The CyberWire Daily Briefing 01.22.16

Cyber Attacks, Threats, and Vulnerabilities

Ukraine says cyber attack on airport launched from Russia (Hue Wire) Malware was found in the airport's IT infrastructure, which included air traffic control, that was similar to the software used to attack Ukrainian power plants in December. He said there has been no damage, and the malware was detected early in the airport's system

Cyberattacks Against Ukraine Power Grid Continue, Experts Warn Against Blaming Russia (International Business Times) Hackers are continuing to target Ukraine's power grid with cyberattacks after initial strikes in December caused a widespread power outage impacting hundreds of thousands of people. But security experts warn these new attacks show that pointing the blame at the Russian government without real evidence is premature

Aircraft part manufacturer says cybercrime incident cost it $54 million (PCWorld) FACC AG said the attack was executed against one of its accounting departments

Tech Support Scammers Lure Users With Fake Norton Warnings, Turn Out To Be Symantec Reseller (Malwarebytes Unpacked) Fraudulent tech support companies are well-known for taking advantage of unsavvy computer users by reeling them in with scare tactics and charging large amounts of money for bogus services

Symantec terminates partner over tech support scam (CRN) Rival Malwarebytes outs US partner Silurian as unlikely source of 'one of the worst cases of abuse' it's seen

Kovter Malware Victims Were Secret Zombies in the ProxyGate Proxy Network (Softpedia) During the past few months, computers infected with the Kovter click-fraud malware were also secretly added to the proxy network operated by ProxyGate, the Forcepoint team reports

Kovter Actors Now Turning Machines Into Zombies (Forcepoint Security Labs) For a while now, actors have been distributing the Kovter click-fraud malware in e-mails via JavaScript attachments

Fake Facebook emails deliver malware masquerading as audio message (Help Net Security) A new spam campaign is targeting Facebook users. It uses the same approach as the recent one aimed at WhatsApp users, and Comodo researchers believe that the authors of both campaigns are likely the same

Operation Emmental Revisited: Malicious Apps Lock Users Out (TrendLabs Security Intelligence Blog) Imagine getting a notification from your bank, asking for your cooperation in installing an updated version of their mobile app

Criminals Impersonating India's Income Tax Department to Deliver Malware: Symantec (Gadgets 360) Cybercriminals are targetting India, US and other countries with fraudulent "tax deduction" emails to steal information, security software firm Symantec said

Scanning for Fortinet ssh backdoor (Internet Storm Center) On 11 Jan, a Python script was posted on the full-disclosure mailing list that took advantage of a hardcoded ssh password in some older versions of various products from Fortinet

Media devices sold to feds have hidden backdoor with sniffing functions (Ars Technica) Highly privileged account could be used to hack customers' networks, researchers warn

Backdoor account replaced by another backdoor in vendor stumble (IDG via CSO) The issue has been fixed but raises questions over how companies manage vulnerability reports

RSA Conference registration page collecting Twitter credentials (CSO) Security pros notice something strange on the registration website

More US Voters Data Circulating On The Dark Net (Hack Read) Recent chronicles and newly found excerpts that reveal questionable and suspicious voting records of millions of American citizens are uploaded to a sneaky website on the dark web

Show me the Money: Cybercriminals Hijack Online Resources to Boost Profits (SecurityWeek) Two decades ago the movie Jerry McGuire premiered and the phrase "show me the money" was launched into the popular lexicon

Flint hospital confirms 'cyber attack,' Anonymous threatens action over water crisis (Michigan Live) Hurley Medical Center has confirmed it was the victim of a "cyber attack" a day after hacktivists threatened action over Flint's water crisis

Here's what an Ashley Madison blackmail letter looks like (Graham Cluley) I've written before about Ashley Madison-related blackmail threats and how they then began to be sent out by extortionists via the US postal system

Security Patches, Mitigations, and Software Updates

Google creates fix for zero-day kernel flaw, says effect on Android is greatly exaggerated (IDG via CSO) Most Android devices are unlikely to run vulnerable kernel versions, and those that do are protected by SELinux, the company said

Apple Fixes Cookie Theft Bug in iOS 9.2.1 (Threatpost) When Apple pushed out iOS 9.2.1 earlier this week, it fixed a nasty bug that lingered in the wild for nearly three years and could have let an attacker steal cookies and impersonate victims

Cyber Trends

The Five Risks That Threaten the Future of FinTech — and How Insurance Can Help (Willis Towers Watson Wire) Advances in technology promise to change the way financial institutions operate in hundreds of ways in the next decade. Many of these changes will require a reexamination of the way insurance mitigates the risk associated with the business

Secunia Research urges everybody to patch up Flash Player (IT Pro Portal) Secunia Research at Flexera Software has published a report covering the fourth quarter of 2015 for 14 countries, regarding vulnerable software, applications and PCs

Why your health data isn't as secure as it should be (Naked Security) Your health status is perhaps the most intimate information anyone could know about you, so it should be your decision whether you share or keep your medical records private

Loss of life, liability top cybersecurity fears for health IT leaders (FierceHealthIT) Losing patients due to malicious actors gaining access to systems or hacking medical devices is the top fear for healthcare leaders when it comes to cybersecurity, according to the results of a new survey

Exposing the shadow data threat (Help Net Security) Blue Coat conducted an analysis using the Elastica CloudSOC platform provided insights into 63 million enterprise documents within leading cloud applications, including Microsoft Office 365, Google Drive, Salesforce, Box and others

Marketplace

Israel Claims Surge in Cyber Sales, Investment (DefenseNews) Israeli exports of cyber-related products and services in 2015 are an estimated $3.5 billion, about $500 million more than 2014 figures and more than all other nations combined apart from the United States, the government announced Thursday

FireEye closes lower after Q4 pre-announcement; Street worried about 2016, PANW/PFPT alliance (Seeking Alpha) Though FireEye (NASDAQ:FEYE) opened up strongly after pre-announcing Q4 sales/billings and disclosing it's buying threat intelligence services firm iSIGHT for $200M+, shares closed down 0.5%. The cybersecurity hardware/software/services provider is down 29% in 2016, and 49% since its Nov. 4 Q3 report

Will Palo Alto-Proofpoint Alliance Undercut FireEye? (Investor's Business Daily) FireEye's (NASDAQ:FEYE) shift to cloud-based email protection could face "strong competition" from a Palo Alto Networks (NYSE:PANW)-Proofpoint (NASDAQ:PFPT) team-up announced late Wednesday, FBN analyst Shebly Seyrafi said Thursday

root9B Technologies Inc (OTCMKTS:RTNB) Looking To Breakout (Insider Financial) root9B Technologies Inc (OTCMKTS:RTNB) is an exciting story in small caps. Based in Colorado Springs, CO, root9B is a leading provider of advanced cybersecurity services and training for commercial and government clients

Rebuilding brand trust: TalkTalk's path back from cyber attack (Computer Business Review) Analysis: There is little precedent to show how much a cyber attack affects reputation

Gary Kasparov opens Avast's new offices (Prague Post) Chess grandmaster was guest of honor at launch of new home for anti-virus firm

Akana Names Mark Tapling as New CEO (BusinessWire) Akana, a leading provider of API Management and API security solutions for Digital Business, announced today that Mark Tapling has joined the company as its new Chief Executive Officer

Products, Services, and Solutions

LemonFish Technologies and LIFARS Announce Partnership (PRNewswire) LemonFish Technologies and LIFARS partner to deliver a unique data breach expertise using pioneering data analytics and external data detection practices to find lost content and leaked data on the deep and dark web

BlackMesh's Red Hat-based PaaS Cloud Offering Achieves FedRAMP Certification (BlackMesh) BlackMesh, a leader in cloud-based solutions, continues to provide innovative solutions to the government cloud market by officially achieving Federal Risk Authorization Management Program (FedRAMP) certification for its SecureCloud PaaS offering built with OpenShift by Red Hat

Rambus Cryptography Research CryptoMedia Platform to be Integrated into Kaleidescape Home Cinema Products (BusinessWire) CryptoMedia Player Agent will support VIDITY™–enabled 4K Ultra HD with HDR movie players

ThreatStream Adds Taia Global to its Alliance of Preferred Partners (APP) Store (EIN News) ThreatStream®, the pioneer of an enterprise-class threat intelligence platform, today announced another addition to its Alliance of Preferred Partners (APP) Store. Taia Global is the latest cyber security company to be offered in the ThreatStream APP Store

CenturyLink, WISeKey Partner to Produce Internet of Things Security Platforms (GovConWIre) CenturyLink (NYSE: CTL) and WISeKey have collaborated to produce cybersecurity services for the Internet of Things market

Parameter Security Attains PCI Approved Scanning Vendor (ASV) Certification (PRWeb via the Edwardsville Intelligencer) Parameter Security, an ethical hacking and information security firm, is proud to announce its Sentinel PCI service has successfully completed the PCI Scanning Vendor Compliance Testing and Approved Scanning Vendor certification

Technologies, Techniques, and Standards

Proactive Planning Solutions: Inside Legal's Place in Guiding Cybersecurity Plans (Legaltech News) With the potential to generate stockholder lawsuits, regulatory action and reputational damage, cybersecurity events have increasingly come under the purview of the legal department

Design and Innovation

ACT-IAC Releases Report Summarizing National Cybersecurity Ideation Initiative (PRNewswire) The American Council for Technology and Industry Advisory Council's (ACT-IAC) announced the release of its report on "Strengthening Federal Cybersecurity: Results of the Cyber Innovation Ideation Initiative"

Strengthening Federal Cybersecurity: Results of the Cyber Innovation Ideation Initiative (ACT-IAC) By all accounts, cybersecurity is a great concern across the federal government. Recent events, such as the OPM data breach, underscore the need to reinforce cyber fundamentals and introduce new, innovative ways to promote cyber resilience in an ever changing threat ecosystem

Research and Development

Largest Prime Number Discovered - Cryptography and Security Systems To Benefit (Crazy Engineers) Curtis Cooper, a volunteer of Great Internet Mersenne Prime Search at the University of Central Missouri discovered the largest known prime number — 2 to power (74,207,281)−1

Academia

Morgan Establishes Its First Endowed Chair (Morgan State University) Private and state grants fund research on Internet-of-things security

Legislation, Policy, and Regulation

Snoopers and scrutiny (Economist) Britain's planned law on intelligence oversight could become an example to other countries

Geopolitics of cyber defense and NATO's Incirlik Airbase (Turkish Weekly) Cyberspace has a significant difference from the geographies of land, sea, and air; it was created not by nature, but is an artificial construct that has components which might be used for geopolitical interest

ISIS propaganda must be boosted, U.S. Defense Secretary Ash Carter urges (Newsday) U.S. and coalition forces are battling Islamic State militants in the skies and on the ground across Iraq and Syria, but the allies are increasingly also targeting the airwaves, where they now are losing the propaganda war

U.S. lawmakers delay bill on European data privacy deal (Reuters) Legislation that would grant U.S. privacy rights to Europeans is being delayed in the U.S. Senate, which may complicate negotiations over a broader trans-Atlantic data transfer pact that faces a January deadline for completion, sources said on Wednesday

Sunset on US-EU safe harbor data agreement fast approaching (FierceGovernmentIT) Only ten days remain until the deadline for the United States and European Union to reach a new "safe harbor" agreement on data transfers between the two jurisdictions. Given U.S.-EU talks aren't expected to pick back up until Feb. 2, U.S. companies are preparing for the pact to expire

NSA Chief Stakes Out Pro-Encryption Position, in Contrast to FBI (Intercept) National Security Agency Director Adm. Mike Rogers said Thursday that "encryption is foundational to the future," and arguing about it is a waste of time

AT&T CEO won't join Tim Cook in fight against encryption backdoors (Ars Technica) Stephenson: Apple and other tech companies should stay out of encryption debate

Feds seek balance between privacy and data collection (CIO via CSO) Federal consumer-protection authorities expect companies to do more to educate consumers and offer options to limit how personal data is collected and used

Rogers: Cyber Command capabilities at 'tipping point' (FCW) More than five years after its inception, U.S. Cyber Command is at a "tipping point" in maturing its offensive and defensive cyber capabilities, said Adm. Michael Rogers, the command's head

FedRAMP authorization process changes, 'high' security baseline pilot in the works (FierceGovernmentIT) The General Services Administration-led program that aims to speed up and standardize agencies' security assessments for cloud computing technology plans to roll out major changes in the coming weeks and months

Gov't tries to soothe cyber security permit concerns (Globes) Israeli cyber figures held an emergency conference on a draft order imposing supervision on cyber systems exports

Litigation, Investigation, and Law Enforcement

Facebook's Friend Finder found unlawful by Germany's highest court (Naked Security) In its younger days, a fear spread through Facelandia: friend requests were popping up, from people who Facebook said had suggested friendships but who protested that in actuality, they'd done nothing of the kind

The interplay between information security standards and security measures under the EU data protection legal framework (Lexology) This essay discusses the relationship between technical standards and mandatory security measures under the European data protection legal framework

Know the Basics of Data Breach Notification Laws (Recorder) In 2002, California was the first worldwide to pass a law requiring businesses and agencies to notify data subjects of data security breaches

Hillary's 'Special Access' Server (Wall Street Journal) More evidence that she mishandled highly classified information

New guilty plea in big U.S. insider trading hacking case (Reuters) A trader from an Atlanta suburb admitted to involvement in what U.S. authorities have called a more than $100 million international insider trading scheme that involved hacking into networks that distribute corporate news releases

"Find my phone" apps mistakenly bring dozens of people to this house in Atlanta (Ars Technica) Fusion catches up with the couple — so far nobody knows what's causing the problem

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

POPL 2016 (St. Petersburg, Florida, USA, Jan 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome, on topics ranging from formal frameworks to experience reports

Automotive Cyber Security Summit — Shanghai (Shanghai, China, Jan 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards and new products and solutions designed to deal with the growing threats

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel

CyberTech 2016 (Tel Aviv, Israel, Jan 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with the latest innovations and solutions featured by the international cyber community. The conference's main focuses are on networking, strengthening alliances and forming new connections. Cybertech also provided an incredible platform for Business to Business interaction

Global Cybersecurity Innovation Summit (London, England, UK, Jan 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures, national security and economic interests. Our objective is to advance innovation and the growth of the cybersecurity sector by providing a platform for cybersecurity businesses, particularly small and medium enterprises (SMEs), to connect with key UK, US, and international decision makers, system integrators, investors, government policy makers, academia and other influential business executives

Fort Meade IT & Cyber Day (Fort Meade, Maryland, USA, Jan 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products and services to IT, Communications, Cyber and Intelligence personnel

ESA 2016 Leadership Summit (Chandler, Arizona, USA, Jan 31 - Feb 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and practices stay ahead of the curve. The Summit is a three-day conference filled with networking and educational opportunities dedicated to delivering business intelligence to electronic security companies and professionals that are ready to embrace innovation and grow

SANS Cyber Threat Intelligence Summit & Training 2016 (Alexandria, Virginia, USA, Feb 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and discuss directly with the experts who are doing the CTI analysis in their organizations. What you learn will help you detect and respond to some of the most sophisticated threats targeting your networks

BSides Tampa 2016 (MV Royal Caribbean Brilliance of the Seas, Tampa to Mexico, Feb 4 - 8, 2016) BSides Tampa is an annual IT security/hacking conference featuring hands on training classes and lectures from some of the greatest minds in the industry and academia

The Law and Policy of Cybersecurity Symposium (Rockville, Maryland, USA, Feb 5, 2016) This one-day symposium will cover the critical legal and policy issues, challenges, and developments in cybersecurity. Legal professionals, professionals who develop cybersecurity strategies and policies, and anyone who assists organizations in preparing for and responding to cyber incidents should attend. Attendees will gain a comprehensive understanding of the legal and policy issues that they need to know when they represent clients, develop their organization's cyber strategy and policies, or respond to cyber incidents

National Cybersecurity Center of Excellence to Celebrate Opening of Newly Remodeled Facility (Rockville, Maryland, USA, Feb 8, 2016) The National Cybersecurity Center of Excellence is celebrating its dedication on February 8, 2016 at the center's newly remodeled facility at 9700 Great Seneca Highway

Insider Threat Program Development Training — California (Carlsbad, California, USA, Feb 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation

Secure Rail (Orlando, Florida, USA, Feb 9 - 10, 2016) The first conference to address physical and cyber rail security in North America

Cyber Security Breakdown: Dallas (Dallas, Texas, USA, Feb 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals

2016 Cyber Security Division R&D Showcase and Technical Workshop (Washington, DC, USA, Feb 17 - 19, 2016) The cybersecurity threat continues to evolve and in order to keep ahead of the threat; new cutting-edge cybersecurity technologies are needed. The Cyber Security Division (CSD) within the Department of Homeland Security (DHS), Science and Technology Directorate (S&T) is funding many R&D efforts through academia, small businesses, industry and government and national labs. This year, we are excited to include an R&D Showcase featuring nine innovative transition-ready solutions and two collaboration projects with the private sector selected from our portfolio that address a variety of complex challenges and have the potential for transition into the marketplace

Department of the Navy (DON) IT Conference, West Coast 2016 (San Deigo, California, USA, Feb 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that supports the SECNAV's vision laid out in the DON Transformation Plan to achieve business transformation priorities, leverage strategic opportunities, and implement DON institutional reform initiatives by changing the culture, increasing the use of data-driven decision-making, and effective governance

ICISSP 2016 (Rome, Italy, Feb 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, that concerns to organizations and individuals, thus creating new research opportunities

Interconnect2016 (Las Vegas, Nevada, USA, Feb 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect, or cloud expert, we all have one thing in common — we strive to build better businesses. The relationship between IT and business is changing. As a leader, builder or innovator of technology, the decisions you make today will have an increasingly greater impact on your company's bottom line tomorrow. To remain successful, it's critical that you transform along with this ever-changing environment

CISO Canada Summit (Montréal, Québec, Canada, Feb 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting

cybergamut Tech Tuesday: Neuro Cyber Analytics: Understanding the Patterns of Human Cognition in the Cyber Domain (Elkridge, Maryland, Middletown, Feb 23, 2016) This presentation will discuss Neuro Cyber Analytics. Humans use context-specific neurocognitive patterns for receiving and processing internal and external sensory information. Stated differently, people interact with the world around them primarily by seeing, hearing, and feeling, and make decisions about what to do next depending upon the context of what is happening in their environment. People often do not realize that their decision making process triggers certain unconscious behaviors that can be read as indicators of how their thoughts were formulated and sequenced

Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, Feb 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation

CISO New York Summit (New York, New York, USA, Feb 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more

BSides San Francisco (San Francisco, California, USA, Feb 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is no charge to the public to attend BSides SF. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the "TALK AT YOU" conferences are starting to realize they have to change. BSides SF is making this happen by shaking-up the format

CISO Summit Europe (London, England, UK, Feb 28 - Mar 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more

RSA Conference 2016 (San Francisco, California, USA, Feb 29 - Mar 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016