The CyberWire Daily Briefing, 7.25.19

Cyber Attacks, Threats, and Vulnerabilities

US company selling weaponized BlueKeep exploit (ZDNet) An exploit for a vulnerability that Microsoft feared it may trigger the next WannaCry is now being sold commercially.

Linux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target List (The Hacker News) Widespread WatchBog Linux Botnet Scanning the Internet for Windows Systems Vulnerable to BlueKeep RDP Flaw

BlueKeep Scanner Discovered in Watchbog Cryptomining Malware (BleepingComputer) A new Watchbog malware variant can scan for Windows computers vulnerable to BlueKeep exploits, with previous variants only being utilized to infect Linux servers compromised using Jira, Exim, Nexus Repository Manager 3, ThinkPHP, and Solr Linux exploits.

Intezer - Watching the WatchBog: New BlueKeep Scanner and Linux Exploits (Intezer) Researchers have discovered a new version of WatchBog, a cryptocurrency-mining botnet operational since November 2018. It is estimated that 4,500 Linux machines have been infected by this new malware campaign since June 2019.

APT-doxing group exposes APT17 as Jinan bureau of China's Security Ministry (ZDNet) Intrusion Truth's previous two exposes -- for APT3 and APT10 -- resulted in DOJ charges. Will this one as well?

China's Security Ministry is running APT17 cyber-espionage group, claims Intrusion Truth (Computing) Intrusion Truth has revealed details of three individuals believed to be members of APT17

Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia (Proofpoint) Proofpoint researchers document "Operation LagTime IT," in which the Chinese APT TA428 has targeted government IT agencies and Ministry of Foreign Affairs in Asia...

Advanced mobile surveillanceware, made in Russia, found in the wild (Ars Technica) Monokle infected Android devices, but evidence suggests iOS versions may also exist.

New 'highly targeted' mobile malware, dubbed 'Monokle', linked to Russian hackers (Computing) Researchers believe the malware was created by STC, a Russian company accused of interfering in the 2016 US presidential election

A Russian military contractor has a new, shady Android malware kit (CyberScoop) A contractor for the GRU that was sanctioned for interfering in the 2016 U.S. election has developed Android malware being used in “highly-targeted” attacks.

Monokle The Mobile Surveillance Tooling of the Special Technology Center (Lookout) Lookout has discovered a highly targeted mobile malware threat that uses a new and sophisticated set of custom Android surveillanceware tools called Monokle that has possible connections to Russian threat actors

Deep Dive into Guildma Malware (Avast) For several months now, we have been tracking malware called Guildma. Guildma is powerful combination of a RAT (remote access tool), spyware, password stealer and banker malware, mainly distributed via malicious attachments in phishing email campaigns.

Emotet: A Technical Analysis of the Destructive, Polymorphic Malware (Bromium) A technical analysis of Emotet including business model, infection lifecycle, binary analysis, and indicators of compromise.

Own The Router, Own The Traffic (SecureWorks) As threat actors increasingly target supply chains, man-on-the-side techniques introduce another layer of complexity that organizations must consider.

Imperva Blocks Our Largest DDoS L7/Brute Force Attack Ever (Peaking at 292,000 RPS) (Imperva Blog) Imagine you’re a developer building a new web application. You’ve followed all of the security best practices, hired a reputable penetration testing company before launch, and gone through extensive bug fixing to remove any vulnerabilities. However, would you be confident that your application could survive the largest and longest DDoS attack that you’d ever seen? …

How IoT Opens the Door for Insider Attacks Against Industrial Infrastructure (SecurityWeek) With the surplus of IoT and sensor data available, information — such as blueprints, intellectual property and sensitive customer data — will be targeted by competitors and nation states.

How cyber criminals are still snaring victims using seven-year-old malware (ZDNet) Researchers analysed millions of posts made on dark web forums across a 12 month period -- here's what they found out and what it means for your security.

Bishop Fox Researchers Discover High-Risk Vulnerability in InterSystems Application (PR Newswire) Bishop Fox, the largest private cybersecurity professional services firm focused on offensive security testing, has...

U-Boot RCE Vulnerabilities Affecting IoT Devices (Semmle) Semmle’s security research team discovers 13 vulnerabilities in U-Boot leading to potential Remote Code Execution (RCE) when U-Boot is configured to use networking to fetch data.

Five Zero-Days Found in Comodo Anti-Virus Software (Infosecurity Magazine) An attacker could install malware to escalate to the highest privileges, researchers say

Facebook admits to Messenger Kids security hole (Naked Security) A hole in the supposed closed-loop messaging system allowed children to join group chats with people their parents hadn’t approved.

Facebook Knows More About You Than the CIA (WIRED) Facebook hired Yael Eisenstat, a CIA veteran, to help it address election meddling. Now she's deeply worried about the company's sway over our lives.

SharePoint Online scam – sadly, phishing’s not dead (Naked Security) Not all phishes contain easily spotted errors or obviously dodgy web links – here’s how to stay safe…

Indiana County Targeted in Malware Assault on Computers (SecurityWeek) Officials of an Indiana county say they are trying to determine the extent of a malware attack on the county’s computers.

Louisiana school systems cyber attacked; emergency declared (Washington Post) Louisiana Gov. John Bel Edwards has issued an emergency declaration after malware attacks against three school systems in the state have been detected

Facebook’s Libra currency spawns a wave of fakes, including on Facebook itself (Washington Post) The fakes could undermine Facebook's efforts to inspire confidence and satisfy the regulators now scrutinizing the global currency.

Security Patches, Mitigations, and Software Updates

Apple’s July patchfest fixes bugs in multiple products (Naked Security) Apple released fixes for various products this week, including one for a bug that has been public with proof-of-concept code for two months.

Cyber Trends

Cloudy with a Chance of Entropy (Unit42) Cloudy with a Chance of Entropy The term “cloud” has been popular in the business lexicon since 2006 when Amazon Web Services (AWS) launched its Elastic Compute Cloud (EC2). The latest Cloud Threat Report from Unit 42, which was released today, shows that organizations continue to struggle with securing public cloud platforms some 13 years

In Just One Evil Internet Minute, Over Two Phish Are Detected And $2.9 Million Is Lost To Cybercrime, Reveals RiskIQ (West) RiskIQ, the global leader in attack surface management, released its annual “Evil Internet Minute” report today. The company tapped proprietary global intelligence and third-party research to analyze the volume of malicious activity on the internet, revealing that cybercriminals cost the global economy $2.9 million every minute last year, a total of $1.5 trillion.

Cyber Mindset Exposed: Keeper Unveils its 2019 SMB Cyberthreat Study (Keeper Blog) Over the past month, Keeper Security surveyed 500 senior decision makers at SMBs to uncover more about their mindsets around cyberthreats (likely or not?) and common misperceptions (too new, too old, whose job is it anyways?). The findings underscore just how unprepared businesses are for cyberattacks. Here are the top …

Irdeto Global Connected Industries Cybersecurity Survey (Irdeto) The Irdeto Global Connected Industries Cybersecurity Survey polled 700 security decision makers across Connected Health, Connected Transport and Connected Manufacturing plus IT and technology* (who manufacture IoT devices) industries about cyberattacks targeting their organization, concerns about the types of attacks that could target their organization, security measures currently in place and much more.

Survey Finds Insiders Pose Serious Threat to Data Security (Nucleus Cyber) Nucleus Cyber, the intelligent data-centric security company for the modern workplace, issued new warnings about the dangers malicious and negligent insiders pose to data and enterprise systems, following the publication of the 2019 Insider Threat Report conducted with Cybersecurity Insiders.

US Signal ‘State of Web and DDoS Attacks’ Survey Reveals that 83 Percent of Organizations Have Been Hit with a DDoS Attack in the Last Two Years (PRWeb) US Signal, a leading data center services provider, today released its 2019 State of Web and DDoS Attacks survey. The study—which included data derived f

Government breaches - can you trust the US Government with your data? (Comparitech) The US government suffered 443 data breaches since 2014, with 2018 being the worst year so far, according to a new study by Comparitech. Data breaches are often associated with the private sector—hackers break into databases owned by businesses to steal user data and other valuable information. But the government is also a frequent target …

SonicWall 2019 Mid-Year Threat Report Shows Worldwide Malware Decrease of 20%, Rise in Ransomware-as-a-Service, IoT Attacks and Cryptojacking (PR Newswire) SonicWall today announced the findings from its mid-year update of the 2019 SonicWall Cyber Threat Report,...

Banks' Inevitable Race To The Cloud (Forbes) Despite proof and evidence of the benefits, skepticism around cloud computing in banking remains. Rest assured, it won't take 100 years for popular opinion to change. Even if we are talking about bankers.

How social media has coarsened our minds (Times) Few writers are prophetic. An American media studies professor called Neil Postman was. In 1985 he published Amusing Ourselves to Death, a polemic that warned society was becoming trivialised by...

Marketplace

Facebook Posts Strong Earnings, Revenue Growth (Wall Street Journal) Facebook pushed past a record-setting privacy fine in the second quarter to post strong earnings and revenue of $16.9 billion, up 28% from a year ago.

Facebook warns of costly privacy changes, discloses another U.S. probe (Reuters) Facebook Inc said on Wednesday that new rules and product changes aimed at prote...

Facebook's (FB) CEO Mark Zuckerberg on Q2 2019 Results - Earnings Call Transcript (Seeking Alpha) Good afternoon. My name is Mike and I will be your conference operator today. At this time I would like to welcome everyone to the Facebook Second Quarter 2019 Earnings Call. All lines have been placed on mute to prevent any background noise.

Products, Services, and Solutions

Baffin Bay Network’s Threat Protection Service Provides Unparalleled Cloud-Based Security (BusinessWire) Baffin Bay Network’s Threat Protection Service Provides Unparalleled Cloud-Based Security

Absolute Announces Significant Updates to its Enterprise Resilience Edition, Simplifying Security Policy Deployments and Remote Management of Device Fleets (BusinessWire) Absolute (TSX: ABT), the leader in endpoint resilience, today announced the latest update to its Enterprise Resilience Edition. The new release provid

StealthAUDIT Gives Active Directory Administrators Important New Insight, Data Mining Abilities to Aid Cloud Migration and Streamline Audit & Regulatory Compliance (BusinessWire) STEALTHbits Technologies, Inc., a cybersecurity software company focused on protecting an organization’s sensitive data and the credentials attackers

Neo4j and Thales bring data security to the graph database (Help Net Security) Neo4j Enterprise Edition and Thales Vormetric Transparent Encryption comprehensive integration delivers data-at-rest encryption.

Sixgill Announces New Sense Vision™ Feature Set for Sense, Delivering Machine Learning Assisted, Video Data Automation (BusinessWire) Sixgill, LLC, the leader in data automation and authenticity for Internet of Everything (IoE) applications, today announced that Sense Vision has been

Morgan Stanley Creates Encrypted Vault for Wealth-Management Customers (Wall Street Journal) Morgan Stanley is offering its 3.2 million wealth-management customers an encrypted platform where they can store financial documents and share them with the bank more securely than faxing, emailing or mailing information.

Technologies, Techniques, and Standards

NIST Recommends Tightened DoD Contractor Security (Breaking Defense) An interconnected ecosystem of primes, subs, suppliers, and partners mean one weak link can bring down the entire chain.

What happened at the military’s biggest cyber training exercise to date (Fifth Domain) The Army is taking a multifaceted approach to test and build the next generation cyber training platform for all of DoD's cyberwarriors.

IDSA Guidance on Zero Trust (Identity Defined Security Alliance) The Identity Defined Security Alliance published new guidance on Zero Trust and will be discussing in a panel session at Black Hat 2019.

How Cities Can Protect Against Ransomware Attacks (Threatpost) In the second of a two part series discussing recent ransomware attacks against municipalities, Shawn Taylor with Forescout talks about how cities can protect themselves.

Design and Innovation

Should Companies Bolster Their Cybersecurity by 'Hacking Back?' (Fortune) American business leaders are thinking about how best to defend themselves against cyber attacks.

Research and Development

Anonymous data can be 'de-anonymised' to reveal people's real identities, researchers warn (Computing) Machine learning algorithm can identify 99.98 per cent of people in any anonymised dataset, claim Imperial College researchers

Legislation, Policy and Regulation

Will Congress finally see withheld cyber documents? (Fifth Domain) Rep. Mac Thornberry said the Trump administration will provide policy documents related to approving cyber operations.

Should Cyber Arms Be Treated Like Bioweapons? (Defense One) A recent paper suggests that the two are more closely related under international law than previously thought. But the analogy, while useful, is not exact.

The challenge in securing critical information (Fifth Domain) In the United States, the rapid advancement of connected devices poses a major security threat to critical information.

Theresa May resigns, Boris Johnson becomes U.K. prime minister, in elaborate transition of power (Washington Post) Johnson is the queen’s 14th prime minister.

PM Johnson to host new cabinet to chart Brexit course (AFP.com) Britain's newly installed Prime Minister Boris Johnson holds his first cabinet meeting on Thursday faced with the burning challenge of resolving the three-year Brexit crisis in three months.

Ben Wallace Named New Defence Secretary (Forces Network) Mr Wallace takes over the position from his predecessor Penny Mordaunt.

Turkey Is a Bad Place to Be an Influencer (Foreign Policy) Anxious about its failure to establish cultural hegemony, the Erdogan government is going after internet stars.

Pentagon efforts to counter China's influence in cyberspace extend to South America (Inside CYbersecurity) The Defense Department's Southern Command is working to provide cyber defense training and IT infrastructure to several South American militaries in a bid to blunt China's growing technological influence in the region, a move that comes amid action on several fronts for countering the cybersecurity threat from Beijing.

UAE's du says U.S. ban on Huawei not an issue for 5G network (Reuters) United Arab Emirates telecoms company du has discussed U.S. restrictions on Huaw...

Rubio on Huawei (The Washington Times) Sen. Marco Rubio is confident that Congress will codify in law Trump administration restrictions imposed on China’s telecommunications giant Huawei Technologies, a company the Florida Republican says poses a national security threat to the United States.

What Huawei’s CEO Has to Say about the US Ban (Market Realist) In an interview with Yahoo Finance, Huawei CEO Ren Zhengfei discussed why he thinks the Trump administration targeted Huawei.

A Big Choice for Big Tech (Foreign Affairs) Don't break up digital giants that monopolize online markets; force them to share their data with their competitors instead.

NSA Launches Cybersecurity Arm To Defend The U.S. From Foreign Adversaries (Forbes) The U.S. intelligence agency has announced the launch of a cybersecurity directorate to help to defend against foreign adversaries. Is it a good idea?

NSA’s Cybersecurity Directorate Is ‘Back to the Future’ (Breaking Defense) The elevation of the cybersecurity mission to "it's own Directorate raises its stature in NSA to a prominence that is absolutely needed," says one former NSA official.

Pentagon Picks GOP House Candidate to Lead Cyber Office (Bloomberg) Katie Arrington will lead new information security office. Arrington landed Pentagon job after failed 2018 Congress run.

Low Barr: Don't give me that crap about security, just put the backdoors in the encryption, roars US Attorney General (Register) I don't want to hear about hackers and keys, nerds – make it happen, or we'll pass a law making it happen

How the Mueller investigation was hampered by encryption apps and disappearing messages (CNN) Robert Mueller and his team accumulated scores of communications over its nearly two year investigation -- not just texts and emails, but also Apple iMessages, and messages from LinkedIn, Facebook and Twitter.

The Mueller Report Shows Politicians Must Unite to Fight Election Interference (Foreign Affairs) It's time to put partisanship aside.

Don’t outlaw facial recognition (Federal News Network) Congress should enable facial with good oversight, not ban it before it understands its capabilities,

Bill boosting cyber R&D between U.S. and Israel passes House (FCW) The House quietly passed legislation on July 23 that would expand cybersecurity research and development partnerships between several federal agencies and the government of Israel.

Senate committee advances 'deepfakes' legislation (TheHill) A Senate committee on Wednesday approved legislation designed to lessen the threats posed by altered or manipulated videos known as "deepfakes."

A New Law Makes Bots Identify Themselves—That's the Problem (WIRED) California's so-called 'bot bill,' which aims to protect users from automated bots on Twitter and other platforms, is noble, flashy, intriguing...and inept.

Litigation, Investigation, and Enforcement

Facebook Penalty Sends Message to Big Tech (Wall Street Journal) The record $5 billion fine and oversight conditions regulators imposed on Facebook for privacy violations put tech companies on notice that failing to protect consumer data may lead to greater legal risks than previously.

Facebook Latest FTC Headache: Probe of Social Media Competition (Bloomberg) New investigation is disclosed after record privacy settlement. Justice Department also looking at conduct of tech companies.

Facebook to pay separate $100 million SEC fine over Cambridge Analytica scandal (Engadget) On top of its FTC fine, Facebook is also facing a smaller penalty from the SEC for its Cambridge Analytica privacy failures.

Facebook’s FTC Deal: Record Fine With Scant Ad-Business Reform (Bloomberg) Social media giant agreed to ‘changes’ it’s already made. Massive data collection, ad targeting won’t be affected.

UNITED STATES OF AMERICA, Plaintiff v. FACEBOOK, Inc., a corporation, Defendant. Case No. 19-cv-2184 COMPLAINT FOR CIVIL PENALTIES, INJUNCTION, AND OTHER RELIEF (Federal Trade Commission) Plaintiff, the United States of America, acting by and through the Consumer Protection Branch of the U.S. Department of Justice, alleges that...

FTC Agreement Brings Rigorous New Standards for Protecting Your Privacy (Facebook Newsroom) After months of negotiations, we've reached an agreement with the Federal Trade Commission that provides a comprehensive new framework for protecting people's privacy and the information they give us.

Facebook ends friend data access for Microsoft and Sony, the last 2 of its legacy partners, under FTC deal (TechCrunch) One more consequence of the FTC’s investigation of Facebook, which culminated in a record $5 billion settlement announced today: it’s finally tightening another string in its privacy policy by cutting off access to friend data for Microsoft and Sony, the company announced today. It desc…

FTC Sues Cambridge Analytica, Settles with Former CEO and App Developer (Federal Trade Commission) The Federal Trade Commission filed an administrative complaint against data analytics company Cambridge Analytica, and filed settlements for public comment with Cambridge Analytica’s former chief executive and an app developer who worked with the company, alleging they employed deceptive tactics to harvest personal information from tens of millions of Facebook users for voter profiling and targeting.

Transcript of Robert S. Mueller III’s testimony before the House Judiciary Committee (Washington Post) The former special counsel answered questions Wednesday from the panel about his investigation into possible obstruction of justice by President Trump.

Analysis | 6 takeaways from Robert Mueller’s testimony (Washington Post) What Mueller said -- and didn't say -- and what it means.

Have we learned anything new from Mueller? (BBC News) Robert Mueller said he didn't want to testify about his Trump-Russia report. And his reluctance shone through.

Robert Mueller refuses to help Democrats harm Donald Trump (Times) Democrats failed to secure new ammunition for the impeachment of President Trump from the long-awaited testimony of Robert Mueller to Congress yesterday, an occasion seen as their last big push to...

Trump says ‘we had a very good day’ after Mueller hearings end (Washington Post) The former special counsel appeared at two House hearings to address questions for the first time about his report.

Analysis | The Cybersecurity 202: Mueller made a case for election security, but lawmakers seemed largely uninterested (Washington Post) They focused instead on obstruction of justice -- and partisan sniping.

American Hustle (Foreign Affairs) Donald Trump and the Mueller report are x-rays, revealing much of what has gone awry in American politics and society in recent years.

Treasury Secretary Finds No Security Concerns With Google Work in China (Wall Street Journal) Treasury Secretary Steven Mnuchin said he and President Trump have found no national-security concerns about work Google is doing in China, a rebuke of claims made by billionaire Peter Thiel.

FBI investigators describe Methbot investigation as 'beautiful concert of things shutting down (CyberScoop) The law operation, detailed Wednesday by FBI officials involved in the matter, targeted the Methbot/3ve fraud scheme.

Cyber blackmailing cases at 100 a month in Oman (Zawya) 53 per cent of the registered cases are targeted at men

John McAfee 'released from confinement' (CNET) The antivirus software pioneer was arrested by the Dominican Republic and had firearms and ammunition seized, a new report says.

Four Arrested Over Hacking of Brazil Justice Minister's Phone (SecurityWeek) Brazilian federal police arrested four people over the hacking of cell phones belonging to Justice Minister Sergio Moro and prosecutors involved in a massive corruption probe.

Judge to hear arguments in Georgia voting machine case (Washington Post) A federal judge is considering whether to order Georgia to immediately stop using its outdated voting machines

BlueKeep in the wild. Monokle mobile spyware. APT17 linked to China's security services. Operation LagTime IT cyber espionage.

Bring your own context.