The CyberWire Daily Briefing 1.14.19

Cyber Attacks, Threats, and Vulnerabilities

A Worldwide Hacking Spree Uses DNS Trickery to Nab Data (WIRED) Security researchers suspect that Iran has spent the last two years pilfering data from telecoms, governments, and more.

8 million users installed 9 adware apps from Play Store (HackRead) This is the second time in one week that adware apps have been found on Google Play Store.

Months before Shin Bet warning, Israeli cyber chief cautioned of election interference (Haaretz) Yigal Unna warned of assaults on state facilities in October, three months before Shin Bet head Nadav Argaman said foreign country intends to interfere in upcoming election

Deepfakes and the New Disinformation War (Foreign Affairs) Thanks to the rise of “deepfakes”—highly realistic and difficult-to-detect digital manipulations of audio or video—it is becoming easier than ever to portray someone saying or doing something he or she never said or did, with potentially disastrous consequences for politics.

Ryuk ransomware linked to Emotet and TrickBot trojans; suspicions shift to cybercriminal group (SC Media) Researchers are linking the Ryuk ransomware that disrupted the operations of multiple U.S. newspapers to the Emotet and TrickBot trojans.

Less than you think: Prevalence and predictors of fake news dissemination on Facebook (Science Advances) So-called “fake news” has renewed concerns about the prevalence and effects of misinformation in political campaigns.

The 'Fake News' Epidemic Was...Fake News (Reason) It's "important to be clear about how rare this behavior is on social platforms," researchers say.

Dems Use Fake News Propaganda in Alabama Campaign (Infosecurity Magazine) A cybersecurity firm reportedly aided progressive group of Democrats in spreading fake news to take down Roy Moore.

New ransomware rakes in $4 million by adopting a “big game hunting” strategy (Ars Technica) Ryuk lies in wait for as long as a year, then pounces on only the biggest prey.

Ryuk ransomware gang probably Russian, not North Korean (ZDNet) Evidence doesn't warrant nation-state attribution. Ryuk is just another Russian-based cyber-crime operation.

Was North Korea Wrongly Accused of Ransomware Attacks? (SecurityWeek) The Ryuk ransomware that emerged in summer of 2018 is likely not the work of state-sponsored North Korean hackers, researchers from several security firms now say.

The Unholy Alliance of Emotet, TrickBot and the Ryuk Ransomware (Decipher) Researchers have been tracking a group using the Emotet and TrickBot malware to install the Ryuk ransomware in enterprises.

Glimpsing inside the trojan horse: An insider analysis of Emotet (Darktrace) In 2018, Darktrace detected a 239% year-on-year uptick in incidents related specifically to banking trojans.

At Ring’s R&D Team, Security Gaps and Rookie Engineers (The Information) Jamie Siminoff had flown to frigid Kiev, Ukraine, to give a pep talk to the roughly 30 people who worked there for his fast-growing video doorbell startup, Ring. It was December 2016, and the Santa Monica, Calif., company had recently opened a satellite office in Ukraine to develop products that ...

Some changes to malicious RTF docs delivering Hawkeye (My Online Security) I am seeing a bit of changes today from the scumbags who are distributing the Hawkeye Keylogger Trojan. The email template is a typical fake Purchase Order with a malicious word doc attachment.

Agent Tesla reborn via fake order (My Online Security) Following on from this post from last week. We are seeing another what looks like Hawkeye or Agent Tesla keylogger campaign using identical methods. All the same sites and hosting companies are…

Old tweets reveal hidden secrets (Naked Security) Old Twitter posts could reveal more about you than you think, according to researchers, even if you didn’t explicitly mention it.

Is 2FA Broken? Authentication Experts Weigh In (Threatpost) A penetration testing tool called Modlishka can defeat two-factor authentication in the latest 2FA security issue. We asked a roundtable of experts what it all means.

Trading site data leak sprayed out keys to users’ accounts (Naked Security) A trader believes he could easily have obtained admin access to the site and potentially have stolen the funds of its 600,000 users.

New DarkReading Report on "Crypto Dusting" Highlights New Digital Asset Money Laundering Technique (BitcoinExchangeGuide) Types of frauds in the cryptocurrency industry are getting stronger for current regulators and anti-money laundering enforcement to deal with.

Unique Cryptanalytic Attack Used To Crack Private Keys of Cryptocurrencies (The Currency Analytics) Vinny Lingham, CEO of Civic, on January 11, 2019, predicted that the cryptocurrency might fall below $3,000. Lingam states that…

Dot-gov site security erodes during shutdown (FCW) An internet security company identified expired security certificates on .gov websites.

Dozens of .gov HTTPS certs expire, webpages offline, FBI on ice, IT security slows... Yup, it's day 20 of Trump's govt shutdown (Register) Hackers may be rubbing their hands with glee

Government Shutdown Hits Federal Websites (Wall Street Journal) Ripples from the partial government shutdown are spreading online, with some federal sites now greeting visitors with the blunt warning: ‘Your connection is not private.’

Google Demanded That T-Mobile, Sprint Not Sell Google Fi Customers' Location Data (Motherboard) Google’s phone, text, and data service relies on infrastructure provided by T-Mobile and Sprint. A Motherboard investigation found both telcos selling customers’ location data that ultimately ended up in the hands of bounty hunters.

Third-Party Breach Exposed 31K Patient Records (Infosecurity Magazine) Managed Health Services of Indiana Health Plan announced two security incidents.

Security Patches, Mitigations, and Software Updates

Intel Patches Multiple Security Flaws Amidst Patch Tuesday Week (Latest Hacking News) Intel recently fixed several high-severity security flaws. These Intel patches were released alongside the Patch Tuesday updates by Adobe and Microsoft.

Cyber Trends

Concern for security of data in the cloud worries IT execs (Health Data Management) Even as healthcare organizations contemplate moving more computing functions to the cloud, IT execs question the security of their data.

Should you worry about the rash of cyberattacks targeting towns? (North Jersey) Bergen towns are the latest targets of a cyber attack that could be ransomware. Experts warn of a 'very advanced' strain infiltrating computer systems

Marketplace

3 Compelling Reasons To Invest In Cyber Security - Part 1 (Forbes) Cyber security is among the essential subjects to boards, alongside business strategy and leadership. Your compelling case to gain an investment is now here!

Cybersecurity Firm Syncurity Closes $2M Seed Round of Institutional Investment (BusinessWire) Cybersecurity firm Syncurity closes $2M seed round of Institutional Investment to support Security Orchestration, Automation and Response platform.

Goldman Sachs leads $8M round in cyber security skills platform Immersive Labs (TechCrunch) Immersive Labs, a cyber security skills platform founded by James Hadley, who used to be a researcher at GCHQ, has raised $8 million in Series A funding. Leading the round is Goldman Sachs, with participation from a number of unnamed private investors. Operating in the cyber security training space…

Medical Device Security Firm Cynerio Raises $7 Million (SecurityWeek) Cynerio, a provider of medical device and Internet of Medical Things (IoMT) solutions, has raised $7 million in funding to support growth in North America.

CyberSpace Operations Consulting Announces Merger and Integration with Advanced Core Concepts (PR Newswire) CyberSpace Operations Consulting (CSOC), a leading provider of engineering and technical...

Simpatico Systems Announces Corporate Merger With TeksInc (PR Newswire) Simpatico, a Cyber Security & IT company headquartered in Lubbock, TX, with an office in Los Angeles, CA, is pleased to...

Thycotic Ends 2018 with Record-Setting Quarter (Security Boulevard) Thycotic, provider of privileged access management (PAM) solutions for more than 10,000 organizations worldwide, today announced that it has ended a stellar 2018, outperforming 2017 with a 45 percent year-over-year sales growth. In addition to its…

Cyber startup uses intelligence know-how to fight hackers, internet fraud (The Jerusalem Post) 2018 was arguably the greatest year to date for thieves on the web, with Marriott Hotels, Cambridge Analytica and Google+ among many major brands falling victim to massive data breaches.

Research, private investment could lie ahead for Georgia Cyber Center (The Augusta Chronicle) Research programs could be the basis for the next phase at Georgia Cyber Center and the center's environment and Augusta itself are attractive for more

Products, Services, and Solutions

Rapid7 Releases Metasploit 5.0 (SecurityWeek) Rapid7 announces release of Metasploit 5.0. The latest major version introduces several new features, improved performance, and extended language support.

The Unholy Alliance of Emotet, TrickBot and the Ryuk Ransomware (Decipher) Researchers have been tracking a group using the Emotet and TrickBot malware to install the Ryuk ransomware in enterprises.

Radiflow Offers New Approach for Classifying and Assessing OT Attack Vulnerabilities (PR Newswire) Radiflow, a leading provider of industrial cybersecurity solutions for critical infrastructure, today...

VPS Hosting Provider BitLaunch Offers Full Anonymity by Supporting Cryptocurrency Payment (PR Newswire) BitLaunch announces full anonymity for VPS hosting accounts at popular cloud providers including DigitalOcean, Vultr ...

Technologies, Techniques, and Standards

BSIA Publishes Guidelines to Reduce Exposure to Digital Sabotage (Infosecurity Magazine) Guidelines will assist the supply chain in their duty of care to other network users

Cyber Insurance: The Next Step in Cybersecurity Preparedness? (Infosecurity Magazine) What benefits can cyber insurance bring to businesses, and are there any downsides for those looking to invest in the new protection?

How to protect backups from ransomware (CSO Online) Ransomware is getting smarter, attacking backups to prevent recovery. Prevent this from happening by taking a few simple steps.

Strategies for expertly protecting industrial control systems (Help Net Security) Secure Operations Technology is a collection of practical approaches that thoroughly defeat control system cyber attacks from the mundane to the arcane.

Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients - PHE (PHE) Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP), the primary publication of the Cybersecurity Act of 2015, Section 405(d) Task Group, aims to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the sector.

IoT Community announces formation of Security, Privacy & Trust IoT Center of Excellence (SPTIoTCoE) (Help Net Security) SPTIoTCoE will engage industry thought leaders to enable community learning, best practice sharing, and provide guidance for IoT security practitioners.

Hiscox stages ‘real world’ cyber-attack on bike manufacturer (Insurance Times) Cyber-attacks cost average small businesses around £25,7003 a year

Why security by design and security DevOps are so critical to success (Help Net Security) Security by design is more than just a catch phrase; it is the essential ingredient in a secure digital transformation, according to NTT Security.

What is a CISO? Responsibilities and requirements for this vital role (CSO Online) The chief information security officer (CISO) is the executive responsible for an organization's information and data security. Learn what it takes to land a CISO job and how to be successful in the role.

Jeff Bezos fell prey to stolen text messages — here's how to keep yours private (CNBC) Very wealthy people are often targets for criminal hackers, tabloids and rivals, but there are steps anyone can take to avoid exposing sensitive personal and business communications.

This Security Stunt Cleverly Illustrates What a Cyber Attack Would Look Like in Real Life (Ad Week) Employees of a U.K. bike shop were in for a surprise with this ploy from AMV BBDO for insurer Hiscox.

North Dakota National Guard Assists in Federal Cyber Security Mission (MYNDNOW) Five North Dakota Army National Guard Soldiers have been tasked with a cyber security mission.

Ex-Shin Bet cyber chief: Our cyber defense does everything you can imagine (The Jerusalem Post) Election-related cyberattacks could include, “public transportation, electric and other critical infrastructure” to elections “to bring about chaos and hysteria on election day.”

The Rise and Demise of RSS (Motherboard) Before the internet was consolidated into centralized information silos, RSS imagined a better way to let users control their online personas.

Why Open Port Monitoring is Both an Essential and Flawed Security Control (Infosecurity Magazine) Checking for open ports sounds simple, but the reality is way off.

Design and Innovation

Governments and Businesses Must Leverage Advancing Technologies for a Safer and More Secure Internet, Unisys Chairman and CEO Peter Altabef to Tell Attendees at CES Government Conference (PR Newswire) Governments and businesses – along with academia and private citizens – must all act to ensure that technological...

IBM teaches AI to debate humans by crowdsourcing arguments (The Next Web) IBM's AI wants to take on all-comers in debates on every topic. But, first, its going to crowdsource its arguments from humans online and at CES 2019.

Unisys CEO to Make 'Moonshot' Argument for Internet Security at CES Gov't Talk (Mobile ID World) Unisys CEO Peter Altabef will make the case for embracing sophisticated technologies like biometrics and AI to secure the internet...

AI skills demand grows but ethics lag (Accountancy Daily) Over half of organisations do not have a policy to ensure the safe and ethical development of artificial intelligence (AI), even though three quarters of business leaders report that AI is fundamentally changing their organisation, according to research from Deloitte

Preventing Bias in AI Requires Human and Tech Oversight (Northrop Grumman) Instead of preventing bias, some AI programs have advanced the prejudices held by humans.

The Exaggerated Promise of So-Called Unbiased Data Mining (WIRED) Opinion: Why ransacking data for hidden patterns often results in misleading—or meaningless—conclusions.

New Comic Strip to Educate Soldiers on Future Cyber Threats - MilitarySpot.com (MilitarySpot.com) Since World War II, the Army has been using comic books to train Soldiers on specific duties and reduce casualties throu

Research and Development

With China looming, intelligence community backs AI research (Fifth Domain) The United States government is trying to boost its artificial intelligence capabilities with new research, according to public documents and experts.

Legislation, Policy and Regulation

'It's got us very intrigued': MPs to study how Canada can learn from 'digitally advanced' Estonia (The London Free Press) Wired Magazine even deemed the country ‘E-stonia, the world’s most digitally advanced society’

Poland could limit use of Huawei products after worker arrested (Reuters) Poland could consider banning the use of Huawei products by public bodies, a sen...

Analysis | The list of countries with espionage fears about China’s Huawei is growing — fast (Washington Post) From Poland to New Zealand, the Chinese telecoms giant is facing real scrutiny.

President slams security agencies over “campaign” against Huawei (Radio Praha) The president has lashed out at Czech security agencies that have identified Chinese-made Huawei products as a threat. Miloš Zeman says this has harmed the Czech Republic’s economic interests – and payback from Beijing will hit some of the country’s biggest companies.

Russia will buy Bitcoin to avoid US sanctions, economist claims (Asia Times) According to a high-profile Moscow economist, Vladimir Putin's government is about to invest heavily in Bitcoin to circumvent US trade restrictions

Sen. Wicker announces new cyber-focused panel, unveils Commerce Committee reorganization (Inside Cybersecurity) New Senate Commerce Chairman Roger Wicker (R-MS) today announced the “reconfiguration” of his panel's subcommittees, including the creation of a new one on security, and announced the full roster of subcommittee chairs.

Analysis | The Cybersecurity 202: Is Trump's get-tough cyber strategy working? Former officials develop a way to find out (Washington Post) They want companies to measure the effectiveness of offensive hacking.

Litigation, Investigation, and Enforcement

Huawei sacks employee arrested in Poland as Warsaw mulls EU ban (ZDNet) Huawei said it has sacked an employee who was arrested in Poland on allegations of spying, saying the incident has brought the company into disrepute.

Huawei fires sales manager who Poland charged with spying (AP NEWS) The Chinese tech company Huawei on Saturday announced it has fired a sales director who was arrested in Poland and charged with spying for China, saying he has brought the firm's reputation "into disrepute." The company said it has "decided to terminate the employment of Mr. Wang Weijing, who was arrested on suspicion of breaking Polish law."

The Latest: Poland spying suspect held top cyber jobs (AP NEWS) The Latest on the espionage-related arrests in Poland (all times local): 6 p.m. The Polish state news agency says a Polish man who has been charged with spying for China had held top cybersecurity positions at different state agencies and had been involved in projects co-financed by the European Union. PAP reported Friday that the suspect had worked at three key agencies in Poland.

How a hacked phone may have led killers to Khashoggi (KITV) Journalist Jamal Khashoggi sent messages to a fellow Saudi dissident through WhatsApp, believing they were cloaked in security. In reality, they were compromised, allegedly getting infected by Pegasus

Israeli Cyber-Intelligence Firm Denies Role in Khashoggi Murder, But Won't 'Deny or Confirm' Saudi Sales (Gizmodo) One of the co-founders of the Israeli cyber-intelligence firm behind the powerful phone-surveillance software Pegasus, NSO Group, has denied that their products were involved in the Saudi Arabian government’s torture and murder of journalist in self-imposed exile Jamal Khashoggi at the Saudi consulate in Istanbul last year, the Times of Israel reported on Saturday. However, they would not clarify whether the Saudi government was in possession of the Pegasus system.

Why the Indictment of the Lawyer at the Trump Tower Meeting Matters (Foreign Policy) Veselnitskaya is charged with obstructing justice—hand in glove with the Russian government.

Opinion | This is exactly what collusion looks like (Washington Post) What remains to be seen is whether the collusion was also a crime.

“New” Application to an Old Problem: Pennsylvania Supreme Court’s Ruling Likely to Lead to More Cybersecurity Negligence Lawsuits (Cooley) Pennsylvania’s Supreme Court (“Court”) cleared a path for employees seeking to hold employers responsible for data breaches affecting their information. The Court found that employers are leg…

Zurich Sued For $100 Million Following NotPetya Attack (Information Security Buzz) Following the news that Mondelez, the US food company that owns the Oreo and Cadbury brands, is suing its insurance company, Zurich, for refusing to pay out on a $100m claim for damage caused by the NotPetya cyber attack, please see below comments from Igor Baikalov, chief scientist at Securonix. Igor Baikalov, Chief Scientist at …

The Danger of Calling Out Cyberattackers (Bloomberg) A bizarre $100 million lawsuit shows that companies can be collateral damage when governments publicly blame other countries for hacks.

Oreo lawsuit could set precedent for cyber insurance industry (Fifth Domain) A legal case from the maker of Oreos demanding that the company’s insurance carrier cover the costs of a cyberattack could set an important precedent for the insurance industry.

Marriott’s data breach may be the biggest in history. Now it’s facing multiple class-action lawsuits. (Vox) Marriott is being sued for allegedly failing to protect more than 300 million guests’ information from hackers.

Hackers who DDoSed African telecom and US hospital get long prison sentences (Help Net Security) Two men who launched DDoS attacks against an African telecom and a US hospital have received substantial prison sentences on Friday.

UK Hacker Jailed for Attack on Liberian Telecoms Firm (SecurityWeek) British computer hacker Daniel Kaye has been sentenced to 32 months in prison for a cyberattack that knocked out telecommunications services in Liberia.

The DDoS attacker rescued by a Disney cruise ship is sentenced to... (HOTforSecurity) A 34-year old man has been sentenced to more than 10 years in prison, after being found guilty of launching a massive denial-of-service attack against Boston Children's Hospital. The sentencing of Martin Gottesfeld, from Somerville, Massachusetts, comes almost three years... #DDoS #Disneycruiseship

Anonymous hacker jailed for 10 years over hospital DDoS attacks (HackRead) He conducted those DDoS attacks for #OpJustina back in 2014.

El Chapo was brought down by a sysadmin (Naked Security) Christian Rodriguez says he set up secure VoIP communications for the cartel: a system whose encryption keys he wound up giving to the FBI.

FBI guidance tells attendees at CES tech show to beware 'honey traps' (The Telegraph) The FBI has told American technology companies at the industry’s biggest gathering to defend themselves against foreign spies.

Fraudsters who stole more than £800,000 sentenced following good work by Action Fraud and Surrey Police | Action Fraud (Action Fraud) Seven fraudsters have been sentenced today (11 January) following some good work by Action Fraud and Surrey Police.

Is Tehran spying on Southern California? Feds say O.C. waiter and ‘Chubby’ from Long Beach were agents of Iran (Los Angeles Times) A waiter at an Orange County restaurant has been accused of spying for Iran, and the accusation has alarmed many in the local Persian community. Some say tensions between Washington and Tehran are spilling over into Southern California.