The CyberWire Daily Briefing 12.27.16

Cyber Trends

The Dark Side of VR (The Intercept) Virtual reality allows the most detailed, intimate digital surveillance yet

Microsoft’s innovation czar: we’re moving from ‘information age’ to ‘intelligence age’ (Geektime) Microsoft’s director of strategic engagements shows off company’s work applying NLP to genetics and other issues impacting humanity

From cyberpropaganda to IoT bonets: Strap yourself in for a rocky 2017 (IT Pro Portal) 2017 is not going to be an easy year for IT professionals

Cyber Threat Predictions For 2017 And Beyond (Business Solution) Authentication technology, machine learning, and probabilistic tools gain ground to combat threats

Cyber Security Predictions For 2017 (AEC News) The year is coming to a close and for the the internet and cyber security communities that means looking back at what problems the internet faced in 2016, what issues are likely to arise in the year ahead, and how we can protect ourselves

A Cybersecurity Christmas Story (Dark Reading) Automation and orchestration will be essential components of security in 2017

The central role of identity verification in 2017 (IT Pro Portal) Identity verification and authentication will continue to play a critical and central role for digital commerce in 2017

The Worst Hacks of 2016 (Motherboard) It’s that time of the year again, where we recap the worst or biggest hacks of the previous 365 days, and try to convince you that, yes, this was the worst year for security ever

Year in Review: Militaries Got More Cyber in 2016 (Council on Foreign Relations) This year marked a turning point in military uses of cyberspace. For the first time, the United States, United Kingdom, and Australia acknowledged deploying offensive cyber tools against the Islamic State. The fact that the United States, China, Russia, and others break into adversary computer networks is not new–intelligence organizations have done so since the early 1990s. But openly acknowledging that a military, as opposed to largely civilian intelligence organizations, is using malware to gain an advantage during an armed conflict breaks new ground

Top 4 Cyber Attack Vectors of 2016 (The Merkle) It is evident that 2016, has been a year filled with all types of cybercrime. Ranging from DDoS attacks to malware, hacking to ransomware, and social engineering to skimming, a lot of havoc has been caused by select groups of individuals. But what were some of the top attack vectors exploited by criminals in 2016?

The Perils of Connectivity: Cyber Insecurity in 2016 (Cipher Brief) From disruptive distributed denial of service (DDoS) attacks rendering entire swathes of the Internet including Netflix, Twitter, PayPal, CNN, The New York Times, and Amazon hosting services inaccessible, to nation-states inserting themselves into the democratic process of other countries’ self-determination, it has truly been a landmark year for cybersecurity—or lack thereof

Vice is the latest site to call it a day on comments (Naked Security) Another online comments section has bitten the dust, collapsing under the ponderous weight of nastiness

Perfect cyber security will never exist: Verizon's Novak (Economic Times) Chris Novak talks about why India lacks behind in cyber security, IoT security flaws and how enterprises go wrong in their outlook towards cyber security

Privacy is still alive and kicking in the digital age (TechCrunch) Our lives are lived in data. Data crossing borders and connected in virtual space. Most often, it appears, we live in open and too easily accessible data networks. States and corporations are watching us through data, and we are watching each other through data. What does individual privacy mean in this data saturated environment?

Legislation, Policy and Regulation

No Signal: Egypt blocks the encrypted messaging app as it continues its cyber crackdown (TechCrunch) After a week of blocking the secure messaging app Signal in Egypt the service is back online thanks to new features added by its parent company Open Whisper Systems

Ministers Back Bill That Would Allow Court to Censor Internet (Haaretz) Bill gives court power to order companies like Facebook, Twitter and Google to remove inciting content

Wassenaar Arrangement: Still No Deal Reached (Infosecurity Magazine) Security researchers have been left in the lurch after negotiators failed to find a breakthrough in talks designed to update a controversial export treaty which currently treats white hat hacking tools like weapons

Should Russia be punished for alleged cyber attacks on America? (Russia Direct) The story of Russian cyber interference in the U.S. election has taken on a life of its own, with potentially unintended consequences for both the U.S. and Russia

Why Dictators Hate Chess (Slate) Garry Kasparov on Vladimir Putin’s meddling and America’s response

Obama moves to split cyberwarfare command from the NSA (Washington Post) With weeks to go in his tenure, President Obama on Friday moved to end the controversial “dual-hat” arrangement under which the National Security Agency and the nation’s cyberwarfare command are headed by the same military officer

Key Challenges Facing Trump’s Pentagon Include Cyber, Acquisitions Management (Washington Free Beacon) DOD inspector general spotlights 'critical' hurdles as president-elect prepares to take office

FBI whistleblowers see glimmer of hope with new law, but still face uphill battle (Federal News Radio) Whistleblowers at the FBI may soon see some relief from a confusing and arduous disclosure process. But if one whistleblower’s story is any indication, the battle to have their cases heard may still be a long one

Products, Services, and Solutions

R3's Corda blockchain platform now available on Microsoft Azure (Brave New Coin) Microsoft Azure is a cloud computing platform for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers. The platform offers a growing collection of integrated cloud services, including analytics, computing, database, mobile, networking, and storage

Leaked Docs Reveal How Much iPhone Data Cellebrite Can Extract Using Its Phone-Cracking Tech (WCCF Tech) Cellebrite, an Israeli firm, rose to fame earlier this year when it was wrongly rumored that the company was helping the FBI unlock the San Bernardino shooter’s iPhone 5c. At that time, the FBI vs Apple legal battle on encryption was all over the news waves, getting the company some attention too

Norton by Symantec unveils updated Android mobile security version (Gizbot) Norton by Symantec on Friday launched a latest version of its flagship mobile solutions "Norton Mobile Security for Android", featuring a "Report Card" that provides automatic security and privacy analysis and reveals where data travels

Russia offers technology to keep hackers at bay (The Hindu) Russian Quantum Center (RQC) said that it is ready to collaborate with India and offer its quantum technology that will prevent hackers from breaking into bank accounts. RQC plans to offer 'quantum cryptography’ that could propel India to the forefront of hack proof communication in sectors such as banking and national and homeland security

Technologies, Techniques, and Standards

Manual threat intelligence management: Doing it the hard way - Part 1 (IT Pro Portal) Threat intelligence source selection and capture

Manual threat intelligence management: Doing it the hard way - Part 2 (IT Pro Portal) Processing threat intelligence and actioning threat intelligence

Manual threat intelligence management: Doing it the hard way - Part 3 (IT Pro Portal) Threat intelligence analysis and maintenance

How to Enable Two-Factor Authentication on Slack (Electronic Frontier Foundation) For the twelfth and final day of the 12 Days of 2FA, we will look at how to enable two-factor authentication on Slack. If you are a member of multiple Slack “teams” (e.g. work.slack.com and school.slack.com), you will need to set up 2FA separately for each account you use

Hacker Lexicon: What Is the Attribution Problem? (WIred) After months of news about Russian meddling in this year’s US presidential election you’re probably sick of speculation and ready for answers: What exactly did Russia do and why? It sounds simple enough, but a fundamental concept in cybersecurity and digital forensics is the fact that it is sometimes extremely difficult after a cyberattack to definitively name a perpetrator. Hackers have a lot of technical tools at their disposal to cover their tracks. And even when analysts figure out which computer a hacker used, going from there to who used it is very difficult. This is known as the attribution problem

Blockchain technology could ensure security of any information, says Kaspersky Lab chief security expert (EconoTimes) The number of cyber attacks and security breaches is on the rise and expected to surge even more in the forthcoming year. The cryptocurrency ecosystem, in particular, underwent a number of attacks resulting in losses running into millions of dollars

UK’s Nuclear Submarines runs Windows XP for Submarines™ (MSPowerUser) In these days of strangely increasing nuclear tension it may amuse (or frighten) our readers to learn that Microsoft’s first commercial NT-based operating system is still in charge of the UK’s nuclear deterrent, powering the 4 nuclear submarines that protect UK’s interest

Marketplace

VPN Firms Set for a Great 2017 Thanks to Snoopers’ Charter (Infosecurity Magazine) Virtual private network (VPN) providers are reporting an upsurge in interest from UK citizens keen to avoid state snoopers after the controversial Investigatory Powers Bill was passed

Cyber security startup Haystax secures $4 million investment from Fishtech Labs (Geektime) Companies are increasingly worried about insider threats, and Haystax guarantees it can help find those needles

The 'endpoint plus network' strategy is CSO's armor: Kris Hagerman (CSO) A holistic security portfolio elevates the company's value proposition as a preferred vendor for companies, Sophos CEO says

IBM's Astonishing Patent Strategy Shows Where It's Going Next (Nasdaq) IBM (IBM) is set to top the list of patent holders for the 24th year in a row in the U.S. This is no ordinary feat. IBM is the only company to have ever exceeded over 7,000 U.S. patent grants during a single year. During 2016 year-to-date, IBM has already crossed the 7,000-patent mark for the third consecutive year

Is Blockchain The Next IBM Strategic Imperative? (Seeking Alpha) Blockchain is generally associated with bitcoin, but it is much more than that. IBM is one of the pioneers in this industry. Here we report some basic definitions and examples of how blockchain is being developed. The global blockchain market is estimated to be worth $210M. We estimate that IBM is generating between $6M and $50M a year from its blockchain segment

Cisco Systems (NASDAQ:CSCO) Will Set Up Cyber Security Centres In Gurgaon And Pune To Help Monitor Threats In Real-Time (Seneca Globe) Cisco Systems, Inc. (NASDAQ:CSCO) to close at $30.46 by are moving up 0.13% with session volume was recorded 12.81 Million. Networking giant, Cisco (CSCO) will set up cyber security centres in Gurgaon and Pune to help monitor threats in real-time as well as train people, including government officials to combat these challenges

Insider Q&A: Mimecast's Peter Bauer (ABC News) Email has become a crucial part of how companies communicate, but those systems are constantly being attacked by everything from inbox-clogging spam to phishing emails looking to steal secrets and money

Cybersecurity: Threat Intelligence and an integrated approach to security (OpenGovAsia) Guy Rosefelt, Director, Threat Intelligence & Application Security, NSFOCUS talks about Threat Intelligence and the unique opportunities of operating in China

Impact of future Army Cyber Command headquarters felt throughout year (Augusta Chronicle) The Army is still several years away from moving its Cyber Command headquarters to Fort Gordon, but its impact has beenfelt throughout Augusta in 2016

Security Patches, Mitigations, and Software Updates

Cisco Warns of Critical Flaw in Cloudcenter Orchestrator Systems (Threatpost) Cisco Systems released a critical security bulletin for a vulnerability that could allow an attacker to gain root privileges on affected CloudCenter Orchestrator systems. The company released workaround instructions to mitigate the flaw along with making a software fix available for download

Critical security update: PHPMailer 5.2.18 (CVE-2016-10033) (SANS Internet Storm Center) ISC recommended action: Patch...now. This is a very popular application, left unpatched it will be exploited

Nook 7 tablet updated to neutralise ADUPS fear, says Barnes & Noble (Naked Security) Desperately casting around for a last-minute gift? Too price sticker-shocked to get an iPad or Kindle Fire HD?

Microsoft admits maybe it ‘went too far’ with pushy Windows 10 upgrades (Yahoo!) In the holiday spirit of telling it like it is, Microsoft finally admits what everyone has known all year: pushing Windows 10 upgrades on people, whether they wanted it or not, was a bad move that ruined a great software upgrade

Apple gives iOS app developers more time to encrypt communications (Computerworld) The iOS App Transport Security (ATS) will not become a requirement on Jan. 1, as previously announced

Mozilla to Support Firefox for Windows XP and Vista until September 2017 (Bleeping Computer) Just before the Christmas holiday, Mozilla announced plans to support Firefox for Windows XP and Vista until at least September 2017

Clever Facebook Hack Reveals Private Email Address of Any User (Threatpost) Christmas came early for Facebook bug bounty hunter Tommy DeVoss who was paid $5,000 this week for discovering a security vulnerability that allowed him to view the private email addresses of any Facebook user

Cyber Attacks, Threats, and Vulnerabilities

Skeptics Doubt Ukraine Hack, Its Link to DNC Cyberattack (Voice of America) Malware used to hack Democratic National Committee servers during the 2016 elections was also used to hack an artillery-targeting app in Ukraine, and might have caused Ukrainian military losses to pro-Russian forces, according to a report released this week by CrowdStrike, a cybersecurity company

Faketivists Could Play Havoc with Euro Elections in 2017 (Infosecurity Magazine) Security experts are warning of a rise in so-called “faketivists” – state sponsored operatives who take on the personas of solitary hacktivists in order to disseminate sensitive hacked material for political ends

IS's Looming Death Could Be Hiding Bad News (Radio Free Europe | Radio Liberty) In 2014, the world was gripped by news of two deadly epidemics

Battlefield 1 PS4 & Xbox One Servers Are Down – No Response From EA (MobiPicker) EA servers down for the release of Battlefield 1 today. Stay tuned for updates as we keep an eye on the network, and find out when it’s back online

Group that attacked Tumblr threatens to DDoS Xbox for Christmas (Naked Security) A new hacking group is taking credit for a distributed denial-of-service (DDoS) attack that took down Tumblr this week. But so far, little is known about R.I.U. Star Patrol other than its motive of attacking for fun

Tumblr Attackers Now threatening to Ruin Christmas for Xbox Users with DDoS Attacks (HackRead) Tumblr was down on 21st December

What’s Prompting Hackers To Target PSN And XBox Live On Christmas Day? (MobiPicker) Controversial hackers collective R.I.U. Star Patrol released a video late last week claiming that they were considering a massive, coordinated cyber attack on PlayStation Network (PSN) and XBox Live on Christmas Day

How a Smart Toy Could Get Hacked (Panda) Almost a decade has passed since the arrival of Furby, which made quite a splash on the children’s toys market. That was just the beginning. Now, Christmas serves as a time to usher in new companions that, of course, come with their respective apps and are able to have full conversations, as though they were alive. The Internet of Things has come to the toy store

CounterStrike Hacking Tool Overwrites Cheaters' Hard Drive MBR (Bleeping Computer) CounterStrike gamers looking for an advantage over their competition might be in for a surprise this Christmas, as there's a booby-trapped cheat tool going around that will overwrite their hard drive MBR (Master Boot Record) and prevent their computers from booting

As Bitcoin Price Surges, Phishing Attacks on Cryptocurrency Wallets Intensify (Bleeping Computer) Today's Bitcoin to US Dollar exchange rate has reached $902, the first time Bitcoin price has gone above the $900 mark since January 2014, almost three years ago

Koolova Ransomware Decrypts for Free if you Read Two Articles about Ransomware (Bleeping Computer) There have been a lot of strange twists and turns when it comes to ransomware this month. First, we had Popcorn Time that gave you the option of screwing over people by infecting them to possibly get a free decryption key. Now, we have a new in-development variant of the Koolova Ransomware that will decrypt your files for free if you educate yourself about ransomware by reading two articles

New DeriaLock Ransomware Active on Christmas, Includes An 'Unlock All' Command (Bleeping Computer) Today, on Christmas Eve, G Data malware analyst Karsten Hahn has come across a new ransomware family named DeriaLock, which locks your screen and requests a payment of $30

Report: Online booking security gaps allow hackers to steal free flights (Deutsche Welle) IT security researchers have uncovered a gap that allows hackers to take plane tickets from customers who booked and paid online, German media reported. The results spell big problems for passengers and airlines alike

Fake Michael Kors Site Has Highest Volume For Non-Malware Attacks (PYMNTS) Tricking someone into clicking on a fake website and turning over their personal data has been a favorite scam of hackers, and it doesn’t seem to be abating, with security firm Cyren reporting a fake Michael Kors shopping website coming in as the highest volume non-malware attack of all of 2016

Cyber scammers are now targeting Guyanese and their inadvertent weakness for Christmas parcels (Guyana Guardian) The holiday version of a cyber-scam which seeks to implant a photo stealing and data stealing Trojan into the mobile phones and computers of unsuspecting persons has been targeting Guyanese and other Caribbean web users on an unusually higher scale this Christmas

Sports-Related Website Targeted (Sports ISAO) A sports-related website has recently been under attack from what appears to be an automated system that attempts to login to the website with guessed credentials. Use of this strategy, known as a brute force attack, against WordPress websites are once again on the rise. Additionally, the vast array of plug-ins for WordPress provides ample opportunity for hacks if the site administrator is not up-to-date with patching

ZyXEL and Netgear Fail to Patch Seven Security Flaws Affecting Their Routers (Bleeping Computer) Router manufacturers such as Netgear and ZyXEL have failed to address seven security flaws reported by security researchers in the last three or more months

Digital Shadows Report: Mirai Botnet Isn’t Going Away (See Video) (American Security Today) Digital Shadows, a provider of cyber situational awareness, released its new report Mirai and The Future, Forecasting the DDoS Landscape in 2017

Suddenly hot smart home devices are ripe for hacking, experts warn (CNBC) Will 2017 be the year your home becomes under attack from cyber criminals?

US healthcare under siege: Got good insurance? (Register) Great. Keep an eye out for medical device hackers, though

Where the industrial IoT vulnerabilities lurk in your plant (TechTarget) When you connect manufacturing machinery to the internet, you've created a potential gateway for hackers. Here's a look at the risks you might be facing

APWG Report: Record-Shattering Q2 Phishing Attack Wave Ebbed in Q3 2016 (SAT Press Releases) The Anti-Phishing Working Group reports that the year’s record wave of phishing subsided in the autumn. According to the APWG’s new Phishing Activity Trends Report, the total number of phishing websites detected in the third quarter of 2016 was 364,424, compared with 466,065 in the second quarter — a decline of 25 percent

Russian Cybercriminals Fake Real People To Make Money From Real Online Ads (Filehippo) And the 2016 prize for original cybercriminal thinking goes to… the hackers who created fake people so they could make real money from real online ads

More Than 50% Of Biggest Holiday Retailers May Not Be PCI-Compliant (Dark Reading) SecurityScorecard warns while the industry has made progress, many are still not covering the basics of security

Britney Spears Isn’t Dead: Sony Says Twitter Account Compromised (Bloomberg) Issue has been fixed, recording division says in statement. Company apologizes to pop star and fans for confusion

Litigation, Investigation, and Enforcement

The FBI investigates if China has been hacking The FDIC (USB Port) The Chinese military could be behind the cyber attacks the FDIC has suffered in different opportunities since 2010, and the Federal Bureau of Investigation (FBI) is going to open an investigation on the matter

Putin casts Democrats as sore losers amid renewed election hacking claims (Washington Times) President Vladimir Putin on Friday continued to dismiss allegations concerning the Russian government’s role in a hacking campaign waged against the Democratic Party prior to last month’s White House race amid ongoing claims involving Moscow’s purported election meddling

2016 Presidential Campaign Hacking Fast Facts (Gant Daily) Here’s a look at hacking incidents during the 2016 presidential campaign and allegations by the US that the Russian government meddled in the election. Both Republicans and Democrats have issued calls for a deeper probe of Russian interference. President Barack Obama said that the US will take action against Russia and has ordered a complete review of elections going back to 2008 before he leaves office. President-elect Donald Trump has rejected suggestions of Russian influence, despite the CIA concluding that Russia acted to help Trump win

Inquiry says Snowden in contact with Russia's spy services (AP via Columbia Daily Tribune) Former National Security Agency contractor Edward Snowden remains in contact with Russian intelligence services, according to a bipartisan congressional report released at a time when Russia is considered a top national security concern

Intel Committee Releases Declassified Snowden Report (US House Permanent Select Committee on Intelligence ) The House Permanent Select Committee on Intelligence today released a declassified version of its investigative report on Edward Snowden, the former National Security Agency contractor who fled to China and then Russia after stealing an estimated 1.5 million classified documents. The report, including redactions for classified information, was the result of a two-year inquiry into Snowden’s background, likely motivations, and methods of theft, as well as the damage done to U.S. national security as a result of his actions. The report was completed in September 2016 and submitted to the Intelligence Community for a declassification review

Edward Snowden Fast Facts (CNN via KBKZ) Here is a look at the life of Edward Snowden, who has admitted to leaking information about United States surveillance programs to the press

Belatedly, a Defense of a Whistleblower (Consortium News) After vowing to run a transparent government, President Obama oversaw an unprecedented legal assault on whistleblowers, only now offering up a modest concession, as Linda Lewis explains

US begins asking foreign travelers for social media accounts upon entry (The Hill) U.S. Customs and Border Protection has finalized a measure to have foreign travelers provide social media accounts when they enter the country

Nasdaq Stockholm Receives Fine for Inadequate Cyber Security (Acumin) Nasdaq Stockholm, along with its clearing operation, has been fined by F1, Sweden’s financial services regulator, for failing to sufficiently manage its cyber security supplier

Teen charged as cops snare 'cyber warriors' 9 held for attack on government sites (Bangkok Post) A 19-year-old man arrested in connection with a series of cyber attacks in protest of the controversial computer crime law has been charged while several others have been detained for questioning

Vendor BlimeSub a.k.a BTH-Overdose busted (DeepDotWeb) Emil Babadjov, the person behind the vendor aliases “Blime-Sub” and “BTH-Overdose,” was arrested and made his initial court appearance on December 14 2016, in San Francisco. According to the indictment he sold heroin, fentanyl, and methamphetamine on Alphabay with both accounts having combined over 2300 sales

An update on all the legal cases we thought would be huge in 2016 (Ars Technica) Beyond Apple's clash with DOJ, these surveillance cases got our attention in 2016

Design and Innovation

World's Largest CA Comodo Announces EV Code Signing Certificate Availability (PRNewswire) New certificate type prevents malware authors from hiding behind a wall of certificate anonymity

Signal implements ‘domain fronting’ technique to bypass censorship (Security Affairs) The latest update of Signal introduces the ‘domain fronting’ technique that has been implemented to circumvent censorship

Best Artificial Intelligence Stories in 2016; Mark Zuckerberg Developing Real ‘Jarvis’ (University Herald) Artificial Intelligence is gaining so much interest this year and it would be just right to discuss the top stories on AI that made it to the headlines. Some of these stories include XPRIZE's AI 2020 competition, Google's WaveNet, and even Mark Zuckerberg's attempt to create his own "Jarvis"

Ransomware updates. Attacks on gamers and gaming platforms. Patch notes. Looking back at 2016, and ahead to 2017.