Drone strikes, arrests, target ISIS social media and terror operators. Mirai botnets offered for rent. Ransomware hits San Francisco mass transit.
The New York Times has an account of how cooperation between law enforcement agencies (notably the FBI) and US and UK military forces have enabled the arrest—or, in many cases, the battlefield killing—of ISIS social media operators. In a separate action, French security services have rolled up an alleged ISIS terror ring.
There's no word yet on how last week's denial-of-service attack on the European Commission was accomplished. Radio Free Europe/Radio Liberty notes that the attack coincided with a meeting in Brussels between Ukraine's president and EU officials.
Two hoods using the noms-de-hack "Popopret" and "BestBuy" (the latter unconnected with the electronics retailer) are leasing a Mirai botnet said to contain 400,000 devices. They offer a variety of rental levels, of which this come-on provides a representative sample: "price for 50,000 bots with attack duration of 3600 secs (1 hour) and 5-10 minute cooldown time is approx 3-4k per 2 weeks." Popopret and BestBuy are thought to have been responsible for the GovRAT Trojan which InfoArmor identified in November 2015.
In other DDoS news, router vulnerabilities have been exploited to disrupt service to some 400,000 Eir webmail users in Ireland.
KrebsOnSecurity offers another glimpse into the criminal underground with sales videos for ATM inset card skimmers.
Over the weekend San Francisco's Muni public transportation system was hit with HDDCryptor ransomware. The ask is a relatively low 100 Bitcoin, but until the attack on scheduling and payment systems is remediated, the Muni decided to let people ride for free.
Today's issue includes events affecting European Union, France, Ghana, Iraq, Ireland, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Norway, Russia, Syria, Ukraine, United Kingdom, and United States.
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at Terbium Labs, whose Emily Wilson describes how the Dark Web community celebrates the holidays. We'll also hear from a guest, Brad Medairy from Booz Allen Hamilton, who'll take us through their report on what actually happened to the power grid in Western Ukraine last December. If you enjoy the podcast, we invite you to please consider giving it an iTunes review.
Cyber Attacks, Threats, and Vulnerabilities
One by One, ISIS Social Media Experts Are Killed as Result of F.B.I. Program (New York Times) In the summer of 2015, armed American drones over eastern Syria stalked Junaid Hussain, an influential hacker and recruiter for the Islamic State
European Commission Hit By 'Large-Scale' Cyberattack (Radio Free Europe / Radio Liberty) The European Union's executive body says it was hit by a "large-scale" cyberattack that reportedly disabled its access to the Internet for several hours
DDoS-for-hire service now advertising renting out a 400,000 bot-strong Mirai botnet (International Business Times) Security researchers believe that the hackers most likely are operators of the largest known Mirai botnet
Mirai DDoS botnet for rent (My Broadband) A massive Mirai botnet, which promises over 400,000 bots which can carry out DDoS attacks, is for rent on the Internet
ATM Insert Skimmers: A Closer Look (KrebsOnSecurity) KrebsOnSecurity has featured multiple stories about the threat from ATM fraud devices known as “insert skimmers,” wafer-thin data theft tools made to be completely hidden inside of a cash’s machine’s card acceptance slot. For a closer look at how stealthy insert skimmers can be, it helps to see videos of these things being installed and removed. Here’s a look at promotional sales videos produced by two different ATM insert skimmer peddlers
Cyber attack stalls access for Eir webmail users (RTE) The 400,000 users of Eir's webmail service are experiencing intermittent access to their accounts due to a Distributed Denial-of-Service (DDoS) attack on the company
Eir Router Flaw Allows Hackers to Compromise Whole Networks (Best Security Search) A computer security expert has discovered a security vulnerability in Eir routers which allows hackers to compromise the router and the whole internal network
So, just how were those MailChimp accounts hacked? (Graham Cluley) Password-stealing malware a possible culprit
Fraudsters eat for free as Deliveroo accounts hit by mystery breach (Naked Security) Food delivery network Deliveroo has suffered a mysterious security breach that has left dozens of UK users picking up large bills for food they never ordered
Verizon Wireless customers shouldn't fall for this scam (WLTX) A scam is going around where cyber criminals are telling mobile customers to open a link to fix a breach of security on their phone, according to the Newberry County Sheriff's Department
US Navy breach highlights third-party cyber risk (ComputerWeekly) The personal details of more than 130,000 current and former US Navy personnel have been exposed in a breach linked to the compromise of third-party supplier’s laptop
Ransomware forces SFMTA to give free rides, $73,000 demanded by attackers (CSO) The trains are running, but the systems maintaining fares and schedules are not
Passengers ride free on SF Muni subway after ransomware hits 2,100 systems, demands $73k (Register) Workstations, servers, ticket machines derailed by malware
‘You Hacked,’ Cyber Attackers Crash Muni Computer System Across SF (CBS SF Bay Area) ‘You Hacked, ALL Data Encrypted.’ That was the message on San Francisco Muni station computer screens across the city, giving passengers free rides all day on Saturday
Security experts from the CheckPoint firm discovered two different variants of the new Cerber 5.0 ransomware in a few weeks. (Security Affairs) Security experts have spotted a new variant of the dreaded Cerber ransomware, the Cerber 5.0. This is the third version of the malware released this week that is able to encrypt files on all accessible network shares
Black Friday and Cyber Monday Spam Messages Distribute Ransomware (Best Security Search) Microsoft has warned users that computer criminals are distributing dangerous ransomware as part of the Black Friday and Cyber Monday sales
The malicious iPhone video with a silver lining (Naked Security) Anyone here old enough to remember MS-DOS?
CNN, RCN Deny Reports of Porn Airing on Channel in Boston (Variety via Yahoo!) CNN and cable operator RCN are denying reports that 30 minutes of pornography aired on the channel designated for CNN in the Boston area on Thursday night
Security Patches, Mitigations, and Software Updates
cURL security audit learns the lessons of Heartbleed (Naked Security) You may not have heard of cURL but you’ve probably made use of it. It’s one of those pieces of software that does something everybody needs, that everybody uses but almost nobody pays any attention to
Adobe Flash Player Latest Update Download Available with More Patches (Neurogadget) A few weeks ago, Adobe has rushed out an emergency patch for a zero day vulnerability. Well, it seems that the company has just released a new security update for the mentioned software. The new release has patched 9 vulnerabilities, all of them which could allow remote code execution
Silencing the Messenger: Communication Apps Under Pressure (Freedom House) Internet freedom around the world declined in 2016 for the sixth consecutive year. Two-thirds of all internet users – 67 percent – live in countries where criticism of the government, military, or ruling family are subject to censorship. Social media users face unprecedented penalties, as authorities in 38 countries made arrests based on social media posts over the past year. Globally, 27 percent of all internet users live in countries where people have been arrested for publishing, sharing, or merely “liking” content on Facebook. Governments are increasingly going after messaging apps like WhatsApp and Telegram, which can spread information quickly and securely
Study: Industry slow to implement information security measures (Automotive IT) Industrial companies are aware that information security and risk management are crucial in today’s data-driven and connected world. But, according to a new study, they also are relatively slow in implementing policies to fend off threats
We’re all screwed, but let’s not be nihilists (TechCrunch) We are so doomed it’s almost funny, and always have been. Don’t worry, I’m not being political! …well, not exactly. I’m talking about the State of Internet Security, which is, as always, disastrous-verging-on-cataclysmic. Are you worried about Russian hackers? Hah! You should be so lucky as to be hacked. We should all be so lucky as to have a functional Internet they can use to hack us
Diversification Is Drowning Barracuda (Seeking Alpha) Barracuda is rebounding after several quarters of trading at a low premium. Valuation still factors in the slow growth rate. Is diversification helping CUDA?
Why and when technology vendors lose a deal - research (Computing) Exclusive in-depth research from Computing and CRN reveals that vendors are too slow to engage, and are failing to match their solution to an end users' needs
French Defense Ministry Considering a Small Company Investment Fund (Defense News) Defense ministry officials are in talks with the finance ministry to set up a government investment fund of “several million euros” to invest in small high technology companies, which carry a national sovereignty interest, Defense Minister Jean-Yves Le Drian said on Thursday
Products, Services, and Solutions
AlgoSec Delivers Intelligent, Zero-Touch Automation to Support Business-Driven Security Policy Management (Yahoo! Finance) AlgoSec, the leading provider of business-driven security policy management solutions, today released the AlgoSec Security Management solution version 6.10. This latest version reinforces AlgoSec's commitment to supporting business driven security management by delivering the visibility, automation and management that organizations need to accelerate their business application deployments into production -- in the cloud or on-premise
Microsoft Says It’s Not Sharing Windows 10 Telemetry Data with Anyone (Softpedia) We’ll just keep this data for ourselves, the company claims
Fingbox: Network security and Wi-Fi troubleshooting (Help Net Security) Fingbox allows you to secure and troubleshoot your home network. It plugs in to your existing router, alerting you when it senses anything out of the ordinary – from new devices on your network, changes in your Internet performance, or unidentified devices that could be an unwelcome intruder
Brace Yourself for Kaspersky’s “Hack-proof” Operating System (HackRead) Kaspersky says their “secure operating system” will be released soon
Technologies, Techniques, and Standards
Protecting smart hospitals: A few recommendations (Help Net Security) The European Union Agency for Network and Information Security (ENISA) has released a new report to help IT and security officers of healthcare organizations implement IoT devices securely and protect smart hospitals from a variety of threats
New Compliance Regimens Will Drive Insider Threat Awareness (Trustifier) Finally! Taking the Insider Threat (Semi-) seriously
National Insider Threat Policy (NCSC) The National Insider Threat Policy aims to strengthen the protection and safeguarding of classified information by: establishing common expectations; institutionalizing executive branch best practices; and enabling flexible implementation across the executive branch
Hacker Lexicon: What Is Perfect Forward Secrecy? (Wired) Encryption keeps your secrets, until it doesn’t. When you use an encryption tool like the venerable software PGP, for instance, your most sensitive communications are only as secure as a single, secret piece of data known as a private key. If that key gets stolen, it’s not just all your future messages that have been compromised. An eavesdropper could crack all your past encrypted correspondence with that stolen key as well
.zzzzz file extension virus. How to Remove? (Uninstall Guide) (2-Spyware) Bad news: Locky hides under .zzzzz file extension
How Carriers Can Help Solve IoT Insecurity (Wireless Week) Through our research and work with carriers, partners, and others, AdaptiveMobile has predicted up to 80 percent of devices connected on the IoT do not have appropriate security measures in place. To put it plainly, four in five of IoT devices on the market are vulnerable to malicious activity, inadvertent attacks, and data breaches
Best of both worlds: Swift and secure financial transactions (Raconteur) As sophisticated cyber criminals become increasingly aggressive and collaborate with offline criminals, banks face a greater threat than ever before. However, one simple innovation can enormously improve their security
Buffer Overflow (BOF) (MS Black Hat) In computer security and programming, a buffer overflow, or buffer overrun, is an anomalous state where a process tries to save information beyond the boundaries of a fixed-length buffer. The result is that next memory locations are overwritten by the additional information. The overwritten data can sometimes include other buffers, variants and application flow info, and might lead to unpredictable program behavior, a memory access exception, application termination (a crash), wrong results or particularly if deliberately the result of a malicious user a potential violation of system security
Time For Security & Privacy To Come Out Of Their Silos (Dark Reading) By working separately, these two teams aren't operating as efficiently as they could and are missing huge opportunities
It's not just cyber criminals who will comprise your valuable data (Security Brief) It may be a cliché but it can’t be said enough: where security breaches are concerned, it’s not if but when. Breaches are splashed across the front pages of the news on an almost daily basis, with some of the world’s biggest companies falling victim. But the story behind these latest breaches to hit the headlines is different
Online Christmas shoppers could be under cyber attack as experts warn of "Wild West" conditions (Mirror) Bargain hunters should stay alert online during the Cyber Monday sales frenzy
Design and Innovation
Your science-fiction ideas could shape the future of the Army (Army Times) If you’ve ever wanted to be the next H.G. Wells, this is your chance
Guest post: Cybersecurity school to open at Bletchley Park, home of the wartime codebreakers (Naked Security) Great news that a cybersecurity college is going to be set up at Bletchley Park to teach 16-19 year olds cybersecurity skills along with maths, physics, computer science and economics. What better place for the college to be located than at Bletchley Park, the UK’s hub of codebreaking during the second world war?
Legislation, Policy, and Regulation
Secret Trade Proposal Would Give Facebook Free Reign to Censor by Algorithm (Motherboard) Facebook has long drawn ire over its tendency to censor users’ posts based on its opaque standards. But under leaked proposals from a controversial European trade deal, the social network and other online services could be granted legal immunity when censoring any content, as long as it’s deemed “harmful or objectionable”
Intelligence-sharing pact between South Korea, Japan takes effect (Military Times) An intelligence-sharing agreement between South Korea and Japan took effect Wednesday after the countries signed the pact to better monitor North Korea, Seoul officials said
US Navy, Cybersecurity, and Distributed Lethality: A Conversation With Adm. Rowden (Diplomat) An exclusive interview with Vice Admiral Thomas S. Rowden, commander of Naval Surface Forces
Officials celebrate start of Army Cyber Command construction Tuesday (Augusta Chronicle) The Pentagon’s announcement to move Army Cyber Command to Fort Gordon – Dec. 19, 2013 – was a ground-shaking event
Microsoft partners state agencies to fight piracy (Citifmonline) Microsoft has partnered with some government agencies to promote Cyber safety and anti-piracy awareness in Ghana
Litigation, Investigation, and Law Enforcement
France claims Islamic State links to ‘imminent’ terror plot uncovered (Washington Post) French authorities claimed Friday the Islamic State had a direct hand in helping five suspected militants plot “imminent attacks” against possible targets including Paris police hubs and Euro Disney
Obama admin defends vote integrity after hacking fears (The Hill) The Obama administration has defended the integrity of the presidential election despite fears of Russia attempting to undermine the vote
Norway’s highest court refuses to grant Snowden no-extradition guarantees (RT) Norway’s Supreme Court has rejected Edward Snowden’s request for guarantees that he will not be extradited to the US if he enters the country to receive the Ossietzky Prize for outstanding efforts in the field of freedom of expression
Can a Number Be Illegal? (Motherboard) If information can be illegal, a number can be illegal. It's an obvious statement—numbers are information—but one that might lead to absurd conclusions, as a computer scientist named Phil Carmody attempted to demonstrate in 2001 with the discovery and publication of a stupidly long prime number representing a section of forbidden computer code implementing a DVD decoding algorithm known as DeCSS
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Cyberspies: The Secret History of Surveillance, Hacking, and Digital Espionage (Washington, DC, USA, Nov 29, 2016) From Bletchley Park to cyber-attacks in the 21st century, the computer was born to spy. Gordon Corera, BBC News Security Correspondent and author of Cyberspies, will trace the previously untold and highly classified story of the melding of technology and espionage from its beginning. He’ll overview how the World War II birth of electronic espionage in Britain transitioned into Cold War-era spy hunting which morphed into the data-driven pursuit of terrorists and has grown into industrial-scale cyber-espionage against countries and corporations in the 21st century. Drawing on unique access to Western intelligence agencies, on-the-ground reporting from China, and insights into the most powerful technology companies, Corera has compelling stories to share from heads of state, hackers, and spies of all stripes. This evening will offer a first-hand exploration of the new space in which the worlds of espionage, geopolitics, diplomacy, international business, science, and technology collide.
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
Internet of Things (IoT) (Elkridge, Maryland, USA, Nov 29, 2016) This cybergamut Technical Tuesday features Dr. Susan Cole, currently the Cybersecurity Lead for a Federal Information Systems Controls Audit Management (FISCAM) preparation team and also provides consulting support to small companies. The Internet of Things (IoT) is becoming more embedded in everyday life, often without people being aware. This talk centers on defining what IoT really is, discussing why it has exploded exponentially, and identifying challenges to future implementation of IoT, including security challenges.
CIFI Security Summit (Toronto, Ontario, Canada, Nov 30 - Dec 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security experts from around the globe to discuss Cyber Intelligence, Digital forensics, Cyber Security and Cyber Investigations. This is the only event of its kind that will run 4 simultaneous streams over 2 days in addition to case studies, demonstrations from global business leaders and a 30+ Exhibition.
AlienVault USM Webcast (Online, Dec 1, 2016) Host-based intrusion detection systems (HIDS), work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating system, looking for changes made to key system files, tracking installed software, and sometimes examining the network connections a host makes. AlienVault USM integrates HIDS with other key security controls to help you get the most out of host-based monitoring.
Cyber Threats Master Class (Turin, Italy, Dec 1 - 2, 2016) The UNICRI Masterclass on Cyber Threats aims to provide media and public relations professionals, as well as those planning a career in public information and communication, with a deeper understanding of new security threats to states and citizens. The focus of the course is on cyber threats, internet governance and the role of media. Application deadline is October 2, 2016.
Disrupt London (London, England, UK, Dec 3 - 6, 2016) TechCrunch Disrupt is the world’s leading authority in debuting revolutionary startups, introducing game-changing technologies, and discussing what’s top of mind for the tech industry’s key innovators. Disrupt gathers the best and brightest entrepreneurs, investors, hackers, and tech fans for on-stage interviews, the Startup Battlefield competition, a 24-hour Hackathon, Startup Alley, Hardware Alley, and After Parties.
US Department of Commerce Cyber Security Trade Mission to Turkey ( Ankara and Istanbul, Turkey, Dec 5 - 8, 2016) Now is the time to expand in Turkey! The growth and frequency of cyber-attacks in recent years has increased the demand to protect critical data and infrastructure of governments and businesses. Turkey is increasing resources in the public and private sectors to tackle these complex cyber threats. Apply now for this mission. Recruitment for the mission will begin immediately and conclude no later than September 16, 2016. The U.S. Department of Commerce will review applications and make selection decisions on a rolling basis beginning May 2, 2016 until the maximum of 20 participants is selected. Applications received after September 16, 2016 will be considered only if space and scheduling constraints permit.
NCCoE Speaker Series: Understanding, Detecting & Mitigating Insider Threats (Rockville, Maryland, USA, Dec 6, 2016) Insider threats are growing at an alarming rate, with medium-to-large company losses averaging over $4 million every year. Smaller businesses are at risk too, and it is estimated that in 2014, over half of all cyber attacks targeted companies with less than 1,000 employees. The majority of these breaches are caused accidentally by internal employees or contractors, which means that, whether their intent is malicious or not, people represent the greatest risk to a company's cyber security. Join us for the December 6th NCCoE Speaker Series and learn from the leading experts, including Mitre's Principal Behavioral Psychologist Dr. Deanna Caputo, how you can keep your business safe from these costly and preventable breaches.
Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter (Elkridge, Maryland, USA, Dec 6, 2016) This cybergamut Technical Tuesday features ZeroFox data scientist John Seymour, who will present a recurrent neural network that learns to tweet phishing posts targeting specific users. Historically, machine learning for information security has prioritized defense: think intrusion detection systems, malware classification and botnet traffic identification. Offense can benefit from data just as well. Social networks, especially Twitter with its access to extensive personal data, bot-friendly API, colloquial syntax and prevalence of shortened links, are the perfect venues for spreading machine-generated malicious content.
Practical Privacy Series 2016 (Washingto, DC, USA, Dec 7 - 8, 2016) This year, the Practical Privacy Series will return to Washington, DC, with its rapid, intensive education that arms you with the knowledge you need to excel on the job. We’re programming some stunningly good sessions right now—we can’t wait to share them with you!
CISO Southern Cal (Los Angeles, California, USA, Dec 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
SANS Cyber Defense Initiative 2016 (Washington, DC, USA , Dec 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative 2016 will feature courses in IT security, security management, IT audit, penetration testing, and computer forensics, including short courses that can be taken with a long course to enhance your training. Every course, evening talk, and special event is designed to equip you with cutting-edge knowledge and skills required to combat today's cyber criminals. SANS events offer you a unique opportunity to learn from the best cybersecurity teachers in the country. At SANS events you get the kind of hands-on, immersion training that you can put to work immediately
Privacy, Security and Trust: 14th Annual Conference (Auckland, New Zealand, Dec 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how this research can be used to enable innovation. The main aims of the conference are: To highlight the innovative research happening globally with three main themes: Privacy, Security and Trust. Academics from across the globe will come together to discuss solutions related to PST risks and to showcase the research methods that are able to minimise future cybercrime issues. To foster new ideas and conversation in order to reduce the amount of PST issues globally and to create enduring change in the behaviour and attitudes towards PST. To draw together PST practitioners, researchers, and government to showcase the latest PST research outputs and initiatives. We envisage that industry participants will implement the PST initiatives that are discussed and showcased at the conference into their practice.