The CyberWire Daily Briefing 1.16.18

Cyber Attacks, Threats, and Vulnerabilities

Kim Digs for Cybercrime Coin Sanctions Can't Snatch (The Cipher Brief) Through direct engagement globally in illicit activity, the regime of Kim Jong Un is seeking to circumvent international sanctions and sustain its continued despotic rule over the people of North Korea.

'Very high level of confidence' Russia used Kaspersky software for devastating NSA leaks (Yahoo! Finance) There is increasing evidence linking Russia to the Shadow Brokers leaks, which is "one of the worst security debacles ever to befall American intelligence."

Russian military was behind ‘NotPetya’ cyberattack in Ukraine, CIA concludes (Washington Post) The hack targeted banks, energy firms, senior government officials and an airport as Ukraine wages war against separatists aligned with the Kremlin.

Russian hackers who compromised DNC are targeting the Senate, company says (Washington Post) The spear-phishing attempts involved websites meant to look like the email system available only to people using the Senate’s internal computer network.

Malicious Chrome Extensions Enable Criminals to Impact over Half a Million Users and Global Businesses (ICEBRG | Streaming Network Forensics™) Most leading web browsers, including Google Chrome, offer users the ability to install extensions. While these web-based applications can enhance the user's overall experience, they also pose a threat to workstation security with the ability to inject and execute arbitrary code.

Unusual Ransomware Strain Encrypts Cloud Email Real-time VIDEO (KnowBe4) OK, here is something unusual and really scary.

IoT malware targeting zero-day vulnerabilities (Help Net Security) Once it became evident that IoT devices can be relatively easily enslaved in botnets and that even their limited power can be used for a variety of nefarious purposes, it was open season for malicious actors.

Hackers Hijack DNS Server of BlackWallet to Steal $400,000 (BleepingComputer) Unknown hackers have hijacked the DNS server for BlackWallet.co, a web-based wallet application for the Stellar Lumen cryptocurrency (XLM), and has stolen over $400,000 from users' accounts.

Cryptocurrency as the lure, an ISO as the attachment – why not open it? (Naked Security) Phishers are using the hot topic of cryptocurrency as a means to an end in cybercrime, not merely as the end itself…

Opinion | Can the Chinese government now get access to your Grindr profile? (Washington Post) The world's leading gay dating app says users shouldn't worry they just got bought by a Chinese firm. Experts aren't so sure.

KillDisk Fake Ransomware Hits Financial Firms in Latin America (KnowBe4) KillDisk Fake Ransomware Hits Financial Firms in Latin America

Phishers target Netflix users, ask for info and photo of their ID (Help Net Security) Should you send Netflix a selfie in which you hold your ID card to get your account reinstated? The answer is an emphatic no, but each one of us knows at least one person who would find the request unremarkable and proceed to do it.

New multi-featured mobile Trojan Loapi discovered (IT News Africa) Kaspersky Lab researchers have identified a new malware with multiple modules, which allows for an almost endless number of malicious features – from crypto currency mining to DDos attacks.

Mirai Okiru: New DDoS botnet targets ARC-based IoT devices (CSO Online) Meet Mirai Okiru and brace for the DDoS botnet targeting 'billions' of ARC-based IoT devices.

More SCADA app vulnerabilities found (Naked Security) A big motivation for pulling software apart to find security flaws is the idealistic hope that developers will get the message and do a better job next time. But what happens if they don’t?

Infected USB sticks handed out at data security event (Taipei Times) The Criminal Investigation Bureau has admitted that it handed out 54 malware-infested thumb drives to the public at a data security expo hosted by the Presidential Office from Dec. 11 to Dec. 15 last year.

OnePlus denies checkout page hack amid credit card fraud reports (HackRead) The Chinese smartphone manufacturer OnePlus has denied that its checkout page was hacked due to Magento bug.

Ransomware Forces Indiana Doctors to Use Pen and Paper (Infosecurity Magazine) Ransomware Forces Indiana Doctors to Use Pen and Paper. Hancock Health back online after network outage

Linux and Windows Servers Targeted with RubyMiner Malware (BleepingComputer) Security researchers have spotted a new strain of malware being deployed online. Named RubyMiner, this malware is a cryptocurrency miner spotted going after outdated web servers.

Microsoft and Amazon Enable Censorship Circumvention Tools in Iran. Why Doesn’t Google? (Motherboard) Google blocks a tool called Google App Engine in Iran, indirectly allowing the Iranian government to block apps that piggyback on it to skirt online censorship.

A London Television Station Has Convinced Iran the Shah Was Great (Foreign Policy) Why are young Iranians demanding the return of the Pahlavi dynasty? Media-savvy exiles in Europe.

Could Canada fall prey to an election cyberattack? (Macleans.ca) Paper ballots help to ward off interference, but other types of meddling can influence how Canadians vote, or even prevent them from getting to the polls

BitTorrent users beware: Flaw lets hackers control your computer (Ars Technica) “Low complexity” hack for Transmission client may work against other clients, too.

Security Patches, Mitigations, and Software Updates

Seagate Quietly Patches Dangerous Bug in NAS Devices (BleepingComputer) Seagate has patched a vulnerability in the firmware of the Seagate Personal Cloud Home Media Storage, a NAS (Network Attached Storage) product.

Lenovo issues patch for backdoored networking switches (Computing) Lenovo blames defunct Nortel for long-standing backdoor in Lenovo network switches

Google fixes vulnerability in Apps Script - but SaaS is still at risk (Security Brief) Security firm Proofpoint recently discovered a vulnerability that allows attackers to take advantage of Google Apps Script.

Mobile devices are even more vulnerable to Meltdown and Spectre than PCs (Computing) Only four per cent of devices have been patched - and many can't be

Meltdown and Spectre: To patch or to concentrate on attack detection? (Help Net Security) While organizations are evaluating which systems to patch and how soon, some security firms are coming up with initial, tentative solutions for detecting Meltdown and Spectre attacks.

Meltdown-Spectre: More businesses warned off patching over stability issues (ZDNet) Industrial companies are being told to avoid some Meltdown and Spectre fixes after reports of problems.

How tech companies worked together to fix Spectre and Meltdown flaws (CRN Australia) Fixing Spectre and Meltdown required 'new computer science'.

The future of computer processing? Slow but safe (the Guardian) The Meltdown and Spectre security flaws exposed the vulnerability of our networked world – and the only feasible fix will be at the expense of processing speed

Update On The Spectre And Meltdown Patches For Power (IT Jungle) When it comes to the Spectre and Meltdown speculative execution security vulnerabilities that hit as the new year was getting going, the important word to ponder is “mitigated.” Everyone is talking about mitigating the issue, but no one is using the word “fixed.” As we discussed last week, one of the two types of Spectre

Meltdown patch made AWS CPUs work 25 per cent harder, claims SolarWinds (Computing) Meltdown patch AWS performance issues chronicled by software vendor SolarWinds.

Spectre drains iPhone 6 performance by 40 per cent in benchmark testing (Computing) Might as well throw that iPhone 6 in the bin now

Microsoft is shutting down its free upgrade from Windows 8.1 to Windows 10 January 16 (PCWorld) Microsoft phased out support for Windows 8.1 last week, making the upgrade to Windows 10 a more urgent choice. The last remaining free upgrade path, the so-called assistive technology loophole, is closing soon.

Cyber Trends

Supply chain cybersecurity threats may rise in 2018, warns Booz Allen (Supply Chain Quarterly) Companies could see an increase in cyber threats such as the NotPetya attack, which shut down container shipping giant Maersk.

Small businesses still aren’t acting on cybersecurity and most aren’t ready for an attack (CSO) With surveys showing small business is overwhelmingly complacent on cybersecurity, top-level guidance yet again tries to change their habits

Marketplace

Firms buy insurance 'in mad panic' as cyber-attacks soar (BBC News) Cyber insurance is growing fast as businesses lose billions to hackers.

The American Dreams of China's Biggest Smartphone Brand Are Basically Dead (Gizmodo) Lawmakers are determined to bury any dreams that Chinese electronics manufacturer Huawei has ever had of gaining traction in the US.

Bitcoin, Ethereum and almost every other cryptocurrency is plunging (TechCrunch) Look away now if you own bitcoin or other cryptocurrencies. This won't be breaking news to you if you are invested, but today has seen the entire crypto..

FireEye Buys X15 Software For $20M To Better Monitor, Analyze Machine-Generated Security Data (CRN) FireEye says X15 Software's open platform can easily incorporate new security technologies and big data sources to adapt to the evolving threat environment.

Arxan Vs. Invisible Hacks Of Invisible Payments (PYMNTS.com) Invisible payments are convenient…until they’re not. From paying for groceries through Apple Pay to paying for a ride on Lyft, many popular services today require nothing but a phone – no need to pull out a credit card or sign a receipt. It’s almost like not spending money at all. Yet just because these payments […]

Cyber-security firm plans expansion after opening €1.5m Cork centre (Irish Examiner) A leading cyber-security firm has unveiled ambitious expansion plans after opening a new €1.5m hi-tech security operations centre in Cork.

The state of Israel’s cybersecurity market (TechCrunch) The Equifax breach, WannaCry, NotPetya, the NSA leak, and many more cyber incidents - 2017 was certainly a busy year for hackers, illustrating yet again just..

Former Deloitte Cybersecurity Practice Leader Joins iComplyICO (Digital Journal) iComplyICO brings legitimacy to ICOs says Tejinder Basi, also Co-Founder and Director of the Blockchain Ecosystem Society of BC

Meet the new CEO of one of Tampa’s biggest cybersecurity firms (Tampa Bay Business Journal) He is focusing on expanded cyber training.

Products, Services, and Solutions

ThousandEyes, Juniper partner to bring visibility to hybrid WANs (RCR Wireless News) ThousandEyes and Juniper are teaming up on a joint solution made to provide visibility and insight for hybrid WANs using...

Ubuntu Core: A secure open source OS for IoT (IoT Agenda) The open source Ubuntu Core OS for IoT is being touted as developer-friendly, secure and scalable by analysts and users.

Technologies, Techniques, and Standards

Shake-Up at Pentagon Intelligence Agency Sparks Concern (Foreign Policy) The director of the agency responsible for analyzing satellite imagery says he wants to modernize the work. Some employees fear they’re being replaced by artificial…

Big Brother is Watching, But That's OK Within Limits (Security Week) How can a company protect its information and operations without running askew of data privacy laws and the concerns of its customers?

Risky Business (Part 2): Why You Need a Risk Treatment Plan (Security Week) Performing a risk analysis and taking due care are no longer optional

Trust is not a strategy for cybersecurity (Plant Services) Let’s talk seriously about industrial cybersecurity: What you don’t know can hurt you.

Design and Innovation

Bitcoin conference won’t let you pay with Bitcoin (Naked Security) The transaction fees, which have risen from pennies to tens of dollars, plus network congestion are causing some merchants to block bitcoin.

Reading robots beat humans in Stanford test (CNNMoney) Artificial intelligence programs built by Alibaba and Microsoft just bested humans in a Stanford University reading comprehension test.

Research and Development

UCL researchers develop method for securing communications between quantum computers (Computing) Scientists claim that technique could make quantum communications unhackable

2018 Levchin Prize recipients announced (Financial News) Internet entrepreneur Max Levchin´s annual prize, the Levchin Prize for Real-World Cryptography honors significant contributions by entrepreneurs dedicated to solving global, real-world cryptography issues, the company said.

Academia

PM launches 2nd edition of much-awaited Malaysia Cyber Games (Yahoo! News) The government will continue to champion the development of e-sports in the country, Prime Minister Datuk Seri Najib Razak assured the nation’s youth after launching the second edition of the Malaysia Cyber Games at the Putra World Trade Centre (PWTC) here on Sunday. Najib said that to

What the hack? Hack Arizona brings out UA students, Tucson tech industry (The Daily Wildcat) From last Friday through Sunday, the Science and Engineering Library at the University of Arizona became a place to spend the night, not only for students studying or doing homework, but for a weekend-long event known as Hack Arizona. 

Cyber hackers target the physical world (Idaho State Journal) Let’s face it. It seems like our cybersecurity is lackluster at best.

Protecting your online information: LLCC offers new cybersecurity program and public workshops (The State Journal) Thirty years ago, we thought of security as locking the doors to our house or car. Businesses would put up a fence around their property or install an

Legislation, Policy and Regulation

Who's On The List? Russia's Elite Nervous About New U.S. Sanctions (RadioFreeEurope/RadioLiberty) As the United States prepares to widen the scope of punitive sanctions against Russia, expectations that smaller-fish Kremlin insiders and business leaders will be targeted are causing anxiety in Moscow.

France Might Vet Acquisitions of AI, Data Protection Firms (Dark Reading) Finance minister says country may add artificial intelligence and data security to list of nation's strategically important, regulated sectors

One-stop shop to report cyber crimes in the offing (The New Indian Express) The modalities for these initiatives are being worked out in the newly set Cyber and Information Security Division within the home ministry.

Brazil Bans Funds of Negotiating in CryptoCurrencies (The Rio Times) Brazilian officials believe the virtual currencies are too risky, but investors' interest continue to surge.

New bill bans US government agencies using contractors with Huawei or ZTE tech (TechCrunch) There's more misery ahead for Huawei, which just saw AT&T pull out of a deal to carry its first smartphone, and fellow Chinese tech firm ZTE. The duo..

House votes for six more years of warrantless surveillance (Naked Security) If you’re a member of the US “intelligence community” Thursday was a great day for homeland security. Less so if you’re a privacy advocate.

Vote to restrict government spying authority shows changing politics of national security (MinnPost) While the House ultimately renewed intelligence agencies’ warrantless wiretapping authorization, support was much less broad than when the program was introduced in 2008.

Feds may have to explain knowledge of security holes – if draft law comes into play (Register) House reps approve bill requiring vuln disclosure reports

A Step in the Right Direction: House Passes the Cyber Vulnerability Disclosure Reporting Act (Electronic Frontier Foundation) The House of Representatives passed the “Cyber Vulnerability Disclosure Reporting Act” this week. While the bill is quite limited in scope, EFF applauds its goals and supports its passage in the Senate. H.R. 3202 is a short and simple bill, sponsored by Rep. Sheila Jackson Lee (D-TX), that would...

The 'Doublespeak' of Responsible Encryption (WIRED) It's a new name for an old argument: that public agencies fighting crime and terrorism must have access to our private communications—for our own good.

Litigation, Investigation, and Enforcement

Serial SWATter Tyler “SWAuTistic” Barriss Charged with Involuntary Manslaughter (KrebsOnSecurity) Tyler Raj Barriss, a 25-year-old serial “swatter” whose phony emergency call to Kansas police last month triggered a fatal shooting, has been charged with involuntary manslaughter and faces up to eleven years in prison.

NIS special activity funds investigation expands to former president Lee (Hankyoreh) Prosecutors conducted a surprise raid on former Blue House officials

Ex-President Lee at center of multiple probes (Korea Herald) Former President Lee Myung-bak is involved in several ongoing investigations by the prosecution, but it remains to be seen whether prosecutors will be able to hold Lee accountable as they get to the bottom of a bribery scandal and alleged political maneuvers by the state spy agency and the Defense Ministry during his presidency, as well as a slush fund case.

Canadian Police Charge Man Behind LeakedSource Portal (BleepingComputer) The Royal Canadian Mounted Police (RCMP) announced today they've charged a 27-year-old man named Jordan Evan Bloom for running LeakedSource.com, a website that compiled public data breaches, including cleartext passwords, and sold access to this information for a few dollars.

The Canadian Who Allegedly Spammed Twitch Into Oblivion Got a Criminal Charge (Motherboard) Brandan Lukus Apple has a Supreme Court order against him.

Canadian Police Charge Operator of Hacked Password Service Leakedsource.com (KrebsOnSecurity) Canadian authorities have arrested and charged a 27-year-old Ontario man for allegedly selling billions of stolen passwords online through the now-defunct service Leakedsource.com.

It took a contractor 11 days to tell Parliament House it had lost a security manual (Canberra Times) It took BAE Systems almost a year from the loss of a security manual to update its reporting responsibilities.

How ex-congresswoman helped squelch reports of secret government surveillance (San Francisco Chronicle) When two New York Times reporters learned in 2004 that the George W. Bush administration was secretly wiretapping Americans, and collecting their phone and email records, the reporters’ attempt to publish their findings were thwarted by the administration’s intense and successful lobbying of their editors.

U.S. Needs New Approach to Commercial Counterintelligence (Inside Counsel | Corporate Counsel) The U.S. is in the crosshairs of foreign competitors and intelligence services seeking to obtain valuable knowledge and other intellectual property…

Inside Uber’s $100,000 Payment to a Hacker, and the Fallout (New York Times) How Uber grappled with a 2016 hack is under scrutiny and has cast a chill over how other companies deal with security threats.

How U.S. Agents Can Change Their Story in Court, Legally (The Cipher Brief) What is parallel construction? How an individual can go to prison as a result of evidence the U.S. government has deliberately kept hidden.

Enigma Software Group Presses New French Lawsuit Claims Against Malwarebytes (PRNewswire) Enigma Software Group initiates French lawsuit against Malwarebytes for unlawful predatory business tactics.

Uber’s Secret Tool for Keeping the Cops in the Dark (Bloomberg.com) At least two dozen times, the San Francisco headquarters locked down equipment in foreign offices to shield files from police raids.

Data from an iPhone's Health App was used to convict a Criminal of Rape and Murder in Germany (Patently Apple) In new report out of London states that health data has provided crucial evidence at a trial in Germany, in which a refugee is accused of rape and murder. Apple's Health App accurately records steps and has been pre-installed on the iPhone 6S and newer models. Data suggesting the suspect ...

Meet Antifa's Secret Weapon Against Far-Right Extremists (WIRED) Megan Squire is an intelligence operative of sorts, passing along information to those who might put it to real-world use—who might weaponize it.

Inside Cloudflare's Decision to Let an Extremist Stronghold Burn (WIRED) The story of how an internet infrastructure company get locked into a free-speech dispute starts in the cubicles of SoMa and the brothels of Istanbul.

Silicon Valley Will Pay the Price for Its Lefty Leanings (Bloomberg) A lawsuit alleges that Google discriminated against conservatives. It won't end well for Google.

Google needs a new CEO, but dumping Sundar Pichai is not enough (USA TODAY) When a gigantic corporation that controls our data and knows us intimately takes a controversial political stance, it ought to make us worry.

Anthony Levandowski Faces New Claims of Stealing Trade Secrets (WIRED) A lawsuit from a former nanny alleges that the controversial ex-Uber engineer is buying technical secrets about Tesla and selling chips overseas.

Bitcoin: regulation, theft, and speculation. CIA agrees NotPetya was Russian work. Break in Shadow Brokers case?