The CyberWire Daily Briefing 1.24.19

Summary

By the CyberWire staff

It’s now believed, CyberScoop reports, that six US Federal civilian agencies have been affected by the DNS-hijacking campaign that prompted the Department of Homeland Security to issue Emergency Directive 19-01 this week. Representative James Langevin (Democrat of Rhode Island) has asked the Department to brief the House Homeland Security Committee on the matter. Private security firms, FireEye prominent among them, have said they see signs of Iranian sponsorship of recent DNS-hijacking campaigns.

BuzzFeed reports that the Integrity Initiative, a project of the Institute for Statecraft (a British think tank) has apparently been hacked, with stolen material appearing in Russian outlets Sputnik and RT, framed in stories alleging the Initiative's role in fomenting anti-Russian sentiment. The Integrity Initiative has devoted considerable attention to exposing Russian information operations. The UK's National Cyber Security Centre and others are examining the Initiative's servers and its employees' devices for evidence of compromise. Suspicion, on grounds of motive and a priori probability, has turned toward Moscow, but the investigation is still young, and the Integrity Initiative has taken its content offline until further notice.

Researcher Bob Diachenko has provided details on the exposure of more than 24 million financial and banking documents in an unsecured Elastisearch database. The documents, mostly pertaining to loans and mortgages from large US banks, were exposed, TechCrunch says, by a third-party document management vendor widely used by the financial industry.

More governments express official skepticism of Huawei as a potential security threat, with recent animadversions from France, the UK, and Taiwan.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting China, European Union, France, India, Japan, New Zealand, Taiwan, Russia, United Kingdom, and United States.

FedRAMP-ready in less than six months.

It usually takes a year to get FedRAMP assessment-ready. But this can be cut in half--just six months to confident readiness. Learn how cybersecurity leader Coalfire helped Innovest prepare for its FedRAMP assessment through Security Automation and Orchestration (SAO). Innovest's CSO, Erick Lindley, said, “Coalfire helped us fast-track our path to FedRAMP compliance and save between six and twelve months of work we would have had to do ourselves.” Find out how.

On the Podcast

In today's podcast, out later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses a 4th Amendment personal privacy case out of Alaska. Our guest is Kathleen Smith from CybersecJobs.com and ClearedJobs.net, and she talks up the career benefits of volunteering.

Sponsored Events

State of the Phish Webinar (Online, January 30, 2019) Phishing is the number one attack vector. Wombat's State of the Phish Report provides the data-driven intelligence your team needs to manage end-user risk effectively within your organization. In this report, the focus mirrors that of cyber attackers: people. Register for their webinar and learn more.

DreamPort Event: The Red Hat Ansible Tower Workshop (Columbia, Maryland, United States, February 7, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM is hosting the Red Hat Ansible Tower Workshop. This workshop will enable you to create playbooks, while building in security. Automation features will save time, empower junior staff, offload senior staff and automate your most tedious tasks!

CYBERTACOS RSA (San Francisco, California, United States, March 4, 2019) Join us for ALL YOU CAN EAT FREE TACOS! What better way to start your week at RSA? On Monday, March 4, CYBERTACOS is coming back to San Francisco as part of RSA. Join us from 7:00-10:00pm for networking, food and drinks.

5th Annual Cyber Security Conference for Executives (Baltimore, Maryland, United States, March 13, 2019) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Wednesday, March 13th, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. Register today!

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Six US government agencies targeted in DNS hijacking attacks (Computing) US Department of Homeland Security emergency order issued in response to claims of Iranian DNS hijacking attacks,

Rep. Langevin: We need a DHS briefing to understand extent of DNS hijacking threat - CyberScoop (CyberScoop) A key House Democrat wants the Department of Homeland Security to brief lawmakers “as soon as possible” on a new domain name system hacking threat to federal computer networks, and the emergency order the department issued in response.

‘Nearly all’ American networks will be susceptible to cyberattacks (Fifth Domain) “Nearly all information, communication networks, and systems will be at risk for years to come,” according to the 2019 national intelligence strategy.

It Looks Like Russian Hackers Are Still At It In 2019 (BuzzFeed News) A British think tank that counters Russian information operations has been hacked — and Russian media outlets are all over the leaked material.

Securonix Threat Research: Detecting Persistent Cloud Infrastructure/Hadoop/YARN Attacks Using Security Analytics: Moanacroner, XBash, and Others - Securonix (Securonix) In recent months, we have been observing an increase in the number of automated attacks targeting exposed cloud infrastructure/Hadoop/YARN instances. Some of the attacks we have been seeing – for…

Millions of bank loan and mortgage documents have leaked online (TechCrunch) A trove of more than 24 million financial and banking documents, representing tens of thousands of loans and mortgages from some of the biggest banks in the U.S., has been found online after a server security lapse. The server, running an Elasticsearch database, had more than a decade’s worth…

Code Execution Vulnerability Impacts Linux Package Manager (SecurityWeek) A remote code execution vulnerability (CVE-2019-3462) was recently discovered in APT, the high level package manager used in many Linux distributions.

The politics of ‘Have I Been Pwned’ (CSO Online) Data breaches are not created equal. Business leaders and security managers must beware the dangers of FUD and hype created around notification of old breaches.

PewDiePie-spammers and whale-flingers exploit hole in Atlas game (Naked Security) Last week hackers allegedly compromised an admin’s Steam account and used it to spawn planes, tanks, and whales in Atlas.

Fortnite's Vulnerability: Only the Secure Survive | Check Point Software Blog (Check Point Software Blog) Check Point discovered security vulnerabilities in Fortnite's login process that could have allowed a threat actor to take over the account of any user, view their personal account information, purchase virtual in-game currency and eavesdrop on in-game chatter as well as home conversations.

Hijacked Nest cam broadcasts bogus warning about incoming missiles (Naked Security) A hacked Nest camera broadcast the fake warning about incoming North Korean missiles, sending a family into “five minutes of sheer terror.”

Hackers yell, curse at family after accessing security camera account, couple says (Q13 FOX News) AUBURN, Wash. -- If you have security cameras connected to the internet inside your home, you’re going to want to play close attention to this story. A local family says someone hacked their account and watched them for weeks inside their home; even yelling and cursing at their children. They only moved in three months ago, but Abby Laguidao and Conrado Casallo say they’re uncomfortable inside their Auburn home. The family installed security cameras, which are connected to the internet and, they say that’s when they started hearing things.

Security Patches, Mitigations, and Software Updates

Apple Patches Dozens of Vulnerabilities in iOS, macOS (SecurityWeek) Apple has released new updates for iOS (12.1.3) and macOS (10.14.3) to address tens of security vulnerabilities and other bugs in the two platforms.

Cyber Trends

2019 State of the Phish (Proofpoint) Our 2019 State of the Phish Report provides the latest data and analysis on phishing attacks, ransomware and end-user risk management.

Microsoft remains the most impersonated brand, Netflix phishing spikes (Help Net Security) Although Microsoft remains the most impersonated brand, Netflix saw an incredible surge, making it the second most impersonated brand in Q4 2018.

Cyberattacks fueled by geopolitical tension are increasing (Help Net Security) Cyberattacks fueled by geopolitical tension are increasing. Carbon Black has discovered how clever attackers have become in evolving to remain undetected.

Security Concerns are Preventing Cloud and SaaS Adoption According to Latest Ping Identity Survey (Ping Identity) Three-Quarters of IT and Security Professionals Say at Least a Portion of Their IT Infrastructure is Hybrid; Only One-Fifth Say Majority is Hosted in the Public Cloud

Healthcare Cyberattacks Cost $1.4 Million on Average in Recovery (HealthITSecurity) Healthcare organizations spend about $1.4 million on average to recover from a cyberattack, which is directly tied to damage to reputation, a loss of productivity, and service disruption.

Healthcare Cybersecurity in a Future of Connected Medical Devices (Security Intelligence) What can health care companies do to mitigate the risks inherent in the future of health care cybersecurity?

Black hats are great for language diversity, says Eugene Kaspersky (Register) Also reckons Russian hackers go quiet over the Christmas holidays

Cyber Security in 2019 – Positive Developments or More of the Same? (TechNative) As 2019 commences, computer security starts off the new year at pretty much where it left off in 2018 – the talk about the need for improved security in industrial control systems, the supply chain, risks of insider threats, state espionage, increasing cyber crime, and the expanded attack surface that the Internet of Things provides Internet governance, cyber norms of state behavior, and state involvement in election meddling continue to cast a long shadow over cyber security, and if statistics provide a barometer of where we're at, fairly straight forward security considerations such as better passwords, patch management, user education and security awareness (spear phishing, anyone?) remain a challenge.

Marketplace

Let us into 5G and we could pay millions for NZ cyber lab, says Huawei (Stuff) Chinese giant could pay 'millions' for NZ experts to vet its gear, but GCSB responds coolly.

How Huawei Wooed Europe With Sponsorships, Investments and Promises (New York Times) As the Chinese telecommunications giant faces scrutiny over its security, its careful cultivation of European governments and customers is at risk of unraveling.

Humio Secures $9M Series A Led By Accel To Accelerate Expansion Of Logging Platform For Live Observability (PR Newswire) Humio, the only solution enabling live observability through fast, efficient and easily scalable log...

Adjust Announces Acquisition of Cyber Security and AI Company Unbotify (PR Newswire) Behavioral Biometrics Bot Detection Functionality to Help Marketers Combat Advertising and In-App...

FRANCE : Thales/Ercom deal heralds further concentration in French cyber sector (Intelligence Online) Thales impending takeover of Ercom is forcing other interception and cyberintelligence firms to find new strategies.

Healthcare Specific MSP Medicus IT Acquires Phoenix Based ISDesign (PR Newswire) Atlanta based Medicus IT and Phoenix based Information Strategy Design (ISD) joined forces January 17th, 2019. By...

Jonathan Aberman: We're not Silicon Valley. We should stop using its entrepreneurship model. (Washington Business Journal) Our region’s prevailing view of entrepreneurship discourages many who have entrepreneurial personalities and reduces our economic potential. We need to chart a new course.

nCipher Security delivers trust, integrity and control to business critical information and applications | nCipher Security (nCipher) Newly formed organization preserves competition and ensures continued innovation in general purpose HSM market nCipher Security, the provider of trust, integrity and control for business critical information and applications, officially launched today creating a new leader in the general purpose hardware security module (HSM) marketplace.

This Indian cybersecurity startup wants to repeat its winning strategy abroad (Techcircle) Saket Modi was always interested in knowing how technologies are created and how they can be broken.

Fortinet’s Ken Xie to Lead World Economic Forum Centre for Cybersecurity Cyber Workforce Session at Upcoming Annual Meeting (AP NEWS) Ken Xie, Founder, Chairman of the Board, and CEO, Fortinet“We are proud to have been the first cybersecurity company named a founding partner of the World Economic Forum Centre for Cybersecurity. As a member of the Advisory Board, I look forward to the opportunity to collaborate with global leaders from the private and public sectors on our shared commitment to collectively respond to the growing global cybersecurity threat. The continued collaboration and effort also advances Fortinet’s mission to secure the largest enterprise, service provider, and government organizations in the world.”

JP Morgan Portfolio Company Partners With Blockchain Startup Run By Former Deloitte Boss (Forbes) Former Deloitte boss turned Citizens Reserve head, Eric Piscini, confirmed a partnership with Smartrac, a JP Morgan portfolio company dealing in the product digitization space. Citizens Reserve will use its blockchain-powered SUKU supply chain platform to integrate with Smartrac.

Anthony E. Zeruto Named New President & CEO of Network Designs, Inc. (NDi) (PR Newswire) Network Designs, Inc. (NDi) announced today that Anthony E. Zeruto (Col, U.S. Army, RET) is its new President and...

Attivo Networks names Chris Roberts as chief security strategist (Help Net Security) Roberts will develop and define strategy and processes for the company’s customers on issues related to cybersecurity strategy, and incident response.

Longtime federal contracting exec tapped by Applied Insight to be CEO (Washington Business Journal) He held top posts with TASC Inc. and Engility Holdings and will now helm the pursuit of building a leading mid-market government contractor operating at a challenging nexus.

Radiflow Adds Michael Langer as Chief Product Officer (LivePR) New executive to lead expansion of company’s industrial cybersecurity portfolio

Products, Services, and Solutions

Check Point Launches Maestro, the Industry’s First Hyperscale Network Security Solution, and New Ultra-Scalable Gateways | Check Point Software (Check Point Software) Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, has today introduced Check Point Maestro, the industry’s first truly hyperscale network security solution. Check Point Maestro is a revolutionary new architecture that enables businesses of any size to enjoy the power of flexible cloud-level security platforms, and to seamlessly …

DFLabs Community Development Incentive Program Extends Open Approach to Security Orchestration and Automation (BusinessWire) CDI Program supports the sharing of innovations for the DFLabs IncMan SOAR platform, and extends company's open approach to security integration.

Authenticator -- First Two-Factor Authentication (2FA) Solution With One-Step New Phone Account Recovery (PR Newswire) Rivetz, a leader in embedded, decentralized cybersecurity for mobile, today announced the launch of its...

Nucleus Cyber Partners with Namtek to Grow Presence in Federal Government (Nucleus Cyber) Facebook Twitter LinkedIn Namtek to distribute the NC Protect™ AI-driven data security solution to the US Government through federal contracts and partners BOSTON – Jan. 24, 2019 – Nucleus Cyber, the AI-driven data security company for the intelligent workplace, today announced a partnership with Namtek to distribute its NC Protect™ solution for AI-driven data …

NTT DATA Corporation Chooses Exabeam’s SIEM Solution to Strengthen its Global Cyber Defense Posture (BusinessWire) Exabeam, the next-gen SIEM company, today announced that NTT DATA Corporation (NTT DATA), its partner and one of the world’s leading providers of tech

Cohesity backup solution prevents, detects, and responds to ransomware attacks (Help Net Security) Cohesity Anti-Ransomware Solution offers the set of capabilities with a multi-layered approach that can prevent, detect, and respond to attacks.

ThrottleNet’s new managed IT+Security services deliver business continuity (Help Net Security) ThrottleNet’s IT+Security protects against data loss and security threats such as hacking, ransomware and phishing attacks.

What's a Pop-Up SOC, and Who Needs One? (Security Boulevard) A pop-up SOC is essentially a temporary time- or event-based security operations center with a number of benefits in multiple environments.

CrowdStrike Falcon Available to Government Entities Nationwide Through California Software Licensing Program PLUS (BusinessWire) CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced that it is now available for purchase through the California Sof

PrivacyCheq's Privacy Facts Interactive Solves Tech Industry's "Transparency" Problem (PR Newswire) Today, PrivacyCheq announced the immediate availability of Privacy Facts Interactive (PFIN), its new privacy notice...

Securitec Launches Integrated Continuous Monitoring Service for CRAs & Risk Alerting Firms (PR Newswire) Securitec Screening Solutions, the background screening industry's leading 100% wholesale Court Data as a Service...

Technologies, Techniques, and Standards

Inside Google’s Team Fighting to Keep Your Data Safe From Hackers (Wall Street Journal) Google’s 27-person Threat Analysis Group, staffed in part by former government agents, leverages access to Gmail and other Google products to fend off attempts to intrude into the company’s vast data store.

Crypto-Assets and Blockchain Technology (Marsh & McLennan | FireEye | Circle) It has been 10 years since the world was introduced to bitcoin and its underlying blockchain technology. Bitcoin has become a household name and has spawned hundreds of other crypto-assets. At its peak in January 2018, the total market cap of crypto-assets equaled one-tenth of the value of all the gold in the world.

Configuring Your iPhone for Maximum Internet Privacy and Security: Web Browsing (Better Humans) How to protect your web browsing from privacy invasions and the surveillance state

M&E Journal: How Threat Intelligence Enables Cybersecurity (M&E Daily) “Offense informs defense” has been a driving security tenet for a long time and nothing epitomizes this more than threat intelligence.

The Devil You Know - How Idioms Can Relate to Information Security (SecurityWeek) In security, it’s important to know when to stay with what’s comfortable and familiar, and when it’s time to see what else is out there that awaits us.

Georgia official seeks to replace criticized voting machines (AP NEWS) Georgia's new elections chief asked lawmakers Wednesday for $150 million to replace the state's outdated electronic voting machines. In doing so, he all but closed the door on a hand-marked paper balloting system that experts say is cheapest and most secure. Secretary of State Brad Raffensperger told Georgia legislators meeting for budget hearings that a new voting system is his top priority. Cybersecurity experts and voting integrity activists say the touch-screen machines Georgia has used since 2002 are vulnerable to hacking and can't be audited effectively because they produce no verifiable paper record.

Analysis | The Cybersecurity 202: Congress is finally embracing bug bounties. Will it backfire? (Washington Post) Some departments can't yet support ethical hacking contests, one expert warns

Research and Development

Center for Long-Term Cybersecurity Announces 2019 Research Grantees (CLTC) The UC Berkeley Center for Long-Term Cybersecurity (CLTC) is proud to announce the recipients of our 2019 research grants. In total, 30 different groups of researchers will share a total of roughly $1.3 million in funding to support a broad range of initiatives related to cybersecurity and digital security issues...

Legislation, Policy and Regulation

French diplomat: Spies gonna spy – there aren't any magical cyberspace laws that can prevent it (Register) Pragmatic chap looks at reality of international relations

EU-Japan Deal to Protect Data Exchanges Takes Effect (SecurityWeek) The European Union and Japan launched the "world's largest areas of safe data flows" after finalizing common rules to protect personal information, the EU said.

France aware of Huawei risks, will act when times comes - minister (Reuters) France is aware of the risks of China's Huawei Technologies access to next-...

Taiwan preps China blacklist banning Huawei and ZTE (Nikkei Asian Review) No Chinese smartphones for government employees, cybersecurity chief says

Digital Secretary Jeremy Wright: 'Cause to be cautious' over Huawei's role in Britain's 5G network (The Telegraph) Jeremy Wright has kept a decidedly low profile since taking the helm at the Department for Digital, Culture, Media and Sport last July.

UK telcos under pressure to review Huawei 5G deals after defence secretary airs ‘grave concerns’ (The Telegraph) Some of Britain's largest mobile providers are facing growing pressure to review their links with Huawei after the UK defence secretary voiced "grave concerns" over use of the controversial Chinese company's equipment in the roll-out of 5G telecom networks across the UK, amid espionage fears.

The next big fight is on (Tribuneindia News Service) In the ongoing tussle between the US and China over trade and technology, Huawei occupies a special place.

Detecting Ghosts By Reverse Engineering: Who Ya Gonna Call? (Lawfare) GCHQ’s proposal to allow governments to eavesdrop on encrypted communications with a warrant is a backdoor by another name.

Air Force moves ahead with headquarters-level merger of intel, IT functions (Federal News Network) The Air Force will merge the three-star positions that oversee intelligence and IT into a single position, known as the A2/A6. Lt. Gen. Dash Jamieson is expected to lead the new organization.

Army Cyber To Become Information Warfare Operations Command By 2028 - Defense Daily (Defense Daily) Army Cyber Command (ARCYBER) is likely to be renamed Information Warfare Operations Command by 2028 as the unit looks to expand its capability portfolio to

Litigation, Investigation, and Enforcement

Cyber expert's EVM hacking claims a 'hacking horror show' by Congress: BJP - Times of India (The Times of India) India News: NEW DELHI: Rejecting an India cyber expert's claim that the 2014 general election was rigged, the BJP Monday described this explosive allegation as a .

Who allowed FISA surveillance abuse? New attorney general must find out (TheHill) The FBI likely surveilled many others beyond Carter Page in bypassing controls for its Trump-Russia collusion investigation.

Julian Assange launches legal challenge against Trump administration (the Guardian) WikiLeaks founder’s lawyers file urgent application in attempt to prevent extradition to US

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Zero Trust Technology Showcase (Columbia, Maryland, USA, January 28, 2019) Register for the Zero Trust Technology Showcase. The working group, mainly consisting of US Government employees, will be organized into four teams to include teams exploring data, networking, analytics and Microsoft solutions. Each team is looking to leverage novel and proven technologies, processes, applications, etc. into a network prototype that incorporates a zero trust environment. This pilot network must be resilient, scalable, easy-to-use, defendable, manageable, multi-purpose and secure by design. The Zero Trust Technology Showcase will be held on January 28, 2019 from 9am – 3pm at the DreamPort facility in Columbia, MD. Food and drink are provided. There is no charge for this event.

2019 Innovator's Showcase (McLean, Virginia, USA, May 2, 2019) The Intelligence and National Security Alliance (INSA) will showcase IR&D projects with national security applications at its 2019 Innovators’ Showcase. Held in partnership with the Office of the Director of National Intelligence, this event exposes key S&T and procurement officials from across the DOD and IC to bleeding-edge innovations from industry and academia. Among the areas of interest is Information Security and Assurance (especially encryption. innovations in cryptographic science capable of being deployed in both offensive and defensive mission capacities) and Persona and Identity Management (including work on social media for protecting or removing anonymity utilizing social media, internet-connected data stores, and other assets associated with life in a fully digital world, and ephemeris identity telemetry. including identifying characteristics such as biometrics, geolocation, digital signatures, and geo-environmental association..

upcoming Events

Cyber USA (College Park, Maryland, USA, January 24, 2019) CyberUSA is a collaboration of states focused on a common mission purpose of enabling innovation, education, workforce development, enhanced cyber readiness and resilience - all while connecting the cyber ecosystem of the United States and its Allies. This non-profit "community of communities" is governed by its members, established to enhance information sharing between states and improve cyber resilience at all levels of participation - local, regional, and national. CyberUSA provides a communication framework, a national summit and cyber related resources to communities across the United States. This annual gathering of state delegations and federal stakeholders will explore programs to improve and enhance cyber resilience, collaboration, threat intelligence, information sharing, workforce development, marketplace opportunities, and risk management.

CPX Americas 360 2019 (Las Vegas, Nevada, USA, February 4 - 6, 2019) CPX 360 promises to be the premier cyber security summit. CPX 360 is where you’ll receive up-to-the-minute intelligence about global threats and other vital topics from the world’s leading cyber security experts. In addition, you’ll enjoy getting hands on with cutting-edge security solutions from Check Point, networking with your peers, and celebrating with the world’s cyber security elite. If you attend one cyber security event this year, make it CPX 360.

QuBit Conference Belgrade 2019 (Belgrade, Romania, February 7, 2019) QuBit is a Cybersecurity Community Event connecting the East and West. We create a unique way to meet the best and the brightest minds in the information security fields across multiple industries, and all carrier levels. We are collecting great feedbacks on past conferences so we would be glad to cooperate with you, too. QuBit Conference consists of one day (2 in Prague) full of educational presentations, keynotes, case studies and interactive panel discussions in QuBit way - community spirit and tons of great networking opportunities. Not to mention popular pre-conference hands on training held a day before conference.

NITSIG Meeting: Insider Threat Detection & Mitigation Using External Data Sources (Laurel, Maryland, USA, February 12, 2019) Gathering and analyzing Internal data sources is very important for Insider Threat Detection. Equally important is knowing what External data sources are also available to create the "Big Picture" of potential / actual Insider Threats. This meeting will focus on the many External data sources that are available from various companies, for organizations and businesses that want to be proactive in "Employee Threat Identification". This meeting will also provide insight into the possibility that your company's data may be "For Sale" on the Dark Web, and how to locate it.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

US House wants DHS briefing on DNS campaign. Integrity Initiative hacked? Exposed Elastisearch DB. More Huawei skepticism.