The CyberWire Daily Briefing, 7.26.19

Cyber Attacks, Threats, and Vulnerabilities

It’s not just the Russians anymore as Iranians and others turn up disinformation efforts ahead of 2020 vote (Washington Post) It's not just Russia. Election disnformation experts say Iran and several other nations have developed substantial capacity to wage Russian-style information operations in the United States ahead of next year’s election. That means American voters are likely to be targeted in the coming campaign season by more foreign disinformation than ever before.

Winnti: Angriff auf das Herz der deutschen Industrie (BR24) Seit Jahren spioniert eine professionelle Hackergruppe weltweit Unternehmen aus: Winnti. Mutmaßlich gesteuert aus China. Recherchen von BR und NDR zeigen erstmals detailliert, wie die Hacker vorgehen.

Roche confirms cyber-attack from Winnti malware (European Pharmaceutical Review) The pharmaceutical company Roche has affirmed that it was hit by a Winnti cyber-attack, thought to be supported by the Chinese government.

Alimentation: comment la Chine a raflé le pouvoir mondial (L'Opinion) La direction de l’Organisation de l’ONU pour l’agriculture et l’alimentation (FAO) vient d’échapper à la France. Face à Pékin, pour qui la fin a justifié les moyens, Paris a péché par naïveté

Russian Threat Group May Have Devised a 'Man-on-the-Side' Attack (Dark Reading) Data from an intrusion last year suggests Iron Liberty group may have a new trick up its sleeve, Secureworks says.

Cryptocurrency site leaked unencrypted user credit cards (TechCrunch) A cryptocurrency loan startup exposed reams of customer credit cards and user transactions for almost a month — because it forgot to protect the server with a password. Security researchers Noam Rotem and Ran Locar found the database belonging to YouHodler, a lending platform designed for cryptocur…

BlueKeep Exploit on Sale, Now We Wait (Decipher) What a week for BlueKeep watchers. Chinese-language slide deck appears on GitHub with details on how to use the BlueKeep vulnerability, Immunity includes a working exploit in its penetration testing kit, and the WatchBog cryptocurrency-mining botnet now has a scanner looking for vulnerable Windows machines with Remote Desktop enabled.

Immunity selling new BlueKeep exploit, defends decision (SearchSecurity) Immunity Inc. is selling a full RCE BlueKeep exploit module as part of a pen testing tool and the company's CEO Dave Aitel defended the decision by saying a proper exploit is necessary to demonstrate the risk and consequences of an attack.

VPN providers address vulnerability findings by researchers (Techxplore) Virtual private networks (VPNs) are engineered to encrypt traffic between points on the internet. As Computing put it, they extend a private network across a public network, "often used to enable staff working remotely to access resources on their organisation's corporate network."

Still available via Google Analytics: Data slurped from 4 million browsers (Ars Technica) Customers allowed to hold on to existing data as long as they keep accounts open.

Brazil President Bolsonaro's cellphones targeted by hackers:... (Reuters) Cellphones used by President Jair Bolsonaro were a target of cyber attacks, the ...

EvilGnome – Linux malware aimed at your laptop, not your servers (Naked Security) EvilGnome was written to target the comparatively small but committed community who use Linux on their laptops.

Why Hackers Abuse Active Directory (GovInfo Security) Warning: Attackers are abusing poorly secured and managed implementations of Microsoft Windows Active Directory to hack organizations and distribute ransomware.

Ransomware Attack Cripples Power Company’s Entire Network (BleepingComputer) A ransomware attack that hit the South African electric utility City Power from Johannesburg this morning encrypted all its systems, including databases and applications.

Joburg prepaid electricity users left in the dark as City Power crippled by computer virus (News24) A virus which has hit City Power has resulted in a blackout to its internet technology system, leaving scores of Johannesburg residents unable to purchase electricity.

FIN8 Back in Business Stealing Credit Card Information with Badhatch (The National Law Review) Security research firm Gigamon has reported that the nasty cybercriminal group FIN8 may have reappeared in June after a two year silence. FIN8 is known for implementing malware on point of sale system

Airbus A350 software bug forces airlines to turn planes off and on every 149 hours (Register) Patch your darn metal bird, sighs EU aviation agency

Possible second cyber attack crippling another Mobile company (WPMI) NBC 15 has been alerted about a second possible cyber-attack crippling another local company. Wednesday, Mobile Police officials confirmed Springhill Medical Center has fallen victim to a ransomware attack. Now an employee at a big steel plant in axis tells NBC 15 they are targeted too. Your job compromised in a moment’s notice by something you had nothing to do with. “It’s unthinkable,” the employee said. An employee from Blastech Mobile says hackers came after them last week.

Louisiana governor declares state emergency after local ransomware outbreak (ZDNet) Three school districts have been hit by ransomware in North Louisiana this week.

City of Baltimore FAQ (Mayor Bernard C. "Jack" Young) Background/Initial Attack Questions 1. Why haven’t you paid the ransom? Wouldn’t paying the ransom get systems up and running sooner?

Security Patches, Mitigations, and Software Updates

Unpatched vulnerabilities lurk in Comodo Antivirus (ZDNet) Updates to resolve the security flaws are expected to land on Monday.

Cyber Trends

Special report: Global email security trends (Journey Notes) Get the latest on what IT leaders and business executives from around the world are saying about email security in this special report.

74% Of Adults Have Been Harassed While Gaming Online, Study Says (Kotaku) 74 percent of adults who play games online have experienced some form of harassment, according to a new report released today.

Malware attacks down by 20 per cent, while ransomware-as-a-service has boomed (Computing) Ransomware-as-a-service attacks on UK organisations have tripled over the past year, claims SonicWall

Forever Day: The Threat that Never Ends (Infosecurity Magazine) Even end-of-service-time equipment should get a patch if the company is able to provide it

Organisations still struggle with GDPR compliance (SC Media) UK businesses struggle to manage data access requests; many would rather pay breach penalty than beef up data security

Gaming industry a rising target of cyber-attacks (Akamai) “Gamers are a niche demographic known for spending money, so their financial status is also a tempting target.

Netflix's The Great Hack Brings Our Data Nightmare to Life (WIRED) The new documentary uses compelling visuals to create a dystopian horror movie.

Original Cult of the Dead Cow Members Keep it "Wacky, Weird, and Wild" to Celebrate Joseph Menn's Newest Book (Electronic Frontier Foundation) On June 18, the Internet Archive hosted a reading and panel discussion in celebration of Joseph Menn's new book Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World. As the evening's event began, an archived video of Cult of the Dead Cow (cDc) interviews from 1996...

Marketplace

How to improve the hiring and retaining of infosec professionals? (Help Net Security) Organizations must adopt more realistic expectations and more effective hiring practices, and develop talent pipelines and training programs.

ConnectWise CISO says MSP security needs to improve (CRN Australia) Most don't have an incident plan or consider themselves security experts.

Google Pitches to Baltimore after Ransomware Attacks (Government Technology) Frank Johnson, the head of the city’s IT department, told members of a city commission that he didn’t think switching from Microsoft was worth it due to the exorbitant cost of transitioning to a new technology.

Xilinx CEO on U.S.'s Huawei Ban: We've Seen This Movie Before (TheStreet) The chipmaker was also hit last year with a U.S. ban against ZTE, so the move against Huawei is not an entirely new experience, CEO Victor Peng tells TheStreet.

FanDragon Technologies Launches With $12 Million In Funding To Revolutionize Mobile Ticket Delivery (PR Newswire) Aventus Taps Veteran Technologist and Entrepreneur Robert Weiss to Serve as CEO and Leverage its Blockchain Technology to Help Venues, Teams and Talent Fight...

Symantec: Moving On (Seeking Alpha) The deal between Symantec and Broadcom is unlikely to happen. Management believes the stock isn't worth less than $28/share. Investors stand to gain more if Symantec remains public as the company is well-positioned to ride the growth in the cybersecurity market. A 40% premium to June's valuation seems enticing but cheap compared to the future value that can be unlocked if the company stays public.

CrowdStrike Is Priced Like A Superstar (Seeking Alpha) CrowdStrike annual revenue growth is over 100%. The share price has gone up 2.5x in 1 1/2 months since IPO and my relative valuation analysis suggests that the share price is overvalued. Gartner's peer reviews suggests that CrowdStrike is preferred over Cylance and Carbon Black for endpoint security solutions. I expect that there will be a dip in share price or pause in share price growth in the next 6-12 months due to insider lockup expiration.

CrowdStrike: Too Much Hype (Seeking Alpha) CrowdStrike continues soaring to new highs following a hot IPO. The cloud security provider now trades at nearly 30x FY21 revenue estimates of only $624 million. Revenue growth is forecast to decelerate to below 50% next year. Diminished returns typically occur for stocks with premium valuations and decelerating growth.

Mimecast: This Cybersecurity Company Is En Route To Stardom (Seeking Alpha) Mimecast is an industry leader in Enterprise Email Security and Archiving. New products and impeccable "Land & Expand" execution have led to financial success. Management's financials responsibility has this company one the verge of profitability.

Swiss Accelerator Kickstart Selects Three Cybersecurity Israeli Startups for Fourth Cohort (Algemeiner) Japan is turning to Israeli cybersecurity experts in advance of the 2020 Olympic Games in Tokyo. Photo: Twitter CTech – …

DreamPort plans expansion of Columbia collaboration space (Technical.ly Baltimore) The center that's designed to spur new projects between government, business and academia is set to double in size.

Carbonite Seeks CEO Amid Security Momentum, Data Protection Challenges (ChannelE2E) Carbonite names Steve Munford interim CEO. Webroot Cybersecurity business on track. Data protection business experiences challenges. Mohamad Ali joins IDG.

Xconomy: Carbonite CEO Mohamad Ali Leaves for International Data Group (Xconomy) Carbonite's Mohamad Ali is stepping down as CEO and board member of the Boston-based data protection company to lead International Data Group, a

Products, Services, and Solutions

New infosec products of the week: July 26, 2019 (Help Net Security) Featured infosec products of the week include releases from: ESET, Centrify, Collibra, STEALTHbits, Bitdefender, Netography, and WatchGuard.

Netskope Announces Enhancements to Build The World’s Most Secure, Performant Cloud Network (Netskope) New offering delivers low-latency infrastructure for all Netskope market-leading cloud and web security products to enhance enterprise protection worldwide SANTA CLARA, Calif. – July 25, 2019 – Netskope, the leader in cloud security, today announced Netskope NewEdge, the globally distributed network infrastructure that enables the Netskope cloud-native security platform to deliver real-time security without the …

CYFIRMA Launches Its Proprietary Cyber Intelligence Analytics Platform (CAP) v2.0 (PR Newswire) CYFIRMA, a market leader in predictive cyber threat visibility and intelligence, announces the launch of...

Next-Gen Code Signing (Venafi) Enterprises protect their software assets by code signing them. But many may not be taking necessary steps to protect their code signing process, as demonstrated by recent thefts of credentials. We help you secure all private keys, automate code signing workflows, and maintain an irrefutable record of all code signing activities.

Your Advanced Endpoint Protection (AEP) Product Protects Your Computer, But Can it Protect Itself? (NSS Labs, Inc.) Advanced endpoint protection (AEP) products are responsible for detecting and preventing threats, as well as providing forensic-level reporting on security events. These products create barriers that can be difficult to evade. However, rather than finding a way around these bar

ForgeRock Delivers Open Banking and PSD2 Accelerators to Speed Deployment and Reduce Costs of Compliance (West) Hosts an On-Demand Webinar for Global Banks to Learn How to Leverage ForgeRock’s Open Banking and PSD2 Accelerator Solutions for Compliance and Competitive Advantage

Technologies, Techniques, and Standards

Don't fall into the trap of thinking you're safe and secure in the cloud. It could become a right royal pain in the SaaS (Register) Here's a gentle introduction to off-prem security for SMBs

Cyber Threat Intelligence: Not for the Faint of Heart (Forbes) Cyber threat intelligence (CTI) offers real value to security teams. I established that in my last article, Introduction to Cyber Threat Intelligence: What Can It Do For You? But I would be remiss if I didn’t highlight the challenges companies encounter as they attempt to tap that value.

‘SOC’ It to ‘Em: How to Overcome Security Operations Center Challenges (Channel Futures) The Exabeam state of the SOC report and SANS 2019 SOC survey report

Design and Innovation

Content moderators at YouTube, Facebook and Twitter see the worst of the web — and suffer silently (Washington Post) YouTube, Facebook, Twitter and other tech companies have tasked a workforce of contractors with reviewing suicides and massacres to decide if such content should remain online — and protect the firms’ reputations.

Kudelski Security to Showcase Industry’s First Purposefully Vulnerable Blockchain at Black Hat USA 2019 (Kudelski Security) FumbleChain project aims to raise awareness around vulnerabilities in blockchain ecosystems

Parental monitoring apps: How do they differ from stalkerware? (Malwarebytes Labs) What are the differences—if any—between parental monitoring apps and stalkerware? And what should parents know before deploying this potentially invasive surveillance methods?

Who’s The Face Behind FaceApp? Meet The Rich Russian Who Built The Wildly Viral App (Forbes) Forbes speaks with FaceApp founder and owner Yaroslav Goncharov about his massively popular app and a wild week in which a senator called for his company to be investigated by the FBI.

Academia

Cyber attacks: Protecting universities and solving cyber security issues (Open Access Government) Anthony O’Mara highlights the cyber security issues universities are facing and what steps they can take to protect themselves from a cyber attack

Cybersecurity Major, Minor Starts Now (West Liberty University) Cybersecurity. It’s a word that strikes fear in just about everyone today as they consider their safety on the World Wide Web.

Legislation, Policy and Regulation

Is ‘Pearl Harbor’ still a valid cyber metaphor? (Fifth Domain) In 2012, then-Secretary of Defense Leon Panetta introduced the idea of a

How Arab governments use cyberspace laws to shut down activism (Al Jazeera) Critical Arab voices are being silenced on Twitter, and laws across the Middle East are created to further this cause.

Is Brazil ready to handle cyber security issues? (The Brazilian Report) President Bolsonaro is only the most recent Brazilian head of state to be hacked, raising serious concerns about Brazil’s ability to handle cyber security.

What the future holds for Cyber Command (Fifth Domain) After 10 years in existence, what does the future of Cyber Command portend?

Mueller sounds alarm on Russian meddling. So what has Congress done about it? (Roll Call) Aside from millions allocated for state election systems, other security measures,including more disclosure for online political ads, have stalled.

Analysis | The Cybersecurity 202: Senate Intelligence Committee still can't agree on best way to secure the 2020 election (Washington Post) The report's recommendations sidestep a key issue: Whether to mandate fixes.

Threats To U.S. Elections Aren't Going Away. What Have The 2020 Democrats Proposed? (NPR.org) FBI Director Christopher Wray and former special counsel Robert Mueller both warned this week about the perils to the 2020 presidential race. What would the candidates do about it?

FBI director follows attorney general in raising encryption concerns at cyber conference (The Washington Times) FBI Director Christopher A. Wray echoed Attorney General William P. Barr on Thursday by calling on tech companies to help solve investigative setbacks caused by criminals using encrypted devices and messaging platforms.

Analysis | The Cybersecurity 202: Attorney General Barr fires up the encryption debate (Washington Post) Security and privacy experts pounced on his remarks.

Self-defense in cyberspace would put businesses at risk, experts say (MarketWatch) A House bill giving businesses the power to counter cyberattacks outside their own computer networks is fraught with risks to U.S. companies and critical...

New York Enacts New Data Security Requirements to Protect Consumer Information | New York Law Journal (New York Law Journal) New York state’s data privacy and security protections will be strengthened over the next year as businesses prepare to implement two bills on the topic signed by Gov. Andrew Cuomo on Thursday.

New York City moves to protect citizens’ location data (Naked Security) New York City is considering a law that could stop cellphone carriers and smartphone app vendors from selling their location data.

Litigation, Investigation, and Enforcement

READ: Senate Intelligence Report On Russian Interference In The 2016 Election (NPR.org) The panel released its findings a day after former special counsel Robert Mueller warned of ongoing threats.

Russia Targeted Elections Systems in All 50 States, Report Finds (New York Times) A Senate panel documented an effort largely undetected by state and federal officials at the time. But its report was so heavily redacted that key lessons for 2020 were blacked out.

Senate Intel releases 1st volume of report on Russian interference in 2016 election (Axios) It comes one day after former special counsel Robert Mueller's House testimony.

Security of Election Announcements (Superior Court of California, County of San Mateo) How secure from cyber attacks is the online election information San Mateo County provides to the public?

On Mueller’s final day on the national stage, a halting, faltering performance (Washington Post) One of Washington’s last symbols of bipartisanship stumbles before sharply divided House committees.

Mueller’s Labored Performance Was a Departure From His Once-Fabled Stamina (New York Times) As special counsel, Mr. Mueller adopted a more hands-off style than when he was F.B.I. director, and it was on display Wednesday in his congressional appearances.

U.S. Sanctions Compliance Fines Hit Decade High (Wall Street Journal) Fines issued by the U.S. regulator enforcing sanctions compliance have hit a decade high at a time when the Trump administration is increasingly using sanctions as a foreign policy tool.

Tulsi Gabbard, Democratic Presidential Candidate, Sues Google for $50 Million (New York Times) The candidate claims Google shut down her ad account after the first debate in June, preventing her from capitalizing on new interest.

House panel votes to authorize subpoenas for all White House work communications sent via personal email, cellphone (Washington Post) The House Oversight Committee had asked the Trump administration about reports that some top White House officials used personal email and encrypted applications to communicate.

Chris Hughes Worked to Create Facebook. Now, He Is Working to Break It Up. (New York Times) Mr. Hughes has joined two leading academics to argue to government officials that Facebook has engaged in anticompetitive behavior for almost a decade.

Inside Chris Hughes’s campaign to break up Facebook, the tech ‘monopoly’ he helped create (Washington Post) Hughes, who left the social media giant in 2007 and cashed out his nearly $500 million worth of stock, has been making the rounds in the nation’s capital to press the case for breaking up the social network.

Nigeria’s fight against cybercrimes ranked 57th globally (The Guardian Nigeria News) Nigeria’s campaign against the menace of cybercrimes in the country have been ranked 57th out of the 175 countries surveyed in 2018...

China says FedEx lied about its “mishandling” of Huawei packages (Quartz) China says that the claim by FedEx for its unauthorized re-routing of some Huawei packages to the US as "mishandling " "did not match with the facts."

Equifax owes you a lot more, but here’s how to get $125 from this week’s settlement (The Verge) File an online claim today if you were affected by the 2017 data breach

Chinese espionage against German, French targets. Report on Russian election meddling is out. Ransomware notes.

Bring your own context.