The CyberWire Daily Briefing 04.27.16

Summary

By The CyberWire Staff

Various pro-ISIS hacktivists have joined up to form a nominally new group, the “United Cyber Caliphate” or “UCC.” What technical chops the UCC may have remain to be seen. So far its activities appear to be the familiar list of low-level site vandalism and death threats against named individuals and groups (this time around the groups targeted are mostly Christian).

Whatever hopes ISIS may indulge for the UCC, US cyber, financial, and kinetic operations appear to be taking a heavy toll on ISIS recruiting: jihad seems to be getting riskier for the jihadists, fighters aren’t getting paid, and prospective warriors appear to be increasingly spooked by US information and computer network attack operations. This last would explain why the US is talking as much as it is about cyber operations against ISIS: the more “extremely paranoid” ISIS becomes, the better for its opponents.

The SWIFT financial transaction network continues to mop up security issues revealed by investigations into the Bangladesh Bank hack.

The GozNym banking Trojan IBM’s X-Force is tracking has begun to show increasingly sophisticated redirect mechanisms as it spreads in Europe.

Android malware remains a matter of concern. Russian mobile users are being affected by “RuMMS,” which spreads by SMS phishing. FireEye warns that the RuMMS is after customer banking information, credentials and, of course, balances. Dogspectus also remains active against Android devices—it’s particularly dangerous, notes Blue Coat, in that it doesn’t require user action for infection.

Kaspersky is offering decryption tools for victims of CryptXXX ransomware.

Notes.

Today's issue includes events affecting Azerbaijan, Bahrain, Bangladesh, Canada, China, Brazil, Egypt, Ethiopia, European Union, France, India, Iran, Iraq, Italy, Kazakhstan, Mexico, Morocco, Netherlands, New Zealand, Nigeria, Pakistan, Poland, Portugal, Qatar, Russia, Saudi Arabia, Singapore, Sweden, Syria, Turkey, Ukraine, United Kingdom, and United States.

On the Podcast

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from the University of Maryland's Jonathan Katz, who'll discuss (and explain) program obfuscation (for white hats, used for good).

Sponsored Events

Cyber Security Summit (Dallas, Texas, USA, May 3, 2016)

Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016)

Selected Reading

Cyber Trends

Cybercriminals increasingly exploiting human nature (Help Net Security) Cybercriminals are exploiting human nature as they rely on familiar attack patterns such as phishing, and increase their reliance on ransomware, finds the Verizon 2016 Data Breach Investigations Report

DDoS aggression and the evolution of IoT risks (Help Net Security) Few organizations globally are being spared DDoS attacks, according to a Neustar survey of over 1,000 IT professionals across six continents

After the Snowden NSA leaks, fewer people are searching for info on terror groups online (Reuters via Business Insider) Internet traffic to Wikipedia pages summarizing knowledge about terror groups and their tools plunged nearly 30 percent after revelations of widespread Web monitoring by the U.S. National Security Agency, suggesting that concerns about government snooping are hurting the ordinary pursuit of information

Where Banks Are Most Vulnerable to Cyberattacks Now (American Banker) Hundreds of security threat reports come out every year from security vendors

How the biometrics market is entering the evolving IoT ecosystem (Help Net Security) By 2021, the biometrics market will reach $30 billion and shift its revenue focus, moving away from the governmental sector to emphasize opportunities in the consumer and banking sectors, according to ABI Research. Consumer and banking will see 19% and 12% growth rates, respectively

My Bad! Employee Slipups Lead to More Government Hacks than Cyber Espionage (Nextgov) Governments in 2015 suffered more data breaches by goofing up and losing stuff, than by succumbing to the wiles of cyberspies

Consolidation and Modernisation Chief Among Government IT Security Concerns, SolarWinds Survey Discovers (Army Technology) SolarWinds, a leading provider of powerful and affordable IT management software, today announced the results of its third annual Government Cybersecurity Survey, which explores the biggest barriers to improving IT security, including exposure during consolidation and modernisation processes, threats from foreign governments and careless or untrained insiders

Connected cars not yet secure (BusinessCar) Connected cars are likely to be open to hacking for the next 10 years, according to internet security firm boss Eugene Kaspersky speaking in a Financial Times interview

Legislation, Policy and Regulation

Cyber warfare: Iran opens a new front (Financial Times) With its nuclear programme curbed, digital weaponry has become even more central to Tehran’s arsenal

Do India and Brazil Really Moderate China and Russia’s Approach to Cyberspace Policy? (Council on Foreign Relations) India and Brazil see themselves as power brokers in international cyber diplomacy

Can the United States and China De-Conflict in Cyberspace? (War on the Rocks) In spite of significant differences in views, Beijing and Washington appear committed to not letting cyber issues derail the U.S.-China relationship or interfere with cooperation on other high-profile issues

Products, Services, and Solutions

4 password managers that make online security effortless (PCWorld via CSO) Protect your passwords and other sensitive info with one of these virtual vaults

Owl Computing Technologies' Data Diodes Support Department Of Homeland Security Recommendations for Defending Industrial Control Systems (PR Newswire) Data diodes cited by DHS as best practices for protecting OT networks and facilitating remote monitoring of plant operations

Singtel opens facility to test, train cybersecurity skills (ZDNet) Singapore telco launches cybersecurity training and testing site aimed at helping businesses evaluate their systems and train their employees in the relevant skillsets

Webroot and Tech Data Partner to Deliver Real-time, Collective Threat Intelligence through Expanded Cybersecurity Capabilities (PRNewswire) Designed for MSPs and resellers transitioning to managed services, webroot offers smart, easy-to-deploy and highly effective endpoint protection through tech data solutions store

WISeKey Technology Brings Security to the IoT (iCrunchDataNews) WISeKey International Holding Ltd., a Swiss-based, cyber security company presented late last week its trusted technology for integrating wearable technology with secure authentication and identification, in both physical and virtual environments

Check Point brings advanced threat protection to SMBs and enterprises (Security Brief) Check Point Software has released a series of new advanced threat prevention platforms for customers of all sizes. The 1400, 3000 and 5000 Series appliances are optimised for small businesses to large-scale deployments and provide capabilities such as full inspection of encrypted data, while still maintaining performance, according to the company

Nexusguard Partners With DDoS Strike To Offer Enhanced DDoS Resiliency Services (BusinessWire) Unique service offering immediately reduces customer exposure to security threats

Securonix Wins Platinum Govies Award for Threat Intelligence (MarketWired) Government industry recognition is the latest honor for Securonix, the innovative security and fraud analytics leader

Lastline Emerges as Leader in Advanced Malware Detection in Forrester Research Automated Malware Analysis (MarketWired) Lastline ranks highest among eleven vendors evaluated; detection of evasive malware and exploits, ease of use and strong research pedigree cited by Forrester Research

Technologies, Techniques, and Standards

Holistic approach needed to address federal cyber gaps (Federal News Radio) Cyber attacks are a reality today, and whether small scale or something along the lines of an Office of Personnel Management breach, a collaborative effort is needed among agencies and the administration to put together an offensive strategy

Kaspersky cracks CryptXXX, throws lifeline to ransomware victims (Register) Nasty bug tries to confuse you by glowing slow on external storage encryption

Cyber Police ransomware can lock your Android device and ask for payment (Yahoo! Tech) An exploit called “Cyber Police” has been in the wild for sometime, but a new method it is utilizing can now affect millions of Android devices. It will it lock your device, rendering it useless, and it can be installed on a device without any user interaction from the victim

Paying a malware ransom is bad, but telling people to never do it is unhelpful advice (Virus Bulletin) I'm not usually one to spread panic about security issues, but in the case of the current ransomware plague, I believe that at the very least a sense of great concern is justified. And the threat is unlikely to disappear any time soon

Microsoft shares how it hunted a secretive rogue actor siphoning corporate data (WIndows IT Pro) Last year, Microsoft made a big deal about how it was investing a billion dollars in building out its security apparatus. On the Microsoft Malware Protection Center's Threat Research & Response Blog, they shared a little bit about how that has paid off with the story of how the Windows Defender Advanced Threat Hunting team, or just Hunters for short, thwarted a long-running attack that utilized a series of bad patches and deep discretion

Digging deep for PLATINUM (Microsoft Malware Protection Center) There is no shortage of headlines about cybercriminals launching large-scale attacks against organizations. For us, the activity groups that pose the most danger are the ones who selectively target organizations and desire to stay undetected, protect their investment, and maximize their ROI. That’s what motivated us – the Windows Defender Advanced Threat Hunting team, known as hunters – when we recently discovered a novel technique being used by one such activity group

10 Questions To Ask Yourself About Securing Big Data (Dark Reading) Big data introduces new wrinkles for managing data volume, workloads, and tools

Marketplace

Fear This Man (Foreign Policy) To spies, David Vincenzetti is a salesman. To tyrants, he is a savior. How the Italian mogul built a hacking empire

Akamai's revenue beat estimates on higher cloud service demand (Reuters via Yahoo! Finance) Akamai Technologies Inc, a provider of services that speed up delivery of content over the internet, reported better-than-expected quarterly revenue and profit, helped by higher demand for its cloud security services

TitanHQ picks up Red Herring Europe Award (Galway Independent) Galway-based email and web security solutions company TitanHQ has been recognised as a Red Herring Europe 2016 winner

Duo Security to open second office in Ann Arbor as part of expansion plans (M Live) On the heels of the announcement that Duo Security will receive a $2.5 million grant from the state of Michigan and add 297 jobs, the Ann Arbor-based tech firm confirmed Tuesday it will expand to new office space in downtown Ann Arbor

Uptake raises its game in cybersecurity (Crain's Chicago Business) Uptake, the fast-growing data analytics startup founded by Brad Keywell, has snatched up another high-profile Chicago tech veteran

Research and Development

Darpa wants to build encrypted messaging app for the US Department of Defense using Blockchain (International Business Times) The US Defense Advanced Research Projects Agency (DARPA) is looking for businesses to help it develop a secure messaging platform that is impossible to be hacked, and has decided this will be best accomplished by adopting the decentralised bitcoin blockchain technology

Security Patches, Mitigations, and Software Updates

Is Microsoft using security patch KB 3146706 to break pirate copies of Windows 7? (InfoWorld) It's not clear whether it’s intentional, but the patch is throwing blue screen error 0x0000006B on Ghost pirate copies of Windows 7

UK PC users making some progress in patching software vulnerabilities, but significant challenges remain (Realwire) Private Microsoft® Windows® users patching their operating systems more diligently – but the same cannot be said of Apple® QuickTime® and Oracle® Java® users

Cyber Attacks, Threats, and Vulnerabilities

United Cyber Caliphate (UCC), formation of a mega hacking group by ISIS (HackRead) Hackers supporting the so-called Islamic State (ISIS) aka Daesh terrorist group have joined hands with other terrorist supporting groups to form a joint team and collectively target the cyberspace in the West. The super hacking unit is labeled United Cyber Caliphate (UCC) – The terrorist group announced this news on their groups on the Telegram messaging app

Why ISIS flow of new recruits has slowed to a trickle (Military Times) The flow of new Islamic State recruits into Iraqi and Syria has slowed dramatically, reflecting a “fracturing in their morale,” a top U.S. general in Baghdad said Tuesday

The US military has a new plan to fight ISIS — and it starts with making the group 'extremely paranoid' (Business Insider) Digital communication and social media are key to the operation of the Islamic State, and the US military now appears poised to counter the group's cybercapabilities

Cyber thieves target bank systems after Bangladesh heist (Financial Times) Cyber thieves who pulled off one of the biggest robberies in history when they raided the Bangladesh central bank in February are now targeting other financial institutions, according to the main group providing interbank transfer messages and a cyber security company investigating the crime

SWIFT Software Hack Details Emerge (PYMNTS) Bad news broke on Monday morning (April 25) for global payments messaging platform SWIFT as BAE Systems released analysis concluding that cyberthieves hacked into SWIFT’s software, causing the $81 million bank heist from the Bangladesh central bank

GozNym Trojan even more sophisticated with a singular redirection mechanism (Open Sources) The cybercriminals behind the GozNym Trojan have started targeting users in European countries with a new singular redirection mechanism. Last week, security experts from the IBM X-Force Research spotted a new threat dubbed GozNym Trojan that combines Gozi ISFB and Nymaim malware abilities

New 'RuMMS' Android Malware Family Infects Smartphones Over SMS In Russia (Tom's Hardware) FireEye, a U.S. network security company, uncovered a new Android malware family infecting smartphones in Russia through SMS phishing

Dogspectus hounds Android devices (Enterprise Times) Android is fast becoming a byword for mobile malware. The latest attack has been detailed by Andrew Brandt, Director of Threat Research, Blue Coat Labs and published in a blog entitled “Towelroot and Leaked Hacking Team Exploits Used to Deliver ‘Dogspectus’ Ransomware to Android Devices”

'Dogspectus' Breaks New Ground For Android Ransomware (Dark Reading) Blue Coat says it's the first Android ransomware that installs without user interaction

Expert Comments on 400 Million Android Devices Vulnerable to Malware (Information Security Buzz) The new Android Security Report shows that 29% of Active Devices are not up to date and therefore are vulnerable to malware. IT security experts from Proofpoint, ESET, MWR Infosecurity and Tripwire provide insight into the problem

Kaspersky Lab: ATMs insecure due to Windows XP and accessible USB ports (Myce) The Russian antivirus vendor Kaspersky Lab reports that ATMs are poorly secured. An important reason is that the majority runs on Windows XP but also because banks sometimes install software like Acrobat Reader 6.0, Radmin and TeamViewer on the machines

Why cybercriminals attack healthcare more than any other industry (Naked Security) Cybercriminals attacked the healthcare industry at a higher rate than any other sector in 2015, and more than 100 million healthcare records were compromised last year, according to a new report published by IBM

Crowdsourcing The Dark Web: A One-Stop Ran$om Shop (Dark Reading) Say hello to Ran$umBin, a new kind of ransom market dedicated to criminals and victims alike

The Growing Sophistication Of Distributed Attacks (Dark Reading) Botnet and DDoS attacks growing more advanced and more crucial than ever to cybercriminal's attack strategies

DDoS Extortionists Make $100,000 Without DDoS Attacks (LIFARS) In a clear indicator of the no-compromising lengths to which companies will venture to protect themselves from service outages via DDoS attacks, it has been revealed that extortionists have made over $100,000 by simply blackmailing organizations with the threat of DDoS attacks, without actually carrying them out

Empty DDoS Threats: Meet the Armada Collective (CloudFlare) Beginning in March 2016, we began hearing reports of a gang of cybercriminals once again calling themselves the Armada Collective. The calling card of the gang was an extortion email sent to a wide variety of online businesses threatening to launch DDoS attacks if they weren't paid in Bitcoin

Qatar National Bank Hacked, 1.4GB Database Leaked (Hack Read) A group of unknown hackers claims to breach the security of Qatar National Bank and leak banking details of Qatari Royal Family, Al Jazeera journalists and MI6 agents.

BeautifulPeople Dating Site, 1.1 Million Users Data for Sale on Dark Web (HackRead) Approximately 1.1 million people suffer data hacks from the dating website BeautifulPeople

The Pirate Bay Malvertising Campaign Pushes Cerber Ransomware (Softpedia) Flash CVE-2016-1019 vulnerability strikes again. Over the weekend, security firms Malwarebytes and RiskIQ spotted malicious ads on The Pirate Bay torrent portal, pushing ransomware and PUP (Potentially Unwanted Software) after redirecting users to a page hosting the Magnitude exploit kit

Facebook Users Hit with ‘irregularities of content’ Phishing Scam (HackRead) Cyber criminals are targeting innocent Facebook users with yet another phishing scam — this time, it’s quite a sophisticated one so watch out!

All About Fraud: How Crooks Get the CVV (KrebsOnSecurity) A longtime reader recently asked: “How do online fraudsters get the 3-digit card verification value (CVV or CVV2) code printed on the back of customer cards if merchants are forbidden from storing this information? The answer: If not via phishing, probably by installing a Web-based keylogger at an online merchant so that all data that customers submit to the site is copied and sent to the attacker’s server

Spotify denies hack; users subjected to weird music beg to differ (Naked Security) Hundreds of Spotify account details have been leaked online, but the Swedish music streamer is telling all to move along, please: nothing to see here and nothing’s been breached

Dutch servers used more in cyber attacks against foreign governments (Netherlands Times) An increasing number of hacker groups and cyber spies make use of Dutch computer servers to attack foreign governments, according to a study done by internet security firm Trend Micro, BNR reports

Bernie Sanders Facebook Pages Shut Down After Porn Cyber Attack (Wrap) Los Angeles-based pro-Clinton group denies involvement

Cruz, Kasich campaign apps under scrutiny over security issues (Fox News) As the Republican presidential contenders battle over who can best protect America, at least two candidates are having trouble protecting potential voters’ personal information on their campaign apps

Academia

Young would-be cyber warriors battle it out at Bletchley Park (ComputerWeekly) Would-be cyber warriors are battling it out at historic Bletchley Park CyberCenturion to be crowned the UK’s top young cyber defenders

Litigation, Investigation, and Enforcement

Comey: FBI Becoming ‘Prolific Hacker’ Won’t End Encryption Crisis (Foreign Policy) Faced with increasingly sophisticated ways for criminals to scramble communications and cover their tracks online, the FBI has broadly embraced government hacking to track down suspects. But on Tuesday, FBI Director James Comey cautioned that hacking tools won’t solve the challenges law enforcement faces while carrying out investigations in the digital age

FBI won’t reveal method for cracking San Bernardino iPhone (Boston Globe) FBI director James Comey said there’s an internal debate on the agency’s understanding of how the security crack worked

FBI doesn't understand iPhone hack enough to explain to Apple (Macworld via CSO) The FBI claims it doesn't actually know how its iPhone-hacking tool works, so it can't share the method with Apple

Businesses suffering from lack of knowledge over GDPR, report finds (Cloud Computing) The updated EU General Data Protection Regulation (GDPR) legislation is coming in the next two years – but businesses are at risk of fines because of gaps in knowledge, according to new research from Trend Micro

Lawmakers demand briefings on cell network security flaw (The Hill) Top lawmakers on the House Energy and Commerce Committee asked major telecom providers on Tuesday to brief them on a security vulnerability in the global cellphone network

Class action filed after cyber attack, privacy breach at Ontario children’s aid office (Global News) An eastern Ontario children’s aid society is facing a $75 million lawsuit after a cyber attack resulted in a list of client names being stolen and shared on local Facebook groups

BWL: FBI helping investigate cyberattack (Lansing State Journal) Customers can still pay bills online, receive water and electricity service. Ongoing problem affects about 250 employees of the city-owned utility

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Assured Communications 2016 (Crystal City, Virginia, USA, Apr 27, 2016) A basic tenet of building an expeditionary fighting force that can respond to hot spots around the world is the ability to surge. That applies to satellite bandwidth as much as it does to personnel and weaponry. Such bandwidth is needed for ISR assets such as unmanned aircraft systems, for communications and for situational awareness. That bandwidth can’t always be acquired at the last moment, however, and needs to be pre-positioned in the form of dedicated, hosted payloads or in contracts with industry that account for the use of additional bandwidth. At the same time, there is a requirement to ensure that satellites have the ability to protect themselves in contested environments in order to provide crucial bandwidth.

CISO Houston (Houston, Texas, USA, Apr 28, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends

Cybersecurity Futures 2020 (Washington, DC, USA, Apr 28, 2016) On April 28, some of the country's leading policymakers, hackers, and creative thinkers will join Passcode and UC Berkeley to discuss the Internet's alternate futures – and explore how unconventional thinking can lead to better solutions for tomorrow's cybersecurity problems. The event is free and open to the public. Doors open at 2:30 pm for networking. Following the talks, there will be a reception from 5 - 6pm.

3rd East Africa Cyber Defense Convention 2016 (Nairobi, Kenya, Apr 29, 2016) Building on the success of previous conventions series in the last two years and with insights from cybersecurity experts, participants at this conferene learn how organisations should successfully respond. Enhancing security, resiliency and reliability of a nation’s / organisation's cyber and communications infrastructure is a challenge that must be met, attendance of the 3rd Annual Cyber Security Convention 2016 will equip participants with a comprehensive range of clarifications and solutions.

CISO United States (Chicago, Illinois, USA, May 1 - 3, 2016) The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more

SANS Security West 2016 (San Diego, California, USA, May 1 - 6, 2016) With cyber-attacks and data breaches on the rise, attacks becoming more frequent, sophisticated and costlier, the gap in the ability to defend has become wider and more time sensitive. Now is the perfect time to take the next step in your career. Cybersecurity is more vital, crucial, and important to the growth of your organization than ever before. Join us at SANS Security West 2016 to gain the skills and knowledge to help your organization succeed

CEBIT (Sydney, New South Wales, Australia, May 2 - 4, 2016) With the Australian Federal Government officially announcing its national cyber security policy, ahead of CeBit Australia’s business technology event, CeBIT is ultra strong on cyber security, too. CeBIT’s trade exhibition will showcase over 300 cutting edge organisations, furnishing attendees with insights into the latest business technology innovations.

Cyber Investing Summit 2016 (New York, New York, USA, May 3, 2016) The Cyber Investing Summit is an all-day conference focusing on the investment opportunities, trends and strategies available in the $100+ billion cyber security sector. Network with investment professionals, asset managers, industry experts, financial analysts, media and more.

SecureWorld Kansas City (Overland Park, Kansas, USA , May 4, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

National Oceanic Atmospheric Administration (NOAA) IT Security Conference (Silver Spring, Maryland, USA, May 4, 2016) The purpose of this event is to provide training and to educate NOAA and Department of Commerce personnel about various topics relating to Cyber Security. Attendance is open to NOAA and Department of Commerce personnel only. Industry is encouraged to participate through the exposition and on the day of the exposition industry may attend sessions based on availability of space. The 2016 NOAA IT Security Conference will be hosted by the Chief Information Security Officer (CISO) at NOAA. The CISO from Department of Commerce, Mr. Rod Turk will be keynoting this event. The format will include briefings from various NOAA components and industry leaders.

SecureWorld Kansas City (Overland Park, Kansas, USA, May 4, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers.

2016 Cybersecurity Summit (Scottsdale, Arizona, USA, May 5, 2016) The Arizona Technology Council (AZTC), Arizona Commerce Authority (ACA) and Arizona Cyber threat Response Alliance (ACTRA)/Arizona InfraGard present the third annual Cybersecurity Summit on Thursday, May 5th. The Cybersecurity Summit is an opportunity for government and business executives to learn about the threats, vulnerabilities, and consequences related to data security and privacy matters

Cyber Security Summit 2016 (Aukland, New Zealand, May 5, 2016) New Zealand’s first Cyber Security Summit will be held in Auckland on 5 May 2016. The theme is “Keeping New Zealand’s Economy Cyber Secure”. Hosted by the Minister for Communications Hon Amy Adams, the Summit is an opportunity for board chairs and chief executives to discuss how New Zealand should tackle the threat of cybercrime, and improve our resilience and security. Chief executives, board chairs and leaders from across the public and private sectors have been invited to join the Minister for Communications at this high level event.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

ISIS feels the cyber heat. SWIFT issues. Android malware in the wild. Kaspersky decrypts CyrptXXX