The CyberWire Daily Briefing 01.13.17

Cyber Trends

Flashpoint Releases Inaugural Bus Risk Intel (BRI) Decision Report (American Security Today) Cybercriminals, jihadists, nation-state cyber actors, hacktivists, and cyber attention-seekers received widespread global attention throughout 2016, laying the foundation for what is already shaping up to be an eventful and challenging 2017

Das Jahr der digitalen Erpressung (MaschinenMarkt) Schon im letzten Jahr beherrschten Cyberattacken die Schlagzeilen, darunter die sogenannte Ransomware oder auch die heiß diskutierten Hackerangriffe im US-Wahlkampf. Auch der Angriff auf Telekom-Router Ende des Jahres lässt für 2017 nichts Gutes erahnen – tatsächlich geben Experten für 2017 keine Entwarnung

Deloitte Makes 2017 Predictions for Machine Learning and Autonomous Technology (IoT Evolution) In a recent slate of 2017 predictions, Deloitte has said that more than 300 million smartphones, or more than one-fifth of units sold in 2017, will have machine learning capabilities within the device in the next 12 months

Cyberattacks – Are Americans Safe In Cyberspace? (Value Walk) Cyberattacks are an increasing problem but Americans are not that worried

Legislation, Policy and Regulation

DNI on cyberspace: An 'insidious progression of aggressiveness' (C4ISRNET) Director of National Intelligence James Clapper told the Senate Intelligence Committee that cyberspace is affording bold actors opportunities to be even more aggressive

E.O. 12333 Raw SIGINT Availability Procedures (IC on the Record) On January 3, 2017, the Director of National Intelligence, in coordination with the Secretary of Defense, issued the “Procedures for the Availability or Dissemination of Raw Signals Intelligence Information by the National Security Agency under Section 2.3 of Executive Order 12333” (the “Raw SIGINT Availability Procedures”). The procedures were approved by the Attorney General on January 3, 2017

A lot more people will now have access to the NSA’s raw surveillance data (Verge) The Obama administration has greatly expanded the NSA’s power to share raw intelligence within the US government, as reported by The New York Times. The new rules were signed by the attorney general on January 3rd, putting them into effect less than three weeks before President-elect Donald Trump’s inauguration

N.S.A. Gets More Latitude to Share Intercepted Communications (New York Times) In its final days, the Obama administration has expanded the power of the National Security Agency to share globally intercepted personal communications with the government’s 16 other intelligence agencies before applying privacy protections

NSA to share data with other agencies without “minimizing” American information (Ars Technica) Rules opposed by civil liberties and privacy advocates

Just in Time for Trump, the NSA Loosens Its Privacy Rules (Wired) As the privacy and civil liberty community braces for Donald Trump’s impending control of US intelligence agencies like the NSA, critics have called on the Obama administration to rein in those spying powers before a man with a reputation for vindictive grudges takes charge. Now, just in time for President-elect Trump to inherit the most powerful spying machine in the world, Obama’s Justice Department has signed off on new rules to let the NSA share more of its unfiltered intelligence with its fellow agencies—including those with a domestic law enforcement agenda

Defense Secretary Nominee Cautions Against 'Stumbling' Into Cyberwar (Nextgov) Retired Gen. James Mattis called for a comprehensive cyber doctrine to respond to cyberattacks when testifying during his Senate confirmation hearing Thursday

Can government alone protect cyberspace? (FCW) Will the federal government be overwhelmed as the sole entity responsible for identifying, protecting and responding to threats in cyberspace?

Ex-US National Security Official Clarke: Regulation Key To Protecting ICS/SCADA From Cyberattacks (Dark Reading) Richard Clarke proposes a Y2K-style approach to beefing up security for critical infrastructure

Trump asks Giuliani to help with cybersecurity (Federal Times) Former New York City Mayor Rudy Giuliani finally has a job in the incoming Trump administration

What Does Rudy Giuliani Actually Know About Cybersecurity? (Motherboard) Rudy Giuliani is going to head a new Cybersecurity Working group for the Donald Trump transition team, a move that has caused many to reflexively wonder: What does the former mayor of New York know about cybersecurity?

Trump's cyber-guru Giuliani runs ancient 'easily hackable website' (Register) Stunned security experts tear strips off president-elect pick hours after announcement

Obama's former CIA director backs Trump's pick for the job (The Hill) Former CIA Director Leon Panetta on Thursday said he supports President-elect Donald Trump’s pick to fill the position

Trump's CIA nominee wants a massive surveillance database of Americans (PC World) Senators question how Pompeo would limit his proposed U.S. metadata database

Hub for Cyber Command defensive ops fully operational by 2018 (C4ISRNET) The defensive operational arm of Cyber Command – Joint Force Headquarters-DoDIN – is slated for full operational capability for the beginning of 2018

Neller: ‘We Need a Fifth-Generation Marine Corps’ (Sea Power) Fighting and winning against emerging peer competitors will require a “fifth-generation Marine Corps” capable of competing in technological domains, as well as the traditional air, sea and land kinetic arenas, the top Marine officer said Jan. 12

Marine Corps May Get a Cyber-Only MOS (Military[.]com) The top officer of the Marine Corps wanted to expand the service's cyber community, and he's looking at ways to make the job more appealing to qualified Marines

U.S. Air Force creates group to recruit cyber nerds for weapons programs (Alamogordo News) The US Air Force is forming a troop of cyber geeks hand-picked from the commercial technology sector to solve software problems on troubled weapons programs, the service’s top civilian announced Friday

Products, Services, and Solutions

Cybersecurity Visionary Nir Gaist Announces Expansion of Nyotron into the US Market (Marketwired) With the mission to secure the world, Nyotron introduces new threat-agnostic endpoint platform that blocks all malware attacks in real-time using patented operating system behavior pattern mapping technology

FreedomPay Expands Secure Commerce Platform with Microsoft Dynamics 365 Integration (Yahoo! Finance) FreedomPay today announced the integration of Microsoft Dynamics 365 with its PCI-validated commerce platform. The Dynamics 365 integration marks a significant milestone in a multi-year strategy to deploy an industry leading commerce platform that delivers world-class security, seamless connectivity to the point-of-sale and real-time data availability with the global scale and accessibility of the Azure cloud platform

Palo Alto Networks Releases Cybersecurity Guide (Investopedia) The cybersecurity company Palo Alto Networks Inc. (PANW) today announced the publication of a new guide for organizations in Singapore. It’s called “Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers"

Carbon Black Redefines Incident Response With a 99% Decrease in Time Spent on Root-Cause Identification and Remediation With Cb Response 6.0 (Yahoo! Finance) Carbon Black, the leader in next-generation endpoint security, today announced the release of Cb Response 6.0, a new version of its market-leading incident response and threat-hunting solution that changes the game for security-operations teams by providing the only end-to-end IR solution with unlimited scalability

Guardtime's KSI blockchain in UAE healthcare pilot (International Business Times) NMC Health and telecom firm Du partner under UAE government's Global Blockchain Council

F-Secure 2017 (Tom's Guide) F-Secure's four paid antivirus products provide very good protection from the worst of the web, along with a small assortment of enhancements and extras. For the most part, the company's offerings also cost a bit less than competing products from other brands

Symantec Announces Xolphin as the First Encryption Everywhere Partner for Benelux and First Registration Authority in Europe (Yahoo! Finance) Symantec Corp., the world’s leading cyber security company, today announced that Xolphin, a Dutch market leader in reselling SSL Certificates, has signed on as a Symantec Encryption Everywhere partner in Europe, and is the first company to bring the program to the Benelux region. In March of 2016, Symantec announced its intent to help secure every legitimate website and web application. Symantec’s Encryption Everywhere program gives web hosting providers a single platform to deliver one of the most comprehensive security portfolios to their customers

British Telecom signs up Trend Micro to strengthen security in cloud (Financial Express) Leading providers of communications services and solutions British Telecom and Trend Micro, a global leader in cyber-security solutions on Thursday announced immediate availability of Trend Micro’s Deep Security data centre solution on BT’s Cloud

Free IoT Vulnerability Scanner Hunts Enterprise Threats (Dark Reading) A free IoT scanner from BeyondTrust looks for at-risk devices so organizations can pinpoint and address vulnerabilities

New infosec products of the week: January 13, 2017 (Help Net Security) Denim Group enhances ThreadFix platform... Trend Micro TippingPoint launches 100 Gb standalone NGIPS... DataGravity for Virtualization protects data in the virtualized environments of SMEs... Thales delivers on-premises and SaaS Bring Your Own Key (BYOK) offering for Salesforce... IRONSCALES updates its automatic phishing mitigation solution... AppSense DesktopNow update supports Windows Server 2016 with Citrix XenApp... BlackMesh unveils government cloud solution platform... AVG launches security and tune-up products

Technologies, Techniques, and Standards

Ransomware is getting worse. Here’s how to stop it (IT Brief Australia) Ransomware is today’s most visible and most-talked-about cybersecurity threat. Afflicting consumers and enterprises alike, ransomware has attacked laptops, desktops and servers by encrypting data and destroying backups. These attacks have cost millions of dollars is ransom – that is, untraceable payments to hackers in the hope that they will send a decryption key and allow data to be recovered. Sometimes victims pay the ransom and don’t receive the decryption key, or find that the key doesn’t work, or even find another demand for even more money

How to Explain the Meteoric Rise of Threat Intelligence (Recorded Future) In the past, cyber security has been a largely reactive discipline. Now, threat intelligence enables companies to get ahead of their attackers, and avoid costly breaches. According to the latest research, over two thirds of organization have either implemented or plan to implement a threat intelligence solution. There are three primary ways in which using threat intelligence can enhance your security profile: Increasing speed and reliability of threat detection and prevention, tightening security controls, and facilitating decision making. The future of threat intelligence is likely to involve two primary elements: intelligence sharing and machine learning (or other AI breakthroughs)

Homeland’s biggest cybersecurity tool finally covers most of government (Federal Times) The Department of Homeland Security is now providing cybersecurity risk monitoring and response services to 93 percent of federal civilian executive branch networks, according to a Jan. 11 press release

Implementing ERP Vulnerability Management Process. Part 1 (ERPScan) This series of articles describes an approach to increase ERP security by leveraging proactive vulnerability management process and ERP security control solutions

Memory-Resident Malware Creating Forensics Challenges (InfoRisk Today) Verizon's Novak analyzes how the changing threat landscape changes breach detection

Who's Attacking Me? (SANS Internet Storm Center) I started to play with a nice reconnaissance tool that could be helpful in many cases - offensive as well as defensive. "IVRE" [1] ("DRUNK" in French) is a tool developed by the CEA, the Alternative Energies and Atomic Energy Commission in France. It's a network reconnaissance framework that includes

Containerisation: Why Traditional Security will End in Tears (CIOL) They are highly efficient, dynamic and cost-effective, but containers are a major blind spot for security teams

Marie Moe on Medical Device Security (Threatpost) Marie Moe, a research scientist at SINTEF of Norway, talks to Mike Mimoso about her personal and emotional connection to medical device security given that she has a pacemaker implanted in her that regulates her heart

The Sorry State Of Cybersecurity Awareness Training (Dark Reading) Rules aren't really rules if breaking them has no consequences

Enisa Report Looks to Boost Smart Car Security (Infosecurity Magazine) European security agency Enisa has released a new report designed to identify industry best practices in securing smart cars against cyber threats

Marketplace

Georgia launches new cyber innovation and training center (FedScoop) A new center, located in close proximity to U.S. Army Cyber Command, will bring together academia, private industry and government to develop state and local cyber standards

Maryland companies raised $300 million in venture capital in 2016 (Baltimore Sun) Maryland companies attracted $38.3 million in venture capital in the fourth quarter of 2016, down from $569.8 million the same quarter the previous year

Arxan Focuses on App-Level Security with Apperian Buy (Infosecurity Magazine) Mobile and internet of things (IoT) application security company Arxan has acquired Apperian

Network and IoT to underpin Trend Micro’s 2017 strategy (ARN) Channel centric push continues as vendor eyes the mid-market and enterprise

Should I Buy FireEye Inc (FEYE) Stock? 3 Pros, 3 Cons (Investor Place) FEYE stock has been a disaster, but things may be on the mend

Cylance Named a Top 50 Startup to Watch in Los Angeles (BusinessWire) Cylance’s rapid growth and artificial intelligence-based approach to endpoint security earns recognition from Built in Los Angeles

TopSpin Security Reports Banner Year with Record Sales (Top Tech News) TopSpin Security Reports Banner Year with Record Sales, Large Customer Wins and Expanding High-Profile Ecosystem in 2016 -- Sales Increased by 400 Percent as More Organizations and Service Providers Select Intelligent Deception and Detection for Improving Information Security

Former U.S. Army General and Cyber Commander Joins Thycotic For Cybersecurity Counsel (Yahoo! Finance) Thycotic, a provider of privileged account management (PAM) solutions for more than 7,500 organizations worldwide, has appointed former United States Army Lieutenant General Rhett Hernandez as a strategic advisor for the public sector surrounding cybersecurity. Hernandez culminated a 39 year career as the first commander for the United States Army Cyber Command, which is the Army's U.S. Cyber Command service component

Research and Development

IBM: Hm, medical record security... security... Got it – we need blockchains (Register) Big Blue pretty sure it can sell more Watson boxes if this works

Security Patches, Mitigations, and Software Updates

Wordpress 4.7.1 Fixes CSRF, XSS, PHPMailer Vulnerabilities (Threatpost) WordPress developers are encouraging users of the content management system to apply a new update, pushed this week, to resolve eight security issues, including a handful of cross-site scripting (XSS) and cross-site request forgery (CSRF) bugs

FDA urges patients to implement patch to secure their cardiac implants (Help Net Security) Patients who have been implanted with pacemakers and defibrillators manufactured by US-based St. Jude Medical are urged to make sure that their Merlin@home Transmitter unit is plugged in and connected to the Merlin.net network, so that it can receive a critical security patch

Windows 10’s privacy dashboard aims to tackle data concerns (Naked Security) After 18 months of users’ howls, threats from the French privacy watchdog and a slap from the Electronic Frontier Foundation (EFF), Microsoft is making a series of changes to tackle privacy concerns around Windows 10

Key Transparency (Google (on Github)) Key Transparency provides a lookup service for generic records and a public, tamper-proof audit log of all record changes. While being publicly auditable, individual records are only revealed in response to queries for specific IDs

Cyber Attacks, Threats, and Vulnerabilities

Shadow Brokers leak NSA-linked Microsoft hacking tools (CyberScoop) The mysterious group that claims to have stolen digital weapons once used by the National Security Agency published a trove of active Microsoft Windows software exploits on Thursday

Suspected NSA tool hackers dump more cyberweapons in farewell (CSO) The Shadow Brokers dumped the hacking tools online after attempting to sell a large cache for bitcoin

NSA-leaking Shadow Brokers lob Molotov cocktail before exiting world stage (Ars Technica) With 8 days before inauguration of Donald Trump, leak is sure to inflame US official

Power cut in Ukraine a cyber attack (Information Age) According to researchers investing an outage suffered by the Ukrainian power grid it was a cyber attack

How Russia hacks: FireEye analysis exposes main tactics used by 'Fancy Bear' (International Business Times) The APT28 threat group has targeted political groups, think tanks and journalists

Hacker Steals 900 GB of Cellebrite Data (Motherboard) The hackers have been hacked. Motherboard has obtained 900 GB of data related to Cellebrite, one of the most popular companies in the mobile phone hacking industry. The cache includes customer information, databases, and a vast amount of technical data regarding Cellebrite's products

Phone Hacking Company Falls Victim to Hackers (ABC News) Cellebrite, a digital forensics firm known for helping law enforcement crack into locked smartphones, has itself fallen victim to hackers

Mobile forensics firm Cellebrite confirms data breach (Help Net Security) Israeli mobile forensics firm Cellebrite has announced that it has suffered a data breach following an unauthorized access to an external web server

WhatsApp backdoor allows snooping on encrypted messages (Guardian) Exclusive: Privacy campaigners criticise WhatsApp vulnerability as a ‘huge threat to freedom of speech’ and warn it could be exploited by government agencies

Why the "WhatsApp Backdoor" is not a WhatsApp-backdoor (Slash Crypto) Today I read about this “new” discovery of a so called “backdoor” in WhatsApp. You can find the article of the Guardian here

Oh, for F...acebook: Critics bash WhatsApp encryption 'backdoor' (Register) S'OK. Just turn on your notifications – green messenger

Kraken Group Puts MongoDB Hijacking Script Up for Sale (Bleeping Computer) Almost nine days after attacks on MongoDB servers have ramped up, the number of ransacked databases has reached 32,380 hosts, and the number of groups involved in these attacks has grown to 21, after initially just one group had been involved

Brother and sister arrested for spying on Italian politicians for years (Help Net Security) Two Italian siblings have been arrested on Monday and stand accused of having spied on Italian politicians, state institutions and law enforcement agencies, businesses and businesspeople, law firms, leaders of Italian masonic lodges, and Vatican officials for years

Operation EyePyramid: Two Siblings Spied on Italy's Elite (Bleeping Computer) Italian authorities have arrested and charged two siblings for carrying out a cyber-espionage campaign against Italy's elite, with targets that varied from famous businessmen to high-ranking politicians, including Matteo Renzi, former Italian prime minister

Amazon scammers hijack seller accounts, lure users with good deals (Help Net Security) Amazon buyers are being targeted by clever scammers that either set up independent seller accounts or hijack those of already established, well-reputed sellers, then offer pricy items at unbeatable prices

Post-Holiday Cybercrime Still a Threat (Credit Union Times) Cybercriminals have not finished collecting their holiday gifts. That warning from Kaspersky Lab follows a 23% increase jump over the previous year in malware encounters by users

Is HPCL's Website Under Cerber Ransomware Attack? (InfoRisk Today) Research firm claims site hijacked, but HPCL Awaits CERT-In Review

Spammers Revive Hancitor Downloader Campaigns (Threatpost) A recent lull in the distribution of spam spreading information-stealing malware via the Hancitor downloader has been snapped

Experts predict more 'bad surprises' from digital hostage-takers (EnergyWire) While Americans fret about Russian hackers exposing private information, seeking to sway elections or even switching off the lights on the electric grid, Marcelo Branquinho warns of a much simpler cyberthreat that may be worming into critical computer systems

In 2016, these are the four ways how bots altered history (Security Affairs) 2016 was the biggest year by far for all sorts of bots. From Chatbots to bad bots, the past year was eventful to say the least

Ponzi Schemes Exposing Nigerians to Cyber-attacks–Deloitte (Leadership) Many Nigerians participating in various Ponzi schemes dotting the web are at great risk of losing valuables in terms of compromised data or money as they are exposed to cyber-attacks, a cyber-expert has warned

The gift that keeps giving away your data (Help Net Security) If you unwrapped a shiny, new connected device this holiday season, it’s likely that you’re in the honeymoon stage, reaping many benefits from your new device. However, this story about a smart toy that is popping up on a variety of news sources makes you think twice about what happens after the initial “oohs” and “ahhs” subside

C-Span Online Broadcast Interrupted by Russian Network (New York Times) At 2:30 p.m. on Thursday, Representative Maxine Waters was on the floor of the House of Representatives, arguing for the importance of the Securities and Exchange Commission

Academia

Tech 100: ‘We need to know how a malicious hacker will break into our network to understand how to defend it’ (Holyrood) Abertay University lecturer Dr Natalie Coull on the need to focus on offensive security within education

Litigation, Investigation, and Enforcement

FBI, Justice Department to be investigated over Clinton probe (CNN) The Justice Department's internal watchdog announced Thursday it has launched a probe into the department and the FBI's handling of the investigation into Hillary Clinton's private email server

Russia ‘also hacked RNC’ – but not Trump’s campaign (Naked Security) As well as the Democratic National Committee (DNC) and emails, Russia also successfully hacked campaigns and emails from the Republican National Committee (RNC) during last year’s presidential election, according to FBI director James Comey, the heads of National Intelligence, the CIA and the NSA

Guccifer 2.0 Speaks: ‘I Have Totally No Relation To the Russian Government’ (Mediaite) U.S. intelligence agencies have made it very clear that they believe Russia tried to influence the election. Heck, even President-elect Donald Trump said he finally agrees with that, even though he disparaged the intelligence community when the initial reports came out

Guccifer 2.0, alleged Russian cyberspy, returns to deride US (CSO) Guccifer 2.0 claimed he was behind the DNC hack back in June

It's the Russians! ...Or is it? Cold War Rhetoric in the Digital Age (Institute for Critical Infrastructure Technology) Malicious actors can easily position their breach to be attributed to Russia. It’s common knowledge among even script kiddies that all one needs to do is compromise a system geolocated in Russia (ideally in a government office) and use it as a beachhead for attack so that indicators of compromise lead back to Russia

‘It’s not how hacking works’: Anonymous activist deconstructs ODNI report on ‘Russia hackers’ (RT) A member of the hacktivist network Anonymous has debunked the assertion that US intelligence report on Russia’s alleged hacking of the DNC proves a particular party’s guilt, explaining that such claims show a lack of understanding of how hackers operate

Trump on Hack: 'I Think It Was Russia' (InfoRisk Today) President-elect discusses Intelligence Community's report at press conference

'Explosive' Report Details Alleged Russia-Trump Team Ties (GovInfo Security) Report claims Kremlin possesses personal, financial 'Kompromat' on Donald Trump

Ex-Spy Who Reportedly Assembled Trump Dossier Appears To Be In Hiding (NPR) In the closing weeks of 2016, an explosive document was floating around in media and security circles. Reporters tried, and failed, to verify the claims it contained — that Donald Trump colluded with Russia, and the Kremlin held lurid blackmail material as leverage over Trump. Reporting on the document, which was first compiled as opposition research, was rare and carefully vague

Biden: Intel officials told us Trump allegations might leak (Military Times) Vice President Joe Biden said Thursday that top intelligence leaders told him and President Barack Obama they felt obligated to inform them about uncorroborated allegations about President-elect Donald Trump out of concern the information would become public and catch them off-guard

Why Are the Trump Allegations Hanging Around When They Haven’t Been Substantiated? (Lawfare) What is one to make of the apparent inability of press and government alike to verify the allegations in the Trump dossier combined with the cache of documents’ apparent staying power?

The CIA is not to be trusted (The Week) One of the more darkly amusing things to watch in modern politics is the rapid see-sawing of public opinion around questions of partisan advantage. Thus as Vladimir Putin was perceived to be a friend to American conservatives, his favorability rating among Republicans improved by some 56 points nearly overnight

Report: Anthem Breach Was Caused by a Foreign Government (eSecurity Planet) CrowdStrike analysts determined the identity of the attacker, and concluded that the attacker was acting on a foreign government's behalf

EPA: Fiat Chrysler Used Emissions-Cheating Software (Wall Street Journal) Auto maker allegedly used software on recent diesel-powered Jeep Grand Cherokee and Ram trucks allowing illegal emissions, EPA says

Insurer hit with fine after unencrypted NAS stolen (Naked Security) Royal & Sun Alliance (RSA) has been handed a big fine by the Information Commissioner (ICO) for losing a networked hard drive full of unencrypted customer data in strange circumstances

Top admin of Tor child porn site gets 20 years in prison (Ars Technica) Playpen users were targeted with FBI hacking techniques

Lawyer sues Chicago police, claims they used stingray on him (Ars Technica) First civil case to allege unconstitutional stingray use by police

Routine Police Smartphone Downloads Raise Privacy and Security Fears (Infosecurity Magazine) Police forces across the UK are using secret data extraction technology to analyze smartphones, but poor training and security practices and an absence of audit trails could be putting user privacy and data security at risk, it has emerged

Design and Innovation

Securing the Connected Car (Infosecurity Magazine) Often dubbed a “data center on wheels,” the connected car is one of the fastest-growing markets in the ecosystem that makes up the Internet of Things (IoT). The convergence of IoT and in-vehicle technologies, like remote diagnostics, on-board GPS, collision avoidance systems and 4G LTE Wi-Fi Hotspots, has paved the road for new and exciting opportunities in this industry

Cheerio, ShadowBrokers. And good night Guccifer 2.0, wherever you are. Cellebrite breached. WhatsApp vulnerability. WordPress patches. Google goes for key transparency. NSA told to share more.