The CyberWire Daily Briefing 1.26.18

Cyber Attacks, Threats, and Vulnerabilities

Hackers hit over 15 million users with new XMRig Monero cryptocurrency mining campaign (International Business Times UK) The campaign involved hackers making use of the URL shortener Bitly to trick victims into clicking on malicious ads.

Malware Epidemic: Monero Mining Campaigns Are Becoming a Real Problem (BleepingComputer) Malware that secretly mines Monero is becoming a real problem in the real world, with the number of different incidents growing with each week. For example, only this past week, three new attacks came to light.

Rise in cryptomining malware impacts organizations worldwide (Help Net Security) Cybercriminals are increasingly turning to cryptomining malware to develop illegal revenue streams, while ransomware and malvertising adware continue to impact organizations worldwide.

Cryptominers halting businesses in 'smash and grab attacks' (SC Media US) A recent uptick in cyberattacks on organizations using cryptocurrency-mining tools suggest a trend of cybercriminals using cryptominers for more disruptive and destructive attacks.

Cryptomining: Harmless Nuisance or Disruptive Threat? (Crowdstriks) Cryptocurrency mining is legal, but fraudulently compromising systems is not. Learn about this new threat from CrowdStrike® experts.

What is Lebal? New sophisticated malware found targeting several universities, government agencies (International Business Times UK) Researchers said the phishing attack included multiple layers designed to dupe even security vigilant users.

Dridex Banking Trojan Phishing Campaign Ties To Necurs (Information Security Buzz) It’s being reported that the operators of the the venerable Necurs botnet appear to be up to their old tricks, including targeting victims with a variety of phishing campaigns designed to infect them with banking malware, ransomware and cryptocurrency fever as well as to generate profits via dating website referrals. Andy Norton, Director of Threat Intelligence at Lastline commented below. …

Hacker steals US$440K in 'easily avoidable' digital currency breach (Security Brief) A hacker hijacked Black Wallet to steal around $440,000 from Bitcoin rival Stellar Lumen - High Tech Bridge's CEO says it was simple to prevent.

Industrial Safety Systems in the Bullseye (Dark Reading) TRITON/TRISIS attack on Schneider Electric plant safety systems could be re-purposed in future attacks, experts say.

Vulnerable industrial controls directly connected to Internet? Why not? (Ars Technica) Even some devices with patches available are connected to the naked Internet.

You are not alone Facebook and Instagram are down for many (HackRead) You are not alone, Facebook is down for many around the world especially in Europe, United States, India, Pakistan and South America.

You are not alone Netflix is down for many and slow for some (HackRead) You are not alone, Netflix is down for many while for some users the service is taking time in loading in Europe.

Fraudster almost got $900K from Harris County (Houston Chronicle) Federal and local law enforcement are investigating the attempted theft of nearly $900,000 from Harris County by someone posing as a contractor doing repairs after Hurricane Harvey.

Harris County tightens cybersecurity after almost losing $900K in phishing attack (Houston Chronicle) Harris County almost lost $900,000 in a phishing attack. Now, with the FBI investigating it and similar attacks on governments, the county is looking at ways to tighten its cybersecurity.

Allscripts recovering from ransomware attack that has kept key tools offline (CSO Online) Allscripts, the billion-dollar electronic health record (EHR) company headquartered in Chicago, IL said they were still working to recover from a ransomware attack that left several applications offline after data centers in Raleigh and Charlotte, NC were infected on Thursday.

Maersk Reinstalled 45,000 PCs and 4,000 Servers to Recover From NotPetya Attack (BleepingComputer) The world's largest container shipping company —A.P. Møller-Maersk— said it recovered from the NotPetya ransomware incident by reinstalling over 4,000 servers, 45,000 PCs, and 2500 applications over the course of ten days in late June and early July 2017.

Security Patches, Mitigations, and Software Updates

Information Disclosure, DoS Flaws Patched in libcurl (SecurityWeek.Com) Information disclosure and DoS vulnerabilities have been patched in libcurl, a multiprotocol data transfer library used by many major companies

ASUS Patches Root Command Execution Flaws Haunting Over a Dozen Router Models (Threatpost) ASUS patched a bug that allowed attackers to pair two vulnerabilities to gain direct router access and execute commands as root.

Mastercard to Implement Biometrics for In-Store Card Payments (Infosecurity Magazine) Consumers will be able to identify themselves with fingerprints or facial recognition when they shop and pay with Mastercard.

Facebook, Microsoft announce new privacy tools to comply with GDPR (Help Net Security) In four months the EU General Data Protection Regulation (GDPR) comes into force, and companies are racing against time to comply with the new rules and avoid being brutally fined if they fail to do so.

This month's Windows and Office security patches: Bugs and solutions (Computerworld) In spite of a whiplash patch/re-patch/re-re-patch cycle earlier this month, all is not doom and gloom. There've been a few actual fixes, too.

Cyber Trends

2018 Thales Data Threat Report - Global Edition | Data Security and Encryption Trends and Data Breach Statistics (Thales e-Security) The 2018 Thales Data Threat Report - Global Edition discusses the most recent trends in encryption and data security.

Businesses must be aware of IoT risks says Databarracks (BusinessCloud) New data reveals that only 27 per cent of organisations have policies in place to protect against Internet of Things threats

Malware Tactics Shifted (Infosecurity Magazine) Last year saw a distinct divergence in the types of attacks against businesses from attacks against consumers, Malwarebytes said.

Cyber attacks surge, ransomware leading the way (Help Net Security) The Online Trust Alliance (OTA) found that cyber incidents targeting businesses nearly doubled from 82,000 in 2016 to 159,700 in 2017.

Good privacy is good for business, so pay attention (Help Net Security) Data privacy concerns are causing significant sales cycle delays for up to 65 percent of businesses worldwide, according to findings in the new Cisco 2018

Marketplace

Tech firms let Russia probe software widely used by U.S. government (Reuters) Major global technology providers SAP , Symantec and McAfee have allowed Russian authorities to hunt for vulnerabilities in software deeply embedded across the U.S. government, a Reuters investigation has found.

Tech security giants McAfee, Symantec and Sap let Russia inspect software (Times) Russia has been allowed to delve into the inner workings of security software used by the US military and spy agencies and British industry. A Russian defence agency was allowed by the antivirus...

SAP, McAfee, Symantec let Russia review code (CNET) Security software firms let Russia look for flaws in their products, Reuters says. That's a concern for the US.

Software spying scandal is just the tip of the iceberg (Times) Would you hand your house keys to a private security company, giving its employees the right to see anything you do in your home, sort through your belongings and open your post? Put like that, the...

What is creating confusion in the cyber insurance market? (Canadian Underwriter) The lack of understanding around what is covered and how products are priced continues to sow confusion in the cyber insurance market. Robin Shufelt, assistant vice president of technology and cyber with The Sovereign General Insurance Company (a member of…

Cyber VC firm backed by ex-intelligence chiefs plans European deals (Reuters) A venture capital fund advised by former British and U.S. intelligence officials is planning a string of acquisitions to create a pan-European cyber security specialist.

Dell Technologies Considering IPO, Other Options, Sources Say (Bloomberg.com) Dell Technologies is considering strategic options including a public stock offering, according to people familiar with the matter, as the corporate-technology company seeks ways to boost revenue and raise funds.

Raytheon Execs Defend Forcepoint, Promise Growth (Aviation Week) Wall Street analysts peppered Raytheon Chairman and CEO Tom Kennedy and CFO Toby O’Brien with questions Jan. 25 after subsidiary Forcepoint reported a loss of $8 million in the fourth quarter of 2017.

Xconomy: Columbia Spinout Allure Security Bags $5.3M to Guard Business Data (Xconomy) Allure Security Technology, a Boston-area cybersecurity startup with roots at Columbia University, announced Thursday it has raised $5.3 million in seed funding...

3 Cybersecurity Stocks to Look at in 2018 (Madison) The cybersecurity industry saw impressive growth last year as corporations scrambled to get their houses in order following a series of serious breaches throughout the year. For example, the economic

The DNC’s New Chief Security Officer Knows All About Crisis (WIRED) At Yahoo, Bob Lord led the response to two massive cyberattacks. Now he's bringing that know-how to the Democratic National Committee.

Products, Services, and Solutions

New infosec products of the week: January 26, 2018 (Help Net Security) This week's featured infosec products are releases from the following vendors: Carbon Black, Exabeam, Fidelis Cybersecurity, Proxmox, Tripwire, Zyxel Communications.

DigiCert Certificates Will Be Publicly Logged Starting Feb. 1 (DigiCert) Starting February 1, 2018 DigiCert will submit all newly issued and publicly trusted SSL certificates to Certificate Transparency (CT) logs by default.

Forum Systems Advances Industry-leading API Security Gateway Technology (Forum Systems) Company’s award-winning Forum Sentry drives secure Amazon Elastic Compute Cloud deployments

Japanese insurers pair with Verizon to gauge cyberattack risks (Nikkei Asian Review) Japan's Mitsui Sumitomo Insurance and Aioi Nissay Dowa Insurance are teaming up with Verizon Communications of the U.S. to launch a risk asse

Fidelis Boosts Cyber-Security With Intelligent Deception Module (eWEEK) Fidelis advances its Elevate platform with deception capabilities to enable a broader Automated Detection and Response offering.

Cozy is building a personal cloud service that respects your privacy (TechCrunch) Meet Cozy, a French startup that wants to completely rethink how cloud services work. The startup first launched a Dropbox-like competitor to store,..

A Deep Learning Approach for Detecting Unknown Malware (Datanami) All of the major antivirus vendors at this point are moving towards machine learning approaches to keep up with the evolving threat landscape. That's the g

Comodo calls out Symantec certificate issues, applauds Google (SearchSecurity) Comodo CA's new leadership team discusses the Symantec certificate issues brought to light by Google and the opportunity they've created for Comodo.

Carahsoft to Resell Secureworks Threat Intell Products, Services to Public Sector (ExecutiveBiz) Carahsoft and Dell Technologies‘ Secureworks subsidiary have partnered to offer a suite of threat intelligence products and services to the public sector government contract acquisition vehicles. Secureworks said Wednesday its offerings are designed to help organizations avoid breaches and are now available to agencies through Carahsoft’s positions on the General Services Administration Schedule 70 and NASA‘s Solutions Enterprise-Wide Procurement contract. Carahsoft...

Technologies, Techniques, and Standards

Encrypt Before Sending, and Why Encryption Matters (Northrop Grumman) To encrypt a message is to convert it into a form that only authorized recipients can understand, even if it falls into unauthorized hands.

Cutting Through the Confusion on Threat Intelligence Feeds and Platforms (Security Week) Over the next five years, the threat intelligence market is predicted to grow more than 18% a year and reach nearly $9 billion by 2022.

War without the internet? Commandant says Marines need to revive old-style comms (Marine Corps Times) Marines also will need to start conducting training with the internet off, he said.

Design and Innovation

Even Years Away From Full Adoption, Blockchain Disruption Is Already Here (New York Law Journal) Cardozo School of Law’s Aaron Wright discusses how blockchain's development may mimic that of the World Wide Web, and what attorneys get wrong about smart contracts.

Research and Development

Center for Long-Term Cybersecurity Announces 2018 Research Grantees (CLTC) The UC Berkeley Center for Long-Term Cybersecurity (CLTC) is proud to announce the recipients of our 2018 research grants. In total, 37 different groups of researchers will share a total of over $1 million in funding to support a broad range of initiatives related to cybersecurity and other emerging issues at the intersection of technology and society.

Legislation, Policy and Regulation

Australia takes over Solomon Islands internet cable amid spies' concerns about China (The Sydney Morning Herald) Australia's spy agencies were so concerned about the security and strategic risks posed by a plan for Chinese firm Huawei to build an internet cable linking the Solomon Islands to Sydney that the Turnbull government will now largely pay for the project itself.

Paranoia will destroy you: Why Chinese tech isn't spying on us (ZDNet) The notion that the Chinese government would spy on corporations and our agencies with electronic devices manufactured by Chinese companies is not only absurd but would be catastrophic to furthering their ambitions in world trade.

Centre to soon set up exclusive cyber response team for financial institutions (The Hindu Business Line) IT Secretary Sawhney says CERT-In has prepared a detailed report on the same

Perspective | How to fight mass surveillance even though Congress just reauthorized it (Washington Post) What the battle looks like after Section 702's reauthorization.

Litigation, Investigation, and Enforcement

Allscripts hit with a class-action lawsuit one week after ransomware attack (Fierce Healthcare) Barely a week after it was struck by a ransomware attack, Allscripts is facing a lawsuit alleging the company failed to adequately protect its systems.

US lawmakers press AMD, Apple, Intel, Microsoft and more over Meltdown and Spectre security embargo (Inquirer) Four Republican lawmakers reckon they have ways of making big tech firms talk,Security ,Intel,Microsoft,Meltdown,Spectre

The Hawaii Employee Who Sent The False Missile Alert Is Refusing To Cooperate With The Investigation (BuzzFeed) An official with the Federal Communications Commission said in a US Senate hearing on Thursday that they were disappointed the employee was refusing to cooperate.

Dutch intelligence reportedly hacked Russian election hackers in 2014 (TechCrunch) As if the story of the 2016 election and associated cyberattacks wasn't already complicated enough, new information now suggests that Dutch intelligence has..

Dutch revealed to US details of Russian hackers linked to DNC hack (The Sydney Morning Herald) The Dutch intelligence agency AIVD spied on the Russian group believed to be behind the hack of the Democratic Party ahead of US elections.

The Dutch intelligence services played an important role in the current FBI investigation into Russian influence on the American elections... (garethevans0108's Blog) The Dutch services have had unique access for at least one and a maximum of two and a half years to a group of Russian hackers who, according to Western intelligence services, were commissioned by …

Twitter accused of dodging Brexit botnet questions again (TechCrunch) Once again Twitter stands accused of dodging questions from a parliamentary committee that's investigating Russian bot activity during the UK's 2016 Brexit..

Facebook: Russian agents created 129 U.S. election events (Reuters) Facebook Inc said Russian agents created 129 events on the social media network during the 2016 U.S. election campaign, according to testimony to Congress, shedding more light on Russia's purported disinformation drive aimed at voters.

Defiant Republicans ready to send secret Russia memo to Trump (POLITICO) A review of the House Intelligence Committee's 13 GOP members shows firm support for what a top Justice Department official calls an "extraordinarily reckless" move.

As walls close in on FBI, the bureau lashes out at its antagonists (TheHill) The bureau's advocates are strangely uncurious about alleged improprieties with implications of the worst kind: Stasi-like tactics used against Americans.

The FBI’s Missing Texts (Wall Street Journal) More reasons to question the bureau’s 2016 election actions.

Facebook’s least favorite Austrian can now press privacy suit in Vienna (TechCrunch) A big blow for Facebook today after Europe's top court delivered a verdict in a long-running legal challenge that opens the door for plaintiff and privacy..

The Cynical Misdirection Behind #ReleaseTheMemo (WIRED) Congressman Devin Nunes has fired up his fellow Republicans over a mysterious memo, taking advantage of a secretive legal process to sow confusion.

Oxygen Forensics Works to Fight Domestic and International Child Exploitation; Partners with Project VIC (Oxygen Forensics) Oxygen Forensics, a worldwide developer and provider of advanced forensic data examination tools for mobile devices, drones and cloud services, today announced that it is partnering and integrating its product and technology with Project VIC.

With Google, Bitcoins, and USPS, Feds realize it’s stupid easy to buy fentanyl (Ars Technica) Simple search led investigators to sales of $766 million worth of fentanyl.

Your Sloppy Bitcoin Drug Deals Will Haunt You For Years (WIRED) Scouring the blockchain, researchers found years-old evidence tying Silk Road transaction to users' public accounts.

FCC schedules meeting to address prison cellphone issues (Federal Times) The agency is making good on Chairman Ajit Pai’s October pledge to U.S. Rep. David Kustoff that he would set up the meeting to address cellphones in the hands of inmates.

The Mexican Border-Crossing App That Suddenly Disappeared (Motherboard) “What would stop Border Patrol agents from signing up for this also?”

Jail for man who hacked 1000 student email accounts in search for sexually explicit images (WeLiveSecurity) A poorly-secured password reset utility allowed a man to access more than 1,000 email accounts at a New York City-area university in a hunt for sexually explicit photographs and videos.

Cryptocurrency mining. Twitter, Facebook, look at influence ops. Dutch intelligence caught Cozy Bear. Russia wants source code.