The CyberWire Daily Briefing 12.09.16

Cyber Trends

Tighe: Insider threat is never going away (C4ISRNET) The insider threat is never going to go away

Exploring data security in the legal sector and beyond (Help Net Security) BitSight analyzed the Security Ratings of more than 20,000 organizations in six industries – Finance, Legal, Healthcare, Retail, Government and Energy. The objective was to highlight quantifiable differences in security performance across industries from the past 12 months and identify areas of cybersecurity risks

Law Firms' Security Cross-Examined (Dark Reading) Legal sector earns a respectable score for its cybersecurity posture overall, but a large number of law firms remain weak when it comes to security

Cybersecurity advice for the nuclear industry (Help Net Security) Less complexity, an active defense, transformative research, and institutionalized cybersecurity should be nuclear industry’s key priorities to stem the rising tide of cyber threats

Outpacing Cyber Threats: Priorities for Cybersecurity at Nuclear Facilities (NTI) The past decade has seen unprecedented progress in the security of nuclear materials and facilities. As key improvements to physical security have been implemented, however, a threat that is potentially even more challenging is endangering these gains: the cyber threat

Security pros flunk cybersecurity (Banking Exchange) Simultaneously, they grade themselves well in handling detected threats

80% of digital publishers don’t know how their web traffic is audited (Help Net Security) The burden of proof is on publishers to defend their web traffic, yet 80 percent admit they don’t have insight into how their traffic is audited, raising questions about which traffic is non-human traffic (NHT)

Legislation, Policy and Regulation

New Call to Regulate IoT Security By Design (Threatpost) A Washington, D.C. think tank whose mission is critical infrastructure security has joined the call for lawmakers to consider regulating the security of connected devices

Is the Department of Homeland Security Too Tough for a General to Manage? (Daily Beast) The choice of John Kelly to lead DHS has soothed some fears, but are the threats so varied and the bureaucracy and oversight so convoluted that officials warn it could be one war he won’t win

DHS' Spaulding credits telecom advisers with core elements of upcoming cyber-response plan (Inside Cybersecurity) Homeland Security Under Secretary Suzanne Spaulding on Wednesday told industry advisers that an upcoming cyber-incident response plan is largely based on the recommendations of a two-year-old report for mobilizing the communications and technology sectors in response to a cyber attack

Marines Eye More Cyber, Information Ops Roles With Troop Increase (Washington Free Beacon) Senate approves defense policy bill, stopping force drawdowns

Products, Services, and Solutions

Threats of Tomorrow: Using AI to Predict Malicious Infrastructure Activity (Recorded Future) The ever-increasing scale and complexity of cyber threats is bringing us to a point where human threat analysts are approaching the limit of what they can handle. We believe the next-generation of cyber threats must be tackled by a combination of machines equipped with artificial intelligence (AI) and human analysts — what we call centaur threat analysts

BankMobile to Protect Mobile Banking Customers with DIGIPASS for Apps Mobile Application Security Suite (Nasdaq) The Uber of banking has chosen VASCO’s multifactor authentication and RASP technology to protect mobile transactions and enhance the customer experience

New infosec products of the week: December 9, 2016 (Help Net Security) Thales releases advanced encryption solutions for secure docker containers... Unisys Stealth(aware) automates implementation of micro-segmentation security... End-to-end IAM for physical and IT security... GO-Trust launches one touch login for cloud services... Bomgar makes remote support easier from any mobile device... Intel Security’s True Key integrates with Windows Hello... Arbor SP Insight expands and enhances network operators’ traffic analytics... Malwarebytes 3.0 combines four proprietary technologies

Cylance Launches Next-Generation Partner Program to Build Community of Security Experts and Partners to Deliver AI-Based Protection Solutions and Services (Yahoo!) Cylance® Inc., the company revolutionizing cybersecurity with the practical application of artificial intelligence to prevent the most advanced cyber threats, is announcing the launch of its 2017 Cylance Partner Program for channel partners

'BlackBerry Secure' Wants to Be Fort Knox for Your Company's Mobile Devices (PC Magazine) BlackBerry integrates its recent acquisitions into one cohesive offering

Thales Releases Advanced Encryption Solutions for Secure Docker Containers, Simplified Deployment and Zero Downtime (PFNewswire) Vormetric Data Security Platform expansion includes patented, non-disruptive encryption deployment and advanced Docker encryption

IBM to use AI to help banks with cybersecurity (Business Insider) IBM launched its IBM Watson for Cyber Security program in beta on Tuesday, and announced that it already has 40 clients signed up, including global leaders in the banking and insurance industries

Skyhigh Networks adds threat protection and data loss prevention capabilities to the cloud (Network World) As more corporate data is stored in the cloud, security incidents are no longer isolated to PCs and applications on the network

Malwarebytes 3.0 Makes Antivirus Obsolete, Protects Users from Known and Unknown Cyber Threats (BusinessWire) Malwarebytes 3.0 combines four proprietary technologies to equip users with the strongest, most comprehensive Malwarebytes protection ever

Comodo Works with cPanel to Deliver Free SSL Certificates (eWeek) The partnership between certificate authority Comodo and hosting panel vendor cPanel, enables a new AutoSSL feature that has already provided 5.8 million free SSL/TLS certificates

Qosmos and Mellanox Deliver World-Leading Deep Packet Inspection Platform Utilizing Qosmos Signatures and Mellanox Extreme Throughput DPI Technology on NPS-400 (IT Business Net) Qosmos®, the market leader in network intelligence software, today announced a technical partnership with Mellanox Technologies, a leading supplier of high-performance, end-to-end interconnect solutions for data center servers and storage systems, combining Qosmos Deep Packet Inspection (DPI) with the extreme throughput of Mellanox latest network processor NPS-400

Ixia Delivers Unprecedented Visibility into Virtual Data Center Traffic (Yahoo!) Ixia (XXIA), a leading provider of network testing, visibility, and security solutions, today announced that the company has extended the capabilities of CloudLens™, Ixia’s recently announced integrated cloud visibility platform, with CloudLens Virtual Packet Broker (vPB). CloudLens vPB is a software solution that delivers visibility into virtual data center traffic for enterprises leveraging private cloud deployments to support and expand their business

Novetta Testing Finds Low FMR, FRR for EyeLock Tech (Find Biometrics) EyeLock’s iris recognition biometrics technology represents “a significant technological breakthrough,” according to data analytics company Novetta

ESET launches new internet security products for home users (Data Quest) ESET has launched version10 of its premium line of security solutions for home users. ESET Smart Security Premium is built upon the award-winning NOD32 technology that offers the optimal mix of detection, speed and usability. In addition, the new product provides features including ESET Password Manager for easier and safer authentication, as well as ESET Secure Data for convenient and strong encryption

Technologies, Techniques, and Standards

Stealing, scamming, bluffing: El Reg rides along with pen-testing 'red team hackers' (Register) Broad smiles, good suits and fake IDs test security in new dimensions

Scene and heard at the Insurance Executive Conference (Property Casualty 360) In the afternoon, National Underwriter Property & Casualty Editor-in-Chief Shawn Moynihan co-moderated a panel with Chris Lanzilotta, principal at Ernst & Young, titled “Best Practices for Controlling Your Cyber Risk.” The panel included Thomas Dunbar, senior vice president and head of information risk management at XL Catlin and Greg Vernaci, head of cyber, U.S. and Canada at American International Group

Six tips for practicing safe social media (Help Net Security) With Facebook now counting over 1.7 billion monthly users and LinkedIn another 467 million, it was only a matter of time until criminal hackers turned their attention to exploiting social media as an attack vector. The current attack is being waged to introduce ransomware into these environments. Dubbed “Imagegate”, it’s a clever way of sneaking malware into your environment

Is Machine to Machine Communication (M2M) Dead? (Nanalyze) The Internet of Things or IoT is this notion that everything around us is connected and intelligent. Your coffee maker talks to the cloud which in turn tells it when to start brewing coffee based on when your alarm clock (which also talks to the cloud) is set. But what if your alarm clock just talked directly to your coffee maker? That’s the basic idea behind “machine to machine” or M2M communications which is the latest buzzword everyone’s getting excited about. Just how excited are people getting about M2M? CB Insights uses their powerful artificial intelligence powered “CB Insights Trends” tool to show us

You're Probably Fine with SMS-Based Two-Factor Authentication (Motherboard) Using a phone to secure your email, Facebook, or other online accounts has got a lot of bad press recently. In June, hackers broke into the Twitter account of prominent Black Lives Matter activist DeRay McKesson, after tricking Verizon into redirecting his text messages to another SIM card. And then a month later, the US National Institute of Standards and Technology (NIST) advised companies to find an alternative to SMS two-factor authentication

How and why security will be built into DevOps models (Security Asia) What does DevOps mean for local organisations, and to what degree have organisations adopted DevOps?

How this analyst targeted a phisher (CSO) Not unlike any other threat analyst, Marc Laliberte's email inbox fills up minute by minute. Some of which has made its way past the spam filter. The WatchGuard employee decided to finally act upon a certain phishing attempt in hopes of teaching the bad guys a lesson

Hiring the Right Cyber Threat Intelligence Analyst for Your Organization (Security Week) With the coming new year comes new strategies to implement, new budgets to work with, and new threats to prevent from harming your business. I’ve personally seen a shift in the past year where more organizations are moving beyond the basic understanding of what threat intelligence is and moving into a planning and implementation process to start benefitting from the value that good intel can provide

Marketplace

CISOs must assess risks and identify the real security budget (Help Net Security) Organizations spend an average of 5.6 percent of the overall IT budget on IT security and risk management, according to Gartner. However, IT security spending ranges from approximately 1 percent to 13 percent of the IT budget and is potentially a misleading indicator of program success, analysts said

Why cybersecurity companies fail at selling to CISOs... and what to do about it (CSO) One CISO is so fed up with cybersecurity vendors, he wrote a manifesto for them

Cyber in Business- addressing the cyber skills shortage (CSO) The health sector has been a major target for threat actors over the last year or so. Hospitals in the United States have been heavily targeted with the pathology department at Royal Melbourne Hospital bringing the problem onto our own shores

Fading anonymous social network Yik Yak is laying off most of its employees (TechCrunch) Yik Yak, the once universally recognized anonymous social network that virally took over college campuses back in 2014, is planning to lay off a “significant” number of employees, first noted by The Verge. The company is said to be retaining mostly engineers as it notified its team of about 50 employees earlier this morning

3M to sell identity management business to Gemalto (Reuters) 3M Co (MMM.N), the maker of Scotch tape and Post-it notes, said it had entered into agreements to sell its identity management business to Amsterdam-based digital security company Gemalto (GTO.AS) for $850 million

Accenture Acquires Defense Point Security LLC (Washington Executive) Accenture announced Dec. 2 its acquisition of Defense Point Security LLC. DPS is now a wholly owned subsidiary of Accenture Federal Services. Terms of the transaction are not being disclosed

Chinese investment fund abandons Aixtron takeover after US blocks deal (Domain-b) China's Fujian Grand Chip Investment Fund (GCI) has abandoned its takeover bid for German chip equipment maker Aixtron SE after US President Barack Obama blocked the deal

Gary Fish invests $4M in Virginia security firm Haystax Technology (Startland) Kansas City-based technology accelerator Fishtech Labs announced its second investment Thursday

McLean-based Haystax to use $4 million investment to identify insider threats (Washington Post) Haystax Technology, a McLean-based company that helps Super Bowl organizers and government agencies track security threats by analyzing millions of web-based data points, is embarking on a company-wide pivot towards helping organizations identify “insider threats;” employees who leak confidential information

Mach37 Announces New Platinum Sponsor: General Dynamics Mission Systems (Dark Reading) Private sector sponsorship expedites Virginia's quest to become the cybersecurity capital of the world

Better Buy: FireEye, Inc. vs. Check Point Software Technologies Ltd. (Motley Fool) Both data security upstarts offer compelling reasons to invest, but which one looks like the best buy now?

Valuation Details Of KKR's Optiv Acquisition A Good Sign For FireEye (Benzinga) Private equity firm KKR announced it has entered into an agreement to acquire Optiv Security Inc., although the financial details of the transaction have yet to be disclosed

Palo Alto, Fortinet: The ‘Binge’ Is Over, Says UBS, Tread Carefully (Barron's) UBS analyst Brent Thill today warns that most vendors of security technology are “feeling a pinch,” including Palo Alto Networks (PANW) Fortinet (FTNT), and Check Point (CHKP), as the big spending “binge,” by customers, in 2014 and 2015, is now definitely over

Enlighten awarded big-data security contract (C4ISRNET) Enlighten IT Consulting has been awarded a $40 million task order for continued development of the Big Data Platform (BDP)

Stopping Cybersecurity Threats Propels Varonis to List of Fastest-Growing Tech Companies For Second Straight Year (Information Security Buzz) Varonis Systems, Inc. (NASDAQ:VRNS), a leading provider of software solutions that protect data from insider threats and cyberattacks, today announced that it has been named in the 2016 Deloitte Technology Fast 500 list as one of the fastest-growing technology, media, telecommunications, life sciences and energy tech sector companies in North America

Hamilton Turner, Ph.D., Named Chief Technology Officer of OptioLabs (BusinessWire) Achievements as OptioLabs Senior Director of Engineering and Research, experience with Android security, propels Turner into new leadership role

Research and Development

ThreatMetrix Awarded Two Patents for Fraud Prevention and Authentication (MarketWired) Latest patents advance technology innovation and leadership to further shape the Digital Identity landscape

Security Patches, Mitigations, and Software Updates

Yahoo Mail XSS Bug Worth Another $10K to Researcher (Threatpost) The déjà vu is real for Finnish security researcher Jouko Pynnonen

Cyber Attacks, Threats, and Vulnerabilities

An ISIS video tells its followers to attack Shiites and Americans in Bahrain (Military Times) The Islamic State group is calling on its followers to launch attacks in Bahrain and to target American military personnel stationed on the tiny island ahead of a visit by the U.S. defense secretary

ISIS in the Caribbean (Atlantic) Trinidad has the highest rate of Islamic State recruitment in the Western hemisphere. How did this happen?

North Korea Has Done It Again: Hacks South Korean Cyber Command, No End To Bitter Rivalry (Science World Report) To add to its list of the seemingly erratic ventures and acts, North Korea has allegedly hacked the cyber command of South Korea. North Korea and its leaders are quite (in)famous globally for their tactics and policies. And it seems like there is no stopping as North Korea has done it again! It so appears that North Korea has recently leveled a cyber-attack against Seoul. This news has been reported by the Seoul military on December 6 and 7

Russian cyberspies likely behind DNC breach move on to German election (CSO) Fancy Bear has been allegedly targeting political parties in the country using spear-phishing attack

Russische Propaganda und Desinformation (Bundesamt für Verfassungsschutz) Seit dem Beginn der Ukraine-Krise erheblicher Anstieg russischer Propaganda- und Desinformationskampagnen in Deutschland

Ghana election commission website hit by cyber attack (BBC) Hackers have targeted the website of Ghana's electoral commission as votes are counted after tightly contested elections

The Botnet That Broke the Internet Isn’t Going Away (Wired) When the botnet named Mirai first appeared in September, it announced its existence with dramatic flair. After flooding a prominent security journalist’s website with traffic from zombie Internet of Things devices, it managed to make much of the internet unavailable for millions of people by overwhelming Dyn, a company that provides a significant portion of the US internet’s backbone. Since then, the number attacks have only increased. What’s increasingly clear is that Mirai is a powerfully disruptive force. What’s increasingly not? How to stop it

ThyssenKrupp secrets stolen in ‘massive’ cyber attack (Interaksyon) Technical trade secrets were stolen from the steel production and manufacturing plant design divisions of ThyssenKrupp AG in cyber attacks earlier this year, the German company said on Thursday

“Professional” hackers steal industrial secrets from ThyssenKrupp (Hot for Security) ThyssenKrupp, one of the world’s major steel makers, has said it has fallen victim to a “professional” hacking attack, with the intent of conducting industrial espionage and stealing trade secrets

Data Theft At ThyssenKrupp Highlights Industrial Espionage Threat (Dark Reading) German conglomerate confirms it was a victim of a cyberattack in which intellectual property belonging to some of its businesses was stolen

Crooks Start Deploying New "August" Infostealer (Bleeping Computer) During the month of November 2016, a cyber-crime group has started deploying a new malware family nicknamed "August," used mainly for information gathering and reconnaissance on the infected target's computer

'We could not deliver your parcel' email could be scam (USA Today) As Christmas approaches, experts suggest an extra dollop of caution before clicking on email package delivery notices. Fake notifications are proliferating, bringing not holiday cheer — but holiday ransomware

Phishing from the Middle: Social Engineering Refined (Guardian) Phishing attacks have long been associated with malicious emails that spoof well-known institutions in order to trick users into coughing up credentials to banks accounts, email accounts, or accounts for major online services. Phishes that exploit the good name of trusted brands familiar to users have also been known to deliver ransomware, backdoors, and other malicious software designed to compromise the companies and organizations those users work for

Symantec: 95.4 percent of PowerShell script is malicious (Inquirer) And yet Microsoft is promoting it in the next Windows build

Researchers Question Security in AMD’s Upcoming Zen Chips (Threatpost) As more computing heads to the clouds, security researchers are questioning the security of virtual machine control panels called hypervisors. One of the first hardware-based solutions to address these concerns will be deployed by chip manufacturer AMD, called Secure Encrypted Virtualization. The feature is part of its upcoming x86 AMD Zen server family of microprocessors, slated to be released in the second quarter of 2017

Q&A with Andrei Barysevich, director of advanced collection at threat intelligence firm Recorded Future (SC Magazine) SC: How do the operators on the dark web use the services: for DDoS attacks, for ransomware attacks?

Litigation, Investigation, and Enforcement

'Avalanche’ Crime Ring Leader Eludes Justice (KrebsOnSecurity) The accused ringleader of a cyber fraud gang that allegedly rented out access to a criminal cloud hosting service known as “Avalanche” is now a fugitive from justice following a bizarre series of events in which he shot at Ukrainian police, was arrested on cybercrime charges and then released from custody

Суд Полтавы отказался арестовывать киберпреступника, которого 4 года разыскивали Европол и ФБР (Преступности НЕТ) Октябрьский районный суд Полтавы отказался арестовывать задержанного 30 ноября Геннадия Капканова, которого разыскивают за выманивание конфиденциальных данных и DoS-атаки в 180 странах мира

Republicans ready to launch wide-ranging probe of Russia, despite Trump’s stance (Washington Post) Leading Senate Republicans are preparing to launch a coordinated and wide-ranging probe into Russia’s alleged meddling in the U.S. elections and its potential cyberthreats to the military, digging deep into what they view as corrosive interference in the nation’s institutions

Trump, Russia and the U.S. Election (FactCheck: the Wire) President-elect Donald Trump again discounted the possibility that Russia was behind the hacking of U.S. political organizations, including the Democratic National Committee’s servers, despite evidence to the contrary

Georgia Says Someone in U.S. Government Tried to Hack State’s Computers Housing Voter Data (Wall Street Journal) Unsuccessful intrusion came on Nov. 15 apparently via Department of Homeland Security IP address

Georgia’s secretary of state: DHS tried to breach our firewall (CyberScoop) Georgia’s secretary of state has claimed the Department of Homeland Security tried to breach his office’s firewall and has issued a letter to Homeland Security Secretary Jeh Johnson asking for an explanation

[Letter from Georgia's Secretary of State to the US Secretary of Homeland Security] (State of Georgia, Office of the Secretary of Sate) On November 15, 2016, an IP address associated with the Department of Homeland Security made an unsuccessful attempt to penetrate the Georgia Secretary of State's firewall. I am writing you to ask whether DHS was aware of this attempt and, if so, why DHS was attempting to breach our firewall

Your Public Facebook Posts Might Still Be 'Private' In UK Cops' Eyes (Motherboard) Cops are all over social media, using monitoring tools to keep tabs on sporting events, protests, and more. These tools often aren't just about gathering public posts or tweets; sometimes, they're used to scrape metadata in aggregate and map out somebody's movements over time too

FBI will increasingly rely on foreign help to stop hackers, Assistant AG says (CyberScoop) The emergence of cybercrime as a global phenomenon is causing the FBI and Justice Department to increasingly rely on international law enforcement collaboration, legal treaties and informal agreements in addition to cooperation from the private sector, Assistant Attorney General for the Criminal Division Leslie Caldwell described, Thursday

Judge throws out Marine Corps decision to remove officer who sent classified warning to colleagues (Washington Post) A federal judge has tossed out a Marine Corps decision to remove an officer from the service after he sent classified information through an unclassified email server while warning colleagues in Afghanistan about the security threat posed by a police chief whose teenage servant later killed three Marines

Phone-Cracking Cellebrite Software Used to Prosecute Tortured Dissident (Intercept) The Israel-based firm Cellebrite, which specializes in software that breaches cellphones, enjoys a reputation as a silver bullet in 21st-century policing whose products are used only to beat terrorists and find abducted kids. Like any good, vaguely sinister corporate spy outfitter, the company has never publicly confirmed which governments are among its customers, and deflects questions about whether it would sell its infamously powerful software to a repressive, rights-violating regime

Man who hacked 130 celebrities jailed for five years (Naked Security) Maybe you’ll recall 24-year-old Bahamian Alonzo Knowles, who recently pleaded guilty to hacking the email accounts of some 130 media, sports and entertainment celebrities? And trying to sell everything from their confidential scripts to their sex tapes? The judge just threw the book at him: five years in federal prison

Design and Innovation

Fingerprint passwords not theft-proof (AP via the Longview News-Journal) It sounds like a great idea: Forget passwords, and instead lock your phone or computer with your fingerprint. It's a convenient form of security — though it's also perhaps not as safe as you'd think

Audi’s new traffic light countdown seems basic, but it’s a big step for autonomy (Ars Technica) If cars are going to get better at driving you around, they’re going to have to talk to the city

ISIS tries for more online inspiration. Germany says Fancy Bear is already beginning pre-election information operations. US Congress seems likely to investigate Russian election influence operations. US state of Georgia asks DHS why it sought to penetrate Georgia's voting system.