The CyberWire Daily Briefing 12.11.15
The US State Department acknowledges that unnamed hackers reported earlier this year may indeed, after all, have made off with sensitive information.
Today, of course, is Anonymous's "Troll ISIS Day." Much as one might wish them success at holding Daesh up to mockery, the virtuous trolling doesn't seem to have shown the Caliphate much. The closest Anonymous gets to a rave review is PC Magazine's "this isn't entirely feel-good slacktivism." Much of what's visible — and it's not exactly breaking the Internet — is promulgated under "#Daeshbag" and consists largely of depicting jihadists in unflattering, defeated, or debased postures.
Busy as the hacktivist collective's been with ISIS, they've still had time to deface sites belonging to Japan's Prime Minister Abe (for whaling) and American real estate mogul cum presidential aspirant Trump (for anti-Muslim remarks).
ZScaler has information on the Spy Banker Trojan that's infesting Brazilian networks.
FireEye finds the Angler exploit kit lurking in a 2011 Guardian story about cyber crime, and it's also appeared in sites susceptible to a recently disclosed WordPress vulnerability. Heimdal offers an overview of Angler adapted to non-technical readers.
Malwarebytes runs a useful account of Chimera, an unusual bit of crimeware in that it combines file encryption (as in familiar ransomware) with doxing functionality (threatening to publish victims' files if they don't pony up).
Cyber criminals are changing tactics to cut their costs — they only need what works, and that doesn't necessarily require the exotic or expensive.
Bitcoin's Satoshi Nakamoto remains as airborne and elusive as ever.
Today's issue includes events affecting Australia, Brazil, Czech Republic, Finland, France, Germany, Iraq, Japan, NATO, New Zealand, Switzerland, Syria, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
State Department Says Hackers May Have Stolen Sensitive Data (Defense One) The revelation, buried in a new inspector general report, is the first acknowledgment that foreign spies might have grabbed national secrets during a months-long campaign last fall
Anonymous 'trolling' campaign against ISIS set for Friday (Jerusalem Post) Hacktivists call for "mass uprising" to combat extremist group's fear-mongering and "mock them for the idiots they are"
Anonymous reveals the next phase in its cyber war with ISIS (BGR News via Yahoo! Tech) To call the Anonymous cyber war on ISIS ineffectual would be an understatement
Troll ISIS Day: How to Do it Right (PC Magazine) Anonymous invites us to have some fun trolling the bad guys today. If you intend to do so, do it right
Anonymous Knockoff Donald Trump's Website Against Anti-Muslim Speech (Hack Read) Remember a couple of months ago a hacker defaced Donald Trump's official website with a tribute message for Jon Stewart? Now Anonymous has done the same but with a DDoS attack
Anonymous Hacker Group Claims It Hit Abe's Personal Website (Wall Street Journal) Japanese police are investigating after the hacker group Anonymous apparently claimed responsibility Thursday for a shutdown of Prime Minister Shinzo Abe's personal website, Chief Cabinet Secretary Yoshihide Suga said
New Spy Banker Trojan Telax abusing Google Cloud Servers (Zscaler ThreatLabZ) Zscaler ThreatLabZ has been closely monitoring a new Spy Banker Trojan campaign that has been targeting Portuguese-speaking users in Brazil
Spy Banker Trojan Being Hosted On Google Cloud (Dark Reading) Spy Banker spreading through Brazil via malicious links posted on social networks
Cybercrime News Results In Cybercrime Blues (FireEye) FireEye Labs recently spotted a 2011 article on cybercrime from the news site theguardian[.]com that redirects users to the Angler Exploit Kit
UK Newspaper The Independent Hit by WordPress Compromise (Infosecurity Magazine) A blog run by UK national newspaper The Independent has been affected by a widespread campaign designed to compromise WordPress sites in order to load the notorious Angler exploit kit
WP Engine Hacked — Customers Exposed (Check & Secure) WordPress is great. The web publishing software has opened up a new world for hobby bloggers, companies and budding online entrepreneurs alike. It's plug and play functions have spawned a new substrata of companies who provide services linked to the site. Theme designers, plugin developers, WP hosters and many more besides. Unfortunately, some of the companies surrounding WordPress are slightly lax with regard to their security
The Ultimate Guide to Angler Exploit Kit for Non–Technical People (Heimdal Security) There's been a lot of talk about the Angler exploit kit lately, but, for most people, the warnings don't strike a chord. And they're definitely not to blame
Inside Chimera Ransomware — the first 'doxingware' in wild (Malwarebytes Unpacked) Ransomware have proven to be a good source of money for cybercriminals. Not surprisingly, we are nowadays facing various families of this type of malware, i.e Cryptowall, CTB-Locker,Teslacrypt to name a few
Threat Spotlight: CryptoWall 4 — the Evolution Continues (Talos) Over the past year, Talos has devoted a significant amount of time to better understanding how ransomware operates, its relation to other malware, and its economic impact
How Smoke–Screen Cyber Attacks Are Being Used in Data Breaches (Radware) 2015 was a paramount year in data exfiltration
Everything old is new again — Blackhole exploit kit since November 2015 (Internet Storm Center) Last month, the Malwarebytes blog posted an article about Blackhole exploit kit (EK) resurfacing in active drive-by campaigns from compromised websites
Torrent Sites Drop Malware to 12 Million Users Monthly, Earn $70 Million A Year (Hack Read) You may have heard the phrase "There ain't no such thing as a free lunch". But, most of the people online think downloading from torrent sites is absolutely free and torrent owners are doing favors to the users! Which is too good to be true and a recent study has proved it
Cyber criminals switch tactics to cut costs (ComputerWeekly) Cyber criminals have realised they can get the same results as malware with other attack methods, but at a lower cost
Website hosting company Easily hit by cyber attack (Financial Times) Easily.co.uk, one of the UK's largest website hosting companies, has become the latest group to suffer a serious cyber attack
Israel security firm finds Darknet site selling credit card data (Kyodo via Equities.com) An Israeli cybersecurity company has found a website selling credit card information on some 3 million people, including 11,532 people signed up with Japanese card firms, its CEO told Kyodo News
My Talking Tom offers up naked selfie ads to kids (Naked Security) My Talking Tom, heralded as the "world's most popular cat" by the maker of the Android and iOS children's app, is a fully animated, interactive 3D character that users can tickle, poke, play with, spend parents' money to customize, get to repeat what they say, force to sing a pimple-themed version of Lady Gaga's My Poker Face, and induce to dance Gangnam style
Exeter University back online after cyber attack (Exeter Express and Echo) Students and staff at Exeter University are back online, following a sustained cyber attack on an academic computer network
Elephant Bar restaurants continued to process credit cards for weeks after becoming aware of breach (FierceITSecurity) The owner of the Elephant Bar restaurant chain admitted this week that it suffered a "security incident" that may have compromised credit and debit card numbers at 30 locations in seven U.S. states — California, Colorado, Arizona, Missouri, Nevada, New Mexico and Florida
Security Patches, Mitigations, and Software Updates
SHA-1 cutoff could block millions of users from encrypted websites (IDG via CSO) Tens of millions of users would be unable to access HTTPS websites that only use SHA-2-signed certificates, Facebook and Cloudflare have warned
Google for Work bolsters Gmail with data loss prevention (ZDNet) Google for Work also plans to bring DLP to Google Drive next year
Steam tightens trading security amid 77,000 monthly account hijackings (Ars Technica) Traded items will be "held" for days unless you have two-factor security
CISOs face challenges talking to boards about cyber risks (FierceITSecurity) While chief information security officers are increasingly getting the ear of board members, they are not necessarily communicating security risks effectively to the board
State of IoT security equivalent to computer security in 1990, says Bastille chairman (FierceITSecurity) The state of Internet of Things security today is in its infancy, equivalent to the state of computer security in 1990, opined Chris Rouland, chairman and chief technology officer at IoT security firm Bastille
G DATA Ausblick 2016: Das Internet der Dinge im Fadenkreuz (FinanzNachrichten) Vorinstallierte Schadprogramme auf Smartphones und Cyberattacken auf Autos waren 2015 Top-Themen in den Medien
Six trends that will further the development of the Internet of Things (Help Net Security) 1. The death of the password is rapidly approaching. New and more serious data breaches among well known consumer brands will continue to erode faith in perimeter and credential-based security approaches
Technology has helped firms avert cyber-attack: Report (Econmic Times) According to a study by EY on global information security — organisations are now better prepared in averting a cyber-attack due to emerging technologies
Only 5% of organizations protect credentials (Help Net Security) In order to find the riskiest industries in the cloud, CloudLock analyzed 10 million users, 1 billion files, and over 91,000 applications, focusing on and breaking down risk in the Retail, Manufacturing, Healthcare, Financial Services, K-12, Higher Education, Government, and Technology industries
The impact of data breaches on customer loyalty (Help Net Security) Nearly two-thirds (64%) of consumers worldwide say they are unlikely to shop or do business again with a company that had experienced a breach where financial information was stolen, and almost half (49%) had the same opinion when it came to data breaches where personal information was stolen
The 12 Breaches of 2015 (Ziften) 'Tis The Season For Data Loss
Top 6 Venafi 2016 Cybersecurity Predictions: More Encryption Equates to More Attacks on Trust (Venafi Blog) Venafi 2016 cybersecurity predictions include an increase in attacks that misuse keys and certificates. Cybercriminals will use keys and certificates to hide in encrypted traffic, conduct MITM attacks, and make phishing sites and malware appear trustworthy. In 2016, most organizations will fall victim to an attack on trust — one that impacts keys and certificates
2015: The Year Hacking Got Personal (Cisco OpenDNS Blog) Following the Ashley Madison hack in July 2015, Troy Hunt — the security expert who runs HaveIBeenPwned.com — started receiving inquiries and pleas from people worrying about whether or not their names and e-mails would be found in the database hackers published online
Cybercrime Predictions 2016: The Year of the Digital Identity (Multichannel Merchant) ThreatMetrix®, the digital identity company, is predicting 2016 to be the "year of the digital identity"
How does government cloud security stack up? (GCN) What: "Riskiest Industries in the Cloud," a new report from Cloudlock that analyzes anonymized usage data from the 10 million users, 1 billion files, and over 91,000 applications the company monitors
CyberArk survey finds executives overly reliant on compliance metrics to measure security program effectiveness (ITWeb) Seventy-nine percent of it security professionals report to executive management on compliance, yet 59% say threat detection metrics are most critical
Hacked off: data breach fatigue and the need for acceptance (Sydney Morning Herald) There's one hacked every minute. Breaches of high-profile websites happen so often that it's easy to dismiss them as inevitable — but that doesn't mean it won't happen to you
Inside the NSA's hunt for hackers (Politico) The government is losing ground in the effort to hire critical cyber talent — but our most secretive agency isn't doing too badly
At a Valuation of $20B Palantir Raises Another $129M in its Ongoing Round (iamwire) Palantir entered the race in 2004, long before many of its current competitors even existed, with a relatively humble $2 million in seed funding from the CIA's venture capital arm and another $30 from Peter Thiel
CIA big data analytics pays off for $20bn Palantir (Computer Business Review) Company produces data-mining software that deals with vast amounts of government data
Wynyard shareholders approve $30 million private placement (National Business Review) Wynyard Group [NZX: WYN] shareholders have passed a resolution to raise at least $30 million from a number of strategic investors to enable the security software firm to cash in on increased demand for ways to combat cyber, terrorist, and organised and transnational crime
Wynyard Group postpones dual listing on ASX (ZDNet) Australian share market rules would conflict with crime fighting and analytics software developer's plans to raise capital
Cylance Named by CRN Magazine as One of the 10 Coolest Security Startups of 2015 (Virtual Strategy Magazine) Cylance, the company that is revolutionizing cybersecurity through the use of artificial intelligence to proactively prevent, rather than just reactively detect, advanced persistent threats and malware, announced today that it has been named to CRN Magazine's 10 Coolest Security Startups of 2015
Distil Networks Rounds Out Executive Team with New Hires (PRWeb) Distil Networks, Inc., the global leader in bot detection and mitigation, today announced it has made three new executive hires. Matt Hibbard has joined as Chief Financial Officer, Kent Rounds has joined as Executive Vice President of Sales and Jason Hollander has joined as Vice President of Customer Success
Products, Services, and Solutions
A New Weapon in the Fight Against Cyber Criminals (PRNewswire) Organizations' ongoing defense against cyber attackers has a new weapon: a platform that gives threat analysts the power to gather, share and act on cyber threat intelligence
End-to-end encrypted database ZeroDB is now open source (Help Net Security) ZeroDB, an end-to-end encrypted database whose release was announced earlier this year, is now open source
Technologies, Techniques, and Standards
When it comes to cloud security which is better? Heavy hand or gentle policing? (CSO) When it comes to successfully managing cloud use within the enterprise, some security organizations try to establish and enforce firm lines between what is permissible and what is banned, while others try to learn what their employees are trying to achieve and help them do so more securely
How 'Digital Forensic Readiness' Reduces Business Risk (Dark Reading) These six real-world scenarios show how to turn reactive investigative capabilities into proactive, problem-solving successes
Advent tip #11: Ask permission to post photos, not forgiveness! (Naked Security) There's a famous saying: "It's easier to ask for forgiveness than for permission"
Design and Innovation
The Lizard Squad: Cyber Weapon or Business? (Dark Reading) Even a hacker with the noblest intentions can run afoul of the law by not following six important do's and don'ts
When APIs and DevOps Meet Cybersecurity (Network World) Center of gravity will flow to middleware and cybersecurity process expertise as software integration proliferates in the enterprise cybersecurity market
Backslash: Anti-surveillance gadgets for protesters (Ars Technica) Two designers create a toolkit for tech-savvy protesters
Research and Development
DARPA on the hunt for 'early warning' cyberattack detection technology (FierceGovernmentIT) The Defense Advanced Research Projects Agency will bring together potential proposers on Dec. 14 to give industry more information on its cyber threat monitoring needs in advance of forthcoming solicitations under a broad agency announcement known as the Rapid Attack Detection, Isolation and Characterization, or RADICS, program
DARPA Wants Networks to Find and Fix Security Holes — In Seconds (Defense One) The Pentagon is seeking an "automation revolution in computer security" in which machines swiftly detect attacks and patch their vulnerabilities
In Belgium, an Encryption Powerhouse Rises (Wall Street Journal) University of Leuven has become a battleground in the fight between privacy and surveillance
University of Waikato cyber security ninja recognised on global stage (NetGuide) Dr Ryan Ko, from the University of Waikato, has been recognised at an international level for his work in the world of cyber security
Walsh College Receives Designation As A National Center Of Academic Excellence In Cyber Defense (PRNewswire) Walsh College has been designated as a National Center of Academic Excellence (CAE) in Cyber Defense (CD) by the National Security Agency (NSA) and the Department of Homeland Security (DHS), underscoring its commitment to the quality undergraduate and graduate information technology (IT) degree programs valued by students and employers alike
Legislation, Policy, and Regulation
New Zealand responds to cybercrime, joins global CERT club (ZDNet) New cyber security strategy will finally deliver long-awaited cyber security emergency response team among other measures
The US, China and an Abundance of Cyber-Caution (The Diplomat) Is restraint the chief characteristic of conflict in the cyber-age?
Interview: Gen. Petr Pavel, Chairman of NATO's Military Committee (Defense News) In June, Czech Gen. Petr Pavel became chairman of NATO's Military Committee, the first leader from a former Warsaw Pact nation to serve as the alliance's senior military officer
House leadership reviewing cyber compromise (The Hill) House leadership is reviewing the compromise text of a major cybersecurity bill, indicating lawmakers could be on the cusp of moving the final legislation
Awaiting the Rushed Cyber Bill's Final Language: What We Hope to See (Center for Democracy and Technology) The final text of a cyber information sharing bill is expected to be released any minute now
Congressional encryption commission needs to be balanced and inclusive (FierceITSecurity) In response to the growing row between tech companies and the U.S. government over encryption, the House Committee on Homeland Security is considering a special commission to examine the issue and come up with a solution
FBI Tweaks Stance On Encryption BackDoors, Admits To Using 0-Day Exploits (Dark Reading) FBI retreats a step, but makes stand on end-to-end encryption. Meanwhile, European Union gets ready with a rougher, tougher replacement for Safe Harbor
ISIS Has an App. Could They Build Encryption Tools, Too? (NBC News) In the wake of the Paris terror attacks, some politicians and intelligence officials began rallying for "back doors" into encrypted messaging apps
CLPO discusses how to balance national security, privacy in an increasingly transparent world (IC on the Record) At a recent presentation to University of Texas students and faculty, the Civil Liberties Protection Officer for the Office of the Director of National Intelligence (ODNI), Alexander Joel, discussed the intelligence community's efforts to balance the protection of national security with the protection of privacy and civil liberties in an open and transparent democracy
The Growth Industry Helping Governments Hack Terrorists, Criminals — and Political Opponents (MIT Technology Review) Government agencies and oppressive regimes are snapping up software that makes it easy to hack your phone or computer. These new powers could make us all less safe
Retired Admiral Recommends Creation of a U.S. Cyber Force (Seapower) Two retired senior flag officers with vast command experience have recommended significant changes in the Defense Department's command structure to improve operational performance, including putting the chairman of the Joint Chiefs of Staff (CJCS) in the chain of command, consolidating some regional combatant commands and creating a U.S. cyber combatant command or even a separate cyber force
Final notices going out this week to the 21 million people whose data was stolen in the security clearance breach (Washington Post) The last of the notices are set to go out this week to the more than 21 million people whose personal information was stolen in a cyber breach of government security clearance files, with about 1.5 million of those having signed up so far for identity and credit monitoring services
Litigation, Investigation, and Law Enforcement
Finnish Police Arrest Iraqi Twins Linked to ISIS Massacre in 2014 (New York Times) The police in Finland arrested Iraqi twin brothers on Tuesday suspected of being members of the Islamic State and of shooting 11 unarmed prisoners in Iraq in June 2014, Finnish news reports said Thursday
Manhunt underway in Geneva for suspects with potential IS ties (Military Times) A Swiss official says Geneva police are hunting for at least four suspects believed to have links to the radical Islamic State group and are believed to have been plotting a specific attack in the city
'Uncertainty' Reported as Companies Await New EU Data Rules (Legaltech News) Companies need to address data issues now given the European court decision, the CipherCloud webinar said
Thai police: Suspected Silk Road consigliere to be sent to US soon (Ars Technica) Suspect accused of being Variety Jones on Silk Road to fight extradition to US
Ex-global finance VP arrested for accessing his former boss' email account 100 times (Neowin) The U.S. Attorney's Office for the Southern District of New York has announced the arrest of Kristopher Rocchio, a former vice president at investment company Western Asset Management, for unauthorized access of his former boss' email around 100 times following his departure from the company in early 2012
The Role of Phony Returns in Gift Card Fraud (KrebsOnSecurity) On any given day, there are thousands of gift cards from top retailers for sale online that can be had for a fraction of their face value
Satoshi Gulch (TechCrunch) Satoshi Nakamoto doesn't exist. He is not one person. He is not even controlled by a single entity
For a complete running list of events, please visit the Event Tracker.
Program on Cyber Security Studies (PCSS) (Garmisch-Partenkirchen, Germany, Dec 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused, non-technical cyber security program that emphasizes and teaches senior key leaders how to best make informed decisions on cyber policy, strategy and planning within the framework of whole-of-government cooperation and approaches
ACSAC (Annual Computer Security Applications Conference) (Los Angeles, California, USA, Dec 7 - 11, 2015) ACSAC is one of the most important cyber security conferences in the world, and the oldest information security conference held annually. Researchers, government representatives, academia and security professionals of all types gather at ACSAC to discuss the latest developments in the infosec industry. The core mission of this conference is investigating practical solutions for computer security technology. This year's edition will especially focus on security and privacy in the Internet of Things era
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
cyberSecure (New York, New York, USA, Dec 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add value to your company and shareholders DURING and POST breach. Enter ALM cyberSecure. A unique professional event providing an all-encompassing view and the relationships necessary to protect enterprises during all phases, across all departments while keeping revenue on track