The CyberWire Daily Briefing 04.28.16

Summary

By The CyberWire Staff

Chancellor Merkel yesterday replaced Gerhard Schindler as head of Germany’s foreign intelligence service, the Bundesnachrichtendienst (BND). The shift seems prompted by Bundestag inquiries concluding that the BND was too cooperative with allied nations’ surveillance operations.

The Budeswehr has also announced plans to organize a military cyber capability for Germany.

The US FBI is investigating—and taking seriously—a “hit list” of some 3600 New Yorkers published by the newly announced United Cyber Caliphate (UCC). Observers scorn the UCC’s technical hacking capabilities, but its ability to inspire murder is another matter altogether.

A nuclear plant in the Bavarian town of Gundremmingen has discovered malware in some of its systems. The infections are the venerable and well-known Conficker and W32.Ramnit. Both appear to have been contained without doing damage or compromising safety. (Indeed, they may have been in place for some time.) Infections have also been found on removable storage media at the plant, which suggests a possible infection vector.

BAE Systems warns that malware used in the Bangladesh Bank heist is part of a toolkit with broader uses: we can expect to see it again.

Facebook users are being targeted by a social engineering campaign that draws users to a malicious video file. ESET recommends removing “make a GIF” Chrome extensions.

Microsoft researchers track the Platinum espionage group, which since 2009 has hit targets in Asia using hot patching to avoid detection.

Analysts mull the disappointing SecureWorks IPO and wonder whether security industry consolidation will dry up venture funding for start-ups.

Notes.

Today's issue includes events affecting Australia, China, Germany, India, Indonesia, Iraq, Japan, Kenya, Democratic Peoples Republic of Korea, Malaysia, Philippines, Russia, Syria, Taiwan, Thailand, United Kingdom, United States, and and Vietnam.

Podcast Summary

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. If you've ever wondered why law firms are such attractive nuisances for hacker (as the plaintiff's attorneys might say) then tune in and wonder no more, as Markus Rauschecker from the University of Maryland's Center for Health and Homeland Security lays it all out for us.

Cyber Attacks, Threats, and Vulnerabilities

Thousands of New Yorkers named as apparent Islamic State targets (Christian Science Monitor Passcode) An online group claiming Islamic State ties threatened 3,600 New Yorkers and distributed their personal information last week on a secure messaging app

ISIS hackers respond to US cyberattacks with threat (Vocativ via AOL) A group of pro-ISIS hackers known as the United Cyber Caliphate responded to cyber attacks mounted by the U.S. against the terror group with a threat

Pro-Daesh hackers: More bark than bite, lacking in skills and resources (CSO) Flashpoint report says ISIS hackers are a fragmented bunch, more propaganda than fight

Pro-ISIS Hacking Groups Growing, Unifying, But Still Unskilled (Dark Reading) Flashpoint report outlines the patchwork of hacking groups and the validity of their claims to fame

Why the U.S. is bragging about dropping 'cyberbombs' on ISIS (Mashable) The U.S. has started "dropping cyberbombs" on ISIS computer networks, according to a recent New York Times report

German nuclear plant suffers cyber attack designed to give hackers remote access (Telegraph) A nuclear power plant in Germany has been found to be infected with computer viruses, but they appear not to have posed a threat to the facility's operations because it is isolated from the Internet, the station's operator said on Tuesday

IoT attacks threaten national security, say cyber experts (Army News Service via DVIDS) Dams, the power grid and other such infrastructure were once closed network systems. Then they were added to the Internet

Anonymous Leaks 1TB of Data from Kenya’ Ministry of Foreign Affairs (Hack Read) The online hacktivist Anonymous has conducted a sophisticated cyber attack on the government of Kenya by breaching its Foreign ministry server, stealing a trove of data and ending up leaking some of it on the Dark Web. The cyber attack was conducted under the banner of operation OpAfrica which was launched last year against child abuse, child labour and corruption in the African countries

Malware ‘used as part of a wider toolkit’ in Bangladesh Bank attack (We Live Security) Malware used by cybercriminals to carry out one of the biggest cyberheists in history is thought to have been “part of a wider attack toolkit”, according to a BAE Systems’ security researcher

New malware targets Facebook users (Manilla Bulletin) IT security company ESET warned Facebook users on Wednesday (April 27, 2016) of another malware-spreading scam

New Attack Technique Hides Spread of RATs in Asia (TechNewsWorld) SentinelOne last week announced that it has detected a technique being used in Asia to infect systems with remote access Trojans that ensures that the payload remains in memory throughout its execution and doesn't touch the victim's computer disk in an unencrypted state

Platinum APT Group Abuses Windows Hotpatching (Threatpost) An obscure Windows feature known as hotpatching, missing in the OS since the introduction of Windows 8, is a preferred tool used by a resourced attack group called Platinum that was uncovered by Microsoft

Cyberespionage group abuses Windows hotpatching mechanism for malware stealth (IDG via CSO) The group has targeted Asian government organizations since 2009

Qatar National Bank Suffers Massive Breach (InfoRisk Today) Customer details, card data apparently leaked online

Examining the leaked passwords and PINs from Qatar National Bank (CSO) Those accused of being spies make common, careless password mistakes

Verizon: Sabotage incidents soar as workers strike (CNN Money) Cord-cutting has been taken to a new extreme at Verizon -- and the company is suggesting striking workers are to blame

7 million users affected by Minecraft community Lifeboat data breach (Help Net Security) Minecraft community fansite “Lifeboat” has admitted that it suffered a data breach in January, after security researcher Troy Hunt added some of the stolen data to his “Have I Been Pwned?” website

Hillary supporters accused of taking down Bernie FB pages in porn attack (The Hill) Multiple Facebook pages supporting Democratic presidential candidate Bernie Sanders were abruptly removed from the social media network late last night following a cyberattack

Security Patches, Mitigations, and Software Updates

Users are patching Windows, but QuickTime and Java vulnerabilities remain, says Secunia (ZDNet) Secunia's latest reports of software vulnerabilities on PCs running Microsoft Windows should prompt users to patch all their software, and uninstall both Apple QuickTime and Oracle Java

Cyber Trends

AppRiver Reports Q1 2016 Spam, Malware Traffic Eclipses 2015 Highs (Investing News) AppRiver, LLC, a leading provider of email messaging and Web security solutions, today confirmed that the levels of spam and malware email traffic it recorded during Q1 has already surpassed total levels documented during the whole of 2015, totaling at 2.3 billion malicious email messages, with 1.7 billion occurring in March alone

Whistleblower Snowden Gets Big Screen Treatment (Eyewitness News) The trailer for Oliver Stone’s ‘Snowden’ was released on Wednesday

Marketplace

'Made in India' Cybersecurity: Why Not? (InfoRisk Today) Here's how the nation can become a global information security powerhouse

Nasdaq CEO: Could've done better on SecureWorks, but at least IPOs are pricing (CNBC) Nasdaq CEO Bob Greifeld acknowledged on Wednesday that the initial public offering for information security firm SecureWorks could have gone better, but he pointed to a silver lining: at least IPOs are finally pricing

Has market consolidation killed VC investment in cyber security startups? (Computer Business Review) Industry experts weigh in on where the smart money is going in cyber security

BugCrowd's $15m fund win shows Oz infosec can score Series B: CEO (Register) Don't sit on your ideas, bug chief urges hackers

La startup SparkCognition lève 6M$ pour la maintenance prédictive (ObjetConnecte) SparkCognition, startup spécialisée dans l’intelligence artificielle et la cyber-sécurité, a clôturé une levée de fonds de 6 millions de dollars en série B auprès d’investisseurs comme Verizon Ventures et CME Ventures

2 Cybersecurity Buyouts to Watch for (Motley Fool) Will FireEye and CyberArk get bought out in a market-wide consolidation?

Is FireEye the Best Stock in Cyber Security Market? (GuruFocus) FireEye has risen at a rapid rate over the last few weeks

Makes Perfect Disruptive Stock Pair- Akamai Technologies (NASDAQ:AKAM), NIKE (NYSE:NKE), Sempra Energy (NYSE:SRE) (Seneca Globe) Akamai Technologies, Inc. (NASDAQ:AKAM) kept in active run as it closed at $52.66 by shows upbeat performance moving up 3.07% with session volume was recorded 3.72 Million.Akamai Technologies Inc, released that a improved than anticipated 7.8% rise in quarterly income, helped by higher demand for its cloud security services. Income from Akamai’s cloud security business, which protects websites and data centers from cyber attacks, surged 46 percent to $80.7 million for the first quarter

Lockheed Martin announces layoffs (WBNG) Military contractor Lockheed Martin is making cuts to its workforce

Hewlett Packard Enterprise: Wanna walk the plank voluntarily? You got it (Register) Either way, biz wants to cut 1,092 UK staffers from the wage bill

RiskIQ Selected as One of JMP Securities Fast 50 Hottest Privately Held Security Companies (Realwire) Builds on strong 2015 and consolidates leadership position as the external threat management platform of choice

Government and Industry Need to Clean Up Their Procurement Act (SIGNAL Magazine) Neither side is happy, but both agree current acquisition policies and cultures must change

Intelligence community launches classified marketplace for cloud technology (Federal News Radio) The U.S. intelligence community has just opened a new marketplace for cloud applications, the idea being to let analysts and developers test-drive thousands of commercial data analytic tools for a pittance and without waiting for their agencies to make large commitments of time and money via usual government procurement channels

Forcepoint Names Matthew P. Moynahan as CEO (PRNewswire) Industry leader tapped to drive security company forward

FireMon Delivers Record 2015 Revenue; Adds Security Industry Veteran as CMO in Q1 2016 (MarketWired) Former Juniper Networks and McAfee marketing executive Michael Callahan joins FireMon as the security management company builds on record revenue, bookings and customer growth

Do you have what it takes to be an independent security consultant? (Help Net Security) It doesn’t matter if you’re part of a big enterprise or a small company, you’ve probably wondered at least once what it would be like to work for yourself

Products, Services, and Solutions

C3 Alliance is a Justice League for Privileged Account Protection (Infosecurity Magazine) CyberArk has launched the equivalent of a cyber Justice League: The C3 Alliance brings together a super-group of companies for the purpose of boosting privileged account security best practices

California Department of Water Resources Delivers Secure IT Services Using Arkin (BusinessWire) Enables fully operational cloud 3.0; next-gen, software-defined data center to improve multi-tenancy and aecurity

Allot Enables Mobile Service Providers to Extend Security Beyond Network Boundaries with Secure Dome (Consumer Electronics) Extending its SECaaS platform capabilities, Allot WebSafe Personal and WebSafe Business now protect broadband users from malware, ransomware and other online security threats anywhere, anytime

IT Weapons Partners with Thycotic to Reduce Cyber Risk for Global Client Base (PRNewswire) Partnership shatters security risks by arming global consultants with enterprise privileged account management

Death of the enterprise VPN - if remote access is not secure what comes next? (ComputerWorld) Enterprise VPNs are an idea out of time. Zscaler's Private Access wants to be what's next

Samsung moves Knox beyond security with business services push (Android Central) Samsung is expanding its Knox security platform with a new group of business-focused tools. The new Knox will move beyond not just mobile, but security as well, transforming into the platform on which Samsung's enterprise services are built

SentinelOne Certified for HIPAA and PCI DSS Compliance (BusinessWire) Security assessor report validates next-generation endpoint protection platform exceeds compliance requirements for replacing antivirus

DarkMatter and Symantec to Provide Next-generation Cyber Security Solutions and Services (PRNewswire) DarkMatter, an international cyber security firm headquartered in the United Arab Emirates (UAE), today announced it is entering a partnership arrangement with Symantec Corporation, (NASDAQ: SYMC), a global leader in information protection and security software, to provide security solutions and services to help customers navigate the complex world of threats and cyber-crime

High-Tech Bridge Launches Malicious Domain Discovery Service (Newswire Today) Following a very successful launch of SSL/TLS security and web server security testing services (over 500’000 servers tested in 6 months), High-Tech Bridge (htbridge.com) completes its portfolio of free web security services with domain security radar. The new service reveals various unethical, malicious or illegal activities with domain names, such as identity theft, brand and trade mark forgery, domain squatting, typosquatting and phishing

Arxan Honored for Mobile and Internet of Things Application Security (Mobile Marketing Watch) Arxan Technologies, a provider of application protection solutions, announced Tuesday that it has been named as Cybersecurity Product winner of the 2016 Cybersecurity Excellence Award in the Internet of things

Technologies, Techniques, and Standards

PCI DSS 3.2: 3 Things You Need to Know (Dark Reading) The latest round of upgrades are incremental yet necessary

Kaspersky Labs launches lifeline for CryptXXX ransomware victims (ZDNet) This ransomware is particularly nasty as it does not just lock your files, but also steals your data and any Bitcoin you have stored on your PC

Encryption Curveballs: Top 10 Things to Know Before Enabling ECC Ciphers (Information Security Buzz) Over the past two years, everyone has become much more acutely aware of not only encrypting all HTTP traffic, but also how that traffic is encrypted

4 Tips For Planning An Effective Security Budget (Dark Reading) Security budgets start with managers assessing all of their resources and measuring the effectiveness of their security programs for strengths and weaknesses

8 Signs Your Security Culture Lacks Consistency (Dark Reading) Organizations that practice what they preach and match their actions to their words do far better achieving their goals than those that do not. Here's why that matters

Design and Innovation

An Approach to James Comey's Technical Challenge (Lawfare) In 2014, at the very beginning of the “Going Dark debate,” FBI Director James Comey gave a challenge to the technical community. Is it possible to create a “front-door” that law enforcement can use to access encrypted devices that doesn’t put other users at risk?

The inherent problems of the detection paradigm (Help Net Security) An ongoing debate in the modern cybersecurity world is whether to detect or prevent cyberattacks. Although detection technologies are undoubtedly important tools in the defender arsenal, recent years show they have only limited effects when encountering certain types of cyberattacks

Legislation, Policy, and Regulation

Angela Merkel Abruptly Fires Germany’s Spy Chief (New York Times) Chancellor Angela Merkel on Wednesday replaced the chief of Germany’s foreign intelligence service. The move caught many by surprise as Europe faces growing pressure from Islamist terrorism and as the chancellor looks ahead to a general election next year

Germany Creates Cyber, IT Defense Branch (Defense News) German Defence Minister Ursula von der Leyen has unveiled plans to establish a new cyber force to enhance the defense effectiveness of the country's armed force

Japan's Achilles Heel: Cybersecurity (Diplomat) Japan is uniquely underprepared for the cyber challenges of the 21st century

New focus on air superiority must include ground, cyber and space assets, official warns (Air Force Times) If the Air Force wants to maintain air superiority in the future, it’s going to have to focus its attention on the ground, a British military officer said Tuesday

More money doesn’t guarantee success in cyber security race (The Conversation) Over the next four years, Australia’s federal government will invest more than A$230 million on cyber security. Put another way, A$57.5 million per annum will be taken from one part of the federal budget and spent instead on cyber security

In rare unanimous move, House passes bill to protect email and cloud privacy (CSO) The Email Privacy Act would require police to get warrants to search data stored in the cloud

Protecting physical infrastructure with cyber (FCW) The National Protections and Program Directorate's reorganization is still awaiting congressional approval, but the under secretary for the Department of Homeland Security's cyber division has a clear sense of mission, and a clear message to agencies and companies preparing for cyber threats: the way to minimize physical consequences to critical infrastructure is by prioritizing a "holistic" view of cybersecurity

David Johnson Named Associate Executive Assistant Director for the Criminal, Cyber, Response, and Services Branch (Federal Bureau of Investigation) FBI Director James B. Comey has named David Johnson as the associate executive assistant director of the Criminal, Cyber, Response, and Services Branch

Litigation, Investigation, and Law Enforcement

FBI will not share iPhone vulnerability in San Bernardino case (FCW) The FBI has opted not to submit the method used to unlock the Apple iPhone of one of the San Bernardino, Calif., shooters to an interagency review process for disclosing software vulnerabilities

Epic Systems vs. Tata: Key Security Questions (InfoRisk Today) Protecting trade secrets from unauthorized users

Sailor Accused of Spying for China Could Dodge Trial (Daily Beast) Navy officer Edward Lin is charged with sharing classified information with Taiwan and China—possibly in exchange for sex. But he may never see the inside of a courtroom

Sextortion, Cyber Stalking: U.S. Embassy Official Facing 4 Years in Prison (Hack Read) In 2015, Ford was charged with sextortion and cyber stalking scheme— now, he has been sent to prison for four years and nine months

Industry Events

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

New York State Cyber Security Conference (Albany, New York, USA, Jun 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The event takes place in Albany, New York and is cohosted by the New York State Office of Information Technology Services, the University at Albany's School of Business, and The New York State Forum, Inc. This conference offers something for everyone -- whether you're an end user, IT professional, government employee, or business owner.

Upcoming Events

CISO Houston (Houston, Texas, USA, Apr 28, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends

Cybersecurity Futures 2020 (Washington, DC, USA, Apr 28, 2016) On April 28, some of the country's leading policymakers, hackers, and creative thinkers will join Passcode and UC Berkeley to discuss the Internet's alternate futures – and explore how unconventional thinking can lead to better solutions for tomorrow's cybersecurity problems. The event is free and open to the public. Doors open at 2:30 pm for networking. Following the talks, there will be a reception from 5 - 6pm.

3rd East Africa Cyber Defense Convention 2016 (Nairobi, Kenya, Apr 29, 2016) Building on the success of previous conventions series in the last two years and with insights from cybersecurity experts, participants at this conferene learn how organisations should successfully respond. Enhancing security, resiliency and reliability of a nation’s / organisation's cyber and communications infrastructure is a challenge that must be met, attendance of the 3rd Annual Cyber Security Convention 2016 will equip participants with a comprehensive range of clarifications and solutions.

CISO United States (Chicago, Illinois, USA, May 1 - 3, 2016) The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more

SANS Security West 2016 (San Diego, California, USA, May 1 - 6, 2016) With cyber-attacks and data breaches on the rise, attacks becoming more frequent, sophisticated and costlier, the gap in the ability to defend has become wider and more time sensitive. Now is the perfect time to take the next step in your career. Cybersecurity is more vital, crucial, and important to the growth of your organization than ever before. Join us at SANS Security West 2016 to gain the skills and knowledge to help your organization succeed

CEBIT (Sydney, New South Wales, Australia, May 2 - 4, 2016) With the Australian Federal Government officially announcing its national cyber security policy, ahead of CeBit Australia’s business technology event, CeBIT is ultra strong on cyber security, too. CeBIT’s trade exhibition will showcase over 300 cutting edge organisations, furnishing attendees with insights into the latest business technology innovations.

Cyber Investing Summit 2016 (New York, New York, USA, May 3, 2016) The Cyber Investing Summit is an all-day conference focusing on the investment opportunities, trends and strategies available in the $100+ billion cyber security sector. Network with investment professionals, asset managers, industry experts, financial analysts, media and more.

SecureWorld Kansas City (Overland Park, Kansas, USA , May 4, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

National Oceanic Atmospheric Administration (NOAA) IT Security Conference (Silver Spring, Maryland, USA, May 4, 2016) The purpose of this event is to provide training and to educate NOAA and Department of Commerce personnel about various topics relating to Cyber Security. Attendance is open to NOAA and Department of Commerce personnel only. Industry is encouraged to participate through the exposition and on the day of the exposition industry may attend sessions based on availability of space. The 2016 NOAA IT Security Conference will be hosted by the Chief Information Security Officer (CISO) at NOAA. The CISO from Department of Commerce, Mr. Rod Turk will be keynoting this event. The format will include briefings from various NOAA components and industry leaders.

SecureWorld Kansas City (Overland Park, Kansas, USA, May 4, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers.

2016 Cybersecurity Summit (Scottsdale, Arizona, USA, May 5, 2016) The Arizona Technology Council (AZTC), Arizona Commerce Authority (ACA) and Arizona Cyber threat Response Alliance (ACTRA)/Arizona InfraGard present the third annual Cybersecurity Summit on Thursday, May 5th. The Cybersecurity Summit is an opportunity for government and business executives to learn about the threats, vulnerabilities, and consequences related to data security and privacy matters

Cyber Security Summit 2016 (Aukland, New Zealand, May 5, 2016) New Zealand’s first Cyber Security Summit will be held in Auckland on 5 May 2016. The theme is “Keeping New Zealand’s Economy Cyber Secure”. Hosted by the Minister for Communications Hon Amy Adams, the Summit is an opportunity for board chairs and chief executives to discuss how New Zealand should tackle the threat of cybercrime, and improve our resilience and security. Chief executives, board chairs and leaders from across the public and private sectors have been invited to join the Minister for Communications at this high level event.

MCRCon 2016: Some Assembly Required (Ypsilanti, Michigan, USA, May 10, 2016) The annual conference focuses on hacking prevention, incident handling, forensics and post-event public relations, with presentations delivered by nationally-recognized experts, cybersecurity skills competitions, prize giveaways and more. Learn the latest in techniques and trends, network with your cybersecurity peers, and discover how the Michigan Cyber Range can help you improve your cybersecurity

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Malware found in nuclear plant. Threat actors tracked in Asia. Germany shakes up intel, cyber agencies.