The CyberWire Daily Briefing 6.22.18

Summary

By The CyberWire Staff

Chinese espionage against US targets increases as trade tensions between the two countries rise.

The US State of Oregon became aware Monday that an email account using its Oregon.gov domain had been compromised and used in a massive phishing campaign. The direct damage phishing does to those who fail to recognize and spit the hook is well-known, but those whose accounts or domains are hijacked also suffer. Oregon is still struggling to get its domain removed from the many blacklists to which it was added after the phishing campaign.

"Leaked images of YouTube star" is serving as surprisingly compelling phishbait. It's especially prevalent in South Korea, but users everywhere should avoid this come-on.

US officials experience two minor Sputnik-moments. Speaking at the Capitol Hill National Security Forum, NSA Deputy Director George Barnes says the US isn't good at playing "a long game," unlike adversaries like China. Richard Cardillo, Director of the National Geospatial Agency, substantially agreed, citing quantum computing and cybersecurity as two areas in which US innovation may come too late.

General Paul Selva, Vice Chairman of the Joint Chiefs, told the Center for a New American Security that American complacency about encryption and precision timing have enabled peer adversaries to steal a march in electronic warfare.

NSA and Air Force alumna Reality Winner has agreed to a plea deal over charges related to provision of highly classified documents to the Intercept.

A former Israeli Knesset member and Energy Minister has been arrested on suspicion of spying for Iran.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting China, European Union, Iran, Israel, Russia, United Kingdom, and United States.

How sharp is your incident response to cyber threats? Learn more in LookingGlass’ webinar!

Enabling your team with high-quality threat intelligence is imperative to stopping cyber attacks BEFORE they breach your network. But what distinguishes high-quality, actionable threat intelligence from low-quality "noise"? How are cutting edge CISOs and IT security teams applying threat intelligence to incident response? Find out in LookingGlass’ webinar with Security Ledger. Tuesday, June 26 @ 2pm ET. Sign up now!

On the Podcast

In today's podcast, we hear from our partners at the SANS Institute, as Johannes Ullrich (who also regularly hosts the ISC Internet StormCast podcast) discusses evasive cryptocoin miners. Our guest is Taavi Kotka, former CIO of the Estonian government, discussing that nation’s innovative digital identity system.

And Hacking Humans is up, too. This week we discuss the Ben Franklin effect, how job applicants find themselves tricked into money laundering, and a listener's tale of being fooled by an appeal to greed. Our guest is Stacey Cameron from DirectDefense who discusses her physical penetration testing work.

Sponsored Events

The Cyber Security Summit: DC Metro on June 28 and Seattle on July 19 (Washington, DC, United States, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95 VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

China Escalates Hacks Against the US as Trade Tensions Rise (WIRED) A hacking truce between China and the US doesn't address government espionage operations, a workaround both countries exploit.

GZipDe: An Encrypted Downloader Serving Metasploit (AlienVault) At the end of May a Middle Eastern news network published an article about the next Shanghai Cooperation Organization Summit. A week ago, AlienVault Labs detected a new malicious document targeting the area. It uses a piece of text taken from the report as a decoy:This is the first step of a multistage infection in which several servers and artifacts are involved. Although the final goal seems to be the installation of a Metasploit backdoor, we found an interesting .NET downloader which uses

XPS Attachment Used for Phishing (SANS Internet Storm Center) While Phishing is never a good thing, it is interesting to see something different than your normal phishing attempt.

Malicious code disguised as YouTube star’s photos (Korea Herald) Internet users have been warned not to click on links with titillating titles such as “leaked images of a YouTube star,” as their computers could become infected with malicious code.

Necurs Poses a New Challenge Using Internet Query File (TrendLabs Security Intelligence Blog) Our last report on the Necurs botnet malware covered its use of an internet shortcut or .URL file to avoid detection, but its authors seem to be updating it again. Current findings prove that its developers are actively devising new means to stay ahead of the security measures...

Office 365 users targeted by phishers employing simple HTML tricks (Help Net Security) Phishers are using a simple but effective trick to fool Microsoft's NLP-based anti-phishing protections and Office 365 users into entering their login credentials into spoofed login pages.

Microsoft Office: The Go-To Platform for Zero-Day Exploits (Dark Reading) Malicious Office documents are the weapon of choice among cybercriminals, who use files to access remotely hosted malicious components.

Oregon.Gov Email Domain Remains Blacklisted (Infosecurity Magazine) A successful phishing campaign leaves oregon.gov email on many blacklists.

Banking Trojans and cryptojacking on the rise (Help Net Security) The Morphisec Labs Threat Report q1 2018 shows banking Trojans and cryptojacking are on the rise, at least one fileless technique identified in each threat.

Why cybercriminals are turning to cryptojacking for easy money (Help Net Security) Despite still being generally regarded as a somewhat minor threat, cryptojacking can have a huge impact on your oganization.

The Pirate Bay is down - Here are its alternatives & Dark Web domain (HackRead) The Pirate Bay is down - Here are its best alternatives and link to the dark web domain which is still up and running online.

Click2Gov Breaches Attributed to WebLogic Application Flaw (Dark Reading) At least 10 US cities running Click2Gov software have alerted citizens to a data breach, but it turns out the problem was in the application server.

A huge spreadsheet naming ICE employees gets yanked from GitHub and Medium (TechCrunch) A massive database of current U.S. Immigration and Customs Enforcement (ICE) employees scraped from public LinkedIn profiles has been removed from the tech platforms hosting the data. The project was undertaken by Sam Lavigne, self-described artist, programmer and researcher in response to recent r…

Twitter punishes users for doxing White House advisor Stephen Miller (Ars Technica) Miller is an architect of Trump's controversial family separation policy.

ACLU Warns on Forced Malicious Software Updates (Infosecurity Magazine) The ACLU has issued guidance on how software developers should deal with demands on malicious security updates

Security Patches, Mitigations, and Software Updates

Four New Vulnerabilities in Phoenix Contact Industrial Switches (Dark Reading) A series of newly disclosed vulnerabilities could allow an attacker to gain control of industrial switches.

Why you may want to update your browser in the next 9 days (Naked Security) Want to keep shopping online? If you’re using an old browser you may find yourself locked out of PCI-compliant (e-commerce) websites.

Cyber Trends

Geopolitical Instability Is CISOs' Latest Challenge (BankInfo Security) The latest challenge to face CISOs: Finding the best way to keep their organization secure while at the same time navigating political edicts that may lack any

Ex-’Israeli NSA’ chief: Cyber doomsday scenario avoidable (The Jerusalem Post) Zafrir said he was concerned that technology and network administrators “will lose confidence in the network."

Infosecurity Europe Survey: Security Pros Gearing up for Rise in Nation-State Attacks (The State of Security) At Infosecurity Europe 2018, Tripwire surveyed 416 attendees to see what the future of nation-state attacks might look like.

Unrestricted access to systems and files exposes organizations to cybercrime (Help Net Security) Organisations are leaving themselves vulnerable to the threat of cybercrime with too many employees being able to access any files on their company network.

Will Employees’ Lack of IT Skills Lead to Security Issues in Future? (Infosecurity Magazine) Why better skilled people will make us more secure, but we're not heading in the right direction.

Marketplace

Dixons Carphone reports 24% fall in annual profits in wake of cyber attack (Eastern Daily Press) Annual profits at Dixons Carphone have slumped by almost a quarter – and the group has warned that cost pressures will continue to squeeze its margins.

PayPal to buy Simility, a specialist in AI-based fraud and risk management, for $120M (TechCrunch) Payment provider PayPal continues apace with its acquisitions streak to bring more modern tools into its platform to serve its 237 million customers. Today the company announced that it is buying Simility, a fraud prevention specialist, for $120 million in cash. PayPal had been an investor in Simil…

Cyber Intelligence Firm Intsights Raises $17 Million (SecurityWeek) Israel-born startup Intsights Cyber Intelligence has raised $17 million in a Series C funding to support its cyber reconnaissance capability and global expansion.

HPE splashes $4B on 'intelligent' edge products and services (Fierce Telecom) Hewlett Packard Enterprises (HPE) is making a big bet on the development of edge products and services across several technology domains.

Two contractors get $6.5 million to support Army Cyber's insider-threat monitoring (Fedscoop) Army Cyber Command is awarding a $6.5 million contract to two companies to help it prevent workers from exposing valuable information on the command’s networks, according to an announcement from contractors Applied Insight and DV United. The five-year contract covers the management and maintenance of User Activity Monitoring Program, which Army Cyber uses to look …

KeyW National Intelligence Sector Maintains CMMI Development Maturity Level 3 Status (ExecutiveBiz) CMMI Institute maintained the level 3 Capability Maturity Model Integration status for development of KeyW Holding‘s national intelligence sector after a re-appraisal conducted on June 6. The re-assessment for development V1.3 maturity, held every three years, involved the review of artifacts and examination of workers on performance in CMMI process areas, the company said Tuesday. “We’re proud...

Accenture adding 1K DC-area cyber jobs, opens Rosslyn Cyber-Fusion center (WTOP) Accenture opened a new flagship Cyber Fusion Center at 1201 Wilson Blvd. in Rosslyn, Virginia, on Wednesday.

Products, Services, and Solutions

New infosec products of the week: June 22, 2018 (Help Net Security) New infosec products of the week include releases from the following vendors: ExtraHop, Pulse Secure, Trend Micro, and Twistlock.

FireEye and Gigamon Announce Global Partnership to Improve Security Effectiveness and Efficiency for Joint Customers (Gigamon) Strategic alliance combines next generation network packet broker capabilities with sophisticated threat management to bring greater protection and resilience to customer security infrastructures.

Cylance® Extends AI-Driven Security to Hybrid Environments and Private Networks With CylanceHYBRID and CylanceON-PREM (BusinessWire) Cylance Inc., the company that revolutionized endpoint security by delivering AI-powered threat prevention, today announced the availability of Cylanc

Aella Data Launches Starlight 2.0, Security Industry’s first AI-Driven Multi-Tenant Breach Detection System; Announces MSSP Partner Program (BusinessWire) New multi-tenant capability improves operational efficiency and reduces costs for MSSPs

NanoLock Launches Platform to Protect IoT Devices From Production Through End-of-Life (SecurityWeek) Cybersecurity start-up NanoLock Security announced a new lightweight security platform designed to add security into IoT devices, rather than to overlay security around those devices.

Syniverse launches global private network (Help Net Security) Syniverse Secure Global Access is a private, secure, global network that provides the foundation for businesses to reliably safeguard mission-critical data.

Blockchain update: Microsoft and EY release a blockchain to manage digital rights and royalties (Computing) Gaming firm Ubisoft is among the first to try it

Plurilock Partners With Carahsoft to Bring Continuous Identity Assurance to Federal Agencies (PR Newswire) Plurilock Security Solutions and Carahsoft...

Fortinet optimizes web application firewall with new machine learning capabilities (ETCISO.in) Two-step AI-based machine learning innovations to FortiWeb provide a dramatic increase in detecting web application threats with nearly 100 percent ac..

Oxford BioChronometrics is One of the Few Companies Truly Fighting Digital Ad Fraud (Equities.com) The cost of ad fraud to brands will reach $44 billion by 2022. Here's how Oxford BioChronometrics is helping businesses fight back.

Technologies, Techniques, and Standards

Sneaky Web Tracking Technique Under Heavy Scrutiny by GDPR (Threatpost) Don’t expect tracking methods such as browser fingerprinting to disappear anytime soon, even with GDPR, warns the EFF.

NSA ‘Systematically Moving’ All Its Data to The Cloud (Nextgov.com) The National Security Agency is all-in on cloud.

Netanyahu simulates cyberattack to demonstrate security challenges (Times of Israel) 'Our airlines can be brought down, our fighter planes can be brought down,' the prime minister warns at conference in Tel Aviv.

The US made the wrong bet on radiofrequency, and now it could pay the price (C4ISRNET) “It’s not that we disarmed, it’s that we took a path that they have now figured out,

How to identify malicious & fake WiFi hotspots in the wild (HackRead) How to identify malicious and WiFi hotspots? Here is a tool that lets you bust fake WiFi hotspots within no time based on your location.

AppSec in the World of 'Serverless' (Dark Reading) The term 'application security' still applies to 'serverless' technology, but the line where application settings start and infrastructure ends is blurring.

7 Places Where Privacy and Security Collide (Dark Reading) Privacy and security can experience tension at a number of points in the enterprise. Here are seven - plus some possibilities for easing the strain.

Design and Innovation

Introducing the Technology Pioneers Cohort of 2018 (World Economic Forum) The Technology Pioneers cohort of 2018 brings together 61 early-stage companies from around the world that are pioneering new technologies and innovations ranging from the use of artificial intelligence in drug discovery, the development of autonomous vehicles, advancing cybersecurity and reducing...

The future of AI relies on a code of ethics (TechCrunch) As the AI revolution continues to accelerate, new technology is being developed to solve key problems faced by consumers, businesses and the world at large. Our reliance on AI will deepen, inevitably causing many ethical issues to arise as humans turn over to algorithms their cars, homes and busine…

Artificial Intelligence & the Security Market (Dark Reading) A glimpse into how two new products for intrusion detection and entity resolution are using AI to help humans do their jobs.

Research and Development

Peter Cochrane: Is AI Schrödinger's brain? (Computing) Artificial intelligence today is barely intelligent at all. So what will it take for true AI to be developed, asks Peter Cochrane?

Top intelligence officials fear U.S. behind in quantum computing, cyber (Fifth Domain) A top National Security Agency official said the intelligence community should concentrate on innovation related to cybersecurity.

Academia

SUU recognized for cyber defense education (GOOD4UTAH) The National Security Agency (NSA) and the Department of Homeland Security (DHS) have designated Southern Utah University as a National Center of Academic Excellence in Cyber Defense Education.

Casper College Offers New Sign Language, Cyber Security Degrees (K2 Radio) The revamped cyber security degree program trains students to find and remove data from digital media and protect computer information systems from malignant uses.

Legislation, Policy and Regulation

How cyber's forward defense could backfire (Axios) Taking the attack to the enemy can have awkward consequences in cyber warfare.

Analysis | The Cybersecurity 202: 'A wake up call.' OPM data stolen years ago surfacing now in financial fraud case (Washington Post) Lawmakers want to protect the victims.

Litigation, Investigation, and Enforcement

Reality Winner to take a plea deal in NSA leak case (Atlanta Journal-Constitution) The former NSA contractor is accused of leaking government intelligence

Former Israeli minister arrested for allegedly spying for Iran (Asia Times) The arrest reveals the seedy underbelly of the Israeli security elite: communities of expats in Africa involved in illicit trade and illegal activity

Former employee sued by Tesla says he was a whistleblower, alarmed by company practices and Elon Musk (Washington Post) The lawsuit adds a new layer of intrigue to a company already consumed with production pressures and internal suspicions about a conspiracy.

Tesla enhances security following report of ex-employee threat (Engadget) The Tesla Gigafactory has enhanced security after a threat from former employee Martin Tripp.

Tesla lawsuit target called “horrible human being” by CEO Elon Musk (Ars Technica) Tripp: "Putting cars on the road with safety issues is being a horrible human being!"

A Tesla telenovela (TechCrunch) Tesla’s lawsuit against a former employee was filed just 24 hours ago and it’s already ripe fodder for Hollywood. As CEO Elon Musk has noted in the past, Tesla is a real drama magnet. Get ready, it’s exhausting. Tesla filed the lawsuit against former employee Martin Tripp for $1 m…

Elderly victims conned out of millions by tech support scammer (Naked Security) The FTC has been battling tech support scams for years, especially ones targeting older citizens who are seen by fraudsters everywhere as susceptible to these cons.

Euro cops bust 95 criminals responsible for EUR8 million in online fraud (Finextra Research) Police forces across Europe have made over 95 arrests of criminals who set up fake Web shops offering too-good-to-be-true product prices as a front for stealing card details.

Bumbling Hacker "Bitcoin Baron" Sentenced to 20 Months in Prison (BleepingComputer) A hacker once considered "the Internet's most inept criminal" received on Monday a prison sentence of 20 months in prison for launching DDoS attacks against the city of Madison, Wisconsin —attacks which caused delays and outages to various municipality services, including its 911 emergency call center.

L.A. County Selects IBM Security Services to Review Voter Roster Error (SCVNews.com) Los Angeles County has engaged information technology leader IBM Security Services to conduct an independent review and evaluation of the systems and procedures used in the production and printing of voter rosters for the June 5 Statewide Direct Primary Election.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

GovSummit (Washington, DC, USA, June 27 - 28, 2018) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information sharing and education on security topics affecting federal, state and even local agencies.

The Cyber Security Summit: DC Metro (Tysons Corner, Virginia, USA, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.

Impact Optimize2018 (Rosemont, Illinois, USA, June 28, 2018) Impact Optimize2018, the first-ever IT and Business Security Summit hosted by Impact, will provide attendees with actionable steps that enable the betterment of information, network and cybersecurity. All of the information presented will be designed to facilitate growth and eliminate risk for organizations of all sizes and across all vertical markets, with security as the firm foundation of every solution. The event will include presentations by subject matter experts, breakout sessions among business leaders and live demonstrations of enterprise security and business software.

Nuclear Asset Information Monitoring and Maintenance (Warrington, England, UK, July 3 - 4, 2018) On July 3rd and 4th in Warrington United Kingdom, nuclear industry leaders will meet for the IoE Events Nuclear Asset Information, Monitoring and Maintenance conference to further develop the sector’s strategic ability to leverage the appropriate people, processes and technology to achieve organisational goals through an enterprise wide integrated asset information strategy.

Cyber Security Summit 2018 (Newport, Rhode Island, USA, July 18 - 20, 2018) Join us for Opal Group’s Cyber Security Summit – set in Newport, RI, this premier event will gather C-Level & Senior Executives responsible for defending their companies’ critical infrastructures together with technology providers & distinguished information security experts. Learn from acclaimed security professionals on how to protect your business from cyber attacks during interactive Panels & Keynote presentations. Convene with fellow influential business leaders, C-Suite executives, investors & entrepreneurs over 3 days of sailing, sessions, and networking opportunities.

The Cyber Security Summit: Seattle (Seattle, Washington, USA, July 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Health Cybersecurity Summit 2018 (Santa Clara, California, USA, July 20, 2018) Worried about being hacked? Not sure how to respond to a cyber incursion? The first line of defense is a cyber threat preparedness strategy that includes coordination with critical infrastructure and emergency management agencies. Join executives, security professionals and elected officials for the Silicon Valley Leadership Group's Health Cybersecurity Summit on Friday, July 20, at Citrix Headquarters in Silicon Valley. Engage in a real-time cyber threat and response simulation, hone your digital defense skills, and learn about the unique security concerns faced by the healthcare industry and related infrastructure providers.

Global Cyber Security Summit (Kathmandu, Nepal, July 27 - 28, 2018) Information Security Response Team Nepal (NPCERT) is all set to host a Global Cyber Security Summit (GCSS) on July 27 with the theme “Building Global Alliance for Cyber Resilience”. The two-day event aims to provide a creative and productive platform for professionals in the field of cyber security.

SINET61 2018 (Melbourne, Victoria, Australia, July 31 - August 1, 2018) Promoting cybersecurity on a global scale. SINET – Melbourne provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to Cybersecurity challenges.

Community College Cyber Summit (3CS) (Gresham, Oregon, USA, August 2 - 4, 2018) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Who should attend 3CS? College faculty and administrators, IT faculty who are involved or who would like to become involved in cybersecurity education, non-IT faculty in critical infrastructure fields who are interested in incorporating cybersecurity topics into their curricula, decision makers in positions that influence cybersecurity education programs, community college students interested in learning about security or expanding their current knowledge, and students attending the 3CS Pre-Summit Job Fair and National Cyber League (NCL) on Thursday, August 2nd.

2018 Community College Cyber Summit (3CS) (Gresham and Portland, Oregon, USA, August 2 - 4, 2018) 3CS is organized and produced by the National CyberWatch Center, National Resource Center for Systems Security and Information Assurance (CSSIA), CyberWatch West (CWW), and Broadening Advanced Technological Education Connections (BATEC), which are all funded by the National Science Foundation (NSF). The outcomes of 3CS leverage community college cybersecurity programs across the nation by introducing the latest technologies, best practices, curricula, products, and more.

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included, among others, the CEO of GM Mary Barra and the U.S. Secretary of Transportation Anthony Foxx, resulting in media coverage from The New York Times and The Wall Street Journal and attracting 500 attendees. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event.

Black Hat USA 2018 (Las Vegas, Nevada, USA, August 4 - 9, 2018) Now in its 21st year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2018 opens with four days of technical Trainings (August 4 – 7) followed by the two-day main conference (August 8 – 9) featuring Briefings, Arsenal, Business Hall, and more.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Chinese espionage against US rises. Oregon blacklisted. Phishbait update. Minor Sputnik moments. Reality Winner cops a plea.