The CyberWire Daily Briefing 1.22.18

Cyber Attacks, Threats, and Vulnerabilities

Russian Bots Call for Release of FISA Memo (Infosecurity Magazine) Russian Bots Call for Release of FISA Memo. Republican lawmakers follow suit, despite voting to reauthorize surveillance law

Fake News Kicks Into High Gear In Czech Presidential Runoff (RadioFreeEurope/RadioLiberty) Attacks against the challenger to Czech President Milos Zeman step up as voters head toward a runoff vote.

Lithuania probes TV station cyber attack which published fake news story (Independent) A probe has been launched into a cyber attack against a Lithuanian TV station.

Bitcoin is a 'Project of US Intelligence,' Kaspersky Lab Co-Founder Claims (Sputnik News) Natalya Kaspersky claimed that Bitcoin was designed to provide financing for US and British intelligence activities around the world. The expert called the cryptocurrency "dollar 2.0."

Conspiracy Group Claims Bitcoin Created by Rogue AI (Bitcoinist) A new Bitcoin conspiracy theory has emerged online, claiming that the cryptocurrency was created by a rogue artificial intelligence.

Trisis nation-state authored malware leaked onto internet (SC Media UK) Schneider Electric accidentally puts malware online that could shut down power plants. Nation state authored malware has been mistakenly put online.

Cisco adds nine more products to Spectre, Meltdown probe (CRN Australia) In addition to dozens of systems already under investigation.

Evrial Trojan Switches Bitcoin Addresses Copied to Windows Clipboard (BleepingComputer) A new information stealing Trojan called Evrial is being actively distributed in the wild. Like most infostealing Trojans, Evrial can steal browser cookies and stored credentials, but this Trojan also has the ability to monitor the Windows clipboard for certain text replace it with text received from the attackers.

Researchers identify a new data-compromising Trojan that spies on Windows clipboard (Computing) Is someone spying on your Windows Clipboard?

Malicious Chrome extension is next to impossible to manually remove (Ars Technica) Extensions remain the Achilles heel for an otherwise highly secure browser.

2018 Olympics: Could computer hacks produce the wrong winners? (USA TODAY) Sporting events are only meaningful if we trust the results. But as digital devices proliferate, so will the risks of cybersecurity failures.

Android Malware in gaming apps on Play Store downloaded 4 million times (HackRead) Dr.Web researchers have found 27 gaming apps infected with Android malware and Google has not removed it from Play Store.

The Google Play “Super Antivirus” that’s not so super at all… [REPORT] (Naked Security) SophosLabs has published a technical report digging into the details of a not-so-super “Super Antivirus” charade on Google Play.

Misconfigured Jenkins Servers Leak Sensitive Data (Security Week) A researcher has conducted an analysis of Jenkins servers and found that many of them leak sensitive information, including ones belonging to high-profile companies.

Half of Norway’s Population May Have Been Breached (Infosecurity Magazine) Half of Norway’s Population May Have Been Breached. Healthcare provider hit by major intrusion

SamSam Ransomware Hits Hospitals, City Councils, ICS Firms (BleepingComputer) The SamSam ransomware group seems to have gotten to a "great" start in 2018, hitting several high-profile targets such as hospitals, a city council, and an ICS firm.

Allscripts recovering from ransomware attack that has kept key tools offline (CSO Online) Allscripts, the billion-dollar electronic health record (EHR) company headquartered in Chicago, IL said they were still working to recover from a ransomware attack that left several applications offline after data centers in Raleigh and Charlotte, NC were infected on Thursday.

Reel Talk: Phishing Attacks Not Water Under the Bridge Yet (Security Intelligence) Phishing attacks are still muddying the waters of network security despite an uptick in security awareness. How can companies avoid the hook?

Up to 40K Affected in Credit Card Breach at OnePlus (Dark Reading) The smartphone manufacturer has sent an email to anyone who may have been affected in the breach.

Hacker Infects Gas Pumps with Code to Cheat Customers (Threatpost) Russian authorities have broken up a crime ring involving a hacker and willing gas-station employees who have used malicious software to cheat customers of gas.

Struts and DotNetNuke Server Exploits Used For Cryptocurrency Mining (TrendLabs Security Intelligence Blog) Threat actors have turned to cryptocurrency mining as a reliable way to make a profit in recent months. Cryptocurrency miners use the computing power of end users to mine coins of various kinds, most commonly via malware or compromised websites. By compromising servers in order to run cryptocurrency miners, the threat actors would gain access to more computing power and increase their profits from illicit mining.

Forget viruses or spyware—your biggest cyberthreat is greedy currency miners (MIT Technology Review) Software that hijacks your computer to mine has become the most popular malware on the planet.

Understanding Motivations and Methods of Web Defacement (TrendLabs Security Intelligence Blog) Cybercrime takes on many forms, but one of the long-standing tactics attackers use is web defacement – the process of compromising and vandalizing a website. Typically, these attackers – known as web defacers – replace the original page with their own version, boldly stating a political or social message. This is not a new phenomenon, but it is an enduring one. The data we’ve analyzed goes back almost two decades, and we’ve seen how the process of web defacement is still being used nowadays.

6 ways hackers will use machine learning to launch attacks (CSO Online) Machine learning algorithms will improve security solutions, helping human analysts triage threats and close vulnerabilities quicker. But they are also going to help threat actors launch bigger, more complex attacks.

Security Patches, Mitigations, and Software Updates

Red Hat Will Revert Spectre Patches After Receiving Reports of Boot Issues (BleepingComputer) Red Hat is releasing updates that are reverting previous patches for the Spectre vulnerability (Variant 2, aka CVE-2017-5715) after customers complained that some systems were failing to boot.

Cyber Trends

Cyber attacks push corporate fraud to all-time high (Financial Times) Information theft overtakes the appropriation of physical assets for the first time on record

The Internet of Things: What Could Go Wrong (Barron's) The Internet of Things: What could go wrong—and which companies stand to gain.

UK 'Most Well-Prepared' European Nation for GDPR (Infosecurity Magazine) Study finds UK well ahead of other European nations, but legal experts err on side of caution

Marketplace

Huawei's latest attempt to enter U.S. worries lawmakers — but Canada doesn't share its concern (CBC News) Two of America's closest partners have embraced the Chinese phone maker, making national security claims hard to gauge.

CrowdStrike performs distribution U-turn (CRN) End-point security vendor now pursuing one-tier channel model in Europe

Products, Services, and Solutions

Security distributor Progress to launch SOC service for cash-strapped resellers (CRN) Many VARs can't afford the upfront investment to become MSSPs, according to Progress CEO John Quinn

Cryptomathic first to undergo new eIDAS Certification for Remote Qualified Electronic Signatures (Global Security Mag Online) Cryptomathic announces that it is a eSignature solution provider in Europe to receive a certification ticket for the new Common Criteria certification process for eIDAS compliant Qualified Signature Creation Devices (QSCDs).

An App That Encrypts Your Photos From Camera to Cloud (WIRED) Pixek, an end-to-end encrypted photo app, could point to the future of searchable cloud data storage.

PolySwarm | Cyber Threat Intelligence Enabled by the Blockchain (ChipIn) PolySwarm ICO Review: Utilizing blockchain to decentralize threat response in a cybersecurity warzone called the digital world

Want to Avoid the Scourge of Malware on your Android? Try the F-Droid App Store (WIRED) Opinion: Yale Privacy Lab researchers argue that the scourge of trackers in Android apps means users should find a new app store.

Technologies, Techniques, and Standards

Here’s how to make sure Hawaii’s missile warning fiasco isn’t repeated (Ars Technica) Hawaii Emergency Management Agency made changes, but a system redesign may be necessary.

Nations Seek the Elusive Cure for Cyberattacks (New York Times) Securing the world from these types of attacks will be on the agenda when many of the world’s top leaders gather at the World Economic Forum in Davos this week.

Hey American business, here's how to use blockch ... sorry - we've been shut down (Register) NIST delays advice and is very, very sorry about 2013 crypto SNAFU

Seoul eyes ban on digital signature certificates (Korea Herald) The South Korean government on Monday decided to push for the abolishment of the uniformly used digital signature certificates system and switch to other authentication methods to create a more user-friendly internet environment. The abolition of the digital signature certificates was included in the government’s plans to “push for hyperconnectivity of intelligence innovation” designed to improve capabilities of d...

GDPR: Whose problem is it anyway? (Help Net Security) Compounding matters, the scope and complexity of GDPR extends beyond cyber security, requiring equal involvement from legal and IT teams.

Escape future ransomware attacks by leveraging the right technology (Help Net Security) Devising a ransomware defense plan isn’t easy. If you’re wondering where and how to start, here’s a short cheat sheet on a few security mechanisms that are especially helpful.

90% of Gmail users could improve their security easily, but don’t (Naked Security) There’s something alarming about the world’s one billion regular Gmail users – barely any have turned on two-step verification.

How To Keep Yourself Safe During Online Gaming (HackRead) Are you into online gaming? Then below are the six key steps to help keep yourself safe when gaming online.

Unlocked: The hidden love note on the grave of America's first crypto power-couple (Register) BAAAB AABBB AAAAA BAAAA AABAA ABBAB ABBAA BAAAA AABAA AAABB AAABB ABAAA BAABA

Design and Innovation

Why Customer Security is an Essential Part of Customer Experience (Customer Think) For physical businesses, it is essential to keep your business premises in order and protect it from thieves and other unwanted intruders. This is not just to protect your business, but to help you serve your customers better without hassles or disruptions.

3 futuristic ways the Air Force could improve electronic warfare (C4ISRNET) A new request for information highlights three ways the Air Force is looking to bolster its electronic warfare capabilities for the long-term.

Academia

Educators and Industry Share Outlooks on Cyber (SIGNAL Magazine) Public-private partnerships will be key to the nation's success in cybersecurity.

Legislation, Policy and Regulation

Army Boss Warns UK Falling Behind Russia on Cyber (Infosecurity Magazine) Army Boss Warns UK Falling Behind Russia on Cyber. More investment needed, says Nick Carter

Containing Russia, Again (Foreign Affairs) The United States cannot stand by when an adversary not only adopts an agenda of countering U.S. influence throughout the world but also strikes directly at the heart of American democracy.

National Defense Authorization Act – CyberSecurity planing required (CyberDB) In mid-December 2017, the White House signed the $700 billion National Defense Authorization Act bolstering established cyber programs

Japan turns to NATO for improving cyber-defense (Asia Times) Japan continues to deepen strategic cooperation with the North Atlantic Treaty Organization.

A government shutdown is unlikely to affect the nation's internet security (Mashable) The U.S. government may shutdown at midnight on Friday, but this will likely have little to no effect on the nation's all-important cybersecurity activities.

In speech, Mattis explains his cyber concerns (Fifth Domain) Secretary of Defense James Mattis discussed a reorganization within the department in a speech at Johns Hopkins University.

Microsoft sees need for regulation, laws for AI advances (Information Management) The firm is trying to get out in front of the challenges expected to arise, such as job losses and everyday citizens who may be hurt or disadvantaged by malfunctioning or biased algorithms.

Security fears spark crackdown on Chinese tech (TheHill) The federal government is taking steps to reduce the presence of some Chinese technology firms in American markets.

Netanyahu turns down meeting with Russian cybersecurity head linked to US hack (Times of Israel) Citing schedule restraints, Prime Minister's Office says premier 'must decline' Eugene Kaspersky's request for sit-down at Davos World Economic Forum this week

Opponents Vow to Continue the Fight after Trump Reauthorizes Domestic Spying Law (Threatpost) There is "a glimmer of light" despite the Senate's move to reauthorize Section 702 of the Foreign Intelligence Surveillance Act, says the ACLU.

Litigation, Investigation, and Enforcement

Twitter begins emailing the 677,775 Americans who took Russian election bait [Updated] (Ars Technica) Also raises official count of Russia-linked accounts, talks detection tools.

Twitter to tell 677,775 people they interacted with Kremlin-linked trolls (CNNMoney) Twitter will inform nearly 700,000 people in the U.S. that they either followed a Kremlin-linked troll account, or retweeted or liked a tweet sent by one of the accounts, the social media company said Friday.

‘Fake News’: Wide Reach but Little Impact, Study Suggests (New York Times) Before the 2016 election, those most likely to read “fake news” online were older and conservative, a new study finds. But even they relied most often on mainstream media.

Crackas with Attitude' hacker posed as CIA Chief to access secret data (HackRead) Remember the infamous Crackas with Attitude (CWA) hacking group? It turns out its founder Kane Gamble posed as CIA chief and stole secret documents.

British teenager hacked top ranking US officials using social engineering (Help Net Security) How did British teenager Kane Gamble, who at the time was only 15 years old, manage to break into email accounts of the CIA and DNI chiefs, as well as gain access to a number of sensitive databases and plans for intelligence operations in Afghanistan and Iran? The answer is social engineering.

British 15-year-old gained access to intelligence operations in Afghanistan and Iran by pretending to be head of CIA, court hears (Telegraph) A 15-year-old gained access to plans for intelligence operations in Afghanistan and Iran by pretending to be the head of the CIA to gain access to his computers, a court has heard.

The incredible things con artist did during US cyber attacks (Leicester Mercury) Kane Gamble targeted the FBI, CIA and the White House

Naval intelligence officer sold military secrets to Russia for $3,000 a month (The Globe and Mail) Sub-Lieutenant Jeffrey Deslisle pleads guilty to espionage which lasted for roughly five years

AMD, Apple Sued Over CPU Vulnerabilities (Security Week) Apple and Advanced Micro Devices (AMD) are also facing class action lawsuits following the disclosure of critical CPU vulnerabilities that affect billions of devices.

FBI did not save officials’ texts during key period in Trump probe, senator says (Washington Post) The five-month gap ended the same day Robert S. Mueller III was appointed special counsel over the Russia probe, according to a letter sent Sunday to FBI Director Christopher A. Wray.The five-month gap ended the same day Robert S. Mueller III was appointed special counsel over the Russia probe, according to a letter sent Sunday to FBI Director Christopher A. Wray.

NSA failed to preserve some data related to surveillance court case: report (TheHill) The National Security Agency (NSA) deleted data related to surveillance operations despite promises to preserve the data, according to a new report.

Man Admits to DDoS-ing Employers, Competitors (Security Week) A New Mexico man admitted in court this week to launching distributed denial of service (DDoS) attacks against the websites of former employers, business competitors, and public services.

“Give me a job or else!” approach fails to land IT job (Naked Security) Sending an application letter to your prospective employer is a good idea, an extortion letter, not so much

'Jeopardy!' champ hacked accounts of college president, vice president (MLive.com) As a result, Jass had a document "that consisted of notes and comments and 'problems'" regarding faculty members, told the state police, according to the report, obtained this week through a Freedom of Information Act request.

Jail for man who launched DDoS attacks against Skype, Google, and... (HOTforSecurity) A British man has been sentenced to two years in jail after admitting to a series of computer crime offences, which included over 100 attempts to knock the likes of Google, Skype and Nintendo’s popular video game Pokemon Go offline. 21-year-old Alex Bessell pleaded...