The CyberWire Daily Briefing 12.5.17

Cyber Attacks, Threats, and Vulnerabilities

New Mirai Attack Attempts Detected in South America and North African Countries (TrendLabs Security Intelligence Blog) A few days after a campaign in Argentina, there was a spike of activity from Mirai in a series of attack attempts in South American and North African countries.

Reaper – Calm Before IoT Botnet Attack (Cybrary) Last year the world witnessed how some of the world’s top Web sites were taken down by “Mirai”, a zombie malware that hijacked “Internet of Things” (IoT) devices like wireless routers, digital video recorder and also security cameras in parts of the U.S. The attack was made

100,000-strong botnet built on router 0-day could strike at any time (Ars Technica) New strain of Mirai is sophisticated, locked, and loaded.

The UK's Kaspersky warning is a reminder: data ignores borders (WIRED) Should you stop using Kaspersky software? Probably not. But everyone needs to be aware of what borders their data is crossing

Phishers target panicking PayPal users with fake "failed transaction" emails (Help Net Security) An email from PayPal saying their transactions were impossible to verify or their payments were not processed will throw most users for a loop.

PayPal Unit TIO Networks Discloses Breach of 1.6 Million Accounts (eWEEK) Months after acquiring TIO Networks, PayPal discovers that the payment processor was the victim of data breach.

Ursnif Trojan Adopts New Code Injection Technique (Threatpost) Researchers have found a variant of Ursnif Trojan they said is a “v3 build” that targets Australian bank customers with new redirection attack techniques.

BankBot trojan hits Google Play (SecEMS) A security researcher is warning that an Android banking trojan BankBot has infected more than 400 bank apps on the Google Play store

Tech Support Scam Malware Fakes the Blue Screen of Death (Infosecurity Magazine) Troubleshooter asks for $25 to fix the fake problem.

Malware display fake BSOD to sell phony Windows anti-virus for $25 (HackRead) Microsoft has a never-ending malware problem, in fact, millions of Windows devices worldwide have been plagued with some sort of malicious software. Recent

A brief history of Bitcoin hacks and frauds (Ars Technica) Bitcoins have been a juicy target for hackers since 2011.

What is a supply chain attack? Why you should be wary of third-party providers (CSO Online) The weak link in your enterprise security might lie with partners and suppliers. Here’s how to understand and mitigate that risk.

Security Patches, Mitigations, and Software Updates

Google Cracks Down On Nosy Android Apps (Threatpost) Google beefs up privacy protections on apps distributed via third-party Android marketplaces and Google Play that that collect personal data without user consent.

Google is working on 47 Android fixes (Computing) Google has found more than 47 bugs in its mobile OS

Researchers call bull on Dirty Cow Patch, find flaw (SC Media US) Bindecy security researchers identified a flaw in the original patch code of the Dirty Cow vulnerability which could ultimately lead to a privilege escalation attack.

Dell Now Shipping Laptops With Intel's Management Engine Disabled (ExtremeTech) Dell is now selling laptops with Intel's Management Engine disabled, following Linux laptop vendors in doing so. It's the first major OEM to disable the security solution after Intel's Nov 22 bug disclosures.

Cyber Trends

Cybersecurity Professionals Aren’t Keeping Up with Training (CSO Online) While infosec pros agree that continuous training is important, they are too busy to keep up

The Evolution of Data Leaks (WIRED) Equifax aside, companies are doing better at securing their info. But the phishers keep coming.

5 computer security facts that surprise most people (CSO Online) As a 30-year road warrior, I’ve learned some security truths that seem wrong, but must be accepted if you really want to understand the threats you face.

Five key trends to watch in 2018 as cybercriminals continue to innovate (Help Net Security) When it comes to key infosec trends 2018 will be interesting. Human intelligence amplified by technology will be the winning factor in the arms race.

Cybersecurity concerns may stop consumers from purchasing a connected car (Help Net Security) Of the consumers who plan on purchasing a vehicle in the future, 53% are likely to research the car’s ability to protect itself from a cyberattack.

Gigamon Introduces the First Scalable SSL Decryption Solution for 100Gb Networks (PRNewswire) Gigamon Inc. (NYSE: GIMO), the leader in traffic visibility...

Marketplace

IRONSCALES Secures $6.5 Million to Automate Email Phishing Threat Detection, Incident Response and Intelligence Sharing (PRWeb) Funding led by K1 Investment Management as global demand soars for its machine learning technologies to solve the complex technological, operational and human challenges of phishing attacks

Enveil Announces Strategic Investment and Partnership with In-Q-Tel (Enveil | Encrypted Veil) Nonprofit Strategic Investor for U.S. Intelligence Community Backs Data Security Startup Protecting Data in Use Washington, D.C. – December 5, 2017 – Enveil, a pioneering data security company protecting Data in Use, today announced a strategic partnership with and investment from In-Q-Tel (IQT), th

The cyber security insurance industry must adapt and thrive in Israel (The Jerusalem Post) Tel Aviv start-up Cyberwrite has started to develop an underwriting platform for cyber insurance policies.

IT help wanted, cybersecurity experience preferred (CSO Online) To fix the cybersecurity labor shortage, IT organizations should cross-train IT workers on cybersecurity.

CenturyLink wins communications contract at Peterson Air Force Base (Business Insider) CenturyLink, Inc. (NYSE: CTL) recently won a contract to provide communications services to Peterson Air Force Base in Colorado Springs, Colo.

Intercede Wins Contract With UK Government Ministerial Department (Interactive Investor) Software company Intercede Group PLC said on Monday it has signed a contract with a UK government ministerial department in a deal potentially worth GBP750,000.

Forget FireEye, Palo Alto Networks Is a Better Cybersecurity Stock (The Motley Fool) Palo Alto is firing on all cylinders, but FireEye’s growth is grinding to a halt.

Versasec Opens Singapore Office to Serve Growing Asia-Pacific Business (Versasex) Industry Expert Yin Hong Lee Joins Smart Card Management Systems Company to Run New Office

Cybersecurity firm Dtex Systems opens Australian headquarters in Canberra (CRN Australia) Partners with Canberra-based professional services firm.

Bugcrowd Accelerates Growth, Expands Executive Team and Global Footprint (GlobeNewswire News Room) With nearly double the number of programs in 2017, Bugcrowd opens three new offices around the world to meet growing demand

OGSystems adds former Novetta chief Lamontagne to board (Washington Technology) OGSystems adds former Novetta CEO Peter LaMontagne to the board of directors.

Products, Services, and Solutions

Mocana Joins GE Digital Alliance Program to Advance Security of the Industrial Internet (GlobeNewswire News Room) Edge-to-Cloud Security Features Protect Critical Assets to Ensure Safety and Reliability of Industrial Systems

Gemalto Enables User-Managed Encryption Keys for Google Cloud Platform (Mobile ID World) Google Cloud Platform users can now leverage encryption key security from Gemalto. The company has announced that its SafeNet Luna Hardware Security Module—

GDPR Ready Solutions (ZL Tech) Accelerate GDPR compliance by identifying personal data across the organization and taking action in-place.

CENTRI Technology Launches Atonomi Network to Bring Security and Trust to Internet of Things (PRNewswire) Leading IoT security firm building blockchain-based network offering trust and security for IoT devices

Graphite GTC Announces Industry-First Code Guarantee (Sys-Con Media) Graphite GTC sets a new standard of excellence in the software industry by guaranteeing zero warning security scans to their enterprise customers.

Kobiton and App-Ray Partnership Provides Unique Service that Improves the Security of Mobile Apps (PRNewswire) With high-profile cyber attacks continuing to erode consumer and enterprise...

8 Low or No-Cost Sources of Threat Intelligence (Dark Reading) Here's a list of sites that for little or no cost give you plenty of ideas for where to find first-rate threat intelligence.

Technologies, Techniques, and Standards

MPs Cybersecurity Admissions Highlight Need For Culture Change (Silicon UK) ANALYSIS: MPs admit to sharing passwords and leaving computers unlocked because of convenience, but the people deserve better

Banks Prep For Apocalyptic Cyberattack (PYMNTS.com) In a world where attacks on computers are nearly de rigueur at this point, it isn’t much of a surprise that U.S. banks have begun quietly doomsday-prepping for a successful apocalyptic attack on their computers by hackers. The goal is to head off a run on the bank by panicked citizens. Called Sheltered Harbor, the […]

ICS-CERT Advice on AV Updates Solid, But Impractical (Security Week) The U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has offered some advice on how antivirus software should be updated in industrial environments, but the recommended method is not very practical and experts warn that organizations should not rely only on antiviruses to protect critical systems.

Can biometrics be the key to securing the IoT chain of trust? (IoT Agenda) The booming internet of things is on course to double in just five years, growing from 15 billion connections in 2015 to nearly 31 billion by 2020 according to IDC . As the number of connections and use cases explodes, so does the number of security vulnerabilities. The fate of the marketplace depends on our ability to trust the devices, data and networks that make IoT possible.

How to Remove DarkoderCrypt0r Ransomware (SpywareTechs.com) DarkoderCrypt0r Ransomware Removal Guide and Removal Tool by SpywareTechs. Follow our guide on how to remove DarkoderCrypt0r Ransomware.

Ransomware's lucrative next stop? The Point of Sale (Help Net Security) The instances of POS-based ransomware have been sporadic, but what’s to stop the POS malware trend from turning into a devastating, evolved threat?

How Firms Can Prepare for Massive NSA Breach Consequences (Inside Counsel | Corporate Counsel) Recently the U.S. National Security Agency was disastrously compromised flooding the dark web with its own cyberweapons that are now available to…

CenturyLinkVoice: How To Defend Against Bad Rabbit And Other Ransomware Threats (Kopitiam Bot) (Source: www.forbes.com) Ransomware is one of the biggest, most insidious cybersecurity threats today. “And it’s getting worse,” said Terry Barbounis, cybersecurity evangelist at Centur…

How to Keep Your Kids Safe Online (WIRED) From Net Nanny to parental blocks to, you know, actually talking to your kids about their online behavior.

‘Need to understand cyber threats before fighting them’ (The Indian Express) At IEThinc, experts discuss emerging threats to national security in the fast-changing digital world.

Eglin gets first Air Force cybersecurity group (Northwest Florida Daily News) Approximately 50 new personnel will be coming to Eglin over the next two years as the new group gets established.

Design and Innovation

Ghostery Deploys AI in the Fight Against Ad Trackers (WIRED) With the release of Ghostery 8, the popular ad-blocker introduces artificial intelligence and a whole new level of usability for beginners.

Research and Development

The Dutch government defines cyber threat actors (ComputerWeekly.com) The Dutch government commissions the creation of a scientific classification of individuals and groups involved in cyber crime.

Academia

UGA, U.S. Army Cyber Command look to partner (Online Athens) The University of Georgia and the U.S. Army’s Cybersecurity Command could soon be exchanging students and workers, according to a civilian Army official.

Girl Scouts to train next generation of cybersecurity, AI, and robotics professionals (TechRepublic) Girl Scouts of the USA and Raytheon are partnering to create a national computer science program for middle and high school girls, in efforts to diversify the STEM workforce.

CyberPatriot Releases First-Ever Cyber Security Storybook (GlobeNewswire News Room) The Air Force Association’s (AFA) CyberPatriot program announced today the release of its first published children’s storybook, Sarah the Cyber Hero.

Legislation, Policy and Regulation

German government wants backdoors for spying added to cars, computers (CSO Online) The German government proposed an Orwellian nightmare: Backdoors for spying added to internet-connected devices, including cars.

Artificial Intelligence and Chinese Power (Foreign Affairs) China is on track to overtake the United States in the military applications of artificial intelligence.

China Reasserts Cyber Sovereignty Policy as Google Pleads for Better Access (Variety) Apple’s Tim Cook and Google’s Sundar Pichai were in attendance this weekend at the World Internet Conference in Wuzhen, China. There, they would have heard Chinese President Xi Jinping, in a letter…

The Kremlin's Latest Crackdown on Independent Media (Foreign Affairs) The new Russian media "foreign agent" law is part of a more than decadelong effort by Putin’s regime to repress independent media and civil society.

Hope grows that a larger SEC crackdown on ICOs is coming — and soon (TechCrunch) That wait-and-see stance looks to evolve into much more action 2018, suggest those who've either spoken with the Securities & Exchange Commission or..

How to Save the Pentagon’s Innovation Insurgency (Defense One) The former chief of the US Army’s Rapid Equipping Force suggests parallel tracks for innovation and execution.

Proposed law would jail execs who fail to report data breaches (Naked Security) The Senate’s looking at YOU, Uber!

State Dept insists cyber a priority despite office closure (TheHill) Lawmakers have expressed concerns on Tillerson's decision to close office dedicated to cyber diplomacy.

Litigation, Investigation, and Enforcement

FBI, Europol, Microsoft, ESET Team Up, Dismantle One of World's Largest Malware Operations (Dark Reading) Avalanche, aka Gamarue, aka Wauchos, malware enterprise spanned hundreds of botnets and 88 different malware families.

Mastermind Behind Andromeda Botnet Arrested in Belarus (Recorded Future) Recently, a joint task-force dismantled the Andromeda botnet and arrested the cybercriminal responsible. We believe that person is threat actor Ar3s.

World Police Shut Down Andromeda (Gamarue) Botnet (BleepingComputer) Law enforcement agencies across the globe and members of the private sector announced today they shut down the Andromeda (Gamarue or Wauchos) botnet.

Andromeda botnet dismantled in international cyber operation (Help Net Security) An international cyber operation dismantled one of the longest running malware families in existence called Andromeda (also known as Gamarue).

ESET plays crucial part in disrupting botnets using malware family (WeLiveSecurity) Malware family known as Wauchos is disrupted as ESET plays crucial role alongside researchers from Microsoft and law enforcement to disrupt botnets.

Feds shut down allegedly fraudulent cryptocurrency offering (Ars Technica) Cryptocurrency offerings are no longer a regulation-free zone.

FCC Agrees to Assist New York AG in Probe of Alleged ID Theft in Net Neutrality Comments (New York Law Journal) The FCC’s Office of Inspector General has agreed to cooperate with New York’s investigation into thousands of comments on net neutrality that were posted to the commission's website allegedly without the knowledge or consent of the individuals New York Attorney General Eric Schneiderman said Monday. An FCC Commissioner also asked the Dec. 14 hearing be postponed until an investigation is complete.

Democrat asks why FCC is hiding ISPs’ answers to net neutrality complaints (Ars Technica) Records request for net neutrality complaints and resolutions still unfulfilled.

Opinion | Ban on speech ‘about a person’ that negligently causes ‘significant mental suffering, anxiety or alarm’ struck down (Washington Post) A new -- and correct -- decision from the Illinois Supreme Court this morning.

Breached Password-Trading Site Leakbase Goes Dark (Infosecurity Magazine) Breached Password-Trading Site Leakbase Goes Dark. It now redirects to legit breach notification site

Leakbase.pw Hacked Password Service Goes Dark (BleepingComputer) Over the weekend, Leakbase.pw, a web site that sold subscriptions to usernames and passwords leaked in data breaches at other companies, suddenly discontinued their service.

Man Hacks Jail Computer Network to Get Friend Released Early (BleepingComputer) A Michigan man pleaded guilty last week to hacking the computer network of the Washtenaw County Jail, where he modified inmate records in an attempt to have an inmate released early.

Hacker admits cyber crime offences including Google and Skype attacks (Times and Star) Alex Bessell admitted nine cyber crime offences, including receiving 50,000 pounds from a website he set up to sell malware and botnets

Apple agrees to set aside more than $15 billion to Ireland in back taxes (Ars Technica) Despite EU ruling, neither Apple nor Ireland wants the Cupertino company to pay.

Mirai is back, and Reaper is locked and loaded. New riffs on familiar scams. International policing takes down Andromeda.