The CyberWire Daily Briefing, 8.29.19

Cyber Attacks, Threats, and Vulnerabilities

U.S. Cyberattack Hurt Iran’s Ability to Target Oil Tankers, Officials Say (New York Times) The strike came on the same day that President Trump called off a retaliatory airstrike against Iran after it shot down an American drone.

American Cyber Command hamstrung Iran’s paramilitary force (MIT Technology Review) American officials say that a US cyberattack against Iran that was launched earlier this summer has had a lingering impact on the Iranian military's ability to target oil tankers in the Persian Gulf, according to a new report in the New York Times.Iranians are reportedly still recovering targeted systems, networks, and data after the cyberattack which was launched in June at a peak in tensions between Iran and American allies.The players: The attack was launched by US Cyber Command.

Fancy Bear Dons Plain Clothes to Try to Defeat Machine Learning (Dark Reading) An analysis of a sample published by the US government shows Russian espionage group APT28, also known as Fancy Bear, has stripped down its initial infector in an attempt to defeat ML-based defenses.

Inside the APT28 DLL Backdoor Blitz (ThreatVector) This report is a follow-up to 'Flirting With IDA and APT28.' This time, researchers perform a deep dive on capabilities found in an APT28 sample that reveals a backdoor capability...

Botnet TrickBot Modifications Target U.S. Mobile Users (Secureworks) The long-running botnet TickBot added functionality to solicit PIN codes from mobile customers, which could allow threat actors to access victims’ voice and text communications.

New TrickBot Variant Targets Verizon, T-Mobile, and Sprint Users (BleepingComputer) A new Trickbot Trojan variant was spotted while focusing on stealing PIN codes from Verizon Wireless, T-Mobile, and Sprint users, marking a new step in this malware's development.

TrickBot, today's top trojan, adds feature to aid SIM swapping attacks (ZDNet) TrickBot trojan seen collecting credentials and PIN codes for Sprint, T-Mobile, and Verizon Wireless accounts.

Ransomware Trains Its Sights on Cloud Providers (Dark Reading) Ransomware writers are now targeting cloud service providers with network file encryption attacks as a way to hold hostage the maximum number of customers that they can, notes Chris Morales, head of security analytics for Vectra. He also discusses Vectra's new ransomware report, which offers tips for protecting against virtual hostage taking.

iovation Prepares for U.S. Online Gambling Fraud and Legal Complications With Rush to Onboard Players | Press Release (iovation) With American football season beginning and more states legalizing online gambling, TransUnion company anticipates challenges with bonus abuse, fraud, self-exclusion and underage gambling that it’s seen in Europe for decades.

Magecart Shops for Victims as E-Commerce Market Grows (Dark Reading) In 2.5 hours of research, one security expert uncovered more than 80 actively compromised ecommerce websites.

Research Reveals eCommerce Retailers Experiencing Active Security Leaks Heading into Holiday Shopping Season (PR Newswire) Arxan Technologies, the trusted provider of application protection solutions, is calling on eCommerce retailers to...

Cisco UCS Vulnerabilities Allow Complete Takeover of Affected Systems (SecurityWeek) A researcher has disclosed details and created Metasploit modules for Cisco UCS vulnerabilities that can be exploited to take complete control of affected systems.

Video, reports of machines automatically changing votes in Mississippi GOP Governor runoff (USA TODAY) There have been at least three instances of voting machines changing a voter's selection to a different candidate in the state's runoff for governor.

Ransomware attacks on cities are rising (Techxplore) A ransomware campaign that targeted 23 US cities across Texas has raised serious concerns about the vulnerability of local governments and public services to cyber-attacks.

City approves $5M more for ongoing cyberattack remediation (Baltimore Business Journal) Members of the city's spending panel also voted to delay to purchase of cyber insurance for two weeks. Mayor Young said he hasn't "the slightest idea" why the city didn't already have this kind of insurance in place before.

BOE Delays Purchase Of Cyber Attack Insurance, Approves $6.2M To Pay For Agencies Affected By Attack (WJZ 3 CBS Baltimore) A vote will be scheduled in a couple of weeks, as more people in city government say they need to be briefed on it.

Cyber attack affects Wolcott Public Schools (WFSB) A cyber attack hit Wolcott Public Schools causing the district’s files and information to become encrypted before summer started.

Cyber criminals hacking remote-controlled medical devices could kill patients, conference hears (Fin24) Hackers could potentially kill patients wearing remote-controlled pacemakers or insulin pump devices, warns the executive officer of the SA Medical Technology Industry Association.

Security Patches, Mitigations, and Software Updates

Google patches high-severity Chrome browser engine security flaw (Computing) The flaw could enable attackers to carry out remote code-execution or denial-of-service attacks

Emergency iOS patch fixes jailbreaking flaw for second time (Naked Security) With iOS 13 nearing release, Apple users perhaps thought they were done with iOS 12 updates for good. If so, they were wrong.

Cisco critical-flaw warning: These two bugs in our data-center gear need patching now (ZDNet) Cisco is warning enterprise admins to install security updates for two critical flaws.

DLL Hijacking Flaw Patched in Check Point Endpoint Security (SecurityWeek) After disclosing DLL hijacking flaws in software from Bitdefender and Trend Micro, SafeBreach researchers reported finding a similar vulnerability in Check Point Endpoint Security.

Microsoft removes August patch block on Win7/2008R2 systems running Norton, Symantec AV (Computerworld) Symantec and Microsoft have come to an agreement about Symantec/Norton AV problems with the August Win7 and Server 2008 R2 patches. The block is gone, but questions remain. Nothing has changed, so why was it blocked in the first place?

Android 10 coming soon, with important privacy upgrades (Naked Security) It’s semi-official: Android 10 (née Q), the next version of the Android operating system, could start shipping 3 September.

Cyber Trends

New Research from CriticalStart Finds that 8 out of 10 Security Analysts Report Annual Security Operation Center Turnover is Reaching 10% to More than 50% (CriticalStart) Data shows the number of alerts is up, longer times to investigate and high false-positive rates

Cost of data breaches to surpass $5 trillion in 2024 (Help Net Security) A new report from Juniper Research found that the cost of data breaches will rise from $3 trillion each year to over $5 trillion in 2024, an average

Business Losses to Cybercrime Data Breaches to Exceed $5 trillion by 2024 (BusinessWire) Juniper Research found that the cost of data breaches will rise from $3 trillion each year to over $5 trillion in 2024

The Future of Cybercrime & Security Research Report (Juniper Research) The Future of Cybercrime & Security research report examines the state of cybersecurity legislation, key player strategies and overall trends

The Extortion Economy: How Insurance Companies Are Fueling a Rise in Ransomware Attacks (ProPublica) Even when public agencies and companies hit by ransomware could recover their files on their own, insurers prefer to pay the ransom. Why? The attacks are good for business.

Apple co-founder joins calls to break up Big Tech — including Apple itself (Silicon Valley Business Journal) Wozniak acknowledged the idea that large tech companies tend to abuse monopolies.

1 in 4 employees would steal company information to secure their next job - Help Net Security (Help Net Security) Watch out for insider data theft. Nearly one in four security pros said they would take company information to help apply for a position at a competitor.

Black Hat 2019: Bounties, Breaches and Deepfakes, Oh My! (SecurityWeek) When Black Hat first began 22 years ago, it was intended to be a place where hackers and cybersecurity professionals alike could get together and share ideas or demonstrate vulnerabilities.

Marketplace

Elastic buys endpoint security firm Endgame for $234 million (ZDNet) Going forward, the plan is to combine Endgame's endpoint product with Elastic's search technology.

VMware COO Sanjay Poonen on the acquisition of Carbon Black and plans to transform security (SiliconANGLE) The acquisition of Carbon Black by VMware Inc., announced last week, did not come cheap. The price tag was $2.1 billion, but one of VMware’s top executives feel strongly that the company got its money’s worth in the deal.

Opinion | Dear Tech Workers, U.S. Service Members Need Your Help (New York Times) You have the power to help your fellow Americans survive on the battlefield and carry out military missions without harming civilians.

After blacklisting, U.S. receives 130-plus license requests to sell to Huawei: sources (Reuters) The U.S. Commerce Department has received more than 130 applications from compan...

New Huawei phones can't use Android, report says (CNET) Google has reportedly said the temporary licenses don't apply to new Huawei products.

Startup Foundry DataTribe Announces Second-Annual Cybersecurity Startup Challenge (PRWeb) DataTribe, a global cyber foundry that invests in and co-builds next-generation cybersecurity and data science companies with nation-state experienced technical

18 Cyber Security Startups to Watch in 2019 (eSecurity Planet) Here are 18 hot IT security startups addressing everything from IoT security and blockchain to artificial intelligence and machine learning.

Lockheed is Assisting with the Navy's Radiant Mercury Data Transfer Effort (SIGNAL Magazine) Lockheed Martin Corp. Rotary and Mission Systems, Littleton, Colorado, is awarded an estimated $44,308,222 indefinite-delivery/indefinite-quantity hybrid contract with cost-plus-fixed-fee and firm-fixed-price contract line item numbers.

An Undeterred Facebook Plans A Bug Bounty in Association with HackerOne (Inside Bitcoins) Facebook in collaboration with Hackerone has announced a bug bounty program. Despite the growing regulatory concern about Libra, the social network seems unphased and undeterred by criticism. It is continuing to develop Libra.

Bricata and Atlantic Data Forensics Formalize Strategic Partnership (Bricata) Two Howard County, Maryland Cybersecurity Businesses Form Strategic Partnership

“5 Things I Wish Someone Told Me Before I Became the CEO of vArmour”, With Tim Eades (Thrive Global) Raising money: Always raise more than you think (by 25–30%) you will need and assume it will take a few months longer than you think to raise a certain round. When it comes to your funding, you always want to err on the side of caution and be as conservative in your predictions as possible […]

Exclusive Networks: Vanessa Delrieu Appointed Vice President of Finance and Operations North America (EIN News) Vanessa leads the financial management and operations aspects of Exclusive Networks North America’s, encompassing operations, finance, accounting and budgeting.

Products, Services, and Solutions

Protecting Ever More Inboxes With a 99.99% Inbox Protection Rate in Q2 2019 (SendGrid) Learn about SendGrid's inbox protection rate and how it helps keep spam email out and wanted email in the inbox.

Introducing Instart Zero Trust Access (Instart) Instart announces its zero trust solution to provide the enterprise with an easier, yet more secure, solution for providing end users access to their applications.

Splunk Results Exporter Integration (Opsview) The Splunk Results Exporter is a toolkit for extracting, filtering, reformatting, and exporting events from Opsview Monitor's event bus.

ITS Partners With Radiflow to Add OT Cybersecurity Services for its Process Manufacturing Customers in the UK (PR Newswire) Radiflow, a leading provider of industrial cybersecurity solutions for industrial...

Combating TRISIS with the MITRE ATT&CK Framework (ThreatQuotient) MITRE ATT&CK dives deep into adversaries’ actions so security analysts can use that information to their advantage. It is a huge step forward in creating a knowledgebase of adversaries and associated tactics, techniques and procedures (TTPs) so you can start your threat hunt at the actor level.

Coalfire Named as Launch Partner Under AWS Authority to Operate Program (ExecutiveBiz) Amazon Web Services has included Coalfire to its list of launch partners under the Authority to Operate program.

Siemens releases new hosting platform addressing cybersecurity challenges (Hydrocarbon Engineering) Siemens has announced the release of a new industrial application hosting platform aiming to address complex cybersecurity threats.

Technologies, Techniques, and Standards

Opinion: Why 5G will make cybersecurity so much more difficult (The Globe and Mail) There is little doubt that fifth generation networks are about to transform the world. Whether that transformation is for the better will depend on rethinking not only these networks, but also the methods we use to keep them safe, David Masson writes

Ready or Not, Here Comes FIDO: How to Prepare for Success (SecurityWeek) A phased rollout of FIDO-certified authenticators and FIDO-enabled applications, along with training for both users and help desk personnel, can help ensure a positive experience and transition

What the education industry must do to protect itself from cyber attacks (Help Net Security) Hackers are becoming more sophisticated in their attacks, and they are increasingly viewing schools and higher education institutions as easy targets.

Design and Innovation

Army wants a more secure dev environment for cyber tools (Fifth Domain) The Army is beginning to work with the Pentagon on Unified Platform.

Facebook updates political ad rules with eyes on '20 election (Seeking Alpha) Facebook (FB -1.1%) is continuing to get ready for the 2020 U.S. election with new rules for political advertising.

Updates to Ads About Social Issues, Elections or Politics in the US (Facebook Newsroom) We’re sharing additional steps we’re taking to protect elections and prepare for the US 2020 election.

Apple is turning Siri audio clip review off by default and bringing it in house (TechCrunch) The top line news is that Apple is making changes to the way that Siri audio review, or “grading,” works across all of its devices. First, it is making audio review an explicitly opt-in process in an upcoming software update. This will be applicable for every current and future user of …

Apple to stop storing Siri recordings without permission after privacy backlash (The Telegraph) Apple will stop storing audio recordings of what users say to Siri unless they explicitly opt in, following a privacy backlash against the widespread practice of humans listening to users' voice clips without their knowledge.

Academia

Every Computer Science Degree Should Require a Course in Cybersecurity (Harvard Business Review) Just one of the top 24 U.S. undergraduate programs does.

New master's in computer information systems approved for Northwestern State (KALB) A Master’s of Science in Computer Information Systems at Northwestern State University has been approved by the State Board of Regents.

Durham College announces new Certified Threat Intelligence Analyst training program (EC-Council Official Blog) Durham College (DC) is pleased to announce that its Hub for Applied Research in Artificial Intelligence for Business Solutions (the AI Hub) and the School of Continuing Education will be delivering the first Canadian training session of the Certified Threat Intelligence Analyst (CTIA) course.

SMCC Cyber Security program earns national award (Press Herald) The program, which has had a steady increase in enrollment, and can lead to a variety of employment opportunities for graduates.

The UTSA Academy of Distinguished Researchers inducts three faculty members (UTSA Today) The UTSA Academy of Distinguished Researchers (ADR) has selected three senior faculty members for induction this calendar year.

Legislation, Policy and Regulation

Australia Tries to Curb Foreign Interference at Universities (SecurityWeek) Australia has formed a task force that includes a cybersecurity working group to crack down on attempts by foreign governments to meddle in Australian universities.

Real China threat isn't trade. It's national security and intellectual property theft. (USA TODAY) Trump's trade war and tariffs are costly and misguided. His top priorities when it comes to China should be IP theft, security, North Korea and Iran.

Scrapped intelligence pact draws United States into deepening South Korea-Japan dispute (Reuters) South Korea's decision to scrap a military intelligence-sharing pact with J...

Trump’s National Security Advisor to Visit Belarus (Foreign Policy) The highest-level trip this century will likely anger the Kremlin, even as the U.S. president tries to bring Russia back into the G-7.

DHS questions vulnerability disclosure program (Fedscoop) The Department of Homeland Security plans to collect information on security vulnerabilities in its information systems and wants to know if its methods are sound.

Agency Information Collection Activities: Vulnerability Discovery Program (Federal Register) The Department of Homeland Security, Office of the Chief Information Security Officer, will submit the following Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995.

Litigation, Investigation, and Enforcement

Avast, French Police Remove Retadup Malware From 850,000 PCs (SecurityWeek) Avast and French police have cleaned up 850,000 computers infected with Retadup malware after taking control of its C&C server.

Malware Operation Making Millions Defeated by Design Flaw (BleepingComputer) The reign of Retadup botnet over more than 850,000 systems has reached an end as its command and control server (C2) was taken down by security researchers from antivirus maker Avast working with the French National Gendarmerie.

Putting an end to Retadup: A malicious worm that infected hundreds of thousands (Avast Threat Labs) Retadup is a malicious worm affecting Windows machines throughout Latin America. Its objective is to achieve persistence on its victims’ computers, to spread itself far and wide and to install additional malware payloads on infected machines. In the vast majority of cases, the installed payload is a piece of malware mining cryptocurrency on the malware …

Microsoft’s lead EU data watchdog is looking into fresh Windows 10 privacy concerns (TechCrunch) The Dutch data protection agency has asked Microsoft’s lead privacy regulator in Europe to investigate ongoing concerns it has attached to how Windows 10 gathers user data. Back in 2017 the privacy watchdog found Microsoft’s platform to be in breach of local privacy laws on account of h…

Facebook Gets German Data Probe Into Voice Transcriptions (Bloomberg) Social network is facing intense regulatory scrutiny in Europe. Speech recognition forms new front for tech privacy probes.

Notes on the US-Iranian cyberwar. TrickBot's evolution. Inconspicuous Fancy Bear. Les Gendarmes attrapent un ver.

Bring your own context.

And Labor Day is Monday.