The CyberWire Daily Briefing 11.25.16

Summary

By The CyberWire Staff

The European Commission sustained an hours-long distributed denial-of-service attack yesterday. Authorities say the attack was stopped without data loss. Both the EU's main website and its network gateways were targeted. No attribution yet, or motive, and details on how the attack was accomplished remain obscure.

The US Navy has disclosed that a compromised contractor's laptop has exposed the personal data of some 134,000 current and former Sailors. The information was in a re-enlistment eligibility database.

Kaspersky warns that a zero-day affecting the InPage text editor is being exploited in attacks against banks located for the most part in Asia and Africa.

Symantec is tracking the progress of the Gatak through the healthcare sector. How the unknown criminals behind Gatak are monetizing malware that affects many medical research, development, and device manufacturing sites is unclear.

Locky ransomware—still dangerous and still unbroken—is being heavily distributed in spam campaigns. CrytpoLuck is being served by the RIG exploit kit. In some good news on the ransomware front, the recently discovered TeleCrypt strain has been broken.

In industry news, Palantir has this month raised an additional $20 million. Analysts look at Symantec's acquisition of LifeLock and see two benefits: a near-term positive effect on the topline, and synergies from the identity protection business for Symantec's larger suite of security offerings.

The US Federal hiring event that led some to assert that there's no cyber talent shortage looks like an outlier.

It's Black Friday. Shop with circumspection, and be wary of free mall WiFi.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Bangladesh, Canada, European Union, Ghana, India, Japan, Malaysia, Nigeria, Pakistan, South Africa, Thailand, United Kingdom, and United States.

On the Podcast

The CyberWire's regular daily Podcast is on holiday hiatus today, but we'll return as usual Monday. In the meantime, feel free to catch up on the episodes you may have missed here. And as always, if you enjoy the podcast, please consider giving it an iTunes review.)

Sponsored Events

AlienVault USM Webcast (Live Webcast, December 1, 2016) Find threats lurking on your systems with host-based intrusion detection and AlienVault USM.

NCCoE Speaker Series: Understanding, Detecting & Mitigating Insider Threats (Rockville MD, USA, December 6, 2016) Your employees could be your biggest cybersecurity risk. Join us to learn more.

Selected Reading

Cyber Trends

Internet freedom around the world keeps decreasing (Help Net Security) For the sixth year in a row, Internet freedom is declining

The internet may be doing more harm than good (National) Was the world better off before the internet?

ACI highlights need for ‘more Europe’ on security, during special summit (Travel Daily News) Europe is facing an unprecedented security situation, with the terrorism threat shaped by a toxic mix of geopolitical instability, marginalised communities & social discontent - as well as social media being used as a powerful propaganda machine

The crime that hit almost 700 million in a year (CQ News) Despite widespread publicity about cyber attacks and scams, Australians are still sharing passwords, leaving devices unprotected and engaging in risky online behaviour

UK organisations have a worrying digital security gap (Help Net Security) UK organisations reveals that while 82 percent of C-Suite and senior managers admit they are concerned about the vulnerability of their web sites, mobile applications and social media accounts to cyber attack and impersonation, according to Risk IQ

Legislation, Policy and Regulation

Thai Computer Crime Law Raises Rights Concerns (Infosecurity Magazine) Amendments to Thailand’s controversial Computer Crime Act were debated in parliament this week, with rights groups expressing concerns that the law will bolster government efforts to restrict online freedoms and spy on users

Serious cyber attack has potential to cause same damage as terrorist attack, Dan Tehan says (Australian Broadcasting Corporation) Australia's defences against cyber attacks need improving if it is to keep up with the growing threat of online crime and espionage, says the Minister assisting the Prime Minister for Cyber Security Dan Tehan

Microsoft calls for laws on cyber security (Ghana Business News) Microsoft has once again proven that it is a champion of cyber security awareness by joining a growing effort by the government and other agencies to promote Cyber safety and anti-piracy awareness in Ghana

Why Did Team Obama Try to Take Down Its NSA Chief? (Daily Beast) Adm. Michael Rogers’s bosses wanted him to go harder after ISIS. His employees wanted him to take it easier on the group. And that was before the meeting with Donald Trump

Why there's hope for data privacy under Trump (ITProPortal) Donald Trump and his VP, Mike Pence, have yet to clearly define their policy priorities around tech

DoD Opens .Mil to Legal Hacking, Within Limits (KrebsOnSecurity) Hackers of all stripes looking to test their mettle can now legally hone their cyber skills, tools and weaponry against any Web property operated by the U.S. Department of Defense (DoD), according to a new military-wide policy for reporting and fixing security vulnerabilities

DoD to begin piloting replacement for Common Access Card after Christmas (Federal News Radio) The Defense Department expects to begin pilot programs to test out new IT authentication mechanisms shortly after the Christmas holiday, an early step toward the DoD chief information officer’s objective of completely eliminating the Common Access Card within the next two years

OIG: HHS Needs to Push Secure Health Data Exchange (GovInfo Security) Report outlines HHS management, performance challenges

DFS Cyber Regulation: Part II – An Interview with Bay Dynamics’ Steven Grossman (JDSupra) This is the second installment in our interview with Steven Grossman, VP Strategy & Enablement at Bay Dynamics, the cyber risk analytics company. Here, Steven discusses the importance of aligning an institution’s risk profile with its cybersecurity plan and recommendations for bridging the gap between IT and the boardroom

Cybersecurity 2017 – The Year In Preview: The Changing Face of State Law and Enforcement (Security, Privacy, and the Law) In the patchwork of state and federal law regulating the use and maintenance of personal confidential information, states play a significant role and can often be the most important regulator and law enforcement authority

Products, Services, and Solutions

New infosec products of the week: November 25, 2016 (Help Net Security) Anomali STAXX: Easy way to subscribe to any STIX/TAXII feed...Barracuda announces Web Security Gateway updates...Threat Stack unveils Cloud Security Platform support for Windows and hybrid environments...BullGuard updates BullGuard Internet Security...Fujitsu releases PalmSecure BioLock, a biometric security solution for SAP systems

Bitdefender ajoute de nouvelles technologies avancées à sa gamme GravityZone (Global Security Mag) Bitdefender annonce l’amélioration et l’intégration de nouvelles fonctionnalités et technologies de sécurité1 à sa gamme de solutions pour les entreprises, GravityZone

KeepKey adds Ethereum support, offers 20 pct discount on Black Friday (EconoTimes) KeepKey, a Seattle-based hardware wallet provider, has announced integration with Ethereum due to soaring community demand

Technologies, Techniques, and Standards

Telecrypt Decryptor foils ransomware’s simple encryption method (Help Net Security) The recently spotted Telecrypt ransomware can be thwarted: malware analyst Nathan Scott has created a tool that decrypts the encrypted files

Free Software Quick Security Checklist (SANS Internet Storm Center) Free software (open source or not) is interesting for many reasons. It can be adapted to your own needs, it can be easily integrated within complex architectures but the most important remains, of course, the price. Even if they are many hidden costs related to "free" software. In case of issues, a lot of time may be spent in searching for a solution or diving into the source code (and everybody knows that time is money!)

How Retailers Can Create A Cybersecurity-Aware Environment (Information Security Buzz) Last year, more than 40 million retail records were lost or stolen. And the recent Beyond the Phish Report revealed users in the retail industry incorrectly answered nearly 40% of questions about properly securing and disposing of sensitive data

Visa Clarifies Merchants Have EMV Debit Routing Options (BankInfo Security) What are the implications for chip-and-PIN?

What is SQL Injection and how to avoid it in Java? (javaQuery) SQL Injection: It's a technique where attacker try to alter(modify/change) your SQL query using input parameters

Skycure's Tips for Safe Mobile WiFi Networking During the Holidays (eWeek) Some free Mall WiFi connections are more dangerous than others

Cyber Monday: What to watch out for when you hit the web (Naked Security) Cyber Monday happens immediately after the Thanksgiving weekend, and it’s a day of potential online bargains when many people will be flocking to their browsers to look for great deals, just as they flocked to the shopping mall for in-store Black Friday discounts

Marketplace

Firms told ‘get away from the sales guy’ for better security (ChannelBiz) Channel security solutions bod slams vendors for promising the earth and not delivering

Big data company Palantir quietly raised another $20M in November (TechCrunch) Palantir — that $20 billion secretive outfit that provides government, finance, healthcare and other organizations with analytics, security and other data management solutions — has raised another $20 million in funding, according to a new SEC filing

What’s Symantec Getting from Its LifeLock Acquisition? (Market Realist) Symantec (SYMC) is buying identity theft protection company LifeLock (LOCK) for $2.3 billion. The deal values LifeLock at $24 per share, suggesting that Symantec is paying a 16% premium to LOCK’s closing price as of November 18, 2016

A Closer Look At IBM's Future: Mobile, Security, Acquisitions And Accounting (Part 7) (Seeking Alpha) This article is part of a series of interviews with IBM executives. In this article, I ask IBM about its strategy in relation to mobile, security and acquisitions. I also investigate some of the accounting reclassifications

How IBM Is Changing Enterprise Cybersecurity Landscape (CXOtoday) The last couple of weeks have been quite exciting for IBM Security. Ealier in November, the Big Blue announced the initial integration of Watson for Cyber Security with IBM’s QRadar Security Intelligence Platform

DHS hiring puts into question the cybersecurity skills shortage (Search Security) A successful hiring event by the Department of Homeland Security calls into question the existence of the cybersecurity skills shortage but experts wonder if the event was an outlier

Security Patches, Mitigations, and Software Updates

CERT tells Microsoft to keep EMET alive because it's better than Win 10's own security (Register) Vuln seeker says EMET has 13 protections Win 10 doesn't

Cyber Attacks, Threats, and Vulnerabilities

The European Commission was the victim of a massive DDoS attack that brought down its internet access for hours on Thursday. (Security Affairs) A massive DDoS attack targeted the European Commission website, fortunately, according to an official statement from the organization the internal security team repelled the attack without damages

European Commission confirms 'large-scale' cyberattack disrupted internet for hours (International Business Times) EU legislative body maintains that no data was stolen in the incident

European Commission Servers Offline After Massive DDoS Attack (HackRead) Commission says there was no data breach

Kaspersky Lab IDs New Activity Among Financial Cybercriminals (PYMNTS) Analysts at Kaspersky Lab have discovered a string of attacks targeting users across Asia and Africa, the company said Wednesday (Nov. 23)

Asian and African banks are attacked using a Zero-day vulnerability (IT News Africa) Kaspersky Lab has discovered attacks which appear to be using a zero-day exploit (a malicious programme allowing additional malware to be silently installed) for the InPage text editor. InPage is a software package used by Urdu- and Arabic-speaking people and organisations around the world. The exploit was used in attacks against banks in several Asian and African countries

InPage Zero Day Used in Attacks Against Banks (Threatpost) A zero-day vulnerability in InPage publishing software used primarily in Urdu, Pashto and Arabic-speaking nations has been publicly exploited in attacks against financial institutions and government agencies in the region

No cyber attack on local ATMs, say police (Free Malaysia Today) Cyber attacks possible only on outdated and vulnerable ATMs, says Selangor Commercial Crime Investigation Department chief

Personal data for more than 130,000 sailors was breached, Navy says (Navy Times) The personal data of more than 130,000 sailors in a re-enlistment approval database was stolen from a contractor’s laptop, the Navy disclosed Wednesday

Navy Reports Data Breach after Hewlett Packard Laptop Compromised (Wall Street Journal) Navy says names and Social Security numbers of 134,000 current and former sailors were accessed by ‘unknown individuals”

Healthcare organizations under threat of Gatak Trojan: Symantec (India Times) Mysterious threat group infects organizations using malicious key generators for pirated software, reveals Symantec research

Cybercriminals use OneDrive for Business to spread malware (IT Pro Portal) Forcepoint Security Labs has revealed that cybercriminals have been exploiting Microsoft's OneDrive for Business

Vicinity of obscurity! Fareit trojan spread via uncommon file type (Graham Cluley) Malicious attackers disguise their attacks via .mht file attachments

Locky Ransomware Distributed Through Massive “Spray & Prey” Spam Campaign (Heimdal Security) The unbreakable Locky is on a rampage. For your safety, don’t open this email!

CryptoLuck Ransomware Spread Through the RIG-E Exploit Kit (Cyware) CryptoLuck ransomware is a new strain of malware discovered by the researcher Kafeine, that is being distributed via the RIG-E exploit kit

TeleCrypt Ransomware Decrypted In Three Weeks (VirusGuides) It took experts only three weeks to break the code of TeleCrypt, the ransomware which exploits the chat app Telegram messenger. The virus uses a simple cryptosystem which was easy to figure out

Uber Portal Leaked Names, Phone Numbers, Email Addresses, Unique Identifiers (Threatpost) A series of vulnerabilities in UberCENTRAL, a portal Uber started during the summer to help businesses facilitate rides for customers, could have leaked the names, phone numbers, email addresses, and unique ID of all Uber users

Non-Casino Rama patron also victim of cyber attack (Toronto Sun) A man who never stepped foot in Casino Rama was stunned to get a letter advising him that his personal information may have been stolen in a cyber attack targeting the gambling operation

I-Team: Cyber attacks have cost Las Vegas businesses billions (CBS 8 Las Vegas Now) Anyone can fall victim to cybercrime, but hackers have zeroed in on some large targets in Las Vegas: hotel and casino establishments

Smartphone App Flaw Leaves Tesla Vehicles Vulnerable To Theft (Infosecurity Magazine) Tesla cars can be tracked, located, unlocked and driven away by compromising the company’s smartphone app

Data Breach - Online Accounting Firm (Wapack Labs) An online Palo Alto headquartered accounting firm has suffered a data breach

Locked PCs No Match for Samy Kamkar's Latest Hacking Tool (InfoRisk Today) PoisonTap sneaks into computers, even if they're locked

Insider Threat Enabled by Disloyal Employees and Organizational Failures (Infosecurity Magzine) Organizations are not in touch with employees, and “misunderstand the strength of someone’s loyalty who doesn’t necessarily want to work 9-5”

Kaspersky Lab warns retailers, consumers of Black Friday heist (Enterprise Innovation) The number of financial phishing attacks is expected to rise again during the holiday season which starts unofficially on Black Friday and continues through Cyber Monday and Christmas, security firm Kaspersky Lab warned

Litigation, Investigation, and Enforcement

Census 2016: Government, IBM settle over website crash (Australian Broadcasting Corporation) The Government has reached a confidential settlement with computer giant IBM for costs after the census website crashed earlier this year, leaving millions of Australians unable to lodge their forms

ABS told to end 'cosy' IBM lock-in after Census fail (IT News) Blasted over trusted relationship and poor preparation

European Regulator Probes Yahoo’s 2015 Secret Email Scan (Dark Reading) Dublin-based Data Protection Commissioner trying to ascertain if Yahoo broke Europe's privacy laws

Voting security experts call on Clinton to demand recount (CSO) The results in three battleground states should be re-examined, voting security experts and lawyers tell Clinton

Hacked or Not, Audit This Election (And All Future Ones) (Wired) After an election marred by hacker intrusions that breached the Democratic National Committee and the email account of one of Hillary Clinton’s top staffers, Americans are all too ready to believe that their actual votes have been hacked, too. Now those fears have been stoked by a team of security experts, who argue that voting machine vulnerabilities mean Clinton should demand recounts in key states

UMass Amherst Hit with $650,000 HIPAA Settlement (Healthcare Info Security) Malware-related breach affected a unit that should have been HIPAA compliant

Rancho Cucamonga Verizon Wireless store focus of ID theft ring investigation (Press Enterprise) A domestic violence investigation uncovered a large ID Theft ring working out of the Verizon Wireless store at Victoria Gardens, sheriff’s officials announced Wednesday

Atlanta Attorney’s Office Gets Cybercrime Unit (Dark Reading) New cell created after arrest and extradition of two Nigerians from Malaysia in alleged phishing attacks on US

Design and Innovation

Autistic People Can Solve Our Cybersecurity Crisis (Wired) Vital jobs in online security are going unfilled. And there are people in our midst, ideally suited to the work, who are unemployed. Connect the dots

Blockchain has the potential to revolutionize the supply chain (TechCrunch) At the time of its inception some two centuries ago, the supply chain was a revolutionary idea that would improve visibility and control on goods and products as they moved from point A to point B. But the old concept and technology can no longer support today’s production and supply cycles, which have become extremely fragmented, complicated and geographically dispersed

Every move you make, every click you take, we’ll be watching you (Naked Security) I had to leave the site ClickClickClick. It wasn’t too happy about it

Think Stock Photos of Hackers Are Cheesy? Blame This Guy (Motherboard) Trust me: picking stock photos for an article on hacking is the bane of a security journalist's existence. Either, you've got some abstract illustration of a padlock surrounded by The Matrix typography, or a dark hooded figure leaning menacingly over a laptop; there isn't much in between

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, November 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial Institutions, Information Technology Vendors, high profile CIOs, CISOs, CTOs Risk and Compliance Officers and COOs to explore how they can utilize the newest technologies to further increase mobility, enhance security, support new products and services, and improve customers’ experience to secure their competitive edge.

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

Internet of Things (IoT) (Elkridge, Maryland, USA, November 29, 2016) This cybergamut Technical Tuesday features Dr. Susan Cole, currently the Cybersecurity Lead for a Federal Information Systems Controls Audit Management (FISCAM) preparation team and also provides consulting support to small companies. The Internet of Things (IoT) is becoming more embedded in everyday life, often without people being aware. This talk centers on defining what IoT really is, discussing why it has exploded exponentially, and identifying challenges to future implementation of IoT, including security challenges.

CIFI Security Summit (Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security experts from around the globe to discuss Cyber Intelligence, Digital forensics, Cyber Security and Cyber Investigations. This is the only event of its kind that will run 4 simultaneous streams over 2 days in addition to case studies, demonstrations from global business leaders and a 30+ Exhibition.

AlienVault USM Webcast (Online, December 1, 2016) Host-based intrusion detection systems (HIDS), work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating system, looking for changes made to key system files, tracking installed software, and sometimes examining the network connections a host makes. AlienVault USM integrates HIDS with other key security controls to help you get the most out of host-based monitoring.

Cyber Threats Master Class (Turin, Italy, December 1 - 2, 2016) The UNICRI Masterclass on Cyber Threats aims to provide media and public relations professionals, as well as those planning a career in public information and communication, with a deeper understanding of new security threats to states and citizens. The focus of the course is on cyber threats, internet governance and the role of media. Application deadline is October 2, 2016.

Disrupt London (London, England, UK, December 3 - 6, 2016) TechCrunch Disrupt is the world’s leading authority in debuting revolutionary startups, introducing game-changing technologies, and discussing what’s top of mind for the tech industry’s key innovators. Disrupt gathers the best and brightest entrepreneurs, investors, hackers, and tech fans for on-stage interviews, the Startup Battlefield competition, a 24-hour Hackathon, Startup Alley, Hardware Alley, and After Parties.

US Department of Commerce Cyber Security Trade Mission to Turkey ( Ankara and Istanbul, Turkey, December 5 - 8, 2016) Now is the time to expand in Turkey! The growth and frequency of cyber-attacks in recent years has increased the demand to protect critical data and infrastructure of governments and businesses. Turkey is increasing resources in the public and private sectors to tackle these complex cyber threats. Apply now for this mission. Recruitment for the mission will begin immediately and conclude no later than September 16, 2016. The U.S. Department of Commerce will review applications and make selection decisions on a rolling basis beginning May 2, 2016 until the maximum of 20 participants is selected. Applications received after September 16, 2016 will be considered only if space and scheduling constraints permit.

NCCoE Speaker Series: Understanding, Detecting & Mitigating Insider Threats (Rockville, Maryland, USA, December 6, 2016) Insider threats are growing at an alarming rate, with medium-to-large company losses averaging over $4 million every year. Smaller businesses are at risk too, and it is estimated that in 2014, over half of all cyber attacks targeted companies with less than 1,000 employees. The majority of these breaches are caused accidentally by internal employees or contractors, which means that, whether their intent is malicious or not, people represent the greatest risk to a company's cyber security. Join us for the December 6th NCCoE Speaker Series and learn from the leading experts, including Mitre's Principal Behavioral Psychologist Dr. Deanna Caputo, how you can keep your business safe from these costly and preventable breaches.

Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter (Elkridge, Maryland, USA, December 6, 2016) This cybergamut Technical Tuesday features ZeroFox data scientist John Seymour, who will present a recurrent neural network that learns to tweet phishing posts targeting specific users. Historically, machine learning for information security has prioritized defense: think intrusion detection systems, malware classification and botnet traffic identification. Offense can benefit from data just as well. Social networks, especially Twitter with its access to extensive personal data, bot-friendly API, colloquial syntax and prevalence of shortened links, are the perfect venues for spreading machine-generated malicious content.

Practical Privacy Series 2016 (Washingto, DC, USA, December 7 - 8, 2016) This year, the Practical Privacy Series will return to Washington, DC, with its rapid, intensive education that arms you with the knowledge you need to excel on the job. We’re programming some stunningly good sessions right now—we can’t wait to share them with you!

CISO Southern Cal (Los Angeles, California, USA, December 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more

SANS Cyber Defense Initiative 2016 (Washington, DC, USA , December 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative 2016 will feature courses in IT security, security management, IT audit, penetration testing, and computer forensics, including short courses that can be taken with a long course to enhance your training. Every course, evening talk, and special event is designed to equip you with cutting-edge knowledge and skills required to combat today's cyber criminals. SANS events offer you a unique opportunity to learn from the best cybersecurity teachers in the country. At SANS events you get the kind of hands-on, immersion training that you can put to work immediately

Privacy, Security and Trust: 14th Annual Conference (Auckland, New Zealand, December 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how this research can be used to enable innovation. The main aims of the conference are: To highlight the innovative research happening globally with three main themes: Privacy, Security and Trust. Academics from across the globe will come together to discuss solutions related to PST risks and to showcase the research methods that are able to minimise future cybercrime issues. To foster new ideas and conversation in order to reduce the amount of PST issues globally and to create enduring change in the behaviour and attitudes towards PST. To draw together PST practitioners, researchers, and government to showcase the latest PST research outputs and initiatives. We envisage that industry participants will implement the PST initiatives that are discussed and showcased at the conference into their practice.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

European Commission recovers from large DDoS outages. US Navy re-enlistment eligibility database compromised. InPage zero-day used against banks. Locky, CryptoLuck romp in the wild, but TeleCrypt is now decrypted.