The CyberWire Daily Briefing 1.2.19

Cyber Attacks, Threats, and Vulnerabilities

Cyberattack Disrupts Printing of Major Newspapers (New York Times) Malware was focused on networks used by Tribune Publishing, former owner of The Los Angeles Times. It was the first known attack on newspaper printing operations.

Cyber attack causes distribution delays at prominent US newspapers: report (TheHill) A cyberattack Saturday targeting a major newspaper publishing company reportedly affected distribution at prominent newspapers across the United States.

Los Angeles Times, Tribune newspapers cyber attack probed by Homeland Security (The Washington Times) The origins of a suspected computer attack that disrupted the Los Angeles Times and Tribune Publishing newspapers remained unclear Sunday after causing delivery delays and being brought to the attention of federal investigators.

Letter from the publisher: Delivery of Union-Tribune affected by computer virus (San Diego Union Tribune) Most Union-Tribune subscribers were without a newspaper this morning as a malware attack on the company’s business systems hobbled the ability to publish.

Tribune Publishing Fights Cyberattack, Resumes On-Time Deliveries (Wall Street Journal) Newspapers printed by Tribune Publishing were delivered on time across the U.S. on Sunday, a day after a cyberattack against the publisher hobbled the distribution of some of the nation’s biggest titles.

'Workaround systems' help print U.S. newspapers hit by cyber... (Reuters) Tribune Publishing Co used "workaround systems" to help print major U....

Origin Of Newspaper Cyber-Attack Still Unclear (CBS Sacramento) The origins of a suspected computer attack that disrupted the Los Angeles Times and Tribune Publishing newspapers remained unclear Sunday after causing delivery delays and being brought to the attention of federal investigators.

Ransomware vs. printing press? US newspapers face "foreign cyberattack" (WeLiveSecurity) ESET's Stephen Cobb looks at a reported malware attack that stalled the printing and delivery of several major US newspapers over the weekend.

Stop the Presses: Don't Rush Tribune Ransomware Attribution (BankInfo Security) Don't rush to blame the printing outage at newspapers owned by Tribune Publishing on anything more than an organization failing to block a malware outbreak. And even if it does prove to be a Ryuk ransomware attack, there's no proof yet that any particular nation state is behind the campaign, experts warn.

Ryuk Ransomware Involved in Cyberattack Stopping Newspaper Distribution (BleepingComputer) A cyberattack reportedly bearing the signature of Ryuk ransomware caused disruption over the weekend in printing and delivery of major newspapers in the US from Tribune Publishing and Los Angeles Times.

[Heads-up] North Korean Ransomware Attack Disrupts Major U.S. News Media (KnowBe4) It was all over the news. A server outage at a major newspaper publishing company on Saturday that prevented the distribution of many leading U.S. newspapers, including the Wall Street Journal, New York Times, Los Angeles Times, Chicago Tribune and Baltimore Sun.

Cyberattack Reminds Us About America’s Achilles’ Heel (the Trumpet) Computer malware attacks threaten U.S. infrastructure, personal data and military security.

Hackers steal data of N Korean defectors (BBC News) A personal computer at a resettlement centre in South Korea was found to have been infected.

Research reveals the battle to control Yemen's internet (Techworld) Recorded Future research demonstrates the importance of internet control in modern warfare

R7-2018-52: Guardzilla IoT Video Camera Hard-Coded Credential (Rapid7 Blog) Most HaXmas posts are full of fun and frivolity, but this one is a routine vulnerability disclosure in a piece of IoT gear that you should know about.

Windows Zero-Day Bug Allows Overwriting Files with Arbitrary Data (BleepingComputer) A security researcher has disclosed exploit code for a fourth zero-day vulnerability in Windows operating system in just as many months. The bug enables overwriting a target file with arbitrary data.

Hackers Threaten to Dump Insurance Files Related to 9/11 Attacks (Motherboard) The Dark Overlord appears to be trying to capitalize on conspiracy theories about the September 11 attacks.

Cryptocurrency Wallet Hacks Spark Dustup (Threatpost) Cryptocurrency wallets Trezor and Ledger are vulnerable to a number of different type attacks, researchers say.

Hackers steal Bitcoin worth $750,000 by hacking Electrum wallets (HackRead) This year we have seen an unprecedented rise in malware attacks against cryptocurrency wallets whereas cryptomining incidents have increased by 4,000%, reports McAfee.

How Hackers Stole $1B From Cryptocurrency Exchanges In 2018 (Forbes) The cryptocurrency year has been one of ups and downs, especially where exchange rates are concerned. Sadly, one area that has remained buoyant is crypto theft. So, who were the hackers that stole $1 billion and how did they do it?

New Ransomware possibly criakl version (My Online Security) It looks like we have a new Ransomware spreading as a nice Christmas Present. This is being identified as Criakl by Anyrun , but if it is criakl, then it is a new version . Criakl was around in 2014…

Hackers steal credit card data of 14,579 BevMo customers (HackRead) A warning has been issued by the Concord, California-based alcoholic beverages retailer BevMo informing its customers about a data breach that its online store experienced between 2 August and 26 September.

Underminer exploit kit improves in its latest iteration (Malwarebytes Labs) We take a look at some recent changes with the elusive Underminer exploit kit.

Is Spectre making a comeback? Processors in the spotlight (Panda Security Mediacenter) We began 2018 with a real scare: Meltdown and Spectre, two serious vulnerabilities. And it seems we’re going to finish the year with the same sensation.

Hackers use a fake wax hand to fool vein authentication security (The Verge) It was done using modified consumer tech

American Express Phishing using encoded html attachment (My Online Security) We see lots of phishing attempts for email, bank, PayPal, Credit card and other financial credentials. This one is slightly different than many others and much more involved and complicated…

Netflix phishing scam: Don’t take the bait (Consumer Information) Phishing is when someone uses fake emails or texts to get you to share valuable personal information – like account numbers, Social Security numbers, or your login IDs and passwords.

Security Patches, Mitigations, and Software Updates

Microsoft Monday: Upcoming Windows 10 Antivirus Feature, Launcher App, Xbox Game Pass Teaser (Forbes) This week, “Microsoft Monday” includes details about an upcoming Windows 10 antivirus feature, a Launcher update for Android and an Xbox Game Pass teaser.

Critical Bug Patched in Schneider Electric Vehicle Charging Station (Threatpost) Vulnerability in electric car charging stations could allow attackers to compromise devices.

Cyber Trends

2019: Cyber War - Part 1 (Forbes) Cyber war is on its way? Will it be a Happy New Year?

2019: Cyber War - Part 2 (Forbes) Cyber war is on its way? Will it be a Happy New Year?

Four big questions for cybersecurity in 2019 (Fifth Domain) History may remember 2018 as a big year for federal cybersecurity. So what comes next?

2019 Malware Trends to Watch (Threatpost) Here are 10 top malware trends to watch for in the New Year.

New actors will join state-sponsored hackers in global cyber-crime, report warns (Times of Israel) Russia's Kaspersky Lab says in its Targeted Threat Predictions for 2019 that barriers to new players entering the fray have 'never been so low'

Threatlist: Dark Web Markets See an Evolution in Q3 (Threatpost) Vulnerabilities, stolen credentials and an evolution of marketplaces mark the Dark Web in Q3.

The 21 scariest data breaches of 2018 (Business Insider) Millions of people had their personal information compromised this year in data breaches. See which companies were hit the hardest.

Why have we become desensitised to cyber attacks? (Real Business) Nowadays, not a day goes by without news of another cyber hack in the news. But according to Sungard's Mike Smith, human beings unfortunately learn to get used to things.

Two top execs’ predictions for cybersecurity in 2019 (Security Brief) One Identity and Secureworks executives Alex Tilley and Serkan Cetin have released what they see coming for cybersecurity in 2019.

2019 could be a tough year for Indian firms as cybercriminals turn to emerging technologies (Livemint) A report by Seqrite claims that Indian companies faced more than 26 million threats in Q3 of 2018 alone

Marketplace

Campaign against Huawei faces embarrassing reality (Asia Times) US has no 5G competitor, while European, South Korean players lag far behind

Tech stocks’ slide could prove tipping point for cybersecurity buying spree in 2019 (MarketWatch) There are too many cybersecurity companies offering too many solutions to too many problems, with too few qualified workers seeking to help. After years of hoping for a change, it’s possible that the fourth-quarter market correction could help 2019 be the year that change finally happens.

Thoma Bravo Completes Acquisition of Veracode Software (PR Newswire) Thoma Bravo, LLC, a leading private equity investment firm, today announced that it has...

Products, Services, and Solutions

Tor Is Easier Than Ever. Time to Give It a Try (WIRED) Been curious about Tor but worried it's too complicated to use? Good news: The anonymity service is more accessible than ever.

Technologies, Techniques, and Standards

The Air Force targeted its own personnel to see if they could 'recognize and thwart' cyberattacks (Business Insider) In an effort to test their awareness, the Air Force went after its own personnel with a hard-to-detect technique that can compromise networks.

Why it’s Time to Switch from Facebook Login to a Password Manager - (Trend Micro Simply Security) Social media sites are increasingly the focus of our digital lives. Not only do we share, interact and post on platforms like Facebook —we also use these sites to quickly log into our favorite apps and websites. But what happens when these social media gatekeepers are hacked? Awhile back, Facebook suffered a major attack when...

Air Force begins to roll out special cyber defense teams (Fifth Domain) Major commands will begin staffing new mission defense teams that focus on preventing cyberattacks.

Language, Regional Expertise and Culture Mobile App Refreshed, Encompasses 59 Countries (US Navy) CIWT's Language, Regional Expertise and Culture (LREC) directorate released a new version of its Navy Global Deployer app, Dec. 18.

Design and Innovation

Why the Pentagon’s cyber innovation could fall behind (Fifth Domain) A new paper argues that cyber innovation will struggle amid growing conflict with China and Russia.

What the future of artificial intelligence means for cybersecurity (Fifth Domain) Two new papers give an insight into how artificial technology will be used for cybersecurity in the future.

Leaked Documents Show How Instagram Polices Stories (Motherboard) Motherboard has obtained internal documents that show how Instagram moderators grapple to police the service's popular Stories feature.

Research and Development

This clever AI hid data from its creators to cheat at its appointed task (TechCrunch) Depending on how paranoid you are, this research from Stanford and Google will be either terrifying or fascinating. A machine learning agent intended to transform aerial images into street maps and back was found to be cheating by hiding information it would need later in "a nearly imperceptible, h…

US Spies Want to Know How to Spot Compromised AI (Defense One) What if you were training an AI, and an adversary slipped a few altered images into its study set?

Legislation, Policy and Regulation

Trump to declare emergency ban on Beijing ‘spy firms’ (Times) President Trump is preparing to declare a national emergency and outlaw two of China’s biggest telecoms companies over claims that they are being used to spy on America. An executive order is said...

FCC will suspend most operations on Thursday if the shutdown continues (TechCrunch) The Federal Communications Commission said on Monday that it will need to suspend most of its operations by the middle of Thursday if the partial government shutdown continues. The FCC will continue “work required for the protection of life and property,” as well as work related to spectrum auction…

How the new acting Pentagon chief views cybersecurity (Fifth Domain) Comments from Patrick Shanahan, who will take over as acting secretary of defense Jan. 1, give insight into his cybersecurity priorities amid growing national security challenges.

America, Meet Your (Acting) Secretary of Defense (The Atlantic) With no military experience and just a year and a half in government, the former Boeing executive Patrick Shanahan has yet to develop a foreign-policy vision of his own.

Dana White Out as Pentagon's Chief Spokeswoman (Military.com) The new Pentagon chief spokesman, Charlie Summers, is a former Maine politician and Navy reserve captain.

New chief for military spy agency (C4ISRNET) NGA will get a new director in February to replace Robert Cardillo.

Litigation, Investigation, and Enforcement

Russia arrests 'US spy' in Moscow (BBC News) The FSB security agency says a US man named Paul Whelan has been charged with spying.

Detained US citizen Paul Whelan was in Moscow for a wedding, his brother says (CNN) A US citizen and corporate security director detained in Russia on accusations of spying is a retired Marine who was in Moscow for a wedding, his twin brother said Tuesday.

UNITED STATES Plaintiff, v. HAROLD T. MARTIN, III, Defendant. (US District Court for the District of Maryland (via Politico)) On February 8, 2017, the Grand Jury returned an Indictment against Harold T. Martin, III, charging him with twenty counts of Willful Retention of National Defense Information in violation of 18 U.S.c. ~ 793(e).

FBI Botched Interrogation of Former NSA Contractor Accused of Stealing Secrets (Gizmodo) In the case of a former National Security Agency (NSA) contractor accused of stealing a huge cache of classified documents, a federal judge this month agreed to toss out statements made by the contractor, Harold “Hal” Martin, on the basis that FBI agents failed to Mirandize him properly during four-hour interrogation, even though the suspect was not under arrest at the time.

Suspect’s Twitter messages played role in NSA hacking-tools leak probe (POLITICO) Judge reveals that just before Shadow Brokers advertised a major breach, contractor sent suspicious message: “Shelf life, three weeks”

Thomas Rid on Twitter (Twitter) “CORRECTION: my post from earlier today erroneously linked Hal Martin to the Shadwobrokers. The redacted sections refer to another entity. H/t to an unnamed source and @emptywheel Caution also with this story: https://t.co/JMYeM0kpjk”

LinkedIn billionaire Reid Hoffman paid election ‘fixers’ (Times) One of the billionaire founders of the social network LinkedIn has apologised for unwittingly funding a disinformation campaign on Facebook and Twitter that allegedly sought to pervert the course...

Top-secret report on SingHealth attack submitted to Minister-in-charge of Cyber Security (The Straits Times) The full report on the attack, which is believed to be state-sponsored and the act of sophisticated hackers, is not being published for national security reasons.. Read more at straitstimes.com.

Netflix pulls 'Patriot Act' episode in Saudi Arabia after it criticized official account of Khashoggi killing (CNN) Netflix has blocked an episode of a comedy show that tackles the killing of journalist Jamal Khashoggi from streaming in Saudi Arabia after officials from the Kingdom complained.

US Petroleum Employee Charged with Stealing Trade Secrets for Chinese Firm (Dark Reading) Longtime US resident allegedly stole information for petroleum firm in China that had offered him a position.

CenturyLink outage that hit 911 service spurs FCC investigation (CNET) The disruption affected 911 emergency services nationwide. FCC Chairman Ajit Pai called the problem "particularly troubling" in its "breadth and duration."

US newspapers recover from ransomware attack that disrupted printing. Hard-coded credentials found in IoT system. Read 'em their rights.