The CyberWire Daily Briefing 04.19.16

Summary

By The CyberWire Staff

ISIS sympathizers return to the cyber offensive, in a way, defacing state government sites in Wisconsin with pro-Jihad messages. CSO characterizes the attackers as “script kiddies,” which is consistent with ISIS hacktivists’ track record.

In other notes on ISIS, the Combating Terrorism Center at West Point has worked through the data stolen from the jihadist group by a disillusioned adherent. Their conclusion is that the data are genuine. The defector, “Abu Mohammed,” broke with ISIS over the group’s enslavement of Yazidi women.

A Security Research Labs white hat has demonstrated smartphones’ vulnerability to eavesdropping and geolocation. The weak point, common to most phones and carriers, lies in the SS7 routing protocol. SS7 is used by more than 800 telecommunication companies worldwide to achieve mutual interoperability.

Proofpoint reports finding a new ransomware variant, “CryptXXX,” which they’ve traced to the criminal group behind Reveton. CryptXXX is being dropped by the Angler exploit kit.

Checkpoint has released its periodic report on the prevalence of various malware strains. The familiar Conficker, Sality, and Cutwail families maintain their position atop the leaderboard. The top three mobile strains are HummingBad, AndroRAT, and Iop.

The GozNym “double-headed” financial malware being tracked by IBM Security is apparently enjoying a successful run, netting some $4 million from US and Canadian banks.

Anonymous has opened a Dark Web communication service, hoping thereby to improve hacktivist skills and coordination.

The general shortage of cyber labor is affecting the black market. Recruiting traffic is exposing more criminal enterprises to threat intelligence analysts.

Notes.

Today's issue includes events affecting Algeria, Australia, Bangladesh, China, European Union, India, Iraq, Ireland, Israel, Syria, United Kingdom, United States

We'll be covering the SINET ITSEF conference from Mountain View, California, today and tomorrow. Watch for our customary live-Tweets and special issues.

On the Podcast

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day.

Sponsored Events

SINET IT Security Entrepreneurs Forum (ITSEF) 2016 (Mountain View, California, USA, April 19 - 20, 2016)

Cyber Security Summit (Dallas, Texas, USA, May 3, 2016)

Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016)

Selected Reading

Cyber Trends

Cybersecurity checkup: New Ponemon study reveals how healthcare sector is doing (We Live Security) Health information is both super personal and mission critica

Why You Should Be Excited About Future Tech (BizCatalyst360) Sure, robotics, the Internet of Things, data analytics, and other disruptive trends are intimidating, but they will improve our lives

Cloud Stampede Is On, But Who's Watching Security? (Information Week) A survey by Intel and the Cloud Security Alliance finds that the use of cloud services is increasing, but more in-depth security measures are needed

Over 30% of Irish businesses fearful of cyber-attack (NewsTalk) A poll on the subject was run by PriceWaterhouseCooper

Do APAC Security Leaders Hold a Global Advantage? (InfoRisk Today) Forcepoint's Garavello says Asians' grasp of big picture is better

Legislation, Policy and Regulation

A 'big science' approach for Australian cybersecurity research? () Australia's Cyber Security Strategy, to be released this Thursday, will include an emphasis on research and development, as well as education. How might that unfold?

Strategies to Tackle New Age Cybercrime (InfoRiskToday) India needs at least $4 billion in public-private partnership mode by 2019 to address cybercrime-related challenges at individual and organizational levels, estimates a new study by Associated Chambers of Commerce and Industry of India and Mahindra Special Services Group

DoD taking multi-pronged mobility approach (C4ISR & Networks) Security is top priority as the Defense Department continues to embrace mobility, and officials are looking at multiple paths toward an end goal that empowers troops and personnel

Obama Cybersecurity Panel May Not Be Effective (Bloomberg BNA) President Barack Obama's chosen candidates for a new commission may not have the appropriate experience to provide effective recommendations for improving U.S. cybersecurity, an industry insider told Bloomberg BNA

CrowdStrike General Counsel and Chief Risk Officer Appointed to the White House Commission on Enhancing National Cybersecurity (BusinessWire) Steven Chabinsky to work with a panel of renowned experts to bolster the nation’s cybersecurity

Familiar face returns to Cyber Command (FCW) After two years as commanding general of the Army's Intelligence and Security Command, Maj. Gen. George J. Franz III is heading back to Cyber Command, where he will be director of operations, the Pentagon announced

Telangana Plans CyberSec Framework for 2016 (InfoRisk Today) Emphasis on skill development and collaboration to address future threats

Products, Services, and Solutions

Palo Alto Networks working to share threat intelligence (Network World via CSO) Goal is rapid discovery of attacks and creating defenses against them

Unisys Delivers Award-Winning Micro-Segmentation Security on Microsoft Azure (RealWire) Unisys Stealth(cloud)™ to deliver added security at a lower cost to users of Microsoft Azure, a platform used by 85 percent of Fortune 500 companies in 140 countries

Blue Coat Systems Delivers Compliance Options for the Oracle Applications Cloud (Yahoo! Finance) Blue Coat Cloud data protection enables customers to proactively address emerging data protection regulations that can complicate cloud adoption

Nessus Vulnerability Scanner Now Monitors Docker Containers (Techspective) The de facto leader when it comes to vulnerability management is Nessus from Tenable Network Security. The de facto leader when it comes to container ecosystems is Docker. Now you can combine the two because Nessus 6.6 allows you to monitor and protect Docker containers and the container environment

Technologies, Techniques, and Standards

Coping in a 'Code Yellow' World with Threat Intelligence (Infosecurity Magazine) The Cooper Colour Code was a system invented in the 1980s by a former US Marine to classify awareness to danger. Today, Jeff Cooper’s Code is taught to the military, police and private security forces worldwide, with white, yellow, orange and red used to describe four different combat mindsets

Secure fraud-prone new online payments with machine learning, social-network analysis: BAE expert (CSO) The streamlining of international payment systems may have created new opportunities for criminal fraudsters, but one financial-security specialist believes the sector is finding new ways to fight back by using social-media analytics to ferret out fraudulent activity that might otherwise go unnoticed

Insider Threat Remains a Top Concern (InfoRisk Today) India Inc. shares insights, recommendations on insider risks

Marketplace

Verizon, wireline unions continue negotiations, but lock horns on healthcare, outsourcing jobs and pensions (FierceTelecom) Representatives from the Communications Workers of America (CWA) and the International Brotherhood of Electrical Workers (IBEW) continued to lock horns with Verizon (NYSE: VZ) management in Philadelphia over the wireline workforce's health care, pension and job security

IBM’s painful transition is far from over (Quartz) IBM announced its quarterly earnings today, and as many analysts expected, the technology giant posted its 16th quarter in a row of falling sales, when compared to the same quarter the year before. IBM’s revenue for the first quarter of the year was $18.7 billion, down about 5% from a year earlier, the company said in a release

8 Cybersecurity Technologies Primed for Commercialization (Washington Business Journal) CACI International Inc. opened the books on its recent acquisition, the $1.1 billion National Security Solutions spinoff of L-3 Communications Corp. (NYSE: LLL). And while the numbers revealed don’t provide a clear picture of what CACI’s size will be when the company reports a full year of earnings NSS, it is the most intimate look at the business to date

From Jerusalem shall come forth cyber-security, says cyber guru (Times of Israel) A planned Jerusalem-based Expert Center aims to help companies make themselves immune from growing threats by hackers

Malwarebytes CEO wants to 'reinvent security' (CRN) Anti-malware vendor's CEO wants to remake the way security software works

FireEye: A Stock To Keep Your Eye On (Seeking Alpha) Being a leader in a solution to a growing problem leaves it with huge upside potential. Unhealthy past finances are taking a turn toward sustainability. Negative earnings have caused investors to oversell

Quick Heal spurts after respite in Manohar Malani case (Business Standard) Quick Heal Technologies jumped 7.44% to Rs 238.30 at 14:55 IST on BSE after the company said the First Class Judicial Magistrate observed that there was nothing on the record to show the accused Manohar Malani ever held any shares of the company

Feds Prep for Cybersecurity Buying Spree (E-Commerce Times) The U.S. government's objectives for improving cybersecurity are taking shape in updated contracting procedures, contracts and projected increases in spending. Several recent developments have underscored the federal commitment to bolstering the protection of IT resources

Navy, Marines issue $26M contract for cyber training (FedScoop) The Navy and Marines are looking for a small business to build a curriculum to train their cyber command teams

Research and Development

MIT AI Researchers Make Breakthrough On Threat Detection (Dark Reading) New artificial intelligence platform offers 3x detection capabilities with 5x fewer false positives

Meet MIT's New Cyber-Attack Detection Tool (PC Magazine) Cyber crime never sleeps, but researchers from MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) and machine-learning start-up PatternEx are working to thwart the next big attack

MIT boffins build AI bot that spots '85 per cent' of hacker invasions (Register) So ... it still lets in more than one in ten attacks

Cyber Attacks, Threats, and Vulnerabilities

Pro-Daesh hackers target Wisconsin government websites (CSO) Daesh script kiddies spent the weekend posting propaganda on more than 80 domains

How hackers eavesdropped on a US Congressman using only his phone number (Ars Technica) SS7 routing protocol also exposes locations, contacts, and other sensitive data

Hackers can track your iPhone whatever security measures you take (Hack Read) After all the fuss about how the FBI was able to get a pass into an iPhone recently, 60 Minutes decided to do their own research. Unfortunately according to the results that were found, regardless of the strong encryption system that Apple puts on our devices, most users are still at risk

CryptXXX: New Ransomware From the Actors Behind Reveton, Dropping Via Angler (Proofpoint) Proofpoint researchers recently found a previously undocumented ransomware spreading since the end of March through Bedep after infection via the Angler Exploit Kit (EK)

Ransomware: Is It Ever OK to Pay? (Inforisk Today) Payoffs create 'perverse incentive' for attacks to continue

Meet the ISIS Defector Who Handed Over Stolen Personnel Files (NBC New) We've become accustomed to seeing leaked documents, stolen from governments and corporations but we never expected to get our hands on the raw intelligence treasure trove known as "The ISIS Files." The man who gave us the files was hardly a classic whistleblower

Out-of-date apps expose three million servers to crypto ransomware (Inquirer) And you thought you had problems

Threat of Mobile Malware Continues to Grow as 'HummingBad' Attacks Move Up Check Point Research Rankings (MarketWired) At the company's annual customer event, the Check Point Customer Experience (CPX), Check Point® Software Technologies Ltd. (NASDAQ: CHKP) today announced the most prevalent malware families being used to attack organizations' networks and mobile devices globally in March 2016

‘Double-Headed Beast’ Malware Steals $4 Million From US Banks In 3 Days (Money Street) In early April, cybercriminals believed to be of Eastern European origin unleashed a malware that stole $4 million from more than 24 American and Canadian banks in just a few days, security researchers at IBM said today

The POS Malware Epidemic: The Most Dangerous Vulnerabilities and Malware (IBM Security Intelligence) Point-of-sale (POS) malware is an information security ailment that, within less than seven years, reached colossal proportions and became more damaging to organizations than almost any other threat

Are Two Bank Breaches Related? (InfoRiskToday) Within the span of just a few days, customers of two public sector banks lost several lakhs of rupees from their accounts to hackers. Security experts say the modus operandi used by the hackers were strikingly similar, with likely ties to one of the world's biggest banking malware variants

Hacking Team hole still unpatched, exploit pop doc claims (Register) 'Phineas Fisher' says embedded device pwnage exposed spyware-for-states firm

Anonymous Launches Dark Web Chat Service (Hack Read) The news was announced on the popular Twitter accounts of the hacktivist group and very soon it was circulating all over social media. The post stated that Deep Web will be hosting Anonymous’ chat service through which the group members will get to strengthen their position. Another important objective that the hackers aim to achieve through this new service is to “arm the current and coming generations of internet activists with education"

CEO targeted by fraud twice a month (CSO) Every couple of weeks or so, Tom Kemp's company gets hit by ever-more-sophisticated attempts to trick them out of large sums of money

A Detailed Look at the CBS Sports App March Madness Data Leak – What Really Happened? (Awful Announcing) Last week’s story of security company Wandera accusing CBS Sports of a March Madness data leak, with CBS strongly denying it and suggesting Wandera was self-promoting, has seen some further interesting developments

Google and Microsoft’s shortened URLs make it easy to spy on people (Naked Security) Shortened URLs are convenient: they’re a whole lot easier to handle than unwieldy strings that email messes up with line breaks when you cut and paste them

A History of SQL Injection (Now With More Pirates) (Duo Security) Attackers can inject SQL commands into an SQL statement via web pages, compromising the security of a web application. The commands can potentially give attackers access to usernames and passwords, or any other kind of data available in a target database

Brits are risking employers' cyber security with illegal downloads (Information Age) New research shows that 59% of UK citizens that use personal devices to access corporate networks are using the same device to access illegal pirate content

Google Finds 800,000 Websites Breached Worldwide (Dark Reading) In the past year, the search engine giant has detected close to 800,000 sites infected with drive-by download malware and other malicious content aimed at nabbing unsuspecting visitors

Cyber criminals shift sights from whole companies to individual employees (Yahoo! Finance) Every day, government agencies and private businesses are under threat from cyber criminals. While that is nothing new two recent industry reports show the tactics being used to attach them have changed, and technology alone is insufficient to stop the threat

The Hiring Shortage Hits Black-Hat Hackers (IBM Security Intelligence) An interesting analysis in Digital Shadows recently spoke about the hiring shortage that has befallen the black-hat hacker community. While most enterprise IT managers are frustrated about getting skilled cybersecurity personnel for their own teams, there are some unexpected benefits, too

Academia

NSA crowns U.S. Military Academy in 16th cyberdefense exercise (Military Embedded Systems) National Security Agency (NSA) officials announced the U.S. Military Academy at West Point as the winner of the NSA's 16th Annual Cyber Defense Exercise (CDX). NSA's CDX - sponsored by NSA's Information Assurance Directorate (IAD) - challenged service academy teams to protect networks that were designed, built, and configured at their respective schools

Litigation, Investigation, and Enforcement

Microsoft cites new EU personal data rules in support of email dispute (IDG via CSO) Microsoft has refused to provide to the U.S. government emails stored in Ireland

Apple rebuts DOJ's appeal in N.Y. meth dealer's iPhone case (Computerworld via CSO) 'Government has utterly failed to ... demonstrate that Apple's assistance is necessary' to crack security, company argues

Bangladesh says 20 foreigners involved in theft from NY Fed (AP) Bangladesh investigators have determined that at least 20 foreigners were involved in the cybertheft of $101 million from the Bangladesh central bank's account in the Federal Reserve Bank of New York, a senior investigator said Monday

Barletta chairs hearing on protecting the U.S. electrical grid (Homeland Preparedness News) The Subcommittee on Economic Development, Public Buildings and Emergency Management, chaired by U.S. Rep. Lou Barletta (R-PA), held a hearing entitled “Blackout! Are We Prepared to Manage the Aftermath of a Cyber-Attack or Other Failure of the Electrical Grid?” on Thursday to examine the potential consequences of a massive cyber attack on the U.S

BlackBerry Won't Confirm or Deny it Gave Encryption Keys to Law Enforcement (Motherboard) Last week, a joint investigation by Motherboard and VICE News revealed that Canada’s federal police are in possession of the “global encryption key” that unlocks every non-corporate BlackBerry user’s encrypted BBM messages. But we didn’t know how they got it

How 'Britain's FBI' hacks into computers to catch criminals and cyber-gangs (International Business Times) In a rare glimpse into the scope of its active surveillance operations, the UK's National Crime Agency (NCA), also dubbed the 'British FBI', has outlined some examples of the computer hacking and snooping techniques it uses to help catch crooks involved in everything from financial cybercrime to sextortion schemes

Risk of Exposing Navy Secrets Could Complicate Edward Lin Prosecution, Former Military Lawyers Say (USNI) Risk of Exposing Navy Secrets Could Complicate Edward Lin Prosecution, Former Military Lawyers Say

9 Years Prison, $1.7 Million Fine For Malicious Insider (Dark Reading) Former IT engineer stung for destructive attack on law firm

Design and Innovation

Apple, Facebook, Google, and Microsoft pursue strong security, but differing notions of privacy (Macworld) Giant corporations are now swinging their power in favor of users, but each approach doesn't yield the same outcome

Unclear Sense of Ownership Hurts API Security (IT Business Edge) Application programming interfaces (APIs) are the backbone of the digital world, and as such, API security needs to be tight

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Are You Protecting Your Business? Why Cyber Threat is a C-Level Priority (Cerritos, California, USA, April 26, 2016) Whether you’re a company of five or 5000, join us for this educational workshop and learn innovative ways to protect your small business from #cybercrime. FBI Special Agent Joey Abelon will share FBI insights on fighting cybercrime. Akilah Kamaria will share strategies your organization can use to prepare for and respond to a cyber incident. Jim Kinmartin will share information on cyberfraud insurance and its role in helping to protect companies from cybercrime losses. This workshop is interactive and will begin with a broad overview of topics such as phishing scams, malicious software, identity theft risks, social engineering, and much more. Then, with data gathered from recent, real-life examples, as well as contemporary information provided directly by the FBI, hear about the most current trends, tactics, and procedures in use by cyber-criminals who target small and middle market businesses.

upcoming Events

CSO 50 Conference and Awards (Litchfield Park, Arizona, USA, April 18 - 20, 2016) We at CSO, the award-winning media brand, will bring you speakers from up to 50 organizations with outstanding security prowess. Over 2 ½ days, these distinguished executives and technologists will share their experiences and insights not only in preventing and detecting breaches but in selling and funding their programs to senior management and demonstrating business value.

2016 Cybersecurity Symposium ( Coeur d’Alene, Idaho, USA, April 18 - 20, 2016) The Cybersecurity Symposium: Your Security, Your Future is an opportunity for academic researchers and software and system developers from industry and government to meet and discuss state of the art processes related to cybersecurity, which will include practice research and technologies. This symposium seeks submissions from academia, industry, and government to present innovative research, case studies, and best practices on all practical and theoretical aspects of cybersecurity.

Creech AFB–AFCEA Las Vegas Cyber Security, IT & Tactical Tech Day (Indian Springs, Nevada, USA, April 19, 2016) The Armed Forces Communications & Electronics Association (AFCEA) Las Vegas Chapter, with support from the 432d Wing, will host the 4th Annual Cyber Security, IT & Tactical Technology Day at Creech AFB on Tuesday, April 19, 2016. This is an excellent opportunity for technology, cyber and tactical technology companies to meet with remote personnel at Creech AFB

Amsterdam 2016 FIRST Technical Colloquium (Amsterdam, the Netherlands, April 19 - 20, 2016) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams

Security & Counter Terror Expo 2016 (London, England, UK, April 19 - 20, 2016) Security & Counter Terror Expo (formerly Counter Terror Expo) is the event for any professional tasked with protecting assets, business, people and nations from terrorism. It brings over 9000 attendees from across the globe together to see the latest technology, hear about the latest developments, share best practice and ensure that their threat mitigation strategies are effective

SINET IT Security Entrepreneurs Forum (ITSEF) 2016 (Mountain View, California, USA, April 19 - 20, 2016) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on addressing the Cybersecurity challenge.

SecureWorld Philadelphia (King of Prussia, Pennsylvania, USA, April 20 - 21, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

2016 Akamai Government Forum: Safeguarding a Dynamic Government — End–to–End Security for your Agency (Washington, DC, USA, April 21, 2016) Today's public demands a high performance — and safe — web experience from government and public organizations. And public IT leaders require flawless web protection to securely meet that demand. Join leading government cyber, IT, and web professionals at the 2016 Akamai Government Forum, an engaging one–day discussion, where we will dialogue on the critical aspects — and tools — for safeguarding a dynamic government in our hyperconnected world. Hear real time intelligence on the latest internet vulnerabilities and emerging attack vectors while sharing best practices on how to stop the largest Distributed Denial of Services and web application attacks. Find out how to enable safer, faster, resilient delivery of mission critical and public facing services. Learn the latest layered security tactics and other tools for securely optimizing your agencies digital presence — along with much more

Army SIGINT (Fort Meade, Maryland, USA, April 25, 2016) Approximately 500 attendees will come together to discuss future technologies in Signals Intelligence (SIGINT), focusing on applications for the actual users in the field (the soldiers). Most attendees will be Army personnel from outside of the Ft. Meade area. FBC will be working with the Army to invite all local Ft. Meade personnel and contractors to the expo as well. The industry expo will be held for one day only during the "Emerging Technologies" portion of the conference

6th European Data Protection Days (EDPD) (Berlin, Germany, April 25 - 26, 2016) The EDPD Conference will provide participants from the business side with all the important news and updates for the international data protection business at a high level. These include key developments such as the EU General Data Protection Regulation and the landmark decision by the European Court of Justice that the Commission’s US Safe Harbor decision is invalid.

CISO San Francisco (San Francisco, California, USA, April 26, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more

Staying Ahead of the Curve - Securing a Nation Amid Change (Washington, DC, USA, April 26, 2016) A discussion of the changing cybersecurity landscape, featuring a keynote by General Keith Alexander, former Director, National Security Agency, and a panel discussion of the challenges facing Federal security leadership.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.