The CyberWire Daily Briefing 12.8.17

Cyber Attacks, Threats, and Vulnerabilities

Iranian Hackers Have Been Infiltrating Critical Infrastructure Companies (WIRED) A new Iran-linked hacking group called APT 34 has been spotted lurking in the networks of financial, energy, telecom, and chemical companies.

Iran’s hacking efforts are now too big to ignore (Cyberscoop) While hackers linked to China, North Korea and Russia earned headlines over the past year, similar groups in Iran have been drawing far less attention.

Chinese Hacker Groups To Shift Focus To India In 2018: Cyber Security Firm (NDTV.com) Chinese advanced persistent threat (APT) groups that have allegedly been creating cyber havoc internationally will shift their focus in 2018 to countries like India and Hong Kong and groups seen as a threat to Beijing's influence over global markets.

'Tens of millions' exposed to hackers by banking app security flaw (IT PRO) Exploits in HSBC, Natwest, and Co-op apps would allow hackers to steal user credentials

University Of Birmingham Found a Security Flaw That Had 10 Million Banking App Users At Risk - Information Security Buzz (Information Security Buzz) On 6th December researchers from the University of Birmingham found a security flaw that had 10 million banking app users at risk. The researchers have developed a tool to perform semi-automated security testing of mobile phone apps. After running the tool on a sample of 400 security critical apps, they were able to identify a critical …

UK Researchers Find Major Bank App Bug Affecting 10 Million (Infosecurity Magazine) UK Researchers Find Major Bank App Bug Affecting 10 Million. Lack of hostname verification in several popular apps could enable MITM attacks

Market-leading security products broken by Doppelganging attack (SC Media UK) Doppelganging attack process memory attack methodology not only defeats market-leading security products but breathes new life into old threats.

Locky-Like Campaign Demonstrates Recent Evolving Trends in Ransomware (PhishMe) Over the US Thanksgiving holiday, PhishMe Intelligence™ observed a recent ransomware campaign, Scarab, that shares some similarities in behavior and distribution with Locky.

"It's One of the Most Commonly Told Lies in America" (OZARKSFIRST) A popular Android app has leaked information from over 31 million users.

Hacking prison – lessons learned from recent Databreach (ERPScan) Did you ever think that a hacker could spring a prisoner out of jail? A hack like this is no longer an imaginary plot for serial movies like “Mr. Robot” or a potential for “Prison Break”. It fell outside of the fictional world turning into a real-live event.

Phishers Are Upping Their Game. So Should You. (KrebsOnSecurity) Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted (http:// vs. https://) Web pages.

Social Engineer Shows How to Get Easy Cash (Infosecurity Magazine) Crumbaugh demonstrated how to get a target to install malware, bypass anti-virus and how he won the confidence of the target

«Доктор Веб» предупреждает: злоумышленники взламывают сайты с помощью «Интернета вещей» (Dr.Web) Компания «Доктор Веб» уже <a href="https://news.drweb.ru/show/?i=11320&c=23&lng=ru&p=0">рассказывала</a> о троянце <a href="https://vms.drweb.ru/search/?q=Linux.ProxyM"><b>Linux.ProxyM</b></a>, способном заражать «умные» устройства под управлением ОС Linux. В сентябре злоумышленники с его помощью <a href="https://news.drweb.ru/show/?i=11467&c=23&lng=ru&p=0">рассылали спам</a>, а в последнее время используют его возможности для взлома веб-сайтов.

RNIB Breach May Have Hit Hundreds — Report (Infosecurity Magazine) RNIB Breach May Have Hit Hundreds — Report. Shoppers at charity’s web store hit by follow-on fraud

Study: 69 Percent of Financial Services Organizations Do Not Rotate SSH Keys After Employees Leave (Venafi) According to Venafi’s research, even though SSH keys provide the highest levels of administrative access, they are routinely untracked, unmanaged and poorly secured.

#BHEU: Attackers and Spies Merge with Evolved Attacks (Infosecurity Magazine) Attackers and spies are merging to use tools to extort companies, using espionage and cybercrime tools

Ransomware up nearly 2,000% in two years as “cyber mafia” hit business (ComputerWeekly.com) Cyber attacks on businesses in 2017 grew in frequency, sophistication and malice, a report on the new age of organised cyber crime reveals

oBike reviewing app security after international user data leak (The Straits Times) Bicycle-sharing operator oBike is reviewing the security of its app, following a leak that affected its users' data in 14 countries worldwide.. Read more at straitstimes.com.

Cybercriminals Go Cryptocurrency Crazy: 9 Factors (GovInfo Security) Bitcoin: Is it the future of cash, a legitimate speculative instrument or a Ponzi scheme in easy-to-consume digital form? Despite the outstanding questions,

Bitcoin Exchange NiceHash Hacked as Crypto-Currency Hits New Highs (eWEEK) As Bitcoin reaches new all-time highs, concerns continue to grow about the security and availability of online crypto-currency exchanges.

Hackers Cash In on ICOs Euphoria, ‎$300M ‎Stolen in 2017, Says Kaspersky (Finance Magnates) The cyber attacks were unique in how they were so deliberately planned‎.

Why is bitcoin’s price so high? (TechCrunch) Bitcoin's price has risen stratospherically, a fact that leaves many minor players in the market with massive gains and many bigger players millionaires. But..

CryptoKitties Maker on $100,000 Digital Cats: 'It's Crazy' (Motherboard) “If they’re going to value or devalue in the future, I honestly don’t know.”

Man who threw away $121m of Bitcoin wants to dig up landfill site (HackRead) In 2009, James Howells, a British IT worker bought 7,500 Bitcoin, at the time its value was around $130. Currently, 1 Bitcoin according to CoinBase is more

CONFICKER/ DOWNAD 9 Years After: Examining its Impact on Legacy Systems (TrendLabs Security Intelligence Blog) Despite being nearly a decade old, and years past its peak, DOWNAD, also known as CONFICKER, has not gone away. 9 years to the month after its first discovery, we take a look at the numbers to see where DOWNAD is today, and why it is still one of the world’s most prevalent malware.

Apps Can Track Users Even When GPS Is Turned Off (BleepingComputer) Princeton researchers have developed a proof-of-concept app that can be used to reliably track users even if an app does not access a phone's GPS data, and the user has purposely turned off GPS services.

Android Ransomware Kits on the Rise in the Dark Web (Dark Reading) More than 5,000 Android ransomware kit listings have been spotted so far this year, with the median price range hitting $200.

Cybercrime Now Driven by Four Distinct Groups (Infosecurity Magazine) Four distinct groups of cyber-criminals: traditional gangs, state-sponsored attackers, ideological hackers and hackers-for-hire

ISIS hackers take down local council website (Mail Online) A group called Electronic Ghosts of the Caliphate hacked the Gloucester Township site and posted threats on its homepage as another group shared a picture of the White House on fire.

Ho ho oh no: How malware hijacks holiday shopping (CBS News) All that online buying – click here for bargains! – puts consumers directly in the bad guys' crosshairs

8 Computer Viruses That Brought the Internet to Its Knees (Who Is Hosting This: The Blog) Computer viruses have cost millions of dollars in damages. Here are the worst 8 computer viruses in history — and how you can keep yourself safe.

Man turns shed into top rated restaurant on TripAdvisor (Naked Security) …without ever serving food from it.

Security Patches, Mitigations, and Software Updates

Microsoft emergency update: Malware Engine needs, erm, malware protection (Register) Stop appreciating the irony and go install the patch now

Google Rolls Out New Chrome Security Feature to Combat Microsoft (ExtremeTech) Google has rolled out a major new enterprise security feature in Chrome called site isolation. It's a stronger version of the browser's existing sandboxing feature.

Here's How to Enable Chrome "Strict Site Isolation" Experimental Security Mode (BleepingComputer) Google Chrome 63, which shipped yesterday evening, arrived with a new experimental feature called Strict Site Isolation that according to Google engineers is an additional security layer on top of Chrome's built-in sandboxing technology.

Apple users, it's time for new security updates (Help Net Security) Apple usually pushes out security updates for its various devices and software on the same day, but not this time. Patch as soon as you can!

Cyber Trends

3 advanced prevention technologies expected to grow in 2018 (CSO Online) New advanced protection technologies will help organizations decrease the attack surface and simplify security operations.

It's the golden age of cyber crime — here's how the US must prepare for it (TheHill) Sad to say, but this is a good time to be in the business of cyber crime.

Malware-free breaches lead to big breaches: 5 things to know (Becker's Hospital Review) Though ransomware attacks have been highly publicized, the majority of cyberattacks exploited a combination of native software from a victim's system, memory-only malware and stolen credentials, according to the 2017 "Cyber Intrusion Services Casebook" from CrowdStrike.

FCA: Banks Are Under-Reporting Cyber-Attacks (Infosecurity Magazine) FCA: Banks Are Under-Reporting Cyber-Attacks. UK regulator urges more openness for the good of the industry

Keep unexpected holiday security surprises to a minimum (Help Net Security) Being proactive can help keep the unexpected holiday security surprises to a minimum, according to Chris Goettl from Ivanti.

Cybersecurity Predictions for 2018 (Proofpoint) In 2018, attackers will continue to exploit humans to install malware, transfer funds, and steal information, with significant changes in techniques and behavior.

Juniper Networks CEO claims cloud being pushed to 'breaking point' (Channelweb) Speaking at Juniper Networks' annual EMEA summit in London, CEO Rami Rahim warned of an approaching breaking point in cloud and addressed Nokia takeover rumours.

List of IT Services Statistics (Clutch) We compiled a list of statistics about how businesses use and source IT services. Use this list to learn how to approach partnerships with IT companies and consultants for IT services, cybersecurity, and mobility services.

Australian cybersecurity spending to reach $3.8 billion in 2018: Gartner (CRN Australia) Up 6.5 percent from 2017.

Rep. Will Hurd of Texas Argues that Quantum Computing Is the Next Big Security Risk (WIRED) Opinion: Quantum computers will rock current security protocols that protect government and financial systems.

Half of U.S. Companies Face Serious Challenges in Becoming GDPR Compliant (eSecurity Planet) A recent Varonis survey of 500 cyber security professionals in the U.S., U.K., Germany and France found that 50 percent of U.S. respondents and 60 percent of E.U. respondents believe they face serious challenges in becoming compliant with the upcoming E.U. General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018.

Marketplace

Kaspersky to Close Washington Office But Expand Non-State Sales (Bloomberg) A Russian software-maker, whose products are banned for use in federal information systems by the U.S. government, is seeking to remain in the North American market and prove its products have no hidden capabilities.

Alcide exits stealth mode with $5.2 million in funding (eSecurity Planet) The cloud-friendly security startup launches its network security platform after attracting an investment from Intel.

How Apple Is Using M&A to Catch Up to Rivals in Artificial Intelligence (TheStreet) The tech giant has made 11 artificial-intelligence-related acquisitions in the last five years, according to CB Insights.

Juniper Scouts for Multicloud Cybersecurity M&A Targets (Light Reading) Multicloud cybersecurity is a key market for Juniper and it plans to evolve organically or with M&A to be in the vanguard, says the vendor's CEO Rami Rahim.

How three of Silicon Valley's hottest cybersecurity startups are coming to the rescue (Silicon Valley Business Journal) The industry is not only essential to protecting companies, the cloud and your data — it was a hot investment in 2017.

Jobs boost for Galway and Cork (RTE.ie) Two companies - Antares Vision and Keeper Security - have announced the creation of new jobs for Galway and Cork over the next number of years.

Products, Services, and Solutions

Cytobank Secures Innovative Biomedical Research Platform with CYBRIC (BusinessWIre) CYBRIC, provider of the first continuous application security platform, today announced that Cytobank, a cloud-based software solution that accelerate

Heptio teams up with Microsoft to build a better Kubernetes disaster recovery solution (TechCrunch) With the rise of Kubernetes as the de facto standard for container orchestration, it's no surprise that there's now a whole ecosystem of companies springing..

ImageWare solution protects entertainment industry IP (BiometricUpdate) Secure Channels has selected ImageWare’s GoVerifyID solution to secure its Entertainment Security Operations Center (ESOC) with multi-factor biometric authentication. Secure Channels’ E…

Exostar Enhances Security and Promotes Compliance with New Multifactor Authentication Solution (BusinessWire) Exostar Mobile ID turns mobile devices into secure credentials for access control, making MFA easier while supporting US/EU compliance mandates.

Large email hack reported – Swiss agency tool lets you check if your account was compromised (le News) It’s the question lurking in many people’s minds, especially during the frenzy of online Christmas shopping: has my email account been hacked?

Technologies, Techniques, and Standards

GDPR: The Importance of Data Privacy Impact Assessments (Computer Business Review) Under GDPR, in-depth Data Protection Impact Assessment (DPIA) will be required by businesses to help identify threats to the privacy rights of EU residents.

Malwarebytes: knowledge sharing is critical to fight 'the new Mafia' (Computing) Organised cybercrime has seen ransomware detection rise 2,000 per cent

Avoid becoming a victim of phishing attacks by encrypting your contacts (TechRepublic) Phishing is on the rise, says ProtonMail CEO Andy Yen. An encrypted contacts manager can help keep your contacts private, and validate the information you receive in your inbox.

Protecting secret networks means being more open about threats (Fifth Domain) The Department of Defense is now sharing an unclassified report with industry as to better inform solutions based on threat behavior.

How to Protect Yourself After the Next Big Corporate Hack (WIRED) The next megabreach is coming. Here's how you can cope if and when your info gets swept up.

What Slugs in a Garden Can Teach Us About Security (Dark Reading) Design principles observed in nature serve as a valuable model to improve organizations' security approaches.

Design and Innovation

Why Artificial Intelligence Will Soon Dominate the Blockchain (Bitsonline) The cryptocurrency community recently has focused on Bitcoin and IOTA’s massive bull run. However Industry insiders have begun to take notice how artificial

Meow! Facial recognition reaches pet doors (Naked Security) It takes mere seconds to recognize a cat, thereby avoiding confused pets. Microsoft, who built it, didn’t address pre-confused pets or hacker squirrels.

Research and Development

Senior leadership taking aim at cybersecurity in weapon systems (Fifth Domain) Initiatives such as the cybersecurity scorecard have raised cybersecurity vulnerabilities to senior levels of the Pentagon.

A Tiny New Chip Could Secure the Next Generation of IoT (WIRED) With Project Sopris, Microsoft has a new hardware solution for the next wave of IoT security problems.

Researchers train robots to see into the future (TechCrunch) Robots usually react in real time: something happens, they respond. Now researchers University of California, Berkeley are working on a system that lets..

Legislation, Policy and Regulation

NATO’s Little Noticed but Important New Aggressive Stance on Cyber Weapons (Foreign Policy) Not many people noticed it, but last month, NATO made a dramatic change in its cyber policy.

Ministry of Defence to merge cyber policy, IT departments (ERR) The Ministry of Defence is to merge its cyber policy and information technology departments into a single department. It is also to hand wage calculation over to the Support Command of the Estonian Defence Forces (EDF).

GAO details lack of policy around continuous evaluation of cleared workers (InsideDefense.com) The federal government has not set clear policies for using technologies to continuously monitor individuals who hold security clearances, which experts say could call into question the Defense Department's plan to replace a large portion of the background investigation process with continuous evaluation.

Texas Legislature Taking Crash Course In Cybersecurity (Texas Public Radio) The Texas Senate held its first select committee Wednesday to review processes and give lawmakers a crash course in cybersecurity. The committee was

Litigation, Investigation, and Enforcement

WikiLeaks faces U.S. probes into its 2016 election role and CIA leaks: (Reuters) WikiLeaks and its founder, Julian Assange, are facing multiple investigations by U.S. authorities, including three congressional probes and a federal criminal

The Logan Act and its Limits (Lawfare) Seven ways to consider the parameters of the Logan Act.

Royal Terror Threat Uncovered By TerrorTech (TERRORMATE) American homeland security and public safety firm alerted British counter terrorism authorities to threat against Prince George

Inside Oracle’s cloak-and-dagger political war with Google (Recode) Oracle has lobbied aggressively — and seeded negative stories about its search foe — as the two battle in court.

Uber's Not the Only One That Should Be Wary of Disappearing Messaging Apps (WIRED) Wickr takes center stage.

Volkswagen executive sentenced to maximum prison term, fine under plea deal (Ars Technica) Bids to lighten Schmidt’s sentence did not sway the judge.

FBI, Brookline detectives investigating cyber attack on the town's Treasury (Brookline TAB) The FBI and Brookline Police detectives are investigating a sophisticated cyber scam that targeted funds from the town’s Treasury. In the scam,

Michigan man pleads guilty in Washtenaw County phishing scheme (SC Media US) The county spent at least $235,488 on responding and investigating the breach.

Iranian threat groups probe infrastructure. Security issues in banking apps, bike-sharing, and cryptocurrencies. Caliphate Cyber Ghosts haven't said "boo."