The CyberWire Daily Briefing 04.01.16

Summary

By The CyberWire Staff

MedStar continues its recovery from the ransomware infestation it suffered, apparently a server-side Samsam infection. Patient care has continued, first with paper backups, then returning to normal as full access to EHRs is restored. US-CERT issues a kind of scorecard for currently circulating ransomware variants.

Symantec reports that 2015 saw a 73% decline in banking Trojans, but this seems accounted for by the increased attention criminals are paying to financial institutions themselves instead of working the banks' customers.

Some other forms of high-payoff crime warrant caution. Fraudulent wire transfers are hitting various sectors, and these are particularly dangerous since they can prove impossible for a business to recover from. And law firm client data—especially merger-and-acquisition data held by such firms, are highly sought by gangs interested in fraudulent front-running stock trades.

Check Point discloses the "SideStepper" vulnerability, an iOS bug whose exploitation can install malicious code in iPads and iPhones. Because SideStepper bypasses iOS 9's restrictions on enterprise app deployment, exploitation undermines mobile device management.

In industry news, rumors of assistance Cellebrite rendered the FBI in the San Bernardino iPhone investigation draw analyst attention to the company.

The FBI is helping Arkansas prosecutors gain access to an iPhone 6 and an iPod investigators think may hold evidence in a murder case. But the Bureau's principal interest in gaining access to encrypted devices remains drug prosecution, not murder or terrorism.

Anyone thinking the crypto wars a provincial American dust-up should read former Foreign Secretary William Hague's remarks in the UK.

Notes.

Today's issue includes events affecting Brazil, China, European Union, Germany, India, Iraq, Israel, Russia, Saudi Arabia,Singapore, Syria, Ukraine, United Kingdom, and United States.

We're covering the annual Women in Cyber Security conference today and tomorrow, with live-Tweeting during the conference, and a special extra issue next week. Next week we'll be covering two other cyber security conferences: the Billington CyberSecurity INTERNATIONAL Summit in Washington, DC, on Tuesday, and the CAMI Cyber Risk Management 360 in Baltimore, Maryland, on Thursday. Watch for our usual live-Tweets and extras.

On the Podcast

Catch the CyberWire's Podcast this afternoon, including the University of Maryland's Ben Yelin's account of the difficulties of claiming standing in a privacy case against the government. We'll also have a discussion with Steven Levy, editor in chief of Backchannel and author of several books, who gives us an informed retrospective on why we seem to be re-fighting the crypto wars.

Sponsored Events

Women in Cybersecurity (WiCYS) 2016 (Dallas, TX, Mar 31 - Apr 2, 2016)

Selected Reading

Cyber Trends

Symantec: Financial Trojans Declined By 73% In 2015 (Dark Reading) Symantec detected far fewer financial Trojans in 2015 and saw cybercriminals focus more of their efforts directly on financial institutions

What Is Preventing Companies from Adopting Better Data Security? (Legaltech News) 64 percent of Vormetric survey respondents viewed compliance requirements as either ‘very effective’ or ‘extremely effective’ in preventing data breaches

Newsflash: Healthcare Does Not Spend Enough on IT Data Security (HIT Consultant) Mathematically, the gap between $3.6 million and $17,000 is a chasm

The Race to Cyber Attribution Needs to Stop (Cyveillance) It has become almost systemic for people to immediately question, “Who did it?” when a major breach occurs in the public or private sectors

Legislation, Policy and Regulation

William Hague declares crypto enemy no.1 (SC Magazine) In an opinion piece for The Telegraph newspaper, William Hague, the Conservative former Foreign Secretary in the UK, says the latest Brussels terrorist attacks shows the need to crack terrorist communications

U.S.-China still at odds on cybersecurity issues (FCW) President Barack Obama said he will continue to discuss matters of cybersecurity with the Chinese president on the sidelines of the Nuclear Security Summit in Washington. But some lawmakers and experts think he should be doing more

Key proposal dropped from India-US homeland security dialogue (ZeeNews) An ambitious plan for exchange of information on terrorists on a real time basis between India and the US has been dropped from the proposed Homeland Security Dialogue to be held in June

Ukraine approves new cyber-security strategy (SC Magazine) New standards and cyber-security strategy approved in Ukraine to thwart Russians hacking infrastructure as Russian software purchases halted

US Marines ramp up cyber warfare support (ZDNet) The military group is expanding to train marines in cyber warfare and defence

Dateline

Join Women in Cybersecurity This Week in Dallas (CTOvision) Women in Cybersecurity (WiCyS) is hosting its third annual Women in Cybersecurity event on March 31 through April 2 at the Hyatt Regency DFW International Airport. WiCyS continues to innovatively expand its mission to bring together women in cybersecurity from academia, research and industry. This event is designed as a forum for speakers and guests to exchange knowledge, experience, networking, and mentoring, with the ultimate goal of raising interest in the important, fascinating and lucrative field of cybersecurity. Any individual or organization interested in supporting recruiting and retention efforts for women in cybersecurity is encouraged to participate

Products, Services, and Solutions

Guidance Software Speeds Time to Analyze and Respond to Cyber Threats across Mac OS, Windows and Linux Systems (BusinessWIre) New benefits include integration with STIX definitions and bulk import of YARA rules

Bitdefender releases crypto-vaccine for popular ransomware infections (ZDNet) The free tool can be used to protect systems locked by CTB-Locker, Locky and TeslaCrypt

ESET Receives VB100 Award for ESET Endpoint Antivirus (PRWire) ESET Endpoint Antivirus recorded strong detection, excellent stability and low resource requirements in the latest Virus Bulletin’s VB100 Comparative Review

Technologies, Techniques, and Standards

European Union GDPR data rules prompt cyber security review (ComputerWeekly) Isolated legacy security systems are a big cyber security risk – but the EU General Data Protection Regulation (GDPR) could change that, says Palo Alto Networks

Reviewing Important Healthcare Cybersecurity Frameworks (HealthITSecurity) Between the HIPAA Security Rule and NIST Cybersecurity Framework, healthcare organizations have several options to guide their cybersecurity efforts

Black Hat Asia: Decentralise security, devalue cyberattacks (ZDNet) Rather than deter hackers by making it difficult and costly to launch attacks, a more effective strategy involves deflating the value of successful breaches and decentralising security

New Portal Launched For ICS/SCADA Threat Intelligence-Sharing Among Nations (Dark Reading) The East-West Institute teamed up with the US ICS-ISAC to create a platform for critical infrastructure operators worldwide to share threat data

When It Comes To Cyberthreat Intelligence, Sharing Is Caring (Dark Reading) Shared cyberthreat intelligence will soon be a critical component of security operations, enabling organizations to better protect their digital assets and respond more quickly to emerging threats

NIST Releases Cryptographic Standards and Guideline Document (SC Magazine) The report acknowledges the tension between the need for strong encryption, law enforcement and national security.

NIST security standard to protect credit cards, health information (Help Net Security) For many years, when you swiped your credit card, your number would be stored on the card reader, making encryption difficult to implement. Now, after nearly a decade of collaboration with industry, a new computer security standard published by the National Institute of Standards and Technology (NIST) not only will support sound methods that vendors have introduced to protect your card number, but the method could help keep your personal health information secure as well

6 Ways to Make IAM Work for Third-Party Organizations (eSecurity Planet) Identity and access management (IAM) for third-party organizations is a tough security challenge. Gartner's Felix Gaehtgens offers tips that will help

5 things you should know about two-factor authentication (IDG via CSO) Here are the basics to help you stay secure online

Marketplace

Hackers Will Try to Legally Infiltrate Pentagon in DOD Competition (ABC News) Specially vetted hackers will be able to legally test one of the Pentagon's secure computer networks next month as part of the "Hack the Pentagon" initiative designed to test the security of Defense Department computers

Statement by Pentagon Press Secretary Peter Cook on DoD's Partnership with HackerOne on the "Hack the Pentagon" Security Initiative (US Department of Defense) The Department of Defense (DoD) announced today that interested participants may now register to compete in the "Hack the Pentagon" pilot

Inside the little-known firm said to be helping the FBI crack iPhones (Sydney Morning Herald) The little-known Japanese company at the centre of a legal tussle between Apple and the US government over the hacking of an iPhone built its business on pinball game machines and stumbled into the mobile phone security business almost by accident

Apple, FBI put Cellebrite in the spotlight (SC Magazine) The tentative naming of the Israeli firm Cellebrite as the muscle behind the FBI's ability to crack into unlocked the iPhone used by San Bernardino, California shooter Syed Farook without help from Apple, has brought this little known company into the spotlight

Lockheed Martin expands its data security role within VA (GCN) The Department of Veteran Affairs is working with Lockheed Martin to boost the data security of the Million Veteran Program, a voluntary research effort aimed at learning how genetics affect health

Why General Catalyst Is Bullish on Security (eWeek) Steve Herrod, managing partner at General Catalyst, discusses his current investments, and how to determine if a technology is a company or if it's just a feature

Menlo Security CTO Pitches the Benefits of Isolation (eWeek) Kowsik Guruswamy, CTO of Menlo Security, discusses his company's present and future direction

Microsoft's Bold Vision Of Pervasive Artificial Intelligence (Seeking Alpha) Microsoft's keynote for its Build 2016 developer conference contained a new vision for personal computing. Microsoft foresees natural language conversations becoming the primary user interface. To achieve this, Microsoft is putting an unprecedented array of artificial intelligence tools in the hands of developers

Cylance® Expands Executive Team to Support Rapid Company Growth (PrNewswire) Cylance, the company that is revolutionizing cybersecurity through the use of artificial intelligence to proactively prevent advanced persistent threats and malware, has announced the expansion of its senior executive team, naming veteran Silicon Valley technology and venture capital lawyer Brady Berg as its General Counsel and veteran human resources executive Vina Leite as its Chief People Officer

James Williams Named Parsons Cyber Infrastructure Protection Sector Chief (GovConWIre) James Williams, a vice president at Parsons, has been named chief of the cyber infrastructure protection sector within the company’s federal business unit

Research and Development

Innovative cybersecurity research lands UAH doctoral student best poster award (UAH News) UAH computer engineering doctoral student Vahid Heydari's poster on "Preventing Remote Cyber Attacks against Aircraft Avionics Systems" was recently named the best poster at the 11th International Conference on Cyber Warfare and Security in Boston

Security Patches, Mitigations, and Software Updates

Apple releases iOS 9.3.1 with fix for link bug (Ars Technica) Poorly behaved apps unmasked bug that could cause crashes and unresponsive news

Patch out for 'ridiculous' Trend Micro command execution vuln (Register) Password Manager, Maximum Security and Premium Security are all at risk

CloudFlare aims to block fewer legitimate Tor users (IDG via CSO) A mix of short-term fixes and long-term ideas intends to make Tor browsing less cumbersome

Cyber Attacks, Threats, and Vulnerabilities

MedStar still dealing with problems from cyber attack (WTOP) Days after MedStar was hit with a crippling cyber attack, hospitals across the D.C. area are still struggling to get back to normal

MedStar says it is working to restore its systems; newspaper gets ransomware demand (FierceITSecurity) Report of a patient lost for days, emergency rooms without functioning computers

Samas ransomware enters hospitals through vulnerable servers (Help Net Security) There’s hardly a day anymore that we don’t hear about a hospital being hit with ransomware

Alert (TA16-091A) Ransomware and Recent Variants (US-CERT) In early 2016, destructive ransomware variants such as Locky and Samas were observed infecting computers belonging to individuals and businesses, which included healthcare facilities and hospitals worldwide. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it

SideStepper vulnerability can be used to install malicious apps on iOS (Help Net Security) Check Point researchers have identified SideStepper, a vulnerability that can be used to install malicious apps on iPhones and iPads to steal login credentials and sensitive data

iOS SideStepper Vulnerability Undermines MDM Services: Check Point (InformationWeek) Security researchers from Check Point plan to disclose a flaw at the Black Hat Asia conference which they claim endangers the way mobile device management software interacts with iPhones and iPads. Check Point calls the vulnerability "SideStepper" because it sidesteps the normal app approval process

Hackers can abuse the iOS mobile device management protocol to deliver malware (IDG via CSO) The attack bypasses the restrictions for enterprise app deployment introduced in iOS 9, Check Point researchers said

Linux security isn’t enough to stop data breaches (Help Net Security) There is a difference between the security of an operating system and the security of the data created, which is edited and manipulated by people and saved on the operating system

Malvertising Thrives in 'Shady' Parts of Highly-Automated Ad Networks (eWeek) Attacks on highly-automated ad networks serving major Websites demonstrate that attackers are finding ways to exploit the poorly-defended online ad market

Adwind at centre of cyber attack on Singapore bank (ComputerWeekly) Kaspersky Lab has revealed that the Adwind malware-as-a-service platform was at the centre of an attack on a Singapore bank

Brazilian and Russian cybercrooks collaborating to create more potent threats (Register) Borrowed technologies, code obfuscation, and a lot more in their bag of tricks

In Brief: The Unusual Suspects -- DeMystifying Attack Groups (Dark Reading) Colin McKinty, vice president of cybersecurity strategy, Americas, for BAE Systems joins Brian Gillooly at the RSA Conference to talk about how knowledge of your adversary--and knowing that they are, after all, just fallible human beings -- can be used to fight back

Islamic State urges attacks on German chancellery, Bonn airport: SITE group (Reuters) Islamic State posted pictures on the Internet calling on German Muslims to carry out Brussels-style attacks in Germany, singling out Chancellor Angela Merkel's offices and the Cologne-Bonn airport as targets, the SITE intelligence group reported

ISIS Turns Saudis Against the Kingdom, and Families Against Their Own (New York Times) The men were not hardened militants. One was a pharmacist, another a heating and cooling technician. One was a high school student

How hackers are targeting title and settlement companies (Housing Wire) Wire transfers in the crosshairs

Law Firm Data Breaches Besiege Client Confidentiality (Legaltech News) Big Law is struggling to protect privileged and sensitive information among the onslaught of breaches, an ever-demanding workload, and their own human errors

Litigation, Investigation, and Enforcement

UK cops tell suspect to hand over crypto keys in US hacking case (Ars Technica) Lauri Love faces extradition to US over hitting Federal Reserve, among others

Father begs Apple CEO to help unlock his dead 13-year-old son’s iPhone (Ars Technica) "I think Apple should offer solutions for exceptional cases like mine"

Why Do the Feds Usually Try to Unlock Phones? It’s Drugs, Not Terrorism (Wired) Until the FBI backed down from its battle with Apple over accessing the iPhone 5c of San Bernardino shooter Syed Rizwan Farook, it seemed the agency had chosen a near-perfect case on which to make its stand against encryption

Epic battle of privacy versus justice ends with a whimper (FierceITSecurity) Well, it looks like the dispute between the FBI and Apple over access to encrypted data on the iPhone used by the San Bernardino shooter Syed Farook has been resolved by technology

FBI agrees to help Arkansas prosecutors open iPhone after hack of San Bernardino device (Los Angeles Times) The FBI has agreed to help prosecutors gain access to an iPhone 6 and an iPod that might hold evidence in an Arkansas murder trial, just days after the agency managed to hack an iPhone linked to the San Bernardino terror attacks, a local prosecutor said Wednesday

FBI Tests Technique’s Ability to Unlock More Versions of iPhone (Wall Street Journal) Government is likely to take months to decide whether to give Apple details of security flaw exploited to decipher encrypted data

Inside the FBI Investigation of Hillary Clinton’s E-Mail (Time) FBI director Jim Comey first investigated the Clintons 20 years ago

Law enforcement requests for customer data continue upward climb, says Microsoft (FierceITSecurity) Law enforcement requests for customer information jumped 11 percent in the second half of 2015, the second straight substantial increase, according to Microsoft's latest transparency report

Reddit deletes surveillance 'warrant canary' in transparency report (Reuters) Social networking forum reddit on Thursday removed a section from its site used to tacitly inform users it had never received a certain type of U.S. government surveillance request, suggesting the platform is now being asked to hand over customer data under a secretive law enforcement authority

Reddit’s missing ‘warrant canary’ suggests classified data requests from feds (TechCrunch) Reddit issued its annual transparency report Thursday morning, listing the amount and type of data requested by various authorities

How Barbie-doll maker Mattel clawed back $3m from cyberthieves (Naked Security) Barbie may well be a pinch-waisted physiological phantasy, but her maker, Los Angeles-based toymaker Mattel, is anything but

The Twitter jihadi: Man admits encouraging support for Islamic State by sending 8,000 tweets (Telegraph) n Islamic State fanatic has admitted sending thousands of tweets encouraging terrorism

Design and Innovation

Microsoft Plans Army of Artificial Intelligence Bots (Newsweek) Microsoft's chatbot Tay may have backfired but the tech giant is planning many more

Why firms are piling into artificial intelligence (Economist) Sometimes it is perceived as a figment of the far future. But artificial intelligence (AI) is today’s great obsession in Silicon Valley

Forget About Big Data: Teaching Computers to Think Just Like Humans Is the New Big Thing (Haaretz) Deep learning, the technology that gets computers to mimic the process occurring in the human brain, is the newest buzzword in the high-tech world

Before robots can take over they need better security against hackers (Naked Security) Today’s robots are far smarter and more capable than the clumsy and awkward robots of the 1980s and 1990s

Meeting cybersecurity challenges through gamification (TechCrunch) When it comes to cybersecurity issues, we always seem to be dealing with either shortages or excess

The Artist Using Museums to Amplify Tor’s Anonymity Network (Wired) For the past few years, Trevor Paglen has been at the vanguard of a movement of fine artists who have led gallery-goers to grapple with the realities of online privacy and government spying

Google reverses Gmail April 1 prank after users mistakently put GIFs into important emails (TechCrunch) Google has reversed one of its April Fools’ Day pranks after it caused a number Gmail users to unwittingly insert GIFs into business emails and other important communications

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Cyber Risk Management 360 (Baltimore, Maryland, USA, Apr 7, 2016) The Cybersecurity Association of Maryland, Inc. (CAMI) is partnering with the MD Department of Commerce, Chesapeake Regional Tech Council and Greater Baltimore Committee to host our first Signature event designed to help keep Maryland’s businesses cyber secure and connect them with Maryland’s cybersecurity providers. Join us for an information-packed cybersecurity panel discussion followed by a business exchange and networking hour during which attendees can visit sponsor and MD cybersecurity company exhibits.

upcoming Events

Women in Cyber Security 2016 (Dallas, Texas, USA, Mar 31 - Apr 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional Development), WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. Any individual or organization interested in supporting recruiting and retention efforts for women in cybersecurity is encouraged to participate

SANS Atlanta 2016 (Atlanta, Georgia, USA, Apr 4 - 9, 2016) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts so that you can win the battle against a wide range of cyber adversaries who want to harm your digital environment

Billington CyberSecurity INTERNATIONAL Summit (Washington, DC, USA, Apr 5, 2016) On April 5, in Washington, D.C., join leading cybersecurity officials from across the globe at the Billington CyberSecurity INTERNATIONAL Summit to engage in an intensive information exchange between leading US and global corporate and government executives

Cyber Security Summit Atlanta (Atlanta, Georgia, USA, Apr 6, 2016) The Inaugural Atlanta Cyber Security Summit will be held April 6th at the Ritz-Carlton, Buckhead. This event is for Sr. Executives only. We are Honored to have the US Asst. Attorney General of National Security, the Honorable John P. Carlin keynote along with experts from The FBI, The US Secret Service, Intel Security and dozens more. The invited attendees will have a catered breakfast, lunch & cocktail reception with fellow business leaders. Limited Passes still available, for 50% off use promo code cyberwire50 at CyberSummitUSA.com (just $125 with code).

ASIS 15th European Security Conference & Exhibition (London, England, UK, Apr 6 - 8, 2016) ASIS Europe 2016 invites you to join security professionals and experts from over Europe and beyond in one of the most dynamic centres of business and culture in the world

ISC West 2016 (Las Vegas, Nevada, USA, Apr 6 - 8, 2016) ISC West is the leading physical security event to unite the entire security channel, from dealers, installers, integrators, specifiers, consultants and end-users of physical, network and IT products. With over 1,000 exhibitors and brands, spanning hundreds of product categories, it's the Must-Attend event for the global security industry. ISC West is where the security community gathers to see new products and technologies first, to network with other security professionals, and to stay on top of emerging security risks with cutting edge education

Cybersecurity and Privacy Protection Conference (Cleveland, Ohio, USA, Apr 7 - 8, 2016) The Center for Cybersecurity and Privacy Protection 2016 Conference will bring together experienced government officials, in-house counsels, business executives, cyber insurance leaders, litigators, information security officers and privacy managers to discuss current developments and best practices in cybersecurity and privacy protection. The conference is aimed at identifying innovative strategies that integrate legal, managerial and technical approaches to managing cyber and privacy risks. Join us to connect and engage with leading experts who will address cyber and privacy risk-management strategies, regulatory compliance, civil litigation following high-profile data breaches, law enforcement cooperation and information-sharing models, incident-response and cyber-risk insurance.

Spring Conference 2016: Creating a Cybersecurity Communtiy (Los Angeles, California, USA, Apr 11, 2016) The ISACA Los Angeles Chapter provides affordable quality training on fundamental information systems auditing concepts and emerging technology risks, and an opportunity to network with other auditing and security professionals.The Spring Conference is the leading Information Systems IT governance, control, security and assurance event for the Southern California area.

Rock Stars of Risk-based Security (Washington, DC, USA, Apr 12, 2016) Virtually every company will be hacked, and today, experts accept that a 100% security solution is not feasible. Advanced risk assessment and mitigation is the order of the day. Rock Stars of Risk-Based Security is the must attend symposium of its kind in 2016 on this critical new reality.

Federal Security Summit 2016 (Washington, DC, USA, Apr 12, 2016) Advanced threats and more sophisticated hackers are making it increasingly difficult to protect mission-critical government systems and communications. The U.S. Government is probed 1.8 billion times per month, and 66% of these breaches take up to a year to be discovered. With over 200,000 new malicious programs created daily, what are agencies doing to fight off cyber attacks and keep systems secure? This interactive working breakfast panel will share best practices and solutions.

Workforce 2.0: How to Cultivate Cybersecurity Professionals (Baltimore, Maryland, USA, Apr 12, 2016) Please join Passcode along with White House Chief Information Officer Tony Scott and other leading figures in digital security to explore the newest ideas and approaches to close the cybersecurity skills gap. At the event, Passcode will also launch its new Security Culture section that will unpack and illustrate the far-reaching and increasingly important role that digital security plays in daily life.

Threat Hunting & Incident Response Summit 2016 (New Orleans, Louisiana, USA, Apr 12 - 13, 2016) The Threat Hunting & Incident Response Summit 2016 focuses on specific hunting and incident response techniques and capabilities that can be used to identify, contain, and eliminate adversaries targeting your networks. Attend this summit to learn these skills directly from incident response and detection experts who are uncovering and stopping the most recent, sophisticated, and dangerous attacks against organizations

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Ransomware recovery. SideStepper iOS bug. Crypto wars updates.