The CyberWire Daily Briefing 12.14.18

Cyber Attacks, Threats, and Vulnerabilities

Mass email hoax causes closures across the US and Canada (Ars Technica) Emails threaten explosions unless people pay $20,000 in Bitcoin.

Nationwide Bomb Threats Look Like a New Spin on an Old Bitcoin Scam (WIRED) Apparent bitcoin scammers caused chaos across the US Thursday, radically escalating longstanding tactics.

Bombstortion?? Boomstortion?? (SANS Internet Storm Center) First sextortion, now bombstortion?

Spammed Bomb Threat Hoax Demands Bitcoin (KrebsOnSecurity) A new email extortion scam is making the rounds, threatening that someone has planted bombs within the recipient’s building that will be detonated unless a hefty bitcoin ransom is paid by the end of the business day.

Chinese Hackers Breach U.S. Navy Contractors (Wall Street Journal) Chinese hackers are breaching Navy contractors to steal everything from ship-maintenance data to missile plans, officials and experts said, triggering a top-to-bottom review of cyber vulnerabilities.

Hackers are making their attacks look like they came from the Chinese government (Fifth Domain) Because Chinese hackers often use publicly available tools for their operations, it is easy to mimic their signature viruses.

Campaign Targets Critical Russian Infrastructure (Infosecurity Magazine) A Russian oil company was targeted by financially motivated attackers.

Criminals act like nation-state attackers in Russian campaign (ComputerWeekly.com) Security researchers have uncovered evidence of a sustained effort targeting Russian state-owned critical infrastructure companies by financially-motivated non-state actors

Poking the Bear: Three-Year Campaign Targets Russian Critical Infrastructure (Threat Vector) Nation-state conflict has come to dominate many of the policy discussions and much of the strategic thinking about cybersecurity. In this Threat Intelligence Bulletin, we’ll show how an investigation into the apparent targeting of a state-owned Russian oil company led to the uncovering not of a state-sponsored campaign, but of the bold activity of what we believe to be a criminal effort motivated by the oldest of incentives—money.

Russia-Linked Phishing Attacks Hit Government Agencies on Four Continents (SecurityWeek) Russian cyber-espionage group Sofacy hit government agencies in four continents in an attempt to infect them with malware, Palo Alto Networks security researchers say.

Shamoon Disk-Wiping Malware Re-Emerges with a Third Variant (BleepingComputer) Two new samples of the Shamoon data have been discovered in the wild, after a period of silence that lasted for about two years.

Iran hackers hunt nuke workers, US officials (Fifth Domain) The Associated Press drew on data gathered by the London-based cybersecurity group Certfa to track how in the wake of sanctions on Iran a hacking group often nicknamed Charming Kitten tried to break into the emails of U.S. Treasury officials, as well as atomic scientists, civil society figures and think tank employees.

Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail (Ars Technica) Group breaches SMS-protected accounts. It's still testing attacks against 2fa apps.

Op 'Sharpshooter' Uses Lazarus Group Tactics, Techniques, and Procedures (BleepingComputer) A new advanced threat actor has emerged on the radar, targeting organizations in the defense and the critical infrastructure sectors with fileless malware and an exploitation tool that borrows code from a trojan associated with the Lazarus group

Malaysian government targeted with mash-up espionage toolkit (WeLiveSecurity) We sat down with ESET’s Tomáš Gardoň and Filip Kafka to get a better understanding of the targeted attack against the Malaysian government.

LCG Kit: Sophisticated builder for Malicious Microsoft Office Documents (Proofpoint) Proofpoint researchers detail a new malicious document builder known as LCG Kit.

Archive file carrying an obfuscated and multi-staged downloader first spotted...Microsoft Security Bulletin Coverage for December 2018 (SonicWall) SonicWall RTDMI engine detected a number of PDF files containing link to malicious archive file. The non-existence of this malicious file at the time of detection in popular malware search portals like the VirusTotal and the Reversing Labs indicates the effectiveness of the RTDMI engine.

L0rdix becomes the new Swiss Army knife of Windows hacking (ZDNet) The new tool combines data theft and cryptocurrency mining as a go-to product for attacking Windows machines.

Cybercriminals Use Malicious Memes that Communicate with Malware (TrendLabs Security Intelligence Blog) Steganography, or the method used to conceal a malicious payload inside an image to evade security solutions, has long been used by cybercriminals to spread malware and perform other malicious operations. We recently discovered malicious actors using this technique on memes.

Electric car chargers 'hackable', warns Kaspersky (Computing) Remote-access features of electric car chargers can be exploited by attackers to damage the vehicles, claims Kaspersky

AccuDoc data incident highlights ‘growing calamity’ of third-party breaches (The Daily Swig | Web security digest) No end in sight for outsourced leaks The scourge of third-party data breaches is only going to get worse since organizations are becoming increasingly reliant on external service providers for critica

The Ransomware Doctor Without a Cure (Check Point Research) When it comes to ransomware attacks, there is nothing a company hates more than paying the demanded ransom. It is an unexpected fine often caused by a tiny, yet crucial mistake – an unpatched device, an out-of-date product or an innocent human error. It may harm the reputation of the security department, but most of...

Security Patches, Mitigations, and Software Updates

Microsoft's December Security Patches Includes Fixes for Two Active Exploits (Redmondmag) Microsoft ended the patch year on Tuesday with a whimper of sorts, releasing an estimated 39 security fixes in its December bundle plus one security advisory, according to a count by Trend Micro's Zero Day Initiative.

Google Beefs Up Android Key Security for Mobile Apps (Threatpost) Changes to how data is encrypted can help developers ward off data leakage and exfiltration.

Cyber Trends

US intelligence community says quantum computing and AI pose an ’emerging threat’ to national security (TechCrunch) It’s not often you can put nuclear weapons, terrorism and climate change on the same list as quantum computing, artificial intelligence and the Internet of Things, but the U.S. government believes all pose an “emerging threat” to its national security. Several key agencies in the …

Two Thirds of Retailers Increase Cybersecurity Measures During the Holiday Season to Defend Against the Rise in Social Engineering Attacks (PR Newswire) Infoblox Inc., the leader in Secure Cloud-Managed Network Services, today announced new research revealing...

Retail Risks Revealed: Cybersecurity Threats at All Time High During the Holidays (Infoblox) An International Survey of Retail IT Professionals and Consumers

Crisis Management Benchmarking Report (Morrison Foerster) Today’s business landscape is fraught with risk.

Most concerning security controls for cyberattackers? Deception and IDS (Help Net Security) Attivo Networks surveyed more than 450 cybersecurity professionals and executives globally to gain insights into detection trends, top threat concerns.

Most organizations suffered a business-disrupting cyber event (Help Net Security) A study conducted by Ponemon Institute found that 60 percent of organizations globally had suffered a business-disrupting cyber event.

Cybersecurity Predictions for 2019 (SC Media) Here are six emerging cybersecurity trends that can help organizations stay strong in the coming year and build up their cyber defenses.

Research: Marketing Executives Underestimate Email-Based Brand Risks (Sys-Con Media) Marketing executives less concerned about threats than IT/security colleagues - but have a common interest in email service visibility and deliverability

25% of malicious emails still make it through to recipients (Security Brief) Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.

Cyber security threat lurks deep for industry (Upstream Online | Latest oil and gas news) Warnings increase as speed of digitalisation across oil and gas sector has brought dangers from hacking

Despite Breaches, Many Organizations Struggle to Quantify Cyber-Risks to Business (Dark Reading) Enterprises are struggling with familiar old security challenges as a result, new survey shows.

2018 – A Year of Data Breaches in Review (Bitdefender) 2018 – A Year of Data Breaches in Review

Marketplace

The Divide Between Silicon Valley and Washington Is a National-Security Threat (The Atlantic) Closing the gap between technology leaders and policy makers will require a radically different approach from the defense establishment.

How to fight the cybersecurity talent shortage (Verizon) Cybersecurity has become critically important for businesses. However, an increase in demand for employees with top-notch cybersecurity skills has led to a marketplace shortage.

Bug Hunting Is Cybersecurity's Skill of the Future (Infosecurity Magazine) 80% of security researchers say that hunting skills helped land them a job.

What's the big deal about Huawei? (Finger Lakes Times) The arrest of a Chinese tech executive in Canada this month has quickly become a focal point in a wider battle between the U.S. and China over trade, national security

Thales Gemalto Deal Approved: But EU Demands Divestments (Computer Business Review) The European Commission has approved the €4.8 billion ($5.6 billion) takeover of Gemalto by France's defence multinational Thales Group. The Thales Gemalto

Jack Dorsey and Twitter ignored opportunity to meet with civic group on Myanmar issues (TechCrunch) Responding to criticism from his recent trip to Myanmar, Twitter CEO Jack Dorsey said he’s keen to learn about the country’s racial tension and human rights atrocities, but it has emerged that both he and Twitter’s public policy team ignored an opportunity to connect with a key ci…

Saipem revenues will not be impacted by cyber attack (Reuters) A cyber attack on Italian oil service contractor Saipem will have no impact on t...

BlackBerry’s $1.4bn Cylance Deal to Boost IoT Offer Despite Some Expert Skepticism (Toolbox) Blackberry announced a strategic acquisition earlier this month that will boost its ability in securing end-point devices. The purchase of cybersecurity and artificial intelligence company Cylance for $1.4 billion in cash, confirms that, with the iconic handset no longer ubiquitous in the business community, Blackberry is determined to consolidate...

AFRL contract goes to firm with Dayton ties (Dayton Daily News) Galois wins AFRL contract

JASK Expands Leadership Team with Appointment of Mark Boullie as Chief Revenue Officer (JASK) JASK announced the appointment of Mark Boullie as Chief Revenue Officer (CRO). Boullie will be responsible for leading the company’s global enterprise and channel sales teams and other customer-facing aspects of the company, such as business development, customer success and overall revenue operations.

Skybox Security Appoints Amrit Williams as Vice President of Products (APN) Skybox® Security, a global leader in cybersecurity management solutions, announced today that Amrit Williams has joined the company as Vice President of products. Williams brings to the company more than 20 years of product innovation and thought leadership in the cybersecurity space. As the head of product management, he will be responsible for driving […]

Products, Services, and Solutions

Cyxtera Integrates Zero-Trust Security into Global Data Center Footprint (PR Newswire) Cyxtera Technologies, the secure infrastructure company, today announced the integration of AppGate SDP, its...

Pulse Secure’s VPN solution earns “High Scores” from IAIT Lab for Zero Trust-based Secure Access (Pulse Secure) Leading independent German product testing lab publishes a detailed examination and positive results on Pulse Connect Secure usability, capability and interoperability

Malwarebytes Announces Partnership with Bask, a Division of Nanoheal (Malwarebytes Press Center) Malwarebytes announced today a new partnership with Bask, a division of Nanoheal, a leader in consumer tech support. The partnership is an important step in Bask’s focus and investment in supporting consumer and small business customers with premier endpoint protection.

DFLabs Innovative Open Framework Enables Fine Grained Integration of SOAR and Security Tools (BusinessWire) New DFLabs open integration framework enables fine grained customization of SOAR actions between IncMan and security tools with no complex coding.

Cisco retires workhorse mid-range firewalls (CRN Australia) FirePOWER 7000 and 8000 series death day named, replacements in place.

Cymulate and Symantec announce shared research of email-based attacks (Help Net Security) The partnership allows Cymulate and Symantec to share the information of how attackers use emails and files to bypass security and infect organizations.

RiskSense platform addresses security and IT operations gaps (Help Net Security) RiskSense platform enhancements address cybersecurity and ITOps gaps with ServiceNow integrations for remediation of vulnerabilities through collaboration.

CyberInt Launches Managed Cloud Security Services (PR Newswire) Ensures comprehensive protection of cloud environments CyberInt, the leading cybersecurity provider of...

Google latest cloud to be Australian government certified (ZDNet) 12 vendors, including eight global players, sit on the Australian Cyber Security Centre's secure cloud provider list.

Technologies, Techniques, and Standards

What isn’t understood about control system cyber security can lead to catastrophic failures (Control Global) Before it’s too late, we’d do well to start addressing the existential problems in the physical world, in addition to the important data problems in cyberspace.

This early GDPR adtech strike puts the spotlight on consent (TechCrunch) What does consent as a valid legal basis for processing personal data look like under Europe’s updated privacy rules? It may sound like an abstract concern but for online services that rely on things being done with user data in order to monetize free-to-access content this is a key question …

#2018InReview Compliance and GDPR (Infosecurity Magazine) Looking at the year in compliance, the impact of GDPR and how much more the DPO needs to play a role in the business.

AWO Releases Cyber Risk Management Best Practices for Tugboat, Towboat and Barge Industry (PR Newswire) The American Waterways Operators has released best practices to help the American tugboat, towboat and barge...

CrowdStrike: More Organizations Now Self-Detect Their Own Cyberattacks (Dark Reading) But it still takes an average of 85 days to spot one, the security firm's incident response investigations found.

Coders Conquer Security: Share & Learn Series - Cross-Site Request Forgery (Insights: Secure Code Warrior) CSRF attacks are fairly complex and rely on multiple layers to be successful. In other words, lots of things have to break in favor of the attacker for it to work. Despite this, they are an extremely popular, lucrative attack vector.

How Email Open Tracking Quietly Took Over the Web (WIRED) You give up more privacy than you might think each time you open an email.

Eight simple tricks to keep hackers from ruining Christmas shopping (Washington Post) Here’s how to be a defensive online shopper — even on Amazon — in a world where data breaches are the new norm.

Design and Innovation

Law firms "will stop using email within five years" (Legal Futures) Email will be replaced within five years by a more secure means of communication for law firms, an expert predicted this week. Meanwhile, the SRA is using behavioural science in its messaging.

Research and Development

A quantum threat gets its moment of fame (Physics World) Why quantum cryptography is attracting attention from more than just the usual suspects

Academia

Universities Get Schooled by Hackers (Dark Reading) Colleges and universities are prime targets for criminals due to huge sets of personal information and security that is weaker than in many businesses.

How students learn to code, evaluate job opportunities (Help Net Security) Student developers are not dependent solely on university curricula to keep up with today's expectations of software engineers.

Legislation, Policy and Regulation

The Negative Consequences of Putin’s Strategy (Atlantic Council) It has become an accepted line of thought that Russian President Vladimir Putin is playing chess on the international stage while the majority of Western leaders play checkers. His high-profile appearances among other world leaders at the G20...

Huawei Is the Doorway to China's Police State (The National Interest) The free world should be worried about the creation of a police state under the technology umbrella of Huawei.

Grassley: Russia 'hysteria' overshadows China threat (POLITICO) China poses a "greater, more existential threat," the judiciary chairman warns.

The U.S. Should Use Beijing’s Social Credit System against China (The National Interest) Beijing's social credit scheme can be an intelligence trove for Washington.

Opinion | Washington must wake up to the abuse of software that kills (Washington Post) Israel-based NSO Group has been selling spyware to dictators, and Washington firms have been helping them.

Pentagon to Take Over All Security Clearances in Nine Months, Officials Say (Nextgov.com) The move will mean absorbing the National Background Investigations Bureau and its 2,000 employees.

Litigation, Investigation, and Enforcement

Strasbourg Christmas market shooting: suspect on the run after three killed (the Guardian) France upgrades security threat level after terrorist attack leaves at least 12 injured

'The Strasbourg attack is a brutal reminder of how terrorism has changed' (The Independent) The fevered conspiracy theories that emerged after Tuesday's violence show how a generation of radicalised criminals has sown distrust in society

Strasbourg attacker Cherif Chekatt was extremist – and thief (The National) Hundreds of police have been mobilised across France and Germany to find the fugitive.

Second Canadian held by China as trade row deepens (Trump) Canada has warned President Trump not to interfere in an extradition case that has set off a row between Beijing, Ottawa and Washington after the tit-for-tat detention of Canadians in China. The...

Crime gangs using social media to entrap police officers (Times) Organised crime gangs are threatening to entrap Scottish police officers by infiltrating their social media accounts, the force has said. The warning came amid a rising number of investigations...

No-win-no-fee company fined by ICO for illegal text messages (Computing) ICO: 'Generic third-party consent is not enough and companies will be fined if they break the law'

ICO Slaps £200K Fine on Nuisance Text Biz (Infosecurity Magazine) London-based Tax Return Limited sent out nearly 15 million unsolicited texts

Cyber-Criminal Gets 20 Months After Using Home-Made Fraud Device (Infosecurity Magazine) Tony Muldowney-Colston once pioneered acid house raves in the 80s

Boomstortion. Flags, false and authentic. Nation-state threat actors. Malicious memes. Updates on the Huawei affair.