The CyberWire Daily Briefing 01.04.16

Cyber Attacks, Threats, and Vulnerabilities

Suspected UK extremist and English-speaking boy warn of attacks in Isis video (Guardian) Intelligence agencies investigate after video purportedly showing murder of five people is presented by British-sounding man and boy in military fatigues

Isis signals business as usual, with menacing new 'frontman' (Guardian) Times have never been tougher for those who want to inform on the terrorists or chronicle their deeds. That isn't a sign of a group under mortal strain

Anti-Isis hackers claim responsibility for BBC cyber-attack (Guardian) Technology correspondent receives tweet from US-based New Word Hacking saying attack was to test group's servers

Anti-ISIS Hacking Group Claims Responsibility For BBC Attack (InformationWeek) New World Hacking, a US-based organization, is claiming responsible for the New Year's Eve DDoS attack on the BBC, but claims ISIS is the real target

Hackers Shut Down Donald Trump Election Campaign Website (Hack Read) The official Election Campaign website of American Presidential candidate Donald Trump was taken offline by hackers who earlier claimed to conduct a cyber attack on BBC websites. The group goes with the handle of New World Hacktivists (NWH) and associated with the hacker collective Anonymous but conduct its operation as an independent entity who conducted a layer 7 DDoS attack (What is layer 7 DDoS?) on the official website of Donald Trump forcing it to stay offline for half an hour

Hackers tried to use a journalist's PayPal account to fund ISIS (Business Insider) Brian Krebs has made a lot of enemies

Paypal rolls out the welcome mat for hackers (Boing Boing) It's not bad enough that Paypal is prone to shutting down your account and seizing your dough if you have a particularly successful fundraiser — they also have virtually no capacity to prevent hackers from changing the email address, password and phone numbers associated with your account, even if you're using their two-factor authentication fob

The Challenge of Jihadi Cool (Atlantic) ISIS's countercultural appeal is real. And it must be taken seriously

Leaked documents may reveal the inner workings of the Islamic State — but what if they are fake? (Washington Post) If you want to really understand the Islamic State and go beyond the propaganda, looking at the militant group's internal documents might be a good place to start

Ukraine to Investigate Suspected Cyber Attack on Energy Grid (Fortune) The country's secret service has blamed Russia

BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry (We Live Security) The cybercriminal group behind BlackEnergy, the malware family that has been around since 2007 and has made a comeback in 2014 (see our previous blog posts on Back in BlackEnergy: 2014 Targeted Attacks in Ukraine and Poland and BlackEnergy PowerPoint Campaigns, as well as our Virus Bulletin talk on the subject), was also active in the year 2015

Ukraine: Russia hacks power plants, highlights U.S. weakness (Washington Times) According to Ukraine's security service, SBU, Russian special services planted malware inside the Ukrainian power grid and recently shut down power stations. The SBU says the malware was discovered and removed. The regional power companies also experienced a denial of service cyber attack, which overwhelmed their support call center

Hackers block Russian minister's cyber account with Turkish symbols (Reuters) A social network account of Russia's communications minister was temporarily blocked on Sunday in a cyberattack carried out by hackers presenting themselves as a Turkish activist group and parading images of a warplane and Turkish flags

Turkish hackers took over a Russian Govt Instagram account (Security Affairs) Alleged Turkish hackers have taken over the Russian Communications and Mass Media Minister Nikolai Nikiforov's Instagram account

French Diplomats in Taiwan Are the Most Recent Targets of Cyber-Espionage Campaigns (Softpedia) A member of the French Ministry of Foreign Affairs working in Taipei, Taiwan, was the target of a spear phishing campaign that fits the pattern of regular attacks carried out via Operation Lotus Blossom

The CryptoJoker Ransomware is nothing to Laugh About (Bleeping Computer) A new ransomware has been discovered called CryptoJoker that encrypts your data using AES-256 encryption and then demands a ransom in bitcoins to get your files back

BTCC Bitcoin Trader Blackmailed with DDoS Attacks (Softpedia) BTCC is the latest victim of the Bitcoin-for-DDoS extortion scheme, but unfortunately for the attacker, the company was financially capable of implementing better DDoS protection measures and make the attacker go away

Fraudsters Automate Russian Dating Scams (KrebsOnSecurity) Virtually every aspect of cybercrime has been made into a service or plug-and-play product. That includes dating scams — among the oldest and most common of online swindles

More Internet of Things irony: a security alarm with alarming security (Naked Security) One of our last posts of the Old Year was Episode 225 of the Chet Chat security podcast

Security firm Cyberoam turns victim in cyber attack (Hindu Business Line) Year 2015 did not end on a high note for the Indian cyber security firm Cyberoam that confirmed a cyber attack on its systems last week, resulting in possible leakage of its database that contained personal details of its customers and partners

Trains vulnerable to hackers, researchers warn (The Hill) Security researchers are warning of gaping cybersecurity holes in railway systems, opening trains up to hackers, according to tech news website Motherboard

New York begins turning its payphones into free Wi-Fi hotspots (Naked Security) Phone booths: they're so retro. So inextricably tied to Clark Kent and the quick donning of leotards. Wherever you find them, payphones seem antiquated in this era of cellular telephones. But in a sprawling metropolis such as New York, even though they're outdated, they're still ubiquitous. What to do with all that infrastructure? In New York, you replace them with Wi-Fi hotspots

Millions of Chrome users' data at stake due to AVG Web TuneUp free tool (TWCN Tech News) AVG Web TuneUp is a free tool to protect PCs from malware and web trackers. Unfortunately, the tool that was meant to ward off malware itself contained a flaw that put the data of millions of Chrome users at stake

Microsoft Warns Windows 7 Has Serious Problems (Forbes) Windows 7 runs on 55% of all the computers on the planet, but according to news this week that is actually a bad and potentially dangerous thing. Says who? Actually Microsoft

Ashley Madison user base surges post summer cyber-attack (SC Magazine) Up from 39 million at the time of the July 2015 hacking that exposed almost every user, more than 43.4 million members are registered on infidelity website Ashley Madison

Just who is joining the Ashley Madison website? (Graham Cluley) I've never believed the adage that all publicity is good publicity

Bulletin (SB16-004) Vulnerability Summary for the Week of December 28, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Security Patches, Mitigations, and Software Updates

Microsoft to warn users about 'nation-state' intrusion (Waltonian) Microsoft confirmed on Wednesday that it will notify people who have Microsoft accounts if it believes those accounts have been targeted or hacked by people working on behalf of a nation or state

Cyber Trends

More Secure Cyber Environment Could Be Coming in 2016 Print Comment Share: (Voice of America) There's little doubt that 2015 will not be remembered fondly by cybersecurity professionals. With millions of successful hacking attacks, and uncounted documents breached or stolen, it seemed at times that nothing could be done to stop the assault on the globe's computer systems

Six Things to Watch for in 2016 (Threatpost) Well, if you thought you had it rough in 2014 because of big, bad Poodles and an irritating case of Heartbleed, things only got worse this year

Security Effort not Catching up (Information Security Buzz) What does 2016 have in store for businesses and consumers with regards to cyber security threats? A specialist in malware detection, RedSocks' malware intelligence team has formulated five predictions for the year ahead

Cybersecurity Experts Predict an Increase in Data Breaches for 2016 (Legaltech News) Experts say hackers could take advantage of domain confusion to steer users toward malware and data theft

2016: Cyber-Crime Becomes Big-Time (Electronics Weekly) It came as a shock to be told by an American when I was last over there in the autumn that he had to change his credit cards every month or two because of hackers. I assumed it was because he was a pretty rich guy and would be a prime target

Marketplace

Human Behaviour as the "Biggest Threat to Company Security" (Information Security Buzz) Global security intelligence and information management technology company Nuix has released the findings from a new survey of corporate information security practitioners that indicates a move toward a stronger focus on insider threats and more understanding of cybersecurity issues at the board level

Cyberinsurance 2015: Inside a Robust and Rapidly Changing Market (Legaltech News) Inside the continued, albeit segmented, market growth and cyber-coverage litigation and whether we can expect them to continue in 2016

Insurers Look to Tighten Cybersecurity Before Innovation (Insurance Networking) Underlying all 2016 trends is perhaps one of the largest focus areas for insurers: data security

Raytheon's New Cybersecurity Company Name To Be Announced (Forbes) In one of the biggest cybersecurity deals of the year, Raytheon Company and Vista Equity Partners completed a joint venture transaction this past May which created a new company that combined Websense, a Vista Equity portfolio company, and Raytheon Cyber Products, a product line of Raytheon's Intelligence, Information and Services business

With Margins On The Rise, Will Symantec Be Able To Reel Back Investors? (Seeking Alpha) Symantec will have an important year in 2016. If the company manages to grow through acquisitions, without overspending on takeover targets, the margins might even double. In case this happens, Symantec might be undervalued. In case this doesn't, it will drop further

3 Key Metrics FireEye Investors Should Keep an Eye On (Motley Fool) On the surface, FireEye appeared to have a great quarter, increasing revenue 45% year over year. However, billings, an indicator of future revenue, came in well below the company's expectations

Is FireEye An Acquisition Target In 2016? (Seeking Alpha) FBR predicts FireEye as an acquisition target of Cisco Systems. At $20, FireEye becomes a compelling investment if the company can instill more financial discipline. The recommendation is to continue watching the story play out for a better entry point

FireEye Or Palo Alto Networks: Which Stock Is Best For 2016? (Seeking Alpha) At $21, FEYE is a great investment opportunity. PANW is a great company, but too expensive for there to be significant upside in its stock. PANW and FEYE operate on different ends of the cybersecurity spectrum, although both ends are full of promise

NIST Seeks Sources for Technical Support to Computer Security Division (ExecutiveBiz) The National Institute of Standards and Technology has started a search for sources of general, technical and scientific expertise and support for the agency's computer security division

One Million Cybersecurity Job Openings In 2016 (Forbes) If you are thinking about a career change in 2016, then you might want to have a look at the burgeoning cybersecurity market which is expected to grow from $75 billion in 2015 to $170 billion by 2020

Lack of Talent, Skills & Recruiting Top Challenges Facing Cyber Security Profession (Information Security Buzz) Over two-thirds of senior technology professionals recognize global shortage of skilled cyber security workers

Cybersecurity CFO Hustles to Foster Firm's Growth (CFO) CrowdStrike's Burt Podbere worries "every single day" about whether the firm has enough capital to fuel what he sees as its "explosive" growth potential

Infoblox Appoints Janesh Moorjani as Chief Financial Officer (CNN Money) Infoblox Inc. (NYSE: BLOX), the network control company, today announced that Janesh Moorjani has joined Infoblox as executive vice president and chief financial officer, effective immediately. Moorjani is responsible for managing the company's worldwide finance operations

Products, Services, and Solutions

Twitter acts to curb 'abusive,' 'hateful' content (AFP via Emirates 24/7) Social media platform will not tolerate behaviour intended to harass, intimidate, or use fear to silence another user's voice

Symantec Adds Deep Learning to Anti-Malware Tools to Detect Zero-Days (eWeek) Android versions of Symantec mobile security products are the first to include deep learning, but the access to this big data approach will soon spread to other platforms

Interset Applies Machine Learning to Sniff Out Stealthy Cyber-Threats (eWeek) Interset brings artificial intelligence to the fight against enterprise threats, regardless of the source using machine learning techniques that leverage advanced malware scanning algorithms

Technologies, Techniques, and Standards

How To Prepare Your Organisation For EU Data Protection Reform (TechWeek Europe) Whether you are part of a European company or a non-European company that trades or stores data inside Europe, it is likely that the new European data protection regulations coming into play will affect the way you handle employee and customer data

3 Cyber Security Lessons to Learn from 2015 (Information Security Buzz) One of the best ways to improve is to learn from others' mistakes. The good news is, with cyber security, there's no shortage of curriculum

How Technical Safeguards Prevent Healthcare Data Breaches (HealthIT Security) By protecting from cyberattacks, hacking, phishing scams, and even device theft, technical safeguards can go a long way in protecting an organization's PHI

These are our New Year's security resolutions — tell us yours (Naked Security) If we want computer security in 2016 to be anything other than a repeat of computer security in 2015 then we'll have to do things a bit differently in the New Year

Sechs einfache Maßnahmen, den Computer sicherer zu machen (Thüringische Landeszeitung) Die Zeit zwischen Weihnachten und Silvester nutzen viele, um gute Vorsätze für das neue Jahr festzulegen

Design and Innovation

How '70s Cryptography Could Improve Bitcoin in 2016 and Beyond (CoinDesk) As long as a system requires technical expertise for operation, it will be relegated to use by a small group of technologists

Why Are Digital-Privacy Apps So Hard to Use? (Atlantic) ​Protecting your data usually means navigating a miserable user experience

The Web We Have to Save (Matter) The rich, diverse, free web that I loved  —  and spent years in an Iranian jail for  —  is dying. Why is nobody stopping it?

Academia

SUU offers new master's degree in cyber defense (Spectrum) Southern Utah University recently announced a new master's of science in cyber security and information assurance degree beginning in the spring of 2016

Legislation, Policy, and Regulation

Baltics states to strengthen national IT security (SC Magazine) Estonia, Latvia and Lithuania plan to significantly strengthen their national IT security, amid the ever growing threat from Russia and the Islamic State

Japan's Government increase drills against cyber-attacks ahead of Tokyo 2020 (Inside the Games) Japan's Government is to increase the number of exercises it holds in the battle against cyber attacks in the lead-up to the Tokyo 2020 Olympic Games

Gov't did buy spyware, tech blogger alleges (Free Malaysia Today) Keith Rozario uploads links to two telegraphic transfer slips that prove spyware was purchased although by Miliserv Technologies Sdn Bhd and not PM's Department per se

Putin names United States among threats in new Russian security strategy (Reuters) A new appraisal names the United States as one of the threats to Russia's national security for the first time, a sign of how relations with the west have deteriorated in recent years

Netanyahu Cabinet Approves Buki Carmeli as Head of National Cyber Defense Authority (JP Updates) At its weekly meeting today, PM Benjamin Netanyahu's cabinet unanimously approved Buki Carmeli as the the new head of Israel's NCDA (National Cyber Defense Authority)

Cyber Security Agency looking to strengthen online security in every sector (Channel NewsAsia) The Singapore Cyber Security Agency is planning set up a Security Operation Centre in every sector, so that information can be shared and responses coordinated in the event of an cyber attack

U.K. Terrorism Bill Puts U.S. Spy Talk To Shame (Vocativ) The government of Britain is moving full speed ahead with a new surveillance bill

Monitoring of Terrorism Threats Has Risen, Official Says (New York Times) A senior European counterterrorism official said on Thursday that spy services in several countries had increased their monitoring and surveillance, and governments had put heightened security measures in place, even before recent arrests in Belgium and Turkey

Call to boost cooperation with foreign intelligence follows Munich terror threat (Deutsche Welle) German Interior Minister Thomas de Maiziere wants more cooperation with intelligence services worldwide. His comments come shortly after threats of terror attacks in Munich emerged on New Year's Eve

Lawmakers notch win in fight for global cyber laws (The Hill) Lawmakers pushing for global cyberspace norms have scored an early win

The real cyberespionage rule: don't get caught (AAPS Policy Forum) Whatever consensus the world reaches on espionage in cyberspace is largely symbolic because espionage depends on deception

Is the Cybersecurity Act of 2015 an Efficient Threat Response? (Legaltech News) Some critics say that the act compromises privacy, while others feel it doesn't address the problem at hand

Encryption in the Balance: 2015 in Review (Electronic Frontier Foundation) If you've spent any time reading about encryption this year, you know we're in the midst of a "debate." You may have also noted that it's a strange debate, one that largely replays the same arguments made nearly 20 years ago, when the government abandoned its attempts to mandate weakened encryption and backdoors

Industry pros defend data encryption (Westfair Communications) A national debate on data encryption has followed the recent terrorist attacks in San Bernardino, Calif., and Paris with some lawmakers calling for legislation to mandate access for law enforcement and government agencies to "backdoors" that will allow them to decipher encrypted data

Rep. Mike Pompeo's bill would return surveillance data to the National Security Agency (Topeka Capital-Journal) H.R. 4270 could split Republicans in Kansas, just as USA Freedom Act did

The Need for Private-Public Partnerships Against Cyber Threats — Why A Good Offense May be Our Best Defense (Huffington Post) The Internet has delivered on its promise of social and economic progress. Unfortunately, it has also delivered unprecedented opportunities for scaling global conflict, terrorism, criminal activity, state and industrial espionage and vandalism. These risks continue to expand

Need to know, 2016: Bolstering Air Force's cyber realm (Air Force Times) 2015 saw the government's Office of Personnel Management get hacked — with fingers pointing at the Chinese — and the personal information of potentially millions of federal workers get stolen

Army Braces for A Culture Clash (SIGNAL) The service must work to entice and keep the type of people who excel at cyber operations

Preparation can shield state's valued assets from cyberattack (Seattle Times) We need a "Department of Stateland Security," with functions akin to those at the federal Department of Homeland Security

Litigation, Investigation, and Law Enforcement

Cyber Litigation: The Next Big Thing? (American Lawyer) It was the scandal of the summer: AshleyMadison.com, the dating and social networking service that markets itself to would-be cheaters, was cyberattacked, and the names and contact information of purported members — including celebrities, congressional staffers and evangelists — were revealed online. Soon after, plaintiffs lawyers lodged class action litigation on behalf of website users

Hackers hunt for desi moles to ensure that no info is leaked to foreign spies (India Today) Cyber experts claim that international spies from countries like Pakistan, US and China have maximum interest in gathering information from India

House intel committee looks into eavesdropping on Congress (Politico) A House panel on Wednesday announced it is seeking information from the Obama administration on U.S. intelligence collection that may have swept up members of Congress

Republicans seek answers from NSA on snooping (The Hill) Republicans on the House Oversight and Government Reform Committee have requested that the National Security Agency (NSA) provide them with all guidance given to employees on intercepted communications that involve members of Congress

Cellphone Contacts in Paris Attacks Suggest Foreign Coordination (New York Times) The terrorists who killed 130 people in Paris in November were in contact by cellphone with at least one person in Belgium during their attacks, suggesting that they may have been coordinated or monitored from abroad while killing, according to French police reports on the investigation

British Islamist Would-Be Bombers Get Life Sentences (Wall Street Journal) Couple plotted suicide bombings against London targets

Friend of California shooter indicted on gun, terror charges (AP via Yahoo! News) A friend of one of the shooters in the San Bernardino massacre that killed 14 people was indicted Wednesday on charges that include conspiring in a pair of previous planned attacks and making false statements when he bought the guns used in this month's shootings, authorities said

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

cybergamut Tech Tuesday: The Threat Landscape and the Path Forward: Fundamentals of a Risk-Aware Organization (Elkridge, Maryland, USA, Jan 5, 2016) John McLaughlin of IBM Security provides a quantitative analysis of the attacks seen by IBM and the thousands of IBM customers in the preceding year. Specific attention will be paid to the protocols engaged, attack patterns, and trends seen in these attacks. In addition, these attacks are characterized by targets, time, and degree of success. Following the quantitative reporting, the remainder of the presentation focuses on an actionable plan for securing the enterprise. Simply describing the problem is no longer sufficient. This plan consists of a multi-step roadmap, a product independent approach to securing the enterprise against the previously described attack vectors

CES CyberSecurity Forum (Las Vegas, Nevada, USA, Jan 6, 2016) Premiering at CES 2016 — the global stage for next generation technologies — The CyberSecurity Forum will bring together security experts and technology visionaries with executives and policymakers to tackle current and looming cyber security challenges. Registration is limited to ensure a highly interactive experience and opportunities for networking

FloCon 2016 (Daytona Beach, Florida, USA, Jan 11 - 14, 2016) The FloCon network security conference provides a forum for large-scale network flow analytics. Showcasing next-generation analytic techniques, FloCon is geared toward operational analysts, tool developers, researchers, and others interested in applying the latest analytics against large volumes of traffic

Breach Planning & Incident Response Summit: Proactive Collaboration Between Private Industry and Law Enforcement to Mitigate Damage (Odenton, Maryland, USA, Jan 12, 2016) The Cybersecurity Association of Maryland, Inc.(CAMI), Chesapeake Regional Tech Council, Maryland Chamber of Commerce, Chesapeake Innovation Center, Tech Council of Maryland are partnering together to host this event designed to attract and educate CIO's, CISO's, CEO and Compliance officials from small to mid-sized commercial firms on the practical actions taken by the government, firms and organizations post-hack

Cyber Security Breakdown: Chicago (Chicago, Illinois, USA, Jan 12, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals

Insider Threat Program Development Training Course — Georgia (Atlanta, Georgia, USA, Jan 12 - 14, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation

FTC PrivacyCon (Washington, DC, USA, Jan 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer advocates

National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, Jul 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program. There is no cost to attend this meeting

POPL 2016 (St. Petersburg, Florida, USA, Jan 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome, on topics ranging from formal frameworks to experience reports

Automotive Cyber Security Summit — Shanghai (Shanghai, China, Jan 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards and new products and solutions designed to deal with the growing threats

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel

CyberTech 2016 (Tel Aviv, Israel, Jan 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with the latest innovations and solutions featured by the international cyber community. The conference's main focuses are on networking, strengthening alliances and forming new connections. Cybertech also provided an incredible platform for Business to Business interaction

Fort Meade IT & Cyber Day (Fort Meade, Maryland, USA, Jan 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products and services to IT, Communications, Cyber and Intelligence personnel