The CyberWire Daily Briefing 1.19.18

Cyber Attacks, Threats, and Vulnerabilities

Lebanese Government Hackers Hit Thousands of Victims With Incredibly Simple Campaign (Motherboard) Security researchers uncover several years-long espionage and hacking campaigns, pinpointing them to a specific building in Beirut, Lebanon.

Sprawling Mobile Espionage Campaign Targets Android Devices (Threatpost) A massive mobile espionage campaign has been collecting troves of sensitive personal information since 2012, according to a new report from the Electronic Frontier Foundation and security firm Lookout.

Researchers uncover mobile, PC surveillance platform tied to different nation-state actors (Help Net Security) The EFF and Lookout have uncovered Dark Caracal, a new malware espionage campaign that has targeted activists, journalists, lawyers, military personnel, and enterprises in more than 20 countries.

Lebanese hackers stole a ton of data then left it on an open server (Engadget) A Lebanese intelligence agency is thought to have targeted people in over 20 countries in a years-long hacking campaign.

Cisco Talos highlights malware campaigns (probably) brewed from North Korea (Computing) Meet North Korea's most active cyber crooks...

New Attack Group Fires RATS and Disc Wipers at Targets (Infosecurity Magazine) New Attack Group Fires RATS and Disc Wipers at Targets.Group targets mainly South Korean victims using native language skills

Russia, China's Cyber-Capabilities Are 'Catastrophic' (Infosecurity Magazine) Both have the capability to launch kinetic and cyber-attacks that cause complete paralysis and/or destruction of critical systems and infrastructure.

Threats from Russia, North Korea Loom as Geopolitics Spills into Cyber Realm (Dark Reading) Threat actors from both nations ramped up their activities sharply in 2017, Flashpoint says in a new threat intelligence report.

Russian hackers move to new political targets (TheHill) Russia’s cyber operations against the United States are showing signs of accelerating even as lawmakers grapple with how to deter and respond to the threat.

Russia accuses Washington of leaking diplomats' bank details (Reuters) Russia's foreign ministry on Thursday accused U.S. officials of leaking to the media confidential financial details of Russian diplomats working in the United States, and demanded that those responsible be punished.

GhostTeam Android Malware Can Steal Facebook Credentials (BleepingComputer) Google has removed 53 apps from the official Play Store because they were spreading a new breed of Android malware named GhostTeam that could steal Facebook credentials and push ads to infected phones.

GhostTeam Adware can Steal Facebook Credentials (TrendLabs Security Intelligence Blog) We uncovered a total of 53 apps on Google Play, detected by Trend Micro as GhostTeam, that can steal Facebook accounts and surreptitiously push ads. Many of these apps, which were published as early as April 2017, seemed to have been put out on Google Play in a wave.

chaiOS "Text Bomb" Can Freeze & Crash Your iPhone (HackRead) A new iMessage bug dubbed as chaiOS, which can infect Apple’s iPhone and Mac devices and crashes or freezes them.

New Year, New Look - Dridex via Compromised FTP (Forcepoint Blog) Forcepoint Security Labs have recently observed a peculiar email campaign distributing a variant of the Dridex banking trojan. The campaign used compromised FTP sites instead of the more usual HTTP link as download locations for malicious documents, exposing the credentials of the compromised FTP sites in the process.

Rogue Chrome, Firefox Extensions Hijack Browsers; Prevent Easy Removal (Dark Reading) Malwarebytes describes malicious extensions as 'one of a kind'

Attackers Use Microsoft Office Vulnerabilities to Spread Zyklon Malware (Threatpost) Hackers are exploiting three Microsoft Office vulnerabilities to spread the Zyklon HTTP malware .

What has the Necurs botnet been up to? (Help Net Security) The Necurs botnet has been slowly growing since late 2012, and still tops the list of largest spam botnets in the world.

Schneider Electric: TRITON/TRISIS Attack Used 0-Day Flaw in its Safety Controller System, and a RAT (Dark Reading) ICS/SCADA vendor discloses in-depth analysis of a recent targeted attack against one of its customers.

Schneider Electric: Trisis leveraged zero-day flaw, used a RAT (Cyberscoop) Multinational energy technology company Schneider Electric revealed new details Thursday about a historic breach where hackers were able to halt operations at an energy plant in the Middle East by deploying highly sophisticated malware.

Schneider Electric says bug in its software exploited in hack (CRN Australia) Claims hackers invaded Triconex safety systems.

New macOS malware hijacks DNS settings and takes screenshots (HackRead) A new macOS malware called OSX/MaMi has been found infecting Apple's Mac devices and stealing personal data of users.

Hacker Might Have Stolen the Healthcare Data for Half of Norway’s Population (BleepingComputer) A hacker or hacker group might have stolen healthcare data for more than half of Norway's population, according to reports in local press.

Allscripts hit with a ransomware attack affecting a 'limited number' of applications (Fierce Healthcare) Allscripts is investigating a ransomware attack impacting a "limited number" of applications, according to a company spokesperson.

Hackers cast out 300% more phishing attacks via messages (Computer Business Review) cybersecurity caution is essential as the volume of message-based phishing attacks carrying malicious payloads spikes by 300 per cent.

Researcher reports how to hack Facebook account with Oculus Integration (HackRead) How to hack Facebook account is something that almost everyone wants to know. Now, a researcher has reported that Oculus Integration allowed him to hack Facebook accounts.

Feds Team with Foreign Policy Experts to Assess US Election Security (Dark Reading) Expert panel lays out potential risks for the 2018 election cycle and beyond

Anima victim to third cyber attack in two months (Macau Daily Times) Local animals rights group Anima (Macau) said it was this week victim to the third cyber attack in two months, suspecting that the Macau (Yat Yuen) Canidrome or its affiliated parties were behind the foul play. An adoption application form on the group’s website is believed to have been targeted by internet robots with the …

Security Patches, Mitigations, and Software Updates

Meltdown-Spectre: Intel says newer chips also hit by unwanted reboots after patch (ZDNet) Intel's firmware fix for Spectre is also causing higher reboots on Kaby Lake and Skylake CPUs.

Google's Deadline Looms For Marketers To Address Symantec-Issued Security Certificates (Media Post) Google will begin to distrust Symantec-issued certificates in Chrome that were issued prior to June 1, 2016. The move will go into effect in early 2018. And apparently companies are not ready.

MailChimp Found Leaking Email Addresses (Infosecurity Magazine) If you visited a link from a MailChimp newsletter, your email address and your reading habits may have been broadcast to a site owner.

Cyber Trends

2017 "a record setting year" for cyber crime, claims ThreatMetrix (Computing) Hackers are becoming craftier and focusing on identity theft

Phishing attacks are up, but awareness is also on the rise (IT Pro Portal) Report claims that malware infections and compromised accounts rose more than 80 per cent in 2017.

Is it fair to burden users as the 'last line of defence' against hackers? (IT Pro Portal) Our recent survey found that 99 per cent of CISOs see users as ‘the last line of defence’ against hackers – but is this really fair to end users?

BEC Attacks to Exceed $9B in 2018: Trend Micro (Dark Reading) Business email compromise is projected to skyrocket as attackers adopt sophisticated techniques to dupe their victims.

California Predicted to Lose $329M to Cybercrime in 2018 (Dark Reading) The Golden State will be hit hardest but New York will lose the most money per incident.

Marketplace

Tax Reform, Cybersecurity-Style (Dark Reading) How the security industry can be more effective and efficient by recognizing four hidden taxes in the buying and selling process.

IoT Security Startup VDOO Nabs $13M In Funding, With Former Palo Alto Networks Channel Exec Heading Up Partner Program Strategy (CRN) The Internet of Things is a 'greenfield of security opportunities' for solution providers that want to partner with VDOO, Ariel Kriger, vice president of strategic initiatives, tells CRN.

Coinbase acqui-hires Memo.AI technical team management tool (TechCrunch) Coinbase, the white-hot cryptocurrency exchange, is bringing on more engineering talent to help it continue to capitalize on the crypto boom. The company has..

Ledger raises another $75 million to become the leader in cryptocurrency hardware wallets (TechCrunch) Ledger just raised an impressive Series B round of $75 million (€61 million), led by Draper Esprit. The startup already raised a $7 million round last year...

BroadSoft Obtains Antitrust Clearance for Pending Acquisition by Cisco (GlobeNewswire News Room) BroadSoft, Inc. (NASDAQ:BSFT) today announced that it received notice from the U.S. Department of Justice and the Federal Trade Commission granting early termination of the waiting period under the U.S. Hart-Scott-Rodino Antitrust Improvements Act of 1976, as amended, in connection with its pending merger with a wholly-owned subsidiary of Cisco Systems, Inc. (Cisco).

Billion-Dollar Unicorns: Can Okta Sustain Its Valuation? (Seeking Alpha) Okta's stock is currently trading at $26.35 with a market cap of about $2.69 billion. Unlike some other unicorns that have come into the public market and colla

Q&A: What CyberX is doing to help address the hackable state of industrial control systems (Security Boulevard) Finally, the profoundly hackable state of industrial control systems (ICS) is being elevated as an issue of substantive concern and beginning to get the level of global attention it deserves. Nation-state backed hackers knocking out power grids and discombobulating other critical infrastructure – the cyber Pearl Harbor scenario – has been discussed for years in

Accomplice closes second fund at $205M (Boston Business Journal) Cambridge-based Accomplice, one of the most active venture investors in Massachusetts tech, has closed its second fund at $205 million. That's in line with the firm's first fund, which it raised in 2015 after spinning out of Atlas Venture.

Google Awards Record $112,500 Bounty for Android Exploit Chain (Threatpost) Prolific Google bug hunter Guang Gong earns highest ever Android Security Rewards payout.

Products, Services, and Solutions

New infosec products of the week: January 19, 2018 (Help Net Security) Continuous vulnerability management for ICS cybersecurity PAS Cyber Integrity 6.0 now includes continuous vulnerability management providing visibility int

Secret Double Octopus is Eliminating Passwords in the Workplace With Launch of Octopus Domain Authentication (PRNewswire) Secret Double Octopus, the pioneer of password-free, keyless...

Okta teams up with ServiceNow to bring identity layer to breach containment (TechCrunch) Okta and fellow cloud company ServiceNow got together to build an app that helps ServiceNow customers using their security operations tools find security..

7 Insider Attacks UEBA Detects (Bay Dynamics) Insider threats are the unwelcomed gift that keeps on giving. Whether it’s malicious or non-malicious insiders, repeat offenders, or compromised credentials, insider threats pervade organizations and without the right people, processes and technologies, can be tough to uncover.

Bay Dynamics Wins Government Security News Award for Best User & Entity Behavior Analytics (GlobeNewswire News Room) Bay Dynamics, a leader in cyber risk analytics, has won the 2017 Government Security News Homeland Security Platinum Award for Best User and Entity Behavior Analytics (UEBA).

Bricata Unveils New Network Security Dashboard for Better Cyber Alert Triage and Threat Hunting (Bricata) Improved metadata and intelligent packet capture associated with security alerts provides better means to visualize scope, severity and conduct event correlation

Technologies, Techniques, and Standards

The impromptu Slack war room where ‘Net companies unite to fight Spectre-Meltdown (Ars Technica) When major security vulns go live without warning, competitors suddenly band together.

The Cybersecurity Framework is helping agencies, but there's room for improvement (GCN) IT managers have gotten better at preventing attacks, but they must ensure they can also quickly respond and recover.

Why Prediction Should Be Added To The NIST Cybersecurity Framework (Forbes) Since I began my series on cybersecurity, I’ve used the structure provided by the National Institute of Standards and Technology (NIST) to serve as a framework for what companies must consider when constructing their security portfolio. The NIST framework separates cybersecurity concerns into five areas that companies need to formulate a plan for...

The World Federation Of Exchanges Publishes Best Practice Guidelines For Cyber Security Compliance (Mondo Visione) The World Federation of Exchanges (“The WFE”), which represents more than 200 market infrastructure providers including exchanges and CCPs, has today published a set of best practice guidelines for market infrastructures designed to engender a staff culture of cyber security compliance.

How do you secure the cloud? New data points a way (CSO Online) Two new reports show big differences in risk among public, private, and hybrid cloud deployments. Here’s advice on the tools, information, and organizational structure needed to execute a successful cloud security strategy.

Some Basic Rules for Securing Your IoT Stuff (KrebsOnSecurity) Most readers here have likely heard or read various prognostications about the impending doom from the proliferation of poorly-secured “Internet of Things” or IoT devices.

Cyber Hunt: A Necessary Augmentation to Traditional Security (LookingGlass Cyber Solutions Inc.) Cyber hunt teams are becoming an important part of organizations’ cyber defense teams, complementing traditional passive monitoring detection efforts.

Attribution – One size doesn’t fit all (ThreatQuotient) When it comes to security operations, you need to consider what level of attribution the different teams involved in protecting your organization need to be successful. Often knowing the group responsible or the campaign used is sufficient.

Frédéric Julhes, Airbus : une bonne stratégie de sécurité doit reposer sur des facteurs humains et technologiques (Global Security Mag) Lors de l’édition 2018 du FIC Airbus présentera l’ensemble de son offre de sécurité qui combine du conseil, de l’analytique et des capacités opérationnelles de réaction aux cyberattaques. Elle mettra en avant particulièrement son offre de SOC et sa nouvelle déclinaison « SOC in a Box », sa solution Orion Malware…

Fighting Fire With Fire: Air Force’s Cyber Weapons Protect its Networks (MeriTalk) In the domain of warfare known as cyberspace, the Air Force’s cyber warriors naturally play a lot of defense, but they do it with the help of cyber weapons designed to add an important layer to the protection of the service’s operations and data.

How to engage with the C-Suite on cyber risk management, part 4 (CSO Online) Creating metrics to indicate risk.

Create security culture to boost cyber defences, says Troy Hunt (ComputerWeekly) Security suffers when there is tension between software developers and security professionals, but it is common in many organisations, says world-renowned security blogger and trainer.

Go Ahead and Put Your Password on a Post-It Note (Motherboard) Many are shaming the Hawaii Emergency Management Agency for keeping passwords on post-its, but the practice isn’t always a terrible idea.

Design and Innovation

This hacker is rating software security Consumer Reports-style (CSO Online) The Cyber Independent Testing Lab (CITL) is fuzzing binaries at scale and building a checklist of compile-time security best practices.

Crime-Predicting Algorithms May Not Beat Untrained Humans (WIRED) When researchers put a popular criminal justice algorithm up against a bunch of Mechanical Turks, they came out about even.

Research and Development

Saudi university to establish biometric security research laboratory (Arab News) King Saud University (KSU) in Riyadh has received a grant from King Abdulaziz City for Science and Technology (KACST) for research into secure biometric cryptosystems to aid digital security. Biometric-based personal recognition technologies such as fingerprint, face, iris, palm print, voice and signature are used to identify a person by his or her unique behavioral or biological characteristics. An increasing number of countries, including the Kingdom, have decided to adopt biometric systems for national security and identity-theft prevention.

Academia

Nevada Offers Cyber Security Challenge To High School Females (CBS Las Vegas) GirlsGoCyberStart, an innovative opportunity for young women attending high school in Nevada to discover their talents in cyber security and learn about careers in the field.

Legislation, Policy and Regulation

Pentagon Suggests Countering Devastating Cyberattacks With Nuclear Arms (New York Times) President Trump has not yet approved a draft strategy that would expand “extreme circumstances” for nuclear retaliation to include a crippling cyberattack.

Really? We’re Gonna Nuke Russia for a Cyberattack? (POLITICO Magazine) The Trump administration’s new nuclear strategy includes a provision that is truly bonkers.

Pentagon considers nuclear response to retaliate for large cyber attacks (CSO Online) A draft for the Pentagon’s 2018 Nuclear Posture Review says the U.S. would consider using nuclear weapons to respond to non-nuclear attacks.

Senate passes bill to renew foreign surveillance program (Federal Times) The Senate voted 65-34 to reauthorize the program for six years. The bill, which already has been passed by the House, now heads to the White House where President Donald Trump has said he will sign it into law.

Congress Approves Six-Year Extension of Surveillance Law (New York Times) The Senate sent a bill to President Trump extending the N.S.A. warrantless surveillance program, rebuffing proposals for greater privacy safeguards.

The Senate Just Voted to Expand the Warrantless Surveillance of US Citizens (Motherboard) Once Trump signs the bill into law, US intelligence agencies will be able to spy on the electronic communications of Americans with an overseas contact without a warrant.

A Cyber Solarium Project (Lawfare) A proposal for the development of a cyber grand strategy.

Cyber risk is a growing challenge. So how can we prepare? (World Economic Forum) Cyberattacks are perceived as the global risk of highest concern to business leaders in advanced economies.

Cyber Resilience Playbook for PublicPrivate Collaboration (World Economic Forum) The World Economic Forum System Initiative on Shaping the Future of Digital Economy and Society represents a global platform for multistakeholder coalitions from across the world to collaborate and accelerate progress against shared digital economy goals and to shape a digital future that is sustainable, inclusive and trustworthy.

China slams U.S. on intellectual property, telecoms moves (The Asahi Shimbun) China on Thursday criticized recent moves by the U.S. targeting the sale of fake goods and

Lawmakers Want More Oversight into DHS Flaw Disclosures (Government Technology) A bill in the U.S. Senate would establish new guidelines for the Department of Homeland Security’s private-sector technology vulnerability disclosure program.

Lawmakers Demand Investigation Into Lack of Whistleblower Protections for Spies (Foreign Policy) Senate leaders across party lines are concerned intelligence community watchdogs are failing to protect whistleblowers.

SEC cools traders’ hot plans for cryptocurrency-based exchange traded funds (TechCrunch) The U.S. Securities and Exchange Commission has serious concerns about the securities industry's plans to create exchange traded funds around cryptocurrency...

Cryptocurrencies: Market manipulation a rising fear (CBS News) Despite the massive price run-up and all the hype, digital money is hampered by its vulnerability to fraud

Litigation, Investigation, and Enforcement

Russian anti-virus company Kaspersky Lab files for injunction in U.S. court, seeking to counter Trump administration ban (Cyberscoop) Moscow-based anti-virus company Kaspersky Lab has filed a motion for a preliminary injunction in U.S. federal court in hopes of halting the Trump administration’s ongoing efforts to ban Kaspersky software from use in federal agencies.

Kaspersky files injunction challenging government's software ban (TheHill) Kaspersky Lab filed an injunction in court on Wednesday in an attempt to block the Trump administration’s order that bans its products from being used on federal systems, after the government deemed that

Fine Time: What GDPR Enforcement Could Look Like (Infosecurity Magazine) Research looks at the size of a regulatory fine under the GDPR

Chemring faces inquiry into bribery claims (Times) Chemring has become the latest British defence company to fall under criminal investigation by the Serious Fraud Office over allegations of bribery and corruption. The £500 million specialist in...

How the U.S. took down former CIA officer suspected of spying for China (NBC News) Former CIA officer Jerry Lee has been charged with possession of classified information, but is suspected of betraying American agents in China.

China swims the swamp for America's secrets (American Thinker) The revolving door between former intelligence agents and lucrative contracts is apparently an irresistable opportunity for America's enemies.

KillaMuvz pleads guilty to being a sophisticated malware operator (SC Media UK) The UK creator of malware resources Cryptex and reFUD.me, used by thousands in the cyber-crime world, has this week pleaded guilty to charges.

Baltimore man found via police ‘StingRay’ argues civil case should have discovery (Maryland Daily Record) A Baltimore man who filed a federal lawsuit after the Court of Special Appeals ruled police did not have a valid warrant to use cell site simulator technology to locate him is asking a judge to rej…

6 years jail time for ‘one of the largest' dark web drug dealer (HackRead) One of the largest dark web drug dealer and third largest vendor in the United States has been jailed for 6 years in prison.

Dark Caracal tracked to Beirut. Group 123 phishes in South Korean waters. Schneider Electric on Triton/Trisis ICS malware.