The CyberWire Daily Briefing 02.09.15

Cyber Trends

DARPA: Cyberattacks against US military 'dramatically increasing' (The Hill) The head of the Defense Advanced Research Projects Agency's software innovation division said in an interview broadcast Sunday night that cyberattacks against the U.S. military are increasing in frequency and sophistication

Top 5 Malware Trends on the Horizon (Tripwire: the State of Security) Over the past two decades, I've developed an intense fascination with malware

Cyber attacks are becoming more difficult to trace: Intel Security GM (The Hindu) In the consumer space, 38% of the attacks are from mobile adware: Young

Enterprises drag their feet on IoT leadership (FierceMobileIT) Despite all of the hype over the Internet of Things, few businesses have established clear leadership for their IoT plans

Poor mobile file-sharing products drive employees back to the office (FierceMobileIT) Employees are heading back to the office because of the difficulty using mobile file-sharing and collaboration products

2015 Global Audit Committee Survey (KPMG) Short of a crisis, the issues on the audit committee's radar don't change dramatically from year to year (and they probably shouldn't); but sometimes small shifts tell a big story

Factors Shaping Network Security at Enterprise Organizations (Network World) CISOs want network security that delivers security efficacy, operational efficiency, and business enablement

Varonis Could Have Prevented North Korea from Getting Sony CEO Fired (TechGuruDaily) That's what occurred to me when Amy Pascal the head of Sony Pictures was effectively fired earlier today

Legislation, Policy and Regulation

Bundesrat gegen Vorratsdatenspeicherung durchs IT-Sicherheitsgesetz (Heise) Der Bundesrat hat sich gegen eine Änderung im geplanten Regierungsentwurf für ein Gesetz zum Erhöhen der IT-Sicherheit ausgesprochen, mit dem Telekommunikationsanbieter einfacher Nutzerdaten sammeln könnten

UK government issues first definition of computer hacking by spies (Guardian) Code of practice sets out rules and safeguards surrounding use of computer hacking outside UK by security services

China supports Pyongyang's cyber warfare operations: U.S. expert (Arirang News) There's growing speculation that China has and continues to support North Korea's cyber warfare operations

Japan must improve intel so firms can prosper: NSA official-turned-CEO (Japan Times) With discussion on new security legislation being undertaken after two Japanese hostages were killed by the Islamic State group, a former official of the U.S. National Security Agency said Japan needs to build up intelligence, not just to respond to terrorism but to protect Japan Inc

US cyber coordinator: Cyber attacks play greater role in conflicts (Deutsche Welle) It's not just cyber threats from terrorists we should be worried about, says US cyber coordinator Christopher Painter. Germany and the US also have to cooperate on protecting a global, open Internet

Cybersecurity Coordinator: Don't 'Waste a Crisis' (GovInfoSecurity) Uses Anthem breach to promote Obama's legislative agenda

This Could be the End of User Name and Password (TIME) Anthem, J.P. Morgan hacks could lead to tougher online security

DHS shutdown could lower cyber defenses, experts warn (The Hill) A shutdown of the Department of Homeland Security (DHS) could leave federal and private networks more vulnerable to cyberattacks, former officials say

The US Intelligence Community Is Bigger Than Ever, But Is It Worth the Cost? (Defense One) The intelligence community has grown to an enormous size and Americans have no clue what they're paying for

US Cyber Command Has Just Half the Staff It Needs (Defense One) The Pentagon wants to fully staff its Cyber Command with 6,000 workers by the end of the year, but a highly competitive private market could mean it will have to wait

Products, Services, and Solutions

Kaspersky Total Security (PC Magazine) Typical security suite licensing plans let you install protection on up to three PCs. That was fine ten years ago, but the modern household tends to be more eclectic, device-wise. Kaspersky Total Security aims to protect all of your devices, not just PCs

Adware Medic Removes Macintosh Malware (Lifehacker) Although Macs don't often get malware, they aren't immune. If you don't have a good Mac antivirus program installed, or something slipped through, Adware Medic removes common nasties

FireEye Threat Intelligence (SC Magazine) FireEye Threat Intelligence is part of the overall FireEye suite of security products. It is, in fact, the primary intelligence component and is used to help drive other FireEye products providing active blocking at networks, endpoints and mobile devices

4 open-source monitoring tools that deserve a look (Network World) Network monitoring is a key component in making sure your network is running smoothly. However, it is important to distinguish between network monitoring and network management. For the most part, network monitoring tools report issues and findings, but as a rule provide no way to take action to solve reported issues

Technologies, Techniques, and Standards

Make sure your company isn't the next Anthem (CSO) Customers and employees trust businesses to protect their data, and businesses trust CSOs and CISOs to make sure the data is secure. Those in charge of protecting the network and defending sensitive information know that security cannot be guaranteed. It is simply a game of risk management

The cyber insurance cleanup crew: A look inside a data breach response team (FierceCIO) Later this month, Katherine Keefe expects to mark a very significant — and troubling — milestone. Her data breach response team at Beazley Insurance expects to investigate its 2,000th data breach

Threat Intelligence, Know Your Enemy and Yourself: Ken Westin Interview (Hacksurfer) This week we saw 2015's first mega breach. Anthem Inc., one of the countries biggest health insurers, was breached and up to 80 million clients' and employees' data was compromised in what will likely be the largest data breach ever disclosed by a healthcare company. Anthem detected the breach and reported it to the media, law enforcement, and past and present clients. At this time the company is still not sure how hackers were able to compromise their systems

How Can Threat Intelligence Play a Role in PCI 3.0 Compliance? (Cyveillance Blog) Many of the organizations we work with must comply with the Payment Card Industry Data Security Standards (PCI DSS) in some way, shape, or form to help safeguard cardholder information. Since the PCI Security Standards Council recently released a new version, PCI 3.0, which took effect January 1, we thought it was a good time to examine how threat intelligence can factor into your PCI compliance program

Why startups need to worry about hackers — and what you can do to protect your business (Financial Post) When companies ply their trade in the digital world, data is like bullion: If snatched out of the vault, it could lead to financial ruin

Guarding your Data against Cyber Attacks (Database Journal via Webopedia) There was a time not so long ago when the word "hacking" conjured up the image of fifteen-year-old writing viruses that presented a message like "You've been hacked by badboy45"

Thug-Vagrant (iTeam Developers) Thug-Vagrant provides a Vagrant configuration file (Vagrantfile) and shell script to automate the setup of a Thug honeyclient in a virtual machine. The need for this project comes from the lengthy and somewhat difficult installation procedure of Thug which can be discouraging

Bindead — a static analysis tool for binaries. (Atlassian Bitbucket) Bindead is an analyzer for executable machine code. It features a disassembler that translates machine code bits into an assembler like language (RREIL) that in turn is then analyzed by the static analysis component using abstract interpretation. As Bindead operates on the machine code level, it can be used without having the source code of the program to be analyzed. In fact, the purpose of Bindead is to help with the reverse engineering of executable code or binaries. The analyzer enables one to reason about all the possible runtime behavior of a program and find potential bugs. To this end we perform a collection of (numeric and symbolic) analyses on the program and are able to infer memory access bounds and various other numeric properties statically, i.e. without running the program

Dshell — Network Forensic Analysis Framework (Kitploit) An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures

Marketplace

Hacker insurance for businesses on the rise (Copenhagen Post) More companies looking to protect themselves from the rise in cybercrime

Security 'attitude' depends on corporate personality (SC Magazine) Management style and geographic location are key influencers on companies' approach to cyber-insurance, finds new report

Insurance companies pushing identity theft coverage after massive cyber-attack against Anthem (NBC 2 Tulsa) Insurance companies pushing identity theft coverage after massive cyber-attack against Anthem

FireEye Inc (FEYE) Stock Surges After Its Win At Anthem Inc (ANTM) (Bidness Etc.) JPMorgan calls FireEye's forensic division as the "Go-To" business after its high-profile wins with Sony and Anthem data breaches. Stocks of other health insurers, like Palo Alto Networks, also gain in the wake of the data breaches that have left investors on the watch regarding security stocks

CyberArk shares up 5 percent after Anthem data breach (Boston Business Journal) Shares of Newton-based CyberArk Software (Nasdaq: CYBR), a Newton-based firm that offers IT security, were up 5 percent Thursday — a day after revelations about a data breach affecting health insurer Anthem Inc

BlackBerry Ltd (NASDAQ:BBRY) Trapped in Bearish Claws with Symantec Corporation (NASDAQ:SYMC), Synchronoss Technologies, Inc. (NASDAQ:SNCR) (StreetWiseReport) Shares of BlackBerry Ltd (NASDAQ:BBRY) [Detail Analytic Report] fell -0.30% in after-hour trading session on Thursday after the U.S. Securities and Exchange Commission is investigating a January 14, 2015 spike in trading in BlackBerry options that happened an hours before Reuters declared that Samsung Electronics Co was in discussions to acquire BlackBerry

Porticor has been acquired by Intuit (Porticor) Data security news has been in the spotlight lately, and with good reason. From the public cloud to the private cloud and everything in between, customers trust us to keep their data secure. We are seriously enthusiastic about cloud security and we are extremely pleased to learn that Intuit shares that enthusiasm. So today we are delighted to tell you that Porticor has been acquired by Intuit

6 Microsoft Acquisitions: What Do They Mean? (InformationWeek) Microsoft bought big data, email, and machine learning businesses on its holiday shopping spree. What will they bring to its future?

Harris Buying Exelis Signals Defense Consolidation (BloombergBusiness) Harris Corp.'s purchase of Exelis Inc. in a transaction valued at $4.75 billion could signal further consolidation among mid-size defense companies as they search for growth while government spending stagnates

Cyber security system aims to reach whole world (Daily Sabah) The domestic cyber security systems developed by Comodo, which gained fame for the online security solutions they built for U.S. President Barack Obama's election campaign websites, will be exported to the world, according to Comodo's founder Melih Abdulhayaoğlu

New cyber security firms to benefit from accelerator scheme (Acumin) With the first UK accelerator for start-up firms in cyber security, professionals are saying that local businesses could benefit from a global trend — online safety

Paladion Opens a New Global Security Operations Center Designed to Enhance Customer Security in the Middle East (Zawya) The new global center analyses seven billion security events every day in order to stop cyber criminals and malicious insiders, thus safeguarding enterprises in the region

Contrast Security Named a Leader in Application Security by Independent Research Firm (PRNewswire) Report cites Contrast Security's advancements in application security

Forbes Names CrowdStrike One of America's Most Promising Companies for 2015 (IT Business Net) Company ranked among top 100 high-growth, privately held U.S. companies

Mike Janke, Silent Circle Co-Founder and Chair, Chosen to Wash100 for Mobile Security Leadership (GovConExec) Executive Mosaic is honored to introduce Mike Janke, co-founder and chairman of Silent Circle, as the newest inductee into the Wash 100 — a group of influential leaders in the government contracting industry

Catbird Appoints Cybersecurity Veteran Bart Vansevenant as CMO (Virtual Strategy Magazine) Former executive director of Verizon's Global Security product organization tapped to drive new era of growth

Research and Development

Quantum cryptography offers best solution to internet security (Irish Times) Information stored as photons cannot be infiltrated due to uncertainty principle

Security Patches, Mitigations, and Software Updates

Apple pushes Flash update for Mac OS X following triple zero-day debacle (V3) Apple has issued a compulsory update forcing Mac OS X users to upgrade to the latest version of Flash, following the discovery of three zero-day vulnerabilities in the software

The trick to vanquishing 0 days that have become 100 days (CSO) We have now arrived in the theatre of the absurd. Collectively we use things like Adobe Flash, Acrobat and Java on our systems everyday. We use software that is flawed at its very core in our jobs, schools and home life. Then we're surprised when things go awry. "How did that attacker breach my system?" and so forth

Microsoft patching zero-day exploit on IE11 (ITProPortal) Microsoft has confirmed a new zero-day exploit on Internet Explorer 11 for Windows 8.1 and Windows 7 allowing attackers to steal critical information through an XSS exploit

Analysis of 2014 Microsoft patch trend data (Help Net Security) Tripwire announced an analysis of Microsoft patch data from 2014

Cyber Attacks, Threats, and Vulnerabilities

Anonymous launches the OpISIS and brings down ISIS social media accounts (Security Affairs) Anonymous announced the OpISIS and launched a series of attacks against the jihadist websites supporting the ISIS and its propaganda on the Web

TurboTax resumes state tax return filing after fraud-related suspension (Baltimore Sun) TurboTax had temporarily suspended state tax return filing after fraud concerns. The company behind TurboTax, the best-selling tax preparation software in the country, temporarily stopped processing e-filed state tax returns this week after an uptick in fraudulent filings

Intuit Working With State Governments to Solve Emerging Tax Fraud Problem (Intuit) Intuit Inc. (Nasdaq: INTU) today announced it is working with state agencies to address growing concerns over state tax fraud. During this tax season, Intuit and some states have seen an increase in suspicious filings and attempts by criminals to use stolen identity information to file fraudulent state tax returns and claim tax refunds

TurboTax halts state filings amid fraud outbreak (USA TODAY) TurboTax turned off the ability of its software to e-file state tax returns across the USA on Thursday after the company found "an increase in suspicious filings," the company said Friday

Cyberattacks keep TurboTax users from filing returns (PBS News Hour) After seeing an increase of stolen information used to file fraudulent state tax returns, TurboTax announced that the processing of all state filing has been halted and the option to file state taxes online no longer exists

Minnesota Stops Accepting Returns Filed With TurboTax, Cites Fraud Concerns (Forbes) Intuit has temporarily suspended transmission of returns in all states

Details emerge in Anthem hack (FierceHealthIT) Signs point to China-based hacker group; Stolen employee password, lack of encryption among emerging details

China says Anthem hacking accusations 'groundless' (Phys.org) China on Friday rejected accusations it was behind a hacking attack that saw data on up to 80 million customers stolen from US health insurance giant Anthem as "groundless"

China To Blame in Anthem Hack? (KrebsOnSecurity) Bloomberg reports that U.S. federal investigators probing the theft of 80 million Social Security records and other sensitive data from insurance giant Anthem Inc. are pointing the finger at state-sponsored hackers from China. Although unconfirmed, that suspicion would explain a confidential alert the FBI circulated last week warning that Chinese hackers were targeting personally identifiable information from U.S. commercial and government networks

The Morning Download: Anthem Attack Raises Questions About IT Architecture, Cyber Expert Says (Wall Street Journal) CIO Journal asked Shuman Ghosemajumder, vice president of product management at cybersecurity startup Shape Security, to parse the few publicly available details of health insurer Anthem's breach by hackers

Anthem hack raises fears about medical data (Los Angeles Times) Insurance giant Anthem Inc. suffered a massive data breach exposing the personal information of up to 80 million Americans — and it could have been even worse for consumers

Why hackers are targeting the medical sector (Washington Post) A hack at Anthem, the second-largest health insurer in the country, exposed personal information about millions of employees and customers. But the attack is just the latest evidence that cybercriminals are increasingly targeting the medical sector where they can collect health information that can be sold for a premium on the black market

Responding to the Anthem Cyber Attack (National Law Review) Anthem Inc. (Anthem), the nation's second-largest health insurer, revealed late on Wednesday, February 4 that it was the victim of a significant cyber attack

C-Suite — Changing Tack on the Sea of Data Breach? (National Law Review) The country awoke to what seems to be a common occurrence now: another corporation struck by a massive data breach. This time it was Anthem, the country's second largest health insurer, in a breach initially estimated to involve eighty million individuals. Both individuals' and employees' personal information is at issue, in a breach instigated by hackers

Community debates encryption's value in Anthem incident (SC Magazine) Experts argue that encryption is not the key piece in the Anthem breach if the incident involved a targeted attack on admin credentials. Anthem's breach has ignited a debate on the insurer's data security safeguards, with many experts arguing that, in this incident, encryption may not have minimized the attack damage like some suspect

Security experts on Anthem breach: The biggest threat lurks inside your company (FierceHealthIT) The impact of the recent cyberattack on health insurance company Anthem is rippling through the industry — but health IT leaders and experts say they're not surprised it happened

Anthem Cyber Attack Clouds Insurer's Obamacare Bounty (Forbes) An investigation by state insurance regulators into the data breach of 80 million current and former customers of health insurance giant Anthem (ANTM) comes during a period of unprecedented growth for the company thanks to the Affordable Care Act

Warning: Anthem data breach used as lure in Phishing campaigns (CSO) Emails used to harvest personal information and credentials

DDoS malware for Linux systems comes with sophisticated custom-built rootkit (CSO) A malware program designed for Linux systems, including embedded devices with ARM architecture, uses a sophisticated kernel rootkit that's custom built for each infection

Anatomy of a Brute Force Campaign: The Story of Hee Thai Limited (FireEye) This is the tale of an ongoing SSH brute forcing campaign, targeting servers and network devices, that distributes a new family of Linux rootkit malware named "XOR.DDoS." While typical DDoS bots are straightforward in operation and often programmed in a high-level script such as PHP or Perl, the XOR.DDoS family is programming in C/C++ and incorporates multiple persistence mechanisms including a rare Linux rootkit

WhatsSpy Public Tracks WhatsApp Activity (Softpedia) Certain information related to WhatsApp activity can be tracked by a third party with the help of a recently released tool, even if privacy options have been enabled

What You Need to Know About 'Drive-By' Cyber Attacks (Fox Business) Last year's epic Sony hack, which the FBI attributed to North Korea, was clearly a big wakeup call for businesses. But for most companies, unless you're a Fortune 1000 or greater, your biggest threat doesn't come from these highly sophisticated, targeted attacks. Instead, it's lower level actors that pose the greatest danger — cyber-criminals whose goal is to steal or extort money out of businesses, and cause a lot of damage in the process

Flash Player Zero-Day Vulnerabilities: Why So Many Lately? (Top Tech News) Even for the vulnerability-troubled Adobe Flash Player, the emergence of multiple Flash zero-days over just a few weeks is unusual, according to a cybersecurity expert. Adobe has reported and issued updates for three zero-day exploits since January

Cyber-attacks rising in Utah, likely due to NSA facility (KSN) Utah state officials have seen what they describe as a sharp uptick in attempts to hack into state computers in the last two years, and they think it related to the NSA data center south of Salt Lake City

Investigating online dating fraud (Help Net Security) The one thing that online dating scammers have in common is that their preferred target demographic is vulnerable and trusting people with a limited social circle or support group

"Facebook porn Trojan" — here's how NOT to get caught (Naked Security) The malware cat is amongst the Facebook pigeons again, in the wake of a posting to the well-known Full Disclosure mailing list

Computer malware demands ransom for encrypted files (Luxemburger Wort) The last few days, a new wave of malware attacks have struck companies and individuals in Luxembourg. The infection known as CTB-locker or Critoni crypto ransomware infects via with spam messages and email attachments

Hackers Using RansomWeb Attacks Is Potentially Business Destroying (BizTech Mojo) Ransomware — a form of malicious software that can encrypt data on a computer and demand a ransom from the PC's owner to have the data decrypted — is nothing new

Bulletin (SB15-040) Vulnerability Summary for the Week of February 2, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Academia

Air Force Academy cadets show skill in cybersecurity competition Read more at http://gazette.com/air-force-academy-cadets-show-skill-in-cybersecurity-competition/article/1545994#7Mucu1uWSfDD8Ult.99 (Colorado Springs Gazette) Cadets at the Air Force Academy recently took top honors at a Pennsylvania cybersecurity competition pitting them against their counterparts from other service academies

It's Safe to Say: IT Students Make Impression at Security Convention (Pennsylania College Today) A sizable Penn College contingent attended ShmooCon, the East Coast "hacker" convention, held Jan. 16-18 at the Washington (D.C.) Hilton. Three faculty members in the School of Industrial, Computing & Engineering Technologies — along with 11 graduates, 18 current students and a former student — were among those attending

Litigation, Investigation, and Enforcement

First lawsuits launched in Anthem hack (USA TODAY) The first lawsuits in the Anthem hack, the nation's largest health care breach to date, have been filed

Senate leader calls for US government's explanation in wake of HSBC leaks (Guardian) Sherrod Brown, leading Democrat on Senate banking committee, asks for full explanation upon learning of allegations in biggest leak in banking history

Leaks Make a Mockery of Intelligence Community Secrecy (Overt Action) "CIA, Mossad killed senior Hezbollah figure in bombing" announced The Washington Post headline on 31 January 2015 — nearly seven years after the death of Imad Mughniyeh. Few in America should be particularly heartbroken with the particulars of his demise; after all, Mughniyeh has been the shadowy figure who masterminded attacks in Beirut that killed more than 300 Americans, trained fighters in Iraq to attack US forces, and led the kidnapping, torture, and murder of CIA's Beirut Station Chief

British Tribunal Rules Mass Internet Surveillance by GCHQ Was Unlawful (CSO) The UK's Investigatory Powers Tribunal (IPT) in a historical ruling finds the lack of transparency over information sharing programs between GCHQ and the NSA were unlawful

GCHQ censured over sharing of internet surveillance data with US (BBC) UK surveillance agency GCHQ has been officially censured for not revealing enough about how it shares information with its American counterparts

GCHQ snooping ruling does not go far enough, says Open Rights Group (ComputerWeekly) The recent ruling that mass surveillance of UK citizens' internet communications by the UK intelligence services was unlawful until the end of 2014 does not go far enough, according to Open Rights Group

How Credit Agencies Make It Harder to Know You've Been Hacked (Bloomberg) A 2009 lawsuit made renewing fraud alerts cumbersome for customers

F.B.I. plans to create cyber crimes task force in Louisville (WDRB) Your entire identity name, address, social security number were stolen at the click of a mouse

U.S. court orders Symantec to pay $17 mln for patent infringement (Reuters) Symantec Corp, maker of the popular Norton antivirus software, was ordered to pay $17 million in damages on Friday after a federal jury in Delaware found it had violated two patents owned by Intellectual Ventures, a major patent licensing company

Countermeasures to industrial espionage (ITWeb) Most South African companies don't take information security-related law seriously, and are exposed to industrial espionage

Design and Innovation

Facebook's DeepFace facial recognition technology has human-like accuracy (Naked Security) Facial recognition technology has been around for many years — the fact that the vast majority of people have two ears, two eyes, a mouth and a nose, all appearing in pretty much the same location, makes basic recognition relatively straightforward

How the NSA is improving security for everyone (Network World) The NSA's core function is gather and analyze data. But the NSA is also expected to secure and protect sensitive information, and as part of that role NSA security experts have launched a program to integrate more commercial off-the-shelf products