The CyberWire Daily Briefing, 8.27.19

Summary

By the CyberWire staff

Recent attacks on US local governments suggest that one of the threats to expect during the 2020 elections will be ransomware. Reuters reports that CISA is working to help secure voter registration databases in particular against this form of attack. StateScoop sees the National Guard assuming a role in ransomware defense.

Web hosting provider Hostinger reset user passwords over the weekend after determining that unauthorized parties had gained access to its "internal systems." About half the company's 29 million users may have had their information exposed in the breach.

Cofense researchers have detected a sophisticated phishing campaign distributing the Quasar remote-access Trojan. Quasar is a widely available commodity RAT, but the campaign distributing it is unusually adept at evading detection and avoiding analysis.

Bleeping Computer reports research by Vitali Kremenz that outlines a new strain of ransomware, "Nemty." It appears to spread via remote desktop protocol.

Arkose Labs' Fraud and Abuse Report for the third quarter claims that over half the logins they investigated were fraudulent. The company analyzed more than 1.2 billion logins in the ﬁnancial services, e-commerce, travel, social media, gaming and entertainment sectors to reach this conclusion. The national center of gravity for social media fraud also seems to have shifted, with the Philippines now the clear leader in the origination of such traffic. The US is a distant second, with Russia, the UK, and Indonesia as also-rans.

Emsisoft has a free decryptor available for the Syrk ransomware that bamboozled Fortnite players looking for methods of cheating.

Have Your Users Made You an Easy Target for Spear Phishing?

Notes.

Today's issue includes events affecting Belarus, Bulgaria, China, Indonesia, Kazakhstan, Philippines, Russia, Tajikistan, Ukraine, United Arab Emirates, United Kingdom, United States, and and Vietnam.

Bring your own context.

Bots and the role they can play in gift card scams.

"And so what ends up happening, and where bots come into this whole space, is that that adversary will go and write a bot - or effectively a script - that can go and target these check balance services on a retailer site, and just start guessing hundreds, thousands, upwards of millions if it's long enough and they've got the scale and support to do that. They can just start brute force guessing with no real rhyme or reason, but eventually, if they get enough guesses, the probability starts to increase drastically that they'll be able to more or less guess my card. And once they access it, they'll have full access to it to those funds."

—Jonathan Butler, technical account team manager at Imperva's Distil Networks, on the CyberWire's Research Saturday, 8.24.19.

Gift card fraud is a species of pay card fraud, and bots can play a role there, too.

Conduct secure and anonymous research on the open and dark web.

If you are doing online research, the common web browser can betray you by exposing you and your organization to cyber attacks. Authentic8, the maker of Silo Cloud Browser and Silo Research Toolbox, ends this betrayal. Silo insulates and isolates all web data and code execution from user endpoints, providing powerful, proactive security even if you are gathering data and collections across the deep and dark web. Learn more.

On the Podcast

In today's podcast, out later this afternoon, we hear from our partners at Webroot, as David Dufour discusses company cyber security assessments. Carole Theriault speaks with our guest Omar Yaacoubi from Barac on the growth in encrypted hacks, and how they use metadata to detect and analyze them.

Sponsored Events

Cyber Security Summits: Chicago on August 27 and on September 17 in Charlotte (Chicago, Illinois, United States, Aug 27, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Google, IBM, Darktrace, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com

10th Annual Billington CyberSecurity Summit (Washington, DC, United States, Sep 4 - 5, 2019) The event will be an important Call to Action for the cybersecurity community and is the deepest examination of the cybersecurity and government at the local, state, Federal and International levels found anywhere.

Second Annual DataTribe Challenge (Online, Oct 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge.

Zero Day Con (Washington, DC, USA, Oct 22, 2019) Zero Day Con hosts a day of expert discussion on security approaches to regain control over your systems, data, and information. Join us to examine insights, security technologies, and key priorities to secure your systems. Get a 30% discount for Labor Day using code LABOR30.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

China Is Sending Keyboard Warriors Over The Firewall (Foreign Policy) Online forums rally fans to defend national pride abroad.

Exclusive: U.S. officials fear ransomware attack against 2020 election (Reuters) The U.S. government plans to launch a program in roughly one month that narrowly...

Data breach of Hostinger exposes 14 million users (SC Magazine) A data breach at internet domain registrar Hostinger exposed data of roughly 14 million users, including their usernames, emails, first names and IP addresses

Hostinger Resets User Passwords Following System Breach (SecurityWeek) Web hosting provider Hostinger reset all customer passwords over the weekend, after learning that an actor gained unauthorized access to one of its internal systems.

New Nemty Ransomware May Spread via Compromised RDP Connections (BleepingComputer) A new ransomware has been spotted over the weekend, carrying references to the Russian president and antivirus software. The researchers call is Nemty.

Quasar RAT installed by new phishing campaign (SC Magazine) Malware deploys anti-analysis methods to install remote access tool by stuffing the message with so many strings of rubbish that attempts to decode them would likely cause a crash.

Phishing Campaign Delivers Quasar RAT Payloads via Fake Resumes (BleepingComputer) A new phishing campaign uses fake resume attachments designed to deliver Quasar Remote Administration Tool (RAT) malicious payloads onto the Windows computers of unsuspecting targets.

Emotet botnet reactivated after two month break (Computing) Emotet returns following summer holiday

The evasive Baldr malware may hit back in new forms, warns SophosLabs (LiveMint) Baldr was used to target PC gamers living around the world; Indonesia (21%), the United States (10.52%), Brazil (14.14%), Russia (13.68%), India (8.77%) and Germany (5.43%) were the countries most affected.It was named Baldr as security researchers believe it to be the handiwork of LordOdin, a hacker active on Russian forums

Syrk ransomware comes disguised as Fortnite cheat tool to ambush gamers (SC Magazine) Cyber-criminals have set a trap for Fortnite gamers, creating a ransomware program that comes disguised as a cheat hack

Airlines That Manage Booking Systems Themselves Expose Customer Data (SecurityWeek) Some of the airlines that manage booking systems themselves expose customer information, a researcher has warned.

Perspective | The spy in your wallet: Credit cards have a privacy problem (Washington Post) In our latest privacy experiment, we bought one banana with the new Apple Card — and another with the Amazon Prime Rewards Visa from Chase. Here’s who tracked, mined and shared our data.

WordPress plugins attacked by malicious redirect campaign (SC Magazine) An active campaign is targeting several WordPress plugins in order to redirect users to potentially harmful destinations

More Than Half of Logins on Social Media Platforms Are Fraud, as Arkose Labs Report Exposes Targeted Industries and Unique Attack Patterns (BusinessWire) Social media sites have become lucrative targets for criminals looking for quick monetization. More than half of logins (53%) on social media sites ar

Vulnerability Summary for the Week of August 19, 2019 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

The Growing Threat of Deepfake Videos (SecurityWeek) Deepfakes are a growing threat that will increasingly be used in phishing attacks, BEC attacks, reputation attacks, and public opinion attacks (such as election meddling).

Hacker Forces NY School District to Pay $88K in Ransom (NBC New York) they have been in your system and could have infected your system so you have to cleanse the system

Calhoun City Schools among school systems hit by data breach | The Georgia Sun (The Georgia Sun) Calhoun City Schools reported a data breach today stemming from software it used between 2005 and 2018 provided by Pearson Assessments. Below is the school system’s statement on the breach:

Karnataka: Nearly a month after cyber attack, e-procurement portal resumes ops (Times of India) Almost a month after it was shut down following a cyber attack, the government’s e-procurement portal used to float and award tenders resum.

Security Patches, Mitigations, and Software Updates

BitDefender Confirms Security Flaw In Free Windows Antivirus 2020, Millions At Risk -- Update Now (Forbes) Atherton Research's Principal Analyst and Futurist Jeb Su weighs in on the new critical security vulnerability found in BitDefender's latest popular free antivirus software for Microsoft Windows.

Apple patches security flaw that allowed iPhone jailbreak (Computing) The bug was fixed in iOS 12.3 but accidentally unpatched with the release of iOS 12.4

NCSC warns organisations to dump Python 2 or risk WannaCry-style cyber attacks (Computing) Python 2.x will no longer receive bug fixes and security patches from January 2020

GitHub announces wider array of 2FA options, including security keys and biometrics (Help Net Security) GitHub supports the WebAuthn web standard, allowing users to use security keys for two-factor authentication with a wide variety of browsers and devices.

Cyber Trends

NotPetya Ushered In a New Era of Malware (Vice) EternalBlue and NotPetya through the eyes of influence.

The unusual suspects: human error's impact on cybersecurity (TahawulTech.com) Organisations are often warned about sececurity breaches caused by nefarious actors. However, what they don't realise is that sometimes the most dangerous threats could be right under their noses.

Marketplace

Vietnam’s top carriers avoid Huawei 5G gear, citing security concerns (VentureBeat) Southeast Asian carriers haven't been lining up to support the U.S. ban on Huawei 5G gear, but Vietnam will pass on Chinese hardware for security reasons.

Huawei Is in Talks to Launch a 'Pilot Program' Using Russian OS as Replacement for Android (Gizmodo) After being placed on a so-called Entity List by the U.S. federal government, severely restricting its access to American technology, Chinese tech giant and world’s second-largest smartphone manufacturer Huawei is investigating using the Russian-made Aurora operating system as a replacement for Google’s Android OS on its mobile devices, Reuters reported on Monday.

In Its Second Funding Round of 2019, Axonius Raises $20M More to Support Rapid Market Success (Axonius) 2019 has been a big year for Axonius. This morning we announced that we’ve completed our second funding round of 2019 to support our rapid market success. Just two years ago, Ofri, Avidor, and I decided to take a chance at solving a big, decades-old problem that was only getting worse: asset management. A security …

CrowdStrike Announces Establishment of Falcon Fund (Yahoo) CrowdStrike® Inc. (CRWD), a leader in cloud-delivered endpoint protection, today announced the launch of Falcon Fund, an $20 million dollar early stage investment fund started by CrowdStrike®, in partnership with Accel. Falcon Fund will focus on seed and Series A investments in startups that are building

Space ISAC and National Cybersecurity Center Announce MITRE Will Be an ISAC Founding Member (Dark Reading) New Information Sharing and Analysis Center Adds New Founding Member to Board

Georgia Signs $25M Contract for Single Sign-On Capability (Government Technology) One year after signing a $218 million contract with Unisys for cloud services, and one month after a ransomware attack took public safety agencies offline, the state is investing again in security and cloud support.

Hacker Finds Instagram Account Takeover Flaw Worth $10,000 (SecurityWeek) India-based hacker Laxman Muthiyah has found another serious account takeover vulnerability in Instagram and it earned him $10,000 from Facebook.

GlobalPlatform Appoints Strategic Director for IoT Security (GlobalPlatform) The standard for secure digital services and devices

Mark Forman Named Unisys Federal Vice President for Digital Government (Yahoo) Unisys Corporation (UIS) today announced the appointment of Mark Forman as vice president, digital government, Unisys Federal. Forman previously served as global head of Unisys Public Sector, where his leadership in combining digital solutions expertise with

Products, Services, and Solutions

Decryptor for Syrk (Emsisoft) Syrk Ransomware pretends to be a hacking tool for the video game Fortnite, but instead, encrypts its victims files using AES-256 and adds the extension

Reciprocity Launches First-of-its-Kind Integrated GRC Platform (Yahoo) Reciprocity, the provider of leading information security risk and compliance solution, ZenGRC, today announced a first-of-its-kind Platform-as-a-Service, ZenConnect. The integrated solution, ZenGRC + ZenConnect, provides a modern approach to managing information

Technologies, Techniques, and Standards

5 Ways to Beat Gaming Booters with Zero-Trust DDoS Defenses (Redmondmag) Join experts to learn about the challenges and best practices to ensure your users have unfettered access to online games that drive your business. Watch now!

'Culture Eats Policy for Breakfast': Rethinking Security Awareness Training (Dark Reading) What's definitely not working with end-user cybersecurity awareness training - and what you can do about it.

Building resilience against e-mail security threats (ITWeb) Phishing attacks can expose businesses to immense financial and reputational risk, says Mimecast.

Internet Cookies: What Are They and Are They Good or Bad? (Sucuri Blog) Learn more about cookies, how they work, and how you can manage cookies to protect your data, minimize threats, and keep control over your privacy.

What is steganography and how does it differ from cryptography? (Computer Crime Research Center) Steganography is an ancient practice that involves hiding messages and data. From its humble origins that involved physically hiding communications and using invisible inks, it has now moved into the digital realm, allowing people to slip critical information into seemingly mundane files

Design and Innovation

What can Darwin teach the aviation industry about cybersecurity? (World Economic Forum) Today, the aviation community is benefitting from advances in digitalization and connectivity - but these new technologies carry increased risks of potentially disastrous cyberattacks, too.

Research and Development

New funding for aviation security innovation (SC Magazine) £1 million of funding is being made available to boost aviation security with grants for universities to collaborate with industry in a joint initiative between the Department for Transport and the Home Office.

Legislation, Policy and Regulation

World leaders, stand by these principles for a healthy digital society (ISOC) World leaders, we stand by these principles for a healthy digital society and we urge you to do the same. Notably, we ask you to protect and promote strong encryption which is the foundation for our digital economies, digital societies, and interdependent lives.

'I know what you said last summer' (SC Magazine) User privacy is being trampled on say civil liberties groups as several Big Tech companies finally admit that they record and listen to our voice commands, conversations and even private chats

Industry groups say Trump administration miscalculated burden of Huawei, ZTE ban (Federal News Network) The Coalition for Government Procurement, the National Defense Industrial Association and the Professional Services Council say the interim final rule published Aug. 13 needs some clarity around False…

Why is DJI getting the Huawei treatment? (CyberScoop) DJI is facing a ban from all U.S. military purchases over cybersecurity concerns. Yet, those allegations that have never been publicly proven.

'Persistent Engagement': The Phrase Driving A More Assertive U.S. Spy Agency (NPR.org) For the director of the National Security Agency, Gen. Paul Nakasone, it means relentlessly tracking adversaries in cyberspace and increasingly taking action against them.

Senators Question NHTSA on Risks of Connected Vehicles (SecurityWeek) Two United States senators have sent a letter to the National Highway Traffic Safety Administration (NHTSA) to inquire about cyber-risks associated with connected vehicles.

Can Congress legislate a secure technology supply chain for the Pentagon? (Fifth Domain) Following an Inspector General report highlighting many vulnerabilities, should the Pentagon adopt security as a fourth pillar of acqusitions?

CISA official touts data sharing in critical infrastructure (FCW) Where privately owned critical infrastructure providers had balked at sharing threat data five years ago, it's become now a critical, commercial necessity, according to CISA infrastructure official.

A new civilian cyber warfare position for the Army (Fifth Domain) The Army has created an official cyberspace effects position for civilians, the equivalent of their uniformed counterparts.

National Guard role in state cybersecurity growing (StateScoop) The chief of the Pentagon’s National Guard Bureau praised the role of military members responding to recent ransomware incidents in Texas and Louisiana.

FEC vice chairman resigns, leaving agency unable to vote (TheHill) The vice chairman of the Federal Election Commission (FEC) submitted his resignation letter to Presi

Litigation, Investigation, and Enforcement

Bulgaria's Attorney General releases more evidence from tax office hack investigation (Computing) Email supposedly from a Russian hacker found on PC of accused, Kristian Boykov

Arrest for Marine veteran charged with spying extended by Moscow court (Marine Corps Times) Whelan, who is reportedly kept in cramped conditions at a Moscow detention facility, felt unwell, and the court called an ambulance.

Company Sues Black Hat Conference Over Mocked Presentation (SecurityWeek) Encryption company Crown Sterling has filed a lawsuit against the organizer of the Black Hat hacking conference after its sponsored talk was disrupted by some attendees.

Black Hat Attendees: Sponsored Session Was 'Snake Oil Crypto' (PCMag UK) A controversial sponsored session at the Black Hat security conference led attendees to dismiss the talk as pseudoscience. Black Hat has since removed the materials from its site.

Judge Orders Woman in Capital One Case to Remain in Custody (SecurityWeek) A U.S. judge ordered a woman accused of hacking Capital One and at least 30 other organizations to remain in custody pending trial because she is a flight risk and poses a physical danger to herself and others.

HHS Lacks Managed, Measurable Security Maturity Level, OMB Finds (HealthITSecurity) HHS has been steadily working to improve its cybersecurity posture through collaborations with DHS and other stakeholders; however, the agency lacks a managed, measurable maturity level.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Industrial Control Systems Joint Working Group (ICSJWG) Fall Meeting (Springfield, Massachusetts, USA, Aug 27 - 29, 2019) The Cybersecurity and Infrastructure Security Agency (CISA) hosts the Industrial Control Systems Joint Working Group (ICSJWG) to facilitate information sharing and reduce the risk to the nation’s industrial control systems. The ICSJWG provides a vehicle for communicating and partnering across all Critical Infrastructure (CI) Sectors between federal agencies and departments, as well as private asset owners/operators of industrial control systems. The goal of the ICSJWG is to continue and enhance the collaborative efforts of the industrial control systems stakeholder community in securing CI by accelerating the design, development, and deployment of secure industrial control systems.

Integrate (Melbourne, Victoria, Australia, Aug 27 - 29, 2019) Get ready to think beyond and lose yourself in the technology of tomorrow at Integrate 2019. Integrate is Australia's leading event dedicated to helping businesses harness the power of AV technology to transform customer experiences. This three-day event is a nexus for local and global brands to showcase the latest solutions and products, to the region's largest gathering of AV professionals, end users and technology buyers.

Washington DC Cybersecurity Conference (Washington, DC, USA, Aug 29, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel with three-to-five local CISOs discuss real-world problems and solutions.

9th Annual Peak Cyber Symposium (Colorado Springs, Colorado, USA, Sep 3 - 5, 2019) The Peak Cyber Symposium is designed to further educate Cybersecurity, Information Management, Information Technology and Communications Professionals by providing a platform to explore some of today's most pressing cybersecurity threats, remediation strategies and best practices. Peak Cyber Schedule includes: Capture The Flag (CTF) at Peak Cyber; Speaker Sessions, Panels and In-Depth Training Workshops & Boot camps.

9th Annual Peak Cyber Symposium (Colorado Springs, Colorado, USA, Sep 3 - 5, 2019) The Information Systems Security Association (ISSA) - Colorado Springs Chapter will once again host the 9th Annual Peak Cyber Symposium. This year's theme is "Cyber Hygiene: Everyday for Everyone." The Peak Cyber Symposium is designed to further educate cybersecurity, information management, information technology, and communications professionals by providing a platform to explore some of today's most pressing cybersecurity threats, remediation strategies and best practices.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Ransomware vs. elections? Hostinger resets passwords. Quasar RAT loose again. Nemty ransomware. Fraud trends. Syrk decryptor.

Bring your own context.