Every Sunday evening, the CyberWire will take a look back at the Week that Was, delivering a narrative summary of the past seven days' significant cyber security news. Designed for busy professionals who need a week-to-week perspective on developments and trends, the Week that Was provides context for the breaking stories of the day. Every issue is organized topically, with inline links to sources the reader can follow for amplified detail. Like the Daily News Briefing, the Week that Was is delivered to subscribers by email, free and spam-free. If you already subscribe to the CyberWire Daily News Briefing you'll automatically receive the Week that Was (a sixth issue joining the five you already receive each week). If you aren't a Daily News Briefing subscriber but would like to sign up for just the Week that Was, you can do so here.
Election hacking and influence operations. Persirai noses out Mirai in the IP-camera botnet sweeps. More malicious apps strike Android. Zusy malware infects on a mouse-over.
Former FBI Director Comey's testimony yesterday before the US Senate Intelligence Committee has proved something of a Rorschach test for media observers. As WIRED's headline writers put it, "James Comey said exactly what you wanted him to say."
His testimony about Russian influence operations in the last US election season, however, was unambiguous: "There was a massive effort to target government and near-governmental agencies, like non-profits," he said. The FBI became aware of the campaign in 2015. Comey described the operation as long-standing Russian practice, and said "they'll be back."
The FBI thinks they've already been back, in Qatar, with a disinformation campaign mounted through hacked Qatar News Agency feeds that's successfully disrupted intra-alliance relations within the Gulf Coordination Council. Doha-based Al Jazeera also reports a sustained attack, this one a distributed denial-of-service operation, possibly using repurposed Mirai botnets.
Mirai itself no longer holds first place in the IP-camera botnet-sweeps. The leader is now Persirai.
More problems arise within the Android ecosystem to trouble enterprise users. Zscaler reports a malicious Android package representing itself as a "cleaning" app from Google, "Ks cleaner." It secures admin rights on infected devices and uses them to display ads, download other apps, etc. And Kaspersky has found rooting malware "DVmap" hiding behind a simple puzzle game, "colourblock." Google has ejected this one from the PlayStore.
Various security companies report seeing new malware, "Zusy," in spam campaigns. Its payload is delivered in malicious PowerPoint file that infects users who mouse over links in the presentation.
Today's issue includes events affecting Australia, Bahrain, Egypt, European Union, Iran, Libya, Qatar, Russia, Syria, Thailand, United Arab Emirates, United Kingdom, United States, and and Yemen.
In today's podcast we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses Florida's new money laundering legislation targeting Bitcoin. Our guest, Will Ackerly from Virtru, talks about California law, the GDPR, and the right to be forgotten online.