The CyberWire Daily Briefing 02.09.16
Release of alleged information on US FBI and Department of Homeland Security personnel continues. The pro-Palestinian hacktivist-who-prefers-to-remain anonymous still remains anonymous for now, but a screen name worthy of Carlos Danger augurs his eventual betrayal by a libido ostentandi.
SecureList has an account of AdWind, a complex, cross-platform backdoor currently afflicting banks in Singapore and elsewhere. Also known as "AlienSpy," it's being sold openly as a subscription service in Internet black markets.
The "Poseidon Group," Brazilian in origin and speaking both Portuguese and English, presents what observers see as a novel twist on extortion. Operating as an APT group, they prospect vulnerable enterprises for sensitive data, approach their victim ("in well-dressed suits," notes Dark Reading, emphasizing Poseidon's white-collar self-presentation), point out their security issues, and urge the victim to hire them for security services. Victims who balk find that (1) their data move over to Poseidon's "market forecasting" business, which sells sensitive information, and (2) that Poseidon, having established persistence in the network, is in no hurry to leave.
In patch news, Avast fixes issues Google discovered with Avast's SafeZone browser security tool. Oracle closes some Java vulnerabilities to DLL hijacking, and Apple updates iOS 9.
A depressed equities market drags down share prices, and cyber stocks suffer along with the rest. Digital Shadows attracts $14M in Series B funding. Infoblox buys IID (for talent and data) and Kingston acquires encrypted flash-drive shop IronKey.
In the US, Wassenaar renegotiation gains Congressional support. NSA's reorganization continues apace. Congress deliberates encryption (deliberately).
Today's issue includes events affecting Belgium, Brazil, China, European Union, France, India, Iran, Iraq, Netherlands, Pakistan, Russia, Syria, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Isis makes far-right National Front demos its 'prime target' (The Local (France)) Isis took to the pages of its francophone propaganda magazine Dar al Islam to declare that demos by the National Front were now "the prime target"
Hack Brief: FBI and DHS are Targets in Employee Info Hack (Wired) Last year, A hack of the U.S. Office of Personnel Management exposed the personal information of millions of government employees. Now, Motherboard reports, a hacker has threatened another federal employee dump of a much smaller scale but potentially more sensitive target: the names, titles, and contact information of nearly 30,000 FBI and Department of Homeland Security workers
Hacker Publishes Personal Info of 20,000 FBI Agents (Motherboard) While America was getting ready to watch the Super Bowl on Sunday, a hacker promised he would dump online a list of more than 20,000 agents of the Federal Bureau of Investigation and 9,000 Department of Homeland Security officers
Suspected Pakistan-based hackers behind the Indian government's IRS cyber attack (DNA India) Indian Revenue Service (IRS), has been hacked on Saturday by a group that claim they are Pakistanis
Adwind: FAQ (SecureList) We have become aware of unusual malware that was found in some banks in Singapore. This malware has many names — it is known as Adwind RAT (Remote Access Tool), AlienSpy, Frutas, Unrecom, Sockrat, JSocket, and jRat. It is a backdoor available for purchase, and is written entirely in Java which makes it cross-platform
Java "RAT–as–a–Service" backdoor openly sold through website to scammers (Ars Technica) The malware once known as AlienSpy is back in action after original domains shut down
'AlienSpy' Family Openly Sold As Subscription Service (Dark Reading) Adwind — a relative of the infamous AlienSpy spyware — offered as malware-as-a-service to all types of attackers
Remtasu is disguising itself as a tool to appropriate Facebook accounts (We Live Security) Almost a year ago we warned about the spreading of Remtasu, and far from lessening, we have been able to identify numerous instances of this threat being propagated further
Brazilian Cyberspies In Suits Shake Down Victims With Stolen Company Secrets (Dark Reading) 'Poseidon Group' puts a new spin on cyber-extortion, and operates across land and sea
Poseidon APT Group Identified As First Portuguese-Speaking Campaign (Threatpost) For more than 10 years, attackers have carried out a series of covert attacks on firms worldwide and capitalized on that connection by coercing the companies into a phony business relationship where they can further steal data
Beware, Latest WhatsApp Scam Drops Malware on Your Device (Hack Read) Watch out for latest WhatsApp scam tricking users into opening malware link sent by "friends"
Power Grid Honeypot Puts Face on Attacks (Threatpost) The rhetoric around hacking the power grid would have you believe it's a relatively mundane practice. Policymakers, intelligence agencies and vendors, for example, spread the word gleefully, leaning on scenarios such as state-sponsored hackers shutting off the lights in the dead of winter as a scare tactic to glean budget and influence
IoT Reality: Smart Devices, Dumb Defaults (KrebsOnSecurity) Before purchasing an "Internet of things" (IoT) device — a thermostat, camera or appliance made to be remotely accessed and/or controlled over the Internet — consider whether you can realistically care for and feed the security needs of yet another IoT thing
Trane thermostat turns home networks into a hot spot for viruses (Register) When is the IoT industry going to get smart on security?
Internet of hackable things? Why IoT devices need better security (Enterprise Project) The Internet of Things is amazingly powerful and useful — but not always safe to use, and most organizations with IoT implementations need to do a better job of keeping them secure
Current p2p trends threatening enterprise security (ITWorld) File sharing has become more common place, which means there are common threats that lurk in p2p traffic
Homegrown Extremists Top Terrorist Threat List, Clapper Says (BloombergBusiness) Homegrown extremists probably will "continue to pose the most significant Sunni terrorist threat to the U.S. homeland in 2016," Director of National Intelligence James Clapper said in a summary for Congress of the perils facing the nation globally
Security Patches, Mitigations, and Software Updates
Avast Patches Critical SafeZone Flaw (Infosecurity Magazine) Security vendor Avast has patched a dangerous vulnerability in its SafeZone protected browsing tool which researchers claimed could allow attackers to compromise secure sessions like online banking
Oracle Security Alert for CVE-2016-0603 (Oracle) This Security Alert addresses CVE-2016-0603 which can be exploited when installing Java SE 6, 7 or 8 on the Windows platform. This vulnerability has received a CVSS Base Score of 7.6
DLL Hijacking Issue Plagues Products like Firefox, Chrome, iTunes, OpenOffice (Softpedia) Oracle has released new Java installers to fix a well-known security issue (CVE-2016-0603) that also affects a plethora of other applications, from Web browsers to antivirus products, and from file compressors to home cinema software
Apple plugs more than 100 flaws in its latest iOS security update (FierceMobileIT) Apple has issued a security update for iOS 9 that plugs more than a hundred security flaws in the mobile operating system
CSA survey finds trust in the cloud increasing (Business Cloud News) Suspicion of the cloud has lifted so much that trust in cloud services is on par with on-premises applications, according to a survey by the Cloud Security Alliance
IT Security Mimics Intelligence Services More than You Realize (Threatpost) Intelligence services may be the security industry's boogeyman right now, but for a long time, IT security has done a good job of following the government's lead when it comes to developing new approaches and strategies
It's Been 20 Years Since This Man Declared Cyberspace Independence (Wired) When digital dystopians and critics of Internet libertarians need a rhetorical dart board, they often pull out a document written by John Perry Barlow, co-founder of the nonprofit Electronic Frontier Foundation, a former cattle rancher and Grateful Dead lyricist
Why Larry Ponemon Dedicated His Career to Privacy (CIO Insight) Larry Ponemon is optimistic about the state of cyber-security — but he knows there's a long road ahead in protecting the privacy and security of users
Big data's very bad day in the stock market (FierceBigData) Investor trends are not the same as predictive analytics because far too much stock market movement is merely knee-jerk reactions with precious little data to aim the kick
QuickHeal IPO: Not for listing gain, but offers solid long-term prospects (Economic Times) QuickHeal Technologies is set to hit the primary market on February 8, aiming to raise Rs 250 crore. The IPO price band has been fixed at Rs 311-321 with a face value of Rs 10 per share
Digital Shadows Gets $14M To Keep Growing Its Digital Risk Scanning Service (TechCrunch) UK cyber security startup Digital Shadows, which sells a SaaS service to businesses wanting to monitor and manage potential risks by keeping tabs on activity related to their digital footprint — has closed a $14 million Series B funding round, led by Trinity Ventures. As part of the investment, Trinity's Fred Wang has joined the Digital Shadows board
Tacoma cyber-security firm acquired by Silicon Valley tech company (News Tribune) Tacoma-based cybersecurity company IID was sold to network services provider Infoblox for $45 million, the companies announced Monday. Santa Clara, California-based Infoblox has more than 8,300 customers and more than 800 employees
Kingston buys encrypted flash drive maker IronKey (ComputerWorld) IronKey's thumb drives meet U.S. government standards for security
88 jobs created in Belfast at cyber security firm Alert Logic (Belfast Telegraph) Cyber security firm Alert Logic has established a Security Research and Technology Development centre in Belfast creating the new posts
Darktrace reports surge in cyber defence demand (Business Weekly) Cambridge UK cyber technology business Darktrace reports a 510 per cent surge in year on year bookings with and revenue growth of 450 per cent. Headcount has grown 231 per cent and now stands at close to 200 employees in 18 locations around the world, with new US headquarters in San Francisco and a new office on the Champs-Élysées in Paris
Rook Security Founder And CEO J.J. Thompson Named To Indianapolis Business Journal’s 2016 Forty Under 40 (BusinessWire) Indiana native acknowledged for his work in cyber defense, entrepreneurship and creating opportunities for local talent in technology
Qualys Appoints Todd Headley, Former CFO of Sourcefire, to Its Board of Directors (CNN Money) Appointment brings a unique combination of financial and security industry experience to Qualys
Protegrity Promotes Clare Cunniffe to Top Global Sales Position (MarketWired) Protegrity, the leading provider of data-centric enterprise data security solutions, announced today that Clare Cunniffe has been promoted to Senior Vice President of Global Sales, reporting to Protegrity CEO Suni Munshani
Products, Services, and Solutions
Keybase Releases Encrypted File-Sharing iPhone App Print Email (TechNewsWorld) Keybase last week announced the alpha release of the Keybase app for the iPhone with a cryptographically secure file mount
Police Forces Identifying Potential Corruption with SpectorSoft Solutions (BusinessWire) UK Police use SpectorSoft to monitor Force activities to ensure integrity through early detection and rapid response to leaks that could jeopardize investigations, prosecutions
Technologies, Techniques, and Standards
Sharing is vital to thwart attackers, says Microsoft security exec (ITWorld Canada) It's tough to share threat intelligence with competitors, but in an era where attackers have time, money and resources on their side, going it alone is impossible
5 Best Practices for Reducing Third-Party Security Risks (eSecurity Planet) Vendors and other third-party partners have caused some big data breaches. Here is how to keep it from happening to you
Monday Morning Quarterbacking Super Bowl 50: Infosec Edition (Dark Reading) How to coach your team to victory in the battle to protect corporate data and intellectual property. After all, there's a lot riding on your game, too
Design and Innovation
Military Security in the Age of the Internet of Things (SIGNAL) Despite looming threats, trusted communications offer a glimmer of assurance
Research and Development
Privacy-preserving genomic testing in the clinic: a model using HIV treatment (Genetics in Medicine) The implementation of genomic-based medicine is hindered by unresolved questions regarding data privacy and delivery of interpreted results to health-care practitioners. We used DNA-based prediction of HIV-related outcomes as a model to explore critical issues in clinical genomics
Reverse-engineering the brain to improve machine learning (GCN) Researchers are working to reverse-engineer how the brain's visual system processes information in hopes of advancing machine learning algorithms and computer vision
Security Scholar Program Debuts at RSA® Conference 2016 (BusinessWire) World's largest information security event aims to connect students with industry experts
Legislation, Policy, and Regulation
(Hardly any) French MPs back emergency powers reform (The Local (France)) The lower house of the French parliament voted on Monday in favour of enshrining in the constitution the process of declaring a state of national emergency, although 411 MPs didn't bother turning up
Months after Paris attack, new surveillance regime emerges in Europe (Christian Science Monitor Passcode) From more closely monitoring Europeans' travel plans to examining Internet traffic, European officials and law enforcement agencies are pushing for more surveillance measures to track potential terrorists
Terror bulletins, alerts or nothing at all: Feds try for happy medium (Federal Times) The Super Bowl came and went without a hitch — or a terror bulletin or alert. But are agencies ready to test the new Homeland Security system when the time comes?
Momentum slows for encryption bill (The Hill) Congress seems unlikely to pass an encryption bill anytime soon despite the burst of momentum that followed the terrorist attacks in Paris and San Bernardino, Calif
McCain calls for encryption standards (Washington Examiner) Sen. John McCain criticized encryption technology, which allows terror suspects to communicate without the government seeing it, in an editorial over the weekend, and renewed a call for legislation to prohibit it
Countering Violent Extremism (Federal Bureau of Investigation) FBI launches new awareness program for teens
EC Announces Privacy Shield Timeframe, Conditions (Forbes) The European Commission announced today via Commissioner Vera Jourová the time frame and remaining conditions for reaching agreement on Privacy Shield, the framework "agreement" to replace the invalid Safe Harbor EU-U.S. data transfers agreement
Anxiety Remains for U.S. Businesses Despite New EU Data Agreement (Legaltech News) The new EU-U.S. data transfer agreement and changing EU data laws do little to alleviate concerns
House Oversight presses Kerry to renegotiate cyber controls (The Hill) The House Oversight Committee is pushing the State Department to renegotiate parts of an international export agreement that governs cyber weapons
Draft bill seeks to improve U.S. military cyber warfare capabilities (SC Magazine) Draft legislation proposed by Sen. Mark Kirk (R-Ill.) seeks to improve the Pentagon's ability to quickly develop and acquire process cyber warfare technologies
Here's Why the National Security Agency Is Overhauling its Spy Operations (Fortune) NSA says a good cyber defense and offense go hand in hand
NSA21: Facing Threats to the Nation and Future Challenges with Innovation, Integration, and a Focus on Talent (NSA) The National Security Agency has launched a comprehensive campaign to ensure NSA maintains its position as the world's preeminent foreign signals intelligence and information assurance organization
Adblock Plus seeks online pact to let 'acceptable' ads through filters (ZDNet) Websites and publishers are talking with Adblock Plus maker Eyeo about a new independent body to regulate online advertising
Proposed Utah law would make doxing a six-month jail crime (Ars Technica) EFF criticizes broad language: "This bill as drafted is clearly unconstitutional"
Litigation, Investigation, and Law Enforcement
Russian Cops Bust Key Members Of World's Busiest Cybercrime Gang: Sources (Forbes) In November, Russia's FSB quietly led an operation to take down the world's most active cybercriminal groups, the operators of the banking malware Dyre, according to a number of sources with knowledge of the matter
Federal Judge Orders Home Depot to Turn Over Potential Settlement Communications (Daily Report) The federal judge presiding over litigation against Home Depot stemming from a massive security data breach has ordered the Atlanta-based home supply chain to turn over to plaintiff financial institutions any communications it has exchanged with other banks over possible settlement of the pending cases
Judge tosses proposed class action accusing Google of CAPTCHA fraud (Ars Technica) "Google stole a small amount of time and attention from a large number of people"
Facebook Ordered To Stop Tracking Non-Users In France (TechCrunch) Yet more privacy problems for Facebook in Europe
Innocent Chrome game used as cover for many tentacled Android invader (Naked Security) The Federal Trade Commission (FTC) has settled a case against a pair of developers who bought a nice, mild-mannered, browser-based Chrome game called "Running Fred" and turned it into the app equivalent of a spam-spewing facehugger
Bank joins Interpol cybercrime fighting centre (ZDNet) Barclays is the first bank to have an analyst working alongside cybercrime experts at Interpol's research and development facility
Police use Lincolnshire County Council cyber-attack as warning to others (MISCO) Police investigating the malicious malware attack on Lincolnshire County Council's computer systems have urged other organisations and businesses to beef up their security so they don't become a victim of cybercrime
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
International Conference on Business and Cyber Security (ICBCS) (London, England, UK, May 12 - 13, 2016) To date the vast majority of businesses have viewed cyber security as a peripheral issue that is the primary concern of the IT Department. Whilst this mind set is unlikely to change radically any time soon, there is a growing appreciation that businesses and individuals need to be far more aware and proactive. We invite academic researchers in the field of business and cyber security and other related areas such as foresight planning, public policy, and social and behavioural sciences, as well as companies, industry consultants, analysts and practitioners to attend ICBCS 2016
SANS Cyber Threat Intelligence Summit & Training 2016 (Alexandria, Virginia, USA, Feb 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and discuss directly with the experts who are doing the CTI analysis in their organizations. What you learn will help you detect and respond to some of the most sophisticated threats targeting your networks
Insider Threat Program Development Training — California (Carlsbad, California, USA, Feb 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation
OPSWAT Cyber Security Seminar (Washington, DC, Feb 9, 2016) OPSWAT, along with our Washington DC partners, InQuest and Punch Cyber, will be hosting a half-day seminar to cover several threat detection and research technologies
Secure Rail (Orlando, Florida, USA, Feb 9 - 10, 2016) The first conference to address physical and cyber rail security in North America
Cyber Security Breakdown: Dallas (Dallas, Texas, USA, Feb 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals
SecureWorld Charlotte (Charlotte, North Carolina, USA, Feb 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Suits and Spooks (Washington, DC, USA, Feb 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person
2016 Cyber Security Division R&D Showcase and Technical Workshop (Washington, DC, USA, Feb 17 - 19, 2016) The cybersecurity threat continues to evolve and in order to keep ahead of the threat; new cutting-edge cybersecurity technologies are needed. The Cyber Security Division (CSD) within the Department of Homeland Security (DHS), Science and Technology Directorate (S&T) is funding many R&D efforts through academia, small businesses, industry and government and national labs. This year, we are excited to include an R&D Showcase featuring nine innovative transition-ready solutions and two collaboration projects with the private sector selected from our portfolio that address a variety of complex challenges and have the potential for transition into the marketplace
Department of the Navy (DON) IT Conference, West Coast 2016 (San Deigo, California, USA, Feb 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that supports the SECNAV's vision laid out in the DON Transformation Plan to achieve business transformation priorities, leverage strategic opportunities, and implement DON institutional reform initiatives by changing the culture, increasing the use of data-driven decision-making, and effective governance
National Insider Threat Special Interest Workding Group: Insider Threats From A Human Resources & Legal Perspective (Laurel, Maryland, USA, Feb 18, 2016) This meeting will be focused on "Insider Threats From A Human Resources & Legal Perspective." Mrs. Jordan C. Meadows, Security Program Analyst at Rolls-Royce North America will present from the Human Resources perspective. Super Lawyer Mark Zaid will present from a Legal perspective. There will also be a presentation from Securonix on using big data analytics to automatically and accurately detect the most advanced data security, insider threat and fraud attacks
ICISSP 2016 (Rome, Italy, Feb 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, that concerns to organizations and individuals, thus creating new research opportunities
Interconnect2016 (Las Vegas, Nevada, USA, Feb 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect, or cloud expert, we all have one thing in common — we strive to build better businesses. The relationship between IT and business is changing. As a leader, builder or innovator of technology, the decisions you make today will have an increasingly greater impact on your company's bottom line tomorrow. To remain successful, it's critical that you transform along with this ever-changing environment
CISO Canada Summit (Montréal, Québec, Canada, Feb 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting
cybergamut Tech Tuesday: Neuro Cyber Analytics: Understanding the Patterns of Human Cognition in the Cyber Domain (Elkridge, Maryland, Middletown, Feb 23, 2016) This presentation will discuss Neuro Cyber Analytics. Humans use context-specific neurocognitive patterns for receiving and processing internal and external sensory information. Stated differently, people interact with the world around them primarily by seeing, hearing, and feeling, and make decisions about what to do next depending upon the context of what is happening in their environment. People often do not realize that their decision making process triggers certain unconscious behaviors that can be read as indicators of how their thoughts were formulated and sequenced
Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, Feb 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation
CISO New York Summit (New York, New York, USA, Feb 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
BSides San Francisco (San Francisco, California, USA, Feb 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is no charge to the public to attend BSides SF. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the "TALK AT YOU" conferences are starting to realize they have to change. BSides SF is making this happen by shaking-up the format
CISO Summit Europe (London, England, UK, Feb 28 - Mar 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more
RSA Conference 2016 (San Francisco, California, USA, Feb 29 - Mar 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016