The CyberWire Daily Briefing 6.19.18

Summary

By The CyberWire Staff

Olympic Destroyer, the threat group responsible for disruption of digital aspects of this past winter's Pyeongchang Olympic games, is apparently back. Kaspersky Lab is tracking activity that looks very much like Olympic Destroyer's against organizations associated with chemical and biological weapons control. Targets in Germany, France, Switzerland, Russia, and Ukraine are said to have been spearphished. The evidence for Olympic Destroyer's renewed activity lies principally in the obfuscation and spearphishing macros the recent attacks have employed. Kaspersky as usual offers no attribution, but US officials concluded in February that Olympic Destroyer was a Russian operation cloaked by false flags. Russia has objected to investigations linking it to chemical attacks in Salisbury and Syria, and this resentment is thought to provide a motive.

The US has charged Joshua Schulte with "unauthorized disclosure of classified information and other offenses relating to the theft of classified material" from the CIA. Schulte is alleged to be the source of WikiLeaks' Vault7. The defendant's careless search for, and online communications about, illicit pornography are thought to have constituted the opsec mistakes that led Federal agents to him.

Experts speculate that Liberty Life may have been the victim of a malicious insider in the data loss it disclosed over the weekend.

Another malicious insider may be behind "sabotage," including deliberately bad coding and data theft, at Tesla (or so Elon Musk believes).

The US Senate voted yesterday to revoke the lifeline the Administration had extended to ZTE. Huawei appears to be in Congressional crosshairs as well.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Canada, China, Czech Republic, Hungary, Democratic Peoples Republic of Korea, NATO/OTAN, Poland, Romania, Russia, Singapore, Slovakia, South Africa, and United States.

How sharp is your incident response to cyber threats? Learn more in LookingGlass’ webinar!

Enabling your team with high-quality threat intelligence is imperative to stopping cyber attacks BEFORE they breach your network. But what distinguishes high-quality, actionable threat intelligence from low-quality "noise"? How are cutting edge CISOs and IT security teams applying threat intelligence to incident response? Find out in LookingGlass’ webinar with Security Ledger. Tuesday, June 26 @ 2pm ET. Sign up now!

On the Podcast

In today's podcast, we hear from our partners at Webroot, as David Dufour offers insights into the impact Webroot is seeing from GDPR. Our guest is Lenny Zeltser from Minerva Labs, discussing his IT and security "cheat sheets."

Sponsored Events

The Cyber Security Summit: DC Metro on June 28 and Seattle on July 19 (Washington, DC, United States, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95 VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Hackers who sabotaged the Olympic games return for more mischief (Ars Technica) Olympic Destroyer gang may be planning new destructive hacks, researchers say.

The Olympic Destroyer Hackers May Be Targeting Biochem Threat Prevention Now (WIRED) A recent spate of attacks against biological and chemical threat protection agencies bears the hallmarks of the group hacker group behind Olympic Destroyer.

Liberty: Cyber security expert says "an inside job" lead to huge data breach (The South African) Liberty, one of South Africa's biggest insurers, has suffered a massive data breach at the hands of a hacking team.

Tesla saboteur caused extensive damage and leaked highly sensitive... (HOTforSecurity) Tesla CEO Elon Musk believes that the company is the victim of deliberate sabotage perpetrated by an employee. According to CNBC, the high profile executive sent an email to Tesla employees this weekend alleging that there was a saboteur in the company's ranks who... #dataleak #insiderthreat #tesla

Musk alleges Tesla Model 3 production has been sabotaged, according to CNBC (Ars Technica) A disgruntled employee is alleged to have sabotaged the company's systems.

Elon Musk sends company email about 'extensive and damaging sabotage' by employee (CNBC) Tesla CEO Elon Musk sent an e-mail to all employees late on Sunday night alleging a saboteur within the company's ranks had tweaked code on internal products and sent company data out without authorization.

Details emerge of Russian cyber attacks on Singapore Summit (Information Age) F5 Networks witnessed a wave of Russian cyber attacks coinciding with the Singapore Summit and historic Trump-Kim meeting last week

HeroRat: The new kid on the block of Android RATs (WeLiveSecurity) ESET researchers have discovered a new type of Android RAT called HeroRat, that is abusing the Telegram protocol for command and control, and data exfiltration.

75% of Malware Uploaded on “No-Distribute” Scanners Is Unknown to Researchers (BleepingComputer) Three-quarters of malware samples uploaded to "no-distribute scanners" are never shared on "multiscanners" like VirusTotal, and hence, they remain unknown to security firms and researchers for longer periods of time.

Zacinlo malware spams Windows 10 PCs with ads and takes screenshots (HackRead) The malware is equipped with several capabilities including adware, grabbing screenshots and spy on victim's online activities.

Six Years and Counting: Inside the Complex Zacinlo Ad Fraud Operation (Bitdefender Labs) For more than a decade, adware has helped software creators earn money while bringing free applications to the masses. Headliner games and applications have become widely available to computer and mobile users the world over, with no financial strings attached... #advancedmalware #adware #rootkit

Cyber-Criminals Are On The Offensive During the World Cup: Wallchart Phishing Campaign Exploits Soccer Fans (Check Point Blog) Keeping track of the World Cup can get overwhelming. Cyber criminals are keenly aware of this pain point, seeking to use the buzz around the World Cup as cover for their sneaky attacks. Check Point researchers have identified a phishing campaign targeting soccer fans, using the email subject line of ““World_Cup_2018_Schedule_and_Scoresheet_V1.86_CB-DL-Manager.” This type…

13 Ways Cyber Criminals Spread Malware (HackRead) Here are 13 techniques used by cybercriminals for spreading malware - If you use the Internet you can be a victim any time so watch out.

Reminder: macOS still leaks secrets stored on encrypted drives (Ars Technica) Thumbnails from encrypted drives live on long after the drives are disconnected.

Multiple Zero-Day Bugs Found In 390 Axis Camera Models (Tom's Hardware) IoT security firm VDOO found multiple security flaws in the surveillance cameras from several vendors. The company disclosed that 390 camera models from Axis Communications were affected by multiple zero-day bugs.

Chicago Public Schools mistakenly emails private data of thousands of students, including names, phone numbers (Chicago Tribune) More than 3,700 families were affected by the data breach, which included names, email addresses, phone numbers and student ID numbers.

Ontario home care service provider victim of cyber attack (Global News) CarePartners said in a statement on Monday the attack breached its computer system and, as a result, both patient and employee information was inappropriately accessed.

Faked Video Will Complicate Justice by Twitter Mob (WIRED) Opinion: Videos provide transformative new avenues for justice, often summoning well-deserved Twitter mobs. Deep fakes could change all that.

Security Patches, Mitigations, and Software Updates

Google to Fix Location Data Leak in Google Home, Chromecast (KrebsOnSecurtiy) Google in the coming weeks is expected to fix a location privacy leak in two of its most popular consumer products. New research shows that Web sites can run a simple script in the background that collects precise location data on people who have a Google Home or Chromecast device installed anywhere on their local network.

Firefox fixes critical buffer overflow (Naked Security) Version 60.0.2 of the resurgent Firefox browser fixes a critical security flaw in its SVG rendering code.

“Unbreakable” Smart Lock Tapplock Issues Critical Security Patch (Threatpost) Researchers were able to discover a way to hack the device in less than an hour.

Cyber Trends

Cyber Threat Report CEE 2018 (CYBERSEC HUB) Do you know that only 35% of CEE companies have a cybersecurity strategy for customer data protection?

MPs: CNI Attacks Are Biggest Cyber-Threat. (Infosecurity Magazine) NCC Group poll seems to show growing awareness of cybersecurity

Marketplace

Huawei to Australia: We're not a security risk for 5G (CNNMoney) Huawei, one of China's top tech companies, is fighting back after reports say it may be banned from participating in Australia's 5G network.

Veriff raises $7.7M Series A to become the ‘Stripe for identity’ (TechCrunch) Veriff, the Estonian startup that wants to become something akin to the ‘Stripe for identity’, has raised $7.7 million in Series A funding. Leading the round is Mosaic Ventures, joining an impressive list of backers that include Taavet Hinrikus, Ashton Kutcher, Paul Buchheit, Elad Gil, …

Booz Allen Hamilton opens cybersecurity innovation hub in Annapolis Junction (Baltimore Sun) Booz Allen Hamilton to open its sixth innovation hub in Annapolis Junction to encourage collaboration among cyber security experts.

Booz Allen Invests in Cyber Talent and Growth with New Central Maryland Innovation Hub (BusinessWire) Newest iHub joins network of collaborative spaces across the country designed to accelerate ideation, learning and entrepreneurship

Products, Services, and Solutions

U.S. Department of Defense Information Network (DoDIN) Supports Digital Resilience by Adding RedSeal Platform to its Approved Products List (APL) (GlobeNewswire News Room) Thorough testing from Joint Interoperability Test Command (JTIC) and DoD Interoperability (IO) certifies RedSeal is secure, trusted and approved to model and monitor U.S. Army, Navy, Air Force, Marine Corps and DISA networks

ST Engineering and SafeRide Technologies Announce Strategic Partnership to Protect Connected and Autonomous Vehicles from Cyberattack (PR Newswire) T Engineering, a global technology, defense and...

NY Department of Financial Services Grants Cryptocurrency License to Square (New York Law Journal) The state’s top financial regulator said that the company founded by Twitter Inc. CEO Jack Dorsey had obtained the license giving New York residents the ability to buy and sell bitcoin through its Cash App.

Technologies, Techniques, and Standards

Early detection of compromised credentials can greatly reduce impact of attacks (Help Net Security) Increases in cybercriminal success rates suggest that the credential theft industry is growing in the European region both in innovation and scope.

Cyber X-Games 2018 focuses on critical infrastructure (DVIDS) Cyber X-Games 2018 brought 72 participants from various U. S. Army Reserve cyber and network defense units, Air Force cyber and network operations centers (squadrons), ROTC Cadets and civilian network and cyber professionals from government contractor entities June 9-18 to the University of Texas at San Antonio (UTSA).

Research and Development

Carbon Nanotube Optics Poised to Provide Pathway to Optical-Based Quantum Cryptography and Quantum C (EurekAlert!) Depiction of a carbon nanotube defect site generated by functionalization of a nanotube with a simple organic molecule. Altering the electronic structure at the defect enables room-temperature single photon emission at telecom wavelengths.

‘Gaming disorder’ is officially recognized by the World Health Organization (TechCrunch) Honestly, “gaming disorder” sounds like a phrase tossed around by irritated parents and significant others. After much back and forth, however, the term was just granted validity, as the World Health Organization opted to include it in the latest edition of its Internal Classification of Diseases. …

Legislation, Policy and Regulation

NATO cyber team to add another teammate (Fifth Domain) Romania will join the NATO’s cyber training and research center next year, according to the country’s prime minister.

U.S. lawmakers warn Canada about Chinese telecom giant Huawei (The Globe and Mail) Senior members of U.S. intelligence committees say Huawei is a national-security threat to a network of Canada’s allies

China's Huawei rebuts Australian security concerns (Reuters) Chinese telecoms equipment maker Huawei Technologies has refuted Australian claims it poses a security risk, calling the criticism "ill-informed" in an open letter that threatens to inflame already heightened Sino-Canberra tensions. Thuy...

Senate Rebukes Trump With Vote to Reinstate ZTE Sales Ban (Wall Street Journal) The measure was wrapped in a larger, must-pass defense bill, which will need to be reconciled with House version

Republicans and Democrats can unite—against helping this one Chinese company (Quartz) A bipartisan majority in the Senate voted for revoking a lifeline to tech giant ZTE.

Trump's ZTE deal in doubt as US Senate votes to reject the compromise (Computing) Trump vows to oppose amendment to National Defense Authorization Act that would block ZTE deal

Analysis | The Cybersecurity 202: Senate defense bill pushes Trump to get tougher on Russian hacking (Washington Post) But it may have little impact on Trump's policy.

America has reason to remember its consumer protection tradition when it comes to privacy (TheHill) The United States has a long history of consumer protection and product safety, led by government, nonprofit organizations, businesses and individuals.

Litigation, Investigation, and Enforcement

Ex-CIA employee charged in major leak of agency hacking tools (Washington Post) Joshua Adam Schulte was charged under the Espionage Act in connection with the leak of tools that were posted online by WikiLeaks.

Ex-CIA engineer charged with massive leak to WikiLeaks (POLITICO) Schulte the fourth person to face charges related to classified leaks since Trump took office<b>.</b>

Joshua Adam Schulte Charged with the Unauthorized Disclosure of Classified Information and Other Offenses Relating to the Theft of Classified Material from the Central Intelligence Agency (US Department of Justice) John C. Demers, Assistant Attorney General for National Security, Geoffrey S. Berman, United States Attorney for the Southern District of New York, and William F. Sweeney Jr., Assistant Director-in-Charge of the New York Field Office of the Federal Bureau of Investigation (“FBI”), announced today that Joshua Adam Schulte was charged in a 13-count Superseding Indictment (the “Indictment”) in connection with his alleged theft of classified national defense information from the Central Intelligence Agency (“CIA”) and the transmission of that material to an organization that purports to publicly disseminate classified, sensitive, and confidential information (“Organization-1”). The Indictment also charges Schulte with the receipt, possession, and transportation of child pornography, as well as criminal copyright infringement. Schulte, who is presently detained on the child pornography charges, will be arraigned by U.S. District Judge Paul A. Crotty.

Man who allegedly gave Vault 7 cache to WikiLeaks busted by poor opsec (Ars Technica) FBI used passwords used on suspect's cellphone to also get into his computer.

House lawmakers to press Justice Dept. inspector general on Clinton probe report (Washington Post) Michael Horowitz speaks to Congress in a second hearing about politicization at the FBI.

Comey refuses to testify to Congress, Grassley says McCabe pleads Fifth Amendment (The Washington Times) Fired FBI Director James Comey refused to appear before Congress on Monday to talk about his handling of the Clinton email investigation, and his fired deputy, Andrew McCabe, asserted his Fifth Amendment rights against self-incrimination.

Opinion | Yet another Russia contact with the Trump campaign team. What are they hiding? (Washington Post) Roger Stone and Michael Caputo said they never had contact with Russians. But they had.

The Man Who Saw the Dangers of Cambridge Analytica Years Ago (WIRED) Researchers at the Psychometrics Centre knew better than most how Facebook data can be manipulated, but investigations and suspensions have halted their work.

S.Africa's Information Regulator seeks meeting with Liberty over... (Reuters) South Africa's Information Regulator said on Monday it was concerned over reports of a data breach at Liberty Holdings and had requested an urgent meeting with the insurer's CEO to get more details on the cyber attack.

Audi CEO connected to diesel scandal arrested in Germany after phone taps (Ars Technica) The arrest comes a week after Rupert Stadler's home was raided.

OPM breach fraud (Help Net Security) The data breach suffered by the Office of Personnel Management (OPM) is, by now, very old news, but some of the people involved and affected are still feeling the repercussions.

Woman Guilty of Fraud Using Stolen Info from OPM Data Breach (US Department of Justice) A Maryland woman pleaded guilty today to participating in a scheme to use the stolen identification information of victims of the U.S. Office of Personnel Management (OPM) data breach to obtain fraudulent personal and vehicle loans through Langley Federal Credit Union (LFCU).

Mass. Man Pleads Guilty in ATM Jackpotting Operation (Dark Reading) Citizens Bank ATM and others targeted in the scheme.

7 Time 'Jeopardy!' Winner Pleads Guilty to Hacking Into the Email of Students and Faculty (Motherboard) I’ll take “unauthorized access to a computer system” for $500, Alex.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

The Air Force Information Technology & Cyberpower Conference (Montgomery, Alabama, USA, August 27 - 29, 2018) As the premiere Air Force cyber security annual event, the Air Force Information Technology & Cyberpower Conference (AFITC) returns to Montgomery, Alabama in August of 2018. As a critical intersection of Air Force IT experts, prominent IT academics, and some of America’s top cyber security companies, the AFITC offers a full of slate events and activities, with 3 days of speakers, expanded education/training opportunities, and an exhibitor-driven trade show that all revolves around the ways we can better defend America from cyber-attacks, advanced persistent threats, and proactively lead in this in this increasingly digital world.

upcoming Events

Norwich University Cyber Security Summit (Northfield, Vermont, USA, June 18 - 20, 2018) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the second annual Cyber Security Summit in June 2018. The summit, presented in a continuing education format, welcomes Norwich alumni and others interested in exploring and discussing the latest in cyber security policy from both the federal level and the practical application of that policy on a local or business level.

Insider Threat Program Management With Legal Guidance Training Course (Tyson's Corner, Virginia, USA, June 19 - 20, 2018) This training will provide the ITP Manager, Facility Security Officer, and others (CIO, CISO, Human Resources, IT, Etc.) supporting an ITP, with the knowledge and resources to develop, manage, or enhance an ITP. A licensed attorney with extensive experience in Insider Threats and Employment Law, will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

GovSummit (Washington, DC, USA, June 27 - 28, 2018) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information sharing and education on security topics affecting federal, state and even local agencies.

The Cyber Security Summit: DC Metro (Tysons Corner, Virginia, USA, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.

Impact Optimize2018 (Rosemont, Illinois, USA, June 28, 2018) Impact Optimize2018, the first-ever IT and Business Security Summit hosted by Impact, will provide attendees with actionable steps that enable the betterment of information, network and cybersecurity. All of the information presented will be designed to facilitate growth and eliminate risk for organizations of all sizes and across all vertical markets, with security as the firm foundation of every solution. The event will include presentations by subject matter experts, breakout sessions among business leaders and live demonstrations of enterprise security and business software.

Nuclear Asset Information Monitoring and Maintenance (Warrington, England, UK, July 3 - 4, 2018) On July 3rd and 4th in Warrington United Kingdom, nuclear industry leaders will meet for the IoE Events Nuclear Asset Information, Monitoring and Maintenance conference to further develop the sector’s strategic ability to leverage the appropriate people, processes and technology to achieve organisational goals through an enterprise wide integrated asset information strategy.

Cyber Security Summit 2018 (Newport, Rhode Island, USA, July 18 - 20, 2018) Join us for Opal Group’s Cyber Security Summit – set in Newport, RI, this premier event will gather C-Level & Senior Executives responsible for defending their companies’ critical infrastructures together with technology providers & distinguished information security experts. Learn from acclaimed security professionals on how to protect your business from cyber attacks during interactive Panels & Keynote presentations. Convene with fellow influential business leaders, C-Suite executives, investors & entrepreneurs over 3 days of sailing, sessions, and networking opportunities.

The Cyber Security Summit: Seattle (Seattle, Washington, USA, July 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Health Cybersecurity Summit 2018 (Santa Clara, California, USA, July 20, 2018) Worried about being hacked? Not sure how to respond to a cyber incursion? The first line of defense is a cyber threat preparedness strategy that includes coordination with critical infrastructure and emergency management agencies. Join executives, security professionals and elected officials for the Silicon Valley Leadership Group's Health Cybersecurity Summit on Friday, July 20, at Citrix Headquarters in Silicon Valley. Engage in a real-time cyber threat and response simulation, hone your digital defense skills, and learn about the unique security concerns faced by the healthcare industry and related infrastructure providers.

Global Cyber Security Summit (Kathmandu, Nepal, July 27 - 28, 2018) Information Security Response Team Nepal (NPCERT) is all set to host a Global Cyber Security Summit (GCSS) on July 27 with the theme “Building Global Alliance for Cyber Resilience”. The two-day event aims to provide a creative and productive platform for professionals in the field of cyber security.

SINET61 2018 (Melbourne, Victoria, Australia, July 31 - August 1, 2018) Promoting cybersecurity on a global scale. SINET – Melbourne provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to Cybersecurity challenges.

Community College Cyber Summit (3CS) (Gresham, Oregon, USA, August 2 - 4, 2018) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Who should attend 3CS? College faculty and administrators, IT faculty who are involved or who would like to become involved in cybersecurity education, non-IT faculty in critical infrastructure fields who are interested in incorporating cybersecurity topics into their curricula, decision makers in positions that influence cybersecurity education programs, community college students interested in learning about security or expanding their current knowledge, and students attending the 3CS Pre-Summit Job Fair and National Cyber League (NCL) on Thursday, August 2nd.

2018 Community College Cyber Summit (3CS) (Gresham and Portland, Oregon, USA, August 2 - 4, 2018) 3CS is organized and produced by the National CyberWatch Center, National Resource Center for Systems Security and Information Assurance (CSSIA), CyberWatch West (CWW), and Broadening Advanced Technological Education Connections (BATEC), which are all funded by the National Science Foundation (NSF). The outcomes of 3CS leverage community college cybersecurity programs across the nation by introducing the latest technologies, best practices, curricula, products, and more.

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included, among others, the CEO of GM Mary Barra and the U.S. Secretary of Transportation Anthony Foxx, resulting in media coverage from The New York Times and The Wall Street Journal and attracting 500 attendees. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Olympic Destroyer may be back. Charges in Vault7 leaks. Malicious insiders? ZTE, Huawei remain under suspicion.