The CyberWire Daily Briefing 02.13.15

Summary

By The CyberWire Staff

Anonymous continues its cyber riot against ISIS, and attracts some grudging love from many who deeply disapprove of the anarchist collective.

India's government acknowledges that someone has accessed and exfiltrated classified information from its networks. Suspects remain unidentified.

The lovelorn are warned to beware Valentine cyberscamming.

As credit monitoring and identity-theft protection services begin for customers affected by the Anthem breach, the Insurance Insider's sources lead it to believe that Anthem's cyber coverage (said to be provided by AIG, and said to amount to $100M) will soon be exceeded by its liabilities. Anthem's travails spur other companies to think hard about encryption, privileged access, and value-at-risk.

Anthem's response provides an interesting case study in attack information disclosure: the company shared indicators of compromise (including MD5 hashes, IP addresses, and the email addresses used by attackers) with HITRUST's Cyber Threat Intelligence and Incidence Coordination Center. This may provide a useful comparison with the role envisioned for the new US Cyber Threat Intelligence Integration Center. That Center appears central to President Obama's information-sharing policy as he opens the California cyber summit today. Reaction to Center and summit remain mixed (the Hill calls some CEOs' decision to stay home a "snub;" the Electronic Frontier Foundation summarizes the skeptical take on the CTIIC) but significant executive orders are expected shortly.

Cyber security story stocks continue to rise post-Anthem.

The NIST framework turns one year old, and receives positive reviews.

Russia appears ready to ban VPNs and Tor as it continues to ratchet up censorship.

Notes.

Today's issue includes events affecting India, Iraq, Lebanon, New Zealand, Russia, Syria, United Arab Emirates, United Kingdom, United States

The CyberWire staff will take a break on Presidents' Day, this coming Monday. We'll resume regular publication on Tuesday, February 17.

Selected Reading

Cyber Trends

The Anthem hack shows there is no such thing as privacy in the health care industry (Brookings TechTank) Data breaches in the health care industry happen more often than you might think

IT security training is a top priority for CIOs (Help Net Security) CIOs are taking a multipronged approach to protecting sensitive company information, and the majority are currently taking or planning to take steps in the next 12 months to improve IT security at their firms, according to Robert Half Technology

New Zealand doing well according to Trend Micro's 2014 Security Threat report (Geekzone) Last year, New Zealand saw an overall decrease in the number of online security threats when compared with 2013 according to the latest research from Trend Micro. Despite decreases of online threats, New Zealanders are being urged to take a vigilant approach to cybersecurity this year

Legislation, Policy and Regulation

VPN and Tor Ban Looming on the Horizon for Russia (Torrent Freak) Russia blocks websites on a very large-scale but citizens often circumvent those blocks using VPNs, TOR and other anonymizing tools. The country is now looking at ways of bringing this to an end, with Russia's main web-blocking body supporting a worrying proposal by a Russian MP to ban use of these tools

Obama to focus on cybersecurity in heart of Silicon Valley (Associated Press) Responding to unprecedented data breaches and cyberattacks, President Barack Obama is trying to spark alliances between policymakers who want to regulate the online world and tech innovators who traditionally shun Beltway bureaucracies

Obama set for cyber push (The Hill) The Obama administration is making a major push to spur the private sector to share more cyber threat data in hopes of making its own cybersecurity agenda more appealing on Capitol Hill

Obama recruits tech giants for new cybersecurity efforts (CBS News) The federal government can't protect your cyber data by itself

Top tech CEOs to snub Obama cyber summit (The Hill) The CEOs of Google, Yahoo and Facebook have declined invitations to attend President Obama's tech summit Friday at Stanford University

The White House Is Creating a New Agency to Fight Cyberattacks (The Diplomat) A new office shows the central role that cybersecurity plays in the White House's national security calculus

Administration's New Cyber Threat Center Replaces Old Cyber Threat Center (Electronic Frontier Foundation) This week the Obama administration is releasing its second Executive Order in as many years on computer ("cyber") security, which reports are saying will create a new department in the intelligence community to handle computer security threat information sharing. Officials are hailing the center as "new" and unprecedented. It's not

Republican senator pushes bill to require warrants for emails (The Hill) Sen. Orrin Hatch (R-Utah) is preparing to reintroduce a bill to increase email privacy protections and set limits on the government's access to content stored overseas

Senate confirms Obama's pick for Pentagon chief (AP via KLTV) The Senate on Thursday confirmed President Barack Obama's choice to run the Pentagon, handing Ash Carter the unenviable task of steering the military as the United States confronts Islamic State militants, conflict in Ukraine and other worldwide threats

FAA to establish aircraft cyber security working group (Runway Girl Network) The US Federal Aviation Administration is establishing a new industry working group to provide guidance on how to bolster aircraft cyber security as concerns mount over the potential for e-enabled aircraft to be hacked

It's time to operationalize cyber domain knowledge (C4ISR & Networks) The military has had a growing awareness of cyber warfare and its implications; now is the time to operationalize that knowledge, said ADM Michelle Howard, Vice Chief of Naval Operations, speaking at WEST 2015

Cyber Conflicts Will Test Military Readiness (USNI) Confrontations await in cyberspace, and those encounters will test military readiness, speakers said Wednesday at the WEST 2015 convention

'Revenge porn' to be made illegal in England and Wales (Naked Security) Those who post revenge porn videos and photos on the internet could face up to two years in prison, thanks to a new law announced today in England and Wales

Products, Services, and Solutions

Not Sure If It's Safe To Leave Your Home? There's An App For That! (Albawaba) The Lebanese Army was presented the award for the best mobile phone application relating to security and safety in Arab countries at the Third Arab Governmental Summit in Dubai, the state-run National News Agency said Wednesday

VirusTotal sets up huge AV whitelist to minimize false positives (Help Net Security) One of the worst things that can happen to a software developer, and especially if they are a small firm or a single individual, is for their program to be falsely detected as malicious by popular AV solutions

iovation Launches Device-Based Authentication to Reduce Account Takeover Threats and Avoid Unnecessary Customer Challenges (MarketWired) By using the customer's device as a second factor of authentication, businesses can reduce operational cost, increase security and minimize customer friction

Tripwire Expands Adaptive Threat Protection Ecosystem (BusinessWire) Industry leader delivers integrated, automated view of cybersecurity risk

Facebook ThreatExchange Platform Latest Hope for Information Sharing (Threatpost) Facebook, with its giant infrastructure and its equally wide view into Internet attacks, has built an information-sharing platform that it hopes will entice other big technology companies to join and contribute threat data and indicators of compromise

Facebook's new ThreatExchange will rally companies to squash internet badness (Naked Security) On Thursday, Facebook launched ThreatExchange, a platform for companies to easily collaborate on security threats

Technologies, Techniques, and Standards

NIST Cybersecurity Framework Turns One, Logging Success (Infosecurity Magazine) The NIST Cybersecurity Framework turns 1 on Feb. 12 tomorrow, fulfilling its initial goal of acting as a voluntary framework to improve cybersecurity for critical infrastructure in the United States

How Anthem Shared Key Markers Of Its Cyberattack (Dark Reading) Insurer shared the MD5 malware hashes, IP addresses, and email addresses used by its attackers

Anthem Hack: Lessons For IT Leaders (InformationWeek) There are two key lessons that IT can learn from the Anthem breach

Improving Cyber Security Literacy in Boards & Executives (Tripwire: the State of Security) The recent Anthem hack that may have compromised 80 million people's personal health information reveals just how mainstream data breaches have become in recent years. In response to this rapidly evolving threat landscape, Boards of Directors (BoDs) and executives are now more aware of today's cyber threats and how they might adversely affect their business

The limits of prevention-centric security programs (Help Net Security) In an analysis of tens of thousands of malicious files, Damballa discovered that it can take more than six months for traditional AV tools to create signatures for 100% of the files

The hackers we know… Ethical hacking and how it can help your client (Inside Counsel) Ethical hackers gain entrance to systems with the ultimate aim of making defenses stronger rather than exploiting them

How much corporate data access should BYOD users have? (TechTarget) Mobile access to company data is one of the surest ways to boost productivity, but IT often has to weigh those benefits against

Shadow Cloud Services: Seeing the Light (Midsize Insider) What lurks in the shadows? For many midsize companies, it is the specter of unapproved cloud services leveraged by end-users needlessly putting both corporate data and cloud-based networks at risk. As it becomes clear just how far shadow cloud services extend, a question emerges: Can IT professionals regain control, or is this free-for-all here to stay?

Marketplace

Cybersecurity stocks rise ahead of executive order (Seeking Alpha) President Obama is poised to sign an executive order today aimed at encouraging companies to share more information about cybersecurity threats with the government and each other

Cybersecurity Stocks in the Spotlight (Wall Street Sector Selector) Wednesday's big earnings beat by FireEye could spark significant bullishness for cybersecurity stocks

FireEye Is "First in the Door" on Big Cyberattacks (AP via ABC News) As hackers invade the computer systems of major companies with greater frequency and their corporate victims scramble to contain the damage and prevent future intrusions, these are boom times for cybersecurity sleuths

FireEye is in demand in high-profile hacks, but Wall Street is looking for profits (AP via the Brandon Sun) As hackers invade the computer systems of major companies with greater frequency and their corporate victims scramble to contain the damage and prevent future intrusions, these are boom times for cybersecurity sleuths

Clearlake Capital Group to Acquire FrontRange Solutions; Will Merge FrontRange with Lumension To Form HEAT Software (BusinessWire) HEAT Software will offer comprehensive service management and unified endpoint management software solutions

Pwn2Own hacking contest shrinks exploit prize pool (CSO) HP and Google put up $465,000 in cash prizes for long-running browser hacking challenge

Duo Security Hires Former Zendesk COO Zack Urlocker To Run Operations (TechCrunch) Two-factor authentication startup Duo Security recently raised a $12 million round of funding to quickly grow its business and customer base. To help with that, the company hired seasoned tech exec Zack Urlocker as its new chief operating officer

Cyphort Hires Denise Hayman as New Vice President of Worldwide Sales (Fort Mill Times) Technology veteran Denise Hayman brings 25 years of diverse security experience to ATD innovator

Research and Development

White House goal: Kill the password (The Hill) The White House is funding efforts to wipe out the password as the primary security code used to access sensitive data online

Security Patches, Mitigations, and Software Updates

Apple's "two-step" security now protects iMessage and FaceTime, too (Naked Security) Apple has quietly extended its two-step verification feature to more of its ecosystem

Microsoft Group Policy Vulnerability Affects all Windows Computers (Threatpost) Enterprises that support remote workers need to prioritize a Microsoft security bulletin released yesterday that addresses a critical vulnerability in Group Policy

Microsoft's patch info 'blockade' pinches security staffs (ComputerWorld) Last month's shuttering of advance notifications continues to frustrate security experts

Cyber Attacks, Threats, and Vulnerabilities

Anarchist hackers start cyber war with ISIS (The Hill) The global hacker collective known as Anonymous is storming the international political scene with a brash hacking campaign against the Islamic State in Iraq and Syria (ISIS)

Govt admits cyber attacks, but says can't identify culprits (Indian Express) India has not been able to identify the criminals behind cyber attacks against government establishments that were used to transmit classified information to overseas servers

Anthem data breach cost likely to smash $100 million barrier (ZDNet) The company's cyber insurance policy is likely to be exhausted following the theft of up to 80 million records

Anthem: Credit monitoring and identity theft services start Friday for cyber-attack victims (Albany Business Review) Millions of people affected by the cyber security breach at Anthem Inc. will be able to start enrolling Friday in credit monitoring and identity theft protection services provided through the insurer

Ex-Sony head Amy Pascal discusses 'horrible' cyber attack (BBC) The former co-chairman of Sony Pictures has spoken for the first time about the cyber attack on the studio that revealed her private emails

Attackers can bypass Windows' protections by changing a single bit (Help Net Security) Among the many vulnerabilities that Microsoft patched on Tuesday is one that can be exploited to bypass all Windows security measures by, curiously enough, modifying a single bit of the Windows operating system

Beware of hot foreign spies who want to steal your data (CSO) It's no exaggeration that sex buys intellectual property, trade secrets, customer data, and any information or network access of value

Scammers Pounce on Lovelorn Netizens Ahead of Valentine's Day (Infosecurity Magazine) Security experts have reminded lovesick netizens to keep their wits about them on the web around Valentine's Day, pointing out the growing volume of phishing and social media scams designed to con single men

Tinder says it's safe from IBM warning on dating apps (USA TODAY) Dating services Tinder and Match said they are in the clear following a dire warning by tech giant IBM about security risks it discovered in dozens of popular dating apps

Phishing attacks increasingly target financial data (Help Net Security) 28.8 percent of phishing attacks last year aimed to steal financial data from consumers, according to a new report by Kaspersky Lab. The results show how cybercriminals have shifted their focus from banks to payment systems and online shopping websites

Study: Proofpoint Reports an Increase in Malicious URLs in Unsolicited Emails (MarketWatch) Decline in overall volume of unsolicited email outweighed by dramatic increase in maliciousness

16 million mobile devices infected by malware (Help Net Security) Security threats to mobile and residential devices and attacks on communications networks rose in 2014, threatening personal and corporate privacy and information

Litigation, Investigation, and Enforcement

TurboTax Fraud May Impact Federal Returns Too, FBI Investigating (Forbes) Tax filing season arrived with a bang this year, punctuated by a big uptick in fears about fraud. There was nearly a bank run when TurboTax had to suspend filing state tax returns over fraud concerns. It would be bad enough to find that someone had filed 'your' tax return in your state and scooped up your refund. But all indications were that this was just a state tax problem, not a federal one

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Cybergamut Technical Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, February 17, 2015) Workshop Description: This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified. The workshop will be presented by Ryan Harvell of OPS Consulting and Marcelle Lee of Anne Arundel Community College CyberCenter

Cybergamut Technical Tuesday: An Hour in the Life of a Cyber Analyst [Update: watch Cybergamut's site for a possible snow day.] (Hanover, Maryland, USA, February 17, 2015) This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified. The workshop will be presented by Ryan Harvell of OPS Consulting and Marcelle Lee of Anne Arundel Community College CyberCenter

To be rescheduled due to snow: Cybergamut Technical Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, February 17, 2015) This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified. The workshop will be presented by Ryan Harvell of OPS Consulting and Marcelle Lee of Anne Arundel Community College CyberCenter

Cyber Risk Wednesday: Breaking the Cyber Information-Sharing Logjam (Washington, DC, USA, February 18, 2015) A moderated discussion on challenges and solutions for information-sharing, the Administration's recent proposals for better practices between the private sector and government, and goal-directed approaches to sharing. The event will be accompanied by the release of a report, supported by CISCO, which examines the challenges of information-sharing, the Administration's emerging proposals, along with solutions to breaking the current logjam

Cyber Framework and Critical Infrastructure: A Look Back at Year One (Washington, DC, USA, February 19, 2015) Last February, the Obama administration rolled out the nation's first cybersecurity standards to protect critical infrastructure. One year later, Dr. Phyllis Schneck, the Department of Homeland Security leader responsible for helping institutions implement the new standard, will reflect on how the nation has improved its protection of critical infrastructure over the last year. We'll discuss the effectiveness of the standard so far, whether security protections are strong enough, and if incentives are attractive enough to induce companies to take on the new standard

DEFCON &#124 OWASP International Information Security Meet (Lucknow, India, February 22, 2015) Defcon &#124 OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading awareness regarding the field of Information Security and OWASP Lucknow is a chapter of OWASP Community

10th Annual ICS Security Summit (Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools and techniques you can put to work immediately when returning to your office. The summit will allow you to learn from industry experts on attacker techniques, testing approaches in ICS, and defense capability in ICS environments

Cybersecurity for a New America: Big Ideas and New Voices (Washington, DC, USA, February 23, 2015) In addition to featuring keynote remarks by Admiral Mike Rogers, Director of the National Security Agency, this event will convene experts and practitioners from the public and private sector, military, media, academia, non-governmental and intergovernmental organizations for a series of discussion panels and first person "pop-up" style speeches on the wide range of cybersecurity issues that are affecting and infecting everything from personal devices and corporate networks to national defense and international affairs. The focus of the event will be to push past the status quo and instead explore the next generation of challenges, as well as highlight bold, new ideas to face them. CNN is the event's media partner and will provide a live-stream of the event

Workforce Development Forum — CyberWorks Information Session (Baltimore, Maryland, USA, February 24, 2015) Are you a technology company that would like to actively participate in growing the right candidates for your open IT and cybersecurity positions? Are you a job seeker interested in pursuing a career in IT/cybersecurity who would benefit from business mentorship and hands-on practical work experience? If you said yes to either question please join us at the upcoming CyberWorks information session to learn how you can benefit from this innovative program. CyberWorks is an industry-led, workforce development program designed to help Maryland companies fill their cybersecurity needs with qualified candidates, while simultaneously helping individuals start careers and improve Maryland's economy

Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals together to discuss security and connected devices. Purpose: Convene the leading industry, government, and academia leaders. Chief Objective: Influence professionals from the most innovative and influential organizations in the world will meet to unravel the relationship between the connected society and cybersecurity

The Future of Cybersecurity Innovation (Washington, DC, USA, February 26, 2015) The US intelligence community has ranked cyberattacks as the No. 1 threat to national security — more than terrorist groups or weapons of mass destruction. But the military's cyberwarriors fight these battles hunkered over computers, working with strings of code — a laborious process that requires advanced engineering skills. That's why the Pentagon's advanced research arm, the Defense Advanced Research Projects Agency (DARPA), is building a system to give the military instantaneous knowledge of network attacks by displaying them in real-time with rich graphics and 3-D visualizations

NEDForum: Cyber Network Exploitation and Defence: "Darknet & the Primordial Soup of Cyber Crime" (Edinburgh, Scotland, UK, February 27, 2015) Speakers will cover such topics as: "Fear and loathing on Darknet," (Greg Jones, Managing Consultant, Digital Assurance), "Securing the internet of everything" (Rik Ferguson, Global Vice President Security Research, Trend Micro), and "Is your organisation setup for success in security?" (Patrick Brady, Independent Consultant)

2015 Cyber Risk Insights Conference — San Francisco (San Francisco, California, USA, March 3, 2015) Following on the success of the 2014 half-day cyber risk event, Advisen will present a full day of learning and networking for risk managers, CISOs, CROs, insurance brokers, insurance underwriters, reinsurers and other risk professionals. An expert faculty comprised of leading security, regulatory, risk management, and cyber insurance authorities will provide their insights into the critical privacy, network security and insurance coverage now issues facing organizations and their insurers, with an emphasis on the business, technology and regulatory factors that make California and the West Coast unique

Cybergamut Technical Tuesday: Tor and the Deep Dark Web (Columbia, Maryland, Sioux Falls, March 3, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external threat data can be helpful in evaluating intelligence but how do you identify relevance? Created as a means of protecting the privacy and anonymity of its users, Tor — the managed network of private computers leveraged by criminal elements to minimize the risk of surveillance and capture — is being exploited by the most technically proficient, aggressive, and organized of criminal syndicates. Presented by Scott FitzPatrick of Norse

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.