The CyberWire Daily Briefing 12.28.15

Cyber Trends

The Cloud's Biggest Threat Are Data Sovereignty Laws (TechCrunch) The beauty of the cloud is the promise of simplification and standardization — without regard to physical or geographic boundaries. It's this "any time, any place, any device" flexibility that is driving rapid adoption

Why Hacking Is An Integral Part Of The Future Of The Internet (Forbes) As I write this article, a group calling themselves The Phantom Squad have declared that they intend to take down both the Xbox Live and Playstation PSN networks on Christmas Day, and sustain the attack for a week

Cyber security in 2016: Cyber extortion, data breaches and legal reform (V3) A lot has changed in the security industry over the past 12 months, including a rise in cyber attacks against high-profile firms, the genesis of global cyber peace deals and the harsh realisation that no-one is safe from online threats

ESET predictions and trends for cybercrime in 2016 (We Live Security) It?s that time of the year when the information security industry takes part in its annual tradition: coming up with cybercrime predictions and trends for the next 12 months

Five Cybersecurity Trends to Watch in 2016 (Xconomy) To no one's surprise, cybersecurity continued to be a key area of concern and struggle among organizations of all sizes in 2015

Threatposts's 2015 Year in Review (Threatpost) With 2015 more or less in the rear view mirror Mike Mimoso and Chris Brook discuss the year in security: Wassenaar, ransomware, Carbanak and Equation Group,how big of a deal Stagefright was, that Juniper backdoor, and more

Cyber siege: What businesses should learn from 2015's hacks against TalkTalk, Carphone Warehouse and Wetherspoons (City A.M.) We will remember the past year in IT security as yet another in which cyber-attackers have got the better of major organisations, from the US government?s HR agency, the Office of Personnel Management (OPM) and health insurance giant Anthem over in the States, Hong Kong-based toy manufacturer VTech and Japanese-owned Hello Kitty brand, through to some of our best-known British brands, such as TalkTalk and J.D.Wetherspoons

Security Vendors Report Uptick in Whaling, Phishing Scams (Dark Reading) Expect to see an increase in attempts by cyber crooks to trick businesses and individuals to part with their money say Mimecast, Kaspersky Labs

The Year's 11 Biggest Hacks, From Ashley Madison to OPM (Wired) Every year hack attacks seem to get worse — whether in their sophistication, breadth, or sheer brazenness. This year was no different

The Worst Hacks of 2015 (Motherboard) Last year we witnessed some of the most shocking cyberattacks ever, with North Korea allegedly hacking Sony over the release of a dumb comedy movie to unknown hackers spilling the private nude pictures of dozens of celebrities. For some, it was the year hacking truly became the norm

What MacKeeper, Bitdefender, and Hello Kitty Have in Common (Tech.co) Leakage of sensitive and personal information happens on a weekly basis, and quite a lot of such cases have become very resonate

What does a cyber criminal look for in a potential target? (Yahoo! Finance) Most people are aware of how important being secure online is, but a recent report shows that not everyone perceives that threat equally

Don't expect comprehensive IoT security standards — ever (FierceITSecurity) The IoT market is moving at a fast pace, and that means vendors that are developing new products and services throughout the ecosystem are using their own security mechanisms — or in some cases none at all

Top 10 Reasons To Invest In Cyber Security (DDoS Today) Cyber attacks and major cyber crimes are happening on a daily basis. The frequency of the attacks is increasing fast and those who attack are getting more sophisticated by the day. Cyber attacks have undergone substantial changes and are increasingly difficulty to counteract as the attackers? technology advances

Legislation, Policy and Regulation

Russia, Taliban share intelligence in fight against ISIS (CNN) Russian President Vladimir Putin is turning to an old enemy — the Taliban — to share intelligence as the number of ISIS fighters grow in regional neighbor Afghanistan

New Chinese law takes aim at encryption (ITWorld) If requested, service providers must help the government decrypt content

ISIS Influence on Web Prompts Second Thoughts on First Amendment (New York Times) It is one of the most hallowed precepts in modern constitutional law: Freedom of speech may not be curbed unless it poses a "clear and present danger" — an actual, imminent threat, not the mere advocacy of harmful acts or ideas. But in response to the Islamic State’s success in grooming jihadists over the Internet, some legal scholars are asking whether it is time to reconsider that constitutional line

Manhattan DA: Smartphone Encryption Foiled 120 Criminal Cases (Daily Beast) Crooks and terrorists know: Everything on their late-model smartphones is encrypted. Could one small change both preserve privacy and help cops?

How to unite privacy and security — before the next terrorist attack (Washington Post) This month it was revealed that the Paris attackers used hard-to-monitor, encrypted applications to coordinate their acts of terrorism, a reminder that we face an enemy that is difficult to find and adapting quickly

US military drafting 'new narrative' for ISIS war (The Hill) The U.S. military is seeking to craft a "new narrative" for the war against the Islamic State in Iraq and Syria (ISIS), in part to push back on the growing perception that President Obama does not have a strategy

White House promotes whole-of-nation cyber deterrence strategy (Defense Systems) Following criticism from lawmakers regarding the lack of a cyber deterrence strategy, the Obama administration recently presented its view on the matter to relevant congressional committees, recommending an across-the-board approach to defending against threats

Is the Cybersecurity Act really government spying in disguise? (Christian Science Monitor Passcode) The Cybersecurity Act of 2015, signed by President Obama last week, promises to expand information sharing on digital threats between the private sector and government. Critics, however, call it privacy-killing surveillance legislation

A Practical Path To Cybersecurity (Forbes) In October, the Senate passed a controversial new bill called the Cybersecurity Information Sharing Act (CISA)

Senate looks to beef up network security (The Hill) The Senate is looking to ramp up its network's cyber defenses

DHS rings its privacy policy bell in 2015 (Federal News Radio) The past 12 months were the year of the cyberattack. Government agencies, infrastructure, private companies and citizens were all impacted by cyber breaches

New Freedom of Information Act Request Documents Released by ODNI (IC on the Record) The Office of the Director of National Intelligence is one of seven federal agencies participating in a pilot program to make records requested via the Freedom of Information Act more readily available to the public, as reflected in the recently released Third National Action Plan for Open Government

BITS President: Cyber Guidance Confuses CISOs (BankInfoSecurity) Chris Feeney on why regulators, agencies need to avoid conflicting advice

Cyber risk is the primary issue that calls for immediate attention: IOSCO (Hindu Business Line) Cyber risk has emerged as the number one systemic risk, according to Tajinder Singh, Deputy Secretary General, International Organisation of Securities Commissions (IOSCO). IOSCO is the international policy forum for securities regulators

Paranoid: North Korea's computer operating system mirrors its political one (Reuters) North Korea's homegrown computer operating system mirrors its political one, according to two German researchers who have delved into the code: a go-it-alone approach, a high degree of paranoia and invasive snooping on users

Kevin Nally Joins US Secret Service as CIO (ExecutiveGov) Kevin Nally, a retired brigadier general and former chief information officer of the U.S. Marine Corps, has joined the U.S. Secret Service as CIO, FCW reported Wednesday

Products, Services, and Solutions

IBM Shares Threat Intelligence Through App Exchange, QRadar (VAR Guy) Companies generally agree that sharing threat intelligence helps to improve everyone?s cybersecurity posture, but some companies are hesitant to do it for fear of giving away too much information

Hillstone Networks Launches CloudEdge to Protect AWS Environments (VAR Guy) Amazon Web Services (AWS) users now have another alternative for protecting their infrastructure with the release of CloudEdge, a virtual firewall solution from network security solution provider Hillstone Networks

Technologies, Techniques, and Standards

Disclose: how soon after a breach should you disclose? (It Security) The recent hack of the UK telecoms company TalkTalk highlights a vexing problem for CISOs: how quickly — and indeed to what extent — should you disclose a breach

Data Breach (Inside Counsel) For many general counsel, a nightmare scenario might be waking up to a phone call alerting them that the organization?s data systems have been breached

The Importance of Effective Oversight for Third-Party Risk (RSA Blog) According to Deloitte, there are three main factors that have led to an increased focus on third-party risk in recent years

Malfunctioning Malware (Internet Storm Center) Malware is software. Thus it contains bugs. And like software, sometimes when deployed "in production", it does not work

For Enterprise Cybersecurity, Think Modern Metropolis, not Fortress (Infosecurity Magazine) Once upon a time, cybersecurity was like a bank vault

Protect Your Privacy & Security on the Internet With These Tools (TechCrunch) All across the web companies are collecting information about you whether you like it or not

Advent tip #24: The Big One! (Naked Security) You're allowed to have offline time over Christmas, so we're not giving you a new Advent tip today

Marketplace

Cybersecurity Market Reaches $75 Billion In 2015; Expected To Reach $170 Billion By 2020 (Forbes) In October, The Business of Cybersecurity: 2015 Market Size, Cyber Crime, Employment, and Industry Statistics promised Forbes readers a December follow up. Part II is here, with a recap on cybersecurity spending in 2015 and projections for market growth over the next five years

Why Tech Companies Must Market Their Security Protection In 2016 (Forbes) In 2016, IT security will be more important than ever before

Microsoft's 2015 Acquisitions: Mobile, Analytics, Security (InformationWeek) Microsoft bought a lot of companies during 2015. What were they, and what did they bring to the tech giant?

Microsoft Cybersecurity Centre in Gurgaon to "Protect India's Critical Infrastructure" (Gedgets 360) Some believe the next big war will be fought in the digital world, and even today, some of the greatest threats that governments and other organisations around the world face are in the form of cyberattacks

Palantir Has Raised $880 Million At A $20 Billion Valuation (TechCrunch) Palantir, the data analytics platform used by government agencies and law enforcement pocketed $880 million in new funding, according to a filing from the Securities and Exchange Commission out today

Dell's subsidiary SecureWorks files for IPO (Oceanside Post) Dell acquired SecureWorks in 2011 for $612m. The placeholder value of the IPO has been kept at $100 million, but this may change after the registration fee is taken into account

SecureWorks IPO Brings Marginal Added Value To Investors (Amigo Bulls) Dell is making its cybersecurity arm, SecureWorks, public to finance a portion of the EMC deal. SecureWorks presents impressive top-line growth but a very disappointing bottom line for a 17-year-old company. SecureWorks IPO does not offer investment opportunities over other players in the cybersecurity space

Security Patches, Mitigations, and Software Updates

Microsoft mistakenly disables macros, other customizations with Word 2016 update (FierceCIO) Microsoft admitted pushing out an update for Word 2016 that prevents customizations, such as macros, autotext entries and styles, from loading

Microsoft accused of releasing 'worst patch yet' for Windows 10 (spoiler: it's not true) (ZDNet) In an all-too-typical pattern, InfoWorld accused Microsoft of releasing a horribly flawed, data-destroying security update for Windows 10, KB3124200. There's only one small problem: That update does no such thing. Is it too much to ask tech reporters to gather some facts before hurling accusations?

Cyber Attacks, Threats, and Vulnerabilities

Anonymous takes credit for massive cyberattack on Turkey (The Hill) Hacking collective Anonymous is claiming responsibility for a slew of cyberattacks on Turkey's Internet that took down hundreds of thousands of the country's websites

Turkish Internet servers reeling under huge cyber attack (Ahram Online) Turkish Internet servers are suffering a powerful cyber attack, slowing banking services and fanning fears that it could be a politically motivated attack from abroad

Cyber threat could drag on and haunt Turkey, experts warn (Today's Zaman) A potential wave of renewed cyber attacks on Turkey's national ".tr" domains is likely as there are fears a recent attack that has disrupted many public and private servers will evolve into what is called spam zombie networks and strike again

Turks wonder what is next as cyber attack hits gov't sites, banks (Sunday's Zaman) As a two-week-long intense cyber attack continues to disrupt Turkey's national ".tr" domain, some security experts have warned that more could follow, targeting the country's transportation, stock index and government infrastructure

Anonymous Claims To Avert Possible Terrorist Attack On Italy (HackRead) The online hacktivist Anonymous claimed to have averted a terrorist attack in Italy planned by the so-called Islamic State (ISIS) or Daesh terrorist group

Austin business' website hacked by pro-ISIS group (KVUE) An Austin health spa?s website is back up and running after getting shut down by a terrorist group supporting ISIS

ISIL leader says 'caliphate' well, mocks Saudi-led alliance (USA Today) The Islamic State group on Saturday released a new message purportedly from its reclusive leader, claiming that his self-styled "caliphate" is doing well despite an unprecedented alliance against it and criticizing the recently announced Saudi-led Islamic military coalition against terrorism

Security Experts and Officials Diverge on ISIS as Hacking Threat (New York Times) George Osborne, the British chancellor of the Exchequer, said in a speech last month that Islamic State militants were trying to develop the ability to carry out digital attacks on critical systems, like hospitals, air traffic controls and power plants

Iranian Hackers Claim Cyber Attack on New York Dam (CNBC) An Iranian hactivist group has claimed responsibility for a cyberattack that gave it access to the control system for a dam in the suburbs of New York — and intrusion that one official said may be "just the tip of the iceberg"

Astorino Wants Answers On Iranian Hack Security Breach In Westchester (Bronxville Daily Voice) Westchester County Executive Rob Astorino issued a call to action within the Department of Homeland Security after learning about a cyber terrorist threat at the Bowman Avenue Dam in Rye in 2013 just two days ago

Homeland Security: No Comment on Rye Bowman Sluice Gate Breach SECURITY: (My Rye) Department of Homeland Security spokesman S.Y. Lee told MyRye.com the DHS has "no comment on the alleged incident" - referring to reports of Iranian hackers breaching the sluice gate controls of Bowman Dam

Is the U.S. ready for the cyber-attack that's sure to come? (Staten Island Live) Is America being targeted for a cyber Pearl Harbor? There is real concern that an attack via the Internet could devastate the U.S. power grid

New York dam hack underscores threat for connected utilities (Christian Science Monitor Passcode) The ability for hackers to penetrate the network at a small dam in New York reveals the risk of more utilities managing facilities via cell networks and the Internet

Juniper ScreenOS SSH / Telnet Authentication Backdoor (Tenable Network Security) An account on the remote host uses a known password

Researchers Say the Juniper Hack Could be the Work of Government — But Which One? (Fast Company) The Federal Government has reportedly joined the investigation of the hack — which experts say could be the work of spies here or abroad

Juniper Networks Spy Code Story Continues (Argyle Free Press) New developments have occurred regarding the discovery of Juniper Networks spy code in its ScreenOS, that took place last week

NSA hacked Juniper's firewall software — Snowden Leaks (TechWorm) Snowden leaks — NSA helped GCHQ spies find vulnerabilities in Juniper firewalls

Honeypot Trap Suggests NSA Monitoring Associated With Juniper Breach (EMQ Tech) As the final days before Christmas wind down many have been focused on family affairs and wrapping those last couple of presents before Santa's fated visit but security researchers and crypto experts at Juniper NetScreen have been scrambling the last few days to remedy a backdoor hack for they VPN firewalls

NSA suspected in Juniper firewall backdoor mystery, but questions remain (ZDNet) Putting backdoors in encryption isn't looking like such a great idea, after Juniper, a major provider of security networking equipment, falls victim to a suspected nation-state attack

Steam security issue exposes users' personal information (Verge) It's the middle of Steam's big winter sale, which means a huge number of people are browsing, buying, and playing games right now on the platform

LiveStream tells users to reset passwords, after possible data breach (Graham Cluley) Video live streaming platform LiveStream is warning customers that account information, including names, dates of birth, phone numbers, email addresses and encrypted passwords may have been accessed by unauthorised party

Ten Months After Being Taken Down, Ramnit Botnet Returns (Softpedia) At the end of February 2015, Europol in collaboration with multiple security vendors sinkholed the C&C servers of the Ramnit botnet, used for financial fraud

Aethra botnet made up of 12000 Italian devices threatens businesses (Security Affairs) Earlier this year experts at VoidSec discovered the Aethra botnet made up of 12000 Italian devices targeting businesses in various industries

Gootkit banking Trojan jumps the Channel (Proofpoint) First documented in mid-2014 [1], the Gootkit banking Trojan appeared to focus solely on customers from several French banks

Hyatt warns of malware on its payment-processing system (AP) Hyatt Hotels Corp. says it found malicious software on the computer system that processes customer payments, raising the possibility that hackers may have obtained credit card numbers or other sensitive information

Poor security decisions expose payment terminals to mass fraud (IDG via CSO) Cryptographic key reuse is rampart in European payment terminals, allowing attackers to compromise them en masse

Kean University website hacked three times, shut down for days (Union News Daily) Algerian hacker posts expletive-laced condemnation of United States of America; calls for free Palestine

Cyber attack shuts down Rutgers online classroom site (NJ.com) Rutgers University's computer network was attacked on Thursday for the sixth time over the past three college semesters

'Tis the Season for a Law Firm Scamming (American Lawyer) Just in time for Christmas, another law firm is being used in a phishing scam by hackers trying to dupe people into giving up bank account information or click on nefarious links

Litigation, Investigation, and Enforcement

Security Breach Prompts Shake-Up at Israel Missile Defense Office (DefenseNews) A "serious information security violation" forced Israel's Defense Ministry on Sunday to terminate Yair Ramati as head of the Ministry's Israel Missile Defense Organization (IMDO)

DHS not properly measuring effectiveness of cybersecurity framework outreach, GAO says (FierceGovernmentIT) The Department of Homeland Security failed to properly measure its promotion efforts of cybersecurity standards for critical infrastructure, according to the Government Accountability Office

Why cyber crime is so hard to investigate (San Diego Union-Tribune) San Diego's military, biotech and defense contractors make it constant target

NSA, FBI ask judge to dismiss Utah Olympic spying lawsuit (Deseret News) The FBI and National Security Agency have asked a federal judge to dismiss a lawsuit filed by a former Salt Lake City mayor who claims agencies conducted mass surveillance of emails, texts and phone calls during the city's 2002 Winter Olympics

Decade Old Software Bug Sets 3000 US Prisoners Free (HackRead) A software bug in Washington State Department of Corrections (DoC) has been handing freedom to the inmates well before their sentence was due to end — each year, over 3200 prisoners benefitted from this bug since 2002

Design and Innovation

Australian Securities Exchange is Likely to Integrate Blockchain Into Its Settlement System (Coinspeaker) The Australian Securities Exchange has unveiled it is considering the possibility of incorporating the blockchain technology to improve its clearing and settlement system

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

cybergamut Tech Tuesday: The Threat Landscape and the Path Forward: Fundamentals of a Risk-Aware Orgnaization (Elkridge, Maryland, USA, January 5, 2016) John McLaughlin of IBM Security provides a quantitative analysis of the attacks seen by IBM and the thousands of IBM customers in the preceding year. Specific attention will be paid to the protocols engaged, attack patterns, and trends seen in these attacks. In addition, these attacks are characterized by targets, time, and degree of success. Following the quantitative reporting, the remainder of the presentation focuses on an actionable plan for securing the enterprise. Simply describing the problem is no longer sufficient. This plan consists of a multi-step roadmap, a product independent approach to securing the enterprise against the previously described attack vectors

cybergamut Tech Tuesday: The Threat Landscape and the Path Forward: Fundamentals of a Risk-Aware Organization (Elkridge, Maryland, USA, January 5, 2016) John McLaughlin of IBM Security provides a quantitative analysis of the attacks seen by IBM and the thousands of IBM customers in the preceding year. Specific attention will be paid to the protocols engaged, attack patterns, and trends seen in these attacks. In addition, these attacks are characterized by targets, time, and degree of success. Following the quantitative reporting, the remainder of the presentation focuses on an actionable plan for securing the enterprise. Simply describing the problem is no longer sufficient. This plan consists of a multi-step roadmap, a product independent approach to securing the enterprise against the previously described attack vectors

CES CyberSecurity Forum (Las Vegas, Nevada, USA, January 6, 2016) Premiering at CES 2016 — the global stage for next generation technologies — The CyberSecurity Forum will bring together security experts and technology visionaries with executives and policymakers to tackle current and looming cyber security challenges. Registration is limited to ensure a highly interactive experience and opportunities for networking

FloCon 2016 (Daytona Beach, Florida, USA, January 11 - 14, 2016) The FloCon network security conference provides a forum for large-scale network flow analytics. Showcasing next-generation analytic techniques, FloCon is geared toward operational analysts, tool developers, researchers, and others interested in applying the latest analytics against large volumes of traffic

Cyber Security Breakdown: Chicago (Chicago, Illinois, USA, January 12, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals

Breach Planning & Incident Response Summit: Proactive Collaboration Between Private Industry and Law Enforcement to Mitigate Damage (Odenton, Maryland, USA, January 12, 2016) The Cybersecurity Association of Maryland, Inc.(CAMI), Chesapeake Regional Tech Council, Maryland Chamber of Commerce, Chesapeake Innovation Center, Tech Council of Maryland are partnering together to host this event designed to attract and educate CIO's, CISO's, CEO and Compliance officials from small to mid-sized commercial firms on the practical actions taken by the government, firms and organizations post-hack

Insider Threat Program Development Training Course — Georgia (Atlanta, Georgia, USA, January 12 - 14, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation

FTC PrivacyCon (Washington, DC, USA, January 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer advocates

POPL 2016 (St. Petersburg, Florida, USA, January 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome, on topics ranging from formal frameworks to experience reports

Automotive Cyber Security Summit — Shanghai (Shanghai, China, January 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards and new products and solutions designed to deal with the growing threats

CyberTech 2016 (Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with the latest innovations and solutions featured by the international cyber community. The conference's main focuses are on networking, strengthening alliances and forming new connections. Cybertech also provided an incredible platform for Business to Business interaction

Global Cybersecurity Innovation Summit (London, England, UK, January 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures, national security and economic interests. Our objective is to advance innovation and the growth of the cybersecurity sector by providing a platform for cybersecurity businesses, particularly small and medium enterprises (SMEs), to connect with key UK, US, and international decision makers, system integrators, investors, government policy makers, academia and other influential business executives

Fort Meade IT & Cyber Day (Fort Meade, Maryland, USA, January 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products and services to IT, Communications, Cyber and Intelligence personnel

ESA 2016 Leadership Summit (Chandler, Arizona, USA, January 31 - February 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and practices stay ahead of the curve. The Summit is a three-day conference filled with networking and educational opportunities dedicated to delivering business intelligence to electronic security companies and professionals that are ready to embrace innovation and grow

SANS Cyber Threat Intelligence Summit & Training 2016 (Alexandria, Virginia, USA, February 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and discuss directly with the experts who are doing the CTI analysis in their organizations. What you learn will help you detect and respond to some of the most sophisticated threats targeting your networks