The CyberWire Daily Briefing 08.10.16

Summary

By The CyberWire Staff

The Australian Bureau of Statistics took its census website offline last night after sustaining what it characterized as multiple distributed denial-of-service attacks. The Australian Signal Directorate has trained its eye (one of the famous Five) on the incident, and the Bureau of Statistics says it will bring the census site back once it can do so safely. Not everyone’s convinced the problems were the result of an attack—industry sources are wondering publicly if the Bureau provided enough bandwidth to handle the traffic of citizens logging on after supper to beat the reporting deadline.

Bkav reports that spyware active on Vietnamese networks since June originated from a spoofed version of a Vietnamese Communist Party website. The spyware incidents are generally believed connected to ongoing conflict between China and its neighbors over disputed territorial waters in the South China Sea.

Iran is believed to have significantly increased cyber-attack capabilities in the wake of the agreement that either limited or enabled that country’s nuclear ambitions. And exiles and dissidents are reported to be the targets of an extensive spearphishing campaign directed by the Iranian state.

AVG reports a new strain of ransomware, “Hitler,” that continues a criminal trend toward file deletion.

Google thanks Check Point for discovering QuadRooter, but says most of the risk from this Android vulnerability is already mitigated by Verify Apps and SafetyNet features. More extensive patches are expected next month.

Patch Tuesday was relatively light: Microsoft rolled out nine (five “critical”). Adobe also patched (but not Flash Player).

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Canada, Iran, Italy, Nigeria, Russia, Rwanda, Thailand, United States, and and Vietnam.

A note to our readers, especially those of you interested in art and design--"STEM to STEAM," as they call it: the CyberWire is partnering with Maryland Art Place to sponsor a competition for an original work of art on the theme "creating connections." You can read about the competition in NY Arts Magazine. A full prospectus may be found here.

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. In today's podcast Joe Carrigan from our partners at the Johns Hopkins University will warn us about the dangers of side-loading apps. We'll also hear from our guest Leemon Baird, CEO of Swirlds, about his company's serverless, trusted cloud platform. (And if you like the podcast, please consider giving it an iTunes review.)

Sponsored Events

Cyber Security Summit in Chicago (Chicago, Illinois, USA, August 25, 2016) Senior-level executives are invited to learn about the latest threats & solutions in cyber security with experts from the FBI, CenturyLink, and more.

Selected Reading

Cyber Trends

Organizations Still Give Employees More Access Than They Need (Dark Reading) Ponemon study shows that access to proprietary information remains on the rise

Worldwide infosec spending to reach $81.6 billion in 2016 (Help Net Security) Worldwide spending on information security products and services will reach $81.6 billion in 2016, an increase of 7.9 percent over 2015, according to the latest forecast from Gartner. Consulting and IT outsourcing are currently the largest categories of spending on information security. Until the end of 2020, the highest growth is expected to come from security testing, IT outsourcing and data loss prevention (DLP)

Legislation, Policy and Regulation

Russia's Checkered History of Intelligence Sharing with the U.S. (Cipher Brief) On July 15, the United States and Russia announced a tentative agreement on Syria which, according to media reports, would establish a joint command center staffed with military and intelligence officers who would initially exchange information on the al-Nusra Front —a terrorist organization that was affiliated with al Qaeda up until last month. Based on that information, the two nations would consider coordinated targeting and integrated operations against Nusra Front targets. As part of the agreement, both sides could only strike mutually agreed upon Nusra Front targets. The U.S. also would expect Russia to convince Syrian leader Bashar al-Assad to end bombings of the civilian population

Obama administration can secure another win for data privacy (Federal Times) The United States Court of Appeals for the Second Circuit just granted data privacy a huge victory. In a surprise unanimous 3-0 decision, the court ruled in favor of Microsoft and protecting the privacy of individual email messages. Although the court took an important step in guarding privacy, those rights in the digital world still lag behind the long-established privacy rights in the physical one. Now the other two branches of government must act to address this gap. Congress needs to pass legislation to modernize a 30-year-old law governing electronic communications. And the Obama administration should implement the Privacy Shield agreement as soon as possible to address the ongoing confusion between data privacy and security practices across national boundaries

FBI chief Comey: “We have never had absolute privacy” (Ars Technica) 650 phones are "a brick to us... Those are cases unmade, evidence unfound"

Dateline

Special Edition: Black Hat — Cyber Security Trends and Investment (The CyberWIre) The 2016 Black Hat conference is underway in Las Vegas this week, and in this special report from the show floor we'll hear from industry leaders about industry trends, and from venture capital funders about what they need to see before saying yes, and why it's harder to get startup funding than it used to be

Special Edition: Black Hat, Part 2 — Trends and Insights from Industry Leaders (The CyberWIre) The 2016 Black Hat conference is in the books, and we wrap up our coverage with more insights from industry leaders

Black Hat Briefings 2016 (Black Hat USA) [Collected briefings from the annual security conference]

Spearphishing: It’s Curiosity That Makes Them Click (Dark Reading) Researchers prove that people can be fooled just because they want to know what's on the other end of that email. Here are three steps you can take without spending too much money

Why Hackers Are Getting 'All Political' This Election Year (Dark Reading) Jeff Moss, aka 'The Dark Tangent,' explains why the 2016 Presidential election is a turning point for security and politics -- and why he headlined a Clinton fundraiser last week in Vegas

Products, Services, and Solutions

Terbium Labs Helps Organizations Reduce Data Theft and Fraud With Dark Web Intelligence Integrations (Marketwired) Terbium Labs, the company behind Matchlight, the world's first fully private, fully automated, data intelligence system, today announced that its dark web insights are available in the IBM i2 Intelligence Analysis portfolio. Designed to bring clarity to complex investigations, IBM i2 users will now be able to access Terbium Labs' Matchlight data intelligence system alerts of potential leaks of sensitive information to help mitigate data theft. These unique insights and analytics support IBM's Safer Planet initiative -- a global effort to help government and commercial business leaders detect, disrupt, and prevent physical and cyber threats through the use of analytics

GlobalPlatform Specification Simplifies Process to Check the Compliance and Certification Status of a Secure Component Product (Global Platform) Industry association GlobalPlatform has released a specification which standardizes the digital format of Letters of Approval issued from certification bodies and standardizes how they can be retrieved. This clarity will simplify the process for validating the functional compliance and security certification status of a secure component product or of an application

Technologies, Techniques, and Standards

Using ISO 27001 to improve your information security posture (Help Net Security) ISO 27001 delivers direct benefits that improve an organisation’s information security posture, despite the ongoing struggle to convince boards of the importance of information security, and to secure the necessary budget and resources to implement ISO 27001, according to a new report from IT Governance

Turn Off That iPhone, Commandant Tells Marines (Breaking Defense) Marines, turn off your iPhone and dig yourself a foxhole. That’s the Commandant’s message to young Marines, based on embarrassing experiences in recent exercises. As cheap drones and other surveillance technologies spread worldwide, said Gen. Robert Neller, US forces must re-learn how to hide — both physically and electronically — from increasingly tech-savvy adversaries

Effective App Security: the Importance of Collaboration throughout the Command Chain (Infosecurity Magazine) Effective data security spans every level of an organization and involves many different internal teams working together. Making sure the right information is traveling up and down the command chain is a key component of this, but it can often be easier said than done. With an increasing amount of business now done online, web app vulnerabilities are becoming more and more problematic. Failure to remediate them quickly can lead to significant data loss, website defacement or denial of service, yet the disconnect between parties within the command chain often hinders the development of efficient security practices

Marketplace

Cybrary raises $1.3 m. to expand its free library of cybersecurity course material (Washington Post) Cybrary, a website that operates as a free repository for cybersecurity content and online courses, just got a $1.3 million check from investors to expand its operations. The funding round was led by Fargo, N.D.-based Arthur Ventures and Ron Gula, the founder of a Columbia, Md.- cyber company called Tenable Network Security

Moving Military Cyberspace Veterans Into Industry (SIGNAL) Old soldiers never shy away from cyber

Research and Development

We Shouldn’t Destroy Computer Viruses (Time) They're important for research

Around 16 Zero-Days Added to Dark Web Marketplaces Each Month (Softpedia) Over 305 cyber-threats discovered each week

Security Patches, Mitigations, and Software Updates

Microsoft Patch Tuesday, August 2016 (SANS Internet Storm Center) Today, Microsoft released a total of 9 security bulletins. 5 of the bulletins are rated "critical", the rest are rated "important"

Microsoft releases five critical updates (CSO) Microsoft continued a trend of fewer updates than we are used to with only 9 bulletins (5 critical and 4 important) released this month. It stands to reason that Microsoft may have kept things simple so as not to over shadow the release of their Windows 10 Anniversary update

Microsoft Targets the Desktop with Nine Security Bulletins (Infosecurity Magazine) It was a relatively light Patch Tuesday for Microsoft this month with just nine bulletins issued, five of which were rated critical and four important

Got Microsoft? Time to Patch Your Windows (KrebsOnSecurity) Microsoft churned out a bunch of software updates today fix some serious security problems with Windows and other Microsoft products like Internet Explorer (IE), Edge and Office. If you use Microsoft, here are some details about what needs fixing

Windows PDF Library Flaw Puts Edge Users at Risk for RCE (Threatpost) A tricky vulnerability patched today in the Windows PDF Library could have put Microsoft Edge users on Windows 10 systems at risk for remote code execution attacks

A Month Without Adobe Flash Player Patches (Threatpost) Adobe rolled out its monthly patch release today, and the news isn’t necessarily what was patched, but what wasn’t

Google has Inbuilt QuadRooter Blocker in Android (GoAndroid) QuadRooter, which is the new malware and about 900 Million devices are affected by it. In response to this vast vulnerability, Google has given some clarifications to source blog

Cyber Attacks, Threats, and Vulnerabilities

Australia's controversial census in chaos after possible cyber attack (Reuters) Australia's first online national census was in chaos on Wednesday after the survey website crashed overnight due to a possible cyber attack, raising concerns over the country's cyber security and criticism of its slow internet services

Aussie Stats Bureau Takes Site Offline After DDoS (Infosecurity Magazine) The Australian Bureau of Statistics (ABS) was forced to take its census website offline overnight after suffering several DDoS attacks

Census outage was caused by DoS attacks, says Australian statistics agency (CSO) Some security experts have expressed their doubts over whether the outage was the result of a denial-of-service attack

Spyware in cyberattacks on Vietnam stems from fake domain of Communist Party: Bkav (Tuoi Tre News) The malicious software used in the cyberattacks on numerous Vietnamese websites since late June has been sent from a website whose domain name is a copy of that of the Vietnamese Communist Party, a local Internet security firm said on Monday

30 More Victims Pinned On Highly Selective Cyberespionage Group (Dark Reading) Kaspersky Lab says newly discovered threat actor ProjectSauron -- called Strider by Symantec -- has hit organizations in Russia, Rwanda, Iran, and Italian-speaking nations

The History of Stuxnet: The World’s First True Cyberweapon (Motherboard) On July 16, 1945, the United States detonated a completely new kind of weapon, the atomic bomb, and changed the world forever

Spear Phishing in Tehran (Foreign Policy) Iranian hackers are increasingly using the tools of cyber-espionage against exiles and dissidents

Iran Improving Cyber Abilities Since Nuclear Deal, Pentagon Says (Bloomberg) Iran has gradually improved its offensive cyber abilities and developed more advanced ballistic missiles since signing an accord last year to curb its nuclear program, the U.S. Defense Department said

Vulnerability Exposes 900M Android Devices—and Fixing Them Won’t Be Easy (Wired) The latest Android vulnerability to fret about isn’t limited to any particular device, or any specific firmware version. That’s because it doesn’t start with Android at all, but with Qualcomm, the company that provides internal components for hardware manufacturers. Lots of them. In this case, 900 million Android smartphones with Qualcomm inside are at risk, and fixing them will be no easy task

Samsung: Hackers can't pwn our NFC payment kit. No way, nuh-uh, not true (Well, OK, maybe) (Register) Samsung: Hackers can't pwn our NFC payment kit. No way, nuh-uh, not true (Well, OK, maybe)

Development version of the Hitler-Ransomware Discovered (Bleeping Computer) It looks like file deletion is becoming a standard tactic in new ransomware applications created by less skilled ransomware developers. This is shown in a new ransomware called Hitler-Ransomware, or mispelled in the lock screen as Hitler-Ransonware, that has been discovered by AVG malware analyst Jakub Kroustek

Oracle's Data Breach May Explain Spate of Retail Hacks (Fortune) The breach affects the cloud giant’s payment terminal systems

What your hacked account is worth on the Dark Web (Naked Security) Next time you sign up for a new website and it asks for a password, or your favourite social media site nags you for a phone number, or a site you use every day pesters you to set up two-factor authentication, take a pause

Dota 2 Dev forum breached, nearly 2 million users affected (Help Net Security) A hacker has breached the official Dota 2 Dev forum and made off with the entire forum database, which contains email addresses, usernames, IP addresses, and salted password hashes of 1,923,972 users

Visual Hacking is Successful 91% of the Time (Infosecurity Magazine) As organizations double down on cybersecurity measures, low-tech attack methods such as visual hacking—i.e., physically spying what’s on others’ computer screens and desks—are becoming more common

Nigerian scammer infects himself with malware (Naked Security) Look, you may not appreciate how laborious it is to be a Nigerian prince trying to smuggle funds out of the country

Litigation, Investigation, and Enforcement

Thailand Plans to Track Foreign Tourists Through Their Cell Phones (Time) Thai authorities say the move would help catch foreigners who commit crimes or overstay their visa

Local Police In Canada Used ‘Stingray' Surveillance Device Without a Warrant (Motherboard) For years, Canadian police have successfully kept their use of controversial and indiscriminate surveillance devices called IMSI catchers a secret

Judge blasts DOJ’s refusal to explain stingray use in attempted murder case (Ars Technica) Turns out not 1, but 2 cell-site simulators were deployed to find Oakland suspect

FBI probe of Clinton's emails prompted by espionage fears, secret letters say (VICE News) Two secret letters the FBI sent to the State Department have revealed for the first time that the bureau's investigation into Hillary Clinton's private email server, and the classified emails sent through it, stemmed from a so-called "Section 811" referral from the Intelligence Community's Inspector General (ICIG). The ICIG determined that classified, national security information in Clinton's emails may have been "compromised" and shared with "a foreign power or an agent of a foreign power"

Legal Group Issues Private Emails Clinton Did Not Turn Over (AP) The State Department has turned over 44 previously-unreleased Hillary Clinton email exchanges that the Democratic presidential nominee failed to include among the 30,000 private messages she turned over to the government last year. They show her interacting with lobbyists, political and Clinton Foundation donors and business interests as secretary of state

Emails reveal Hillary’s shocking pay-for-play scheme (New York Post) Hillary Clinton put the State Department up for sale, with top aides pulling strings and doing favors for fat-cat donors to the Clinton Foundation — including a shady billionaire, according to smoking-gun emails released Tuesday

Oracle fights back against Google’s attempt to sanction a lawyer after trial (Ars Technica) Oracle says it broke no rules reading a transcript “in the heat of an argument"

Design and Innovation

There’s a way to use encrypted data without knowing what it holds (Help Net Security) Microsoft researchers have devised a way for third parties to make use the vast amount of encrypted data stored in the cloud by companies and individuals, without them actually having access to it or learning anything about it (except for what can be deduced from the result)

Software can predict when employees are about to do something really bad (Quartz) When it comes to cyber attacks, Russian spies aren’t the only ones to worry about. Businesses forced to confront the growing risk of cybercrime are waking up to the fact that it’s often someone on the inside who’s responsible. In other words, as a 2014 Oxford University study found, employees are increasingly attacking their own companies. Information theft is a common goal of such attacks, and a recent study by Intel Security found that internal employees were behind 43% of data breaches

Who's Better At Phishing Twitter, Me Or Artificial Intelligence? (Forbes) Anyone expecting artificial intelligence to bring about a Skynet-esque doom will have to wait a while. There is, though, a more immediate threat posed by AI. It has the power to do criminal tasks more efficiently than any human can manage

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Secure Bermuda 2016 (Bermuda, August 10, 2016) Industry-leading intelligence from expert cybersecurity thought leaders and innovators. In addition to human capital shortages, the Bermudian cybersecurity industry faces an uphill battle to keep up with the acceleration of Internet-connected technology. Join us on August 10th at the Hamilton Princess Hotel for Secure Bermuda 2016. In just one day, the event will provide essential intelligence that enables Bermudian technology leaders to drive their cybersecurity strategy forward. The conference covers today's cybersecurity trends and threats as well as those of the future, equipping delegates with the tools needed to cope in an increasingly complex landscape.

TECHEXPO Top Secret Polygraph-Only Hiring Event (Baltimore, Maryland, USA, August 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot job opportunities are available in Cyber Security, Intelligence, Defense and IT. Hiring managers will be onsite to fill critical open positions.

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

International Conference on Cyber Security (ICCS) 2016 (Kota, Rajasthan, India, August 13 - 14, 2016) The International Conference on Cyber Security (ICCS) 2016 is an unparalleled opportunity to discuss cyberthreat analysis, operations, research, and law enforcement to coordinate various efforts to create a more secure world. The ICCS 2016 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches

2016 Information Assurance Symposium (Washington, DC, USA, August 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2016 IAS is expecting upwards of 2,000 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, five distinct tracts and panel discussions spanning over three days. It will also have a vendor expo where hundreds of exhibitors will display a wide variety of IA products, services and demonstrations. Exciting networking opportunities will be offered in the exhibit hall, all designed to enhance the IAS attendee experience.

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training

SANS Alaska 2016 (Anchorage, Alaska, USA, August 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great Alaskan wilderness. SANS Alaska will feature two hands-on, immersion-style security training courses taught by real-world practitioners August 22-27, 2016 in Anchorage.

CISO New Jersey (Hoboken, New Jersey, USA, August 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.

Cyber Jobs Fair (San Antonio, Texas, USA, August 23, 2016) Held in conjunction with the Second Annual CyberTexas Conference, the Cyber Jobs Fair is open to anyone with cyber security education or experience. A security clearance is not required. Booz Allen Hamilton, Digital Hands, IPSecure, Inc., ISHPI, L-3 - West, Lockheed Martin, the Los Alamos National Laboratory, MacAulay-Brown, Inc., STG, Inc., and Tensley Consulting, Inc. will be among the employers attending.

CyberTexas (San Antonio, Texas, USA, August 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.

Chicago Cyber Security Summit (Chicago, Illinois, USA, August 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber activities are being directed against the DOD, USG, Private-Sector, Critical Infrastructure and Key Resource operators, Academia and Civil Society. USG industrial-aged thought, processes, and organizational relationship are not fostering “success” against decentralized, digital-age threat actors. An information-age solution is needed. Private-public dialogue is integral to building a new paradigm in which digital platforms are secure, and the nation is defended in a domain. Building bridges between government and the private sector is essential for victory. This conference will promote a national dialogue between the US Air Force, commercial businesses, academia and civil society to generate “whole of nation” strategies and processes aimed at overcoming challenges and ambiguities of an increasingly digital world.

CISO Toronto (Toronto, Ontario, Canada, August 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Still looking back at Black Hat. Australia's census DDoSed (or just clogged)? Spyware in Vietnamese networks. Iran said to be upping its offensive game. Ransomware moves toward more file deletion. A relatively light Patch Tuesday.