The CyberWire Daily Briefing 12.11.18

Cyber Attacks, Threats, and Vulnerabilities

Middle East Servers Targeted in Cyberattack Against Saipem (Bloomberg) ‘We’re keeping the servers down to understand what happened.' Small Aberdeen office is only European site that was attacked.

The Forgotten Lesson Of Huawei: Cyberattacks Will Be A Constant Threat To Manufacturing Firms (Forbes) The forgotten lesson of Huawei: Cyberattacks will be a constant threat to manufacturing firms. The sooner the managers of these firms understand the psychological issues underlying their underreaction to these threats, the more likely they are to take sensible preventative measures to mitigate them.

Foreign intelligence clues in Marriott-Starwood breach could foreshadow future attacks (NBC News) The types of data unique to the Starwood hack can be used to launch targeted email campaigns and recruit sources in the cloak-and-dagger world of espionage.

Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms (Symantec) Group remains highly active with more than 130 victims in 30 organizations hit since September 2018.

Russian links to 'yellow vests' protests to be probed (The Sydney Morning Herald) Workers in Paris swept up broken glass and towed away burnt-out cars on Sunday after the latest round of protests in the French capital.

Russian media covered the Yellow Vest protests; now France is investigating Russian ‘interference’ (RT International) France has opened a probe into Russian “interference” in the anti-government Yellow Vest protests, with Russian media and “Russia-linked” social media accounts targeted for the grave crime of actually reporting on the crisis.

How a powerful Russian propaganda machine chips away at Western notions of truth (Washington Post) After a botched assassination attempt of Russian spy Sergei Skripal in Salisbury, the Kremlin spread dozens of false stories in a highly coordinated effort to sow confusion. It worked.

in(Secure) messaging apps — How side-channel attacks can compromise privacy in WhatsApp, Telegram, and Signal (Cisco Talos) Messaging applications have been around since the inception of the internet. But recently, due to the increased awareness around mass surveillance in some countries, more users are installing end-to-end encrypted apps dubbed "secure instant messaging applications." These apps claim to encrypt users' messages and keep their content secure from any third parties.

New Mac Malware Combines Open-Source Backdoor and Crypto-Miner (SecurityWeek) Malware targeting macOs systems is a combination of two open-source programs, Malwarebytes security researchers warn.

New Exploit Kit "Novidade" Found Targeting Home and SOHO Routers (TrendLabs Security Intelligence Blog) We identified a new exploit kit we named Novidade that targets home or small office routers by changing their Domain Name System (DNS) settings via cross-site request forgery (CSRF), enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with. Once the DNS setting is changed to that of a malicious server, the attacker can execute a pharming attack, redirecting the targeted website traffic from all devices connected to the same router.

Smart botnets are copying human behavior, from DDoS to ad fraud (Cyberscoop) Innovative scammers are developing new ways to falsify web traffic, directing unwitting users’ to ads that may or may not actually exist.

New Bug Prompts Earlier End to Google+ Social Network (SecurityWeek) Google will close the consumer version of its online social network sooner than originally planned due to the discovery of a new software bug.

Another API bug spurs Google to ditch consumer Google+ sooner than planned (Help Net Security) Google has unearthed another Google+ API bug, which prompted it to accelerate the sunsetting of all Google+ APIs and of the consumer version of Google+.

A New Google+ Blunder Exposed Data From 52.5 Million Users (WIRED) A month after Google had already decided to shut down Google+, a new bug made its problems much, much worse.

Google to Accelerate Closure of Google+ Social Network After Finding New Software Bug (Wall Street Journal) Google said it would close the consumer version of its Google+ social network after discovering a software bug that exposed the private profile information of 52 million users to outside app developers, the second time this year the company has acknowledged exposing private user data.

Google+ to shut down early after leak exposes 52m users (The Telegraph) Google plans to shut down its social network Google+ four months early after admitting to a new glitch that exposed 52.

Large Ursnif campaign hitting UK using Brexit as lure (My Online Security) We are seeing a fairly large Ursnif /Gozi /ISFB campaign hitting the UK since Yesterday. The criminals are using the theme of Brexit which is very topical in UK ( and the rest of Europe) at the moment.

A bug in Microsoft’s login system made it easy to hijack anyone’s Office account (TechCrunch) A string of bugs when chained together created the perfect attack to gain access to someone’s Microsoft account — simply by tricking a user into clicking a link. Sahad Nk, an India-based bug hunter, discovered that a Microsoft subdomain, “success.office.com,” had not been properly…

The Simpler the Better? Looking Deeper Into the Malware Used in Brazilian Financial Cybercrime (Security Intelligence) The majority of financial cybercrime risks can be mitigated with continued user education and by placing the right controls on user devices to help protect against malware.

Linux.org Defaced via DNS Hijack (SecurityWeek) The Linux.org community website was defaced after someone hacked its registrar account and hijacked DNS settings.

10,000 Topekans potentially hit in cyber-attack on city utilities website (KSNT) Hackers may have targeted Topeka in a cyber-attack, the city reported on Monday morning.

Were pilots of doomed Lion Air flight baffled by safety system? (South China Morning Post) Causes of October 29 crash, which killed 189 people, still being investigated by teams from Indonesia, Boeing and the US National Transportation Safety BoardBoeing has been well known in aviation world for design philosophy that gives pilots significant authority over the aircraft’s flight controls

Satan Ransomware Variant Exploits 10 Server-Side Flaws (Dark Reading) Windows, Linux systems vulnerable to self-propagating 'Lucky' malware, security researchers say.

Cyber criminals benefiting from Bitcoin ransom emails in sextortion scams (Information Age) Cyber criminals are making tens of thousand of dollars from a sham sextortion racket, after sending bitcoin ransom emails

Ransomware still dominates the global threat landscape (iTWire) Ransomware attacks continues as the main world’s main security threat and the most profitable form of malware, but a new global report indicates that...

How Internet Savvy are Your Leaders? (KrebsOnSecurity) Back in April 2015, I tweeted about receiving a letter via snail mail suggesting the search engine rankings for a domain registered in my name would suffer if I didn’t pay a bill for some kind of dubious-looking service I’d never heard of.

Volkswagen Scam Peddles Ad Networks (Threatpost) The scam is spread via Facebook and WhatsApp messages.

Delete All Your Apps (Motherboard) It's not just Facebook: Android and iOS’s App Stores have incentivized an app economy where free apps make money by selling your personal data and location history to advertisers.

Facebook’s Arms Race with Adblockers Continues to Escalate (Motherboard) Typically, adblockers are able to counter Facebook’s updates within a matter of days, but the latest was a more substantial undertaking.

Security Patches, Mitigations, and Software Updates

Microsoft’s gutting Edge and stuffing it with Chromium (Naked Security) Edge joins Chrome, Opera, Vivaldi, Yandex, and Brave. Better for web compatibility, but if one thing breaks, they all break.

Cyber Trends

Security Predictions for the New Year and Beyond (DigiCert) These security predictions are based on industry standards initiatives, represented by organizations involved in the industry, thought leaders, and other stake holders in the security market. While it is fairly safe to predict that some security areas will see improvement in the coming year, others will become more problematic. It is these areas of continuing …

Access to and use of ICTs keep growing but stronger ICT skills needed to connect people everywhere (ITU) ITU releases Measuring the Information Society Report 2018

The Business Impact of Investing in Excellence (Forrester) A spotlight on government.

Online shoppers more vulnerable to spam as the holidays inch closer (Global Security Mag Online) New research from cyber security provider F-Secure points to spam as an attack vector to watch out for this holiday season. Spam campaigns disguised as delivery notifications or online shopping invoices have been popular with cyber criminals all year long, and researchers say these tactics can prove even more effective around the holidays.

The Manipulation of the Human Factor: Email Security Explored (Tech Wire Asia) The mission of cybercriminals has largely remained the same - exploit vulnerabilities within an organisation for financial gain - but their methods continue to evolve to maximise their gains. Rather than targeting a business’ network or its endpoints in hopes of identifying a weakness, cybercriminals are capitalising

NSA/CSA Honors Leaders in Cryptology (Meritalk) The National Security Agency and Central Security Service inducted five new individuals to the NSA/CSS Hall of Honor on Nov. 28, according to a Dec. 7 NSA/CSS press release.

Marketplace

Cyberattacks are increasing, and so is cyber insurance (Fifth Domain) Roughly 30 percent of cyber companies have some form of cyber insurance, but providers have trouble assessing the risk of being hacked.

Marriott Hack Underlines the Importance of the Role of Security in Mergers and Acquisitions (M&A) (EC-Council Official Blog) The world recently heard that Marriott Industries experienced a breach that could have involved over 500 million accounts. It seems that hardly a week goes by without a major corporation experiencing a breach of one sort or another, and those are just the ones that we hear about. Many cyber crimes go unreported and thus...

High profile incidents and new technologies drive cybersecurity M&A to record highs (Help Net Security) The Cybersecurity M&A Market Report outlines how high profile hacks are driving record transaction volumes and valuations.

Ex-cyber czar: Misuse of cyber tech doesn’t disqualify future sales (The Jerusalem Post) "All sales are approved by the Defense Ministry."

Zscaler: Great, Long-Term Play; Buy On All Future Dips (Seeking Alpha) Since going public at $16 a share, Zscaler has quickly amassed an impressive 150%+ return and remains a great, long-term investment.

The rockstar hackers protecting you from the bad guys (CNET) In their spare time, they hack Metallica. Their day job? To protect and serve.

IronArch Technology Awarded Mentor-Protégé Agreement With SAIC (Benzinga) IronArch Technology has been awarded a Mentor-Protégé Agreement with Science Applications International Corp. (NYSE:SAIC) through...

Tor Project Releases Financial Documents (SecurityWeek) The Tor Project, the organization behind the Tor anonymity network, publishes financial documents showing revenues of over $4 million in 2017.

With new director, Tor seeks new funding sources and international growth - Cyberscoop (Cyberscoop) The Tor Project has been waiting for an opportunity like this. The privacy-focused organization for years has been developing technology to help web users browse the internet without prying eyes of repressive governments or Silicon Valley giants.

Snowden adds voice to calls for Google to stay out of China (South China Morning Post) Former NSA contractor signs open letter calling tech giant’s Project Dragonfly ‘reckless’, potentially violating human rights

Vince Skinner Joins Milton Security Group as Vice President - Integration & Deployment (PR Newswire) Milton Security Group, Inc.®, a leading cybersecurity company that offers 24/7 monitoring, threat hunting and...

Kaspersky Lab Names New North American Sales, Marketing Leader (CRN) Kaspersky Vice President of Global Sales Maxim Frolov has been tasked with driving more enterprise sales and business with top-selling channel partners in North America

NetSecOPEN Announces Slate of Prominent Cybersecurity Founding Members and Appoints First Board of Directors (BusinessWire) Security industry leaders aim to close the gap between proprietary performance metrics and the observed, real-world performance of security solutions.

Products, Services, and Solutions

STEALTHbits Products Added to Department of Homeland Security’s Continuous Diagnostics and Mitigation Approved Products List (BusinessWire) STEALTHbits Technologies Inc., a cybersecurity software company focused on protecting an organization’s sensitive data and the credentials attackers u

Lacework Announces Kubernetes Support in End-to-End Cloud Security Platform (PR Newswire) Lacework®, the industry's first solution to bring automation, speed, and scale to cloud security, today...

Cryptomathic and ZetesConfidens team up to deliver eIDAS-compliant remote qualified e-signatures as a service (Cryptomathic) Governments, banks and enterprises across Europe can now access everything they need to establish the highest level of non-repudiation in eIDAS-compliant remote Qualified Electronic Signature (QES) services via ZetesConfidens’ eaZyCert and eaZySign services - using Cryptomathic Signer.

ACI Worldwide and BioCatch Protect Consumers from Online and Mobile Banking Fraud with Behavioral Biometrics (AP NEWS) ACI Worldwide (NASDAQ: ACIW), a leading global provider of real-time electronic payment and banking solutions , today announced a collaboration with BioCatch , the global leader in behavioral biometrics, to protect customers from online and mobile banking fraud such as account takeover.

Minerva Labs Anti-Evasion Platform Achieves VMware Ready™ Status | Virtual-Strategy Magazine (Virtual-Strategy Magazine) "This signifies to customers that the Anti-Evasion Platform can be deployed in production environments with confidence and can speed time to value within customer environments." Kristen Edwards, director, Technology Alliance Partner Program, VMware.

Singtel integrates cyber security capabilities under Trustwave (iTWire) Singapore telecommunications provider Singtel has grouped its cyber security capabilities along with those of Optus, Trustwave and NCS into a single e...

Playtech strengthens fraud prevention measures with Iovation (Gaming Intelligence) Playtech strengthens fraud prevention measures with iovation

Bromium Protected App: Bromium is finding additional use cases for their micro-VM technology (BrianMadden.com) We check in on Bromium every so often and were curious about their Bromium Protected App product we heard about. Rachel reviews what we know about the security solution and speaks with Adrian Taylor to learn more.

ARK blockchain ready for vulnerability tests from security platform Bugcrowd (CryptoNinjas) Blockchain ecosystem ARK today announced the obtainment of security and penetra...

Cylance makes APIs available in endpoint detection offering (IT Brief) Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.

Technologies, Techniques, and Standards

The Guidelines on Cyber Security Onboard Ships (BIMCO, CLIA, ICS, INTERCARGO, INTERMANAGER, INTERTANKO, IUMI, OCIMF and World Shipping Council) Ships are increasingly using systems that rely on digitisation, digitalisation, integration, and automation, which call for cyber risk management on board.

Getting ROI From a Security Advisory Board That Works: Part 2 (SecurityWeek) It is important to take a systematic approach to creating your Security Advisory Board (SAB). Don’t just invite the smartest, most famous people you happen to know and like.

The blockchain…not as secure as you think (Rambus) With fraud, breaches and threats reaching pandemic proportions across the entire digital ecosystem, the blockchain is hyped as an instant fix to resolve security challenges for use-cases spanning financial services, retail, real estate, healthcare and insurance. The potential is powerful, but the blockchain needs help to be truly secure. Given the high-value and safety-critical nature …

An integrated approach helps companies improve operational resilience (Help Net Security) Critical events are not only common, they’re next to inevitable. All companies surveyed have suffered at least one critical event in the past 2 years.

Army seeks to take on adversaries before all-out conflict (C4ISRNET) In order to be successful in the future against near peer adversaries, the U.S. must contest opponents in the competition phase below the threshold of armed conflict.

Research and Development

IARPA Is Trying Keep Adversaries From Corrupting AI Tools (Nextgov.com) Could cyber adversaries be training the government’s artificial intelligence tools to fail?

DHS S&T Awards $1.14M for New Cyber Data Privacy Tools (American Security Today) Cyber-threats are rapidly shifting and privacy-related breaches are increasing in frequency and impact. To address these concerns, the Department of Homeland Security (DHS) Science and Technology Directorate (S&T), a multiple Platinum Honoree in the 2018 ‘ASTORS’ Awards Program, has awarded a total of $1,149,900 to the Regents of the University of Colorado, and Galois, Inc., to develop new research …

Legislation, Policy and Regulation

US tech giants decry Australia’s ‘deeply flawed’ new anti-encryption law (TechCrunch) A group of U.S. tech giants, including Apple, Google and Microsoft, have collectively denounced the new so-called “anti-encryption” law passed by the Australian parliament last week. The bill was passed less than a day after the ruling coalition government secured the votes from opposit…

Behind the White House’s plan to be more aggressive in cyberspace (Fifth Domain) How North Korean threats, disappearing Russians and massive Chinese hacks led the Trump administration to a new cybersecurity strategy.

Written Testimony of Sundar Pichai, Chief Executive Officer, Google LLC Before the House Judiciary Committee Hearing on “Transparency & Accountability: Examining Google and its Data Collection, Use, and Filtering Practices” (US House Judiciary Committee) Chairman Goodlatte, Ranking Member Nadler, distinguished members of the Committee: Thank you for the opportunity to be here today.

Watch: 5 Questions Congress Should Ask Google's Sundar Pichai (WIRED) Google's CEO will testify before the House Judiciary Committee in a hearing focused on transparency and search practices.

Facebook is polarising our politics (Times) You leave the house angry after an argument. Also you hardly slept because of your bastard noisy neighbours. In the car your boss calls, because he’s a bastard too, and he wants you at your desk...

Germany Is Soft on Chinese Spying (Foreign Policy) Huawei has deep ties to the Chinese government. Berlin might let it build the country’s next generation of communications infrastructure anyway.

'It's kind of too late now': U.S. says Huawei is a security threat, but telecoms giant plays key role in Canadian infrastructure (Vancouver Sun) Canadian officials have maintained that they have put safeguards in place — long ago, and before the American alarm — to ensure Huawei isn’t a threat

Congress Can Help the United States Lead in Artificial Intelligence (Foreign Policy) The United States is falling behind when it comes to AI. Here’s how a new congressional commission can ensure that Washington catches up.

The Year Ahead: Pressure mounts on election security as 2020 approaches (TheHill) Pressure is already mounting on Congress to secure the 2020 presidential race from foreign cyberattacks or interference just weeks after the midterm elections.

Defining 'harm' emerges as major to-do in drafting national data privacy legislation (Inside Cybersecurity) Clarifying a definition of “harm” has emerged as a critical element for policymakers working on drafting federal privacy and data security legislation, which could include granting the Federal Trade Commission greater enforcement authority, as lawmakers seek to balance privacy interests with industry innovation.

Congresswoman Kelly to Introduce Cybersecurity Legislation for Government-Purchased Internet-Connected Devices (Congresswoman Robin Kelly) This week, Congresswoman Robin Kelly, ranking member of the IT subcommittee, will introduce legislation to address cyber vulnerabilities created by the adoption of Internet-connected devices, commonly called ‘IoT’ or the ‘Internet of Things.’

California imposes new regulations on ‘internet of things’ devices (ABA Journal) As people shop for loved ones this holiday season, internet-enabled gadgets are often at the top of the list. These gifts may be an automated vacuum cleaner, a doorbell with a camera or a Furbacca, a toy that combines Furby and Chewbacca and interacts with a smart device. These contraptions—collectively referred to as the “internet of things”—are ubiquitous. However, they often have weak security features, which can open up vulnerabilities in people’s homes and make a gift’s recipient an unwitting participant in a hacker’s attack.

NYC City Council Member Proposes Dedicated Cyber Agency (GovTech) The Office of Cyber Command would be tasked with setting cybersecurity and practices for New York City agencies, providing security guidance, and directing response to any cyberattacks or other digital threats.

Comments On Negotiating Objectives For A US-EU Trade Agreement (Rapid7) Rapid7 submits these comments in response to the United States Trade Representative's (USTR) request for public comment on negotiating objectives for a US-European Union (EU) Trade Agreement.

Litigation, Investigation, and Enforcement

Supermicro says investigation firm found no spy chips (TechCrunch) Supermicro has sent a letter to its customers saying that it has found no evidence of malicious chips on its motherboards. The company asked third-party company Nardello & Co to audit Supermicro’s hardware. On October 4, a Bloomberg report claimed that China’s spies managed to conceal tiny mali…

Jailed Huawei CFO's bail decision pushed to Tuesday as tensions persist (CNN) The chief financial officer of Chinese tech company Huawei will have to wait another day to learn if she'll be let go on bail.

Huawei’s CFO makes an unconvincing argument why she won’t flee (Quartz) Under the proposal, Meng Wanzhou's husband would act as her "jailer," and a private security team she'd pay for would watch over her.

Huawei CFO Case Hinges on an Offshore Puzzle (Wall Street Journal) Meng Wanzhou’s lawyer said Huawei cut ties to Skycom—which is shrouded in mystery in part because of its opaque ownership and its dealings with Iran—in 2009. The U.S. says it didn’t.

The Huawei case will finally force the US to prove some claims it's made about Chinese companies (CNBC) If the government loses the case, it could also lose credibility both in the U.S and abroad on a far wider range of security issues involving China.

Tape recordings shed new light on Jamal Khashoggi’s last moments (Times) A tape recording of the final minutes of the Saudi journalist Jamal Khashoggi’s life captured his suffocation and his last words as he repeated three times: “I can’t breathe.” The audio has now...

Equifax Breach Was Just as Dumb as You Thought, House Report Finds (Gizmodo) House Republicans spent 14 months investigating the 2017 Equifax breach only to reach the same conclusions that virtually everyone else with a brain did in the immediate aftermath of the company’s disclosure. The breach was “entirely preventable,” lawmakers found, and the credit reporting agency’s shit management did absolutely nothing to shield consumers from this mess.

Analysis | The Cybersecurity 202: Republicans and Democrats are feuding over the Equifax breach (Washington Post) That doesn’t bode well for tougher security topics.

The Equifax Data Breach, Majority Staff Report, 115th Congress (U.S. House of Representatives Committee on Oversight and Government Reform) On September 7, 2017, Equifax announced a cybersecurity incident affecting 143 million consumers.

What the Next Congress Should Do to Prevent a Recurrence of the Equifax Data Breach (Democratic Staffs of the Committee on Oversight and Government Reform and Committee on Science, Space and Technology, U.S. House of Representatives) Bipartisan investigation confirms previous findings about Equifax breach, but disregards Democratic reforms

Alleged Russian agent Maria Butina poised to plead guilty in case involving suspected Kremlin attempts to influence NRA (Washington Post) She was accused of working to push the Kremlin’s agenda by forming bonds with National Rifle Association officials and other conservative leaders and making outreach to 2016 presidential candidates.

168 Arrested in Money Mule Crackdown (SecurityWeek) Europol announced that 168 people were arrested in a massive operation that resulted in the identification of 1,504 money mules.

Report: FBI opens criminal investigation into net neutrality comment fraud (Ars Technica) FBI issues subpoenas, investigates "whether crimes were committed."

CBP Officers Aren’t Deleting Data After Warrantless Device Searches, IG Says (Nextgov.com) An inspector general report found Border Patrol officers didn’t follow standard procedures during device searches, mostly because those procedures weren’t clearly laid out.

San Francisco sues ex-IT workers over cybersecurity contract (StateScoop) A lawsuit from the city attorney alleges that former officials steered a $1.2 million contract to a firm where one of their husbands worked as a sales director.

Corsi sues Mueller over alleged grand jury leaks, seeks $350M in damages: report (Fox News) Jerome Corsi, the conservative author accused of lying under oath to Special Counsel Robert Mueller’s investigators, filed a federal lawsuit late Sunday accusing Mueller of leaking grand jury items and various constitutional violations, including illegal surveillance, reports said.

'Fortnite' Streamer Charged With Assault After Allegedly Hitting Woman During Twitch Stream (Motherboard) Australian police arrested MrDeadMoth after fans reported he hit his wife when she interrupted a game of 'Fortnite.'

Thread by @AmarAmarasingam: "1. Some thoughts on whether Jihadology and similar sites should be taken down or passworded. A few years ago, I was at a conference (I wont […]" (Thread Reader) Thread by @AmarAmarasingam: "1. Some thoughts on whether Jihadology and similar sites should be taken down or passworded. A few years ago, I (I wont say which one) where some LE agents (I wont say from which country) were talking about ISIS content, […]"

Oil-service servers hacked. Secure IM side-channel bug. Russian influence & #giletsjaune? Huawei CFO case. Google in Congress.