Cyber Attacks, Threats, and Vulnerabilities
Hackers target Belgian press group, days after French cyber attack (Deutsche Welle) Belgian media group Rossel has become the second French-speaking organization to fall victim to a cyber attack in a matter of days. For hours, the online edition of "Le Soir" was unavailable. The hackers remain unknown
French TV5Monde network cyber attack the latest in destructive trend in system intrusions (ComputerWeekly) The cyber attack on French television network TV5Monde is the latest in a growing list of destructive incursions from a wide range of attackers
Did ISIS [Hack] BBC the same time when they took over [France's] TV5Monde? (HackRead) Is ISIS Behind BBC's 'Operational error' that Interrupted its Broadcast and Left presenter flustered?
Could Isis's 'cyber caliphate' unleash a deadly attack on key targets? (Guardian) Britain's new spy chief has warned that we are in a 'technology arms race' with terrorists recruiting an army of hackers to their cause
The TV5Monde Attack: Four Hours that Changed the World (Trend Micro: Simply Security) On Wednesday April 8, 2015 in France, the nature of critical infrastructure attacks changed for good
Cyber jihadists could target US TV stations, experts warn (Fox News) The Islamic State-supporting hackers that disrupted French TV network TV5 Monde could launch similar attacks against U.S. stations, experts warned Thursday
Hobart Airport website taken offline after cyber-attack (Xinhua via Global Times) Hobart International Airport's website remained shut down on Monday, more than 24 hours after Tasmania Police was forced to take it offline due to a cyber- attack
Twitter shuts down 10,000 ISIS-linked accounts in one day (Naked Security) Twitter claims to have shut down more than 10,000 accounts linked to ISIS
Hackers took over social media accounts of Iranian state Al Alam TV (Security Affairs) Unknown hackers took over social media accounts of Iranian state Al Alam TV spreading fake news of the death of an Iran-allied rebel leader in Yemen
APT30 and the Mechanics of a Long-Running Cyber Espionage Operation (FireEye) How a cyber threat group exploited governments and commercial entities across Southeast Asia and India for over a decade
The Chinese government may have been spying on India's leaders and defence companies for a decade (Quartz) China's government is probably behind an anonymous group that has been cyber-spying on Indian companies and officials for close to decade now, American security experts say
Chinese-Backed Cyber-attacks Found in S.E. Asia, India, Report Says (eWeek) According to FireEye's APT30 report, the Chinese government-backed group has been active since 2005
Chinese hacker group among first to target networks isolated from Internet (IDG via CSO) APT 30 has been operating since 2005 without significantly changing its attack methods, FireEye said
Cybersecurity Giant FireEye Accuses Chinese Government of Major Hacking Operation (DCInno) On Sunday, the popular public stalwart of cybersecurity operations, FireEye, released a stark 65 page report outlining a series of high profile corporate espionage and cyber spying offenses against targets located throughout Asia. Evidence collected by FireEye following "months" of research, led FireEye's APAC CTO Bryce Boland to tell TechCrunch, "There's no smoking gun that shows this is a Chinese government operation, but all signs point to China." The cybersecurity firm chose to not disclose the names of those affected by the hacker collective, but did mention that the information offered an important clue into their investigation
An Aggressive Turn in Chinese Censorship Practices: 'The Great Cannon' (Global Voices) Citizen Lab, an advanced, human rights-based research center on Information and Communication Technology at the University of Toronto, has identified that the infrastructure of the man-in-the-middle DDoS attack on the Chinese open source platform hub GitHub is co-located with the Great Firewall. Citizen Lab terms this new technological innovation as "the Great Canno"
Scalability of the Great Cannon (Errata Security) Here is a great paper on China's Great Cannon, which was used to DDoS GitHub. One question is how scalable such a system can be, or how much resources it would take for China to intercept connections and replace content
Another Reason For Ubiquitous Web Encryption: To Neuter China's 'Great Cannon' (Forbes) China's web censorship machine, the Great Firewall, has a more offensive brother, researchers have declared today. Called the Great Cannon by Citizen Lab, a research body based at the University of Toronto, it can intercept traffic and manipulate it to do evil things
The Attack on Sony (CBS News) North Korea's cyberattack on Sony Pictures exposed a new reality: you don't have to be a superpower to inflict damage on U.S. corporations
Thousands could launch Sony-style cyberattack, says ex-hacker (CNET) Ninety percent of companies are vulnerable to a crippling hack, experts tell "60 Minutes"
Kaspersky warns of "Darwin Nuke" which affects Apple mobile devices (IT Pro Portal) A vulnerability in the kernel of Darwin, an open source component of both the OS X and iOS operating systems has been detected
We TOLD you not to use WPS on your Wi-Fi router! We TOLD you not to knit your own crypto! (Naked Security) You may wonder why we're writing about Wi-Fi Protected Setup, better known as WPS, at all
UK firms must purge Beebone after botnet downed (ComputerWeekly) UK firms have been urged to purge their computers of Beebone distributed malware after the botnet was downed by an international operation
Dyre Wolf is no 2FA killer, say security professionals (SC Magazine) Just before the UK closed down for the extended Easter Bank Holiday weekend, IBM security researchers published a report warning about a malware campaign attacking online bank users
After White House Hack, State Indicentally Offered Spearphishing Training (Nextgov) After a White House hack that reportedly was instigated by a malicious email from a compromised State Department account, State in March held a phishing email workshop. All federal security employees were invited to participate in the 90-minute online training session. But no one from the White House watched
One-Man PoS Malware Operation Captures 22,000 Credit Card Details in Brazil (TrendLabs Security Intelligence Blog) We have been able to identify a new point-of-sale (PoS) malware family that has affected more than 100 victim organizations in Brazil. We have dubbed this new malware family as "FighterPOS". (This name is derived from BRFighter, the tool used by the author to create this new threat.) This one-man operation has been able to steal more than 22,000 unique credit card numbers
White Lodging Confirms Second Breach (KrebsOnSecurity) In February 2015, KrebsOnSecurity reported that for the second time in a year, multiple financial institutions were complaining of fraud on customer credit and debit cards that were all recently used at a string of hotel properties run by hotel franchise firm White Lodging Services Corporation. The company said at the time that it had no evidence of a new breach, but last week White Lodging finally acknowledged a "suspected" breach of point-of-sale systems at 10 locations
Anonymous Shuts Down Montreal Police Site Against Brutality on Student Demo (HackRead) The infamous online hacker group Anonymous' Quebec branch has taken the credit for penetrating the Montreal Police department website and the officers' union
Montreal police website back online after hacking (CTV News Montreal) The Montreal police website is back online after it was hacked Friday night
Security Patches, Mitigations, and Software Updates
Apple Patches 'Darwin Nuke,' Other Security Flaws With New OS Releases (Dark Reading) Denial-of-service flaw discovered by researchers at Kaspersky Lab could affect Apple users' corporate networks
Cyber Trends
Security Threat Landscape Still Plagued by Known Issues: HP (ChannelWorld) HP has published the 2015 edition of its annual Cyber Risk Report, providing in-depth threat research and analysis around the most pressing security issues plaguing the enterprise during the previous year and indicating likely trends for 2015
Blink and you'll miss them — the latest form of DDoS attacks (Computing) Distributed denial of service (DDoS) attacks are nothing new. Computing looked into the impact that the cyber attacks could have on an organisation back in 2012 and urged CIOs to take notice because of the devastating financial and reputational damage that they can cause. Since then, DDoS attacks have continued to increase, in both size and volume
Cyber threat growth 'almost exponential,' expert says (The Hill) The growth in cyber threats is happening on an "almost exponential" basis, as hackers around the world become more sophisticated, a leading expert said this week
Sorry Symantec — Antivirus is not dead (IT Pro Portal) Each time someone reports that antivirus is dead, a hacker gets his wings (and I get furious). With our industries becoming increasingly data-driven, the need to protect our networks, devices, and archives has become more important than ever
Companies see personal data breach as biggest threat (The Hill) The exposure of personal information is the most frightening cybersecurity threat to private companies, according to a survey released this week
Marketplace
Security Startups Challenge IBM (Forbes) Recently, hackers have broken into corporate information systems and cost at least one CEO his job
New FireEye Interview On 60 Minutes: 13 Quotes Cybersecurity Investors Need To See (Benzinga) On the latest episode of 60 Minutes, Steve Kroft dove into North Korea's cyber attack on Sony Corp (ADR) SNE last winter
FireEye is Starting to Burn Bright Again. Take the Hint. (FTNT, CKP, PANW, FEYE) (Smallcap Network) Forget Checkpoint Systems (CKP), Fortinet (FTNT), and Palo Alto Networks (PANW). FireEye Inc. (NASDAQ:FEYE) is the cybersecurity name to take a shot on now
Cisco, F5 Have Shot at Taking Back Palo Alto, Fortinet Turf, Says Morgan Stanley (Barron's) Morgan Stanley's James Faucette and Keith Weiss today offer up a lengthy thought piece about network security, arguing that the changing landscape gives networking vendors such as Cisco Systems (CSCO) and F5 Networks (FFIV) another chance to reclaim the throne from security specialists such as Palo Alto Networks (PANW) and Fortinet (FTNT)
PayPal's Cybersecurity Firm Acquisition Official (PYMNTS) Barely a month after agreeing to buy Israeli predictive-security startup CyActive, PayPal announced on Thursday (April 9) that it has closed the deal
Symantec Said to Have Been Exploring Veritas Sale for Months (NDTV Gadgets) Security software maker Symantec Corp has been seeking buyers for its storage software business, Veritas, or the entire company for several months, sources familiar with the matter said
IBM's Latest Cloud Win Could Be a Game Changer (Motley Fool) There's no denying the impact cloud-related technologies are having on both business and consumers. So it's no wonder that some of the technology industry's biggest players are diving headfirst into the deep end of the cloud pool. Microsoft (NASDAQ: MSFT) CEO Satya Nadella makes a point of alluding to his "cloud-first" mantra at seemingly every chance he gets. And Nadella is not alone
Products, Services, and Solutions
Building Intelligence Inc. Receives SAFETY Act Designation from the Department of Homeland Security (DHS) (Benzinga) Building Intelligence Inc. has been approved as a Qualified Anti-Terrorism Technology provider under a formal SAFETY Act Designation by the Department of Homeland Security (DHS). Building Intelligence, Inc. provides its SV3 ("Technology") as Software-as-a-Service (SaaS) used by building managers, occupants, and security personnel to support security identification of vendors, vehicles, and visitors, processing admission and maintaining a record of activity, identities, and objects at a given facility
Imperva brings network layer DDoS protection to smaller businesses (IT Pro Portal) Enterprise data can be put at risk from DDoS attacks, but whilst larger businesses have the resources to guard against these attacks smaller ones sometimes struggle
Perfect Prescription: Symantec and Prevalent Successfully Partner on Security Solution for New Jersey Hospital (The VAR Guy) It's more important than ever for healthcare organizations to find a strong security solution that safeguards critical data
Dropbox? When is it OK to say 'yes'? (CIO) A healthcare CIO reverses course and lets doctors use the cloud service, but only with a layer of data encryption for security
Technologies, Techniques, and Standards
Ransomware Removal Tools Not Needed? Kaspersky Labs Finds Ways Around Paying Attackers (Inquisitr) Ransomware removal tools might not be necessary if your computer has become infected with the new type of virus. Ransomware is a kind of code that searches your system and encrypts vital information. The only sure way to access the information is to pay the creator of the virus for a key to unlock your data
Dabbling in two-factor authentication can be dangerous (CSO) What if the front door to your home was virtually impenetrable — secured with a standard lock, as well as a deadbolt and a video surveillance system — but the side door to the house was unlocked and left wide open? How effective would the brakes on your car be if they only worked part of the time? That is what it's like to use two-factor authentication, but only on certain designated systems
FFIEC's Seven Cybersecurity Priorities for 2015 (JDSupra) While others were waiting for spring to arrive, community bank officers and directors were waiting for the Federal Financial Institutions Examination Council (FFIEC) to provide additional guidance on its cybersecurity assessment program
NIST Seeks Feedback on the Big Data Framework Development (Dark Matters) The National Institute of Standards and Technology (NIST) is seeking public comment on a draft publication of the NIST Big Data Interoperability Framework, as part of a major collaborative effort to develop a standard framework to make it easier for to use "Big Data" sets for analytics
Information vs. Intelligence — There Really IS a Difference (iSight Partners Blog) We're not splitting hairs…there really is a difference between "information" and "intelligence"
Why the 'golden hour' is so important in fending off hackers (Fortune) A new report from Intel shows how critical it is to detect and defend against cyber attacks in the first hour
5 Email Lessons Every Employee Should Learn From The Sony Hacking Incident (Forbes) Almost everyone in the world has heard about the incident where Sony Pictures Entertainment became the victim of a cyber attack and sensitive information was leaked to the public, including internal company emails. While this situation highlighted the issue of cyber-security, it also provides a good warning for all employees on the use of email in business
Design and Innovation
Internet of Anything: It's Time for Everyone to be Able to Hack Robots (Wired) Ron Evans thinks it's about time that everyone should be able to make robots. Or at least tell them what to do
Academia
AACC recognized as leader in cyber defense (Eye on Annapolis) Anne Arundel Community College has been designated as a National Center of Academic Excellence in Information Assurance/Cyber Defense (CAE2Y) through 2020 by the National Security Agency and the U.S. Department of Homeland Security. The college offers credit programs and cyber and technology continuing education courses
Legislation, Policy, and Regulation
How an Iranian nuclear deal could trigger cyberconflict (Christian Science Monitor Passcode) What we learned from a panel discussion at the Atlantic Council about Iran's growing cybercapabilities
White House hacking reports highlight digital cold war between US, Russia (Christian Science Monitor Passcode) The Obama administration hasn't confirmed reports that Russians hacked into the White House last year. But the news comes amid growing Russian cyberattacks on American interests and US efforts to arrest and extradite the alleged culprits
Russia's cyberattacks grow more brazen (The Hill) Russia has ramped up cyber attacks against the United States to an unprecedented level since President Obama imposed sanctions last year on President Putin's government over its intervention in Ukraine
Will China and America Clash in Cyberspace? (National Interest) The information revolution has been a mixed blessing for China and the world. On one hand, computer networks enhance economic productivity, national security, and social interaction. On the other, valuable information infrastructure provides lucrative targets for thieves, spies, and soldiers. Nearly every type of government agency, commercial firm, and social organization benefits from information technology, but they can also be harmed through cyberspace. Not a week goes by where a major hack is not reported in the media or countries chastise each other for cyberespionage
Exclusive: U.S. expands intelligence sharing with Saudis in Yemen operation (Reuters) The United States is expanding its intelligence-sharing with Saudi Arabia to provide more information about potential targets in the kingdom's air campaign against Houthi militias in Yemen
What Iran shared with Kenyan authorities on planned Easter holiday terror attacks (The Standard on Sunday) Police and other security personnel received specific intelligence reports ahead of the Garissa attacks that claimed 148 lives of university students, The Standard on Sunday can authoritatively report
Work Details the Future of War at Army Defense College (DoD News) On stage today at the U.S. Army War College in Pennsylvania, Deputy Defense Secretary Bob Work summoned up scenes from a future war where soldiers and machines join forces in a multidimensional "informationalized" zone, using advanced tools to fight adversaries from space to cyberspace
Week ahead: House panels to mark up cyber bills (The Hill) Lawmakers will have plenty of cyber business on their agenda when they return to Washington next week
As encryption spreads, U.S. grapples with clash between privacy, security (Washington Post) For months, federal law enforcement agencies and industry have been deadlocked on a highly contentious issue: Should tech companies be obliged to guarantee government access to encrypted data on smartphones and other digital devices, and is that even possible without compromising the security of law-abiding customers?
NSA dreams of smartphones with "split" crypto keys protecting user data (Ars Technica) Proposal is part of a tense stand-off between US government and tech industry
DoD sets sights on weaponizing cyber (C4ISR & Networks) The Defense Department appears to be preparing to make major moves in the military's cyber domain, with several components advancing their capabilities and policies, and the Defense secretary eyeing a specialized cyber corps
French MPs debate contentious spying laws (The Local) More than three months after Islamist attacks in Paris that killed 17, French MPs will on Monday debate controversial new laws allowing spies to hoover up data from suspected jihadists
India: A Cyber Wing in the National Cadet Corps — Analysis (Eurasia Review) Cyberspace has become a full-blown war zone as governments across the globe clash for digital supremacy in a new, mostly invisible, theatre of operations. Once limited to opportunistic criminals, cyber-attacks are becoming a key weapon for governments seeking to defend national sovereignty and project national power. One can see the emerging contours of cyber warfare from strategic cyber espionage campaigns, such as Moonlight Maze and Titan Rain, to the destructive, such as military cyber strikes on Georgia and Iran and the new dimension of recent attacks on corporates like Sony Entertainment. Human security and international conflict are entering a new phase and domain in their long histories of existence. The shadowy battlefield called cyber space requires a new breed of warriors, Cyber Warriors
SOPA & PIPA Act — Pakistan's Bizarre Approach to Counter Cyber Terrorism (Hack Read) If you thought only the United State government loves surveillance, you are wrong — Here are some shocking revelations about Pakistani Sopa & PIPA. Cyber terrorism is the main area of concern to every government and head of state nowadays but some governments adopt a completely disoriented approach to counter the threat of cybercrime by introducing laws that impose unnecessary limitations on internet usage on ordinary citizens
Leading Persons in the EU Financial Sector: Beware of New Personal Sanctions (WillisWire) As a part of implementing its Capital Requirements Directive (CRD IV), the European Commission is determined to sharpen risk control in the region's financial sector
New US financial regulations to extend to UK and Europe (IT Security Guru) Regulators in both the US and Europe are increasingly interested in what financial services companies are doing to address cyber security threats
Brussels unaware Malta had outsourced border control software (Independent) After German MEP Cornelia Ernst had recently taken issue over Malta's use of the PISCES border control software, which was donated to the country by the American government in 2004, claiming that Malta's use of the software could constitute a security risk for other EU member states, the European Commission has said that it is, "not aware that Malta has externalised such IT-services"
Congressional delegation backs cyber unit at Michigan base (The State) All 16 members of Michigan's congressional delegation are asking the Department of Defense to locate a Cyber Operations Squadron at the Air National Guard base in Battle Creek
Litigation, Investigation, and Law Enforcement
Simda botnet taken down in global operation (Help Net Security) The Simda botnet, believed to have infected more than 770,000 computers worldwide, has been targeted in a global operation
Servers seized in global Simda botnet hit (ZDNet) Servers in the Netherlands have been seized, with additional servers taken down in the US, Russia, Luxembourg, and Poland in Interpol's global operation to tackle the Simda botnet
SIMDA: A Botnet Takedown (TrendLabs Security Intelligence Blog) The collaboration between Trend Micro, INTERPOL, and other private organizations resulted in another triumph for the security industry earlier this week: the takedown of the SIMDA botnet. Trend Micro provided information such as the IP addresses of the affiliated servers and statistical information about the malware used, which led to the disruption of the botnet activities
Coordinated Takedown Puts End to Simda Botnet (Threatpost) The Simda botnet, known for spreading banking malware and dropping a backdoor on hundreds of thousands of machines worldwide, was taken down last Thursday in a collaborative effort between international law enforcement bodies and private security and technology companies
AT&T Hit With Record-Breaking $25 Million Data Breach Fine (eSecurity Planet) The company will also provide almost 280,000 customers with free credit monitoring services, and will improve its privacy and security practices
Alleged 'Nazi' Android FBI Ransomware Mastermind Arrested In Russia (Forbes) The Russian Ministry of Internal Affairs has announced the arrest of a 25-year-old, believed to be the creator of a particularly harmful strain of Android money-stealing malware, known as Svpeng, that had infected as many as 350,000 Google GOOGL +0.58% devices last year. Four other suspects thought to be members of the cybercriminal gang, who were said to have a penchant for Nazi iconography, were also detained
Russia's Internet censor reminds citizens that some memes are illegal (Ars Technica) Clarifying existing policy, Roskomnadzor says it's protecting real people