The CyberWire Daily Briefing 10.29.15

Summary

By The CyberWire Staff

Symantec reports that the Republic of Korea's manufacturing sector is under heavy attack by a threat actor using the backdoor Trojan Duuzer. The campaign's goal appears to be intellectual property theft, and its controllers use quite a bit of stick-and-rudder in their command and control practices. They also show considerable familiarity with defenses.

Symantec also warns of another campaign, "Chikdos," that's been infecting MySQL servers and using them in large-scale distributed denial-of-service attacks.

New breaches are disclosed. The free web hosting service 000webhost has sustained a breach of a database on its main server. Optimal Payments, a British mobile payment firm, is investigating reports that some customers' data have been compromised and exposed online. Also in the UK, energy company British Gas warns 2200 customers that their passwords may have been stolen.

Analysts estimate the damage from the TalkTalk breach. While the company's claims that the incident wasn't as bad as feared gain some traction, the damage seems far from negligible.

In industry news, Intel Security sells off some of its product lines as it repositions itself in the market. HP will split, as planned, this Sunday.

Observers react to the passage of CISA in the US. Where they stand depends largely on whether their concerns are on risks to privacy (thumbs down) or on the possibility that more information sharing will restore advantages to the defenders (thumbs up).

Breach lawsuits increasing frequency suggest that if industry can't set cyber standards of care, the plaintiff's bar will fill the void.

Notes.

Today's issue includes events affecting Argentina, Chile, China, India, Republic of Korea, Mexico, Peru, Russia, United Kingdom, United States

Selected Reading

Cyber Trends

The average organization experiences 9 insider threats each month (Help Net Security) After analyzing actual cloud usage across over 23 million employees, Skyhigh Networks uncovered how user behaviours put companies at risk and how catching and managing this behaviour can be the proverbial "canary in the coal mine" in reducing the risk of data loss

Cybersecurity in the IoT age (Enterprise Innovation) As we move into the age of the Internet of Things (IoT) and millions of physical objects become connected

CIA Director: Possibility of a Cyber Attack 'Worries Me at Night' (GWToday) 21st-century challenges take center stage at conference on ethos and profession of intelligence

Half of IT Security Pros Believe They're an Unlikely Target for Attack, Finds Ponemon Institute Study (Dark Reading) 61 percent of it security pros lack confidence in their ability to detect advanced threats

Brazil major target of cyberattacks in Latin America (Telecompaper) Brazil is the biggest target of cyber attacks in Latin America, according to an advanced threat report by global IT security firm FireEye for Latin America. Chile is second, followed by Mexico, Peru and Argentina.

Brazil's economic and political crisis aggravating cyber risks (BNAmericas) Brazil's economic and political crisis is exacerbating cyber risks, according to a panel of specialists at the 11th International Seminar on Risk Management and Insurance

Legislation, Policy and Regulation

Private sector's involvement in cybersecurity policy making critical: Symantec's Cheri McGuire (FirstPost) Cyber threats are no less a nightmare for the Indian government than terrorist attacks as it embarks on ambitious and high-profile projects such as Digital India. With new digital initiatives and the government's renewed focus on cyber security, Symantec sees huge opportunity in India

Senate Approves Cybersecurity Bill: What You Need To Know (WNYC) he latest clash in the cybersecurity vs. privacy debate played itself out in Congress on Tuesday when the Senate passed the Cybersecurity Information Sharing Act

IT security leaders split on CISA passage (FierceITSecurity) Although the Cybersecurity Information Sharing Act — or CISA — is touted as vital for strengthening the nation's cybersecurity, some IT security leaders are coming out against the bill

CISA Could Lead To Privacy Issues And Abuse, Security Channel Fears (CRN) A new Senate bill that gives businesses that suffer cybersecurity breaches immunity from provisions barring the sharing of information is causing great concern among the IT security channel because of the potential for abuse

CISA legislation would lift liability for businesses sharing cyber threat information (Network World) Privacy advocates still opposed, some gray areas remain for corporations

HITRUST Applauds Senate Action to Improve Nation?s Ability to Defend Against Cyber Attacks (BusinessWire) The Health Information Trust Alliance (HITRUST), the leading organization supporting the healthcare industry in advancing the state of information protection, announced today that it continues to fully support S.754, the Cybersecurity Information Sharing Act (CISA) of 2015

DHS bills wrapped into major cyber legislation (The Hill) Language from two hefty bills that would bolster the Department of Homeland Security?s cybersecurity role were quietly tacked onto a major cyber bill that passed the Senate late Tuesday

DNI brings intel community a little out of its shell (Federal News Radio) The intelligence community is making an effort to increase transparency

US says it's ok to hack cars and medical devices (sometimes) (CSO) Researchers will be able to look for flaws in software running on cars and medical devices without fearing legal action

Marine Corps willing to make sacrifices for cyber (Federal News Radio) The Marine Corps is willing to make reductions in the capacity of its forces to grow its capabilities in cyber and information warfare

Dateline

CyberMaryland 2015: Collaborate, Educate, Innovate (National Cyber Security Hall of Fame and the Federal Business Council) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations

CyberMaryland Day One (The CyberWire) CyberMaryland's first day, understandably, opened with the state showcasing its cyber security ecosystem — a big (biggest?) Government cyber customer, university and Government research capabilities, corporate capability (from the biggest integrators to the youngest startups), a regulatory climate that aspires to be business-friendly, and a growing venture capital community

TEDCO invests in 6 cybersecurity startups (Baltimore Daily Record) The Maryland Technology Development Corporation announced Wednesday that six new Maryland companies received funding from its Cybersecurity Investment Fund. Jedvice, Point 3 Security, Topaz Research, Efflux Systems, Bricata and QI Solutions were each awarded $100,000 through CIF

Md. cybersecurity experts say Senate bill is a positive step (Baltimore Daily Record) While many technology giants and privacy advocacy groups have been lobbying against a cybersecurity bill passed by the Senate on Tuesday, local cybersecurity experts believe the bill is a step in the right direction for data protection

NSA "Day of Cyber," a National Initiative, to be unveiled at CyberMaryland 2015 (PRNewswire) Day of Cyber provides schools, colleges/universities, and organizations a powerful online tool to introduce Cybersecurity directly into the classroom

Products, Services, and Solutions

Gemalto protects against card-not-present fraud (IT Online) Gemalto has launched Dynamic Code Verification, a comprehensive payment security solution that protects against card-not-present (CNP) fraud on-line and ensures an easy user-experience cardholders have come to expect

Wombat Security Announces Enhanced CyberStrength Assessment Solution to Assess Security Knowledge Across All Threat Areas (MarketWire) New solution automates and streamlines process for administrators to assess employee knowledge on key security concerns covering all threat vectors

Delivering Forensic Value in the Age of Encryption (IBM Security Intelligence) IBM recently announced the latest addition to its QRadar line of products: incident forensics

LightCyber Creates Cyber Attack Training System to Address Educational Gap About Advanced Attacks (BusinessWire) LightCyber launches an attack education program, including an online seminar co-hosted with SANS Institute and a Hacker Simulation Challenge

Webroot and Laplink Make Cybersecurity and File Transfer Easy (MarketWatch) Webroot, the market leader in intelligent cybersecurity for endpoints and collective threat intelligence, today announced a partnership with Laplink, a global market leader in PC migration

Microsoft Shows Off Windows 10 Credential Guard (Redmond Magazine) Microsoft published a demo this week of Credential Guard, a Windows 10 security virtualization feature designed to ward off credential theft

Hexis Cyber Solutions releases HawkEye G 3 (Security News Desk) Expanded platform support and capabilities strengthen next generation endpoint security

Technologies, Techniques, and Standards

A basis for all cryptography (R&D Magazine) "Indistinguishability obfuscation" is a powerful concept that would yield provably secure versions of every cryptographic system we?ve ever developed and all those we?ve been unable to develop. But nobody knows how to put it into practice

Don't wait 'til a cyber attack. Practice your managerial response now. (Federal News Radio) Vince Lombardi famously said, "Practice does not make perfect. Only perfect practice makes perfect"

Using Intelligence to Outsmart Cyberthieves (PYMNTS) Intelligence is key in any business process, but perhaps among the most urgently necessary when it comes to protecting an organization and its data

Companies Pick Security Tools to Suit Varied Needs (BizTech) Some businesses take a best-of-breed approach, while others deploy a range of features from a single manufacturer

Improving Cyber Risk Management (GovInfoSecurity) Digital Risk Management Institute's Koilpillai on building a new approach

Marketplace

Thoughts on HP Split and Potential Ramifications Across the Tech Space in 2016 and Beyond (FBRFlash) Effective this Sunday, November 1, Hewlett Packard Enterprise and HP Inc. will officially separate as the split finally takes place more than a year after the strategic split was first announced

Ellison: Oracle has fixed security (IDG via CSO) Oracle Chairman Larry Ellison has put better security at the heart of his pitch for the company's new products

Intel to sell Stonesoft network security unit to Raytheon-Websense (Fortune) Intel is selling Stonesoft, the Finnish cybersecurity company it bought two years ago for $389 million, to Raytheon-Websense

Intel Security To Sell McAfee NGFW, Firewall Enterprise Businesses To Raytheon|Websense (CRN) As part of the company's new strategic direction, Intel Security has signed its intention to sell its McAfee Next-Generation Firewall and McAfee Firewall Enterprise businesses to Raytheon|Websense, CRN has learned

Intel Security Sets Its Sights on Use-Case-Driven Technology (eWeek) Intel Security, which announced an updated endpoint security product and new active response technology, is redefining its leadership and direction

InteliSecure Acquires UK-Based Pentura, Establishing a Managed Security and Professional Services Powerhouse Across North America and Europe (MarketWired) InteliSecure now protects the critical assets of more than 500 enterprise customers worldwide with anticipated 2015 revenues in excess of $35m; forecasts a 50 percent annual sales growth rate in the next three consecutive years

Why FireEye Should Be Considered on the Pullback (Guru Focus) Investors should ignore the COO's departure and focus on company's growth and raised guidance

Data security firm Gemalto's revenue rises on strong U.S. demand (Reuters) Digital security company Gemalto NV (GTO.AS) said third-quarter revenue grew 23 percent as sales rose at its payment and identity business and its acquisition of U.S.-based SafeNet boosted demand from the United States

St. Louis Opens Cyber Center of Excellence (Government Technology) The Midwest Cyber Center of Excellence will serve private business that want to beef up their cybersecurity systems, help train workers in the field and serve as a research institution to combat hackers

Former RSA Executive Chairman Art Coviello Joins Bugcrowd Board of Directors (MarketWired) Coviello brings over 20 years of security domain expertise

Duo Security Names Raffaele Mautone Chief Information Officer (MarketWired) Supporting growth and developing strategic plans for further expansion

Flashpoint Adds Cybersecurity Expert Lance James as Chief Scientist (PRNewswire) World-renowned security expert joins company illuminating the Deep and Dark Web

Cyber Attacks, Threats, and Vulnerabilities

Hackers target manufacturing industry in South Korea (FierceITSecurity) Attackers are targeting organizations in South Korea — particularly those in the manufacturing industry — with a backdoor Trojan called Duuzer, reported security vendor Symantec

Chikdos malware infecting MySQL servers to launch massive DDoS attacks (FierceITSecurity) Cyberattackers have been using malware dubbed "Chikdos" to compromise MySQL servers in order to conduct massive distributed denial of service attacks against other websites, including a U.S. hosting provider and a Chinese IP address, warned Symantec researchers

Web hosting service 000webhost confirms breach that could have leaked 13 million passwords (FierceITSecurity) Free web hosting service 000webhost confirmed Wednesday that it suffered a breach of a database on its main server

U.K. mobile payments firm says investigating data breach allegations (Business Insurance) British mobile payments company Optimal Payments P.L.C. said it was investigating allegations that personal data belonging to some of its customers had been compromised and was available in the public domain

British Gas in "password breach" quandary (Naked Security) According to the BBC, UK energy provider British Gas has just contacted 2200 customers to warn them that their passwords may have been exposed

TalkTalk back under pressure over cyber attack (Financial Times) TalkTalk was back under pressure on Wednesday as analysts began adding up the cost of last week's cyber attack

Hack to the future: why industry should fear the rise of cyber-espionage (The Engineer) Fortunately, initial investigations into last week's Talk Talk hack suggest that the incident wasn't as bad as was initially feared, with the network provider claiming that just a fraction of its four million customers are affected

OPM notifies 3.7 million cyber attack victims about data protection services (Federal News Radio) The Office of Personnel Management has mailed out 3.7 million notification letters to cyber breach victims in the month since the agency announced it would begin notifying those impacted by the hack

Curious people can't resist plugging in random flash drives (Naked Security) Quiz time: You're waiting for your train. You spot a flash drive on a bench

Avast Experiment: What Happens to a Lost Smartphone (BusinessWIre) Avast "lost" and tracked 20 phones In the U.S. to find out where they went

Ponemon Institute study demonstrates the impact of visual hacking (Infosecurity Magazine) Ponemon Institute study demonstrates the impact of visual hacking

Litigation, Investigation, and Enforcement

Did the FBI really say "pay up" for ransomware? Here's what to do… (Naked Secuity) A comment made by an FBI agent at a little-noticed cybersecurity conference in Boston last week is all of a sudden making big headlines, many of them suggesting that the FBI is telling victims of ransomware to "just pay" the ransom

Report: Data breach cases coming from all directions (Legal Newsline) Federal and state regulators, along with plaintiffs attorneys, are focusing more and more on the data security practices of companies, a new report says

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

After the Shift: Securing Tomorrow's Payment Technology (Washington, DC, USA, November 5, 2015) From encryption to tokenization, what does the future hold for keeping consumer data safe? Policymakers, industry leaders, and technology experts will explore the cutting edge of cyber technology and discuss how government and industry can work together to protect American consumers

upcoming Events

ICS Cyber Security Week (Atlanta, Georgia, USA, October 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following sectors: energy, utility, chemical, transportation, manufacturing, and many more

Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, October 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at Peterson AFB on Tuesday, October 27, 2015 and at Ft Carson on Wednesday, October 28, 2015. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems

CyberMaryland 2015 (Baltimore, Maryland, USA, October 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"

Cyber Security World 2015 (Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private sector attendees. Join us in Washington, D.C. for two days of deep dive discussion on cybersecurity management and strategy, operations, cybercrime, and privacy. You're sure to walk away with new ideas you can implement in your organization to combat the cyber threat

Hackito Ergo Sum (Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking, non-x86 exploitation, mobile hacking, offensive forensics, hardware & firmware hacking, brain hacking, automated hardware reverse engineering

8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, October 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below

NICE 2015 Conference and Expo (San Diego, California, USA, November 3 - 4, 2015) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2015 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation

Inside Data Science 2015 (Monterey, California, USA, November 3 - 4, 2015) At the Inside Data Science 2015 Conference (IDS2015) our focus is not on the storage or volume of data, but rather the importance of what you do with it. To synchronize the processing, exploitation and dissemination of information you must leverage the proper organization, extraction and analysis of data. In today's data-driven society, your best offense to stay ahead of the game is to become scientific in your approach and systematic in your execution

4th International Internet-of-Things Expo (Santa Clara, California, USA, November 3 - 5, 2015) With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Santa Clara. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be

RSA Conference 2015 Abu Dhabi (Abu Dhabi, United Arab Emirates, November 4 - 5, 2015) Join your fellow information security professionals at RSA Conference 2015 Abu Dhabi, where we'll be discussing security issues from a global perspective

ICMC (the International Cryptographic Module Conference) (Washington, D.C., USA, November 4 - 6, 2015) ICMC core focus includes cryptographic modules, FIPS 140-2, ISO/IEC 19790 and cryptographic algorithms. Specialists from all over the world gather in Washington to discuss about commercial cryptography and share their expertise on the subject. Conference topics may include the underlying the implementation of a cryptographic module including physical security, key management, side-channel analysis, cryptographic algorithm implementation testing, standardization, validation programs and more

2nd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, November 5, 2015) The 2015 symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cybersecurity and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues

Start with Security (Austin, Texas, USA, November 5, 2015) This one-day conference will continue the FTC's work to provide companies with practical tips and strategies for implementing effective data security. Aimed at start-ups and developers, this event will bring together experts to provide information on security by design, common security vulnerabilities, strategies for secure development, and vulnerability response

University of Phoenix® Technology Conference (Arlington, Virginia, USA, November 7, 2015) At the University of Phoenix® Technology Conference 2015, a free event hosted by the University of Phoenix College of Information Systems and Technology, you will be introduced to cyber security, explore best practices for securing the Internet of Things, and examine trends around how to convert data into actionable intelligence

Cyber³ Conference: Crafting Security in a less Secure World (Nago City, Okinawa, Japan, November 7 - 8, 2015) An international conference on cyber security hosted by the Government of Japan with the support of the World Economic Forum. At this conference, multi-stakeholders, including policymakers, business leaders, and researchers from around the world, will discuss the new reality of Cyber Connection, Cyber Security, and Cybercrime (together, Cyber³) and their implications for the future of the Internet

FedCyber 2015 (Tyson's Corner, Virginia, USA, November 10, 2015) This conference, orchestrated by cyber practitioners Matt Devost and Bob Gourley, is designed to advance the state of cyber defense. The FedCyber.com Threat Expo will bring together thought leaders who know the cyber mission in a venue designed to enhance our collective understanding of the threat, build on existing strategies to mitigate challenges, and leverage the nation's greatest technologies to enhance our defense in depth

First International Conference on Anti-Cybercrime (ICACC-2015) (Riyadh, Saudi Arabia, November 10 - 12, 2015) Al Imam Mohammad Ibn Saud Islamic University is organizing this international conference to establish a forum where discussions on vital issues related to anti-cybercrime can occur. This conference will also help Saudi policy makers and authorities to improve and revolutionize their efforts to tackle this serious problem by providing them opportunities to review existing use of technology in the country

Black Hat Europe (Amsterdam, the Netherlands, November 10 - 13, 2015) Black Hat prides itself with being "the most technical and relevant global information security event series in the world." For the past 16 years, the Black Hat events have given their attendees the opportunity to explore the latest research and developments in information security, while also taking into account the concrete needs of the participants

Pen Test Hackfest Summit & Training (Alexandria, Virgina, USA, November 16 - 23, 2015) SANS Pen Test Hackfest Training Event and Summit is coming back to Washington DC, bigger and better than ever! The Hackfest is an ideal way to learn offensive techniques so you can better defend your environment. Whether you are a penetration tester, a forensics specialist, or defender, the techniques covered at the Hackfest represent the latest and most powerful attacks every organization needs to thwart

cybergamut Technical Tuesday: Hackproof Signal Processing for Wireless Communications ("Central Maryland, " USA, November 17, 2015) Conventional computing and communications expose myriad attack surfaces because of the Turing-equivalence of the instruction set architectures and the mathematical impossibility of forming a complete set of monitor functions to protect the contents of the registers from insightfully designed malware such as what NIST terms Advanced Persistent Threats. This talk describes how to throw out the general purpose computers via dataflow computing on FPGAs. Contact the conference organizers for instructions on how to attend

Cybersecurity, the SEC and Compliance (New York, New York, USA, November 18, 2015) The recent SEC CyberSecurity Examination Initiative focuses on information safeguards for financial services organizations. Are you prepared? Please join us for a panel discussion on what cybersecurity means to your business and how the new SEC requirements affect your firm. The panel consists of professionals from the Cyber Security, Legal, Insurance and IT systems management industries. (RSVP as seating will be limited)

CyberCon 2015 (Pentagon City, Virginia, USA, November 18, 2015) CyberCon 2015 is the forum for dialogue on strategy and innovation to secure federal and defense networks, as well as private sector networks that hold their sensitive data

Internet-of-Things World Forum 2015 (London, England, UK, November 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions

2015 U.S. Cyber Crime Conference (National Harbor, Maryland, USA, November 14, 2015) The 2015 U.S. Cyber Crime Conference (Formerly the DoD Cyber Crime Conference) has brought world-class forensics and incident response training combined with outstanding community networking for over 15 years. The conference covers the full spectrum of topics facing defenders as well as law enforcement responders

DefCamp6 (Bucharest, Romania, November 19 - 20, 2015) Why DefCamp? Because it's the most important conference on Hacking & Information Security in Central Eastern Europe, bringing hands-on talks about the latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs and developers, managers from both private and public sector

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.