The CyberWire Daily Briefing 9.20.18

Summary

By The CyberWire Staff

Magecart strikes again, this time at Philippine media conglomerate ABS-CBN.

ESET researchers report an infestation of malicious financial apps in Google Play. The apps have since been removed. In operation since June of this year, they presented themselves as apps belonging to the Commonwealth Bank of Australia, the Australia and New Zealand Banking Group Limited, the ASB Bank, the TSB Bank, PostFinance (Swiss Post's financial services unit), the Polish Bank Zachodni WBK (now rebranded as Santander Bank Polska), and Bitpanda. This last is one of the more interesting targets: Bitpanda is an Austrian cryptocurrency exchange that doesn't even have an app.

Zscaler notes that a cloud hosting service is being abused by hackers. Congeco Peer 1 is hosting domains used to serve a range of phishing attacks and attempts on cryptocurrency wallets. According to Zscaler's blog, the problems have been around since February of this year.

Determined to do better this election cycle, Facebook is offering bipartisan help to campaigns, get-out-the-vote support, and an anti-disinformation war room.

The UK's ICO will fine Equifax £500,000 for last year's data breach. Some 15 million individuals were affected in the UK.

Beijing has opened a campaign to influence Taiwan's coming elections. Expecting this to be the case, Taiwan is preparing itself. So far, new malware tools have been discovered targeting government agencies. Taiwan officials believe the number of cyber attacks will rise before their November elections in an attempt to undermine President Tsai Ing-wen and her efforts to resist Beijing’s claim to Taiwan.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Austria, Canada, China, Iran, Ireland, Philippines, Poland, Singapore, Russia, Taiwan, United Kingdom, and United States.

Yesterday’s Scorecard Won’t Protect Your From Tomorrow’s Breach

With 56% of global organizations experiencing third party breaches, it’s no surprise that third party risk is the hottest cybersecurity topic. Threat actors will continue to target third parties as long as their vulnerabilities go unchecked. You need a 24x7x365 monitoring solution. Read LookingGlass’ eBook to learn how to build a successful third party risk program, so your organization isn’t left relying on old data to protect your employees, customers, and brand.

On the Podcast

In today's podcast, we speak with our partners at Cisco Talos, as Craig Williams suggests ways of distinguishing between features from bugs with respect to security. Our guest is Roela Santos from Engility, describing the CyberWarrior scholarship for veterans.

This week's Hacking Humans is also up. In this episode, Dave warns of scammers taking advantage of hurricane Florence, both on the phone and in person. Joe shares a scheme targeting the kindness of local churchgoers. A cosmic variation on the Nigerian email scam is discussed, and Joe interviews his Johns Hopkins University colleague Chris Venghaus, who leads a tech support scammer on a wild goose chase.

Sponsored Events

Cyber Security Summits: September 25 in NYC on October 16 in Phoenix (New York, New York, United States, September 25, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The NSA, Google, IBM, Darktrace, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

FireEye Cyber Defense Summit 2018 (Washington, DC, United States, October 1 - 4, 2018) Get trained by a FireEye expert at our annual Cyber Defense Summit. Training opportunities at this event offer attendees hands-on, small-group, interactive sessions with some of the most experienced FireEye cyber security experts.

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Chinese cyber spies target Taiwan's leader before elections (The Sydney Morning Herald) The attacks are intended to undermine a president who has defied Beijing's efforts to bring the democratically ruled island under its control.

Security firm warns of increased hacking bids in Middle East (Khaleej Times) The firm expects the cyber attacks to continue because of the current geopolitical climate.

Broadcaster ABS-CBN customer data stolen, sent to Russian servers (ZDNet) Updated: The data theft is the work of Magecart, a group connected to attacks against British Airways and Ticketmaster.

CBA and ANZ caught in fake banking apps scam (Canberra Times) Thousands of banking customers have been caught in a fake banking app scam, prompting questions about Google Play’s app authentication process.

The latest cloud hosting service to serve malware (Zscaler) In recent years, there have been many studies related to compromised cloud hosting services.

New Botnet Hides in Blockchain DNS Mist and Removes Cryptominer (BleepingComputer) A new botnet captured the attention of security researchers through its harmless behavior and the use of an original communication channel with its command and control center.

Password bypass flaw in Western Digital My Cloud drives puts data at risk (TechCrunch) A security researcher has published details of a vulnerability in a popular cloud storage drive after the company failed to issue security patches for over a year. Remco Vermeulen found a privilege escalation bug in Western Digital’s My Cloud devices, which he said allows an attacker to bypas…

NewEgg cracked in breach, hosted card-stealing code within its own checkout (Ars Technica) Like British Airways breach, attack blended with site code, sent data to lookalike domain.

A Major Bug In Bitcoin Software Could Have Crashed the Currency (Motherboard) 'For less than $80,000, you could have brought down the entire network.'

Bogus finance apps on Google Play target users worldwide (Help Net Security) ESET researchers have discovered bogus finance apps impersonating various services and the Austrian cryptocurrency exchange Bitpanda on Google Play.

How Hackers Use Social Media and Emails to Hack Virtual Crypto Wallets (CoinCentral) Social media and email addresses have become vital elements of everyday life in the contemporary world, for both networking and businesses. And now, the two are among the primary avenues targeted by virtual wallet hackers.

Manipulation tactics that you fall for in phishing attacks - Help Net Security (Help Net Security) Malicious actors prey on a company’s workforce – often using common psychological tactics to manipulate people into sending money or providing access.

FBI, cyber protection team called on Beatrice cyberattack (KETV) No information believed stolen or destroyed

Cyber Trends

IoT Malware Detections Soar 273% Since 2017 (Infosecurity Magazine) IoT Malware Detections Soar 273% Since 2017. Kaspersky Lab warns home users of growing threat

SMBs Fear Phishing, Fall Short on Cyber Training (Infosecurity Magazine) A lack of resources leaves SMBs unaware of top cyber threats, says Webroot.

What's driving claims in cyber insurance? (Insurance Business) A recent analysis of claims data lifted the lid on the true cost of cyber criminals' activities

Government Hacking Raises New Security Concerns (Stanford Law School) News of governments such as Russia and North Korea deploying their tech teams to hack into companies for political reasons has made headlines (think S

Marketplace

Facebook plans voter drive, partners with Democratic/Republican Institutes (TechCrunch) Facebook will push users to register to vote through a partnership with TurboVote, has partnered with the International Republican Institute and National Democratic Institute nonprofits to monitor foreign election interference and will publish a weekly report of trends and issues emerging from its …

Inside Facebook’s Election ‘War Room’ (NYTimes) Seven weeks before the midterm elections, the social network is setting up a central hub to root out disinformation and false news. We visited the operation.

Options Abound for Cyber Security Jobseekers, but Finding the Right Fit Takes Work (Security Boulevard) We've all heard the familiar refrain any time cyber security professionals gather: There aren't enough qualified security employees to fill the glut of available positions.

Products, Services, and Solutions

Ivanti Patch for Windows Achieves Common Criteria EAL 2+ Certification (Markets Insider) Ivanti, the company that unifies IT to better manage and secure the digital workplace, today announced that I...

Cavirin Delivers Breakthrough Resource Visibility and Security Posture Intelligence for Hybrid Cloud Infrastructures (Cavirin) Deployment of New CyberPosture Intelligence Arms Customers with Full Control of All Assessment Data

Arilou Of NNG Group And Ohmio Announce Working Together To Secure Autonomous Buses (NNG) The agreement between the companies is a significant step in the adoption of cyber security solutions in the industry.

Fintech Firm Rolls Out New Cybersecurity Platform (ThinkAdvisor) Entreda aims to help broker-dealers RIAs and advisors nearly 75% of whom have been the target of a cyberattack.

Group-IB introduces Secure Bank, a solution for anti-fraud protection (Help Net Security) Group-IB’s Secure Bank aims to prevent client-side fraud and attacks across sessions, platforms, devices, channels, and entities.

US Signal partners with Cloudflare to deliver DDoS protection service (Help Net Security) US Signal partners with Cloudflare to bring new service that delivers DDoS mitigation for network, transport and application layers and is backed by a SLA.

Security, insurance providers want to help you evaluate your cyber risk (CSO) A host of security vendors are targeting governance-minded companies with tools for formalising the evaluation and management of cybsersecurity risk across an organisation.

Technologies, Techniques, and Standards

The “One Thing” in Cyber (Medium) Cyber security professionals often borrow terms from public health. A “disease vector” is the path an infectious disease takes through a…

Your Cyber-Enemy May Not Be the Person You Suspect (Entrepreneur) The less-obvious risk often is the most dangerous. Protecting your company and personal assets starts with understanding real versus perceived threats.

INSIGHT: Thinking of Hiring In-House Cyber Counsel? Here Are Some Tips (Bloomberg) In boardrooms across the nation, there is one risk that stands above all others: cybersecurity.

Utilising web browser forensics for cyber security investigations (Information Age) Barry Shteiman, VP, Research and Innovation at Exabeam, explains why browser forensics represents a critical step in the cyber security.

What Is Cryptojacking? Find Out About This Year's Biggest Cybercrime (CoinCentral) It sounds like an adrenaline-packed adventure sport.

How do you protect digital channels from cyber threats? (Help Net Security) A well-thought out social media presence is a must, but too few of them think about the potential repercussions of an attack targeting it.

Trump administration to send U.S. cellphones a test alert on Thursday (Reuters) The Trump administration will send a message to all U.S. cellphones on Thursday ...

Better security needed to harness the positive potential of AI, mitigate risks of attacks (Help Net Security) In order to harness AI potential, especially for security, enterprises must make the needed investments in well-trained staffs.

Design and Innovation

Who ate all the PII? Not the blockchain, thankfully (Register) GDPR be praised, new product keeps personally identifiable information off the chain

How the HTC Exodus Blockchain Phone Plans to Secure Your Cryptocurrency (WIRED) HTC starts filling in the details of its so-called blockchain smartphone, expected to launch later this year.

SparkLabs is launching a cybersecurity and blockchain accelerator program in the US (TechCrunch) Investment firm SparkLabs has run accelerator programs across APAC, now it has announced its first that’ll be based on U.S. soil and it’s a cybersecurity and blockchain program that’ll be located in Washington, D.C. from next year. The program will be led by former Startup Grind C…

IBM launches software to detect racist and sexist AI (The Telegraph) New software designed to strip out unconscious racial or sexist bias within organisations has been developed by IBM, allowing executives to monitor whether decisions are being shaped by ingrained prejudice.

Academia

UNO cybersecurity program prepares students for FBI and NSA careers (Gateway) Not even hospital equipment or pacemakers are safe from cyber-attacks. The Cybersecurity program at the University of Nebraska at Omaha (UNO) is teaching new professionals who can protect data and devices from hackers. Cybersecurity is a fast-paced field. Things change so quickly that certain classes aren’t taught more than a few semesters …

Legislation, Policy and Regulation

Singapore to draw up formal Asean mechanism for cyber security (The Straits Times) Singapore will draw up a formal Asean cyber security mechanism to discuss cyber diplomacy, policy and operational issues, in a bid to shore up defences against online attacks that target the region.. Read more at straitstimes.com.

Ottawa launches probe of cyber security (The Globe and Mail) Australia and U.S. have already imposed ban on China’s Huawei from participating in new wireless cellular networks

Irish utility networks vulnerable to cyber attacks set for security increase (irishmirror) New measures have been introduced by Minister Denis Naughten to protect us from digital attacks

What’s in the House and Senate Intelligence Authorization Bills for Fiscal 2019? (Lawfare) The House and Senate intelligence committees have put forth a draft of their priorities for the intelligence community in 2019.

Cyberinfrastructure strategic plan bill clears NJ panel (MonroeNow) "Big data" requires new forms of processing in order to enhance decision making, insight discovery, and optimal processing.

Connecticut’s defenses deflect cyber attacks (The Hour) Connecticut fights off 10 million cybersecurity attacks a week - from casual hackers to countries such as Russia - and so far the state has not suffered a serious penetration, a new report concludes.

Litigation, Investigation, and Enforcement

Equifax fined £500,000 for data breach of 15m UK customers (The Telegraph) Equifax has been slapped with a £500,000 fine by Britain’s data watchdog for failing to protect 15m people whose personal details were stolen in a cyber-attack last year.

EU says Facebook must comply with EU consumer rules by end-2018 or... (Reuters) Europe's justice chief gave U.S. social media giant Facebook until the end ...

NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO (Dark Reading) Suit underscores longtime battle between vendors and labs over control of security testing protocols.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Detect 18 (National Harbor, Maryland, USA, September 19 - 21, 2018) Detect '18 is the single largest conference dedicated to threat intelligence. This year we're calling on fellow "Threatbusters" to wage a high-tech battle against apparitions (aka bad actors) and learn how to better save the world from cyber destruction! At Detect '18 you will be able to: immerse yourself in 30+ hours of education and training; chooose from 30+ breakout sessions designed for every experience level; listen to peer presentations highlighting real-world issues and solutions; network, network, network with your peers in a social setting; and earn CPE Credits to keep your credential current.

Cyber Beacon (Washington, DC, USA, September 20, 2018) Cyber Beacon is the flagship event of the National Defense University's College of Information and Cyberspace (NDU CIC). The conference brings together cyber experts from across the national security community, private sector, and academia to discuss the most pressing problem sets concerning cyberspace and national security. This year's theme is "decision making in cyberspace". Cyber Beacon V will be held on Wednesday 19 and Thursday 20 September 2018 at the NDU campus on Fort McNair in Washington, DC.

IT Security Leadership Exchange (Phoenix, Arizona, USA, September 23 - 25, 2018) IT Security Leadership Exchange is an invitation-only, strategic business summit that gathers Chief Information Security Officers (CISOs), senior decision-makers, and industry experts to address the unique needs and current challenges faced by enterprise cyber security leaders. A CISO’s role requires hands-on technical knowledge and understanding of security tools, techniques, and procedures combined with the need to manage up, down, and across the organization. This summit is the perfect platform for leaders to share information, gain insight and develop next-level strategy. Information security executives from across the country will come together for 2 days of peer breakouts and networking to answer the toughest questions facing them today.

Global Security Exchange (Las Vegas, Nevada, USA, September 23 - 27, 2018) Global Security Exchange—formerly the ASIS Annual Seminar and Exhibits—delivers new opportunities to exchange key ideas and best practices, expand global connections, and experience innovations. The GSX education program led by ASIS, InfraGard, and ISSA subject matter experts consists of 300+ sessions, each designed to deliver valuable, actionable takeaways to help shape your security strategy—today and in the future.

Merging of Cyber Criminal and Nation State Techniques: A Look at the Lazarus Group (Loudon, Virginia, USA, September 24, 2018) This presentation on North Korea's Lazarus Group as a case study of the convergence of organized cyber crime and nation-state intelligence services will be led by Allan Liska, a solutions architect at Recorded Future. Allan has more than 15 years experience in information security and has worked as both a blue teamer and a red teamer for the intelligence community and the private sector. Allan has helped countless organizations improve their security posture using more effective and integrated intelligence. He is the author of The Practice of Network Security, Building an Intelligence-Led Security Program, and Securing NTP: A Quickstart Guide and the co-author of DNS Security: Defending the Domain Name System and Ransomware: Defending Against Digital Extortion.

Connect Security World 2018 (Marseilles, France, September 24 - 26, 2018) While the number of IoT devices predicted by 2020 varies within tens of billions, all analysts agree that security is now the top concern of organizations looking at deploying IoT solutions. To address the unlimited risks surrounding billions connected “things”, Connect Security World 2018 unites Digital Security experts and IoT developers to securely develop, deploy and manage devices & services at IoT scale. In its 7th edition, this technical conference will cover the latest secure technologies stemming from cryptography to strategies and methods to minimize risks and enable successful implementations of end-to-end security – knowing that security is never perfect and no unique security solution (HW, SW…) can fit all levels of protection.

The Cyber Security Summit: New York (New York, New York, USA, September 25, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

5th Cyber Operations for National Defense Symposium (Washington, DC, USA, September 25 - 26, 2018) The 2018 Cyber Operations for National Defense Symposium will focus on the evolving nature of US Cyber policies and strategies. Cyber leaders from throughout the federal government will come together to discuss network and capability modernization efforts aimed at combating the diverse cyber threats to US National Security. The agenda will focus on defensive and offensive cyber operations as well as the technological capabilities needed by our forces to ensure they can defend American interests in all domains. Lastly, the event will feature two panels: one on protecting our Nation’s intricate critical infrastructure and one on securing the DoDIN.

PCI Security Standards North America Community Meeting (Las Vegas, Nevada, USA, September 25 - 27, 2018) The PCI Security Standards Council’s 2018 North America Community Meeting is THE place to be. We provide you the information and tools to help secure payment data. We lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches. Don’t miss out!

Hack the Capitol (Washington, DC, USA, September 26 - 27, 2018) The National Security Institute is partnering with the Wilson Center and ICS Village to host Hack the Capitol, a two-day event focused on Industrial Control Systems (ICS) and security. ICS are used throughout industrial infrastructure and have many military applications. Recent high-profile attacks on these systems have demonstrated ICS’ vulnerabilities and inspired debate about the practical and political means of defending the industrial base against malicious actors. Hack the Capitol will include demonstrations, hands-on learning, and policy conversations tailored toward a non-technical audience. Interact with ICS, including Human Machine Interfaces and Actuators and learn about the threats these components face. The event will provide hands-on education and awareness to members of the public, as well as to Congress, think tanks, and the press. This is a truly unique event that will raise awareness of our nation’s challenges with critical infrastructure and provide kinesthetic learning at multiple levels.

COSAC & SABSA World Congress (Kildare, Ireland, September 30 - October 4, 2018) For 25 years COSAC has delivered a trusted environment in which to deliver information security value from shared experience and intensive, productive, participative debate and development. Sales content is strictly prohibited and there is no vendor exhibition to distract from opportunities, allowing delegates to focus on professional innovation.

Monterey Cyber Security Workshop 2018 (Pacific Grove, California, USA, October 1 - 2, 2018) People with special expertise interested in making progress on the subjects at hand meet at the Monterey Incubator for a workshop to build an understanding of vital issues of the day. The workshop follows the Standard of Practice approach in addressing issues surrounding influence operations, infrastructure protection, and surveillance.

Cyber Defense Summit 2018 (Washington, DC, USA, October 1 - 4, 2018) FireEye's annual Cyber Defense Summit will feature both training and an opportunity to hear from the experts. Introductory, intermediate and advanced training courses will be provided during the first two days of the summit. These courses offer attendees hands-on, small-group, interactive sessions with some of the most experienced FireEye cyber security experts. The guest keynote, on economy and cybersecurity in the 21st Century, will be delivered by former US Secretary of State Madeleine K. Albright.

Retail Cyber Intelligence Summit (Denver, Colorado, USA, October 2 - 3, 2018) Network with 250+ CISOs and their teams from retail and consumer facing industries: restaurants, hospitality, gaming, convenience, grocery and more. Share best practices, gain insights, network. This conference is organized by R-CISC, the retail ISAC.

IP Expo Europe (London, England, UK, October 3 - 4, 2018) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forward. IP EXPO Europe is co-located at Digital Transformation EXPO which incorporates Cyber Security X, Developer X, AI-Analytics X, Internet of Things X and Blockchain X.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Magecart in the Philippines. Malicious apps ejected from Google Play. Exploiting a cloud. Call in the Guard. Equifax fined.