The CyberWire Daily Briefing 12.15.15
Observers continue to mull the import of Twitter's warnings that you-may-be-the-target-of- state-sponsored-attention, but reach no consensus.
As Russia deploys jammers to Syria, ISIS/Daesh retaliates indirectly against the ministrations of Anonymous, releasing personally identifying information of US personnel (not themselves, ex hypothesi, Anonymous adherents). European and American authorities begin prosecution of ISIS supporters for either recruitment or conspiracy. In the US, eyebrows rise over reports that the Department of Homeland Security explicitly excludes social media checks from its vetting of visa applicants. One of the San Bernardino killers is said to have left a lurid trail in her social media posts.
As the OPM hack is found to extend to accredited journalists, OPM's recently appointed "cyber czar" says he's worried that ISIS/Daesh may also be able to compromise the agency's data or networks.
One hears much of "actionable intelligence," but use cases have been surprisingly thin on the ground. But here's a developing story of one such case: British firm Moonfruit, which provides online services primarily for small businesses, has taken itself offline in response to indications that it may soon be targeted in a DDoS campaign. Moonfruit says it's taken this step to protect its customers, and that it will return after a security upgrade.
Other case studies surface in responsible disclosure, courtesy of researcher Chris Vickery, who finds two unrelated problems. The vendors' different responses are instructive.
The "Microsoft Word Intruder" crimeware kit gets an upgrade.
Joomla patches a remote code execution vulnerability being actively exploited in the wild.
Notes.
Today's issue includes events affecting Afghanistan, Algeria, China, Egypt, European Union, France, Germany, Iraq, Jordan, Libya, Malaysia, Morocco, Nigeria, Norway, Pakistan, Qatar, Romania, Saudi Arabia, Syria, Tunisia, Turkey, United Arab Emirates, United Kingdom, United States, and and Yemen.
Cyber Attacks, Threats, and Vulnerabilities
Twitter Warns Users of Possible 'State-Sponsored' Attacks (Tripwire: the State of Security) At least 30 Twitter accounts received a disturbing message from the site late last week, warning that they may have been targeted by government or state-sponsored hackers
Twitter warns users the black helicopters are coming (CSO) I'm seeing in the news today that a subset of Twitter users have been receiving notifications that they may well be the targets of surveillance by nation state actors. Step one, let's all take a deep breath
Anonymous says it took down Trump Tower website (IDG via CSO) The online activist group condemned Donald Trump's call to ban Muslims from the U.S.
Russia deploys jamming systems in Syria as tensions rise (Cyber Defense Magazine) Russia will deploy jamming systems in Syria to protect its air forces and prevent attacks against its aircraft
Ratcheting up info war, Islamic State devotees post officials' information (Christian Science Monitor Passcode) Islamic State supporters published what appear to be names and e-mail addresses of former US officials and enlisted US Army personnel after Anonymous's operation to attack the militants on social media
New OPM Cyber Czar Worried About an ISIS Hack (Nextgov) The new cybersecurity adviser hired by the Office of Personnel Management after a Chinese-originated hack says he expects ISIS may ultimately pierce the agency's systems, too
The Chinese didn't just hack federal employees. Journalists were swept up in the massive breach, too (Washington Post) The government is notifying journalists who are accredited by federal agencies that their personal information may have been stolen by the Chinese, another sign of the breadth of the massive hack of U.S. computer networks
50 Shades of Gray: Why the Gray Wars Concept Lacks Strategic Sense (War on the Rocks) Many men, as they age, start to worry about gray hairs. America's military men, however, worry about gray wars
Moonfruit takes websites offline after cyber-attack threat (BBC) Thousands of business and personal websites have been taken offline by web host Moonfruit, after it was threatened with a cyber-attack
Moonfruit takes customers' sites offline, as it prepares for DDoS attack (We Live Security) A UK company which helps consumers and small businesses create websites and online stores has taken itself and its customers' sites offline, after receiving threats about an imminent internet attack
Corero warns of DDoS smokescreen (Enterprise Times) The main goal of a Distributed Denial of Service (DDoS) attack is to flood the target with so much traffic that their servers cannot cope with it
Exploit upgrade for Microsoft Word Intruder crimeware kit (Naked Security) Microsoft Word Intruder, or MWI for short, is a toolkit for sneaking malware onto your computer using booby-trapped Word files
Hackers actively exploit critical vulnerability in sites running Joomla (Ars Technica) Wave of attacks grows. Researchers advise sites to install just-released patch
TeslaCrypt Reappears with Savvy Year-End Ransomware Campaign (Infosecurity Magazine) There has been a sudden increase in cryptographic ransomware variants in the last week, centered around the TeslaCrypt ransomware
MacKeeper User Database an Open Book (Threatpost) A trove of MacKeeper user data — some 13 million records — has been locked down after a researcher found an exposed and accessible database using a simple Shodan query
HIV Dating Biz Threatens Researcher after Privacy Snafu (Infosecurity Magazine) A dating app for HIV-positive singles was recently informed that it was leaking highly sensitive information, leading to an extraordinary response from the site owners
Scammers pose as Microsoft support, look to install malware (SC Magazine) Researchers at Tripwire warn of cyberscammers calling victims during the holiday season and posing as Microsoft tech support in order to gain access to a victim's computer and load malware
Car parking apps vulnerable to man-in-the-middle attacks (Naked Security) The next time you need to pay for parking, it might be best to have a handful of coins ready for the meter
Ashley Madison blackmailers now sending threats via US postal system (Graham Cluley) It may be months since the Ashley Madison adultery website was hacked, but the story continues to run and run and has now taken a further unpleasant turn
American cyber crims operate popup hack 'n crack sites in plain sight (Register) Yanks thumb noses at cops, use YouTube to sell RATs
Hackers Likely To Target More Apple Devices in 2016 (Top Tech News) The Apple ecosystem has managed to avoid suffering from many of the worst cybercrimes and exploits over the years. But that could soon change, according to a new report by technology security firm FireEye
Cyber Terrorists Can Get Their Hands on UK Infrastructure, Like the Net or Electricity (Security Affairs) Cyber terrorists can target UK infrastructure, with the odds being in favor of targeting the power grid, rather than the Internet broadband network
Security Patches, Mitigations, and Software Updates
Joomla patches critical remote execution bug (IDG via CSO) Users should immediately upgrade to version 3.4.6
Cyber Trends
Report: Remote health monitoring jumps 51 percent (FierceMobileHealth) Increase due to "rising market acceptance"
Lack of cyber security draws hackers to hospital devices (Financial Times) Imagine if simply typing "password123" into a computer did not open your email account, but an internet-connected medical device responsible for feeding you drugs or monitoring your blood oxygen or insulin levels
John Halamka: Security work to increase in 2016 (FierceHealthIT) Security threats have increased despite healthcare organizations expanded efforts to educate workers on the risks; security is a process that's never finished, Boston-based Beth Israel Deaconess Medical Center CIO John Halamka writes at his blog
Why Health Care Is Ill-Prepared for Cyber-Crime (CIO Insight) Stolen health-care records will command up to 10 times the amount of credit card information on the black market, but cyber-security spending remains scant
Why it is time to take the Internet of Things seriously (TechWorld) The Internet of Things is automating, connecting and streamlining business processes and systems across the board. Why aren't enterprises taking note?
When kids start getting hacked, it's time to wake up about cybersecurity (Washington Post) It was not an auspicious beginning to the holiday season
Marketplace
Banks Fear Cybercrime More than Regulators or Political Interference (Softpedia) During 2015, financial institutes have learned to fear cybercrime, reveals a recent survey carried out by Cyber Security Forum Initiative (CSFI) and PricewaterhouseCoopers (PwC)
Sophos Extends Next-Gen Endpoint Security Push With Purchase Of SurfRight (CRN) Sophos is diving deeper into next-generation endpoint security with the acquisition of SurfRight for $32 million — which partners say will add power to Sophos' new Security Heartbeat solution
Company behind anti-malware software HitmanPro sold to Sophos for €30 million (Myce) The company Surfright, best known for their malware scanner HitmanPro, has been sold to security hardware and software company Sophos
Dell, EMC Merger to Proceed After 'Go Shop' Period Ends (GovConWire) EMC (NYSE: EMC) and Dell are set to continue with their planned merger after the Massachusetts-based data storage company did not receive a "superior" alternative offer during a go-shop process
FireEye up 2.6% on bullish Evercore coverage (Seeking Alpha) Evercore has launched coverage on FireEye (FEYE) with a Buy rating and $39 target. The launch comes a day after shares closed within a dollar of a 52-week low of $19.76, after having tumbled on Friday amid a market rout
Anti-Malware Vendor Market Share Still Dominated by Microsoft (Softpedia) Once every quarter, OPSWAT releases a market study detailing the popularity of various anti-malware solutions currently available on the antivirus market. As in previous years, Microsoft's Security Essentials ranked above its competition
Skyhigh Networks opens European data centre to resolve Safe Harbour fears (Business Cloud News) Cloud security vendor Skyhigh Networks has opened a new data centre in Germany as it moves to strengthen its support of European customers and multi-nationals
Jonathan Aberman: Why Washington just might succeed at becoming the capital of cybersecurity (Washington Post) Everywhere I go these days, people are talking about cybersecurity and its ability to drive economic growth in the greater Washington region
HyTrust Named to SC Magazine's 'Innovator Hall of Fame' (BusinessWire) HyTrust Inc., the Cloud Security Automation Company, has just been named to SC Magazine's prestigious Innovator Hall of Fame
Tor Project's new director faces big challenges in reaching broader public (Naked Security) After a many-months-long search for a new executive director, the Tor Project announced last week that it has hired Shari Steele, former head of the Electronic Freedom Foundation (EFF), to lead the organization
Products, Services, and Solutions
Invincea Introduces Advanced Threat Protection for Windows 10 and Windows Server (Marketwired) Invincea, the leader in advanced endpoint threat protection, today announced the company's flagship Invincea Advanced Endpoint Protection software for Windows 10 and Windows Server platforms
CyberCompEx Meets Goal of 1,000+ Members by Close of 2015 (US Cyber Challenge) Today, CyberCompEx, the premier online social network for cybersecurity enthusiasts, met its goal to acquire over 1,000 members by the end of 2015 and registrations show no sign of letting up
Tenable Network Security Launches Complimentary Global On-Demand Training to Help Organizations Secure IT Infrastructure Faster and More Completely (BusinessWire) New online courses for Nessus and SecurityCenter give customers and partners an advantage in today's threat landscape
Oracle's SPARC M7 chip is fighting cyber crime from the processor level (Inquirer) How Oracle is taking security into its own hands
Proofpoint Launches Industry's First Instagram Security Solution (CNN Money) Proofpoint, Inc., (NASDAQ:PFPT), a leading next-generation cybersecurity company, today announced the first solution that automatically identifies Instagram security threats, compliance violations and inappropriate content for removal. Proofpoint SocialPatrol™ performs advanced analysis of images, text and text embedded within images, enabling brands and compliance-aware organizations to monitor and eliminate posts and comments
Technologies, Techniques, and Standards
Executive Insights on Application Security (DZone) For the DZone Guide to Application Security, we gathered insights from IT executives around the state of software security
Is Hadoop secure enough for the enterprise? (Help Net Security) An ever-increasing number of organisations are turning to big data to gain valuable insight that can be immediately acted on to increase revenue, lower operating costs, or mitigate risk
6 Steps to Secure Networks as You Innovate Construction Management Systems (For Construction Pros) The most-common factor limiting contractors' technology adoption is very likely lack of budget
Security's Last Refuge of Scoundrels: Infrastructure Upgrades (Security Week) For the past 30 years, the entire computing industry has lived through well-understood upgrade cycles
How hacking hurts your website's ranking in search results (Search Engine Watch) When your website's down, it takes your search rankings down too
Maximum security: Essential tools for everyday encryption (InforWorld via CSO) Thanks to technical advances and increased adoption, securing your data and communications is a lot easier than you might think
5 Tips to Minimizing the Risk of Getting Your Site Hacked (Business 2 Community) Just getting online is a big deal for any small business today
Advent tip #15: Set your Facebook so you can't be searched for by phone number or email (Naked Security) By default, anyone can look you up on Facebook via your email address or phone number. You can change your privacy settings to limit who's able to search for you. Here's how
Design and Innovation
For cyber security, machine learning offers hope beyond the hype (Gigaom) As businesses wind down for the holiday period, they'll need to keep their cyber defenses up
How Questions About Terrorism Challenge Bitcoin Startups (Forbes) In light of the recent attacks in Paris that led to the deaths of 129 Parisians, the European Union (EU) and other international powers, including the United States and Russia, have been gathering to discuss how to curb the threats of terrorism, specifically ISIS or ISIL
Research and Development
SnoopWall Receives Extensive Personal Computing & Mobile Security Patent (Digital Journal) SnoopWall, Inc., the world's first counterveillance security company, has been granted another strategic U.S. Patent for "Securing Data Gathering Devices," such as PCs, tablets, laptops, netbooks, notebooks, internet of things (iOT) devices and, most importantly, Smartphones Read more: http://www.digitaljournal.com/pr/2775111#ixzz3uOuz8oso
DHS Calls on Small Business Community for 'Internet of Things' Security, Prototype Tech Program (ExecutiveBiz) The Department of Homeland Security's science and technology directorate plans to use a potential five-year, $20 million contract vehicle to encourage technology startups and small businesses to compete for government contracts
Work Outlines Key Steps in Third Offset Tech Development (Defense News) The Pentagon hopes to use the next year as a testing ground for the theories behind the Third Offset strategy to lay the groundwork for the next 25 years of American dominance, Deputy Secretary of Defense Bob Work said Monday
Academia
Arab Universities Are Vulnerable to Cyber-Attacks, Experts Say (Al-Fanar Media) Arab universities need better protection from the risks that the digital age has brought with it, a new report and interviews with experts indicate
Legislation, Policy, and Regulation
E.U. set to agree new data privacy law with stiff penalties (Reuters via Business Insurance) A sweeping reform of fragmented laws governing the uses of personal data set to be agreed by the European Union on Tuesday will force companies to report privacy breaches to authorities or face stiff sanctions
Saudi Arabia announces 34-state Islamic military alliance against terrorism (Reuters) Saudi Arabia on Tuesday announced the formation of a 34-state Islamic military coalition to combat terrorism, according to a joint statement published on state news agency SPA
White House calls for feedback on encryption debate (FierceGovernmentIT) In response to a petition that garnered more than 100,000 signatures and urges the president to support strong encryption technologies, the White House called for public comments on the subject Dec. 8
We think encryption allows terrorists to hide. It doesn't. (Washington Post) If the FBI's reports are correct, encryption technology is making the world "go dark": making it difficult for its agents to collect information on potential criminals
Policy Repercussions of the Paris Terrorist Attacks (Schneier on Security) In 2013, in the early days of the Snowden leaks, Harvard Law School professor and former Assistant Attorney General Jack Goldsmith reflected on the increase in NSA surveillance post 9/11
Statecraft in Cyberspace (Cipher Brief) Does the cyber domain call for a fundamentally different framework for achieving international order in the 21st century, requiring statesmen to critically rethink the art of statecraft?
CBO: Port Cyber Info-Sharing Bill to Cost $37M Over 5 Years (ExecutiveGov) The Congressional Budget Office estimates that the implementation of the proposed Strengthening Cybersecurity Information Sharing and Coordination in Our Ports Act of 2015 would cost the government $37 million over a five-year period ending 2020
National Guard plans cyber surge over next 3 years (FierceGovernmentIT) By the end of fiscal 2019, the National Guard will have 13 more cyber units spread across 23 states, according to a plan announced by the Army last week. Army and Air Force are working together to train and equip the cyber forces who will operate on Defense Department and state government networks
Fiorina would retaliate for China, Russia hacks (The Hill) Republican presidential candidate Carly Fiorina would launch retaliatory cyberattacks against Russia and China if elected, she told Breitbart News on Monday
Litigation, Investigation, and Law Enforcement
EU takes counter-terrorism campaign to the frontlines (Politico) The European External Action Service sends terrorism experts to countries with a history of radicalism
U.S. Visa Process Missed San Bernardino Wife's Zealotry on Social Media (New York Times) Tashfeen Malik, who with her husband carried out the massacre in San Bernardino, Calif., passed three background checks by American immigration officials as she moved to the United States from Pakistan
Secret US Policy Blocks Agents From Looking at Social Media of Visa Applicants, Former Official Says (ABC News) The State Department today said that "obviously things went wrong" in the visa background check for one of the San Bernardino shooters — comments that came in the wake of an ABC News report that said officials by policy generally do not check social media postings of applicants due to civil liberties concerns and therefore would not have seen purported evidence of Tashfeen Malik's radicalization online
Germany arrests Islamist preacher on charges of recruiting militants (Reuters) A German Islamist preacher was arrested in Germany on Tuesday for recruiting fighters for a militant group in Syria and purchasing and delivering military equipment, the Federal Prosecutor's Office said
Maryland Man Accused of Tapping Money From ISIS Operatives for a U.S. Attack (New York Times) A Maryland man received at least $8,700 from Islamic State operatives overseas and planned to use the money to launch an attack in the United States as part of a pledge of loyalty to the militant group, prosecutors said on Monday
Ex-Illinois guardsman pleads guilty in Islamic State plot (AP via the Gazette) A former Illinois National Guard soldier pleaded guilty Monday to conspiring to provide material support to the Islamic State group
Congresswoman opens inquiry on DHS agent's efforts to disable Tor relays (FierceGovernmentIT) A lawmaker has launched an inquiry into reports that an agent with the Homeland Security Department prompted local law enforcement officers in New Hampshire to shut down a public library's Tor relay
Meet the new undisputed enforcer of cyberstandards (Washington Examiner) A legal bid to rein in the Federal Trade Commission's cybersecurity authority has ended in defeat for the business community, leaving the FTC as an undisputed enforcer of cyberstandards
British man arrested over VTech child data hack (ZDNet) A 21-year-old is suspected of being linked to the hack, which resulted in the theft of data related to over six million children
Government says convicted spy's information still top secret (AP via the Gazette) Most of the information convicted spy Jonathan Pollard had and passed along to Israel 30 years ago remains top secret and could gravely harm national security, a federal lawyer said Monday
Europol Arrests 12 Suspects Across Europe for Using Remote Access Trojans (RATs) (Softpedia) Europol has announced the arrest of 12 suspects in Operation Fallen sTAR, a campaign that seeks to denounce European citizens who misuse Remote Access Trojans (RATs) to commit cyber-crime
Group Accusing YouTube of Helping Hackers Has Ties to Film Lobby (Re/code) The group behind a study blaming Google's YouTube for helping Peeping Tom hackers failed to mention its connections to the film industry lobby, one of Google's biggest antagonists
How Chinese firm, ZTE, scammed Nigeria of $470m in security contract (Eagle) The Federal Government is currently gathering details on how to unravel alleged shady circumstances through which it was ripped off in a security contract awarded to ZTEL Corporation of China
Why Volkswagen Cheated (Newsweek) On December 10, Volkswagen Chairman Hans-Dieter Pötsch made a public admission: A group of the company's engineers decided to cheat on emissions tests in 2005 because they couldn't find a technical solution within the company's "time frame and budget" to build diesel engines that would meet U.S. emissions standards. When the engineers did find a solution, he said, they chose to keep on cheating, rather than employ it
Massive high school texting scandal results in… sanity! (Naked Security) This wasn't just a massive sexting scandal involving high school kids: this was a veritable collectibles franchise
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Program on Cyber Security Studies (PCSS) (Garmisch-Partenkirchen, Germany, Dec 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused, non-technical cyber security program that emphasizes and teaches senior key leaders how to best make informed decisions on cyber policy, strategy and planning within the framework of whole-of-government cooperation and approaches
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
cyberSecure (New York, New York, USA, Dec 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add value to your company and shareholders DURING and POST breach. Enter ALM cyberSecure. A unique professional event providing an all-encompassing view and the relationships necessary to protect enterprises during all phases, across all departments while keeping revenue on track