The CyberWire Daily Briefing 12.21.18

Cyber Attacks, Threats, and Vulnerabilities

Exclusive: China hacked HPE, IBM and then attacked clients - sources (Reuters) Hackers working on behalf of China's Ministry of State Security breached th...

How China’s Elite Hackers Stole the World’s Most Valuable Secrets (WIRED) A new DOJ indictment outlines how Chinese hackers allegedly compromised data from companies in a dozen countries in a single intrusion.

Hacking Diplomatic Cables Is Expected. Exposing Them Is Not (WIRED) Spies try to access government communications all the time. But an incident this week tested the limits of what happens when those compromises get discovered.

Russian Operation Targeted U.S. Business Owners (Wall Street Journal) The Russian operation to influence Americans through social media included an effort to convince business owners to buy into a marketing campaign and turn over private information.

APT33 is to blame for destructive raids, says McAfee (Infosecurity Magazine) Iranian APT Group Pegged for Shamoon Disk Wiping Attacks. APT33 is to blame for destructive raids, says McAfee.

Facebook and Twitter remove accounts spreading fake news ahead of Bangladesh’s elections (TechCrunch) Twitter and Facebook announced this morning they’ve removed a combined total of 30 accounts that were working to spread misinformation in Bangladesh, 10 days before the country’s general elections. According to Facebook, the company removed nine Facebook Pages and six Facebook accounts …

Taking Down Coordinated Inauthentic Behavior in Bangladesh (Facebook Newsroom) Today we removed nine Facebook Pages and six Facebook accounts for engaging in coordinated inauthentic behavior on our platform in Bangladesh.

At Blind, a security lapse revealed private complaints from Silicon Valley employees (TechCrunch) Thousands of people trusted Blind, an app-based “anonymous social network,” as a safe way to reveal malfeasance, wrongdoing and improper conduct at their companies. But Blind left one of its database servers exposed without a password, making it possible (for anyone who knew where to lo…

Huawei Router Flaw Leaks Default Credential Status (Threatpost) It makes it simple for attackers to find devices to take over and add to botnets.

How to Remotely Brick a Server (Dark Reading) Researchers demonstrate the process of remotely bricking a server, which carries serious and irreversible consequences for businesses.

Time: An Attacker’s Best Friend (Infosecurity Magazine) Analysis of the 'staggering' breach at Marriott, and what made the attack unique.

Attackers are using cloud services to mask attack origin and build false trust (TechRepublic) Conditioning users to think "padlock equals security" has unintended consequences when cloud services are used to host malware droppers.

This business email scam spreads Trojans through Google Cloud storage (ZDNet) Financial firms and services are being actively targeted in the UK and US.

Attack Campaign Targets Financial Firms Via Old But Reliable Tricks (Dark Reading) Among other tried-and-true cyberattack methods, the attackers hosted malware on the Google Cloud Storage service domain storage.googleapis.com to mask their activity.

Hacker Discloses New Unpatched Windows Zero-Day Exploit On Twitter (The Hacker News) Hacker discloses zero-day exploit for a new arbitrary file read vulnerability in Microsoft Windows operating system.

What if your VPN is spying on you? (Mighty Gadget Blog: UK Technology News and Reviews) A VPN is supposed to keep you safe online. But what if the VPN itself is compromised? Free and bundled VPNs aren’t always all they’re cracked up to be. And

Caribou Coffee Card Breach Hits 265 Stores (Infosecurity Magazine) Caribou Coffee Card Breach Hits 265 Stores. US chain the latest to suffer POS malware infection

Children’s Personal Data and SSNs Are Being Sold on the Dark Web (Motherboard) The data includes names, phone numbers, addresses, and Social Security Numbers.

Amazon error allowed Alexa user to eavesdrop on another home (Reuters) A user of Amazon's Alexa voice assistant in Germany got access to more than...

Amazon Sent 1,700 Alexa Recordings to the Wrong Person (Motherboard) Home assistants are continuously recording and constantly uploading details of your everyday life, and sometimes, these recordings can end up in the wrong hands.

‘I’m in your baby’s room’: A hacker took over a baby monitor and broadcast threats, parents say (Washington Post) A couple was alarmed to hear a man's voice claiming that he was about to kidnap their 4-month-old son.

We Asked a Hacker Who Spoke to a Guy Through His Nest Cam Why He Did It (Motherboard) The Anonymous Calgary Hivemind has been systematically hacking into smart home security cameras to warn their owners.

Why is my laptop fan so loud? Malware could be to blame (Security Boulevard) Has your laptop started running hotter than usual? Find out why your laptop is overheating and what you can do to fix the problem. The post Why is my laptop fan so loud? Malware could be to blame appeared first on Emsisoft | Security Blog.

New email extortion scam warns "Pay $4,000 or a hitman is coming for you" (HackRead) In a new extortion scam, a cybercriminal is sending threatening emails to unsuspecting users asking them to pay a whopping $4,000 in Bitcoin or wait to be executed by a hitman.

Cyber Trends

Analysis | The Cybersecurity 202: International cooperation on China hacking could be signal for 2019 (Washington Post) The Trump administration has learned cyberspace is one place it can’t go it alone.

2018 was the year the Internet splintered (Foreign Policy) The new rules of digital warfare are coming into shape.

Cybersecurity: Time for a New Definition (Lawfare) We need a new definition of cybersecurity that includes not only virtual and physical infrastructure attacks, but psychological warfare.

McAfee Report Examines Cybercriminal Underground (BusinessWire) McAfee, the device-to-cloud cybersecurity company, today released its McAfee Labs Threats Report: December 2018, examining activity in the cybercrimin

Key Findings: Morphisec Labs Threat Report December 2018 (Best Endpoint Security Protection Software and Vendors) Endpoint security and threat prevention solution provider Morphisec released their Morphisec Labs Threat Report for December 2018.

Maybe we have the cybersecurity we deserve (CSO Online) Companies have focused more on making the consumer recovery process from fraud and data breaches easier than on better security. Most people seem OK with that.

A restaurant's next big financial risk isn't bad reviews — it's data breaches (Restaurant Dive) As hackers find new ways to gather coveted personal information, restaurants are quickly becoming a target for the internet underworld.

Marketplace

Inside the Pentagon’s Plan to Win Over Silicon Valley (WIRED) The Defense Department wants to use AI in warfare. In the aftermath of Project Maven, it still needs Big Tech’s help.

What's wrong with Huawei, and why are countries banning the Chinese telecommunications firm? (The Conversation) Intelligence officials in many countries are concerned the company could be helping the Chinese government spy on companies, military units and government agencies.

Up Next for Huawei: a Cybersecurity Push | PYMNTS.com (PYMNTS.com) In a rare press conference inside its Dongguan facilities, Huawei Technologies said it would spend $2 billion over the next five years to concentrate on cybersecurity initiatives, according to a report by Reuters. This would include hiring more people and enhancing lab operations, as the company tries to counteract some of the negative publicity that’s […]

Samsung's 5G Network Grab Gets Boost With Huawei, ZTE Under Fire (Bloomberg) South Korean electronics giant has won 5G business in U.S. Trends are lining up in favor of Samsung, executive says

DEVCON Raises $4.5M to Fight Growing Epidemic of Cyber Fraud and Ad Theft (AP NEWS) DEVCON , a cybersecurity software company dedicated to defeating ad fraud and preserving independent journalism, today announced it has closed a seed round of funding led by Las Olas VC with participation from individual investors including Paul Judge, cofounder of TechSquare Labs and executive chairman of Pindrop, and Adam Ghetti, founder of Ionic Security. The round comes as DEVCON attacks the growing epidemic of global ad fraud and theft, a problem estimated to account for $19 billion in losses this year, ballooning to $44 billion by 2022.

Thales gets green light from ACCC to buy Gemalto (iTnews) Must sell general-purpose hardware security module business.

Needham: Zscaler heading for $1B in reveneu; ZS +2% (Seeking Alpha) Needham reiterates Zscaler (NASDAQ:ZS) at Strong Buy and a $47.50 target after meeting with the company.Analyst Alex Henderson says ZS "is poised to be a major leading cloud security company"

3 Stocks Poised for Huge Growth Over the Next Decade -- The Motley Fool (The Motley Fool) Cronos Group, Welltower, and Zscaler will ride the next supertrend wave.

FireEye May Be One Of The Market's Best-Kept Secrets... For Now (Seeking Alpha) This year was a pivotal one for the company’s fundamentals, swinging to an operating profit. Cybsersecurity spending is projected to grow 9% in 2019, and then c

CrowdStrike is looking for 80 additional IT engineers in the upcoming months (Business Review) CrowdStrike Inc., the leader in cloud-delivered endpoint protection, today announced the official opening of its new Center of Innovation in the Pipera

Mimecast Welcomes Bob Schechter to Board of Directors (Financial Buzz) Mimecast Limited (NASDAQ: MIME), a leading email

Products, Services, and Solutions

McAfee MVISION Portfolio Added to Department of Homeland Security’s CDM Approved Product List (BusinessWire) McAfee, the device to cloud cybersecurity company, today announced the McAfee MVISION Portfolio Family of security technologies and McAfee® ePolicy Or

New build checks for vulnerabilities in Apache products, Coldfusion, ACME mini_httpd and Spring Security | Acunetix (Acunetix) Acunetix version 12 (build 12.0.181218140 – Windows and Linux) has been released. This new build checks for vulnerabilities in Apache Solr, Apache mod)jk, Coldfusion, ACME mini_httpd, Spring Security. The new build also includes a number of updates and important fixes. The new vulnerability checks, updates and fixes are available for both Windows and Linux.

Safe-T Enhances Software-defined Access Solution (Sys-Con Media) Announces New Version and Roadmap to Help Enterprises Combat Growing Data Protection Challenges

CenturyLink Unveils Advanced Security Service with Palo Alto Networks (Channel Partners) CenturyLink's Security Log Monitoring platform manages and monitors a diverse set of Palo Alto Networks next-generation firewalls with enhanced visibility and threat intelligence capabilities, as well as integration with its portal and mobile application.

Palo Alto prepares to expand scope of Cyber Range (Computerworld) Palo Alto Networks is preparing to launch the next generation of its Cyber Range training scheme in the first half of calendar 2019.

ZeroFOX Provides Digital Risk Protection Wherever You Are with the ZeroFOX Enterprise Mobile App (BusinessWire) Available in the Google Play and Apple Store, the ZeroFOX Enterprise Mobile App delivers actionable alerts to the palm of your hand.

Fortinet’s Security-First Approach to SD-WAN Continues to Gain Momentum (GlobeNewswire News Room) Independent testing and new customers and use cases show the value of best-of-breed security and best-of-breed SD-WAN in a single integrated offering

Avast and Wind Tre Join Forces to Provide Parental Control Apps to Families in Italy (AP NEWS) Avast (LSE:AVST), the global leader in cybersecurity products, today announced the market launch of the new Wind Family Protect application in Italy. Avast and Wind Tre, a top Italian mobile operator and among the main operators in the fixed-line market, partnered to create a simple and effective app that helps parents manage their children’s access to the internet and keeps track of their whereabouts.

Ixia, a Keysight Business, Achieves FIPS 140-2 Validation for Network Packet Brokers (BusinessWire) Ixia, a Keysight Business, Achieves FIPS 140-2 Validation for Network Packet Brokers

SentinelOne Partners with Exabeam to Rapidly Detect and Autonomously Stop Advanced Threats (BusinessWire) SentinelOne, the autonomous endpoint protection company, and Exabeam, the next-gen SIEM company, today announced a strategic partnership and the techn

KnowBe4 Launches PhishER to Improve Email Security (eWEEK) KnowBe4 is looking to make it easier for organizations to analyze and manage phishing alerts in a bid to improve email security.

CynergisTek and Protenus Join Forces as Partners to Protect Patient Privacy (AP NEWS) \CynergisTek, Inc. (NYSE AMERICAN: CTEK), a leader in healthcare cybersecurity, privacy, and information assurance, today announced it has formed a preferred partnership with Protenus, a healthcare compliance analytics platform that protects patient privacy, to help health systems nationwide enhance patient privacy monitoring programs.

Technologies, Techniques, and Standards

Cybersecurity: The Hackers Are Already Through The Utilities' Doors, So What's Next? (Forbes) Ray Rothrock on utility hackers: "It’s not a matter of the bad guys finding a way in. They are already in your network…so the malware is already inside." The question is, what to do about it?

How prepared is the EU for major cybersecurity threats? (Silicon Republic) A Europe-wide cybersecurity exercise organised by ENISA has shown just how prepared the area is for major cyberattacks.

True Test of GDPR is Still Coming (Decipher) More than six months after the European data privacy regulation went into effect, we still don’t know how effective GDPR will be at protecting data privacy.

How the Pokemon Company achieved GDPR compliance with minimal Gloom (ComputerworldUK) Regulations such as GDPR mean that when it comes to compliance issues the Pokemon Company can't afford to take any Chanseys, and really had to catch them all

AI Yields Security Benefits, Not Without Problems (Infosecurity Magazine) AI holds great promise, if organizations can work through its challenges.

Messaging Layer Security: An Open Standard for Encrypted Group Chats (Computer Business Review) "At Wire we have a vision for secure messaging: Federated environments based on open standards". The Messaging Layer Security standard would allow...

New Army AI is cutting through data-choked battlefields (C4ISRNET) Army units are getting electronic warfare prototypes with new artificial intelligence capabilities.

The benefits of using a cloud honeypot for threat intelligence (SearchCloudSecurity) A cloud honeypot may be a better option for enterprises than a traditional honeypot deployment because the cloud adds security features. Learn more about the pros and cons of using a cloud-based honeypot.

Automating a DevOps-Friendly Security Policy (Dark Reading) There can be a clash of missions between security and IT Ops teams, but automation can help.

Design and Innovation

China Is Achieving AI Dominance by Relying on Young Blue-Collar Workers (Motherboard) To remain the world leader in artificial intelligence, China relies on young “data labelers” who work eight hours a day processing massive amounts of data to make computers smart.

We Should Replace Facebook With Personal Websites (Motherboard) Personal websites and email can replace most of what people like about Facebook—namely the urge to post about their lives online.

Research and Development

Is quantum computing a cybersecurity threat? (San Francisco Chronicle) Cybersecurity researchers and analysts are rightly worried that a new type of computer, based on quantum physics rather than more standard electronics, could break most modern cryptography. The effect would be to render communications as insecure as if they weren’t encoded at all. Fortunately, the threat so far is hypothetical. The quantum computers that exist today are not capable of breaking any commonly used encryption methods.

Better security achieved with randomly generating biological encryption keys (ScienceDaily) Data breaches, hacked systems and hostage malware are frequently topics of evening news casts -- including stories of department store, hospital, government and bank data leaking into unsavory hands -- but now a team of engineers has an encryption key approach that is unclonable and not reverse-engineerable, protecting information even as computers become faster and nimbler.

New encryption is based on the random movement of living cells (Futurism) You can't reverse engineer cell movements if you have no idea where they're going.

Hardening algorithms against adversarial AI (GCN) How can developers secure artificial intelligence applications when the underlying data is vulnerable to hackers?

Legislation, Policy and Regulation

Are cyber weapons similar to WMDs? DoD wants to know (Fifth Domain) The Department of Defense is seeking research papers assessing the relationship between offensive cyber and weapons of mass destruction.

Securing the Internet of Things (The National Law Review) The &lsquo;Internet of Things&rsquo; (&lsquo;IoT&lsquo;) &ndash; a rather vague collective term for the random mix of new technology which has now infiltrated our lives. In simple terms, it is the gro

Saudi Arabia modifies intelligence service after Khashoggi murder (Al Jazeera) New departments to be formed to ensure operations are in line with national security policy and human rights law.

Saudi-Israel backchannel takes hit after officials dismissed over Khashoggi murder, report says (Haaretz) Two of MBS' close aides allegedly led covert efforts to improve ties between Jerusalem and Riyadh, but sources tell WSJ their involvement in killing of dissident journalist 'dampened appetite for risky foreign policy endeavors'

Singapore Government to Launch Second Bug Bounty Initiative with HackerOne to Boost Cyber Defences (BusinessWire) HackerOne, the leading hacker-powered security platform, today announced it will partner with the Government Technology Agency of Singapore (GovTech)

Opinion | Sen. Ron Wyden: It's time for Congress to protect Facebook users, since Facebook won't (NBC News) The company's inability or unwillingness to change its ways makes America, and Americans, less secure.

Regulation is the only way to control the IoT cyber-security threat, says Databarracks (Security News Desk) IoT will be the source of more data breaches as we see mass adoption and rapid growth in the number of connected devices, according to Databarracks.

Senators Introduce Data Care Act To Establish Duties For Online Service Providers (JD Supra) On December 12, 2018, Senator Schatz (D-HI), along with 15 other Senators, introduced the Data Care Act of 2018 “to establish duties for online...

CISA Focusing on Foreign Cyber Threats (Meritalk) The newly-named Cybersecurity and Infrastructure Security Agency (CISA) has been elevated within the Department of Homeland Security (DHS), and one of the biggest priorities for the agency will be responses to cyber threats from other nations, as a senior CISA official discussed on Sunday’s episode of Government Matters.

DHS to Strengthen Cybersecurity With Action Plan (Meritalk) The Department of Homeland Security (DHS) released a new priority goal action plan for the agency on Tuesday.

Keeping Credit Reporting Agencies in Check – Is it Enough? (TechNative) In January 2018, two U.S. senators introduced a bill that would empower the government to impose severe fines on consumer reporting agencies that failed to protect stored sensitive personal data of individuals

'Multidomain Operations 1.5' expands cyber support program (InsideDefense.com) The Army's new "Multidomain Operations 1.5" concept will expand the work of Army Cyber Command's Cyberspace Electromagnetic Activities Support to Corps and Below program, but will not necessarily change its mission, according to the program's director.

Mattis leaving as Pentagon chief after clashes with Trump (Federal News Network) President Donald Trump has announced that Defense Secretary Jim Mattis will retire at the end of February.

Litigation, Investigation, and Enforcement

China accused of extensive and 'unrelenting' global hacking campaign (The Telegraph) China was been accused of waging an "unrelenting" cyber war on the UK, US and other Western countries in an attempt to steal secrets from companies and government agencies.

U.S. Accuses Chinese Nationals of Infiltrating Corporate and Government Technology (New York Times) The move comes as the Justice Department announced criminal charges against hackers it said were linked to China’s security services.

Foreign Office slams China for cyber attack campaign (City A.M.) The Foreign Office has accused China of conducting an “extensive” campaign of cyber attacks against the UK.

Canadian companies targeted by alleged Chinese cyber attack - CityNews Toronto (CityNews Toronto) U.S. authorities slammed China for its alleged, continued cyber crimes that includes attacks on companies in at least a dozen countries, including Canada

U.S. Indicts Chinese Duo for Massive, Years-Long Spy Campaign (Threatpost) The homeland security implications are significant: the two, working with Beijing-backed APT10, allegedly stole sensitive data from orgs like the Navy and NASA.

U. S. charges Chinese hackers in alleged theft of vast trove of confidential data in 12 countries (Washington Post) The indictments are part of a coordinated effort with U.S. allies to hold China accountable for persistent cyberespionage, officials said.

China denies 'slanderous' economic espionage charges from U.S., allies (Reuters) China's Foreign Ministry said on Friday it resolutely opposed "slander...

China hits back at US allegations of mass cyberthefts (Nikkei Asian Review) US indicts two Chinese men for 'unacceptable' thefts across at least 12 countries

APT10 Indictments Show Expansion of MSP Targeting, Cloud Hopper Campaign (Dark Reading) US brings more indictments against the APT10 cyber espionage group operating in China for its Operation Cloud Hopper campaign against managed service providers, but what will those indictments accomplish?

Russians Hit With Fresh U.S. Sanctions Over Cyberattacks, Election Meddling (Gizmodo) Citing a continued disregard for “international norms,” the U.S. Treasury Department on Wednesday announced new sanctions against Russian assets and individuals, including 15 members of the Russian intelligence agency formerly known as the GRU.

Feds Charge Three in Mass Seizure of Attack-for-hire Services (KrebsOnSecurity) Authorities in the United States this week brought criminal hacking charges against three men as part of an unprecedented, international takedown targeting 15 different “booter” or “stresser” sites — attack-for-hire services that helped paying customers launch tens of thousands of digital sieges capable of knocking Web sites and entire network providers offline.

Criminal Charges Filed in Los Angeles and Alaska in Conjunction with Seizures Of 15 Websites Offering DDoS-For-Hire Services (US Department of Justice) The Justice Department announced today the seizure of 15 internet domains associated with DDoS-for-hire services, as well as criminal charges against three defendants who facilitated the computer attack platforms.

Disinformation Report: An Investigation into IRA Activities in 2016 (New Knowledge) In late 2017, tech companies turned over a data set containing IRA activity to the Senate Select Committee on Intelligence. This is New Knowledge's analysis.

Russian Agents Sought Secret US Treasury Records On Clinton Backers During 2016 Campaign (BuzzFeed News) Whistleblowers said the Americans were exchanging messages with unsecure Gmail accounts set up by their Russian counterparts as the US election heated up.

Sen. Jones calls for probe into alleged disinformation plot in Alabama Senate race (Washington Post) The allegations stem from news reports, first in The Washington Post on Tuesday, in which researcher Jonathon Morgan acknowledged creating a misleading Facebook page targeting conservative voters in Alabama and also buying retweets to test his ability to provide “lift” for social media messages.

Danske Case May Turn Out to Be Hybrid Warfare, Estonia Says (Bloomberg) One of Europe’s largest money-laundering scandals centered around the Estonian branch of Danske Bank A/S could be a type of hybrid warfare waged by the Baltic nation’s former Soviet master Russia. Estonia’s definition of money laundering should change, because it doesn’t allow for a proper response to laundering "condoned or organized by an unfriendly third country,” the government said in a report published Thursday. It cited research "showing Russia’s new tools for increasing tensions in the Baltic Sea region.”

The Pentagon Doesn’t Know All the Software on Its Networks—And That’s a Problem (Defense One) The Defense Department faces “unnecessary” risk without a complete software inventory, according to the agency’s inspector general.

Former Ga. candidate for governor indicted (ajc) State Sen. Michael Williams, who waged an unsuccessful and at times incendiary campaign for governor this year, was indicted this week in Hall County, apparently stemming from allegedly false report he made saying computer servers were stolen from his campaign office.

Five Eyes respond to China's MSS. Shamoon 3 tied to Iran. Blind exposure. Cloud phishing. Home assistant hacks. No hitman.