, but it raises a serious question: Can we deter Chinese, Russian, Iranian and Korean cyber-attacks?

Offshoring Data Won't Protect It From The NSA (TechCrunch) The United States is the physical hub of the global Internet. Data from around the globe crosses gateways and servers in the United States. This basic fact, obscured by hazy visions of a borderless Internet cloud, is part of what accounts for global dismay at the revelations of extensive spying by the National Security Agency

Sony hack could be game changer (The Hill) The high-profile hack at Sony Pictures has injected new urgency into the years-old push for cybersecurity legislation, with a broad spectrum of lawmakers suddenly vowing to take action in the new Congress

Coburn report: Department of Homeland Security is failing in all of its missions (Examiner) On January 3, 2015, Senator Tom Coburn released the report that outlines his findings pertaining to the efficacy of the Department of Homeland Security (DHS) in executing its primary missions. Senator Coburn has been a member of the Senate Homeland Security and Governmental Affairs Committee since 2005. The report finds that the DHS is failing miserably in every one of its stated missions. Since criticizing the DHS is an unspoken taboo for most of the mainstream media, this report was released on Saturday and received very little press coverage. Traditional reporting typically defends the DHS by telling the viewing audiences that the agency is comprised of "our best," all of whom are risking their lives to protect the nation. In reality, neither of those statements holds water

Cyber spies on the rise in U.S. technology (Herald and News) Dangers are growing in cyberspace. Not only are thieves learning to siphon off millions of credit card numbers and email addresses but elaborate pieces of malware are capable of spying on whole organizations for long periods of time, capturing computer screens, keystrokes and data, transmitting it all to distant servers without being detected

Products, Services, and Solutions

G DATA publishes Tool against Spyware Regin (Virtual Strategy Magazine) Regin attacks Companies, Organisations, Researchers and Authorities. Use the G DATA script to detect the spyware

AVG AntiVirus 2015 Review: Lightweight Security for Your PC (JBG News) A lot of antivirus programs available these days tend to have a lot of extra features that make them more like computer security suites than just straight-up antivirus software. While they may be enticing due to their purported Swiss knife style versatility, they could also make the system run sluggishly. Due to this, many customers have turned to more lightweight security solutions that won't bog computers down while still catching anything and everything malicious that may try to get in

WP Pro Host Launches New WordPress Designed Hosting Service Providing Secure Website Services (Virtual Strategy Magazine) All secure website hosting service packages come embedded with 12 significant features that all hackers absolutely hate. WP Pro Host offers its customers very Secure and well protected web hosting

Technologies, Techniques, and Standards

Triaging a System Infected with Poweliks (Journey Into Incident Response) Change is one of the only constants in incident response. In time most things will change; technology, tools, processes, and techniques all eventually change. The change is not only limited to the things we rely on to be the last line of defense for our organizations and/or customers. The threats we are protecting them against change too. One recent example is the Angler exploit kit incorporating fileless malware. Malware that never hits the hard drive is not new but this change is pretty significant. An exploit kit is using the technique so the impact is more far reaching than the previous instances where fileless malware has been used (to my knowledge.) In this post I'm walking through the process one can use to triage a system potentially impacted by fileless malware. The post is focused on Poweliks but the process applies to any fileless malware

Defensible network architecture (Internet Storm Center) For the nearly 20 years since Zwicky, Cooper and Chapman first wrote about Firewalls the firewall has been the primary defense mechanism of nearly every entity attached to the Internet. While perimeter protection is still important in the modern enterprise, the fact is that the nature of Internet business has vastly changed and the crunchy perimeter and squishy inside approach has long since become outdated. You can't deny what you must permit and the primary attack vectors today appear to be email and browser exploits; two aspects of your business model that you cannot do without and which can give the bad guys a foothold inside your perimeter protections

Malware defense: How to detect and mitigate advanced evasion techniques (TechTarget) Expert Nick Lewis explores a number of techniques used by advanced malware to evade detection and explains how to detect and mitigate the threats

Is secure cloud the next step in the evolution of information security? (Information Age) How next-generation information security will move to the cloud

Lock your cloud backups away with an encryption key (Macworld) It's generally easier to keep safe the files we have under our control, on our internal and external drives, than those that waft far away from us on cloud-storage backup systems. Different backup services handle how they send data for storage and how they encrypt it once it arrives

Hacker Traps: Fake Computers Used as Bait in Hunt for Cyber Criminals © flickr.com/ Brian Klug (Sputnik News) With recent news of hackers infiltrating private corporations and general unease mounting that a new Cold War could be playing out across our desktops, a new generation of cyber security experts are working on a new strategy: instead of building walls for online information protection, lay traps

3 Lessons Startups Can Learn from the Sony Hack (Tech Cocktail) Recently, the world watched a drama fit for Hollywood unfold before its eyes. There was espionage, dangerous threats, embarrassing revelations, ultimatums, and of course, a rogue nation state behind the sinister plot. And like any great movie, the good guys triumphed in the end

The Cybersecurity Tipping Point (TechCrunch) As we bear witness to the aftermath of major attacks this year against the likes of Target, Home Depot, Neiman Marcus and most recently, Sony, it becomes clear that we are entering an entirely new "war" against cyber crime. Those who do not change their approach will lose

Marketplace

Feds Seek Security Experts for Vast Obamacare Records' Trove (Newsmax) The Department of Health and Human Services has issued a notice seeking contractors to run its records division for Obamacare and Medicare, and to prevent sensitive private information being leaked or stolen

Boards Dissatisfied With Cyber, IT Risk Info Provided by Management (SecurityWeek) A recent survey from the National Association of Corporate Directors (NCD) found that the majority of directors are dissatisfied about the quantity of information provided by company management about cybersecurity and IT risk

Australia getting smarter about security intelligence (CSO) Sophisticated end-user applications are creating buoyant local demand for security information and event management (SIEM) solutions

Wilson's 2015 predictions: Tech stocks, wearables, cybersecurity, Bitcoin (Seeking Alpha) "Safety used to mean gold, US treasuries, and blue chip stocks. Now it means Google, Apple, Amazon, and Facebook," says high-profile VC Fred Wilson while offering his 2015 predictions. Though believing rising interest rates and low oil prices will trigger "a noticeable flight to safety," he sees major tech firms continuing to have easy access to capital

Symantec's Revival: The Security Business Holds The Key (Seeking Alpha) In this article, we will provide a brief overview of the major events during the year and examine why Symantec's security business is the key to its revival in the post-restructuring era

Fortinet: How To Ride The Cyber Security Wave Into 2015 (Seeking Alpha) Cyber Security has gained attention in the last year but the attention is not over, especially with the cloud and Internet of Things becoming central to our every day lives. Fortinet Inc. is a solid midcap company with zero debt and rising revenue. Although the company is trading at a higher price than others of the same sector, a recent buy signal has materialized on its trend upwards in 2014

Nice-Systems Ltd Downgraded to Neutral at Zacks (NICE) (Midesat Times) Zacks lowered shares of Nice-Systems Ltd (NASDAQ:NICE) from an outperform rating to a neutral rating in a research report released on Friday morning. Zacks currently has $54.70 price objective on the stock

Tangible Security Just Raised $6 Million (DCInno) McLean, Va.-based cybersecurity company Tangible Security has raised $6 million in equity according to an SEC filing on Thursday. The company specializes in cybersecurity contracts for the U.S. defense and intelligence agencies. The company is headquartered in Columbia, Md. but has its operations office in McLean

Mighty morphin' exfiltrators (Fortune) A novel approach to cyber security may allow Shape Security to use the architecture of the Web to protect a company's employees

EU Research Group Names G DATA most Innovative Cyber Security Company (IT Business Net) EU community project IPACSO (Innovation Framework for Privacy and Cyber Security Market Opportunities) honoured IT security companies and technologies from all over Europe for the first time this year. In the "Innovative Cyber Security Company" category, the jury consisting of researchers and companies named G DATA as the most innovative IT security provider in Europe

Security Patches, Mitigations, and Software Updates

Security bolstered on myGov website after dire warnings (The Age) Your highly personal government records are now just that little bit safer. The federal government's online myGov portal — which allows millions of Australians to access their private government tax, health and other records — has finally introduced a long-awaited security measure experts have previously said was urgently required

Why Google Just Published a Windows Bug Before Microsoft Fixed It (TIME) Google's 'Project Zero' gives software makers 90 days to fix problems

PayPal Complete Account Hijacking Bug Gets Fix, No Award Given (Softpedia) A security researcher presenting his findings about a new method for stealing sensitive information from a PayPal account received no reward through the Bug Bounty Program, although security experts at the company fixed the bug the moment they checked the proof-of-concept

Google Inc (GOOGL) Awards $50,000 To Group Of Polish Researchers Who Revealed Loopholes In Google's Cloud (Bidness ETC) Google gave Security Explorations $50,000 for detecting holes in its App Engine cloud

Cyber Attacks, Threats, and Vulnerabilities

Al Qaed Arr: Bristol bus timetable hacked by terrorists (who thought they would cause travel chaos in 'the West') (Telegraph) Cyber terrorists thought the TravelWest website was for a more influential website promoting travel around the Western world — not the West Country

An Extremist Muslim Hacking Group Appears To Have Accidentally Attacked A Small Trip-Planning Website (Business Insider) It seems odd that a Tunisian hacking group would hit a local bus timetable

4Chan DDoSed by Lizard Squad's DDoS Rent-A-Tool Lizard Stresser (TechWorm) The infamous band of hackers, Lizard Squad, which brought down the PlayStation Network and Xbox Live servers through Christmas with DDoS attack, are in the news again. This time the target is 4Chan.org, the popular image boarding website and tool used is the DDoS on rent, Lizard Stresser

U.S. Spies Say They Tracked 'Sony Hackers' For Years (Daily Beast) American spies have detailed dossiers on the North Koreans who the U.S. says were behind the Sony attack. But the still-secret evidence likely won't convince skeptics

The Real Cybercrime Geography (TechCrunch) When Sony Pictures was the target of a recent cyber attack, computer experts were quick to speculate that North Korea was behind the digital infiltration. Things happen quickly in the digital world, and now many experts are doubting the original idea that North Korea walked around inside Sony servers in reprisal for "The Interview"

US sanctions North Korea over Sony hack and classifies attack evidence (Ars Technica) The US is lobbing fresh sanctions against North Korea as a response to the cyber attack on Sony Pictures Entertainment even as President Barack Obama's administration refuses to provide evidence of Pyongyang's involvement

U.S. Sanctions North Korea Defense Agencies, Individuals in Sony Hack (Threatpost) President Obama today signed an Executive Order authorizing sanctions against North Korea for its alleged involvement in the Sony hack

What We Know About the New U.S. Sanctions Against North Korea In Response to Sony Hack (Wired) President Obama has signed an executive order issuing sanctions against North Korean businesses and entities in the wake of the Sony Pictures hack

US levies sanctions against North Korea because of umm… the Sony hack (Graham Cluley) In 1965, the British government announced that The Beatles had been awarded with MBEs (Members of the Most Excellent Order of the British Empire)

Sony cyber-attack: North Korea calls US sanctions hostile (BBC) North Korea has described new sanctions imposed in response to a major cyber-attack against Sony Pictures as part of a hostile and inflammatory US policy

Sony Case Among Growing Number of Cyber Ransoms: Benner (Bloomberg via Insurance Journal) Just three days before cyber-attackers crippled Sony Pictures, the hackers sent an e-mail to executives Michael Lynton and Amy Pascal that said they would do great damage to the company if they weren't paid off

Pilgrim Station's Cyber Security Plan (Wicked Local Plymouth) If the recent hacking attack on Sony hasn't grabbed your attention, it should, especially if you live in Plymouth or close to the Pilgrim Nuclear Power Station

A Hacker's Hit List of American Infrastructure (Atlantic) In an 800-page document dump, the U.S. government revealed critical vulnerabilities

Your Office Document may be Vulnerable to Malware: Warns Microsoft (HackRead) The Microsoft Malware Protection Center (MMPC) has warned Office users to be wary of any macros that come as an attachment in emails and social engineering sites

iCloud accounts at risk after hacker releases tool allowing access to any login (Independent) Other hackers criticise publishing of tool, rather than informing Apple of exploit

The hidden dangers of third party code in free apps (Help Net Security) Research from MWR InfoSecurity has shown the various ways hackers can abuse ad networks by exploiting vulnerabilities in free mobile apps

Brit Proves Google's Eric Schmidt Totally Wrong: Super Cookies Can Track Users Even When In Incognito Mode (Forbes) It was either ignorance or disingenuousness. Or it could have just been a stupid mistake. In mid-December, Google GOOGL -0.26% chairman Eric Schmidt gave some unsound advice during an interview at the Cato CATO -0.5% Institute in Washington D.C, upon being quizzed about the potential for his employer to pass on information to intelligence agencies. "If you're concerned, for whatever reason, you do not wish to be tracked by federal and state authorities, my strong recommendation is to use [Google Chrome's] incognito mode, and that's what people do," he said. Many a facepalm was landed soon after his comments were transmitted to the wider world over Twitter TWTR +1.92%

Google researcher exposes unpatched Windows 8.1 security flaw (WinBeta) A Google researcher by the name 'forshaw' found and reported a privilege escalation bug in Windows 8.1. Forshaw even reveals a PoC (Proof of Concept) program for the Windows 8.1 weakness. In it, forshaw details how to take advantage of the Windows 8.1 bug

Bitstamp Suspends Its Bitcoin Exchange Following A Suspected Hack (TechCrunch) The year is but five days old but already we have our first bitcoin hacking story of 2015 after Bitstamp, a Slovenia-based exchange that raised $10 million last year, suspended its service following a suspected breach

Scandinavian banks hit with DDoS attacks (Help Net Security) The new year started poorly for Finnish bank OP Pohjola Group and its customers: the latter have been prevented from executing their online banking transactions by a DDoS attack that targeted the bank's online services starting on the last day of 2014

Iranian Copy of Facebook (Facenama.com) Hacked, 116k User Accounts Leaked (HackRead) A group of hackers today hacked into the Iranian biggest social network website Facenama.com (Iranian copy of Facebook), ending up with leaking 116,255 unique user credentials online. The website is down and under maintenance since the hack

OpAaronSwartz: Massachusetts Institute of Technology Subdomains Hacked (HackRead) A hacker going with the handle of @ulzr1z on Twitter has hacked and partially defaced fifteen sub-domains of Massachusetts Institute of Technology (MIT) website amid Swartz death anniversary

Sub-domain of EC-Council Website Defaced (HackRead) The Indonesian based group of hackers known from the handle of Gantengers Crew targeted the official website of The International Council of Electronic Commerce Consultants (EC-Council) and defaced one of its sub-domains two days ago

Over 7,000 Veterans Exposed Due to Flaw in Health Vendor Database (HackRead) A Telehealth services vendor notified the U.S. Department of Veterans Affairs that over 7,000 veterans' personal information may have been exposed due to a security fail in their database

Nvidia breach — employee information leaks (We Live Security) Graphics card company Nvidia suffered a data breach in which private employee information was leaked, the company has revealed

Abu Dhabi Police: Free e-mail accounts are vulnerable to hacking (Gulf News) Financial transactions should not be made via free e-mail accounts, says Colonel Dr. Rashid Borshid

Microsoft sites downed by 'bad code,' not cyberattack (ZDNet) Some of the company's sites, including search engine Bing, were knocked offline for 20 minutes on Friday — but not because of the reasons speculated

Yahoo search engine goes down — Microsoft, not North Korea, to blame (Graham Cluley) For a while today, the seventeen people who use the Yahoo search engine saw a message in big friendly purple letters telling them not to panic

The Wild, Wild Web: How To Catch Cybercrooks (Newsweek) When cybercriminals can easily buy cheap hacking programs with exotic names like Fiesta, Lucky, Nuke, Siberia, Sploit, Tornado, Sweet Orange and Cool, what chance that anything online can remain safe? Lillian Ablon and Martin C. Libicki offer ideas for how to close down Web thieves

Overseas hacking tools find market in Japan (Japan Times) The number of overseas websites trading in hacking tools, including software for launching distributed denial of service (DDoS) attacks and making remote-control viruses, is on the rise, authorities say

Bulletin (SB15-005) Vulnerability Summary for the Week of December 29, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Academia

The unsung achiever: Pakistani tops lists of ethical hackers of 2014 (Express Tribune) He is doing Pakistan proud, and feels his work is one way the image of Pakistan can be improved globally. Yet, this celebrated final-year computer science student at Bahria University has not yet received the recognition he deserves

Litigation, Investigation, and Enforcement

Man arrested for PayPal thefts linked to Lizard Squad attacks on Microsoft and Sony (Computing) A 22-year old man that has has been arrested for PayPal thefts, is linked to the Lizard Squad hacker group that has claimed responsibility for attacks on Sony and Microsoft on Christmas Day

Guardians of the Peace-themed prank against CNN leads Tennessee man to spend holiday with the FBI (ABC 7 News Denver) A Tennessee man's Internet jab at what he says is an unquestioning media put him in the national spotlight and, on Thursday, the cross hairs of the FBI

Saudi Ethical Hackers help Cops to Hack 9000 Porno Twitter Accounts (HackRead) Mutaween, the religious police of Saudi Arabia, has disabled about 9,000 Twitter porno accounts in the country, according to media reports

Design and Innovation

Privacy By Design: Protect User Data From 'Get-Go' (InformationWeek) International effort seeks to bake in consumer privacy options

Who’s Attacking Whom? Realtime Attack Trackers (KrebsOnSecurity) It seems nearly every day we're reading about Internet attacks aimed at knocking sites offline and breaking into networks, but it's often difficult to visualize this type of activity. In this post, we'll take a look at multiple services for tracking online attacks and attackers around the globe and in real-time

The best digital security is analog: expert (The Age) Richard Danzig, vice chairman of the global security think tank RAND Corporation and a former secretary of the United States Navy, says it is time to incorporate analog systems into cybersecurity

Internet Explorer for Windows 10: 5 Things Microsoft needs to get right (Trusted Reviews) Rumour has it that Microsoft is preparing to ditch Internet Explorer in Windows 10, producing a brand new web browser from scratch that will supplant the old IE brand

Security pros announce Dark Mail Technical Alliance (Bit-Tech) A quartet of well-known security researchers have announced the formation of the Dark Mail Technical Alliance, designed to create an easier method for end-to-end encryption for email