The CyberWire Daily Briefing 1.24.18

Cyber Attacks, Threats, and Vulnerabilities

High-Profile Twitter Accounts Hit by Turkish Propaganda Campaign (Infosecurity Magazine) Accounts of UN Indian ambassador, WEF president and Fox News targeted by hacker group ‘Ayyildiz Tim’

Espionage Campaign Sets Sites on Turkish Defense Contractors (Infosecurity Magazine) The perpetrators are targeting multiple people with weaponized documents that download a remote access Trojan.

Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More (TrendLabs Security Intelligence Blog) We analyzed a new RATANKBA variant (BKDR_RATANKBA.ZAEL.A) that uses a PowerShell script instead of its more traditional PE executable form. In this entry, we provide in-depth analysis of the malware, as well as a detailed examination of its remote controller.

Ontario transit agency says it was hit by North Korean cyberattack (CBC News) An Ontario transit agency says it was in the crosshairs of a North Korean cyberattack earlier this month.

Thousands of critical systems affected by serious security flaws (ComputerWeekly) Multiple and serious vulnerabilities have been found in a software management system widely used in corporate and industrial control environments, researchers warn.

Satori Author Linked to New Mirai Variant Masuta (Threatpost) Two related Mirai variants called Masuta and PureMasuta have links to a hacker identified as Nexus Zeta.

Spectre, Meltdown Hit On-Prem Windows Servers Hardest (Data Center Knowledge) Performance tax of patches in many cases unavoidable; chip vulnerabilities may accelerate shift to cloud

Windows banking trojan uses known names to target Australians (iTWire) Malicious attackers are using the names of well-known firms like Xero and Tax Store Australia to try and trick Australians into installing a variant o...

Tinder's Lack of Encryption Lets Strangers Spy on Your Swipes (WIRED) Thanks to Tinder's patchwork use of HTTPS, researchers found they could reconstruct someone's entire experience in the app.

Pirated Version of Fire and Fury Book Loaded with Malware (HackRead) Another day, another malware scam - This time, the pirated version of Fire and Fury book has been found infecting devices with a backdoor.

Rapid Ransomware Continues Encrypting New Files as they Are Created (BleepingComputer) A new ransomware is being spread called Rapid Ransomware that stays active after initially encrypting a computer and encrypts any new files that are created. While this behavior is not unique to Rapid, it is not a common behavior we see too often.

Check Point research raises alarm on AdultSwine, Scareware (ITWeb Africa) Several global trends to be discussed at CPX360 in Barcelona this week.

Hackers steal almost $400M from cryptocurrency ICOs (ZDNet) ICOs are risky, potentially lucrative, and now a top target for threat actors looking to cash in.

Behind the simulations imagining the nuclear apocalypse (The Verge) Are we prepared for a nightmare scenario?

Energy firms could be targeted by "crippling" cyber-attack within two years (Energy Voice) Oil and Gas companies in charge of critical infrastructure in the UK could be targeted by a “crippling” cyber-attack within the next two years, according to a security chief. In an interview with the Guardian, the head of the National Cyber Security Centre Ciaran Martin said the UK has been fortunate to avoid a category …

Cyber-Security Threats From Russia (Information Security Buzz) In response to Sir Nick Carter’s comments advocating an increase in government spending to combat cyber-security threats from Russia, Piers Wilson, Head of Product Management at Huntsman Security commented below.

When, Not If: Does NCSC Pessimism Hurt UK Cybersecurity? (Infosecurity Magazine) Does this level of ‘defeatism’ add anything to the confidence of national security?

Gemalto Sentinel flaws could lead to ICS attacks (SearchSecurity) Kaspersky researchers discovered 14 vulnerabilities in Gemalto Sentinel hardware tokens, opening the possibility of ICS attacks and IT device attacks.

Gone Phishing For The Holidays (Akamai Blog) While our team, Akamai's Enterprise Threat Protector Security Research Team, monitored internet traffic throughout the 2017 holiday season, we spotted a wide-spread phishing campaign targeting users through an advertising tactic.

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution (CIS) Multiple vulnerabilities have been discovered in Safari, watchOS, iOS, High Sierra, Sierra, El Capitan, and tvOS, the most severe of which could allow for arbitrary code execution.

Out with credit cards & in with identity data: Cybercriminals take fraud to new levels (IT Brief) Cybercriminals are ditching the ‘quick buck’ methods of stealing credit cards and are instead going after identity data.

Bluetooth and Personal Protection Device Security Analysis (The Duo Security Bulletin) The Duo Labs team analyzes the Bluetooth security of several different personal protection devices to shed light on how secure these devices are, and if they can be tracked remotely or reveal identifying information.

Senate Quietly Admits It Doesn't Protect Staffers' Personal Email Or Devices From Hacking (BuzzFeed) A recent threat from Russian government hackers led the Senate sergeant-at-arms to tell Senate offices that the security of their personal accounts and devices was their responsibility.

Industries most at risk of phishing attacks revealed (Help Net Security) A phishing study of six million users shows insurance organizations and not-for-profits lead all other industries with greater than thirty percent of users falling for baseline phishing tests.

Security Patches, Mitigations, and Software Updates

Intel: Stop firmware patching until further notice (ZDNet) The chip giant believes it has found the root cause of the issue forcing Haswell and Broadwell chips to unexpectedly reboot.

Dell Advising All Customers To Not Install Spectre BIOS Updates (BleepingComputer) The Spectre & Meltdown mess continues with Dell now recommending their customers do not install the BIOS updates that resolve the Spectre (Variant 2) vulnerabilities. These updates have been causing numerous problems for users including performance issues, boot issues, reboot issues, and general system instability.

Meltdown and Spectre Patching Has Been a Total Train Wreck (WIRED) In the haste to address the Meltdown and Spectre vulnerabilities that shook the computer industry, several clumsy patch attempts have had to be pulled.

Blizzard Fixes DNS Rebinding Flaw that Put All the Company's Users at Risk (BleepingComputer) A Google security researcher has discovered a security flaw in the Blizzard Update Agent shipped with all the company's games.

Firefox’s continued Quantum transformation—more multithreading, tracking protection (Ars Technica) The open source stalwart continues to make large performance improvements.

Cyber Trends

A Look at Cyber War in 2018 (Venafi) Jing Xie of Venafi examined the condition of nation-state sponsored cyber warfare and offered three predictions and insights for 2018.

Endpoint detection and response is coming - in one form or another (CSO Online) Vendors are bundling endpoint detection and response (EDR) into endpoint security suites. CISOs want it, but they aren’t sure how to consume it.

Security in the enterprise: Things are looking up! (Help Net Security) Cybersecurity is quickly becoming the number one business priority: security tools Jamf, KnowBe4, DigiCert, Cisco Umbrella, Mimecast, Sophos, and CloudFlare all ranked in the top 15 fastest growing apps for the first time.

Marketplace

10 Costs Your Cyber Insurance Policy May Not Cover (Dark Reading) All the things you might think are covered but that don't actually fall under most policies.

Web developers share concerns over Google's internet dominance (Computing) Technologists and publishers slam Google for taking control of the Web,Internet ,Google,internet, letter

Amazon Web Services catches Sqrrl, a security startup founded by ex-NSA staffers (GeekWire) Cloud security is going to be an even more important topic this year than ever, thanks to the Meltdown and Spectre debacle, and Amazon Web Services bolstered its security story Tuesday with the…

Facebook acquires ID authentication firm (Computing) Facebook to get a better insight into advertisers

Sumo Logic Acquires FactorChain to Pioneer New Security Analytics Essential for Cloud and Modern Application Delivery (CNBC) Sumo Logic, the leading cloud-native, machine data analytics platform that delivers continuous intelligence, today announced it has acquired FactorChain, an early stage security company with a Security Investigation Platform that makes transformational improvements in speed and depth of threat investigations, enabling...

Irdeto Acquires Denuvo, Bringing Together Decades of Security Expertise to Protect the Gaming Industry (Gamasutra) Irdeto has acquired Denuvo, the world leader in gaming security, to provide anti-piracy and anti-cheat solutions ...

WhiteHawk joins the ASX as the first online cyber security marketplace (Small Caps) WhiteHawk (ASX: WHK) was admitted to the ASX today in what the company claims is a “world first” as the only online cyber security marketplace to become publicly traded.

Rapid7 Announces Proposed Public Offering of Common Stock, Preliminary Financial Results and 2018 Outlook (GlobeNewswire News Room) Estimated fourth quarter revenues grew 27-28%

Aspect Ventures Raises $181 Million Second Fund From Investors Including Melinda Gates (Forbes) Four years after striking out from big-brand venture capital firms to set up their own shop, Theresia Gouw and Jennifer Fonstad are back for more with a second fund and several high-profile new supporters.

SecurityScorecard Now Fastest Growing Security Ratings Company (Wards Auto) SecurityScorecard, the leader in security ratings, is celebrating a record 2017 with global sales growth over 110 percent, doubled customer count, and twice as many rated companies in their proprietary database compared to the competition.

CrowdStrike Expands Operations Within Japan, Registers Massive Growth in Region (BusinessWire) CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced its rapid expansion of customer growth, new business opportunities...

Information security vendor Cybereason launches in Australia, partners with Nextgen Distribution and Seccom Global (CRN Australia) Hires security veteran to lead local charge.

KKR-backed cyber firm Optiv expands into Europe with deals in mind (Reuters) Optiv Security, an acquisitive Denver-based company backed by private equity firm KKR, is expanding into Europe where it will offer its cyber security management and consultancy services, executives said on Tuesday.

Information security vendor Cybereason launches in Australia, partners with Nextgen Distribution and Seccom Global (CRN Australia) Hires security veteran to lead local charge.

Twitter COO Anthony Noto Resigns, Stock Slides (Zero Hedge) Confirming Monday's rumor, moments ago Twitter announced that Anthony Noto notified the company on January 22, 2018 that he is resigning from his position as Twitter's #2 executive and Chief Operating Officer in order to accept the chief executive officer role at another company. Immediately afterwards, SoFi announced that Noto will be appointed as the company's CEO, while Tom Hutton remains chairman.

Cooley Adds 3 Cybersecurity Experts in 3 Cities (New York Law Journal) Two practice leaders at Norton Rose Fulbright as well as another partner from fellow global legal giant Dentons are heading to Cooley in Denver New York and Washington D.C.

Strategic Cyber Ventures Appoints Hank Thomas as CEO (FinSMEs) Strategic Cyber Ventures (SCV), a Washington, D.C. -based cybersecurity focused venture capital firm led by cybersecurity operators, appointed Hank Thomas as Chief Executive Officer (CEO)

Mimecast Doubles Down on Cyber Resilience for Email with Two Key Executive Appointments (GlobeNewswire News Room) Janet Levesque Joins as Senior Vice President of Systems, Risk and Security; Appoints Marc French as New Chief Trust Officer and Data Protection Officer to Lead GDPR Efforts

Facebook hires the scientist who helped build IBM Watson to lead its A.I. expansion (CNBC) Facebooktelligence research and development groups and has appointed a new leader of AI, Jérôme Pesenti.

DB Networks Appoints New Chief Data Scientist (Digital Journal) DB Networks®, a pioneer in Artificial Intelligence (AI) based database security, today announced the promotion of Benjamin Farber, Ph.D. to Chief Data Scientist.

Romanian IT group Bitdefender brings American and Brit to develop sales channels (Romania Insider) Romanian IT group Bitdefender has named British executive Andrew Philpott as Vice President of Enterprise Sales, Europe, the Middle East, and Africa (EMEA).

Products, Services, and Solutions

WatchGuard adds DNS protection to security suite (Business IT) The security appliance vendor is adding another defence layer that will protect users from dangerous sites.

WatchGuard Introduces New Advanced Learning Center for Channel Partners (Street Insider) WatchGuard channel partners can now access an advanced learning management system that enables personalized training paths for business and technical professionals

Masergy Extends Managed Detection and Response Platform with Office 365 Security Monitoring | Masergy (Masergy) Masergy Office 365 Security Monitoring leverages Microsoft’s built-in Cloud App Security analytics with its UES platform to enable continuous 24/7 monitoring, which is critical for rapid identification and response to attacks before damage can actually be done.

Exabeam Launches Data Lake to Store and Surface Critical Log Data for Efficient, Accurate Threat Detection and Response (GlobeNewswire News Room) Exabeam Data Lake empowers security teams with unlimited security data collection, indexing and search

NTT-AT to Distribute Trusona #NoPasswords Solution in Japan (PRNewswire) Subsidiary of Japanese telecom giant NTT to offer secure, frictionless user experience via Trusona passwordless, multi-factor identity authentication

Radware Expands Cloud Security and Global Footprint (NASDAQ.com) Radware® (NASDAQ:RDWR), a leading provider of cyber security and application delivery solutions, is rapidly expanding the capacity of all its scrubbing centers, which increases the global mitigation capacity of Radware cloud security network to more than 3.5Tbps of traffic and over 6 Billion packets per second (PPS).

Tesserent launches cybersecurity offering to the channel (CRN Australia) Plans for Cyberbiz start at $199 a month.

Project Mirror: How password manager Dashlane plans to make online security easy and intuitive (MobileSyrup) Later this year, Dashlane will launch Project Mirror, a new suite of features that will make it easier than ever for the company's users to manage the passwords related to their online accounts.

Morphisec Announces 'Gap Protection' for Any Organization (PRNewswire) Morphisec, the leader in Moving Target Defense, today...

Fortinet Takes Insurance Giant icare to the Cloud (CSO Online) CSO offers the latest information and best practices on business continuity and data protection, best practices for prevention of social engineering scams, malware and breaches, and tips and advice abut security careers and leadership.

Hastings forms partnership with BAE to battle insurance fraud (Insurance Business) Contract comes at a time when insurance fraud is rising at a startling rate

Pradeo teams with Samsung to offer better mobile security for Knox handsets (IT World Canada) Mobile device protection vendor Pradeo Security Systems is now offering its threat detection capability for handsets from Samsung running the manufacturer’s enterprise

DuckDuckGo offers new privacy extension and app (Help Net Security) Duck Duck Go, the company behind the eponymous privacy-minded Internet search engine, has announced a new browser extension and mobile app: DuckDuckGo Privacy Essentials.

Technologies, Techniques, and Standards

Cybersecurity: What Does the Board Want and Need? (Infosecurity Magazine) Board members are under pressure from all sides to keep data and business operations safe from cyber-attack.

How Much Visibility do we Really Need? (Infosecurity Magazine) The obvious answer to confronting breach fears would be to gain as much visibility into traffic as possible.

Major payment company: “Fewer and fewer use cases” for bitcoin payments (Ars Technica) Stripe: bitcoin is "better-suited to being an asset than a means of exchange."

South Koreans Will Soon Have to Go to Through a Bank to Buy Bitcoin (Motherboard) The country is announcing some serious new policies this week.

From Public Wi-Fi to Encrypted Emails, Panel Probes Security of Lawyer Communications (New York Law Journal) One takeaway from a New York State Bar Association discussion centered around data security in a lawyer’s day-to-day-practice and related ethical obligations is the importance of using encrypted communication devices for client information.

Establishing Trust Through Technology - Why HR Departments Can Rely on Blockchain (HR Techologist) HR Departments are incredibly busy, Alan Heppenstall, Co-Founder & CTO at Accredible explains how blockchain technology can help save time and effort by verifying that potential candidates have the expertise they say they have

Clever tricks from ESET to help you overcome FinFisher (WeLiveSecurity) ESET researchers have come up with some clever tricks to overcome FinFisher, an infamous surveillance tool for governments and their enforcement agencies.

Understanding cyber insurance risks of target companies (Mergers & Acquisitions) Restricting access to important information, and studying the company's cyber insurance policies can help manage potential data breaches.

Norway worries about cyber threats during military exercises (Fifth Domain) Norway is working to protect its military exercises from cyber threats, particularly those from Russia.

The Pentagon Should Adjust Standards for Cyber Soldiers — As It Has Always Done (War on the Rocks) Cybersecurity is one of the fastest-growing job sectors in the world and qualified experts are in short supply. It is estimated that nearly 1.5 million cyb

Design and Innovation

Here's what the military's 'flight simulator' for cyber warfare might look like (Cyberscoop) The U.S. Army is experimenting with all different types of training for its cyber commands, including the creation of virtual classrooms for its “cyberwarriors.” Next week, the military will host its second industry day to hear private companies pitch their ideas for an open contract to develop the persistent cyber training exercise, or PCTE.

Slowly but surely, browsers are becoming more secure (The Parallax) Cyber Independent Testing Lab research revealed at ShmooCon shows which browsers have improved in security the most over the past year—and which have suffered setbacks.

Cryptographie quantique: la révolution est en marche (AGEFI) Qu’est-ce qu’un ordinateur quantique? Une telle machine va-t-elle vraiment voir le jour? Les technologies quantiques fascinent.

Research and Development

Pulses of light to protect cryptocurrencies (Digital Journal) Technologists have successfully used pulses of light to encrypt data. This technology could be used to protect the security of cryptocurrencies.

Galois Awarded $4.5 Million DARPA Contract To Strengthen Hardware Security (PRWeb) Project award by DARPA Microsystems Technology Office (MTO) re-imagines approach to security for design and development of CPUs, smartphone chips, other hardware

Legislation, Policy and Regulation

UK to set up security unit to combat state disinformation campaigns (TechCrunch) The UK government has announced plans to set up a dedicated national security unit to combat state-led disinformation campaigns -- raising questions about how..

Do 'National Security' Threats Signal The Beginning Of The End For U.S.-China Trade Relations? (Forbes) The Trump administration is gearing up for renewed confrontation with China on trade-related issues. Most observers have focused their attention on the threat of increased tariffs or the “renegotiation” and dismantling of existing free trade agreements.

New defense strategy sets the tone for an agile cyber force (FCW) Defense Secretary James Mattis highlighted cyber force streamlining and tech infrastructure investment as part of an unclassified summary of the national defense strategy.

Cyber takes on new prominence in shutdown government (FCW) Agencies got a sneak preview at the elevated importance cybersecurity programs and personnel can expect to receive during future government shutdowns.

Dem presses Homeland Security for update on Kaspersky ban (TheHill) Rep. Bennie Thompson (D-Miss.) asks department for percentage of agencies that have implemented Kaspersky ban.

Better cybersecurity is critical to protecting future elections (TheHill) All that is necessary is the commitment to carry through to completion.

Litigation, Investigation, and Enforcement

Security experts question FBI’s data storage procedures (The Washington Times) The FBI may have ignored its own data storage procedures as it lost five months of text messages between two anti-Trump FBI employees, security analysts said.

Sessions interviewed in Russia probe (TheHill) It is the first time that Mueller’s team has interviewed a member of Trump’s Cabinet.

Cyber cops arrest duo for embezzling crores (MIllennium Post) Two persons were arrested by Bidhannagar Cyber Crime police station for siphoning a few crores from the bank account of a jute and cotton manufacturing company situated at Salt Lake Sector V....

Florida Cop Bought Powerful Phone Malware That Can Intercept Emails and WhatsApp (Motherboard) In the first known case of a U.S. regional agency purchasing malware, a Florida Department of Law Enforcement officer bought FlexiSpy.