The CyberWire Daily Briefing, 7.1.19

Cyber Attacks, Threats, and Vulnerabilities

US cyber attack on Iran exploited flaw in heavily-guarded network, experts say (Times of Israel) Assault that crippled Revolutionary Guard missile system result of massive investment in cyber warfare by American military, likely took extensive preparation

The U.S. and Iran are Already at War Online (Time) It's notoriously difficult to trace attacks in digital conflict

The Bitcoin Bite: Iran Says Power Grid Hit By Cryptocurrency-Mining Surge (RadioFreeEurope/RadioLiberty) Iranian authorities are blaming the mining of cryptocurrencies, such as Bitcoin, for a big increase in the country's monthly electricity usage, with digital-currency miners reportedly using mosques and schools for their cheap electricity.

Possible U.S. Cyber Attack on Power Grid in Russia; Is Cyber Warfare on the Table? (CPO Magazine) Russia has been making news for hacking utility systems in other nations and for a change, news has emerged that U.S. is conducting cyber attack on power grid in Russia by planting malicious code.

Hackers target Russia’s defense, nuclear power industry secrets (TASS) According to a cyber security official, the United States is the main source of threat to information security

Alleged Cyber Attack on Russia's Yandex Used Malware Tied to Western Intelligence (Gizmodo) Hackers believed to be working for Western intelligence agencies “broke into Russian internet search company Yandex from October to November 2018,” deploying a malware variant called Regin that is “known to be used by the ‘Five Eyes’ intelligence-sharing alliance of the United States, Britain, Australia, New Zealand and Canada,” Reuters reported on Friday, citing four people with knowledge of the incident.

Russia denies role in Israeli airport GPS jamming (Sporaw) Russia has denied Israeli suggestions that it is behind disruption of GPS signals at Israel's Ben Gurion airport.

Cryptocurrency phish dials back the fear, cranks up the politeness (Naked Security) Spammers and scammers are getting better at spelling and grammar – so make sure you aren’t relying on language alone to spot phishes…

Microsoft Confirms New Cumulative Update Bug Hitting Windows 10 Version 1903 (softpedia) RASMAN service might stop working, it says

New Exploit Kit Spelevo Carries Bag of Old Tricks (BleepingComputer) A new exploit kit that researchers named Spelevo has emerged recently targeting a certain category of victims and infect their computer systems with two banking trojans.

New Dridex malware strain avoids antivirus software detection (ZDNet) When the new banking Trojan strain first appeared, very few traditional software products recognized it.

An Analysis of Godlua Backdoor (360 Netlab Blog) On April 24, 2019, our Unknown Threat Detection System highlighted a suspicious ELF file which was marked by a few vendors as mining related trojan on VT. We cannot confirm it has mining related module, but we do see it starts to perform DDoS function recently.

The Curious Case of Silexbot (Decipher) The Silexbot malware is compromising IoT devices and destroying their file systems and rebooting them, in an apparent attempt to stop botnet controllers from owning them.

Electronic Arts Origin gaming client hit by vulnerabilities, says Check Point Research (Tech News) Check Point and CyberInt strongly advise users to enable two-factor authentication and only use the official website when downloading or purchasing games.

Scammers flock to buy Libra web domains (Axios) Facebook's new cryptocurrency lead to a flurry of web registrations, some trying to trick consumers.

Report: Orvibo Smart Home Devices Leak Billions of User Records (vpnMentor) vpnMentor's research team found a leak in Orvibo's user database. Our expert cybersecurity research team, led by Noam Rotem and Ran Locar, ...

Wipro Attackers Breach PCM And Hit ServiceNow, Others: Reports (CRN) The attacks were the latest in a string of five attacks over the last two years related to gaining money from gift card providers.

Summa Health has potential data breach of more than 500 patient records, other sensitive information (Akron Beacon Journal) More than 500 patient medical records and other sensitive information were exposed in potential data breaches at Summa Health in August and March.Summa

Medtronic recalls vulnerable MiniMed insulin pumps (Help Net Security) Medtronic has issued a recall of its MiniMed 508 and Paradigm series insulin pumps because they can be tampered with by attackers.

All the countries where someone managed to shut down the entire internet — and why they did it (Business Insider) Taking down an entire country's internet service is easier than you think.

Bot Fraud Grows Across All Mobile Businesses And Now Threatens Apps (Forbes) A massive battle is looming on mobile and apps as bots become more sophisticated and harder to detect. Adjust, a mobile measurement and anti-fraud company, is taking a different approach, focusing on the data that bots can’t fake, such as the pressure on the screen and the motion of the device.

The Hotel Hackers Are Hiding in the Remote Control Curtains (Bloomberg Businessweek) Back doors to your personal data can be found in everything from smart fish tanks to Wi-Fi pineapples.

Opinion | The Worm That Nearly Ate the Internet (New York Times) It infected 10 million computers. So why did cybergeddon never arrive?

$50 DeepNude app undresses women with a single click (Naked Security) “I’m not a voyeur, I’m a technology enthusiast,” says the creator, who combined deepfake AI with a need for cash to get ka-CHING!

‘The world is not yet ready for DeepNude’: Creator kills app that uses AI to fake naked images of women (Washington Post) The app was live just four days before a viral backlash and high interest prompted the shutdown.

Security Patches, Mitigations, and Software Updates

Cisco steps up fix for critical DNA Center flaw (CRN Australia) Adds non-upgrade fix to unauthenticated attacker bypass.

EA fixes cloud flaw that could have left user accounts at risk (ZDNet) Tech security companies said a "chain of vulnerabilities", now fixed, could have left accounts vulnerable to attack.

Tripwire Patch Priority Index for June 2019 (The State of Security) Tripwire's June 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, and Adobe.

Cyber Trends

Consumers believe privacy is not possible, leading to a change in online behavior (Help Net Security) New survey highlights a growing belief among consumers that privacy is not possible, leading to a personal choice to change their online behavior.

As cyber attacks increase, Indian IT clients seeks stricter contracts, more audits (ETCIO.com) Clients typically had broad language in their contracts to ensure they were protected but increasing attacks by hackers have shown that more is needed..

3 challenges facing the national security community in the information age (C4ISRNET) The current information environment is different than anything the intelligence community has faced before, and the United States will have to adapt in order to meet the changing threat.

Marketplace

TrapX Secures $18 Million in Series C Financing Round (TrapX) Global Leader in Cyber Deception Technology Expands Operations and Doubles Down on Innovation with New Financing

Huawei allowed to buy American again, for boring kit (CRN Australia) Purchase ban lift should keep products coming.

Huawei Welcomes Trump 'U-Turn' On U.S. Supplier Ban After Xi Meeting At G20 (Forbes) As anticipated, Huawei blacklist concessions were on the cards at the G20 summit when Trump met Xi, and the U.S. President told the media afterward that Huawei would now be allowed to buy from U.S. companies after all.

Google gets nod to license Android for Huawei (ETCIO.com) With US President Donald Trump providing reprieve to Huawei, less than a month after blacklisting the Chinese telecom giant, American tech titan Googl..

Six exabytes of Flash destroyed by brief blackout (CRN Australia) 13-minute outage at Toshiba plant could spike prices.

Asco Sees Progress In Restoring Production after Cyber Attack (Aviation International News) A large-scaled ransomware attack beset Belgian manufacturer Asco Industries on June 7.

Nokia Hurriedly Disowns Its CTO's Scathing Comments On Huawei Security Flaws (Forbes) Nokia has issued a public statement to distance itself from the comments made by its CTO to the BBC over Huawei's security issues—those comments followed a U.S. security report suggesting major flaws in the Chinese company's equipment, including potential backdoors.

Activist Investor Dan Loeb Opposes Raytheon Deal. United Technologies Pushes Back. (Barron's) The activist investor said he would prefer a focus on commercial aerospace, rather than defense as well.

Better Buy: Palo Alto Networks vs. FireEye (The Motley Fool) There's one clear winner between these two cybersecurity plays.

Okta: If You Have To Ask, You Can't Afford It (Seeking Alpha) Okta is a leader in identity management solutions with 53% YoY revenue growth. As with most high-growth companies, valuation is lofty, but in the case of Okta, valuation is extreme.

Outgoing FBI cyber official joins Accenture’s incident response team (CyberScoop) Eric Welling has left his position as deputy assistant director of the FBI’s Cyber Division to join consulting giant Accenture, a company spokesperson confirmed.

Products, Services, and Solutions

Horne Cyber debuts Threat Runner, a malware emulation tool (Accounting Today) Threat Runner emulates an authentic malware infection on an organization’s network, exposing vulnerabilities in need of remediation without encrypting files and sensitive data.

The new AWS services unveiled at re:Inforce 2019 (CRN Australia) Cloud giant's new security conference had a handful of announcements.

Thales launches Gemalto Instant Connect to simplify the connection of eSIM-enabled devices (Help Net Security) Thales announces the launch of Gemalto Instant Connect, a connectivity solution to simplify the connection of eSIM-enabled devices on a mobile network.

Fortinet extends application security on Amazon Web Services (Channel Life) Fortinet to secure applications on AWS with FortiWeb Cloud WAF-as-a-Service while protecting applications and APIs and addressing compliance requirements.

Secureworks puts McLaren in pole position with holistic solution (Intelligent CIO Europe) The McLaren Group has deployed a Secureworks solution to secure its data across multiple locations and assess threats in real-time, helping the high-performance car manufacturer stay competitive on…

CyberX Enhances Industrial Threat Intelligence with Automated Threat Extraction Platform - Virtual-Strategy Magazine (Virtual-Strategy Magazine) Leverages Machine Learning to Identify APT Campaigns Targeting Industrial and Critical Infrastructure Organizations

New infosec products of the week: June 28, 2019 (Help Net Security) Elastic SIEM: Speed, scale, and analytical power drive your security operations and threat hunting The initial launch of Elastic SIEM introduces a new set

Technologies, Techniques, and Standards

EU to run war games to prepare for Russian and Chinese cyber-attacks (the Guardian) Ministers to be put in fictional scenarios after series of hacking incidents

Finnish presidency to war-game hybrid threat response (EUobserver) The Finnish presidency will draw up scenarios on hybrid attacks, for EU home affairs and finance ministers to practice decision-making when facing acute threats.

Combatting Cyber Threats: CSE Releases New Baseline Cybersecurity Controls - Security - Canada (Mondaq) On April 5, 2019, the Canadian Centre for Cyber Security released the Baseline Cyber Security Controls for Small and Medium Organizations intended to assist small and medium organizations Canada Security Torkin Manes LLP 28 Jun 2019

Understanding & Defending Against Polymorphic Attacks (Dark Reading) Polymorphic malware is far from a new thing. But today, what is good for attackers is also good for defenders. Here's why.

Design and Innovation

Mozilla’s bizarre robo-surfer project demonstrates ad snooping (Naked Security) In an effort to show you how advertisers snoop on your surfing activity, Mozilla is offering you the chance to pretend that you’re someone else.

A Second Update on Our Civil Rights Audit (Facebook Newsroom) We want to make sure we’re advancing civil rights on our platform, and we’re sharing a second report that details our efforts.

Wikipedia Has Been A Safe Haven From The Online Culture Wars. That Time May Be Over. (BuzzFeed News) The once-derided open-source encyclopedia is the closest thing the internet has to an oasis of truth. Now a single-user ban has exposed the deep rifts between Wikipedia's libertarian origins and its egalitarian aspirations, and threatened that stability.

YouTube looks to demonetization as punishment for major creators, but it doesn’t work (The Verge) Steven Crowder’s case is a perfect example

Opinion | I Shouldn’t Have to Publish This in The New York Times (New York Times) The way we regulated social media platforms didn’t end harassment, extremism or disinformation. It only gave them more power and made the problem worse.

Facebook to hire banking expert to run 'Libra' (ETCIO.com) Facebook is looking to hire a seasoned executive to run its digital coin 'Libra' project who has the know-how of the complex government and central ba..

Curious new theory links Bitcoin’s inventor to Estonia (Yahoo) An Estonian multinational and the founder of MIT’s Media Lab are the focus of a new hunt for the mysterious Satoshi Nakamoto.

Research and Development

US government is working on mysterious malware detection project (TechRadar) MalSee is able to detect malware faster than current methods

The Pentagon has a laser that can identify people from a distance—by their heartbeat (MIT Technology Review) The Jetson prototype can pick up on a unique cardiac signature from 200 meters away, even through clothes.

Legislation, Policy and Regulation

Trump Allows U.S. Sales to Huawei as Trade Talks Resume (Wall Street Journal) President Trump and his Chinese counterpart agreed to a cease-fire in their trade battle, as Mr. Trump said he would allow American firms to sell high-tech equipment to Huawei and China would start buying U.S. farm products.

Trump: US companies can sell to Huawei as long as deals don't pose national security threat (http://www.computing.co.uk) Trump backtracks on Huawei sanctions after talks with Chinese president Xi Jingping,Hardware,Security ,President Donald Trump,Huawei trade ban,US Entity List,Chinese President Xi Jingping,Marco Rubio

Trump Bows to Xi Jinping's Huawei Demands at G20 (The Daily Beast) Selling American chips to a company branded as a security risk was only one of the areas where Trump gave ground.

Trump 'not backing off' Huawei as security threat: Kudlow (Reuters) National Economic Council chairman Larry Kudlow says President Trump's decision to allow new sales to China's Huawei does not mean he's 'backing off' the telecommunications giant as a national security threat. Rough Cut (no...

Kudlow: US sales to Huawei won't imperil national security (ABC News) White House economic adviser Larry Kudlow says President Donald Trump won't back off national security concerns after agreeing to allow U.S. companies to sell some components to Chinese telecommunications giant Huawei

Trump Leaves Huawei’s South Korean Suppliers Hanging (Wall Street Journal) In a speech to South Korea’s largest conglomerates after he eased the toughest U.S. measures against Huawei, President Trump provided no direction on how they should proceed with the Chinese tech giant.

Analysis | The Cybersecurity 202: Trump’s Huawei reversal is outraging Republicans (Washington Post) Sen. Marco Rubio vowed Congress will reinstate all restrictions.

The 70-Year Spy Alliance the U.S. Says It May Cut Off (Bloomberg Businessweek) Born out of World War II, it’s the world’s deepest and most comprehensive collaboration among spy services.

DoD, NATO turn to collective defense against cyber attacks (Federal News Network) Ian West, the cybersecurity chief of the NATO Communications and Information Agency, said the launch of a new encrypted workspace lets five countries test how they can share secure video, voice…

Estonian minister: Cybersecurity cooperation of Estonia, US has reached a new level (Baltic Times) Cooperation between Estonia and the United States in cybersecurity has been fruitful through the years and has now reached a new level...

US-Iran Tensions: What Indian Cyber Commanders Can Learn (The Quint) In the US-Iran standoff, the ‘escalatory matrix’ is shuttling between cyber & kinetic military options.

Race to militarize cyberspace poses challenge for Just War theory (Crux) Recent press reports have noted an increase in “cyberwar” capabilities, with the New York Times running a story on a U.S. project to place malware in Russian power networks, in retaliation for similar activity by Russia-backed hackers.

Australia to test social media content takedowns (CRN Australia) ‘Simulation exercise’ follows G20 declaration on free flows of data.

“We need to up our game”—DHS cybersecurity director on Iran and ransomware (Ars Technica) Talking with Ars, Christopher Krebs shares the to-do list: Iran, ransomware—and elections.

Senate Has Spoken: Smart Crowdsourced Security Testing Puts American Security First (BusinessWire) Synack commends the United States Senate for passing the NDAA for 2020 and declaring crowdsourced security as a best practice.

Election Administration and Voting Survey (US Election Assistance Commission) Since 2004, the Election Assistance Commission (EAC) has conducted the Election Administration and Voting Survey (EAVS) following each federal general election.

Three states responsible for half of all paperless e-voting machines in 2018, survey finds (FCW) Policymakers and experts know that paperless DRE voting machines are confined to a small number of states, but new survey results demonstrate just how concentrated the problem is.

Litigation, Investigation, and Enforcement

Fraudsters Spoof Blockchain.com to Steal $27M in Cryptocurrency (BleepingComputer) Law enforcement agencies in Europe arrested a group of six individuals for emptying cryptocurrency wallets of at least 4,000 victims by setting up a website that impersonated Blockchain.com.

Former Equifax executive sentenced to prison for insider trading prior to data breach (The Verge) Four months of jail time

Sydney IT consultant sentenced to three years for insider trading (CRN Australia) Accessed buy reports for listed companies before they were published.

Gay dating app Jack’d settles complaint over exposing private photos (The Verge) Company left private photos exposed for a year

Bulgarian IT expert arrested after demoing vulnerability in kindergarten software (ZDNet) Vulnerability allowed him to download data of over 235,000 Bulgarian citizens.

Bring your own context.