The CyberWire Daily Briefing 12.22.16

Cyber Trends

What the infosec jobs sector will look like in 2017 (CSO) Security experts believe smaller IT companies will outsource parts of their security

Here are the biggest IoT security threats facing the enterprise in 2017 (TechRepublic) The coming year will bring a large-scale IoT security breach, with fleet management, retail, manufacturing, and government at the biggest risk, according to experts

Security Innovation Confirms That the Gap Still Exists (Econo Times) Sponsored by Security Innovation and INTEGRITY Security Services, a Green Hills Software company, the Ponemon Institute has conducted their second annual cybersecurity survey of over 500 automotive developers, engineers, and executives

Data Leaks From Social Networks Threat in 2017, Kaspersky Says (Bloomberg) Breaches more frequent as web giants collect personal data. Russia firm plans social-network memory rescue service

Mobile threats 2016: targeted attacks, major vulns, and innovative malware (Lookout Blog) This year was a prolific one for threat actors, who focused on writing sophisticated code and building on existing threat families, and used familiar distribution techniques

Ransom demands by cybercriminals In India doubled in 2016: Sophos' CEO (CSO) India ranks fourth in a list of countries most targeted by ransomware, says Sophos' CEO Kris Hagerman

More cyber crimes over next 2 years: Deloitte (Deccan Herald) Indian firms believe that incidents of fraud will increase in the next two years, a survey has found. But big companies are still unprepared to tackle cyber crime, while budget comes in the way of small and medium companies while dealing with such cases

Cybercriminals target African countries with ransomware (PC Tech) Check Point has revealed that five African nations were among the top 10 most-attacked countries in November as cybercriminals made increasing use of ransomware attacks using the Locky and Cryptowall viruses

Cybersecurity is a chess marathon with hackers: Carl Herberger (Channel World) DDoS is fast becoming the top concern aspect for CSOs globally, says Carl Herberger, VP-Security Solutions, Radware

Legislation, Policy and Regulation

A Reluctant Digital Power Emerges From the Shadows (The Wire) India hosting the GCCS next year is a chance to consolidate its leadership in foreign policy frontiers like cyber and climate change, where the international regime is not yet on firm ground

The Most Urgent Questions About the Russia Hacks (Atlantic) No foreign power has ever intervened to try to shape a U.S. election with this kind of sophistication and potency

Could US-Russia feud over hacks lead to digital detente? (Christian Science Monitor Passcode) Experts have been trying for years to forge norms for how militaries around the world should operate in cyberspace. Now, tensions between Moscow and Washington over recent political breaches may energize that effort

Jeh Johnson: Obama, administration 'ultimately' responsible for Russian hacking (Washington Examiner) Outgoing Homeland Security Secretary Jeh Johnson admitted Wednesday that President Obama and the administration "ultimately" is most at-fault for the Russian cyber attacks during the U.S. election season this year - attacks that some Democrats have said cost Hillary Clinton the Oval Office

Opinion: What some lawmakers still don't get about encryption (Christian Science Monitor Passcode) A congressional report says encryption makes America safer. Why are these two Representatives refusing to sign on?

Before Trump's presidency, U.S. privacy board in disarray (Military Times) A federal board responsible for protecting Americans against abuses by spy agencies is in disarray just weeks before President-elect Donald Trump takes office

Takeaways From a Trip to the National Security Agency (Council on Foreign Relations) A few weeks ago, I was part of a “National Thought Leaders” visit to the National Security Agency. Famously secretive and opaque (see, No Such Agency), the NSA started conducting this type of outreach after the Snowden disclosures in an attempt to correct what it saw as misunderstandings about its surveillance and intelligence roles. The day consisted of briefings from high level officials involved in NSA operations, information assurance, legal authorities, industry partnerships, and privacy and civil liberties oversight. We also spoke with Cyber Command officials. The briefings were conducted according to Chatham House rules, and below are some of my takeaways, unattributed to any one official

Porn block on new PCs to ‘fight trafficking’ – unless you pay $20 (Naked Security) Proposing a bill that requires computers sold in a state to block access to online porn on the grounds that it “would be another way to fight human trafficking” is an interesting approach to crime prevention. That’s what Bill Chumley, Republican state representative, is suggesting in South Carolina

Products, Services, and Solutions

Gogo Launches Bug Bounty Program Via Bugcrowd (Dark Reading) Researchers to target Gogo's ground-based gogoair.com and airborne gogoinflight.com domains for vulnerabilities

Gogo: The leading provider of inflight internet and entertainment ($100 - $1,500 Per Bug). (Bugcrowd) For this program, we're inviting researchers to test Gogo's ground based public website as well as Gogo's airborne systems for security vulnerabilities. These systems are used by Gogo's customers to access the Internet, view on-demand video content, as well as watch live TV

Mac Antivirus Protection: Best and Worst Revealed (Yahoo! Tech) If you're hoping to protect yourself against threats to macOS Sierra, there are a handful of security tools you should be trying out

AT&T Debuts 'Call Protect' Service to Protect Against Robocalls (Mac Rumors) AT&T today announced Call Protect, a complementary service aimed at protecting its users from automated phone calls, also referred to as robocalls. The service debuts five months after the U.S. Federal Communications asked wireless companies to offer free robocall blocking services

Sophos Sandstorm comes to XG Firewall (Sophos Blog) Keeping intruders away from your network is an essential first line of defense. However, cybercriminals are constantly updating and refining their methods of attack, using unknown malware to evade conventional protection

Free security tools to support cyber security efforts (CSO) More cyber security freebies than you knew existed

Technologies, Techniques, and Standards

Security Analytics: Don't Let Your Data Lake Turn Into A Data Swamp (Dark Reading) It's easy to get bogged down when looking for insights from data using Hadoop. But that doesn't have to happen, and these tips can help

How Metadata Can Reveal What Your Job Is (Motherboard) In November, a federal court ruling revealed that CSIS, Canada’s CIA analog, operated a secret metadata collection program for a decade; metadata being all of the information—time stamps, locations, names and numbers—wrapped around our digital communications

Lawyers can no longer leave cyber security to the IT manager (InDaily) Cyber attacks not only cost law firms time and money - they could also have professional conduct implications, writes legal affairs commentator Morry Bailes

Single Sign-On Buying Guide (eSecurity Planet) Deploying a single sign-on system can improve productivity and lead to better password hygiene, but it also carries some risks

Our 12 tips for staying safe online this Christmas (Naked Security) Here are 12 cybersecurity tips to help you focus on family, food and fun over Christmas, rather than dealing with the headache of stolen credit card details or important documents lost to ransomware

Marketplace

Unleashing a Cyber Market Force (LinkedIn) Having called cyber risk existential myself, Senator John McCain’s quote this past weekend that Russian hacking represented the “possible unraveling of the world order” and could “destroy democracy”, struck me as perhaps a turning point. America needs to rally on a theme to fundamentally reshape our societal approach to cyber threats. But first we must properly define the problem. Representing cyber as a threat to global stability and Western free markets is a good start

Despite Successful Attacks, Orgs Aren't Upping Security Budgets (Infosecurity Magazine) Despite significant concerns over both new threats (ransomware, specifically) and age-old, persistent ones (users unknowingly triggering attacks), for the majority of organizations, next year’s security plan essentially boils down to more of the same

What could happen to Yahoo if Verizon backs away from its $4.8 billion deal (Washington Post) As rumors swirl about Verizon's plans for acquiring Yahoo, business analysts say the former search giant could see choppier waters ahead if Verizon backs out of the deal, as some observers have suggested it should do

Coalfire Announces Acquisition of Cybersecurity Leader, Veris Group (BusinessWIre) Combination positions Coalfire with unparalleled cyber risk, compliance, technical testing, and security engineering capabilities

Palo Alto Gets Great Marks, FireEye Deteriorates, in Piper Survey (Barron's) Piper Jaffray’s Andrew Nowinski this morning offers up to clients a summary of a meeting he assembled last week between investors and security technology consultants and resellers, the substance of which was encouraging for vendors Palo Alto Networks (PANW), Symantec (SYMC), and Proofpoint (PFPT), but discouraging for FireEye (FEYE)

Will 2017 Be Palo Alto Networks Inc's Worst Year Yet? (Fox Business) Shares of Palo Alto Networks (NYSE: PANW) have fallen nearly 30% this year, due to slowing sales growth, widening GAAP losses, and the threat of rising competition. By comparison, the PureFunds ISE Cybersecurity ETF (NYSEMKT: HACK) -- which owns a basket of top cybersecurity-related stocks -- rose 4% during that period

Twitter is ‘toast’ and the stock is not even worth $10: Analyst (CNBC) Twitter is "toast" as a company and the stock is not even worth $10, according to a research note published Tuesday, following the departure of another top executive at the social media service

Intelligence personnel aren’t fleeing because of Trump rift (Christian Science Monitor Passcode) Headhunters well-known for helping US spies find jobs in the private sector say intelligence analysts and officials, including those who specialize in cybersecurity, aren't running for the exits even though President-elect Trump has openly dismissed their findings

Pwnie Express Inducted Into SC Magazine's Industry Innovators Hall of Fame (Yahoo! News) Pwnie Express, the leading provider of device threat detection for wired, wireless, and Internet of Things (IoT) devices, has been inducted into the SC Magazine's Industry Innovators Hall of Fame. Induction into the Industry Innovators Hall of Fame is a noteworthy honor, reserved for three time SC Magazine innovator winners who "show creativity and innovation in product, business practices and go-to-market strategy"

ERPScan Named "HOT in 2016" Winner in Palo Alto by Owler (PR.com) ERPScan, the most reliable SAP and Oracle Cybersecurity vendor, announced today it was named an Owler HOT in 2016 winner in Palo Alto

illusive networks Selected by SC Magazine as an Industry Innovator in Next-Generation Security Monitoring and Analytics (PRNewswire) illusive networks today announced that its pioneering Deceptions Everywhere® cybersecurity was selected by SC Magazine as a Next-Generation Security Monitoring and Analytic Innovator in its award-winning annual Reboot '16 Innovators issue

Q&A: Amit Yoran On Leaving RSA, New CEO Role At Tenable And 2017 Security Predictions (CRN) Last week, RSA CEO and industry thought leader Amit Yoran announced he was leaving the Bedford, Mass.-based security vendor to take a role as CEO at Tenable Network Security. The news comes less than four months after Bedford, Mass.-based RSA was acquired by Dell, as part of the EMC Federation. In an interview with CRN, Yoran discussed why he decided to leave RSA and the opportunity he sees at Tenable, which offers a vulnerability assessment and management platform

Kaspersky Lab's North American Channel Chief Bois Leaves Security Vendor (CRN) Kaspersky Lab North American Channel Chief Leslie Bois has left the company as the endpoint security vendor looks to position itself for the next-generation market, CRN has learned

Research and Development

Perfecta Federal Achieves First Patent, Offering Enhanced Communication Privacy for DoD & US Armed Forces (LinkedIn) Perfecta Federal announced yesterday that the patent for Bridge, its multimedia collaboration system, has been approved and published. The product’s application number is 15/026, 704, and its publication number is US 2016/0241623 A1

Security Patches, Mitigations, and Software Updates

VMware removes hard-coded root access key from vSphere Data Protection (CSO) The company also fixed a stored cross-site scripting flaw in ESXi

Nmap security scanner gets new scripts, performance boosts (CSO) Nmap 7.40 has new scripts that give IT administrators improved network mapping and port scanning capabilities

Microsoft closes the year with major security updates for its products (Windows Report) With 2016 almost reaching its departure, Microsoft released their one last ‘Patch Tuesday‘ update for the year. This update has by far the highest number of security updates released in a single patch. It features six critical patches, with the remaining six rated as important. It covered 34 individual flaws, all of which if exploited could lead to Remote Code Execution. So get ready for restarts. It is favorable to not delay the deployment of these patches. Since three of them, address vulnerabilities which have been publicly disclosed

Onapsis Research Labs First to Help Discover and Fix Vulnerabilities in SAP HANA SPS12 - SAP Security Notes December 2016 (Onapsis Security Blog) Today SAP published 23 Security Notes, making a total of 32 notes since last second Tuesday of November, considering several notes that were published outside of the normal publishing schedule. As with every month, the Onapsis Research Labs have an impact on how SAP Security evolves. This month, 6 SAP Security Notes were reported to SAP by our researchers Sergio Abraham, Nahuel Sanchez and Emiliano Fausto (all of them recognized in SAP Webpage). These notes correct 20 vulnerabilities in several platforms that our team has been researching extensively: SAP HANA and SAP For Defense

Cyber Attacks, Threats, and Vulnerabilities

Moscow’s cyber warriors in Ukraine linked to US election (Financial Times) Security firm accuses Russian intelligence’s ‘Fancy Bear’ hackers

Cybersecurity firm finds evidence that Russian military unit was behind DNC hack (Washington Post) A cybersecurity firm has uncovered strong proof of the tie between the group that hacked the Democratic National Committee and Russia’s military intelligence arm — the primary agency behind the Kremlin’s interference in the 2016 election

Danger Close: Fancy Bear Tracking of Ukrainian Field Artillery Units (CrowdStrike Blog) In June CrowdStrike identified and attributed a series of targeted intrusions at the Democratic National Committee (DNC), and other political organizations that utilized a well known implant commonly called X-Agent. X-Agent is a cross platform remote access toolkit, variants have been identified for various Windows operating systems, Apple’s iOS, and likely the MacOS

Energy firm points to hackers after Kiev power outage (Register) Erm, it was hovering between -9˚C and -1˚C that day

Finger of blame pointed at hackers over new Ukraine power outage (Computing) Ukrainians in Kyiv left in the cold after a substation went offline

Russian hacks into Ukraine power grids a sign of things to come for U.S.? (CBS News) Russian hacking to influence the election has dominated the news. But CBS News has also noticed a hacking attack that could be a future means to the U.S. Last weekend, parts of the Ukrainian capitol Kiev went dark. It appears Russia has figured out how to crash a power grid with a click

Hotbed of Cybercrime Activity Tracked Down to ISP in Ukrainian Region Under Russian Control (Bleeping Computer) More details have surfaced regarding a recent wave of brute-force attacks (dictionary attacks to be more accurate) that have targeted WordPress sites over the past few weeks

Exclusive: ISIS Puts Out Holiday Attack List Of U.S. Churches (Vocativ) The terror group threatened "bloody celebrations in the Christian New Year"

Truck attack may be part of ISIS strategy to sharpen divide between Muslims and others (Washington Post) The claim on the official Amaq media channel was short and distressingly familiar: A “soldier of the Islamic State” was behind yet another attack on civilians in Europe, this time at a festive Christmas market in Berlin

Anonymous Shut Down Thai Sites Against Internet Censorship, Surveillance Law (HackRead) A series of cyber-attacks hit Thai government sites soon after passing cyber scrutiny law

UPDATED x1: Mirai Scanning for Port 6789 Looking for New Victims / Now hitting tcp/23231 (SANS Internet Storm Center) Early today, a reader reported they were seeing a big spike to inbound tcp/6789 to their honeypots. We have seen similar on DShield's data started on December 17. It was actually a subject of discussion this weekend and this helpful data from Qihoo's Network Security Research lab attributes the large increase to Mirai, the default-password-compromising malware infected various IoT devices that are internet-connected. It's hard to see in the graph as it is still not a huge (but still it is significant) portion of Mirai scanning traffic. Here is port-specific graphs from Qihoo as well showing the start time of the spike. The command the it tries to execute once logged in is

The new Linux/Rakos, malware threatening devices and servers under SSH scan (Again) (GBHackers On Security) New linux Malware, dubbed Linux/Rakos is threatening devices and servers.The malware is written in the Go language and the binary is usually compressed with the standard UPX tool

Santa Claus is coming to town with a sack full of ransomware (Zscaler) It’s the season: holiday shopping has increased and email inboxes have been inundated with promotional emails, offers from online retailers, and discount banners. And with increased online shopping activity, you can expect to see an increase in activity from the bad actors, too. Cybercriminals are taking advantage of the bustling season by launching various social engineering attacks, including phishing and drive-by download campaigns, to deliver ransomware

Fraudsters target Groupon accounts to make unauthorised purchases – check NOW if you're affected (MoneySavingExpert) A number of Groupon users have seen £100s siphoned from their banks in recent weeks after fraudsters commandeered their accounts to make unauthorised purchases, MoneySavingExpert can reveal. If you've been hacked, make sure you log your case with Groupon ASAP to claim a refund

Groupon Customer Anger After Account Fraud Hits Site (Infosecurity Magazine) Deals site Groupon has come in for fierce criticism after customers started complaining that their accounts had been compromised and used to purchase hundreds of pounds’ worth of goods fraudulently

The new Barnes&Noble Nooks come with free malware (TechCrunch) Barnes & Noble began outsourcing its Nook e-readers a few years ago after a partnership with Samsung and their latest $50 Nook 7 android tablet, announced last month, shows us how that has worked out for them. Their latest e-reader includes ADUPS, a firmware that sends user data back to the manufacturer or an interested hacker. This is the same malware that researchers found on cheap Blu tablets and phones last month

Hackers Have Stolen Millions Of Dollars In Bitcoin -- Using Only Phone Numbers (Forbes) Just after midnight on August 11, self-professed night owl Jered Kenna was working at home in Medellin, Colombia, when he was notified the passwords had been reset on two of his email addresses

Panasonic Plays Down Security Bugs Found in Airplane In-Flight Entertainment Systems (Bleeping Computer) Security firm IOActive published research yesterday detailing security flaws in the in-flight entertainment systems developed by Panasonic Avionics, used by multiple airlines such as United, Emirates, Virgin, KLM, Etihad, Scandinavian, Air France, and many other more

Cyber-criminals Offer Christmas Ransomware Discount (Infosecurity Magazine) Cyber-criminals appear to be getting into the Christmas spirit, with one group offering ransomware victims who intend to pay a festive discount of more than half the original cost

Academia

The University of Maryland Francis King Carey School of Law Launches Two Online Masters Programs (PRNewswire) The University of Maryland Francis King Carey School of Law is pleased to announce the creation of two new online Master's degree programs designed primarily for non-lawyers: a Master of Science in Cybersecurity Law and a Master of Science in Homeland Security & Crisis Management Law

Farsight Security Joins Georgetown University’s Security and Software Engineering Research Center (PRWeb) Provider of the world’s only real-time DNS intelligence becomes affiliate member of S2ERC

S&T Awards $527K To Brigham Young For Cybersecurity Tech (Homeland Security Today) Brigham Young University (BYU) has been awarded $527,112 to develop a web authentication middleware tool called TrustBase that will significantly upgrade the current Internet website authentication process and improve online security by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T)

How The Citizen Lab polices the world's digital spies (Christian Science Monitor Passcode) University of Toronto professor Ron Deibert launched The Citizen Lab in 2001 to become the 'CSI of the internet.' Since then, it has become one of the leading watchdogs for digital censorship and online suppression

Litigation, Investigation, and Enforcement

The attorney general could have ordered FBI Director James Comey not to send his bombshell letter on Clinton emails. Here’s why she didn’t. (Washington Post) Twelve days before the presidential election, FBI Director James B. Comey dispatched a senior aide to deliver a startling message to the Justice Department. Comey wanted to send a letter to Congress alerting them that his agents had discovered more emails potentially relevant to the investigation into Hillary Clinton’s private email server

Facebook received national security letter for customer details in 2015 (ZDNet) The number of requests for Facebook to hand over user data by governments around the world has risen in the first half of 2016, according to a new report by the social media giant

Yahoo Email Scanning For U.S. Spy Agency Shows Push to Recast Privacy (Fortune) Yahoo's secret scanning of customer emails at the behest of a U.S. spy agency is part of a growing push by officials to loosen constitutional protections Americans have against arbitrary governmental searches, according to legal documents and people briefed on closed court hearings

Documents suggest Palantir could help power Trump's ‘extreme vetting’ of immigrants (Verge) Training materials obtained by the Electronic Privacy Information Center show Palantir has played a role in a far-reaching customs system

US State Police Have Spent Millions on Israeli Phone Cracking Tech (Motherboard) When cops have a phone to break into, they just might pull a small, laptop-sized device out of a rugged briefcase. After plugging the phone in with a cable, and a few taps of a touch-screen, the cops have now bypassed the phone’s passcode. Almost like magic, they now have access to call logs, text messages, and in some cases even deleted data

Uber Bows Before California’s Power and Parks Its Robo-Cars (Wired) Uber's Showdown with California regulators is over, and the regulators won. For now

Enigma Software Group Responds to Malwarebytes Incompatibility (Enigma Software) Enigma Software Group USA, LLC ("ESG") began notifying its customers that Malwarebytes Inc., the maker of Malwarebytes Anti-Malware ("MBAM") and AdwCleaner, has begun intentionally blocking the installation and operation of ESG's programs SpyHunter and RegHunter for what ESG believes are competitive reasons. This action by Malwarebytes has created an immediate incompatibility between SpyHunter or RegHunter coexisting on the same PC with MBAM

Pokémon ROM hack stopped by Nintendo four days before launch (Ars Technica) In highly unusual move, Nintendo targets a ROM hack—essentially, a mod

Crook Who Used His Home IP Address for Banking Fraud Gets 5 Years in Prison (Bleeping Computer) A UK judge sentenced a crook part of a cybercrime operation that used banking malware to five years in prison for stealing £840,000 ($1,035,000) from victims all over the world

Man Jailed for Part in Global Fraud Ring (Infosecurity Magazine) Police in London are celebrating this week after a 29-year-old man was jailed for over five years for his part in a major online banking fraud ring

Design and Innovation

Experts split on how soon quantum computing is coming, but say we should start preparing now (CSO) Whether quantum computing promises to make current encryption methods obsolete

Encryption App ‘Signal’ Fights Censorship With a Clever Workaround (Wired) Any subversive software developer knows its app has truly caught on when repressive regimes around the world start to block it. Earlier this week the encryption app Signal, already a favorite within the security and cryptography community, unlocked that achievement. Now, it’s making its countermove in the cat-and-mouse game of online censorship

How to take vehicle cybersecurity further than the government suggests (Yahoo! Tech) Vehicle cybersecurity is getting well-deserved attention. In October, the U.S. National Highway Traffic Safety Administration (NHTSA) issued federal guidance to the automotive industry for improving motor vehicle cybersecurity. Transportation Secretary Anthony Foxx said at the time, “Cybersecurity is a safety issue, and a top priority at the Department.” Thales e-Security, a major security and data protection solutions system supplier, believes the NHTSA guidelines are a good start but don’t go far enough

Volkswagen teases a self-driving EV concept with retractable steering wheel (TechCrunch) Volkswagen is extending the I.D. concept family it debuted at the Paris Motor Show earlier this year with a new concept car in the same line to be fully revealed at the North American International Auto Show in Detroit in January. The carmaker teased the concept today, revealing a few details about the car, including that it’s designed to be fully self-driving in the future

Elon Musk says Tesla’s vision neural net for Autopilot is “now working well” (TechCrunch) Tesla is making progress towards its goal of making its latest cars fully self-driving, according to Elon Musk sharing some updates about the project, and about Enhanced Autopilot, the improved semi-autonomous driver assist system Tesla is planning to release in the near-term, before full autonomy is available

After Uber defied California’s DMV, the DMV revoked Uber’s registrations (Ars Technica) Uber said it remains “100 percent committed to California” but will test elsewhere

This Tool Maps the Spread of Fake News Online (Motherboard) Fake news, sensationalized media and blatant lies disguised as journalism have, unfortunately become major themes this year. Facebook’s finally stepping up to stop the spread, but some academics and data journalists have been working on the problem of viral misinformation for longer, with guides to help students become better news consumers and extensions to flag fake news

Information Won't Make Us Immortal (Motherboard) In the blogosphere, a curious notion is spreading and gaining momentum: namely, the idea that information is the new soul—a kind of Soul 2.0. Something over and above the nitty gritty of the brute matter. Something better

Counterfire and influence operations: Fancy Bear's X-Agent serves both. More on the Kiev power disruption. WordPress attacks traced to bulletproof host?