The CyberWire Daily Briefing 12.01.15

Summary

By The CyberWire Staff

A cyber gang calling itself the "Armada Collective" is attempting to extort a big ransom (payable in Bitcoin) from Greece's banks. If the banks pay up by Thursday, they'll be spared what the criminals describe as a crippling denial-of-service attack.

Anonymous displays either ability to multitask or inability to focus as it shifts attention from ISIS to a United Nations climate change site. (Earlier this week the target was Icelandic whaling.)

Damballa takes a look at the recently revived Darkode criminal forum and finds, basically, good news: it's not particularly well put-together or administered.

Checkpoint's list of top malware families currently hitting businesses is interesting, especially because of the familiarity of the names on it. Conficker leads, with Sality, Cutwail, Neutrino EK, and Gamarue rounding out the top five.

Researchers say that Telegram, recently in the news as ISIS's allegedly favorite messaging app, seems relatively easy to crack. "Too easy to work out who's talking to whom."

SEC Consult adds to worries about the security of the Internet-of-things: it reports finding millions of things secured by the same supposedly private (but actually not-so-private) keys.

Researchers at Perfect Privacy report that many VPNs capable of port forwarding are leaking IP addresses.

Toymaker VTech (called "scroogelike" by Dark Reading) whose Internet-connected toys encouraged children to share pictures and chats, then exposed the same, remains under scrutiny, some of it now prosecutorial.

Businesses continue to grapple with security return-on-investment and cyber value-at-risk.

Some suggest Israeli practice might usefully inform the US encryption debate.

Notes.

Today's issue includes events affecting Argentina, Brazil, China, Greece, Iraq, Israel, Japan, Republic of Korea, Kosovo, Libya, Luxembourg, Malaysia, Pakistan, Syria, United Kingdom, United States

We're covering today's inaugural IoT Security Foundation Conference in London. Watch for a full account of the proceedings in tomorrow's issue.

Selected Reading

Cyber Trends

State & Local Government Hit By Malware, Ransomware More Than SMBs (Dark Reading) Localities and education networks suffered twice as many infections of the infamous CyptoWall ransomware than other sectors

Cyber warfare fallout to businesses, customers predicted (Business Insurance) Businesses and consumers will become collateral damage in cyber conflicts among countries next year, while activists' hacks will make a comeback, says a report

Cybercrime and shipping: the facts (Splash 24/7) Does the industry have the tools to combat this rising scourge?

RSA President: We 'Underestimate' Security Risks In Internet Of Things (CRN) Industry leaders predict the Internet of Things market will pass the trillion-dollar mark in terms of value during the next several years, but RSA President Amit Yoran said that presents a huge security challenge as well

Email Data Breaches: The Threat That Keeps On Giving (Information Management) By most accounts, 2015 was a year of unprecedented data breaches

How UK businesses plan to tackle security threats in 2016 (Help Net Security) 81% UK IT decision makers experienced some sort of data or cyber security breach in their organisation in 2015, according to training company QA

Legislation, Policy and Regulation

China, Japan, South Korea Talk Cyber Issues (Dark Matters) In mid-October, China, Japan, and South Korea convened for the second time in order to discuss potential cooperation on cyber issues such as international rules governing cyberspace, and cooperation against cybercrime and terrorism

Following U.S. indictments, China shifts hacking away from military to civilian agency (Washington Post) The Chinese military scaled back its cybertheft of U.S. commercial secrets in the wake of Justice Department indictments of five officers, and the surprising drawdown shows that the law enforcement action had a more significant impact than is commonly assumed, current and former U.S. officials said

Time to Retaliate Against China's Cyber Espionage (World Affairs) "To my Chinese counterparts, I would remind them, increasingly you are as vulnerable as any other major industrialized nation state," said Admiral Mike Rogers, director of the National Security Agency and the chief of US Cyber Command, on November 21st at the Halifax Security Forum. "The idea you can somehow exist outside the broader global cyber challenges I don't think is workable"

How Does Israel Regulate Encryption? (Lawfare) Recent terrorist attacks and resulting questions about the limits of surveillance have rekindled debate about how governments should deal with the challenges of powerful, commercially available encryption. With active debate in the United States and Western Europe surrounding this issue, it is instructive to note that Israel has been regulating encryption for decades

CTO Insights: Encryption Works — Don't Break It! (Trend Micro) Every now and then, an ill-informed politician will stand before a microphone and say something along the lines of: encryption is helping bad guys (either terrorists, child pornographers, or other similarly acceptable target), because law enforcement can't see what the bad guys are doing because they're using sophisticated tools that use encryption. Said politician will urge tech companies to "work with us" to help catch these bad guys

Google Denies Online Censorship Deal with Israel (Hack Read) Google has denied all the accusations that were put forward regarding monitoring or censoring of those YouTube videos that are made for inciting attacks on Israel — Google claims their recent meetings were routine and had no such agreements

Trump would 'err on side of security' in NSA debate (The Hill) Donald Trump is aligning himself with GOP presidential rivals Sen. Marco Rubio (Fla.) and former Florida Gov. Jeb Bush in the Republican Party's divide over federal surveillance powers

Ted Cruz and Marco Rubio Are Fighting About Your Phone Data (Federalist) Sen. Ted Cruz (R-Texas) and Sen. Marco Rubio (R-Fla.) are clashing over how intelligence agencies should handle the phone data of private citizens

Ex-US Intelligence Chief on Islamic State's Rise: 'We Were Too Dumb' (Spiegel) Without the Iraq war, Islamic State wouldn't exist today, former US special forces chief Mike Flynn openly admits. In an interview, he explains IS' rise to become a professional force and how the Americans allowed its future leader to slip out of their hands

Senators campaign for clause to assess infrastructure cyber defenses (The Hill) A bipartisan group of senators wants to ensure that the major cybersecurity legislation headed for President Obama's desk includes a provision they believe would help defend the nation's critical infrastructure against a cyberattack

DHS Giving Firms Free Penetration Tests (KrebsOnSecurity) The U.S. Department of Homeland Security (DHS) has been quietly launching stealthy cyber attacks against a range of private U.S. companies — mostly banks and energy firms

Why are only moneymen doing cyber resilience testing? (Register) …and the National Grid?

OMB tells GSA, agencies to draw up rapid contracting plans for cyber breaches (Federal News Radio) The Office of Management and Budget is directing federal agencies and the General Services Administration to come up with a single mechanism to rapidly hire outside expertise the next time a civilian agency's systems are breached in a cyber attack, reasoning that time will be of the essence and that virtually no agency will have the resources needed to mount an adequate response with in-house staff

OMB's Cybersecurity Implementation Plan Should Measure Agency Resilience (SIGNAL) Following the distressing headlines that cataloged repeated cyber breaches of U.S. federal computer networks — some that compromised the personal data of millions of people — government officials have implemented a patchwork of safeguards to shore up vulnerabilities, including the identification of high value assets

Incoming: A Handful of Heretical Thoughts (SIGNAL) Two things have me thinking about heresy

Products, Services, and Solutions

CONCERT Advisor Services selects Bronzeye as technology security partner (PRWeb) CONCERT announced a service relationship and strategic partnership with Bronzeye to provide technology security audit and network security monitoring services as well as becoming a key component of CONCERT's new Advisor Technology services platform

ERPScan extends support for new ISACA and DSAG SAP Security Guidelines (ERPScan) Recently updated ERPScan Security Monitoring Suite for SAP now provides special templates to comply with the latest security guidelines from DSAG and ISACA

Gemalto SafeNet Luna EFT Supports New Standards From Major Credit Card Networks (RTT News) Digital security provider Gemalto (GTOFF.PK) said its SafeNet Luna Electronic Funds Transfer or EFT PaymentHSM (Hardware Security Module) supports new standards from the major credit card networks for secure implementations of contactless payments via mobile phones

Centrify brings in new identity management partners (ChannelBiz) Centrify has made HANDD Business Solutions and Identity Methods it latest partners in the identity management space

Technologies, Techniques, and Standards

MISP taxonomies and classification as machine tags (CIRCL) Taxonomies that can be used in MISP (2.4) and other information sharing tool and expressed in Machine Tags (Triple Tags). A machine tag is composed of a namespace (MUST), a predicate (MUST) and an (OPTIONAL) value. Machine tags are often called triple tag due to their format

NIST at work on new data safety guide (FierceGovernmentIT) As the year nears its close, the data breaches that came to light in the past 12 months remain top of mind. To help combat that cyber threat, the National Institute of Standards and Technology is seeking comments on a new project that would help organizations prepare for and recover from data attacks

GAO approves of NIJ's offender tracking system standard (FierceGovernmentIT) After seven years of work, the National Institute of Justice is expected to publish by March 2016 a device standard for offender tracking systems

Security Think Tank: Threat intelligence feeds not for everyone (TechTarget) What is the best practice for collecting and using threat indicators from security incidents to improve defences against future cyber attacks?

How can you predict the impact of the inevitable data breach on your organisation? (Computing) Nowadays, it seems that it's not a case of if an organisation will suffer a data breach but when

'Everyone should own a data breach' so that blame isn't pinned on any one person (Computing) Everyone in an organisation should "own" a data breach, so that the blame isn't pinned on any one person, according to Neil Thacker, information security and strategy officer EMEA at Websense

Cybersecurity risk management benefits from analytics, reporting (TechTarget) Data breaches continue to threaten businesses, but companies are turning to data analytics to help identify vulnerabilities and make cybersecurity risk management more efficient

Retail data breaches: 3 lessons companies have learned (PropertyCasualty360°) The holiday shopping season is in full swing, it's 'Cyber Monday' and retailers need to take extra precautions

Cybersecurity experts' guide to outwitting Black Friday and Cyber Monday scammers (Christian Science Monitor Passcode) Watch out for bogus e-mails and copycat sites designed to mimic big brands, hang up on unknown callers warning you're an identity theft victim, and never use public WiFi to make a purchase

Shop Safely During Black Friday and Cyber Monday (Lifars) It's that time of the year again. Consumerism reaches a frenzied state during the holiday season and Black Friday with the subsequent Cyber Monday deals are widely seen as some of the best bargains available all year around

CISO at U.S. Bank offers tips for secure online purchasing (Help Net Security) The thrill and chaos of holiday shopping has started, and unfortunately with that comes the inherent risk of fraud. With an increased threat of digital fraud, what can consumers do to secure their personal data?

Kaspersky: 1 in 7 people use one password (ZDNet) Security firm Kaspersky has found that one in seven people are leaving themselves open to attack by having the one password for multiple accounts

Advent tip #1: Clean up your passwords before Christmas (Naked Security) Passwords. Until there's another widely-adopted way to verify that we're who we say we are, we're sort of stuck with them

Marketplace

EY: Cybersecurity threats major concern for global corporate sector (Deal Street Asia) At least a third of global organisations (global: 36 per cent, Singapore: 30 per cent) still lack confidence in their ability to detect sophisticated cyberspace attacks, according to the annual EY's Global Information Security Survey (GISS) 2015, Creating trust in the digital world

Cyber Security Risk a Factor in Hospital Credit Ratings (HealthLeadersMedia) The not-for-profit healthcare sector is not immune to cyber security threats, particularly as they relate to patient records and the disruption of medical technology, Moody's Investors Service says. And larger healthcare systems are more vulnerable than stand-alone hospitals

How CISOs Can Change The Game of Cybersecurity (Dark Reading) In the modern enterprise, chief information security officers need a broad mandate over security and risk management across all operational silos, not just the datacenter

How to calculate ROI and justify your cybersecurity budget (CSO) If you speak with management about money — speak their language and you will definitely get what you need

Cybersecurity's hidden pool of talent (Healthcare IT News) 'There's a pressing need for professionals adept not just at meeting but exceeding HIPAA security and privacy requirements'

Ron Woerner on the pathway to the security talent we crave (CSO) Ron Woerner shares his Point of View (POV) on the pathway to talent as part of Leading Security Change

In a Global Market for Hacking Talent, Argentines Stand Out (New York Times) Want to learn how to break into the computerized heart of a medical device or an electronic voting machine?

The British Monarchy is looking for an IT security expert (IT Pro Portal) The British Monarchy is looking for an IT security expert and, as you might imagine, it's paying solid money for the position

6 Experts on How to Win at Managed Security (Channel Partners) Enterprises that work with security solution providers or MSSPs rather than managing security in-house enjoy a lot of benefits, including lower costs and access to staff and skills they may not be able to find — or afford to hire, even if the talent were available

Cyber Attacks, Threats, and Vulnerabilities

Greek banks: Hackers extend ransom payment deadline (Keep Talking Greece) A team of hackers has allegedly threatened to bring down the electronic systems and websites of Greek banks, unless they pay ransom in Bitcoins

Anonymous Hacks UN Climate Change Site Against Police Attack on Cop21 March (Hack Read) The hacktivist group Anonymous breached into the website of United Nations Framework Convention on Climate Change (UNFCCC) and leaked a trove of personal information of 1415 officials

Darkode Reloaded — New Forum Gets "F" Grade (Damballa: Day Before Zero) Last July, Damballa's Threat Discovery Center discussed the infamous web forum, Darkode, that was supposed to be resuscitated by sp3cial1st

Top malware families targeting business networks (Help Net Security) Check Point has revealed the most common malware families being used to attack organisations' networks during October 2015

Telegram Messenger delivers candygrams to stalkers (Register) Too easy to work out who's talking to whom, says researcher

Millions of Internet Things are "secured" by the same "private" keys (Naked Security) European security consultancy SEC Consult has spent time over the past few years looking at embedded devices on the internet

Spyware/adware combo masquerading as AnonyPlayer hits Android users (Help Net Security) If you suddenly start seeing random advertisements popping up on your Android device, you have likely been infected with adware. But if you're terribly unlucky, you might have also been hit with information-stealing malware

Malvertising — When will we learn? (Check & Secure) We have spoken previously about the responsibility of advertisers to keep their networks clean and to ensure that even if the messages they display are annoying, uncalled for and bandwidth sapping, they are at least safe and free from Malvertising

Port fail — Serious privacy vulnerability threatens VPNs with port-forwarding capabilities (Graham Cluley) Researchers have identified a serious vulnerability affecting VPN providers with port-forwarding services that allows an attacker to obtain the real IP address of a user's computer

IP leak affecting VPN providers with port forwarding (Perfect Privacy) We have discovered a vulnerability in a number of providers that allows an attacker to expose the real IP address of a victim

Chip-Bearing Credit Cards Present New Vulnerabilities (SIGNAL) Consumers and merchants alike could face increased cyber crime

Phishing blast uses Dropbox to target Hong Kong journalists (CSO) Campaign uses a legitimate Dropbox account as C2

Allied Bank's website hacked again (Daily Pakistan) The official website of Allied Bank Limited of Pakistan got hacked last weekend, for the second time in two years

Bluebox Broadband: 3,000 customers' details published online (BBC) Details of more than 3,000 customers or potential customers of Bluebox Broadband have been published online

Hacked toymaker leaked gigabytes' worth of kids' headshots and chat logs (Ars Technica) Company encouraged parents to use the pictures and chats with the apps it sold

The Grinch Who Exposed Your Kids' Identities (Dark Reading) 5 Ways VTech's Scrooge-like security spending put young users at risk

Abysmal security practices by toy maker VTech result in massive data breach (Help Net Security) Hong Kong-based electronic toy maker VTech has suffered a massive breach

Hey Reader's Digest: Your site has been attacking visitors for days (Ars Technica) Researchers estimate the same campaign has infected thousands of other sites

Won a £950,000 Google anniversary prize? Spoilers: It's a scam! (Graham Cluley) I received an email from Larry Page

Most hackable devices (CSO) There are now more than 3 billion connected devices in use by consumers, according to Gartner, and this number will increase to 4 billion next year

Why you shouldn't have geolocation turned on if you're a racist (Naked Security) An anti-racism group in Brazil is waging an intriguing campaign against intolerant internet commenters — ironically, by attempting to make racist comments as visible as possible

Academia

Securing America's cyberfuture goal of new Cyber Security Institute (Communities Digital News) Cybersecurity protection of our digital information is a top concern among American consumers, business leaders and government officials, and for good reason

Litigation, Investigation, and Enforcement

Judge applies common sense to question of what constitutes a data breach (Computerworld via CSO) A breach that doesn't result in anyone compromising any data is something like the proverbial tree that falls in the forest with no one around. Is it truly a data breach?

The National Security Letter spy tool has been uncloaked, and it's bad (Ars Technica) No warrants needed to get browsing history, online purchase records, and other data

OPM Just Now Figured Out How Much Data It Owns (Atlantic) Months after it announced that it was hacked, the agency has finally put together an inventory of its own servers

Senator Labels OPM Breach a 'Federal Fumble' of 2015 (Nextgov) The massive data breach at the Office of Personnel Management, in which hackers stole personal information on nearly 22 million federal employees, retirees and contractors has already been called one of the largest cybercrimes ever carried out against the U.S. government

U.S. states probe VTech hack, experts warn of more attacks (Reuters via Business Insurance) U.S. states said they will investigate a massive breach at digital toy maker VTech Holdings Ltd. as security experts warned that hackers are likely to target similar companies that handle customer data

The Ferizi Arrest — Helping Narrow the Aperture of Cyber Terrorism (Dark Matters) In October 2015, Malaysian authorities arrested Ardit Ferizi, a Kosovo hacker known as "Th3Dir3ctorY." Ferizi, suspected of being the leader of the hacker group "Kosova Hacker Security," is accused of hacking into a firm and stealing a substantial amount of personal identifiable information (PII) for more than a thousand federal employees and service members

"Walter Mitty type" IT manager jailed over attempted dark web gun buy (Naked Security) The law has grown quite adept at flipping on the light switch in the dark web to unmask crooks, be they child predators, kids buying poison, people hiring hitmen, or operators of contraband sites like Silk Road or Utopia

Decision to force out Marine who sent warning ahead of insider attack upheld (Washington Post) A senior Navy Department official decided Monday to force a Marine Corps officer out of the service for his handling of classified information, three years after he was first investigated after sending a warning to deployed colleagues about an Afghan police chief whose servant later killed three Marines

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

CyberTech 2016 (Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with the latest innovations and solutions featured by the international cyber community. The conference's main focuses are on networking, strengthening alliances and forming new connections. Cybertech also provided an incredible platform for Business to Business interaction

RSA Conference 2016 (San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016

upcoming Events

Energy Tech 2015 (Cleveland, Ohio, USA, November 30 - December 2, 2015) Now in its 5th year, EnergyTech 2015 seeks the convergence of the best minds in policy, systems engineering and applied technology to address some of the critical issues of our time. In addition to its strong systems and technology focus, this year's theme, "Securing Our Energy Future" will address broad policy issues and big picture topics related to Energy and Critical Infrastructure. Experts from Industry, Academia, and Government present a wide range of perspectives on these challenges

IoT Security Foundation Conference (London, England, UK, December 1, 2015) The is the first official conference of IoTSF. It follows on from the IoT Security Summit earlier in the year, maintaining the momentum of the theme. Delegates can expect a similar level of quality of talks as we move from illustrating problems to exploring solutions

cybergamut Technical Tuesday: It's a Target Rich Environment: Understanding the IIoT Attack Surface (Elkridge, Maryland, USA, December 1, 2015) The Internet of Things (IoT) has received an incredible amount of press as of late. But, most of that has been associated with consumer electronics in the form of wearables and home monitoring devices like the Nest Thermostat. While those are worthwhile markets, the majority of the money will be involved with machine-to-machine communications in the Industrial Internet of Things (IIoT). What is the nature of the IIoT? How is it different from the consumer IoT? And, what makes it such a big target? In this session, Mike Anderson of The PTR Group will discuss the flow of data from the edge devices to the cloud and why the big industry players like Intel, IBM and others are so interested in this market

Public Sector Cybersecurity Summit 2015 (Reston, Virginia, USA, December 1 - 2, 2015) The Raytheon|Websense 6th Annual Public Sector Cybersecurity Summit is a unique opportunity to learn about the state of cybersecurity and how to prepare for future threats from many thought provoking government and industry leaders across Defense, Intelligence, Federal, Civilian, State and Local Government, Industry and the broader Cybersecurity Community

Enterprise Security and Risk Management (London, England, UK, December 2, 2015) Whitehall Media's 4th ESRM conference will bring together hundreds of leading InfoSec, cyber security and risk management professionals to discuss the latest industry developments and identify the most pressing security risks of tomorrow. The event offers unrivalled networking opportunities and insights on how to design, implement and embed

Cyber Security Opportunities for U.S. Firms in Japan, S. Korea, and Taiwan (Online, December 2, 2015) Listen to experts from Japan, S. Korea and Taiwan and learn how to position your company for success in these countries. Sponsored by the US Department of Commerce

Cargo Logistics America (San Diego, California, USA, December 2 - 3, 2015) Cargo Logistics America (CLA) connects freight owners with freight movers, fostering multimodal synergy between diverse stakeholders in import, export and domestic supply chains. This year's conference will have a heavy cyber security component

NG Security Summit US (Austin, Texas, USA, December 2 - 4, 2015) The NG Security Summit US will bring together 65 senior decision makers and business leaders from across the region. The event aims to solve key business challenges. In particular, the ability to network and learn from industry peers through essential business conversation. Working in partnership with our network of senior executives we identify the key industry themes. These form the foundation of our summit and permeate every layer of the content-rich program. These three core themes represent the business critical challenges driving your conversations at the summit: (1) Governance, Risk and Compliance, (2) Processes and Technology, and (3) Identity and Access Management

Program on Cyber Security Studies (PCSS) (Garmisch-Partenkirchen, Germany, December 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused, non-technical cyber security program that emphasizes and teaches senior key leaders how to best make informed decisions on cyber policy, strategy and planning within the framework of whole-of-government cooperation and approaches

Cloud Security Alliance Summit Los Angeles 2015 (Los Angeles, California, USA, December 3, 2015) The full day Cloud Security Alliance LA Summit is a standalone event in the greater Los Angeles area. Hosted by the CSA LA/SoCal chapter, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from entertainment and other key industries. Wendy Frank, Chief Security Officer and Leader Content Security Program at Motion Picture Association of America, will deliver the keynote address

Cyber Security Breakdown: Washington DC (Washington, DC, USA, December 3, 2015) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals

Cyber Security Exchange (Florida, USA, December 6 - 8, 2015) This dynamic, three-day event will provide Cyber Security executives with valuable insights to reach their full potential by exploring security leadership strategies, heightened data privacy concerns, the ever-changing advanced threat landscape, efficient identity access management and more

2015 Cyber Security Exchange (Orlando, Florida, USA, December 6 - 8, 2015) This dynamic, three-day event will provide Cyber Security executives with valuable insights to reach their full potential by exploring security leadership strategies, heightened data privacy concerns, the ever-changing advanced threat landscape, efficient identity access management and more

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.