The CyberWire Daily Briefing 12.20.18

Cyber Attacks, Threats, and Vulnerabilities

China blamed for hack on EU diplomatic communications (Computing) China denies being behind cyber espionage which saw messages intercepted for three years

Phishing Diplomacy | Accountable Phishing Solution (Area 1 Security) Arguably a sovereign-state's most sensitive, and protected information. However, just as threat actors target businesses and organizations...

How the European Union was stymied by phishing (Fifth Domain) Chinese government hackers using basic phishing methods were able to infiltrate the European Union’s communication network, possibly for years, according to a Dec. 19 report by Area 1.

Chinese Hackers Stole Diplomatic Cables, Report Says. Here's How They Did It (Fortune) More stolen secrets.

Russian disinformation campaign targets Syria’s beleaguered rescue workers (Washington Post) Moscow has mounted a “brutal and unrelenting” drive against the White Helmets, an international research group says in a new report.

Facebook “partner” arrangements: Are they as bad as they look? (Ars Technica) New York Times report may have misinterpreted what “access” means.

Why Should Anyone Believe Facebook Anymore? (WIRED) Facebook has spent much of 2018 apologizing to people. A recent New York Times investigation calls all those apologies into question.

How Facebook sneakily uses IP data & more for targeted ads, even if users disable all location settings (9to5Mac) Facebook has a storied history of privacy concerns, especially as privacy relates to advertising. Today, Aleksandra Korolova, a University of Southern California computer science professor, has sha…

How Hackers Bypass Gmail 2FA at Scale (Motherboard) A new Amnesty International report goes into some of the technical details around how hackers can automatically phish two-factor authentication tokens sent to phones.

A Devious Phishing Scam Targets Apple Customers (WIRED) Be on the lookout for emails that claim to be from the App Store.

Twitter tumbles on concerns about hacking activity (CNBC) Twitter observed a large amount of traffic to the customer support site coming from individual internet IP addresses in China and Saudi Arabia.

Trend Micro flags malware contained in tweets, Twitter finds data security bug, suspicious content (Telecompaper) Trend Micro said it found malware in two tweets, sent out in October, featuring malicious memes.

Twitter Suspects China & Saudi Arabia Over Recent Hack - Latest Hacking News (Latest Hacking News) Twitter has recently reported a suspected State-sponsored attack through its contact form, possibly connected with Saudi Arabia and China. Although

With Mirai Comes Miori: IoT Botnet Delivered via ThinkPHP Remote Code Execution Exploit (TrendLabs Security Intelligence Blog) We analyzed another Mirai variant called “Miori,” which is being spread through a Remote Code Execution (RCE) vulnerability in the PHP framework, ThinkPHP. Aside from Miori, several known Mirai variants like IZ1H9 and APEP were also spotted using the same RCE exploit for their arrival method. The aforementioned variants all use factory default credentials via Telnet to brute force their way in and spread to other devices.

‘Brutally hacked’: Russia’s Embassy in London website targeted in cyberattack (RT International) The website of the Russian Embassy in the UK was targeted by hackers. The mission says there are grounds to believe that the attack originated from Britain.

Dozens of Municipalities Exposed in Click2Gov Software Compromise (Gemini Advisory) We noticed an out-of-pattern concentration of victims located in small-to-medium US cities. Further analysis of the card data linked to these locations revealed that records likely been stolen from…

Secret Experiment in Alabama Senate Race Imitated Russian Tactics (New York Times) A project to help the Democratic contender, Doug Jones, in his closely contested race against Roy Moore used deception on Facebook and Twitter.

Social media researcher admits to questionable tactics in 2017 Alabama Senate race (al.com) Jonathon Morgan, chief executive of the research firm New Knowledge, said he created a Facebook page under false pretenses to test his ability to appeal to conservative voters.

IRS, Security Summit partners warn tax professionals of fake payroll direct deposit and wire transfer emails (Internal Revenue Service) The IRS and its Security Summit partners today warned tax professionals of an uptick in phishing emails targeting them that involve payroll direct deposit and wire transfer scams.

Trend Micro Flags Free Hola VPN as 'High-Risk' Over Security Holes (PCMAG) The antivirus provider is pointing to a whole host of dangers with the free edition of the VPN software, which other security experts have echoed over the years. But Hola and its partner Luminati say Trend Micro's research is sensational and irresponsible.

Pottery firm targeted in cyber attack (BBC News) Hackers encrypted the company's servers to cause "maximum disruption" to its payroll systems.

Cyber attack on Cosmos Bank: Cops hunt for those who cloned cards using stolen data (The Indian Express) In the first week of December, police filed a chargesheet against the nine accused arrested so far.

Security Patches, Mitigations, and Software Updates

Microsoft issues emergency patch for zero-day flaw in the IE browser (Computing) CVE-2018-8653 must be patched manually for now

CVE-2018-8653 | Scripting Engine Memory Corruption Vulnerability (Microsoft) A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.

Microsoft Issues Emergency Fix for IE Zero Day (KrebsOnSecurity) Microsoft today released an emergency software patch to plug a critical security hole in its Internet Explorer (IE) Web browser that attackers are already using to break into Windows computers.

Microsoft Promises Sandboxed Apps With the Security of VMs (Tom's Hardware) Microsoft announced Windows Sandbox, a hybrid sandboxing technologies promising almost the same security guarantees as virtual machines, but with much better performance and lower power consumption on mainstream laptops.

Cyber Trends

IBM X-Force Security Predictions for the 2019 Cybercrime Threat Landscape (Security Intelligence) IBM X-Force's top security predictions for 2019 cover a range of potential attack schemes and consequences, from industry-specific prognostications to a rapid expansion of emerging criminal schemes.

See Forcepoint's Seven Cybersecurity Predictions for 2019 (Multi-Video) (American Security Today) In 2019, attackers will stop at nothing to steal our identities, evade detection through new techniques, and bring disruption to our doorsteps. The stakes are high, the world more connected than we could have ever imagined. Forcepoint , a 2018 ‘ASTORS’ Homeland Security Awards Winner for Best IT Data Management Solution, has unveiled the company’s 2019 Forcepoint Cybersecurity …

Cybersecurity 2019 — The Year in Preview: Security Threats to the Energy Grid (JD Supra) Editors’ Note: This is the first in our third annual end-of-year series examining important trends in data privacy and cybersecurity during the coming...

Norton™ LifeLock™ Research Identifies American Cyber Literacy Gap (BusinessWire) More than half of Americans (53 percent) don’t know that their data and personal information is not protected even if they enable privacy settings on

Marketplace

Blockchain Audit Startup CertiK Bolsters Executive Team with Two Key Hires (Fintech Finance) CertiK, the leading formal verification platform for smart contracts and blockchain audits, has formally announced the addition of two new executive hires: Daryl Hok, Executive Vice President and C…

Carbon Black Appoints Jill Ward to Board of Directors (GlobeNewswire News Room) Carbon Black (NASDAQ: CBLK), a leader in next-generation endpoint security delivered via the cloud, today announced that Jill Ward, a business leader and operating executive with experience scaling global technology companies, has joined Carbon Black’s board of directors.

Products, Services, and Solutions

Rohde & Schwarz Cybersecurity opens data center in Germany to serve German customers with the SaaS version of its Web Application Firewall (Rhode & Schwarz) Rohde & Schwarz Cybersecurity opens data center in Germany to serve German customers with the SaaS version of its Web Application Firewall

SecurityScorecard Hits 1 Million Companies Rated; Securing Position as Most Expansive and Accurate Platform on the Market Covering 175 Countries (SecurityScorecard) SecurityScorecard, the leader in security ratings, announced today the company’s achievement of reaching 1 million companies rated across 175 countries and 17 major industries.

Routier Joins Forces with Cybint to Protect User Data in the Hospitality Industry (Routier) Routier, an innovative digital solutions company for the hospitality industry, today announces its partnership with Cybint, a Cybersecurity Education company.

Cylance Introduces AI-Powered Virtual CISO (Tech) Cylance Inc. recently announced the availability of its virtual chief information security officer (vCISO) service. The Virtual CISO program is aimed at empowering organizations with crucial technology and security resources that support next-gen security architectures and also enable robust staff augmentation.Cylance vCISO allows customers at...

Akamai Hits New High for Peak Web Traffic Delivered (PR Newswire) Akamai (NASDAQ: AKAM), the intelligent edge platform for securing and delivering digital experiences, has set a ...

Zero Trust Security Protects Businesses while Enabling Growth (Security Boulevard) Many companies have their own applications, internal domains, and local area network (LAN). But when it comes to business applications, organizations are increasingly dependent on cloud-based resources. These may include email servers, customer relationship management (CRM) software, or other applications....

Hoplite Announces Launch of HopliteVPN Services (PR Newswire) Hoplite Industries, a leading cyber security company, today announced the addition of HopliteVPN to its list of...

Viasat Delivers the Fastest, Most Flexible Type 1 Cloud Communication Network Encryptor (PR Newswire) Viasat Inc. (NASDAQ: VSAT), a global communications company, is announcing upgrades to its KG-142 network...

Cylance’s GDPR Assessments Offer Sustainable Approach to Data Privacy (Security Boulevard) Cylance is pleased to announce that Cylance Consulting will now offer General Data Protection Regulation (GDPR) assessments as part of the company’s service offerings.

Technologies, Techniques, and Standards

Blockchain update: New standards group for private blockchains announced by ETSI (Computing) Intel, Vodafone and Telefonica in effort to specify an operational reference architecture for permissioned ledgers

Why are some vulnerabilities disclosed responsibly while others are not? (Help Net Security) ENISA has released a report on vulnerability disclosure economics - the incentives and motivations that influence the various vulnerability disclosure actors.

Control System Cybersecurity & What It Means to Buildings (RealComm Advisory Newsletters) Cyber threats to buildings/data centers include data issues: compromise, exfiltration and denial-of-service. Control system cyber threats to data centers have focused on the Internet-connected building control systems. However, there are other control system cyber threats to data centers that have not been addressed and have actually caused data center damage.

How to Engage Your Cyber Enemies (Dark Reading) Having the right mix of tools, automation, and intelligence is key to staying ahead of new threats and protecting your organization.

The benefits and limitations of AI in cybersecurity (Help Net Security) Today’s AI cannot replace humans in cybersecurity but shows promise for driving efficiency and addressing talent shortage.

Legislation, Policy and Regulation

Most Voters Consider a Cyberattack an Act of War (Rasmussen) Hackers working on behalf of the Chinese government are suspected in a recent cyberattack on the Marriott hotel chain in which the personal information of millions of hotel guests was compromised. Nearly two-out-of-three voters think a cyberattack by another country is an act of war, and most think it poses a greater risk than a traditional military attack.

Russia testing new 'deep packet inspection' online filtering system (CalvinAyre.com) Russia's Roskomnadzor telecom watchdog reportedly spending up to RUB20b (US$295m) to impose new deep-packet inspection system to filter unwanted content.

House Passes Bill to Create National Quantum Computing Program (Wall Street Journal) The House voted 348-11 for a bill speeding U.S. development of quantum computing, an emerging technology with potentially revolutionary uses. President Trump is expected to sign the measure.

State hires Andersen as Chief Information Security Officer (Vermont Business Magazine) Vermont Business Magazine Governor Phil Scott and the Vermont Agency of Digital Services (ADS) today announced the hiring of Nicholas Andersen as the Agency’s Chief Information Security Officer (CISO). Andersen brings 12 years of cybersecurity experience to this position. Since 2017, he served as a vice president at Invictus International Consulting, LLC and co-founder of Pueo Business Solutions, LLC.

Litigation, Investigation, and Enforcement

Justice Department accuses Chinese spies of hacking into dozens of US tech and industry giants (TechCrunch) The Justice Department has unsealed a damning indictment that links to spies working for the Chinese government an aggressive campaign to hack into U.S. tech and industry giants. The indictment, out Thursday, accuses China’s main intelligence agency — the Ministry of State Security — of hacki…

U.S. charges Chinese hackers in alleged theft of vast trove of confidential data in 12 countries (Washington Post) The indictments are part of a coordinated effort with U.S. allies to hold China accountable for persistent cyberespionage, officials said.

US and allies: New hacks mean China broke 2015 economic espionage pact (Ars Technica) China hacked more than 245 companies and agencies, including US Navy and NASA.

Treasury sanctions Russian spies over election interference in US and Europe (Washington Examiner) President Trump’s administration is blacklisting several Russian military intelligence operatives involved in election interference around the world, the Treasury Department announced Wednesday.

U.S. to Remove Russian Companies Tied to Oleg Deripaska From Sanctions List in 30 Days (Wall Street Journal) The companies—aluminum giant United Co. Rusal PLC, its parent EN+ Group PLC and JSC EuroSibEnergo, a Russian energy company—were put on the U.S. sanctions list in April because of their ownership or control by the Russian oligarch.

Washington DC sues Facebook for 'misleading and deceptive' privacy policies (The Telegraph) The city of Washington DC is suing Facebook for allowing other companies to access its users' personal data "without their knowledge or consent" after leaked documents revealed the scale of the social network's data sharing agreements.