The CyberWire Daily Briefing 04.26.16

Summary

By The CyberWire Staff

Reuters reports that SWIFT, the international financial transfer network, has warned customers that the Bangladesh Bank cyber robbery wasn’t unique in exploiting SWIFT software vulnerabilities to mask fraudulent transactions. “Malicious insiders or external attackers” have submitted bogus messages to the SWIFT network on more than one occasion, according to Reuters’ account of a warning circulated privately to SWIFT customers. The criminals behind the fandation [sic] to which $81 million were funneled remain unknown.

Observers draw a lesson from the robbery—enterprises should be aware of, monitor, and control what goes on inside their perimeter, looking for lateral movement, privilege elevation, etc.

Blue Coat Labs reports an active ransomware campaign targeting older Android systems. (Threatpost compares it to the exploitation of older, Windows XP machines.) The attackers are locking Android devices with Dogspectus ransomware delivered with the Towelroot exploit kit. The demand (communicated in an entirely implausible attempt to sound like an official US security agency) is for $200 in iTunes gift cards. Towelroot delivers its payload via drive-by malicious advertising. The exploits themselves seem, researchers say, to be old Hacking Team tools.

In the US, senior military officers hint obliquely about their fear of foreign compromise of Defense supplier networks.

US Director of National Intelligence Clapper said yesterday that Snowden’s leaks accelerated the development and widespread dissemination of commercial encryption by about seven years. “From our standpoint,” says the DNI, “it’s not a good thing.”

In industry news, the SecureWorks IPO still shows no more than a dead cat bounce.

Notes.

Today's issue includes events affecting Australia, Bangladesh, Belgium, European Union, India, Iran, Iraq, Democratic Peoples Republic of Korea, Philippines, Poland, Portugal, Syria, United States

On the Podcast

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. In particular, tune in for the Johns Hopkins University's Joe Carrigan, who'll tell you what happened when a security-savvy mark got one of those tech support scam phone calls.

Sponsored Events

Cyber Security Summit (Dallas, Texas, USA, May 3, 2016)

Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016)

Selected Reading

Cyber Trends

New encryption technology is aiding terrorists, intelligence director says (Christian Science Monitor) New, commercially available encryption software 'had and is having major, profound effects on our ability' to collect intelligence, 'particularly against terrorists,' James Clapper told reporters at a Monitor-hosted breakfast

Snowden Leaks Advanced Encryption by 7 Years, U.S. Spy Chief Says (Fortune) You can thank Edward Snowden, the ex-National Security Agency contractor who leaked a cache of state spy secrets in 2013, for the increased use of computer encryption today, according James Clapper, the U.S. Director of National Intelligence. Or rather you can blame Snowden, if your viewpoint happens to align with Clapper’s

Verizon DBIR: Over Half Of Data Breaches Exploited Legitimate Passwords In 2015 (Dark Reading) Financial sector suffered the most breaches last year, followed by the accommodation/hotel sector

Enterprises fall behind on protecting against phishing, detecting breaches (CSO) The ninth annual Verizon Data Breach Report came out this morning with bad news on multiple fronts

What govies can learn from this year's Verizon data breach report (Fedscoop) The public sector was the runaway leader in security incidents. That doesn't mean its security personnel are doing a bad job

Cybercriminals shift focus from financial sector to retail (Enterprise Innovation) The retail sector experienced almost three times as many attacks as those in the financial sector, new research published in the NTT 2016 Global Threat Intelligence Report reveals

Identity Management: Where Cloud Security Falls Short (InformationWeek) A report by the Cloud Security Alliance finds that identity management tools and processes are key to ameliorating the threat of breaches. The report reveals which tools are most popular, and which are underutilized

IoT Security Will Reach $840 Million By 2020, Gartner Finds (InformationWeek) The IoT security market will hit its stride in 2020, according to Gartner, driven by IoT growth in energy management, the automotive industry, consumer applications, and an increase in malware attacks

You are not safe. Cyber attacks to steal consumer data rose by 200% in 2015 (Business Insider) This is a very bad news for netizens. Cyber criminals have devised what is now called 'fake technical support' model to steal consumer data. According to a report by security software firm Symantec, scams involving fake technical support saw a whopping 200% increase in 2015 across the world

Legislation, Policy and Regulation

Belgium urges EU to help gather sensitive social media data (AP via Fox News) Belgium has urged the European Union to help anti-terror investigators gather electronic data from social media to prevent attacks like those in Brussels last month

US cyber command opening up new front against ISIS (Fox News) The U.S. is supplementing its ground and aerial assaults on ISIS with a cyber-attack campaign, opening up a new, high-tech front in the war against the Internet-savvy terror group

US Cyber Command Hacks ISIS (Dark Reading) 'Cyber bombs' target ISIS online communications infrastructure

Lawmakers Want the Pentagon’s Red Team Hackers to Be More Like China and Iran (Defense One) It's all part of a push to make training more realistic and much more frequent, year by year

A Cyber JSOC Could Help the US Strike Harder and Faster (Defense One) A network-attack analogue to the manhunting Joint Special Operations Command would allow cyber warriors to decide, deconflict, and execute more effectively

Military commands sorting out confusion over who’s in charge during cyber attack (Federal News Radio) Defending U.S. critical infrastructure against cyber warfare has been one of the three primary missions of U.S. Cyber Command almost since its creation in 2009, yet various DoD policy documents are at odds with one another when it comes to which organization would lead the military response to an actual cyber attack

DOD says it's prepared to support civilian response to a cyberattack (Defense Systems) Defense Department officials pushed back Friday against criticisms levied against the lack of clarity in chain of command for domestic cyberattacks. “So there’s been a lot of discussion, ‘We don’t know how to do this’ or there [are] disconnects there, but I don’t think that’s the case at all,” Lt. Gen. James “Kevin” McLaughlin, deputy commander of the U.S. Cyber Command, said. “I think we know how to do it; we’re making sure that in the event that it happens we’re ready to execute"

Air Force's cyber boss: Military needs to innovate at 'cyber speed' (Defense Systems) Two of the common, long-running criticisms aimed at the Defense Department are that it has a lethargic acquisition process and, during peacetime, falls short on innovation. The two appear to converge in the emerging cyber domain, as threats move at what many describe as “cyber speed"

DISA fine-tunes last year’s reorganization (C4ISR & Networks) The Defense Information Systems Agency in January 2015 underwent a major reorganization that changed everything from the org charts to the way business is carried out on a day-to-day basis

TSP board’s budget feeling stress of cyber upgrades, audits (Federal News Radio) Cybersecurity upgrades are putting a strain on the Federal Retirement Thrift Investment Board’s (FRTIB) budget, which said it may need additional funding before the fiscal year ends

Products, Services, and Solutions

InfoArmor Introduces PrivacyArmor Secure™, a Solution Developed to Help Enterprises Protect Corporate Data and Employees From Evolving Threats (Marketwired) Solution integrates identity protection with security awareness training and VigilanteATI Accomplice™ Advanced Threat Intelligence Platform

Catskill Hudson Bank Achieves High Security Standards with Help from Tenable Network Security (BusinessWire) Next-generation vulnerability management and analytics from Tenable Network Security help Catskill Hudson Bank deliver on cybersecurity promises and keep customer data safe

Corero lands US$300,000 German deal (Proactive Investors) Corero has landed a series of similar orders, allowing it to build a significant user base for SmartWall

Juniper's New 100-Gbps Firewall Is 'Absolutely Ridiculous -- In A Good Way' (CRN) Juniper Networks is throwing down the gauntlet in the security market by enhancing its Software-Defined Secure Networks (SDSN) framework, which it says opens up new software revenue opportunities for channel partners and widens the technology gap against cybersecurity competitors

Fortinet evolves network security with the launch of Security Fabric (FierceEnterpriseSecurity) New security technology from Fortinet aims to extend network security to remote and Internet of Things devices, as well as into the cloud

Unisys Corp. Launches Into Stealth Mode (Forbes) Peter Altabef, president and CEO at Unisys Corporation, said a mouthful on cybersecurity during the tech firms’s Q1 2016 earnings call last week, which is transcribed by Seeking Alpha

ESET adds home internet security features (Telecompaper) ESET announced the availability of the beta version of ESET Nod32 Antivirus 10 together with a new product designed for home users - ESET Internet Security

LightCyber Wins Cybersecurity Excellence Award (BusinessWire) Magna Platform named best intrusion detection & prevention solution for unique ability to quickly and accurately detect targeted and insider network attackers

DMARC Compass Wins Best Fraud Prevention Product in 2016 Cybersecurity Excellence Awards (BusinessWire) Easy Solutions, the Total Fraud Protection® company, announced its DMARC Compass® email authentication solution was named Best Fraud Prevention Product by the 2016 Cybersecurity Excellence Awards

Technologies, Techniques, and Standards

Beheading the hydra: Is infiltration the only way to stop dark web cyber criminals? (Computer Business Review) C-level briefing: John Watters, iSIGHT Partners CEO, explains how to tackle the cyber crime "Walmart" online

Department Of Homeland Security: How To Build Resilient Networks (CRN) Today’s global cybersecurity threats do not allow for any perfect solutions, security expert Juliette Kayyem tells business owners

Officials talk candidly about workforce cyber hygiene (FCW) Cyber experts from both the public and private sector say better governance and more accountability in the federal workforce are needed in order to improve cybersecurity

Healthcare being put at risk by outdated endpoints (MISCO) Securing large hospitals can be a major challenge as they often have thousands of workstations which are used by multiple employees to access confidential patient data, ITProPortal said recently

Surviving InfoSec: Digital Crime And Emotional Grime (Dark Reading) The never ending stream of threats, vulnerabilities, and potential attacks can take its toll on the typical security professional. Here's how to fight back against the pressure

AppSense's Approach to Endpoint Security Validated as Best Practice in SANS Institute Report (Marketwired) White paper highlights privilege management and application control as effective components in defending against malware threats

Marketplace

Cyber threat big for consumer-based sectors: Ted DeZabala, Deloitte (Economic Times) How do you see cyber threat preparedness of Indian companies? Many Indian multinationals have to focus on cyber security because they deal with a lot of sensitive data. Also, a lot of things have occurred in the banking industry and the Indian outsourcing industry. So these companies have been attending to this (cyber security) but they are not talking about it as they are dealing with this for a long time

Womp, Womp: Dell’s SecureWorks IPO Off to a Disappointing Start (VAR Guy) Cybersecurity company breaks tech IPO freeze below expectations

SecureWorks' Success Depends On Management's Ability To Cut Costs (Seeking Alpha) Despite double-digit revenue and client base growth, SecureWorks is still unable to generate any profit. Sales, general and administrative costs are greater than 50% of SecureWorks’ revenue. Is management capable of cutting costs and restructuring the company in any meaningful way?

Reasons To Avoid IBM; Its Relevance To The Overall Market (Seeking Alpha) IBM reported another weak quarter, with more layoffs and declines in multiple business segments. The company refuses to say if more such "workforce rebalancings" are coming. IBM seems always to be going "somewhere," but then finds it should have gone somewhere else. This company appears to be behind the curve in several ways, and this article lays out an "avoid" case for potential new money investors. Issues with IBM over the past few years are beginning to be reflected in the stock market as a whole

Fortinet And Juniper Step Up Their Efforts To Challenge Palo Alto Networks (Seeking Alpha) This Seeking Alpha Eye on Tech column looks at new security product announcements from Fortinet and Juniper, each of which are hoping to slow Palo Alto Networks' rapid growth

EXCLUSIVE: Building ESET from the ground up (ARN) ESET global CEO, Richard Marko, talks about changes in the industry and company growth

Illumio Named One of the Bay Area's Best Places to Work (Marketwired) Company's first nomination lands them in the top 10 for creating an exceptional workplace

Research and Development

Pentagon Wants One-of-A-Kind Encryption Enabled Messaging App (Hack Read) DARPA, the Defense Advanced Research Projects Agency, needs a secure communication and transaction platform that utilizes all the encryption tactics and security features, which popular messaging apps like WhatsApp, Richochet or Signal uses

Bomb-makers, hackers wanted: US seeks public help to prevent attacks (Stars and Stripes) The U.S. government is recruiting hackers and bomb-makers to help strengthen American defenses in hopes of defusing possible terrorist attacks

Security Patches, Mitigations, and Software Updates

Opera adds a (sort of) VPN to its browser (Naked Security) In an effort to improve security Opera has baked a free VPN (Virtual Private Network) into the latest developer version of its Windows and OS X browsers

Cyber Attacks, Threats, and Vulnerabilities

Exclusive: SWIFT warns customers of multiple cyber fraud cases (Reuters) SWIFT, the global financial network that banks use to transfer billions of dollars every day, warned its customers on Monday that it was aware of "a number of recent cyber incidents" where attackers had sent fraudulent messages over its system

Two Bytes to $951M (BAE Systems Threat Research Blog) In February 2016 one of the largest cyber heists was committed and subsequently disclosed. An unknown attacker gained access to the Bangladesh Bank’s (BB) SWIFT payment system and reportedly instructed an American bank to transfer money from BB’s account to accounts in The Philippines. The attackers attempted to steal $951m, of which $81m is still unaccounted for

Malware At Root Of Bangladesh Bank Heist Lies To SWIFT Financial Platform (Dark Reading) Customized malware hid $81 million of wire transfers until the money had been safely laundered

Better SWIFT software design would have thwarted Bangladesh Bank cyber heist (Network World) SWIFT’s application security policy should have anticipated weak cyber defenses for banks in emerging countries

Attackers Behind GozNym Trojan Set Sights on Europe (https://wp.me/p3AjUX-uBx) The banking malware GozNym has legs; only a few weeks after the hybrid Trojan was discovered, it has reportedly spread into Europe and begun plaguing banking customers in Poland with redirection attacks

Towelroot and Leaked Hacking Team Exploits Used to Deliver “Dogspectus” Ransomware to Android Devices (Blue Coat Labs) An exploit kit that is being used to deliver ransomware to Android devices has been discovered to be using several vulnerabilities to install malware onto the victim's phone or tablet silently in the background. Blue Coat Labs discovered the novel attack method when a test Android device in a lab environment was hit with the ransomware when an advertisement containing hostile Javascript loaded from a Web page

Android Ransomware Attacks Using Towelroot, Hacking Team Exploits (Threatpost) A menacing wave of ransomware that locks up Android devices and demands victims pay $200 in Apple iTunes gift card codes is raising concern among security researchers. The ransomware attacks, they say, open a new chapter for Android vulnerabilities similar to Microsoft’s obsolete, unpatched and unsupported Windows XP operating system

Dogspectus ransomware targets Android devices in the quest for Apple iTunes gift cards (ZDNet) Leaked exploits which once belonging to Hacking Team have been discovered in exploit kits which deliver malware to Android users

Active drive-by exploits critical Android bugs, care of Hacking Team (Ars Technica) Hostile JavaScript delivered through ads installs ransomware on older Android phones

Website offers Doxing-as-a-Service and customized extortion (CSO) Those posting Dox will get a commission, or they can pay to have someone's personal details exposed

Pentagon Fears Foreign Intrusions Into Supplier Networks (National Defense) The United States military’s No. 2 officer Gen. Paul J. Selva was reticent when asked what he really worries about

2nd security firm raises concerns about Cruz and Kasich apps (Colorado Springs Gazette) Another computer-security firm raised concerns Monday about the potential for hackers to glean users' personal data from phone apps released by the campaigns of Republican presidential contenders Ted Cruz and John Kasich

Phishing emails leverage unique subject lines, Office docs (CSO) Phishing emails continued to evolve last year, according to a new report from PhishMe, with Microsoft Office documents and unique subject lines used to get past enterprise filters

Vulnerabilities Through Voice Search, Chat Bots, And IoT Devices Require Greater Focus (MediaPost) Voice search has become an amazing tool. Data supports the advancements -- not just in search engines like Bing and Google, but Internet-connected devices such as Amazon Echo. Alexa, Amazon's virtual assistant in Echo that allows users to schedule calendar events and call for services like Uber. Yet with all this positive innovation, major risk points to a future with malware and cybercrime becoming more prevalent than physical crimes

BWL: Cyber attack didn't compromise customer info (Lansing State Journal) Customer and employee personal information wasn't compromised by an intrusion into the corporate computer network at the Lansing Board of Water and Light, officials said Monday

Be afraid, be very afraid (Manilla Standard) If you’re a registered voter, you need to worry. Contrary to the assurances offered by the Commission on Elections (Comelec), the March 27 data breach it suffered exposes you to identity theft, fraud, extortion and other serious crimes that can put you and your family in harm’s way

Uber fraud: Scammer takes the ride, victim gets the bill (CSO) Any online app that gets popular also becomes an attractive target for cyber criminals. In the case of Uber, the ride-hailing service, the goal is a free ride more than cash

Anonymous Targets ‘Monolithic and Evil’ Ku Klux Klan With Cyber Attack (Mediaite) The main website associated with the Ku Klux Klan was targeted and brought down by hackers from the groups Ghost Squad and Anonymous as part of the ongoing #OpKKK war. Sunday’s DDoS attack (distributed denial-of-service) shut down the site at some point Sunday, which as of this publishing, remains offline

Academia

Boards gear up for schooling on cybersecurity (The Australian) Data61 chief Adrian Turner says Australia has fallen behind in the cybersecurity arms race but help is on its way

Top U.S. universities failing at cybersecurity education (CIO) Cybercriminals are only getting better at what they do, which means the skills gap is growing between the people who hack and the people who stop them. And universities aren't catching up fast enough: A recent study reveals dismal stats about cybersecurity education for undergraduates

Litigation, Investigation, and Enforcement

Philippine Police Cuff Comelec Hack Suspect (Infosecurity Magazine) Philippine police have arrested one of three individuals suspected of hacking the website of the national election commission (Comelec) at the end of March and exposing the details of over 50 million voters

Man arrested after tweeting bomb threat to Donald Trump (Naked Security) A man who describes himself as a “professional dumbass” on his Instagram account has been arrested for tweeting a threat to bomb a Donald Trump rally on Saturday

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Cybersecurity Futures 2020 (Washington, DC, USA, April 28, 2016) On April 28, some of the country's leading policymakers, hackers, and creative thinkers will join Passcode and UC Berkeley to discuss the Internet's alternate futures – and explore how unconventional thinking can lead to better solutions for tomorrow's cybersecurity problems. The event is free and open to the public. Doors open at 2:30 pm for networking. Following the talks, there will be a reception from 5 - 6pm.

upcoming Events

6th European Data Protection Days (EDPD) (Berlin, Germany, April 25 - 26, 2016) The EDPD Conference will provide participants from the business side with all the important news and updates for the international data protection business at a high level. These include key developments such as the EU General Data Protection Regulation and the landmark decision by the European Court of Justice that the Commission’s US Safe Harbor decision is invalid.

CISO San Francisco (San Francisco, California, USA, April 26, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more

Staying Ahead of the Curve - Securing a Nation Amid Change (Washington, DC, USA, April 26, 2016) A discussion of the changing cybersecurity landscape, featuring a keynote by General Keith Alexander, former Director, National Security Agency, and a panel discussion of the challenges facing Federal security leadership.

Are You Protecting Your Business? Why Cyber Threat is a C-Level Priority (Cerritos, California, USA, April 26, 2016) Whether you’re a company of five or 5000, join us for this educational workshop and learn innovative ways to protect your small business from #cybercrime. FBI Special Agent Joey Abelon will share FBI insights on fighting cybercrime. Akilah Kamaria will share strategies your organization can use to prepare for and respond to a cyber incident. Jim Kinmartin will share information on cyberfraud insurance and its role in helping to protect companies from cybercrime losses. This workshop is interactive and will begin with a broad overview of topics such as phishing scams, malicious software, identity theft risks, social engineering, and much more. Then, with data gathered from recent, real-life examples, as well as contemporary information provided directly by the FBI, hear about the most current trends, tactics, and procedures in use by cyber-criminals who target small and middle market businesses.

Assured Communications 2016 (Crystal City, Virginia, USA, April 27, 2016) A basic tenet of building an expeditionary fighting force that can respond to hot spots around the world is the ability to surge. That applies to satellite bandwidth as much as it does to personnel and weaponry. Such bandwidth is needed for ISR assets such as unmanned aircraft systems, for communications and for situational awareness. That bandwidth can’t always be acquired at the last moment, however, and needs to be pre-positioned in the form of dedicated, hosted payloads or in contracts with industry that account for the use of additional bandwidth. At the same time, there is a requirement to ensure that satellites have the ability to protect themselves in contested environments in order to provide crucial bandwidth.

CISO Houston (Houston, Texas, USA, April 28, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends

3rd East Africa Cyber Defense Convention 2016 (Nairobi, Kenya, April 29, 2016) Building on the success of previous conventions series in the last two years and with insights from cybersecurity experts, participants at this conferene learn how organisations should successfully respond. Enhancing security, resiliency and reliability of a nation’s / organisation's cyber and communications infrastructure is a challenge that must be met, attendance of the 3rd Annual Cyber Security Convention 2016 will equip participants with a comprehensive range of clarifications and solutions.

CISO United States (Chicago, Illinois, USA, May 1 - 3, 2016) The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more

SANS Security West 2016 (San Diego, California, USA, May 1 - 6, 2016) With cyber-attacks and data breaches on the rise, attacks becoming more frequent, sophisticated and costlier, the gap in the ability to defend has become wider and more time sensitive. Now is the perfect time to take the next step in your career. Cybersecurity is more vital, crucial, and important to the growth of your organization than ever before. Join us at SANS Security West 2016 to gain the skills and knowledge to help your organization succeed

CEBIT (Sydney, New South Wales, Australia, May 2 - 4, 2016) With the Australian Federal Government officially announcing its national cyber security policy, ahead of CeBit Australia’s business technology event, CeBIT is ultra strong on cyber security, too. CeBIT’s trade exhibition will showcase over 300 cutting edge organisations, furnishing attendees with insights into the latest business technology innovations.

Cyber Investing Summit 2016 (New York, New York, USA, May 3, 2016) The Cyber Investing Summit is an all-day conference focusing on the investment opportunities, trends and strategies available in the $100+ billion cyber security sector. Network with investment professionals, asset managers, industry experts, financial analysts, media and more.

SecureWorld Kansas City (Overland Park, Kansas, USA , May 4, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

National Oceanic Atmospheric Administration (NOAA) IT Security Conference (Silver Spring, Maryland, USA, May 4, 2016) The purpose of this event is to provide training and to educate NOAA and Department of Commerce personnel about various topics relating to Cyber Security. Attendance is open to NOAA and Department of Commerce personnel only. Industry is encouraged to participate through the exposition and on the day of the exposition industry may attend sessions based on availability of space. The 2016 NOAA IT Security Conference will be hosted by the Chief Information Security Officer (CISO) at NOAA. The CISO from Department of Commerce, Mr. Rod Turk will be keynoting this event. The format will include briefings from various NOAA components and industry leaders.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.