The CyberWire Daily Briefing 11.9.18

Summary

By The CyberWire Staff

TASS is authorized to disclose that Russian election observers told the Organisation for Security and Co-operation in Europe they watched two polling places in DC and seven in Maryland but found no irregularities with the US midterms. Thanks, guys, but up your game: nine locations are nothing, don't even cover one Congressional district.

The Internet Research Agency, a.k.a. Fancy Bear’s St. Petersburg troll farm, seems to have conducted an odd ask-me-anything Reddit with itself. The Daily Beast noticed that the IRA used questions the Beast posed to develop an illustrated auto-interrogation suffused with hipster irony.

National Cyber Security Centre deputy director Peter Yapp warned again that Britain hadn’t yet experienced a devastating Category One cyberattack, but that such an attack is likely (Forbes). In the US the Department of Homeland Security and the National Institutes of Standards and Technology (NIST) are working with private industry on a wide range of industrial control system and IoT security measures to prevent or mitigate such an attack on their side of the Atlantic (NCCoE, Nextgov).

Symantec has dissected and described the FASTcash Trojan North Korea’s Lazarus Group has been using to loot ATMs.

Microsoft renews its pleas for an international accord that would bring formal norms to cyberspace (Dark Reading).

NSA cyber strategist Joyce describes how China has circumvented an agreement concluded under Presidents Obama and Xi that would have precluded industrial espionage in cyberspace (TheHill).

MIT studies conclude that people fall for fake news because they’re careless and want to believe (WIRED).

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Austria, China, Democratic Peoples Republic of Korea, Luxembourg, Russia, Saudi Arabia, United Kingdom, and United States.

A note to our readers: This coming Monday, November 12th, we will observe the US Veterans Day holiday and not publish. We'll be back as usual on Tuesday. And on Sunday, spare a thought for veterans everywhere, and the service they rendered.

A year in, companies unsure of risk under China's Cyber Security Law, says Control Risks.

Over a year into China’s Cyber Security Law, Control Risks experts say its vague definition and application leaves multinational companies struggling to understand their risk. Further, how strictly the government will crack down and the extent of penalties for non-compliance remain open questions. Nonetheless, companies operating in China must understand their unique exposure and specific cyber, physical and procedural requirements. Let Control Risks help you make the critical decisions to seize your opportunities in China.

Podcast Summary

In today's podcast, out later this afternoon, we speak with our partners at the University of Bristol, as Awais Rashid offers thoughts on placing trust in blockchain systems. And we have as our guest Bruce Schneier, discussing his latest book, Click Here to Kill Everybody.

Cyber Attacks, Threats, and Vulnerabilities

Russian OSCE observers find no irregularities in US elections (TASS) "There have been no irregularities at the nine polling stations (two in Washington and seven in the state of Maryland) visited by Russian OSCE PA observers," MP Alexey Korniyenko said

Russian Troll Farm Internet Research Agency Held a Bizarre Reddit AMA With Itself (The Daily Beast) The Mueller-indicted troll farm solicited questions for a tell-all Q&A that never happened. Except that it did. And virtually no one ever saw it.

DNC tech chief: No successful hacks seen during midterms (TheHill) The chief technology officer for the Democratic National Committee (DNC) said Thursday that the group isn't aware of any successful hacks during Tuesday's midterm elections.

What 2018 election security teaches us about 2020 (POLITICO) Dems begin to unveil House cyber oversight plans — Russia says U.S. election went a-OK

What an unhacked election means for election security (Axios) It could make election security improvements seem less urgent for 2020.

'UK Will Be Hit By Category One Cyber-Attack,' Says Government Director (Forbes) With an increase in nation state cyberattacks, the UK should be wary of a category one assault in the coming years and needs to act accordingly, according to Peter Yapp, deputy director of NCSC, which is a part of the UK government's intelligence agency GCHQ.

Lazarus Group Targets Bank Networks to Rob ATMs (Infosecurity Magazine) Symantec uncovers Trojan.Fastcash malware used by N. Korean hacker group in ATM attacks

FASTCash: How the Lazarus Group is Emptying Millions from ATMs (Symantec) Symantec uncovers tool used by Lazarus to carry out ATM attacks.

In online ruse, fake journalists tried to hack Saudi critic (AP NEWS) Hackers impersonating journalists tried to intercept the communications of a prominent Saudi opposition figure in Washington, The Associated Press has found. One attempt involved the fabrication of a fake BBC secretary and an elaborate television interview request; the other involved the impersonation of slain Washington Post columnist Jamal Khashoggi to deliver a malicious link. Media rights defenders denounced the hacking effort, which they said would make it harder for genuine reporters to do their jobs.

Attackers breach web analytics service, go on to target Bitcoin platform (WeLiveSecurity) Latest ESET research details how attackers compromised a leading web analytics service with the ultimate aim of stealing bitcoin from customers of one specific virtual currency exchange.

Active Exploitation of Newly Patched ColdFusion Vulnerability (CVE-2018-15961) (Volexity) If your organization is running an Internet-facing version of ColdFusion, you may want to take a close look at your server.

Inception Attackers Target Europe with Year-old Office Vulnerability (Palo Alto Networks Blog) Inception targets Europe with year old office vulnerability. Read the full report.

AP: Video expert says White House clip of CNN reporter was likely doctored [updated] (Ars Technica) Analysis: Video is sped up to make reporter's actions look more aggressive.

Doctored Jim Acosta video shows why fakes don’t need to be deep to be dangerous (CSO Online) White House promotion of an allegedly doctored press conference video shows how "shallow fakes" can manipulate opinion.

Don’t Want to Fall for Fake News? Don’t Be Lazy (WIRED) An MIT professor argues that misinformation boils down to one simple thing: mental laziness, exacerbated by social media.

How email fraud tactics continue to find new life (Help Net Security) Almost as soon as email became widely used, crooks and scammers began using it as a means to defraud people, according to Vircom.

Hackers go spear phishing on Grambling’s campus (Gramblinite) This is the screenshot of the email that was sent out to Dr.

Chesapeake Public Schools’ computer network affected by malware from phishing emails (WTKR.com) Officials with Chesapeake Public Schools said Thursday the district's computer system has been hacked.

A Sexual Predator Is Allegedly Extorting Kids for Explicit Photos in 'Fortnite' (Motherboard) Montreal police reported four cases of sextortion using the popular game.

Security Patches, Mitigations, and Software Updates

Round two: Microsoft prepares to release Windows 10 October 2018 Update... again! (Help Net Security) Thanksgiving comes early this year, but the Microsoft Windows 10 October 2018 Update is coming late. Should we be thankful?

Cisco fixes two critical bugs, recommends workaround for a third (SC Magazine) Cisco Systems yesterday issued 17 security advisories, disclosing vulnerabilities in multiple products, including at least three critical flaws.

Oops: Cisco accidentally leaked in-house Dirty COW exploit code with biz conf call software (Register) Critical bugs patched in switches, messaging, analytics

Several Vulnerabilities Patched in nginx (SecurityWeek) Several DoS vulnerabilities have been patched in nginx, the open source web server software used by hundreds of millions of websites

Chrome will start warning users about shady mobile subscription pages (Help Net Security) Chrome 71 users will be warned when attempting to visit pages that try to trick them into signing up for mobile subscription services.

Dropbox strengthens security ecosystem with Google Cloud Identity and expanded partnerships (Help Net Security) Integrations will keep customer content protected and secure with tools for controlling identity access, governing data, and managing devices.

Cyber Trends

Though 2018 Will Likely Not Surpass 2017 Numbers – Still Significant Year For Breach Activity (Risk Based Security) The number of publicly reported breaches keeps pace with recent years while a staggering 3.6 billion records are exposed.

Subscriber Only: Have we reached a tipping point towards a better internet? (The Irish Times) Tim Berners-Lee may feel he created a monster, but there are grounds for optimism

The Growing Menace of Cyber Attacks in the Asia-Pacific region (Entrepreneur) A Frost & Sullivan study commissioned by Microsoft revealed that a large-sized organization in the Asia Pacific region can possibly incur an economic loss of $30 million, more than 300 times the average economic loss for a mid-sized organization.

Marketplace

Opinion | Google was working on two ethically questionable projects. It quit the wrong one. (Washington Post) A censored search engine for China is much more evil than working with the U.S. military.

Broadcom axes CA Technologies staff in large-scale layoffs following $19bn acquisition (Computing) Monday: Broadcom CEO welcomes CA staff into the Broadcom family. Friday: Mass layoffs reported,Software,Cloud and Infrastructure ,CA Technologies,broadcom,layoffs,reduandancies

ForeScout Acquires SecurityMatters (GlobeNewswire News Room) Accelerates ForeScout’s momentum by enabling the industry’s first, and only, end-to-end agentless device visibility and control platform across the extended enterprise...

Threat Stack acquires runtime application security vendor Bluefyre (Help Net Security) Addition of Bluefyre's runtime application security gives Threat Stack customers stack security observability for cloud infrastructure.

Cybersecurity Company Checkmarx Buys Ontario-based Custodela (CTECH) Israel-based Checkmarx develops and markets cybersecurity technology that automatically scans code to detect security breaches

Hotshot, Mobile Security Solution For Business, Announces Partnership With Government of Luxembourg and Acceptance Into Technoport® Business Incubation Program (PR Newswire) Hotshot today announced a partnership with the Government of Luxembourg and acceptance into the...

Novetta Reports $410M in 2018 Contract Wins Year-to-Date; Tiffanny Gates Quoted (GovCon Wire) Novetta closed third quarter having booked $410M in contract awards in 2018 and expects to close the

CACI Awarded $194 Million Task Order to Provide End-to-End Enterprise IT Support to the Transportation Security Administration (AP NEWS) CACI International Inc ( NYSE:CACI ) announced today that it has been awarded a $194 million task order to provide end-to-end enterprise information technology infrastructure, integration, and support to the Transportation Security Administration (TSA). The three-year, single-award task order falls under the Department of Homeland Security’s Enterprise Acquisition Gateway for Leading-Edge Solutions II (EAGLE II) contract vehicle and represents new work in CACI’s Enterprise IT market.

The Cybersecurity Marketing Engagement Index (Team Lewis US) Tracking the top 10 funded DC-area security companies

Exostar names new member to Board of Directors (Compliance Week) Exostar, a secure information sharing company, named Philip E. Goslin to its Board of Directors. Goslin serves as vice president of global supply chain for Lockheed Martin’s Rotary and Mission Systems (RMS) business area. In that role, Goslin’s responsibilities span all aspects of supply chain strategy, supply chain operations, and subcontract program management for RMS.

Allure Security Expands Its Team With a Proven Cybersecurity Marketing Executive (BusinessWire) Allure Security has added cybersecurity marketing veteran Mikala Vidal as its new VP of Marketing.

Products, Services, and Solutions

New infosec products of the week: November 9, 2018 (Help Net Security) DFLabs open framework enables integration of SOAR and security tools DFLabs launched a new version of the IncMan SOAR platform that provides an open

Axio launches cyber risk management platform to enable utilization of NIST-CSF (Help Net Security) Axio’s plaform measures cyber program maturity, establishes a baseline for cyber readiness, and provides a risk reduction roadmap for ongoing improvement.

ISACA partners with national threatcasting initiative and releases its threatcasting labs (Help Net Security) Collaboration with Arizona State University’s Threatcasting Lab and partners such as Army Cyber Institute help to model threats and design solutions.

Technologies, Techniques, and Standards

Capabilities Assessment for Securing Manufacturing Industrial Control Systems (NIST NCCoE) The NCCoE has released a draft NISTIR Capabilities Assessment for Securing Manufacturing Industrial Control Systems and is requesting your feedback. The public comment period for this report will close on December 6, 2018.

NIST, CyberX, and Industry Partners Collaborate to Secure Manufacturing Industrial Control Systems (GlobeNewswire News Room) CyberX, the IIoT and industrial control system (ICS) security company, today announced its industrial cybersecurity platform was used by NIST to recommend new ways of securing manufacturing industrial control systems.

Aspen Cybersecurity Group: Internet of Things (IoT) Security First Principles (Aspen Institute) The Aspen Cybersecurity Group is a cross-sector public-private forum comprised of former government officials, Capitol Hill leaders, industry executives, and respected voices from academia, journalism, and civil society that have come together to translate pressing cybersecurity conversations into action.

DHS Wants to Expand the Reach of Its Critical Infrastructure Cyber Training (Nextgov.com) The department wants to be able to provide cyber training webinars to 5,000 simultaneous users.

Vulnerabilities in our Infrastructure: 5 Ways to Mitigate the Risk (Dark Reading) By teaming up to address key technical and organizational issues, information and operational security teams can improve the resiliency and safety of their infrastructure systems.

User Behavior Analytics Could Find a Home in the OT World of the IIoT (Dark Reading) The technology never really took off in IT, but it could be very helpful in the industrial world.

To Fight This Generation of Hackers, Companies Take a Cue from Spies (Wall Street Journal) Threat-intelligence services give companies a clearer view of the dangers they’re facing.

When your Instagram account has been hacked, how do you get it back? (Graham Cluley) Travel blogger Delaine Maria D’Costa had her account wiped after she failed to pay an extortionist $200. That was bad enough, but then she had to try to convince Instagram to let her have it back again.

Academia

A Brief History of Higher Education Insecurity (Edguards) Educational institutions play a major role in the US economic, political, and intellectual well-being. Ironically, the security of the software and data systems used in such organizations on an everyday basis is far from perfect.

CSM students take part in Cyber Fast Track Maryland (SoMdNews.com) College of Southern Maryland students recently participated in the launch of Cyber Fast Track Maryland, a new program established to help close a widening gap of job openings in the

Does a Career in Cyber Security Require a Degree? (Acumin) Last month we attended Cyber Re:coded, Europe’s largest cyber security recruitment event, focussing on school and graduate attendees.

Legislation, Policy, and Regulation

Microsoft President: Governments Must Cooperate on Cybersecurity (Dark Reading) Microsoft's Brad Smith calls on nations and businesses to work toward digital peace and acknowledge the effects of cybercrime.

China Violated Obama-Era Cybertheft Pact, U.S. Official Says (Wall Street Journal) China has violated an accord it signed with the U.S. three years ago pledging not to engage in hacking for the purpose of economic espionage, a senior U.S. intelligence official said Thursday.

NSA official: China violating agreement on cyber economic espionage (TheHill) Senior National Security Agency official Rob Joyce said Thursday that he believes China is violating a 2015 agreement with the U.S. to end cyber economic espionage.

With elections over, DHS maintains ‘heightened’ posture (FCW) As the National Risk Management Center winds down its work on 2018 election security, it is turning its attention to securing other critical infrastructure sectors.

First Came GDPR, Then Comes ePrivacy - What to Expect with Global Data Regulations (SecurityWeek) ePrivacy takes GDPR's approach a step further by ensuring personal and family privacy in relation to data collection, storage and usage.

California’s new IoT security law is not nearly enough - We need a GDPR for IoT…NOW! (SC Media) By Sudhakar Ramakrishna, CEO, Pulse Secure After years of undisclosed breaches, stolen identities and negligent data handling, Europe’s General Data

OPM authorizes use of new cyber job title (Fifth Domain) Federal agencies now have more options for classifying employees that perform cybersecurity duties.

Cyber War Requires Cyber Marines (U.S. Naval Institute) To ensure Marine Corps competitiveness in the cyber domain, personnel reforms must address policy, training, and organization, without compromising a warrior ethos.

Litigation, Investigation, and Law Enforcement

Google plans to send a top executive to Congress after facing criticism (Washington Post) Google CEO Sundar Pichai agreed to participate in the unscheduled hearing in response to a request from House Majority Leader Kevin McCarthy (Calif.), who like other Republicans has said Google silences right-leaning news, views and users.

SEC Poised to Ramp up Cybersecurity Enforcement (Cooley) On October 16, 2018, the Securities and Exchange Commission (SEC) issued an investigative report signaling its intent to use sections 13(b)(2)(B)(i) and (iii) of the Securities Exchange Act of 1934…

Alabama U.S. Attorney chosen to pursue Chinese economic espionage and trade secret cases (al.com) U.S. Attorney for the Northern District of Alabama Jay E. Town is one of five U.S. Attorney's named appointed to the China Initiative, according to U.S. Assistant Attorney General for National Security John Demers. The other federal prosecutors named to the China Initiative are from Massachusetts, California, New York and Texas.

Austrian colonel spied for Russia for decades, Vienna says (Reuters) A senior Austrian military officer is believed to have spied for Moscow for deca...

Notorious "DerpTrolling" Pleads Guilty to DDoS Attacks on EA & Sony (BleepingComputer) A Utah resident named Austin Thompson has pleaded guilty in federal court in San Diego for performing DDoS attacks against multiple victims from 2013 to 2014. These victims ranged from small Twitch streamers to major gaming companies such as EA, Sony, and Microsoft.

Chinese headmaster fired after setting up his own secret... (HOTforSecurity) A Chinese headmaster has lost his job after it was discovered he was stealing the school's electricity to power a secret cryptocurrency-mining rig. As the South China Morning Post reports, Lei Hua, the head teacher of a school in the central province of Hunan... #china #cryptojacking #cryptomining

Industry Events

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

Infosecurity North America (New York, New York, USA, Nov 14 - 15, 2018) With 23+ years of global experience creating leading information security events, Infosecurity Group is coming to New York in November 2018. Infosecurity North America will provide a focussed business event environment that facilitates valuable networking, immersive learning and leads the critical debate through cutting-edge content. The Infosecurity North America conference program provides access to the latest information security insight presented by leading experts, practitioners and thought leaders. The panel discussions, presentations, demos and workshop will provide you with the information and skills you need to strengthen your organization’s cyber defenses against the threats of tomorrow.

Kingdom Cyber Security (Riyadh, Saudi Arabia, Nov 20 - 21, 2018) Setting a game plan to boost cyber resilience at the national level.

API Security Summit (London, England, UK, Nov 21, 2018) The API Security Summit, taking place in London on the 21st of November 2018 will bring together the financial services community, regulators, fintechs, TPPs and associations from across UK and Europe to find solutions to the current lack of standardisation, debate what standards/legislation may emerge in 2019, and how to plan with these in mind.

Army Autonomy and Artificial Intelligence Symposium and Exposition (Detroit, Michigan, USA, Nov 28 - 29, 2018) This symposium will explore and showcase innovative ways the U.S. Army is developing critical capabilities in robotics, autonomy, machine learning, and artificial intelligence. The goals are to explore how the Army-Industry team can best collaborate to achieve cost-effective, innovative solutions to military problems, seamlessly reallocate resources as conditions change, and with the speed and efficiency that adversaries cannot match.

The Cyber Security Summit: Los Angeles (Los Angeles, California, USA, Nov 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Securing Digital ID 2018 (Alexandria, Virginia, USA, Dec 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote authorization. Securing Digital ID is a unique event for executives, policy makers, product developers and engineers interested in identity security and authentication. The conference will be held in partnership with TWST Events on December 4-5, 2018 at the Hilton Alexandria Mark Center minutes from Washington, D.C.

First Annual Maryland InfraGard Cybersecurity Conference (College Park, Maryland, USA, Dec 5, 2018) InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. With thousands of vetted members nationally, InfraGard's membership includes business executives, entrepreneurs, military and government officials, computer professionals, academia and state and local law enforcement; each dedicated to contributing industry specific insight and advancing national security.

International Cyber Risk Management Conference (Hamilton, Bermuda, Dec 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC to Bermuda, the “world’s risk capital,” where we, with the support of a stellar advisory committee, will focus on cyber risk with an emphasis on insurance and risk-transfer solutions.

2018 Cloud Security Alliance Congress (Orlando, Florida, USA, Dec 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such as Internet of Things (IoT), FOG Computing, Block Chain and Artificial Intelligence will extend the benefits of cloud - but also create new attack vectors for ambitious and resourceful adversaries. Additionally, the compliance landscape continues to evolve creating new challenges in delivering, measuring, and communicating compliance through multitude of regulations across multiple jurisdictions. The Cloud Security Alliance and MIS Training Institute have partnered to host the 2018 Cloud Security Alliance Congress on December 10-12 at the Omni Orlando Resort in ChampionsGate, Florida. This year’s event welcomes world leading security experts and cloud providers to discuss global governance, the latest trends in technology, the threat landscape, security innovations, best practices and global governance in order to help organizations address the new frontiers in cloud security.

Wall Street Journal Pro CyberSecurity Executive Forum (New York, New York, USA, Dec 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work with government cybersecurity authorities and regulators. The forum will offer insights, practical advice, case studies and workshops tailored to the needs of executives and managers. (Request an invitation at the link.)

National Cyber League Fall Season (Chevy Chase, Maryland, USA, Dec 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Regular Season and Postseason. NCL allows players of all levels to enter. Between easy, medium and hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Fall Season is 8/27/18-9/28/18.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

TASS says the US elections were all good. Bracing for infrastructure attacks. A look at FASTcash. Cyberspace norms.