The CyberWire Daily Briefing 8.24.18

Summary

By The CyberWire Staff

FireEye said that YouTube was also infested with Iranian front accounts, and yesterday Google took action to terminate "dozens" of them. They were channels for the Islamic Republic of Iran Broadcasting, the state-run media outlet that's been under US sanctions since 2013.

The Secureworks Counter Threat Unit this morning reported its discovery of "COBALT DICKENS," an extensive Iranian credential stealing campaign that targeted universities across sixteen domains with more than 300 spoofed pages in fourteen countries.

The Democratic Party confirmed that its phishing false alarm was produced by over-zealous, ill-conducted red-teaming by the party's Michigan wing.

Another election security own-goal was reported late yesterday in Texas, where nearly fifteen-million voter records were found in an exposed server by a New Zealand breach hunter who goes by the nom-de-hack "Flash Gordon." It's so far unknown who mishandled the data, but UpGuard suggests it may have been the Republican-leaning firm Data Trust.

US National Security Advisor Bolton is calling for Russia to knock off its attempts to influence US elections. Coincidentally or not, an Atlantic Council think-piece reminds everyone of the Panama Papers, and suggests that if you want to deter Russian cyber operations, a sound counter-value retaliatory strategy would go after the oligarch's bank accounts.

China promises trade retaliation against Australia for excluding Huawei and ZTE from its 5G network. Such retaliation will be a new Government's problem: Malcolm Turnbull is out as Australia's Prime Minister, replaced by Scott Morrison.

NSA alumna and leaker Reality Winner was sentenced to five years.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Iran, Mexico, New Zealand, Turkey, Russia, United Kingdom, United States

Don’t let threats SOC you where it counts.

Protecting your organization from an attack involves much more than the traditional “block & tackle” tactics of the past. A good boxer doesn’t just block the punch they see coming, they move against the next anticipated punch. The modern Security Operations Center (SOC) requires a combination of automation and human tradecraft to successfully repel the adversary. Learn more about the modern SOC in LookingGlass’ webinar featuring guest IDC, August 29 @ 2pm ET.

On the Podcast

In today's podcast, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin reviews the US State Department's efforts to establish international norms for cyberspace. Our guest is Theresa Payton from Fortalice Solutions, addressing hype versus reality when it comes to the blockchain, AI, and the IoT.

Sponsored Events

Cyber Security Summits: August 29 in Chicago & in NYC on September 25 (Chicago, Illinois, United States, August 29, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The NSA, Darktrace, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

IR18: Don’t Forget to Register for the first and only community-driven IR conference! Built by the community, for the community. (Arlington, Virginia, United States, September 5 - 6, 2018) IR18 is a conference for cybersecurity professionals to learn and develop playbooks to improve incident response processes. Receive 20+ hours of practical training on today’s best practices in IR topics, including 36 breakout sessions designed for all levels of experience.

Rapid Prototyping Event: The Chameleon and the Snake (Columbia, Maryland, United States, September 17 - 20, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event that specifically targets malware signature diversity and signature measurement for Microsoft Windows in a simulated operational environment at a realistic pace. Join us September 17-20, 2018 at UMBC Training Center in Columbia, MD.

The force is stronger when MSPs and MSSPs come together. (Webinar, September 19, 2018) The managed service market has grown tremendously, with the demand for managed security being unprecedented. For managed service providers (MSPs) looking to answer those demands, partnering with a managed security services provider (MSSP) expands access to highly-skilled cyber security analysts and a full suite of security solutions. Join Delta Risk’s webinar, September 19 at 1 PM ET, to learn how the two sides can join forces.

5th Annual Cyber Security Conference for Executives (Baltimore, Maryland, United States, October 2, 2018) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Tuesday, October 2nd, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. To receive the early-bird rate, register now!

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Back to School: COBALT DICKENS Targets Universities (Secureworks) Despite indictments in March 2018, the Iranian threat group is likely responsible for a large-scale campaign that targeted university credentials using the same spoofing tactics as previous attacks.

Tech Giants Target Accounts Linked to Iran (Wall Street Journal) Google, Facebook and Twitter are zeroing in on Iran, scrubbing their online networks of fake accounts, videos and social-media posts by the rising cyber adversary aimed at spreading misinformation.

A Brief History of Iranian Fake News (Foreign Affairs) Iranian disinformation campaigns are as old as the Islamic Republic itself.

Kremlin spreads lies about MMR jab (Times) Kremlin-sponsored social media accounts have promoted discredited theories about the MMR jab as part of an effort to sow doubt in the West over the safety of vaccines. Russian government “trolls”...

Millions of Texas voter records exposed online (TechCrunch) A massive trove of voter records containing personal information on millions of Texas residents has been found online.

DNC ‘spearphishing attack’ was actually a test (Naked Security) A fake login page turned out to be a test phishing attack from the Michigan Democratic Party, which hadn’t told the DNC or the ISP about it.

US spies warn of increase in supply chain vulnerabilities (Fifth Domain) Hackers have increased attacks on the U.S. supply chain, according to a top intelligence official.

What the US-Turkey Escalation Means for Cybersecurity (Anomali) The recent escalation in US-Turkish political relations has important implications and will likely result in cybersecurity responses..

Turla Threat Group Uses Email PDF Attachments to Control Stealthy Backdoor (Dark Reading) The Russian-speaking group's latest tactic is the only known case of malware that's completely controllable via email, researchers at ESET say.

Mirai botnet strikes again: This time it's going after a specific open source project (TechRepublic) Mirai-powered botnet targets the Internet of Things (IoT) via an open source project named Aboriginal Linux.

Emerging Threat Active Exploit of Apache Struts Remote Code Execution Vulnerability (Security Boulevard) Researchers have discovered proof-of-concept code for a new Apache Struts remote code execution vulnerability.

Vulnerability in OpenSSH “for two decades” (no, the sky isn’t falling!) (Naked Security) An OpenSSH bug that was reclassified as a vulnerability after it was fixed has made scary headlines – but the sky isn’t falling

IBM reveals how it broke its own cloud (CRN Australia) Shut down servers by mistake and things got worse from there.

T-Mobile discovers security breach of certain customer information (Reuters) T-Mobile US Inc and its unit Metro PCS informed customers on Thursday about a potential security breach that was discovered and shut down by the company.

Superdrug admits security breach compromising customer data - but claims its systems weren't breached (Computing) One early benefit of GDPR: Breached companies are owning up to potential security breaches much faster

Ticketmaster Security Breach Now Affecting New Zealand Users (TicketNews) Thousands of people in New Zealand are now replacing their bank cards after the international sales company suffered from a global security breach earlier this year.

Security Patches, Mitigations, and Software Updates

Microsoft issues new Windows 10 patches to mitigate Intel Foreshadow and Spectre vulnerabilities (http://www.computing.co.uk) Stand-alone Windows 10 update rushed out following Foreshadow CPU security flaw disclosure

Intel security patch licence barring benchmarking withdrawn following Bruce Perens' criticism (Computing) Intel embarrassed into licence climbdown

Cyber Trends

Why too much attention on foreign actors and voting machines can hurt cybersecurity (Fifth Domain) The overwhelming majority of cyberattacks occur because of basic security failures, phishing attempts and human error, according to research.

Marketplace

Bricata lands contract to secure large health insurance network (Technical.ly Baltimore) The Columbia cybersecurity startup said it won a deal with Chicago-based Health Care Service Corporation.

With AlienVault acquisition complete, AT&T names new head of cybersecurity solutions (RCR Wireless News) Small- and medium-sized businesses are as vulnerable to attacks as large enterprises. Addressing this cybersecurity need is a key point of AT&T's acquisition of AlienVault.

Products, Services, and Solutions

New infosec products of the week: August 24, 2018 (Help Net Security) DefenseCode announces free edition of their Web Security Scanner DefenseCode Web Security Scanner is a DAST (Dynamic Application Security Testing) product

Technologies, Techniques, and Standards

The Votes Are In: Election Security Matters (Dark Reading) Three ways to make sure that Election Day tallies are true.

What's In a (Threat Intelligence) Name? (Security Intelligence) A lot of things in the threat intelligence world have multiple names, and these aliases often complicate the process of researching and dealing with security threats.

Network managers may one day get access to the cyber training platform (C4ISRNET) The persistent cyber training environment may eventually be for more than cyber mission forces.

What will the cyber training platform look like? Good question. (C4ISRNET) Working through the agile development process, the Army is not sure what the finial vision for the persistent cyber training environment will look like.

Design and Innovation

How AI-enabled security can turn cyber novices into security ninjas (GCN) When security analysts are freed from the technical shackles of traditional data science, they can harness their expertise and creativity to rapidly ask questions of big data, test theories, explore and validate their ideas.

Security and Artificial Intelligence: Hype vs. Reality (Threatpost) Bridging the divide between hype and reality when it comes to what artificial intelligence and machine learning can do to help protect a business.

Biohacking Joins AI, Blockchain Among Technologies to Bring Competitive Edge (Wall Street Journal) A report from Gartner aims to help chief information officers and other business leaders identify the “must-watch” technologies to guide investment.

Research and Development

DARPA wants an AI system that can basically make sense of everything (C4ISRNET) The proposed AI system would able interpret and expose scientific knowledge and underlying assumptions in existing models to extract useful information

Is there new ‘hackproof’ cyber defense? Air Force, industry test new system (Brinkwire) The Air Force is working with industry to test an emerging cybersecurity technology which has not as of yet been “hacked,” despite massive amounts of attempted penetrations.

Academia

Russian student competitions are rebuilding a military-industrial pipeline (C4ISRNET) By showcasing the work of high school students at a major military expo, Russia is promoting its renewed military industrial pipeline.

Legislation, Policy and Regulation

US security adviser John Bolton presses Russia about election meddling (Deutsche Welle) The US security adviser John Bolton has again accused Russia of meddling in elections, which Russia again denied. Bolton also announced a cut in US funding for the UN.

Malcolm Turnbull lashes out at plotters as Scott Morrison becomes Australian PM (Times) Australia’s ousted prime minister has fiercely attacked right-wing populists for plunging the country into political chaos when they tried and failed to replace him with one of their own. Malcolm...

Malcolm Turnbull's telco, cybersecurity ministers quit (CRN Australia) More scalps after Peter Dutton's first leadership challenge.

China threatens action against Australia over 5G ban for Huawei and ZTE (Computing) Those who wilfully hurt Chinese companies with an excuse of national security will meet their nemesis, warns China's state-controlled press

Follow the Money: How the United States Can Stop Helping Putin (Atlantic Council) When a cache of secret documents detailing a global network of offshore assets, the so-called Panama Papers, was released to the public in 2016, the name of a St. Petersburg cellist, Sergei Roldugin, broke into the news...

How the U.S. Has Failed to Protect the 2018 Election--and Four Ways to Protect 2020 (Lawfare) If the U.S. government stays on its current course, it risks allowing elections to become the World Cup of information warfare.

Litigation, Investigation, and Enforcement

Microsoft Hit With U.S. Bribery Probe Over Deals in Hungary (Wall Street Journal) Microsoft is being investigated by U.S. Justice Department and the Securities and Exchange Commission over potential bribery and corruption related to software sales in Hungary.

Zscaler loses bid to toss out Symantec's patent infringement suit (Northern California Record) San Jose-based information security company Zscaler was recently denied a motion for judgment on the pleadings in a federal lawsuit filed by Mountain View-based software company Symantec Corporation alleging patent infringement.

Leaker of secret report on Russian hacking sentenced (Fifth Domain) A former government contractor who pleaded guilty to mailing a classified U.S. report to a news organization was sentenced on Thursday.

Teen’s Detention in Russia Prompts Public Outcry (Foreign Policy) The young woman belonged to a political group whose members may have been entrapped by a police informant.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Energy Tech 2018 (Cleveland, Ohio, USA, October 22 - 26, 2018) The annual EnergyTech Conference & Expo is an organized event, supported by NASA and INCOSE, highlighting advancements in Energy, Smart-Grids and Microgrids, Aerospace, Critical Infrastructure, Security and Policy. In 2018, we continue to expand our collaboration effort with professional societies including InfraGard, IEEE, SAE, AIAA, PMI, and others, to join in advancing the technology and system integration of these complex domains, and managing the risk scenarios confronting civilizations.

RSA 2019 (San Francisco, California, USA, March 4 - 8, 2019) This year’s theme is, to put it simply, Better. Which means working hard to find better solutions. Making better connections with peers from around the world. And keeping the digital world safe so everyone can get on with making the real world a better place. Learn about the latest cybersecurity developments in expert-led sessions, inspiring keynotes and in-depth seminars. Demo innovative products and solutions, network with infosec insiders and peers, and help move the industry forward as part of an engaged and empowered global community.

upcoming Events

The Air Force Information Technology & Cyberpower Conference (Montgomery, Alabama, USA, August 27 - 29, 2018) As the premiere Air Force cyber security annual event, the Air Force Information Technology & Cyberpower Conference (AFITC) returns to Montgomery, Alabama in August of 2018. As a critical intersection of Air Force IT experts, prominent IT academics, and some of America’s top cyber security companies, the AFITC offers a full of slate events and activities, with 3 days of speakers, expanded education/training opportunities, and an exhibitor-driven trade show that all revolves around the ways we can better defend America from cyber-attacks, advanced persistent threats, and proactively lead in this in this increasingly digital world.

The Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Intelligence & National Security Summit (National Harbor, Maryland, USA, September 4 - 5, 2018) The Intelligence & National Security Summit is the premier forum for unclassified, public dialogue between the U.S. Government and its partners in the private and academic sectors. The 2018 Summit will include five plenary sessions, where senior leaders from the intelligence and national security communities will discuss top priorities, challenges, and assessments of key threats, as well as nine breakout sessions that will examine issues of vital importance to our national wellbeing and the readiness of the intelligence and national security workforce.

Cyber Resilience & Infosec Conference (Abu Dhabi, UAE, September 5 - 6, 2018) Interact with the top-notch cyber security specialists, learn new strategies and protect your company's future efficiently

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses within government and the private sector. This year's summit, like the previous eight, will bring together leaders from government and industry for a comprehenive look at the challenges of cybersecurity.

SecureWorld Twin Cities (Minneapolis, Minnesota, USA, September 6, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

CornCon IV: Quad Cities Cybersecurity Conference & Kids' Hacker Camp (Davenport, Iowa, USA, September 7 - 8, 2018) CornCon is a 2-day conference held in Davenport, Iowa including a professional development workshop on Friday and a full-day cybersecurity conference on Saturday. The workshop covers enterprise risk, privacy and security. The conference has a keynote track with top international speakers, and a technical track with cutting edge exploits, demos and presentations. There will be a hacker village, vendor expo, contests, t-shirts, food drinks and a great after party. There is also a Saturday kids' hacker camp running alongside the conference. "A little DEFCON in a corn field!"

2018 International Information Sharing Conference (Tysons Corner, Virginia, USA, September 11 - 12, 2018) Join representatives from fellow information sharing groups with all levels of expertise, security practitioners, major technology innovators, and well-established cybersecurity organizations, as they come together to discuss the impact ISAOs have had on the nation’s security, share lessons learned, and discover the latest in cybersecurity policy. Attendees will gain the knowledge needed to learn how to improve information sharing with keynote addresses by industry experts, senior government, and international thought leaders, presentations on key topics and panel discussions of interest to the Information Sharing community, technology demonstrations from service providers and vendors addressing information sharing challenges. There will be many networking opportunities and exhibits.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.