The CyberWire Daily Briefing 1.29.18

Cyber Attacks, Threats, and Vulnerabilities

First ‘Jackpotting’ Attacks Hit U.S. ATMs (KrebsOnSecurity) ATM “jackpotting” — a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand — has long been a threat for banks in Europe and Asia, yet these attacks somehow have eluded U.S. ATM operators.

Fitness tracking app Strava gives away location of secret US army bases (the Guardian) Data about exercise routes shared online by soldiers can be used to pinpoint overseas facilities

Strava user heatmap reveals patterns of life in western military bases (Help Net Security) In November 2017, online fitness tracker Strava published a heatmap of the activity many of its users around the world engage in (and track) daily. But, as it turns out, the anonymized, aggregated data can reveal potentially sensitive information about military bases and secret sites.

US military reviewing security practices after fitness app reveals sensitive info (CNN) The US Central Command says it's in the process of refining its privacy policies after it was reported that Strava, a fitness tracking app that released a newly updated global heatmap, could pose security risks for security forces around the world.

Strava suggests military users 'opt out' of heatmap as row deepens (the Guardian) Fitness-tracking company suggests secret army base locations were made public by users, while militaries around world weigh up ban

North Korea tells Theresa May to 'mind her own business' as it issues stark cyber warning (Express) NORTH Korea has told Theresa May to mind her own business as it issued a stark cyber warning to Britain while claiming there was “no evidence” to suggest despot leader Kim Jong-un was behind the attack the crippled the NHS last year, it has emerged.

Candid camera: Dutch hacked Russians hacking DNC, including security cameras (Ars Technica) AIVD shared data on "Cozy Bear" with US, helping thwart 2014 State Department hack.

Russia may conduct cyber-attacks on energy and infrastructure firms (TEISS) Defence secretary Gavin Williamson believes Russia will do anything to cause pain to the UK, and may attack energy lines & infrastructure firms critical to the UK's survival.

UK Intelligence Furious After Williamson's Remark About Russian Threat - Reports (Sputnik) UK intelligence community was "furious" due to recent statements of Defense Secretary Gavin Williamson, who assumed that a Russian attack on the nation’s critical infrastructure could kill thousands, The Times reported Sunday, citing its sources.

Quotation of the Day: Buying Online Influence From a Shadowy Market (New York Times) Quotation of the Day for

This Custom-Made Jihadi Encryption App Hides Messages in Images (Motherboard) A new program dubbed Muslim Crypt tries to keep extremist communications secure.

Researchers warn of invisible attacks on electrical sensors (Naked Security) Are the humble analogue transducers embedded in vast numbers of hidden sensors the next low-level technology in need of a security rethink?

Risks of Trusting the Physics of Sensors (Comunications of the ACM) Protecting the Internet of Things with embedded security.

'Cyber radicalisation thrives in absence of cyber hygiene' (Prothom Alo) Speakers at a national conference on cyber radicalisation call for strategies and policies to prevent and counter violent extremism in cyber space

CrossRAT keylogging malware targets Linux, macOS & Windows PCs (HackRead) Another day, another malware - This time, it is CrossRAT malware targeting Linux, macOS and Windows devices.

Hacking Group Spies on Android Users in India Using PoriewSpy (TrendLabs Security Intelligence Blog) We have been seeing attacks that spy on and steal data from specific targets on the mobile platform since late 2017. We discovered the malicious apps victimizing Android users in India, and believe a hacking group—one previously known for victimizing government officials—carried out the attacks. We identified these malicious apps as PoriewSpy (detected by Trend Micro as ANDROIDOS_PORIEWSPY.HRX). We also suspect that the group used malicious apps built using DroidJack or SandroRAT (detected as ANDROIDOS_SANRAT.A), based on similarities in their command-and-control (C&C) server. DroidJack is a remote access Trojan (RAT) that allows intruders to take full control of a user's Android device when installed.

Keylogger Campaign Returns, Infecting 2,000 WordPress Sites (Threatpost) Over 2,000 WordPress sites are infected as part of a keylogger campaign that leverages an old malicious script.

Hackers Hijack Google DoubleClick Ads (Media Post) Malware infected Google's DoubleClick advertising service, as hackers hijacked ads and infused them with cryptocurrency mining software, serving them to viewers.

Hackers Invade YouTube Ads To Mine Cryptocurrency (PCMAG) The ads largely arrived on Wednesday and ended up stealing the computing power from victims' PCs through their browsers.

Crypto-Mining Malware Epidemic: 55% of Businesses Affected Worldwide, Including YouTube (Cointelegraph) ‘Fifty five percent’ of businesses worldwide are affected by cryptocurrency mining malware: it has even been detected in YouTube ads.

Japanese Exchange Says Hackers Stole Over $400M in Cryptocurrency (StartupWorld) A Japanese cryptographic money trade has guaranteed it lost more than $400 million in tokens following a claimed hack on its administration.

A Cryptocurrency Theft Bigger Than Mt. Gox Just Happened In Japan (Motherboard) Coincheck lost 500 million NEM tokens.

Coincheck cryptocurrency exchange hacked; $534 Million stolen (HackRead) In a cryptocurrency exchange hack, Coincheck, a Japanese cryptocurrency exchange has been hacked and lost $530 million in NEM tokens.

Coincheck Promises to Repay 90% of Stolen Crypto-Coins (Infosecurity Magazine) Coincheck Promises to Repay 90% of Stolen Crypto-Coins. Hacked exchange will need to fork out over $400m

Hacker Steals Over $150,000 Worth of Ethereum From Experty ICO Participants (BleepingComputer) A hacker has tricked Experty ICO participants into sending Ethereum funds to the wrong wallet address. He was able to do this by sending emails with a fake pre-ICO sale announcement to Experty users who signed up for notifications.

Can YOUR bitcoin be hacked? Security expert warns cyber attacks WILL get worse (Express) BITCOIN trading is the current craze among tech-savvy investors trying to make the most of its soaring price, but behind the scenes the world of cryptocurrency is rife with cyber criminals, cryptojacking and money laundering.

Blockchains with High Security Still Not Safe from Hacking Attacks (Korea IT News) Blockchain platforms, which are known to have high security, are still not completely safe from hacking attacks. Vulnerabilities are being discovered continuously in blockchain software that is an ...

Hacker Compromised Official phpBB Download Links (BleepingComputer) An unknown attacker has compromised download links for the phpBB forum software, according to a statement released today by the phpBB development team.

Hackers behind Dridex banking trojan also created BitPaymer ransomware (International Business Times UK) Experts found that both Dridex malware and BitPaymer ransomware were created simultaneously.

From trojan to ransomware, Dridex becomes FriedEx (iTWire) A variant of the infamous Dridex banking trojan has appeared in the guise of ransomware in recent months, the Slovakian security firm ESET says, with...

35,000 smart phones in Vietnam infected with Facebook password-stealing virus (Xinhua) Over 35,000 smart phones in Vietnam have recently been infected by GhostTeam virus which is designed to steal passwords of Facebook accounts.

Menacing Android botnet still thrives 16 months after coming to light (Ars Technica) "DressCode" poses a major risk, because it opens a direct connection to infected phones.

Phishing Scam: Hackers Steal $900,000 from County Office (HackRead) Another day, another phishing scam - This time Harris County, Texas wired almost $900,000 after falling for a phishing email.

File Your Taxes Before Scammers Do It For You (KrebsOnSecurity) Today, Jan. 29, is officially the first day of the 2018 tax-filing season, also known as the day fraudsters start requesting phony tax refunds in the names of identity theft victims. Want to minimize the chances of getting hit by tax refund fraud this year? File your taxes before the bad guys can!

Lenovo Fingerprint Manager Pro is full of fail (Help Net Security) The Lenovo Fingerprint Manager Pro vulnerability is terrible. This piece of software that allows users to log into their PCs or authenticate to configured websites using fingerprint recognition, has a hardcoded password.

Newsflash: Car cyber-security still sucks (Register) You wanna hijack an ECU? It doesn't even have to be turned on, bruh

Maersk rebuilt its entire IT infrastructure to recover from NotPetya (Computing) The company, which handles a fifth of the world's shipping, operated for 10 days with no IT

Here are the 'most clicked' phishing email templates that trick victims (TechRepublic) Wombat's state of phishing report shows that attack rates remain steady, but there is some good news: User Click rates have dropped.

People Are Using AI to Create Fake Porn of Their Friends and Classmates (Motherboard) Facial recognition apps make it super easy to match anyone’s face with a porn performer’s body.

Security Patches, Mitigations, and Software Updates

Lenovo Fixes Hardcoded Password Flaw Impacting ThinkPad Fingerprint Scanners (Threatpost) Lenovo said nearly a dozen ThinkPad and ThinkCentre laptops contain a hardcoded password flaw.

2 bad updates later, Malwarebytes released fix for high CPU and RAM usage (CSO Online) Malwarebytes pushed out a protection update that gobbled up memory and CPU resources and turned off web protection; the first fix still left users with unusable or crashing computers, but the latest release resolved the issue.

Microsoft issues patch to disable Spectre fix (iTnews) Buggy microcode causes data loss and corruption.

Intel CEO: New Products that Tackle Meltdown, Spectre Threats Coming this Year (Dark Reading) In an earnings call yesterday, Intel CEO Brian Krzanich says security remains a 'priority' for the microprocessor company.

Former CIA CTO Talks Meltdown and Spectre Cost, Federal Threats (Dark Reading) Gus Hunt, former technology leader for the CIA, explains the potential long-term cost of Meltdown and Spectre.

Intel reportedly notified Chinese companies of chip security flaw before the U.S. government (TechCrunch) Intel is not having that great of year thus far in the face of a slew of information about security flaws in it hardware coming out — and you can add..

Intel Warned Chinese Companies of Chip Flaw Before U.S. Government (Fox Business) In initial disclosures about critical security flaws discovered in its processors, Intel Corp. notified a small group of customers, including Chinese technology companies, but left out the U.S. government, according to people familiar with the matter and some of the companies involved.

Cyber Trends

Existing vulnerabilities main cause of cyber attacks, says Trend Micro (The Malaysian Reserve) Trend Micro Inc, a cyber security solutions provider, has predicted that cyber attacks will continue to plague businesses this year with major breaches looming to compromise existing vulnerabilities similar to what had happened in 2017.

Four warnings for the cyber security landscape (CSO) Targeted attacks are on the rise, and the dark web isn’t helping to curb that trend.

Businesses rushing to adopt new tech are opening more doors to hackers – research (Security Boulevard) While modern technology makes possible new business models to drive growth and profitability, digital transformation opens your business to more cybersecurity risks, according to a survey by Thales and 451 Research.

Real-time payments bring increased cyber fraud risks, experts warn (Domain) Next month's launch of the New Payments Platform (NPP) will do away with the days of waiting for a bank transaction to be finalised, but concerns have been raised about the security of the new system.

Businesses woefully unprepared for new data breach notification laws (Financial Review) New cyber security data breach laws with big fines come into effect in February, and thousands of Australian businesses have done nothing to prepare.

UK Cybercrime Falls But Attacks on Organizations Soar (Infosecurity Magazine) UK Cybercrime Falls But Attacks on Organizations Soar. Latest ONS stats reveal mixed picture

Interview: David Dufour, Senior Director of Cybersecurity & Engineering, Webroot (Infosecurity Magazine) A look back at Meltdown and Spectre, and the hype that incidents like them can stir up

Marketplace

Kaspersky Lab comments on links to FSB (Crime Russia) A company representative has denied its top managers’ implication in security forces.

Kaspersky Dilemma: To Point Fingers at Anti-Virus Companies is Unusual – Analyst (Sputnik) Shunning Kaspersky products will not lead to more safety, according to a report published by the Times. In the report, the author states that countries with high-end cyber capabilities have plenty of means to break into almost any computer. Radio Sputnik spoke with Professor Marc Gregory about the issue.

Facebook to US Congress: Kaspersky cut from anti-virus choices for users (The Indian Express) Facebook has told the US Senate that it has removed Kaspersky among the anti-viruses it recommends to users having malicious software.

Facebook starts polishing its privacy messaging ahead of GDPR (TechCrunch) As the May 25 deadline for compliance with the EU's updated privacy framework fast approaches Facebook is continuing to PR the changes it's making to try to..

Cybersecurity Company Symantec Is Set to Give Investors the Latest News (Madison) Symantec's (NASDAQ: SYMC) impressive stock market rally abruptly halted last November after a mixed fiscal second-quarter report. The cybersecurity specialist topped analysts' revenue estimate but fell short of Wall Street's

What Investors Will Be Watching When Check Point Software Reports Earnings (The Motley Fool) Check Point needs to reassure investors that it isn't losing business to rivals.

How to Invest in Israel's Top Cybersecurity Stocks (The Motley Fool) Investors shouldn’t overlook the world’s second-largest cybersecurity market.

Scottish cyber entrepreneur returns with data security breakthrough (BQ Live) Cyber security entrepreneur Dr David Lanc has launched a next-generation company to combat global cyber theft of data. The company aims to enter the market in second half of 2018.

ICF adds Sholtis as cyber services lead (Washington Technology) ICF hires almost 10-year cyber arena veteran Jonathan Sholtis as senior vice president of cybersecurity services.

Products, Services, and Solutions

Building on TopSpin Acquisition, Fidelis Cybersecurity Launches Intelligent Deception Module (CTECH) The new Module is being introduced less than four months after the acquisition of Israeli cyber deception company TopSpin

Technologies, Techniques, and Standards

PCI DSS 3.2 will unveil compliance cramming culture - Help Net Security (Help Net Security) The industry has developed a culture of compliance cramming, treating PCI as an annual exam to be passed without working towards a culture of continuous compliance.

Auto-ISAC Signs Cybersecurity Agreement With US Department Of Homeland Security (aftermarketNews) Private-sector companies sign the agreement with DHS to participate in the Cyber Information Sharing and Collaboration Program, the department's program for public-private multi-directional cybersecurity information sharing.

Will Big Data Tech Save Cyber Security Analysts? (iHLS) Most large organizations have billions of security-related logs per day and security analysts need to

Video: IBM's Rometty says 'augmented intelligence' is best term for artificial intelligence (WRAL TechWire) IBM Chair and CEO Ginni Rometty says AI is going to change the world - but she prefers the term "augmented intelligence" to "artificial intelligence."

Five Steps Businesses and Consumers Can Take to Reduce Exposure (EZShield) As Data Privacy Day approaches, EZShield has top tips to secure your online privacy...

Data Privacy Day is a reminder that time is running out to fix your users’ bad security habits (CSO) Poor password habits continue to compromise data-protection efforts – and, with just weeks until the Notifiable Data Breaches scheme comes into effect, the consequences could be dramatic

BBB: Internet security requires constant vigilance (The Hutchinson News) It’s easy to become complacent about using the internet. It’s simple to access and everyone does so throughout the day. Yet the more you

Design and Innovation

Don’t Make Artificial Intelligence Artificially Stupid in the Name of Transparency (WIRED) Opinion: A democracy shouldn’t leave it to companies to figure out the ethics of artificial intelligence.

Canada testing ‘digital ID’ system that uses blockchain, biometrics to screen travellers (Global News) The system that will allow travellers to digitize and share travel documents and biometric information with airport authorities.

Why Improved Authentication May Stop the Online Fraud Epidemic (eWEEK) Research shows that 71 percent of businesses know that they deny more transactions than they should. This doesn’t just lead to a loss of sales; it’s also likely to damage the lifetime value of that customer.

Why we should be excited about Schnorr signatures - Dowbit (Dowbit) Bitcoin development is not standing still. We have many cool new features to look forward to. Segwit, Lightning Network, and Schnorr signatures aim to solve Bitcoin’s scalability problem and make the cryptocurrency more usable. The first two features have been covered by almost all mainstream media out there, but there is surprisingly little info on …

Academia

Beyond the classroom: CyberThon offers peek into real-world cybersecurity threats (Pensacola News Journal) Organizers expect 80 to 100 students to participate in CyberThon 2018, which allows students to respond to a cyberattack simulation.

Gov. Reynolds Unveils Cybersecurity Partnership For Iowa’s Young Women (Carroll Broadcasting Company) Gov. Kim Reynolds has announced a new partnership to enhance cyber training for the young women of Iowa. GirlsGoCyberStart is a joint project with SANS (SysAdmin, Audit, Network and Security) Institute and the State of Iowa offering

Registration opens for Girls Go CyberStart program (West Virginia Metro News) Girls in grades 9 to 12 are eligible to sign up for the new cyber security training program.

Legislation, Policy and Regulation

Microsoft calls for 'new Digital Geneva Convention' after spate of high-profile cyberattacks (CNBC) Microsoft is pushing for a new set of global norms to try and police government activity in cyberspace.

The Mouse Clicks of August: Hybrid Warfare, Nation-State Actors, and the Future of Cybersecurity (Small Wars Journal) Although hacking has been part of espionage since at least 1989[i], nation-state sponsored attacks have grown dramatically throughout the past decade

Deterring Russian Hacking (Atlantic Council) The apparent lack of US preparation and defense nearly eighteen months after Russia’s interference in the presidential elections, especially given numerous media reports that Russia aims to interfere in the 2018 US midterm elections, is deeply...

Alleged Trump administration docs show military weapons a 5G concern (ZDNet) Saying China is poised to become the global leader in 5G and AI, the US government has suggested mandating 5G standards to protect its physical and virtual borders, as well as working with allies to deploy 5G in developing nations, according to documents Axios reported as being prepared by a senior US government official.

Effective national policy needed to protect the cyber domain (The Washington Times) Our world is increasingly reliant on the cyber domain and the connections that it creates. We live in a world where the “internet of things” includes the smartphones and computers we use every day and also seemingly benign objects such as factory robots and appliances in our homes. This digital connection to the world around us brings great convenience, efficiency and prosperity, but vulnerability accompanies it.

‘Critical’ firms could be fined if they leave themselves open to cyber attack (Peeblesshire News) Digital Minister Margot James warned the UK’s critical industries to boost cyber security.

The sad truth of the FBI scandal: Both political parties are to blame (TheHill) Real authority now rests with the leaders of a largely unaccountable national security bureaucracy.

GSA Begins Tightening Federal Contractor Cybersecurity Requirements (Meritalk) Thousands of Federal contractors could find themselves scrambling to comply with stringent cybersecurity requirements after the General Services Administration (GSA) announced it is tightening the rules for protecting sensitive, non-classified data.

Kuwait sets up cyber security team to foil hackers’ attacks (GDN) Kuwait has set up a taskforce to combat hacking and protect government departments and other vital enterprises, according to Al Qabas newspaper.

Litigation, Investigation, and Enforcement

Mueller's Team Has Interviewed Facebook Staff as Part of Russia Probe (WIRED) As special counsel Robert Mueller's investigation grows, at least one Facebook employee who worked alongside the 2016 Trump campaign has been pulled into the probe.

Prosecutors to Question Ex-President Lee After Olympics (Chosun Media) Prosecutors have decided to wait until after the Winter Olympics in Pyeongchang ..

Amazon Twitch declares “Game Over” for bots (Naked Security) The makers of the illegal bots were ordered to give up the bot business and to pay a fine of more than $1.3m.

Old Bitcoin transactions can come back to haunt you (Help Net Security) A group of researchers have demonstrated how years-old Bitcoin transactions can be used to retroactively deanonymize users of Tor hidden services.

'Microsoft' fraudster convicted but avoids jail (the Guardian) Cold calling company persuaded victims to hand over payments to ‘save’ PC from virus or hacking

Britain's first Bitcoin heist as trader forced at gunpoint to transfer cyber currency (The Telegraph) Armed robbers broke into the family home of a city financier turned Bitcoin trader and forced him to transfer the digital currency at gunpoint, in what is believed to be the first heist of its kind in the UK.

Don't ban social media, teen tech entrepreneur to advise Premier on cyberbullying (ABC News) A teen tech entrepreneur set to attend the Queensland Premier's roundtable on cyberbullying warns stripping young people of their devices will not solve the problem.