The CyberWire Daily Briefing 12.04.15
Researchers describe why they think China's behind the attack on Australia's BoM, and why Chinese criminals appear to be targeting journalists.
More on the drive-by ransomware infections Heimdal reported early this week — Ars Technica notes that the campaign first installs "Pony," then a "cocktail" of malware that harvests credentials before encrypting files.
"Chimera" is another entry into the ransomware field. Observers see it as a disturbing bellwether of the growing market for ransomware-as-a-service.
Ransomware's not the only badness on offer in the black market. InfoArmor reports finding some new point-of-sale malware, "Pro POS," actively being hawked to criminals.
We've seen Conficker return. Fox-IT reports the reemergence of another old standby, the Ponmocup botnet.
Trend Micro warns that many high-profile mobile apps remain susceptible to vulnerabilities actually fixed as far back as 2012.
Researchers associated with SCADA Strange Love find vulnerabilities in widely used 3G and 4G cellular USB modems and routers.
In some good news, another old-timer is sinkholed. CERT-Polska, with big assists from ESET and Microsoft, takes down the Dorkbot botnet. (US and Canadian law enforcement also provided support.)
Toymaker Vtech hires Mandiant to sort out its security issues. Mattel deals with its own problem: Bluebox Security describes IoT security tangles in "Hello Barbie."
OpenSSL and Blackberry issue patches.
ZeroFOX attracts venture capital.
CyberPoint earns a patent for "Similarity Search and Malware Prioritization."
The insurance sector prepares for a bigger role in setting cyber standards of care.
Investigation of San Bernardino shootings suggests online, jihadist, inspiration of the shooters.
Today's issue includes events affecting Australia, Belgium, Canada, China, Iraq, Poland, Syria, United Arab Emirates, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
How we trace the hackers behind a cyber attack (Conversation) The fingerprints might indicate China, but that's not so easy to prove. The Chinese military has been imputed for the recent cyber attack on the Australian Bureau of Meteorology (BOM)
Chinese cybercriminals found targeting journalists in Asia (CSO) IT security company FireEye has released results of research into a recent campaign carried out by a Chinese cyber threat group the company referred to as "admin@338" targeting Hong Kong-based media organizations
New ransomware campaign pilfers passwords before encrypting gigabytes of data (Ars Technica) Surreptitious attacks often prey on people visiting legitimate sites
Come to the dark side. Chimera ransomware asks victims to become affiliates (Graham Cluley) Researchers have observed that the Chimera ransomware offers victims the option of joining its affiliate program upon infection
Ponmocup Botnet Still Actively Used for Financial Gain (SecurityWeek) Fox-IT, the security firm recently acquired by NCC Group for $142 million, has published a report on Ponmocup, a sophisticated botnet that has been used over the past years by cybercriminals for financial gain
3G/4G cellural USB modems are full of critical security flaws, many 0-days (Help Net Security) An analysis of popular 3G and 4G cellural USB modems and routers used around the world revealed a myriad of serious vulnerabilities in each of them
High-Profile Mobile Apps At Risk Due to Three-Year-Old Vulnerability (TrendLabs Security Intelligence Blog) A total of 6.1 million devices — smart phones, routers, smart TVs — are currently at risk to remote code execution attacks due to vulnerabilities that have been fixed since 2012
New 'Pro' Point-of-Sale Malware Found For Sale in Underground Forums (Tripwire: the State of Security) Cybercriminals are leveraging a powerful new strain of point-of-sale malware to target the payment systems of retailers this holiday season
Elasticsearch servers actively targeted by botmasters (Help Net Security) Elasticsearch is one of the most popular choices when it comes to enterprise search engines
Netflix login credentials for sale on the Dark Web (TechHive via CSO) Cord criminals join the ranks of cord cutters, cord cheaters, and cord nevers, selling stolen logins for major media-streaming services
Hello Barbie Fails Another Security Test (Security Ledger) In-brief: The security firm Bluebox says the mobile applications used with Hello Barbie contain security flaws that could lead to the theft of passwords and other information
Hello Barbie App, Hello Security Issues (Bluebox) Security risks discovered with Mattel Hello Barbie demonstrates Internet of Things security concerns
Your child's privacy is eroding (CSO) Social media, cloud-based educational tools, and Internet-connected toys are eating away at your child's privacy
Digital toymaker VTech hires FireEye to secure systems after hack (Reuters) Hong Kong-based digital toy and gadget maker VTech Holdings Ltd (0303.HK) said FireEye Inc's (FEYE.O) Mandiant forensics unit was helping the company secure its systems after a hacking attack exposed data on 6.4 million children
Security Sense: Hacked Companies Should Provide Victims Their Data (Windows IT Pro) And so it continues, this time with VTech not only allowing nearly 5 million of their customer records to walk out the digital door, but also the details of over 6 million kids
DDoS attacks are more than disruptions to service (CSO) While security teams are distracted by DDoS attacks, hackers are infiltrating networks with malware
Report: Scripting languages most vulnerable, mobile apps need better crypto (CSO) According to an analysis of over 200,000 applications, PHP is the language with the most vulnerabilities, and mobile apps suffer from cryptography problems
UK pubs group JD Wetherspoon hit by cyber attack (Reuters) British pub chain JD Wetherspoon has been hit by a cyber attack which leaked the names, email addresses and birthdates of 650,000 customers as well as some of the credit and debit card details for 100 buyers of its gift vouchers, it said on Friday
Naval Research Lab hit by zero-day exploit (FCW) The Naval Research Laboratory was recently hit by an attack exploiting a previously unknown software vulnerability, said Commanding Officer Capt. Mark Bruington
Could hackers break my heart via my pacemaker? (BBC) "I just found myself lying on the floor. I didn't know what happened," Marie Moe said
7 cyber threats worse than PHI breaches (Healthcare IT News) 'Healthcare IT security: you have a bad reputation. When it gets down to healthcare there's always a little chuckle about how bad they are'
Raytheon: More domains, more problems (FedScoop) The further we move from .com, the more room we give hackers to target unsuspecting victims, authors of a new report say
Don't Take the Bait; Avoid Phishing and Malware to Protect Your Personal Data (IRS) "Update your account now." "You just won a cruise!" "The IRS has a refund waiting for you"
Security Patches, Mitigations, and Software Updates
OpenSSL Security Advisory (OpenSSL (h/t US-CERT)) We anticipate that 1.0.0t and 0.9.8zh will be the last releases for the 0.9.8 and 1.0.0 versions and that no more security fixes will be provided (as per previous announcements). Users are advised to upgrade to later versions
BlackBerry releases security patches for the PRIV Android phone (Graham Cluley) Back in September I upset some BlackBerry fanboys by taking the mickey out of John Chen, CEO of the beleaguered smartphone company, and his cringeworthy demo of the firm's first Android-powered device — the BlackBerry PRIV
WebEx Android App Users Told to Update ASAP, Due to Risk of Attack (Tripwire: the State of Security) There are often (quite rightly) concerns raised about operating system vulnerabilities on smartphones, and the need for users to patch their devices with the latest software
Cybercriminals will remain victorious in 2016, relief expected in 2018 (Help Net Security) From Ashley Madison to the United States Office of Personnel Management — and many, many others in between — what we now know is targets for cyber criminals and nation-state hacktivists have only broadened in 2015
Why is hacking so easy and security so hard? (Australian Broadcasting Corporation) It's been called a "cyber Wild West"
Survey: Cloud Privacy a Big Concern For Legal Departments (Legaltech News) 'Generally, lawyers are the most conservative professionals when it comes to adoption of new technologies'
Insurance companies will crack down on cyber security in 2016: Report (CSO) Cyber security insurance has had to rapidly evolve to cater to the growing complexity and unpredictability of cyber-attacks
Symantec outperforms following CEO's talk; capital returns mentioned (Seeking Alpha) Symantec (SYMC +0.3%) managed to close slightly higher on a day the Nasdaq fell 1.7% after CEO Michael Brown presented at a Credit Suisse conference
Verint adjusts strategy as shares tumble on revenue shortfall (Reuters) Shares in Israeli-American analytics firm Verint Systems Inc tumbled 13 percent on Thursday after the company posted third-quarter earnings that fell short of expectations, blaming delays in customer orders and a downturn in emerging markets
ZeroFOX is latest Md. cyber firm to attract investors, raising $27M (Baltimore Sun) Investors pumped $27 million into Baltimore cybersecurity company ZeroFOX to accelerate sales of its software that detects hackers who attack via social media
ZeroFOX Secures $27M Round Led by Highland Capital (ZeroFOX) Corey Mulloy, general partner at Highland Capital, joins ZeroFOX board as they tackle the cyber risks associated with social media
Avecto pockets $49M from JMI Equity to invest in Defendpoint security product (FierceITSecurity) Endpoint security software vendor Avecto pocketed $49 million from JMI Equity Wednesday to invest in marketing its Defendpoint security software and its research and development program
Engility Wins Prime Position on Potential $5 Billion Cyber Security and Information Systems IDIQ (BusinessWire) Award will deepen Engility's reach into DOD cyber security market
ManTech Awarded $407M Air Force Security Services Contract; Bill Varner Comments (GovConWire) ManTech International (Nasdaq: MANT) has received $407 million contract to provide security services for U.S. Air Force programs
Cylance Global CISO Malcolm Harkins Receives 2015 Security Advisor Alliance Excellence in Innovation Award (MarketWired) Cylance executive nominated and selected by Fortune 1000 Chief Information Security Officers for Outstanding Industry Leadership
RedOwl Appoints Paul Oshan as Vice President of Sales and Peter Heim as Vice President of EMEA (BusinessWire) Cyber security startup RedOwl has hired two senior security technology veterans: Paul Oshan to lead global sales and Peter Heim to drive expansion in Europe, the Middle East and Africa
Check Point Names Julie Parrish as Chief Marketing Officer (CNN Money) New executive appointment highlights company's commitment to helping businesses stay ahead of evolving security threats
Products, Services, and Solutions
Covata Launches New Look and Multi-Tenancy for Safe Share (BusinessWire) New Features Optimized to Give Telco Partners Secure, Easy-to-Use File Sharing and Storage Solution for Enterprises and Public Sector Organizations
BLACKOPS Partners Corporation Releases SPECTRE® (PRWeb) BLACKOPS Partners Corporation releases SPECTRE®, the breakthrough transformational system for organizations to win against information and industrial warfare in direct response to today's hyper-threat marketplace
Vanguard Integrity Professionals announces the launch of Version 2 Release 2 Security and Compliance Software for IBM's z/OS Security Server (PRNewswire) Increased Security for the Enterprise and Cloud environments with over 100 new features and enhancements, significantly increasing system performance
CyberFlow Analytics Announces New FlowScape CyberHooks Integration Layer (Benzinga) CyberFlow launches new FlowScape CyberHooks integration layer to enable Network Behavioral Analytics as a 15-minute add-on to any SIEM or external system
Cobham Launches TeraVM Cybersecurity Threat Analysis System (Light Reading) Cobham Wireless, a global leader in the provision of advanced wireless coverage and mobile communication systems, has announced the launch of the TeraVM cybersecurity threat analysis solution
Blue Coat & Dimension Data go on global cloud security offensive (Computer Business Review) Partnership aims to deliver real-time threat protection
Technologies, Techniques, and Standards
Podcast: Microsoft's Angela McKay on building global cybersecurity norms (Christian Science Monitor Passcode) Angela McKay, who runs Microsoft's public policy work on cybersecurity, and Elana Broitman from Greenberg Traurig's Government Law & Policy Practice, join the latest edition of The Cybersecurity Podcast
Leading Health Plan Organizations Learn to Mitigate Breach Exposure by Participating in Industry-Wide Cyberattack Simulation Exercise (BusinessWire) HITRUST CyberRX 2.0 reveals top five actions to improve cyber incident readiness
Can you keep Linux-based ransomware from attacking your servers? (CSO) According to SophosLabs, Linux/Ransm-C ransomware is one example of the new Linux-based ransomware attacks, which in this case is built into a small command line program and designed to help crooks extort money through Linux servers
Deploying Honeypots and Ethical Hacking in a Cloud Environment (Virtual Strategy Magazine) Cloud computing brings so many benefits to businesses that it's basically impossible to resist migrating to it
Top 10 Cybersecurity Tips for Businesses Following FTC v. Wyndham (Legaltech News) The FTC's required standard of care for cybersecurity is likely to evolve as new guidelines are issued and new cases are decided
Top 10 cybersecurity must-dos (Telegraph) The biggest threats we face in business today are digital attacks. The head of client propositions at BSI walks us through the cybersecurity checklist
How can security leaders create a positive work environment? (TechTarget) It's the responsibility of security leaders to create a positive work environment for security teams, which can be tough to do in such a demanding field. Here's how
Advent tip #4: Unsolicited tech support call? Just hang up! (Naked Security) Many of us have had unsolicited technical support calls, sometimes several of them
Design and Innovation
The Moral Dimension of Cryptography (Schneier on Security) Phil Rogaway has written an excellent paper titled "The Moral Character of Cryptography Work." In it, he exhorts cryptographers to consider the morality of their research, and to build systems that enhance privacy rather than diminish it
Research and Development
Patent Issued for Similarity Search and Malware Prioritization (USPTO 9197665) (Equities.com) News editors obtained the following quote from the background information supplied by the inventors: "Malware, or malicious software, may refer to software that is used to disrupt computer systems and networks. Malware may be analyzed to study and detect threats of malware. However, existing malware analysis services suffer from several deficiencies. For instance, malware analysis services may not be able to keep pace with the rapidly evolving nature of malicious software. Therefore a faster and more efficient method is needed to process files to detect malware. In addition, because numerous malware are generated on a daily basis, a method to prioritize malware samples for analysis is also needed"
U Maryland Wins $2.76 Million for Data Security Training (Campus Technology) The University of Maryland has received a new vote of confidence for its approach to data security training from the company that helped the institution begin the program in the first place
Lastline Sponsors International Capture the Flag IT Security Exercise and "White Hat Hacker" Competition on Friday December 4, 2015 (BusinessWire) World's longest-running educational hacking competition at UC Santa Barbara to test and expand participants' security skills for fun and cash prizes; new twist features "Crowdsourced Evil"
Academics hold key in the war on cybercrime, Emirati expert says (The National) An Emirati cyber security researcher is calling on academic institutions to play a greater role in researching potential threats to the UAE
Cybersecurity program growth, 'cyber village' could be future of Augusta University (Augusta Chronicle) Cybersecurity and even a "cyber village" involving Sibley Mill could be potential future strengths for Augusta University, President Brooks Keel said
Legislation, Policy, and Regulation
Final cyber bill language could be ready around the new year (The Hill) Lawmakers seeking to reach a compromise between the House and Senate on a major cybersecurity bill are edging closer to a deal — but may not be able to complete it until next year, according to several people with knowledge of the negotiations
New legislation aims at stalling NSA reform (CSO) The new bill would let the NSA hold on to bulk phone data already collected
Encryption backdoors will make us all more vulnerable (Network World via CSO) In the aftermath of the Paris attacks, one of the memes being perpetuated by "security professionals" is that the terrorists used encrypted communications, enabling them to plan and coordinate their activities without raising suspicion among the intelligence community
DHS Expanding Enhanced Cybersecurity Services Program (Homeland Security Today) The Department of Homeland Security's (DHS) Enhanced Cybersecurity Services (ECS) — a voluntary program that shares indicators of malicious cyber activity between and participating Commercial Service Providers (CSPs) and Operational Implementers (OIs) — has concluded a Privacy Impact Assessment (PIA) Update to reflect ECS' support by Executive Order 13636, Improving Critical Infrastructure Cybersecurity, the expansion of service beyond Critical Infrastructure sectors to all US-based public and private entities, and to introduce the new Netflow Analysis service
Air Force reorganizing to integrate cyber (C4ISR & Networks) The Air Force is making some big changes to its internal mission and personnel structures in order to better protect assets and interests from cyber threats, according to top Air Force officials
Litigation, Investigation, and Law Enforcement
GCHQ admits to hacking in court, says hacking helps stop terror attacks (SC Magazine) GCHQ has admitted for the first time that it has hacked computers, smartphones, and networks in the UK and abroad using CNE
Persistent Hacking — Is GCHQ going too far? (Check & Secure) The NSA-Snowden scandal in 2013 really blew the world of cyber espionage apart, with people first starting to throw doubt onto the role of their government and ponder just what was right and what was wrong in the world of online surveillance. Meanwhile, slightly less conspicuously, a more British variant of cyber spying was gathering speed. Four letters: GCHQ
Officials: San Bernardino shooter apparently radicalized, in touch with terror subjects (CNN) …Yet Farook himself had communicated by phone and via social media with more than one person being investigated for terrorism, law enforcement officials said
F.B.I. Treats San Bernardino Attack as Possible Terrorism Case (New York Times) The couple who the police say killed 14 people and left 21 wounded here had stockpiled thousands of rounds of ammunition and a dozen homemade pipe bombs in their home, officials said Thursday, a sign that they might have been planning further attacks
Islamic State's US Recruits So Diverse They 'Defy Analysis' (Voice of America) Their average age is 26. Eighty-six percent are male. Most use Twitter and other social media to find and spread propaganda
ISIS in America: From Retweets to Raqqa (The George Washington University Program on Extremism) While not as large as in many other Western countries, ISIS-related mobilization in the United States has been unprecedented
Microsoft and ESET Disrupt Dorkbot Botnet, Authorities Sinkhole Its C&C Servers (Softpedia) Dorkbot, a malware family that operates on a botnet structure, has been sinkholed by Polish law enforcement officials working together with Microsoft and ESET
Alert (TA15-337A) Dorkbot (US-CERT) Dorkbot is a botnet used to steal online payment, participate in distributed denial-of-service (DDoS) attacks, and deliver other types of malware to victims' computers
Facebook ordered to stop tracking non-users (Naked Security) Facebook is now blocking Belgians if they haven't signed in
Annual assessment reveals cybersecurity, IT program management issues at IRS (FierceGovernmentIT) An annual assessment of the Internal Revenue Service's information technology environment highlights cybersecurity weaknesses and several IT programs in need of better management
Dem pressures airlines for cyber defense details (The Hill) Sen. Ed Markey (D-Mass.) wants to know more about how airlines and airplane makers are defending themselves from hackers that have increasingly targeted the aviation industry
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
SANS Cyber Threat Intelligence Summit & Training 2016 (Alexandria, Virginia, USA, Feb 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and discuss directly with the experts who are doing the CTI analysis in their organizations. What you learn will help you detect and respond to some of the most sophisticated threats targeting your networks
SANS 2016 (Orlando, Florida, USA, Mar 12 - 19, 2016) It is time we unite, join forces, and show that if we work together, we can make a measurable difference in security. It is our pleasure to announce that SANS 2016 is back in Orlando, Florida March 12-21 with cutting-edge courses taught by top industry professionals who will provide you with the best available information and software security training. We invite you to take this amazing opportunity to meet with other cyber security professionals at one of the largest SANS events and learn actionable steps that will make an impact on security. Our event campus and lodging will once again be the magnificent Walt Disney World Dolphin Resort.
SANS Atlanta 2016 (Atlanta, Georgia, USA, Apr 4 - 9, 2016) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts so that you can win the battle against a wide range of cyber adversaries who want to harm your digital environment
SANS Security West 2016 (San Diego, California, USA, May 1 - 6, 2016) With cyber-attacks and data breaches on the rise, attacks becoming more frequent, sophisticated and costlier, the gap in the ability to defend has become wider and more time sensitive. Now is the perfect time to take the next step in your career. Cybersecurity is more vital, crucial, and important to the growth of your organization than ever before. Join us at SANS Security West 2016 to gain the skills and knowledge to help your organization succeed
SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, Jul 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security professionals and control system engineers with the security awareness, work-specific knowledge, and hands-on technical skills they need to secure automation and control system technology. Register now for these ICS skills based courses
Program on Cyber Security Studies (PCSS) (Garmisch-Partenkirchen, Germany, Dec 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused, non-technical cyber security program that emphasizes and teaches senior key leaders how to best make informed decisions on cyber policy, strategy and planning within the framework of whole-of-government cooperation and approaches
2015 Cyber Security Exchange (Orlando, Florida, USA, Dec 6 - 8, 2015) This dynamic, three-day event will provide Cyber Security executives with valuable insights to reach their full potential by exploring security leadership strategies, heightened data privacy concerns, the ever-changing advanced threat landscape, efficient identity access management and more
Disrupt London 2015 (London, England, UK, Dec 7 - 8, 2015) TechCrunch Disrupt is one of the most anticipated technology conferences of the year. Join us at this iconic startup and thought leadership event in London on December 7 and 8. What happens at Disrupt? We start each day with panels and one-on-one discussions featuring TechCrunch writers and editors, special guest speakers, leading venture capitalists and fascinating entrepreneurs addressing the most important topics facing today's tech landscape. Each afternoon, we host the Startup Battlefield competition which culminates in six finalists taking the stage at the end of the event for a shot at winning the Disrupt Cup
Passwords 2015 (University of Cambridge, England, UK, Dec 7 - 9, 2015) More than half a billion user passwords have been compromised over the last five years, including breaches at internet companies such as Target, Adobe, Heartland, Forbes, LinkedIn, Yahoo, and LivingSocial. Yet passwords, PIN codes, and similar remain the most prevalent method of personal authentication. Clearly, we have a systemic problem. This conference gathers researchers, password crackers, and enthusiastic experts from around the globe, aiming to better understand the challenges surrounding the methods personal authentication and passwords, and how to adequately solve these problems. The Passwords conference series seek to provide a friendly environment for participants with plenty opportunity to communicate with the speakers before, during, and after their presentations
ACSAC (Annual Computer Security Applications Conference) (Los Angeles, California, USA, Dec 7 - 11, 2015) ACSAC is one of the most important cyber security conferences in the world, and the oldest information security conference held annually. Researchers, government representatives, academia and security professionals of all types gather at ACSAC to discuss the latest developments in the infosec industry. The core mission of this conference is investigating practical solutions for computer security technology. This year's edition will especially focus on security and privacy in the Internet of Things era
Cyber Risk Wednesday: 2016 Threat Landscape (Washington, DC, USA, Dec 9, 2015) To discuss how 2016 will likely challenge today's security thinking and what we can learn from the past year's developments and these trends, please join the Atlantic Council's Cyber Statecraft Initiative on Wednesday, December 9 from 4:00 p.m. to 5:30 p.m. for a moderated panel discussion with a group of prominent cybersecurity experts
NSA RCTCON (Fort Meade, Maryland, USA, Dec 9, 2015) The NSA RCTCON industry exposition will be attended by 250-300 IC (Intelligence Community) cyber personnel working on solutions to the current cyber threats that face the U.S
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
cyberSecure (New York, New York, USA, Dec 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add value to your company and shareholders DURING and POST breach. Enter ALM cyberSecure. A unique professional event providing an all-encompassing view and the relationships necessary to protect enterprises during all phases, across all departments while keeping revenue on track