The CyberWire Daily Briefing 3.9.18

Special Section

SINET ITSEF

SINET's annual ITSEF conference concluded yesterday, beginning with reflections on the future of cryptography from the field's leading experts. Other themes of the second day included the ways in which government and industry shared intersecting cybersecurity needs, and the importance of resilience. The discussions of resilience converged on one big lesson: the importance of planning and exercising incident response. That sort of planning and exercise are something industry could learn from the military.

We'll be adding more detailed accounts of the conference to add this coming Monday.

Summary

By The CyberWire Staff

According to McAfee, North Korean threat actor Hidden Cobra is prospecting Turkish financial institutions. The campaign appears to be reconnaissance for some larger, future operation yet to develop.

Something that's not Pyongyang's work is the series of attacks surrounding last month's Winter Olympics. Signs pointing toward North Korea in those attacks are now generally regarded as false flags, probably hoisted by Russian state operators.

Recorded Future has a report on China's National Vulnerability Database (CNNVDB). Dating in that database seems to have been altered in ways designed to obscure Chinese government hacking.

At midweek Microsoft succeeded in stopping a large-scale cryptojacking infestation that attempted to infect some four-hundred-thousand users over the space of a few hours. The mining software was carried as the payload of the Dofoil (or Smoke Loader) Trojan. The mining application supports NiceHash, and so can work with a variety of cryptocurrencies.

Memcrash distributed denial-of-service attacks have spread across a variety of targets. In addition to the well-known attack on GitHub, other victims have included Google, the National Rifle Association, PlayStation Network, Amazon, and Kaspersky.

A debugging app appears to have been left on OnePlus phones, leaving them open to attackers who could abuse the app to obtain root access.

Adobe has patched Flash Player, and also Acrobat and Reader.

In the US, White House officials note that cybersecurity reports required of Federal agencies under Executive Order 13800 are for the most part in, and that the public can expect to see policy changes as a result.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Democratic Peoples Republic of Korea, Republic of Korea, Netherlands, Russia, Turkey, and United States.

A note to our readers: the CyberWire is happy to have been chosen as a finalist for the Maryland Cybersecurity Diversity Award (and the Cybersecurity Association of Maryland's People's Choice Award). You can find out more about the awards (and how to vote for us, if you'd like) here.

Thanks to those of you who pointed out some repetition of articles in yesterday's CyberWire. It was an email error; you'll find the corrected issue up on our site.

How seamlessly is your data ingested across vendors?

To successfully fend off increasingly sophisticated cyber attacks, organizations need security tools that work effectively and efficiently across vendors. Join LookingGlass’ webinar with IBM and Cisco overviewing how STIX/TAXII2 standards-based technologies support solving those challenges in a new and effective manner. Sign up now!

Podcast Summary

In today's podcast we speak with our partners at Terbium Labs, as Emily Wilson talks about the issues surrounding attempts to spend our way to security. Our guest, Priscilla Moriuchi from Recorded Future, describes their research documenting a backdating issue in the CNNVD, China’s National Vulnerability Database.

Mountain View: the latest from SINET ITSEF 2018

SINET ITSEF 2018: The current state of cybersecurity. (The CyberWire) SINET ITSEF takes as its mission "bridging the gap between Silicon Valley and the Beltway," convening leaders in technology, investment, government, and business to discuss challenges and opportunities in cybersecurity. Panels and workshops take up questions of immediate and enduring concern to the security industry and its stakeholders.

RiskSense CEO to Discuss the Need for Bug Bounty Reform at SINET ITSEF 2018 (PR Newswire) RiskSense®, Inc., the pioneer in intelligent...

Cyber Attacks, Threats, and Vulnerabilities

North Korea Threat Group Targeting Turkish Financial Orgs (Dark Reading) Hidden Cobra appears to be collecting information for a later strike, McAfee says.

US intel chief: North Korea is the ‘hardest intelligence collection target’ (Defense News) The head of the U.S. Defense Intelligence Agency has warned lawmakers of North Korea's and China's military ambitions.

Surprise: Norks not actually behind Olympic Destroyer malware outbreak – Kaspersky (Register) Who framed Pyongyang, then, we wonder

Russian group 'more likely' behind Seoul Games attack (iTWire) A cyber attack during the opening ceremony of last month's Winter Olympics appears to have been carried out using sophisticated malware that has the h...

Chinese Backdated Bug Disclosures to Hide State Hacking: Report (Infosecurity Magazine) Chinese Backdated Bug Disclosures to Hide State Hacking: Report. Don’t trust Beijing’s national vulnerability database, says Recorded Future

China Altered Public Vulnerability Data to Conceal MSS Influence (Recorded Futrue) In November 2017 Recorded Future published research examining the publication speed for China's National Vulnerability Database (CNNVDB).

Router-Hacking 'Slingshot' Spy Operation Compromised More Than 100 Targets (WIRED) A sophisticated hacking campaign used routers as a stepping stone to plant spyware deep in target machines across the Middle East and Africa.

Windows security: Microsoft fights massive cryptocoin miner malware outbreak (ZDNet) Microsoft has blocked a malware outbreak that could have earned big bucks for one criminal group.

Microsoft Stops Malware Campaign That Tried to Infect 400,000 Users in 12 Hours (BleepingComputer) Microsoft revealed today that Windows Defender stopped a massive malware distribution campaign that attempted to infect over 400,000 users with a cryptocurrency miner during a 12-hour period on March 6, 2018.

Massive Coin-Mining Attempt Targets Nearly Half a Million PCs (Infosecurity Magazine) Dofoil uses a customized mining application that supports NiceHash, so it can mine different cryptocurrencies.

Windows 10 flaw allowed attackers to open malicious websites… even... (HOTforSecurity) You may think your Windows 10 computer is locked, but is it really? Israeli researchers Tal Be’ery and Amichai Shulman have discovered a way of just using voice commands to make locked Windows 10 computers visit a website under the control of malicious... #cortana #voiceassistant #windows10flaw

Vulnerable Apache Solr, Redis, Windows servers hit with cryptominers (Help Net Security) Vulnerable servers of all kinds are being targeted, compromised and made to mine cryptocurrencies for the attackers, as SANS ISC handler Renato Marihno warns about an active campaign.

Apache SOLR: the new target for cryptominers (SANS Internet Storm Center) Earlier this year, I wrote about a campaign targeting vulnerable Oracle WebLogic installations to deploy cryptocurrency miners

Researchers develop 'SgxSpectre' security exploit that can crack Intel's SGX secure environment | Computing (Computing) Intel security feature cracked wide open by university researchers exploiting Spectre CPU security flaw

Russian Propaganda Remains on Reddit (WIRED) Reddit has deleted hundreds of Russian troll accounts, but the links they shared remain, forming a digital trail of the Internet Research Agency's actions on the platform.

Tennessee Senate Campaign Sees Possible Hack (Dark Reading) Phil Bredesen's campaign for US senate sees a hacker's hand in email messages

Debugging Tool Left on OnePlus Phones, Enables Root Access (Threatpost) Phone maker OnePlus is being blasted for leaving a developer debugging app on its handsets allowing phones to be rooted by an attacker with physical access to the device.

Google, PlayStation & NRA suffered DDoS attacks via Memcached servers (HackRead) It turns out other than GitHub, Google, NRA, PSN, Amazon, Kaspersky, and others have also suffered DDoS attacks via Memcached servers.

NRA Websites Heavily Targeted by Memcached-Based DDoS Attacks (BleepingComputer) Websites associated with the US National Rifle Association (NRA) have often been the targets of Memcached-based DDoS attacks, according to Qihoo 360's Network Security Research Laboratory (Netlab).

Rift keels over after Oculus forgets to renew security certificate (Naked Security) Users got an unwelcome dose of non-virtual reality: “Can’t reach Oculus Runtime Service”

Look-Alike Domains and Visual Confusion (KrebsOnSecurity) How good are you at telling the difference between domain names you know and trust and impostor or look-alike domains?

Universities Lag in DMARC Adoption (Infosecurity Magazine) Only 11.2% have adopted the DMARC email security framework

Addenbrooke's computer system failures 'not related to cyber attack' (Cambridge News) Planned surgeries were cancelled and ambulances were diverted to other hospitals across the region

Security Patches, Mitigations, and Software Updates

Adobe Patches Flash Player, 56 Bugs in Reader and Acrobat (Threatpost) Adobe released a monster update for Acrobat and Reader patching dozens of remote code execution vulnerabilities, along with a Flash Player update addressing a handful of critical flaws.

Facebook says “let me get that for you”, secures your links (Naked Security) The campaign to make HTTPS universal scored a huge win this week.

Hardcoded password and Java deserialization flaws found in Cisco products (CP Blog) The set of security updates recently released by Cisco also includes two advisories for critical vulnerabilities, a hardcoded password, and a Java deserialization flaw. The lasters set of security updates released by Cisco also includes two advisories for critical vulnerabilities. The first issue is a hardcoded password, tracked as CVE-2018-0141, that affects Cisco’s Prime Collaboration Provisioning … The post Hardcoded password and Java deserialization flaws found in Cisco products appeared first on Security Affairs.

Cyber Trends

It’s Time to Drop “Cyber” from Our Vocabulary (TechNative) “Cyber” is a lazy term that references anything connected to a computer, network, the Internet, or information technology writ large

Cyber sector tries to shake off ‘men in hoodies’ image (Financial Times) Looking beyond science graduates helps companies boost female intake

Marketplace

Cybersecurity: NY's Midsize Law Firms to Face Increased Scrutiny (New York Law Journal) Big banks put the pressure on Big Law first when concerns about cybersecurity came to the forefront experts say. But now midsize law firms that have successfully competed for some of that business will lose those clients if they don't meet the same cybersecurity standards as the big firms do.

Startup Attacks Splunk In $6B Cyberthreat Data Market (Forbes) Why would a company buy software from a startup when a large publicly-traded supplier is happy to sell it to you? The answer is easy to say and hard to do—companies buy from startups that beat the incumbent with a better solution to their problem at a lower cost.

Why Investors Should Hold On To Palo Alto (PANW) Stock Now? (NASDAQ.com) Of late, shares of Palo Alto Networks Inc. PANW have been on an upswing. The stock has been on a bullish run, appreciating 28.5% in the year so far..

Products, Services, and Solutions

New infosec products of the week: March 9, 2018 (Help Net Security) This week's featured infosec products contain releases from the following vendors: Nehemiah Security, StreamSets, Veritas Technologies, and Aqua Security.

Leonardo Teams with Nozomi Networks to Secure Critical Infrastructures for its International Customers (Nozomi Networks) Critical and industrial infrastructure and related control systems (Industrial Control Systems) are increasingly exposed to cyber attacks and therefore require greater levels of detection to develop more effective protection and response capabilities.

Sikur’s COO: Hacker Diversity Essential in Securing SIKURPhone (HackerOne) German cybersecurity company, Sikur, has high demands for security - it’s Secure Communication Platform is utilized by governments, corporations, and high-level executives. In addition, the company just announced a new cryptocurrency wallet for its secure mobile device, SIKURPhone at Mobile World Congress in Barcelona.

How Did Government Agencies and Companies Prevent over 250,000 Data Breach Incidents in 2017 (Secure Data Destruction, Hard Drive Shredding and Electronics Recycling) In 2017, government agencies and companies of all sizes used a Maryland Cyber Security firm - eEnd - to destroy over 250,000 computer hard drives which contained several million records.

Facebook-owned Onavo quietly launches Bolt App Lock, a data-tracking app that locks other apps (TechCrunch) Onavo, the data-security app maker Facebook acquired in 2013 in order gain insights into mobile user activity across apps, has quietly launched a new app..

Amazon’s trying to get Alexa to stop laughing at us (Naked Security) Amazon’s Alexa has been startling people by randomly laughing.

Hilltop Cybersecurity to Launch Early Warning System for a New Form of Cyber Attack (GlobeNewswire News Room) Hilltop Cybersecurity Inc, (“Hilltop” or the “Company”). (CSE:CYBX) (OTC:BGGWF), is pleased to announce that it has begun pre-launch testing of its prototype Early Warning System for advanced cyber-threats.

Comodo CA Launches Industry Leading Certificate Manager 6.0 for Next Generation Digital Certificate Management & Automation (GlobeNewswire News Room) Automatic provisioning for F5 BIG-IP including WildCard and Multi-Domain as well as Microsoft CA certificates discovery, management and replacement through a single interface

Technologies, Techniques, and Standards

Entropy sources: How do NIST rules impact risk assessments? (SearchSecurity) New NIST guidelines highlight the importance of testing entropy sources during a risk assessment. Learn how this benefits the enterprise with Judith Myerson.

Academia

UWF partners with National Security Agency to improve cyber security training (Pensacola News Journal) UWF partners with National Security Agency to improve cyber security training

Military members earning college credits with cyber analysis course (WEAR) The University of West Florida is teaming up with the National Security Agency to help military members earn degrees in cybersecurity.Active military members who complete the NSA's Joint Cyber Analysis Course will now be able to earn college credit at UWF.

Legislation, Policy, and Regulation

Cyber Operations and the U.S. Definition of “Armed Attack” (Just Security) What are the real world effects of the unusual U.S. view of the scope of any nation's right to use military force in self-defense.

US Not Effectively Countering Russia Cyber Threat, Top General Says (CBS Baltimore) The top US general in Europe has said he does not believe there is a unified effort across the US government to confront Russian cyberthreats.

China Spends More on Domestic Security as Xi’s Powers Grow (Wall Street Journal) Beijing has substantially increased spending on domestic security, reflecting concern about threats inside its borders as President Xi moves to acquire more power and reassert Communist Party authority.

White House hints at new cyber policies (FCW) Changes sparked by the cybersecurity executive order are on the horizon, a top administration official said, as cyber workforce issues continue to challenge agencies.

U.S. Hasn't Shared Enough About Cyber Risks, Official Says (Bloomberg.com) The U.S. government has failed to share enough information about cyber threats, including risks to election systems, with federal agencies and states, according to a top Trump administration intelligence official.

GAO: Homeland Security too slow in hiring cyber workers (Fifth Domain) The Department of Homeland Security has failed to hire needed cybersecurity professionals even though it was given approval to do so by Congress in 2014, according to a report released March 8 by the Government Accountability Office.

Litigation, Investigation, and Law Enforcement

Russian state TV anchor warns 'traitors' (BBC News) Top TV channels end a near-silence on the UK spy poisoning with a "warning to traitors".

Keep those nuclear secrets secret. OK, I'll hoard them in my attic (CSO Online) Weldon Marshall recently pled guilty to stealing U.S government secrets associated with the U.S. nuclear weapons systems and keeping them in his Texas home.

Best Buy's Geek Squad and the FBI have been in bed together for years (CSO Online) The FBI has been paying Geek Squad employees to act as informants, according to documents obtained by the EFF via a Freedom of Information Act lawsuit.

Operation Bayonet: Inside the Sting That Hijacked an Entire Dark Web Drug Market (WIRED) Dutch police detail for the first time how they secretly hijacked Hansa, Europe's most popular dark web market.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

PCI Security Standards Council Middle East and Africa Forum (Cape Town, South Africa, Mar 14 - 15, 2018) Don’t miss the data security event of the year for the payment card industry. Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers. The PCI Security Standards Council’s 2018 Middle East and Africa Forum (MEAF) provides you the information and tools to help secure payment data. They lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches.

SecureWorld Boston (Boston, Massachussetts, USA, Mar 14 - 15, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Cyber 9-12 (Washington, DC, USA, Mar 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyberattack and analyze the threat it poses to national, international, and private sector interests.

Infosecurity Magazine Spring Virtual Conference (Online, Mar 21, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and live profile interviews, all fully produced and moderated by the Infosecurity Magazine editorial team. Each day event looks into the biggest industry issues and trends creating an immersive education program featuring a large selection of high calibre speakers and specialists in their field.

3rd Annual Billington International Cybersecurity Summit (Washington, DC, USA, Mar 21, 2018) With confirmed speakers from Estonia, Romania, Singapore, Sweden, the United States, and Kuwait, and with attendees from many more countries, this summit brings together world-class cybersecurity thought leaders to engage in high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Infosecurity Magazine North America Virtual Conference (Online, Mar 21 - 22, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and live profile interviews, all fully produced and moderated by the Infosecurity Magazine editorial team. Each day event looks into the biggest industry issues and trends creating an immersive education program featuring a large selection of high calibre speakers and specialists in their field.

The Cyber Security Summit: Denver (Denver, Colorado, USA, Mar 22, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Women in CyberSecurity 2018 (Chicago, Illinois, USA, Mar 23 - 24, 2018) Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option.

Northeast Regional Security Education Symposium (Jersey City, New Jersey, USA, Mar 23, 2018) The Professional Security Studies Department at New Jersey City University (NJCU) will hold its Northeast Regional Security Education Symposium on Friday, March 23, 2018, from 8 am to 2 pm. The symposium will feature discussions about national, corporate and cybersecurity implications related to the public and private sectors. This year’s symposium will take place at the NJCU School of Business’ Skyline Room, 147 Harborside Financial Center in Jersey City, NJ, with stunning views of Manhattan across the Hudson River. The event will feature a dark web overview, national security and media coverage, careers in security, and risk assessment and security.

KNOW Identity Conference 2018 (Washington, DC, USA, Mar 26 - 28, 2018) The premier global event for the identity industry, the KNOW Identity Conference is the nexus for identity innovation, offering a uniquely differentiated, powerful, and immersive event that convenes the world’s most influential organizations and smartest minds across industries to shape the future of identity.

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, Mar 28 - 29, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

National Cyber League Spring Season (Chevy Chase, Maryland, USA, Mar 30 - May 25, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Regular Season and Postseason. NCL allows players of all levels to enter. Between Easy, Medium and Hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season is 2/26/18-3/25/18.

4th Middle East Cyber Security Summit (Riyadh, Saudi Arabia, Apr 4 - 5, 2018) The summit will feature state of the art presentations, hackathons and technology showcasing from regional and international experts and leading technology providers. One of the focus areas of the summit will be block-chains & artificial intelligence in existing technical infrastructure in order to protect organizations from external attacks. The need of the hour is to create an ecosystem of trust aided with cybersecurity capabilities.

Cybersecurity: A Shared Responsibility (Auburn, Alabama, USA, Apr 8 - 10, 2018) During the 2018 SEC Academic Conference, we will explore three themes within cyber security: the underlying computer and communication technology; the economic and physical systems that are controlled by technology; and the policies and laws that govern and protect the use of information that is stored in, transmitted by, and processed with technology.

Sea-Air-Space: The Navy League’s Global Maritime Exposition (National Harbor, Maryland, USA, Apr 9 - 11, 2018) Join us this April for Sea-Air-Space, the largest maritime exposition in the U.S., with 275+ exhibitors displaying the latest in maritime, defense and energy technology. This year’s theme, “Learn. Compete. Win.” reminds us that every day our men and women in uniform are learning new strategies, tactics and energy technology to compete against the world's best, where winning is the only option. The challenge is always on, and Sea-Air-Space is your place to participate in interactive exhibits, professional development sessions, and open forums disclosing timely information. Hear from active duty military, government and industry leaders on key issues and future strategies for the U.S. Navy, Marine Corps, Coast Guard U.S.-flag Merchant Marine.

2018 Mississippi College Cybersecurity Summit (Clinton, Mississippi, USA, Apr 10 - 11, 2018) The 2018 Mississippi College Cybersecurity Summit is a conference designed to engage, educate, and raise awareness about cybersecurity across the nation. The 2018 Cybersecurity Summit will provide valuable cybersecurity tools and resources for a variety of industries and topics, including: critical infrastructure, healthcare, government, education, large and small business issues, and cryptocurrencies.

ISC West 2018 (Las Vegas, Nevada, USA, Apr 11 - 13, 2018) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing everything from access control to unmanned vehicles from over 1,000 Exhibitors & Brands.

CYBERTACOS San Francisco (San Francisco, California, USA, Apr 16, 2018) CYBERTACOS is back and becoming one of the biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the press panel made up of influential security reporters who will discuss what they are covering and how to best work with them.

RSA Conference 2018 (San Francisco, California, USA, Apr 16 - 20, 2018) Take this opportunity to learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you.

Our Security Advocates (San Francisco, California, USA, Apr 17, 2018) OUR Security Advocates highlights a diverse set of experts from across information security, safety, trust, and other related fields. OURSA is a single-track, one-day conference with four topic sessions. In each session, you'll hear short talks from multiple experts followed by a moderated discussion.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

State-sponsored cyber recon. More Memcrash DDoS. Microsoft stops cryptomining campaign. US hints at cyber policy changes.