The CyberWire Daily Briefing 02.05.15
Today's big story is the data breach Anthem, Inc., the second largest health insurance carrier in the United States, disclosed last night. Nearly 80M individuals' records were compromised, and industry observers are saying the incident has the potential to be the largest insurance breach in history.
The attack is thought to have begun on December 8, 2014, with Anthem discovering and reporting "suspicious activity" on January 28, 2015. Anthem's CEO, Joseph R. Swedish, says there was "unauthorized access" to members' personal information including "names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data." He adds, "Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised."
Anthem has hired FireEye's Mandiant unit to investigate. The FBI is conducting a criminal investigation, and the Bureau praises how Anthem has handled the incident, calling it a model others might follow. (Wired pointedly asks whether the compromised data were encrypted, suggesting there might be a painful teaching example here as well.)
PawnStorm continues to attack iOS.
Sony says it expects to spend a total of $35M fixing its networks (about $15M of that will go to investigation and remediation).
The Anthem incident will reinforce the push, already underway, for the maturation of the cyber insurance market. It's also prompting renewed efforts in the US House to facilitate cyber threat information sharing.
Ross Ulbricht is found guilty in the Silk Road trial.
Notes.
Today's issue includes events affecting Australia, Canada, New Zealand, Thailand, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
From the Desk of Joseph R. Swedish President and CEO Anthem, Inc. (Anthem, Inc.) Anthem was the target of a very sophisticated external cyber attack. Based on what we know now, there is no evidence that credit card or medical information were targeted or compromised
Frequently Asked Questions: Learn more about the cyber attack against Anthem (Anthem, Inc.) Was my information accessed? Anthem is currently conducting an extensive IT Forensic Investigation to determine what members are impacted. We are working around the clock to determine how many people have been impacted and will notify all Anthem members who are impacted through a written communication
Health insurer Anthem hacked; data on millions of patients, employees exposed (Los Angeles Times) Health insurance giant Anthem Inc. said late Wednesday that hackers had breached its computer system and the personal information of tens of millions of customers and employees was possibly at risk
Health insurer Anthem hit by massive cybersecurity breach (Reuters) Health insurer Anthem Inc (ANTM.N), which has nearly 40 million U.S. customers, said late on Wednesday that hackers had breached one of its IT systems and stolen personal information relating to current and former consumers and employees
Massive breach at health care company Anthem Inc. (USA TODAY) As many as 80 million customers of the nation's second-largest health insurance company, Anthem Inc., have had their account information stolen, the company said in a statement
Breach of Health Insurer Exposes Sensitive Data of Millions of Patients (Wired) Apparently the data breaches of Target, Sony, Home Depot and a host of others weren't sufficient to convince Anthem to encrypt patient Social Security numbers
US health insurer Anthem suffers massive data breach (Help Net Security) Anthem, the second-largest health insurer in the United States, has suffered a data breach that may turn out to be the largest health care breach to date, as the compromised database holds records of some 80 million individuals
The Growing Problem of Medical Identity Theft (IBM Security Intelligence) Medical identity theft (MIT) has become a major fraud issue over the past several years. However, most consumers may not be aware of the threats it poses. Unlike traditional financial crimes such as credit card or check fraud, which rarely involves anything more than a loss of money, the consequences of MIT can involve physical harm or potential loss of life
Hackers Target iOS-Using Government Officials and Journalists in Pawn Storm Malware Attack (Intego) Last October, security researchers released detailed reports about how a criminal hacking gang, possibly backed by a foreign state, was targeting Western governments, military and the media in an operation called "Pawn Storm"
Banking Trojan Lurks Inside Innocent Fax Messages, Bitdefender Warns (Dark Reading) Threat uses server-side polymorphism technique to bypass antivirus software
CrowdStrike demonstrates how attackers wiped the data from the machines at Sony (CSO) While cyber attacks by nation-state adversaries have been taking place for years, in 2014 it became abundantly clear that every company — no matter the industry — is a potential target. The Sony breach was a wake-up call for all organizations: if you have valuable information, you are a target
Hack to cost Sony $35 million in IT repairs (CSO) Sony has put an estimate to the damage caused by the massive cyberattack against Sony Pictures Entertainment last year — US$35 million
Ransomware isn't a serious threat says threat intelligence firm (CSO) Emails containing malicious links are spreading under the pretense that they offer access to updated versions of Google's Chrome browser. But instead of a new browser, victims are being directed to copies of a Ransomware variant known as Critroni (CTB-Locker)
Hacked Hotel Phones Fueled Bank Phishing Scams (KrebsOnSecurity) A recent phishing campaign targeting customers of several major U.S. banks was powered by text messages directing recipients to call hacked phone lines at Holiday Inn locations in the south. Such attacks are not new, but this one is a timely reminder that phishers increasingly are using lures blasted out via SMS as more banks turn to text messaging to communicate with customers about account activity
How vulnerable is satellite broadband? (SC Magazine) Cyber communications are vulnerable to both cyber-attack and kinetic attacks on physical infrastructure, with satellites potentially at risk says new report
Security Patches, Mitigations, and Software Updates
Adobe Begins Patching Third Flash Player Zero Day (Threatpost) Adobe announced today that it will begin distributing a patch for the third and most recent zero-day vulnerability in Flash Player
Cyber Trends
Insurance, Finance Step Up Cybercrime Fight (InsuranceNewsNet) The insurance and financial industries are stepping up the fight against cybercrime by urging more intelligence sharing and warning companies of the growing risks
Shifting Paradigms: The Case for Cyber Counter-Intelligence (Dark Reading) Cyber Counter-Intelligence and traditional information security share many aspects. But CCI picks up where infosec ends — with an emphasis on governance, automation, timeliness, and reporting
Endpoint Security Has Grown More Difficult and Tedious (Network World) Enterprise organizations say that endpoint security is dependent upon too many vendors, products, and software agents
The real challenge of the Internet of Things (Help Net Security) More than 40 percent of organizations expect the Internet of Things (IoT) to transform their business or offer significant new revenue or cost-savings opportunities in the short term (over the next three years), rising to 60 percent in the long term (more than five years), according to Gartner, Inc. However, those surveyed said that many of their organizations have not established clear business or technical leadership for their IoT efforts
Marketplace
Cyber insurance becomes the new cost of doing business (FierceCIO) It's no secret that nearly all organizations have grown fearful of a data breach. And in many cases the greatest fears are those known to the company — business partners, external customers and internal employees
Army turns to commercial partners to keep ISR edge (C4ISR & Networks) Facing both shrinking research and development budgets and a need to adopt faster and more flexible ISR network technologies, such as software-defined networks (SDNs), the Army is now looking to its commercial partners for assistance in developing innovative solutions
Holland & Hart Represents Accuvant in FishNet Security Merger (PRWeb) Holland & Hart LLP represented long-standing client Accuvant in the successful closing of its merger with FishNet Security, which was announced Feb. 2
Elastica Honored as a 2015 Coolest Cloud Computing Vendor by CRN (MarketWired) Channel focused sales model providing partners with effective cloud application security solutions earns company recognition as a top 20 cloud security vendor
RSA Executive Chairman Art Coviello To Retire (CNN money) The Security Division of EMC (NYSE:EMC), today announced Art Coviello's decision to retire from his post as Executive Chairman of RSA and Executive Vice President of EMC for health reasons effective February 28, 2015. Through a transition period, Mr. Coviello will serve as strategic advisor to RSA President Amit Yoran, who will remain in his current role while also assuming Mr. Coviello's responsibilities
Products, Services, and Solutions
VMware NSX: A Cloud Pitch To Sell SDN (InformationWeek) Software defined networking is key to VMware's data center ambitions, so it's selling NSX-as-a-service through the vCloud Air public cloud
Wombat Security Technologies Offering New Customization Options for Security Awareness and Training Solutions (Marketwired) Wombat's unique customization features make it easier for companies to combat increasing cyber threats
ESET Announces New Encryption Capabilities for Channel Partners with DESlock+ for iOS (PRNewswire) Technology Alliance partner launches advanced encryption for iOS users
BitbyBit to deliver cyber risk management service with SecurityScorecard (Business-Cloud) BitbyBit have expanded their portfolio of services to the legal sector and will be demonstrating the SecurtyScorecard cyber-risk management service at LEGALTECH at the Hilton New York between 3rd and 5th February
Arbor Networks Partners with Zycko (Realwire) Leading network security provider expands EMEA Distribution Channels
eSentire Wins Hedge Find Managers Technology Awards (Morning Post Exchange) eSentire named best security solution and most innovative technology solution at HFM US Technology 2015 Awards
Promisec Launches Critical Upgrade to Endpoint Manager Product to Protect Against Advanced Cyber Threats (PRNewswire) PEM 4.10 addresses use cases from compliance thru cyber
iboss Network Security Raises the Bar for Advanced APT Defense (MarketWired) FireSphere delivers network traffic anomaly monitoring and detection to pinpoint unusual network behavior and prevent data exfiltration
Microsoft Outlines Security Protections Using Azure Active Directory (Redmond Magazine) Microsoft officials talked today about how the company's Azure Active Directory (AD) service is using machine learning to thwart cyberattacks
Rook Security Reaches New Heights in 2014 As Company Heats Up Managed Security and Advisory Services Landscape (BusinessWire) Proprietary solution integration and business-led approach protects Rook Security's clients against persistent cyberthreats
Core Security Partners With Singular Security (Marketwired) Core Security's vulnerability management solutions will help Singular Security customers "cut through the noise" and focus on true threats
Deloitte launches online Australian cyber intelligence centre (Computerworld) Centre will help Deloitte's clients deal with cyber security attacks 24/7
SolarWinds Continues to Simplify SIEM for Resource-Constrained IT Organizations (Marketwired via CNN Money) SolarWinds helps budget-conscious organizations address core security challenges with enhancements to SolarWinds Log & Event Manager for faster SIEM deployment, simplified correlation rules setup, and quick detection of advanced persistent threats and insider abuse
MobileIron's content security service provides security for data stored in employee's personal cloud (FierceMobileIT) Employees who use their personal devices at work often put their work documents in a personal cloud storage service. While this makes it easier to store and access the documents from their mobile devices, it opens up their firm to possible loss of sensitive corporate documents
MStar to Use Cryptography Research DPA Countermeasures to Ward Off Attacks in Set-Top Box Solutions (BusinessWire) Added security technologies protect tamper-resistant chips in digital home market
New Good for Samsung KNOX can squash Android security bugs before they infect the network (FierceMobileIT) With the influx of consumer-grade smartphones into the enterprise, IT departments are concerned that some operating systems are less secure than others. In particular, the Android OS, which operates most of the smartphones in the world, is the focus of malware developers and cybercriminals
Technologies, Techniques, and Standards
From Castles to Beer: A different approach to cyber security (Federal Times) In the 11th century, England witnessed an extensive castle building program by William the Conqueror who built some of the first castles made from stone. By the 13th century, the design of castles evolved to a "defense in depth" approach that included constructing a series of concentric walls around the castles. The concentric walls were designed to slow the invading forces and enable the early detection of the invaders
Who are the role models in cyberspace? (Help Net Security) Those of us of who are of a certain age learned how to live our life by playing with our toys — our cars, dolls and, of course, Star Wars action figures
Taxes in the cyber age: How to protect your identity this tax season (Consumer Electronic Net) New survey from Experian's ProtectMyID reveals risks consumers take when filing their taxes and how they can guard against tax-related identity theft
ThreatMetrix Cites Cybersecurity Strategies to Avoid Getting Stung by Cupid's Arrow Leading up to Valentine's Day (Virtual Strategy Magazine) ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced several strategies for consumers to stay protected against online dating fraud and e-commerce risks leading up to Valentine's Day
Research and Development
Security Innovation Challenges the Crypto Community to Defeat NTRU (PRWeb) Security Innovation is pleased to launch the "NTRU Challenge" this week. Offering more than $90K in cash prizes, Security Innovation affirms its commitment to securing their cryptosytem
Science and tech chiefs: Stop erosion of U.S. tech superiority (Navy Times) Science and technology chiefs for each service and the Defense Advanced Research Projects Agency urged a united effort with military, academia and industry to develop a "new technology offset" that will reverse the loss of technological superiority and overcome the resulting erosion of operational capabilities
Codebreaking Materials Devised by Turing Discovered (I Programmer) During restoration work at Bletchley Park, papers which had been stuffed between the roof rafters to act as insulation were discovered and found to include unique surviving examples of Banbury Sheets
Legislation, Policy, and Regulation
Big Brother is watching Thailand (CSO) I first read George Orwell's book, 1984 many years ago. I remember thinking that was such a horrible idea and it couldn't possibly come to pass. But, the more I read the news in the last year alone I see a shift taking place
US to unveil National Security Strategy tomorrow (Business Standard) Counter-terrorism experts are hoping the document will outline a robust, multi-pronged approach to fighting the Islamic State
The Vast Majority of the Government Lacks Clear Cybersecurity Plans (Brookings) The public and private sectors use information technology (IT) every day to monitor, manage, and simplify their daily operations. The omnipresence of these technologies has introduced new vulnerabilities
An Elite That Has Lost the Impulse to Police Itself (Atlantic) The DEA secretly instituted a mass surveillance program and almost no one objected, even after it was revealed
Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise (Intercept) The U.S., U.K. and Canadian governments characterize hackers as a criminal menace, warn of the threats they allegedly pose to critical infrastructure, and aggressively prosecute them, but they are also secretly exploiting their information and expertise, according to top secret documents
Defense nominee: US 'not where it should be' on cybersecurity (The Hill) The Defense Department's network security "is not where it should be," said Ashton Carter, the nominee for Defense secretary, during his Wednesday nomination hearing
SecDef Nominee: Cyber threats require holistic defense strategy (Federal Times) As cyberspace becomes an ever more integrated part of daily life, cybersecurity has become a central part of the national defense. Acknowledging this, Defense Secretary nominee Ash Carter was asked several pointed questions about cyber threats and creating a framework for appropriate responses to attacks
Full budget details on cyber, cloud, networks (C4ISR & Networks) The Defense Department's ongoing move to enterprise-wide IT services got a boost in the form of President Barack Obama's proposed 2016 defense budget, with the Pentagon's leading enterprise IT effort receiving more than a six-fold increase in spending
The Pentagon Wants To Expand Its Cyber Forces (Defense One) A $27 million proposal in the FY 2016 budget would fill the ranks of a burgeoning Cyber Command
Army makes first selections for cyber branch officer corps (Augusta Chronicle) The Army has selected the first officers it will train specifically to defend cyberspace
Security-Cleared Population Drops by 10% (Federation of American Scientists) The number of people who hold security clearances for access to classified information has been reduced by ten percent, the White House said in budget request documents released this week
Litigation, Investigation, and Law Enforcement
Canary Watch now legally tracks secret NSA and FBI national security data requests (Techspot) Most major internet services and social networks claim to be as transparent as possible regarding user privacy, but there are times when legal issues prevent them from doing so. Data requests from the likes of the NSA and FBI in many cases come along with stipulations that stop sites from disclosing details about what and when information is given to the government. But now a new site known as Canary Watch claims to have figured some of that out
Silk Road Creator Found Guilty of Cybercrimes (Wall Street Journal) Ross Ulbricht convicted in case over Internet warketplace that sold illegal goods
The utterly crazy story of the death threat hacker (involves a cat) (We Live Security) Brace yourself, as this is one of the weirdest and most bizarre computer virus-related stories that I have ever heard
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Symantec Government Symposium: Secure Government: Manage, Mitigate, Mobilize (Washington, DC, USA, Apr 15, 2015) The annual Symantec Government Symposium is a one-day event attracting 1,500 government IT security and management professionals. The event is designed to facilitate peer-to-peer dialogue on the challenges facing today's government leaders. This year, former FBI Director Robert Mueller will deliver the keynote address, and the program will also feature sessions on CDM, risk management, security intelligence, secure app management, cyber legislative priorities, and much more. The theme of the 2015 Symposium is "Secure Government: Manage, Mitigate, Mobilize"
Apple Security Talks & Craft Beer (Laurel, Maryland, USA, May 8, 2015) The world's first security summit held at a production brewery. Join some of the world's best Apple security researchers as they talk about iOS, OS X, Apple hardware and other Apple-related security topics at the first computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and some drink tickets for happy hour. Oh, and it includes a seat at the Security Summit to partake in the talks and discussion. Come participate in the talks, the conversation, and the beer!
7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety of talks and hands-on training. The 7th International Conference on Cyber Conflict (CyCon 2015) held on 27-29 May 2015 in Tallinn, Estonia, will focus on the construction of the Internet and its potential future development. This year's topic — "Architectures in Cyberspace" — asks what cyberspace is and will be in the coming years as well as what are its characteristics relevant for cyber security
Upcoming Events
Cyber Threat Intelligence Summit (Washington, DC, USA, Feb 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities
ICSS 2015: International Cyber Security Strategy Congress (Leuven, Belgium, Feb 4 - 5, 2015) ICSS2015 will present the latest developments and thoughts in the field of cybercrime and cybersecurity and will be a unique gathering of cybercrime experts from all over the world. The objective of the conference is to present the challenges, visions and strategies, state-of-the art and perspectives in the area of information and network security, cyber risk management as well as cyber forensics to a wider audience from public and private sector as well as academia. Experts from the police, Cybercrime Centres of Excellence and magistrates from every European member state have been invited with the support of the EU. Many more professionals dealing with the topic are expected in Leuven, which will account for a fruitful exchange of knowledge and expertise
Suits and Spooks (Washington, DC, USA, Feb 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person
Nullcon 2015 (Goa, India, Feb 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats
Salt Lake City Tech-Security Conference (Salt Lake City, Utah, USA, Feb 5, 2015) The Salt Lake City Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately. To register for this conference, click on the link in the left column. Your registration will include your breakfast, lunch, conference materials and entrance into the conference sessions and exhibit area. Scroll down to view the full conference agenda
ICISSP 2015 (Angers, Loire Valley, France, Feb 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, such as methods to improve the accuracy of data, encryption techniques to conceal information in transit and avoid data breaches, identity protection, biometrics, access control policies, location information and mobile systems privacy, transactional security, social media privacy control, web and email vulnerabilities, trust management, compliance violations in organizations, security auditing, and so on. Cloud computing, big data, and other IT advances raise added security and privacy concerns to organizations and individuals, thus creating new research opportunities
Tax benefit, Catalyst Fund and other financial Incentives for Small Businesses (Columbia, Maryland, USA, Feb 10, 2015) Rescheduled. Meet the experts! Tax incentives, credits and loans available for small businesses. Learn the details: How to apply for Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax Credit, Maryland Small Business Financing Authority and the Catalyst Fund Manager
2015 Cyber Risk Insights Conference — London (London, England, UK, Feb 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout the world. Privacy remains a key concern, but increasingly board members, corporate executives and risk professionals are focusing on a broader array of cyber-related risks. These include industrial espionage and various operational risks, including business interruption and contingent business interruption. Mark your diary for Advisen's 4th Annual Cyber Risk Insights Conference in London on Tues 10 Feb 2015. Graeme Newman of CFC Underwriting is the 2015 Conference Chairman. Sponsors include Swiss Re Corporate Solutions, Willis, and Epiq Systems
AFCEA West 2015 (San Diego, California, USA, Feb 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
Cybergamut Technical Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, Feb 17, 2015) Workshop Description: This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified. The workshop will be presented by Ryan Harvell of OPS Consulting and Marcelle Lee of Anne Arundel Community College CyberCenter
DEFCON | OWASP International Information Security Meet (Lucknow, India, Feb 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading awareness regarding the field of Information Security and OWASP Lucknow is a chapter of OWASP Community
10th Annual ICS Security Summit (Orlando, Florida, USA, Feb 22 - Mar 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools and techniques you can put to work immediately when returning to your office. The summit will allow you to learn from industry experts on attacker techniques, testing approaches in ICS, and defense capability in ICS environments
Workforce Development Forum — CyberWorks Information Session (Baltimore, Maryland, USA, Feb 24, 2015) Are you a technology company that would like to actively participate in growing the right candidates for your open IT and cybersecurity positions? Are you a job seeker interested in pursuing a career in IT/cybersecurity who would benefit from business mentorship and hands-on practical work experience? If you said yes to either question please join us at the upcoming CyberWorks information session to learn how you can benefit from this innovative program. CyberWorks is an industry-led, workforce development program designed to help Maryland companies fill their cybersecurity needs with qualified candidates, while simultaneously helping individuals start careers and improve Maryland's economy
Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, Feb 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals together to discuss security and connected devices. Purpose: Convene the leading industry, government, and academia leaders. Chief Objective: Influence professionals from the most innovative and influential organizations in the world will meet to unravel the relationship between the connected society and cybersecurity
NEDForum: Cyber Network Exploitation and Defence: "Darknet & the Primordial Soup of Cyber Crime" (Edinburgh, Scotland, UK, Feb 27, 2015) Speakers will cover such topics as: "Fear and loathing on Darknet," (Greg Jones, Managing Consultant, Digital Assurance), "Securing the internet of everything" (Rik Ferguson, Global Vice President Security Research, Trend Micro), and "Is your organisation setup for success in security?" (Patrick Brady, Independent Consultant)