The CyberWire Daily Briefing 12.14.16

Cyber Trends

Cyberthreat Analysis for 2017 (Booz Allen Hamilton) Foresights is an annual spotlight of Cyber4Sight’s threat intelligence analysis, drawing on trends and forces from this and prior years in an effort to forecast what the future holds for network security and global policy

Security In 2017: Ransomware Will Remain King (Dark Reading) Businesses, consumers, and security professionals must face this reality and take the necessary steps to educate each other and protect their networks

Top 5 External Threats Of 2017 (Information Security Buzz) Cyber intelligence firm BrandProtect came up with a list of the top 5 threats to watch out for in 2017

‘2017 the Year Of…’ by Alastair Paterson, Digital Shadows (Video) (American Security Today) As we approach the year-end attention of course turns to what we can expect to see in 2017 and what we, as security professionals need to be prepared for

Proofpoint 2017 cybersecurity predictions – humans still the problem (ITWire) Security vendor Proofpoint has predicted that some things will get worse in the enterprise security space. And the biggest weak link is people

Cybersecurity concerns won’t slow in 2017 (Bloomberg Government) As a new administration is established, cybersecurity remains a critical bipartisan issue that impacts all people, from government employees of all levels across the world to industry leaders to individual citizens. Moving into 2017, there’s no slowing down

Employee Reporting of Suspicious Emails Substantially Outweighs Susceptibility to Attacks (Yahoo!) PhishMe Inc., the leading provider of human phishing defense solutions, today released its 2016 Enterprise Phishing Susceptibility and Resiliency Report, which illustrates employee susceptibility to phishing emails and resilience improvements when engaged in security reporting. With phishing still the most common cyber-attack vector leading to data breach, the report analyzes the most successful triggers, themes and emotional motivators leading employees to fall for phishing emails, as well as how reporting can drive a decrease in time to attack detection from days to minutes

The rising use of personal identities in the workplace (Help Net Security) 90% of enterprise IT professionals are concerned that employee reuse of personal credentials for work purposes could compromise security. However, with 68% saying they would be comfortable allowing employees to use their social media credentials on company resources, Gemalto’s research suggests that personal applications (such as email) are the biggest worry to organisations

Gemalto study reveals security concerns over convergence of personal and workplace identities (Yahoo!) 90% of IT professionals are concerned about employees using their personal credentials for work purposes. 62% of enterprises feel increasing pressure to match consumer authentication methods in the workplace. The use of two-factor authentication is on the rise, with 40% of organizations` employees using it

CEOs Reveal Cyber Naivete as Incidents Rise and Losses Mount (MarketWired) Study commissioned by RedSeal exposes significant disconnect between CEOs' confidence in defense strategies and actual results, points to requirement for real-time measures of network security

Consumers regularly share passcodes, creating compromising situations (Help Net Security) Consumers keep more and more sensitive personal and professional information on their mobile phones, but most people remain alarmingly casual about adequately protecting that private content, according to Keepsafe

SentinelOne Survey Reveals Security Vendors are Under Pressure to Offer Cyber Guarantees (MarketWired) 95 percent of organizations want to see security vendors offer guarantees and 88 percent would change their IT security supplier for one who does

Ransomware Research: Cyber Insurance & Cyber Guarantees (Sentinel One) Almost half (48%) of those surveyed state that their organization has suffered a ransomware attack in the last 12 months (sheet 6). Those who have been affected have had to defend against six attacks on average (sheet 8), with the majority (94%) stating that there was an impact on their organization as a result of these ransomware attacks

Should security vendors offer product guarantees? (Help Net Security) A new Vanson Bourne survey of 500 businesses in the UK, US, France and Germany revealed that nine in ten companies want to see IT security vendors offer a guarantee on their products and services, and 85 per cent claim they would change providers if they could find an alternate IT security vendor who offers a guarantee

The Internet Of Things: When Bigger Is Not Better (Dark Reading) What happens when 10,000 companies add programmability and connectivity to their products, and we increase the Internet's attack surface by a million times or more?

Legislation, Policy and Regulation

How might China’s cyber-spies adapt to Trump’s America? (CyberScoop) Chinese cyber-espionage efforts against American companies and government properties are predicted to increase during President-elect Donald Trump’s first year in office, according to a new analysis from global consulting firm Booz Allen Hamilton, but experts say it’s tough to forecast exactly how the U.S.-China cybersecurity relationship will change

How to Wage Hybrid War on the Kremlin (Foreign Policy) President Obama has been shamefully derelict in making Putin pay a price for his aggression. It’s time to give Vladimir a taste of his own medicine

The time for a national cyber Skunk Works is now!uncle sam (CSO) A blueprint for taking a leap forward in cybersecurity battlefield success

No need to start over on cybersecurity (Lincoln Journal-Star) President-elect Donald Trump’s to-do list is one of colossal proportions, made longer by his vow to overturn most of what President Barack Obama did during his eight years in office

What Can We Expect Out of Trump’s Cyber Summit? (New York Magazine) President-elect Donald Trump is planning to meet with tech industry leaders on Wednesday, the latest in a series of meetings in which famous people are photographed entering the lobby of Trump Tower, 20 minutes pass, and then Trump is photographed giving the thumbs-up

Snowden says govt surveillance will make social media users vulnerable (Hindustan Times) In a message to US President-elect Donald Trump, the National Security Agency (NSA) whistleblower Edward Snowden said government surveillance programmes will create “vulnerabilities” for social media users

Sen. Peters Applauds DOT Proposed Rule Requiring Vehicle-to-Vehicle Communications Technology in New Vehicle Models (Office of Senator Gary Peters) Vehicle-to-vehicle communications allow cars to communicate wirelessly to avoid crashes

Products, Services, and Solutions

Recorded Future Adds Technical Threat Intelligence to Fuel All-Source Analysis Breakthrough (Yahoo! Finance) Recorded Future, the real-time threat intelligence leader, today announced new technical threat intelligence that enables security teams to rapidly find connections in threat data and drive security actions with confidence. The challenge defenders face is making sense of data from technical threat sources that are scattered across multiple sites and systems. Recorded Future is the first to deliver deep integration of technical and open source intelligence (OSINT) into a single product. The combination gives security teams powerful all-source analysis capabilities, reducing the risk to their business

Delta Risk Named Amongst "Top 10 Managed Security Service Providers 2016" by Enterprise Security Magazine (CBS58) Managed security services firm combines latest technology with cyber security experts to protect businesses, government agencies

Tremolo Security Announces Cloud Native Identity Management System (PRNewswire) Tremolo Security today announced the latest release of their cloud native identity management system Unison and their open source project OpenUnison. In a blog post on their website, CTO Marc Boorshtein, points out the power of cloud native solutions, "What makes the cloud native revolution so important is its ability to give you both the control of local infrastructure while having the speed of Software as a Service. This power shouldn't be slowed down by adding identity management, it should be accelerated"

CyberVista Announces 2017 Board And Executive Cyber Risk Workshops (PRNewswire) Registration now open for one-day Cyber Resolve Events in New York, San Francisco, and Chicago

DB Networks Launches Industry's First Artificial Intelligence-Based Agentless Database Activity Monitoring (WLOX) Machine learning database security combined with privileged account activity monitoring technology from CyberArk better protects against database attacks and eases compliance

Infoblox and Qualys Team to Streamline Vulnerability Management, Compliance, and Threat Remediation (GlobeNewswire) Integration of Infoblox DDI technology with Qualys Cloud Platform accelerates network visibility of new devices and malicious events

Hexadite Launches Automated Security Alliance Program (BusinessWire) Leaders in cybersecurity technology advance security automation and orchestration capabilities through collaboration and technical integrations

Infoblox Technology Alliance Partner Program Helps Enable Seamless Integrations to Optimize Network Automation and Security (GlobeNewswire) Powerful combination of security solutions aids mission-critical efforts, including compliance, incident response, and cloud and asset management

Arctic Wolf Networks Chosen by Hornblower to Provide Security Operations Center (SOC)-as-a-Service (BusinessWire) AWN CyberSOC protects Hornblower from repeated phishing attacks that bypass traditional perimeter defenses

Covata wins Internet of Security (IoT) Solution Award for its Delta product at The Computing Security Excellence Awards (RealWire) Covata Limited (ASX: CVT), a global leader in data-centric security solutions for enterprise and government, has been awarded the IoT Security Solution Award at the 2016 Computing Security Excellence Awards in London for its Covata Delta product

Head Italia Partners with root9B to Provide Cybersecurity Solutions (PRNewswire) root9B, a root9B Holdings (OTCQB: RTNBD) company and leading provider of advanced cybersecurity products, services, and training announced today its partnership with Head Italia, specialized in the integration, sale, and technical support of advanced military systems. This partnership will provide Italian government and defense customers with cybersecurity solutions to protect their critical data and infrastructure

Telos Corporation to Provide Automated Message Handling System to a Member of the Intelligence Community (Telos) Telos® Corporation, a leading provider of continuous security solutions and services for the world’s most security-conscious organizations, today announced that it has received an award for an enterprise-scaled Automated Message Handling System (AMHS) from a member of the Intelligence Community

Facebook helps companies detect rogue SSL certificates for domains (CSO) The company developed a tool that monitors Certificate Transparency logs and alerts domain owners of new certificates

NC4 Announces Soltra-Based Cyber Threat Intelligence Solutions (PRNewswire) NC4 CTX family now includes Soltra Edge

Owl Computing Technologies Receives Latest OPC Foundation Certification (PRNewswire) Exhaustive testing process proves robustness of Owl's data diode cybersecurity solution

Rambus Renews License Agreement With Thales (Yahoo!) Rambus Inc. (RMBS) today announced it has renewed its DPA countermeasures license agreement with Thales e-Security. Under this new five-year agreement, the Thales line of hardware security modules (HSMs) will be protected against side-channel attacks in a variety of systems, including high-performance data center appliances. Specific terms of the agreement are confidential

AVG Free Antivirus and Internet Security betas released (Betanews) AVAST has announced betas of AVG Free Antivirus 15 (32-bit here) and AVG Internet Security 17 (32-bit here)

BankPlus Signs Three-Year Contract Renewal for Zix Email Encryption (BusinessWire) ZixCorp’s seamless user experience and valuable customer support ease email compliance and customer privacy for BankPlus

Psagot Investment House deploys groundbreaking cyber security platform (Jerusalem Post) Cyber security company TrapX announced on Monday that Israel’s Psagot Investment has embedded the company’s groundbreaking security platform into its systems

Lieberman Software And Core Security Agree To OEM Alliance (Information Security Buzz) Lieberman Software licenses its privileged identity management technology to Core Security to build value added integrations

Dashlane 4.6.5: Protect all your sensitive online data across desktop and mobile (Tech Central) These days, a third-party password manager is de rigueur for anyone venturing on to the internet with a clutch of online accounts. You won’t last long relying on weak, easily guessable passwords to protect your personal data when online, so password managers like LastPass that lock all your passwords away behind a single, master password, have much to recommend them

CounterTack Joins IBM Security App Exchange Community (BusinessWire) The CounterTack Sentinel App for QRadar now part of collaborative development to stay ahead of evolving threats

Technologies, Techniques, and Standards

End the air gapping myth in critical infrastructure security (Help Net Security) In an environment where we’re seeing increasing demand for connectivity between operational technology (OT) and IT, security teams have to dispel the air gapping myth to acknowledge that IT influences can exploit OT connections

When your threat intelligence just isn’t producing value you need to pivot (CSO) Josh Lefkowitz of Flashpoint shares his experience leading the pivot from threat intelligence to business risk intelligence and explains the enterprise benefit for security leaders

When it comes to IoT, more security is needed (SC Magazine) Sometimes it takes a monumental event for an industry to change. The Target hack during the holiday season of 2013 – in which some 40 million credit card numbers were stolen – changed people's attitudes about security forever. And the same holds true with the attack on DNS provider Dyn last October: Internet of Things (IoT) devices were compromised and turned into bots that slowed access and, in some cases, shut down frequently visited websites such as Amazon, Twitter and PayPal

How to Automate Governance, Risk and Compliance (Infosecurity Magazine) IT governance, risk management discipline, information security policy and legal compliance requirements all place a burden on companies to ensure their governance, risk and compliance (GRC) policies protect customers, staff and stakeholders

Don’t let your former IT staff sabotage your company (Bitdefender) A recent news story has brought to mind a threat which probably sends a shiver down the spine of many system administrators

Marketplace

Signifyd and ThreatMetrix® Combine Machine Learning and Digital Identities to Eliminate Online Payment Fraud (Yahoo! Finance) Leading ecommerce fraud prevention company, Signifyd and ThreatMetrix®, The Digital Identity Company® announced today they will combine efforts to eliminate online fraud for their customers. The partnership enables ecommerce merchants to remove the liability for fraud by leveraging the power of the ThreatMetrix Digital Identity Network® through Signifyd’s Guaranteed Payments solution

CISOs bridge communication gap between technology and risk (CIO) Talking about security as a business risk means changes to CISO role

Blog: ZeroPoint Earns Mega Points with DHS (SIGNAL) The department transitions a new cybersecurity technology to the market

MACH37 Cyber Accelerator Opens Applications for Spring 2017 Session (PRWeb) The MACH37 Cyber Accelerator has officially announced it will begin accepting applications from information security product startups and security entrepreneurs for its Spring 2017 (S17) Cohort that begins on March 14th. The MACH37 program consists of an intense 90-day program in which the selected startups are coached in all aspects of creating a sustainable and successful business

Private equity group to purchase Neustar for $2.9 billion (Washington Business Journal) Sterling-based information services company Neustar, Inc. (NYSE: NSR) has agreed to be purchased by a private investment group for $2.9 billion, according to an announcement

Palo Alto: What To Expect In 2017 (Seeking Alpha) Palo Alto's growth story is about to reach the last chapter. There are a lot more tales to be told in subscription growth, up-sells and cross-sells. What should we expect in 2017?

3 Reasons Why Cisco Systems, Inc. (CSCO) Stock Is a Buy Now (Investor Place) Cisco stock has declined in recent days, but CSCO has a lot to offer

Brisbane security reseller Kudos Australasia enters administration owing almost $1 million (CRN) Brisbane-based security and audio-visual company Kudos Australasia has entered administration owing almost $1 million to creditors

US cyber security mission to showcase Australian credentials (Invest in Australia) Australia’s world-class cyber security capabilities and researchers will be showcased to global players attending the RSA Conference in San Francisco from 13–17 February 2017

WISeKey to Establish a Join Swiss China Blockchain Center of Excellence to Deploy a Trusted Blockchain Platform in China (PhillyPurge) WISeKey International Holding Ltd (“WISeKey”)(SIX:WIHN), a leading cybersecurity company today announced a project to establish a join Swiss China Blockchain Centre of Excellence to deploy a Trusted Blockchain as a Service platform

IBM launches cyber security centre for India (Times of India) IBM has launched what it says is a state-of-art cyber security command centre in Bengaluru to offer customized security solutions to its Indian clients.The company says it planned this long before the extra push for digital in India came from demonetization. But the current environment makes the move look particularly relevant. Concerns about security are becoming top-of-mind for many involved as the Modi government aggressively pushes digital payments

Ulevitch to Head Cisco's Security Operations (Light Reading) Cisco has named David Ulevitch head of its Security Business, succeeding David Goeckeler, who last June was promoted from managing the company's security operations to handle both security and Cisco's core networking hardware business as senior vice president and general manager of the Networking and Security Business

Research and Development

$1.1 Million NSF Grant for Penn Researchers to Protect Internet Security (University of Pennsylvania Almanac) University of Pennsylvania researchers Nadia Heninger, Ted Chinburg, Brett Hemenway and Zach Scherr are trying to break the internet—but only so they can protect it

Security Patches, Mitigations, and Software Updates

New Critical Fixes for Flash, MS Windows (KrebsOnSecurity) Both Adobe and Microsoft on Tuesday issued patches to plug critical security holes in their products. Adobe’s Flash Player patch addresses 17 security flaws, including one “zero-day” bug that is already actively being exploited by attackers. Microsoft’s bundle of updates tackles at least 42 security weaknesses in Windows and associated software

Microsoft Patches Publicly Disclosed IE, Edge Vulnerabilities (Threatpost) Microsoft today patched a half-dozen critical browser vulnerabilities that have been publicly disclosed, but apparently not used in attacks as of yet

Microsoft Patches Dangerous Backdoor In Skype For Mac OS X (Dark Reading) Vulnerability would have let attackers record calls, intercept and read messages, and siphon out all kinds of data, Trustwave says

Adobe Patches Flash Zero Day (Industrial Safety and Security Source) Adobe released monthly security patches, fixing flaws in its Flash Player, ColdFusion Builder, and InDesign

Netgear pushes out beta firmware for vulnerable router models (Help Net Security) Netgear has confirmed that eight of its router models are vulnerable to device hijacking due to a vulnerability that can be easily exploited by remote, unauthenticated attackers

Cyber Attacks, Threats, and Vulnerabilities

NWH Hacker Steals 30,000 Passport Records from Russian Consulate Website (HackRead) Kapustiky says he did it for good

Ukraine's defence ministry says website hit by cyber attack (Reuters) Ukraine's defence ministry said on Tuesday its website was down due to cyber attacks that appeared aimed at disrupting it giving updates on the pro-Russian separatist conflict in eastern regions

Don't like Russian cyberspies? Tips to stop state-sponsored hackers (CSO) Russian cyberspies and other state-sponsored hackers remain a serious threat

Venezuelan Authorities Question Bank President over Cyber Attacks (Venezuelanalysis) Venezuelan authorities interrogated Banco de Occidental Descuento (BOD) president Víctor Vargas Sunday morning for his alleged involvement in the cyber attacks on digital banking systems Friday December 2nd

Venezuela warns about cybercrime (The Hindu) Venezuela, which like India has withdrawn its highest currency note from the market, has cautioned New Delhi about cyber crimes that target digital economy

Spectacular $81m bank cyberheist ‘was not a one-off’ (Naked Security) February’s spectacular $81m (then £54m) cyberheist against Bangladesh Bank and the global Swift bank messaging system was no one-off, a leaked letter has revealed

Loki Trojan Infects Android Libraries and System Process to Get Root Privileges (Bleeping Computer) Malware authors have released a new version of the Android Loki trojan, which can now infect native Android OS libraries after an earlier version had previously gained the capabilities to infect core operating system processes

More Android-powered devices found with Trojans in their firmware (Help Net Security) Doctor Web researchers have discovered two types of downloader Trojans that have been incorporated in the firmware of a number of Android-powered devices

Low-cost Android Smartphones Shipped with Malicious Firmware (HackRead) The malware collects data and spams devices with ads

Gooligan: Malware is not the only problem (Cyber Parse) Many users of Android mobiles have been alarmed by a recent warning that the Gooligan malware has infected over a million devices around the world, although only about 9 per cent of the victims are located in Europe

Researchers discover serious deficiencies in 'secure' Android apps (Computing) Out of nine apps tested, none implemented encryption properly

BugSec, Cynet Discover Critical Flaw Allowing Attackers to Read Private Facebook Messenger Chats (PRWeb) ‘Originull’ security flaw gave hackers access to chats, photos of 1-billion Facebook Messenger users; Facebook has investigated and fixed flawed component; Originull also potentially affects millions of websites using origin restriction checks

Nymaim using MAC addresses to uncover virtual environments and bypass antivirus (Naked Security) Nymaim, a malware family connected to several online ransom campaigns in recent years, is retrieving network card MAC addresses and using them to uncover virtual environments, thwarting automated antivirus analysis tools in the process

Insecure pagers give hackers an entry way into voice mails, conference calls (CSO) All it takes is a $20 dangle and some patience, and an attacker can listen into a company's pager communications -- including transcribed voice mail messages and dial-in instructions for conference calls

Data enrichment records for 200 million people up for sale on the Darknet (CSO) More than just PII, the records contain additional financial information and spending habits

Banff Centre allegedly cyber attacked by employee (Rocky Mountain Outlook) A Banff Centre has been hacked and one of its own has been charged by RCMP in relation to the cyber attack that occurred a year ago

The Most Dangerous Places To Play 'Pokemon Go' (Motherboard) Niantic Inc., the creative force behind Pokémon Go, announced on Monday that they will be adding second generation Pokemon to their virally popular mobile game. But players will not find these latest battle monsters in the wild. Instead, players must hatch them from eggs that are available at Pokéstops—refueling stations where players can stock up on Pokéballs and unhatched eggs

How Argentina’s Political Crisis Gave Rise to Hacker Culture (Motherboard) In December 2001, Argentina was thrown into chaos. The worst violence the South American nation had seen since the early 1980s raged across the country as president Fernando de la Rúa resigned: 39 people were killed, the economy tanked, and police became aggressive against civilian demonstrators

Litigation, Investigation, and Enforcement

Democrats Request Formal Intelligence Community Report on Russian Hacking (Morning Consult) A group of nine Democratic senators on Tuesday requested a formal intelligence community finding regarding the scope of the Russian government’s intervention in the U.S. presidential election process

Think Tank: DNC Hack Attribution Virtually Impossible (Infosecurity Magazine) A leading IT think tank has raised question marks over recent high-level assertions that Russia was behind cyber attacks designed to influence the outcome of the US election

The DNC keeps the Watergate file cabinet next to server hacked by Russia (Ars Technica) Blow-by-blow account of hack that hit Democratic National Committee

Clinton Staffer Made a Typo and Now Trump Is President (New York Magazine) Now that the election’s over, more Clinton officials and staffers are speaking publicly about the lax operational security that led to multiple hacker intrusions and email leaks, which the intelligence community overwhelmingly asserts were carried out by hackers affiliated with the Russian government. One of those leaks, comprising John Podesta’s large cache of personal emails, had devastating implications for the Democratic campaign, and happened because of … a typo

Did Russia Hack the RNC Too? Here’s What We Know So Far (Defense One) Republican lawmakers and affiliated political organizations were targeted by the same Russian group that hit the DNC

Official: FBI told Illinois GOP of possible email hacking (AP) The FBI told the Illinois Republican Party months before the presidential election that its email accounts may have been hacked, and party officials later found some of its emails on a website reportedly tied to Russia's military intelligence agency, the state GOP's executive director said Sunday

Clapper Claims WikiLeaks Connection With Russian Cyber Attacks Not Strong (Washington Free Beacon) Director of National Intelligence James Clapper told lawmakers last month that the U.S. intelligence community does not have strong evidence showing a connection between WikiLeaks document releases and Russian cyber attacks against American political networks during the 2016 election

The Perfect Weapon: How Russian Cyberpower Invaded the U.S. (New York Times) When Special Agent Adrian Hawkins of the Federal Bureau of Investigation called the Democratic National Committee in September 2015 to pass along some troubling news about its computer network, he was transferred, naturally, to the help desk

Trump is wrong – say experts who caught Russian election hackers red-handed (International Business Times) Cybersecurity firm Crowdstrike caught Russian intruders in DNC computers

Trump's margin up after Wisconsin recount over voting machine security (CSO) A large number of the votes were not recounted by hand

‘Operation Tarpit’ Targets Customers of Online Attack-for-Hire Services (KrebsOnSecurity) Federal investigators in the United States and Europe last week arrested nearly three-dozen people suspected of patronizing so-called “booter” services that can be hired to knock targeted Web sites offline. The global crackdown is part of an effort by authorities to weaken demand for these services by impressing upon customers that hiring someone to launch cyberattacks on your behalf can land you in jail

Symantec sets legal wolves upon Zscaler (Register) Alleges patent infringements by ... hang on, they work together?

John McAfee asks court to block Intel’s security spin-out (CSO) The security expert claims he is entitled to call his new security company by his name

Uber 'God View' allowed staff to spy on high-profile politicians, ex-partners and Beyoncé, court hears (Graham Cluley) Whistleblower claims taxi firm was lax in its security

TalkTalk hack: Teenage boy behind massive data breach given 12-month rehabilitation order (International Business Times) A 17-year-old boy who admitted involvement in a cyber-attack on UK telecoms giant TalkTalk has been sentenced to a 12-month youth rehabilitation order and had his iPhone and hard drive confiscated

Florida court says iPhone passcode must be revealed (BBC) A court in Florida has said a suspected voyeur can be made to reveal his iPhone passcode to investigators

Design and Innovation

Opinion: Cybersecurity needs an offensive playbook (Christian Science Monitor Passcode) In order to beat malicious hackers, the cybersecurity community must develop innovative approaches for deploying – and automating – offensive strategies to find and fix software vulnerabilities