The CyberWire Daily Briefing, 9.16.19

Cyber Attacks, Threats, and Vulnerabilities

Report: Ecuadorian Breach Reveals Sensitive Personal Data (vpnMentor) vpnMentor’s research team has found a large data breach that may impact millions of individuals in Ecuador. The leaked database includes over 20 million ...

China reportedly behind cyber-attack on Australian parliament and political parties (SBS News) A number of sources have told Reuters that Australian intelligence determined China was responsible for a cyber-attack on federal parliament.

New study hints at the potential motives behind the 2016 blackout in Ukraine (Neowin) A paper released by the cybersecurity firm Dragos theorizes that the Russian hackers exploited a key safety component thereby endangering the lives of the people present on the transmission station.

New clues show how Russia’s grid hackers aimed for physical destruction (Ars Technica) 2016 Russian cyberattack on Ukraine intended to cause far more damage than it did.

Troll factories? So 2016. (Meduza) How the Moscow government diversified its online election interference strategies this summer

Chinese Propaganda Paints Hong Kong as a Spoiled Brat (Foreign Policy) The mainland’s new nationalism comes with a heavy dose of old patriarchy.

InnfiRAT Malware Steals Litecoin And Bitcoin Wallet Information (BleepingComputer) A remote access Trojan (RAT) dubbed InnfiRAT by the Zscaler ThreatLabZ team which took a closer look at its inner-workings comes with extensive sensitive information collection capabilities, including cryptocurrency wallet data.

Intel: SSH-stealing NetCAT bug not really a problem (Naked Security) There’s another vulnerability in Intel chips, with another catchy name: NetCAT.

Nemty Ransomware Update Lets It Kill Processes and Services (BleepingComputer) Nemty ransomware is under active development, although its version number may not show it. Its authors are clearly making efforts to make it a more efficient and sophisticated malware and it begins wider distribution.

Marketer Exposes 198 Million Car Buyer Records (Infosecurity Magazine) DealerLeads leaves 413GB of data publicly accessible

Massive ticket fraud scheme targeting Groupon and Ticketmaster uncovered with discovery of unsecured database (Computing) Unsecured database containing 17 million email addresses was found to be part of fraud targeting Groupon, Ticketmaster and other online ticket vendors

Leaky database full of fake Groupon emails turns out to belong to crooks (Naked Security) Crooks made bogus accounts to buy tickets with fake credit cards, resold them to unsuspecting buyers, and left the database-o-fraud wide open.

SOHOpelessly Broken 2.0 - Independent Security Evaluators (Independent Security Evaluators) We show that security controls put in place by iot device manufacturers are insufficient against attacks carried out by remote adversaries. This research project aimed to uncover and leverage new techniques to circumvent these new security controls in embedded devices.

Attacks Targeting IoT Devices and Windows SMB Surge (BankInfo Security) Two years after WannaCry wreaked havoc via flaws in SMB_v1 and three years after Mirai infected internet of things devices en masse via default credentials,

Attack Landscape H1 2019: IoT, SMB traffic abound (F-Secure Blog) In the first half of 2019, traffic measured by F-Secure's global network of honeypots was twelve times higher when compared with the same period in 2018.

New Amazon phishing scam stealing credit card data (HackRead) A new Amazon phishing scam email is circulating, that tricks users into handing over their personal as well as financial information including credit card information to online crooks.

Simjacker exploit is independent of handset type, uses SMS attack (Tech Xplore) Trouble in smartphone security land: There is a platform-agnostic intruder—it can tally up victims regardless of the hardware or software the victims rely on. Simjacker is the name of the exploit. The team who spotted it are from AdaptiveMobile Security.

Nosy flashlight apps want more permissions than they need (NetGuide) It might seem like a flashlight app just needs access to the camera flash in order to turn on and off. Apparently, that’s wrong.

Just how private are your browsing habits? (Naked Security) DNS-over-HTTPS sounds as though it should be safer than plain DNS, because of the “HTTPS” part – but not everyone is delighted about it…

FUSD cyber attack highlights risk for municipal governments (Arizona Daily Sun) As Flagstaff Unified School District continues to recover from last week’s ransomware attack, the incident has highlighted the growing threat of cybercrimes on local municipalities and public agencies.

Internet-connected gas pumps could be hackers' next target (10NEWS) Security researchers found there's been an increased amount of chatter online about how to compromise gas pumps.

UK’s Environmental Agencies Lose Hundreds of Devices (Infosecurity Magazine) DEFRA and Environment Agency respond to FOI requests

Cyber Trends

The Role of Cyber Insurance in Securing the Private Sector (Foundation for the Defense of Democracies) Cyber insurance is a market-driven solution to improve the private sector’s resilience against cyberattacks.

Akamai: 18 Months, 61 Billion Credential Stuffing Attacks (Computer Business Review) As data breaches continue to proliferate, credential stuffing attacks have become rampant – and heavily automated. Akamai counts 61 billion and says...

Security leaders lack confidence in the supply chain, fear third-party attacks (Help Net Security) Nearly nine in ten (89%) cybersecurity professionals expressing concern over the managed service providers (MSPs) they partner with being hacked.

Interacting with governments in the digital age: What do citizens think? (Help Net Security) Most U.S. citizens acknowledge and accept state and local government agencies sharing their personal data, such as criminal records and income data.

A connected world will be a playground for hackers (The Economist) Few companies making connected gadgets have much experience with cyber security

America's cyber blind spot (TheHill) Nearly two decades after 9/11, our ability to confront a new threat is again hindered by the presence of data stovepipes.

Autonomous weapons could 'accidentally' start the next world war, warns ex-Google engineer (Computing) Laura Nolan, who resigned from Google last year over military drone project, warns over 'killer robots'

Marketplace

Microsoft president says tech firms won’t wait for US to act on social media laws (South China Morning Post) US tech companies will adopt a new approach to moderating online platforms because laws around the world are changing, according to Microsoft President Brad Smith

Thraxos Launches to Bring Together Top Tech CEOs and Founders in the Mid-Atlantic Region (Thraxos) Thraxos, an invitation-only professional networking organization that brings together CEOs and founders of the most promising growth companies in the Mid-Atlantic, launched today. The inaugural cohort focuses on companies in artificial intelligence, cybersecuri

CyLon Hits a Cyber Startup CenturyDigitisation: How Traditional Banks can Modernise and be Savvy with their MoneyFive Book’s To Get Ahead: Artificial IntelligenceChartered Banker Institute Responds to FCA Discussion Paper on Climate Change and Green Finance (FinTechTimes) CyLon, the cybersecurity accelerator which finds, grows and invests in the world’s best emerging cyber businesses, reveals the nine cyber companies

SecZetta Closes $10M in Series A Funding Round (CIOReview) SecZetta Closes $10M in Series A Funding Round By CIOReview - Fremont, CA: SecZetta, a Boston, MA-based provider of the most comprehensive non-employee identity risk and life cycle...

Cloudflare stock pops 20% in first day of trading (CNBC) The web security company started trading on Wednesday under the ticker "NET."

Cloudflare IPO: Investors Clamor for Shares, Despite Controversies (Fortune) Cloudflare shares popped 20% post-IPO on Friday, despite recent controversies over 8chan, censorship, and potential sanctions violations.

Cloudflare co-founder Michelle Zatlyn on the company’s IPO today, its unique dual class structure, and what’s next (TechCrunch) Shares of Cloudflare rose 20% today in its first day of trading on the public market, opening trading at $18 after it priced its IPO at $15 a share yesterday and holding steady through the day. Put another way, the performance of the nine-year-old company — which provides cloud-based network …

Cloud Security Strength Can Help Akamai Revenues Surpass $3 Billion Next Year (Forbes) Trefis highlights trends in Akamai’s revenues over recent years along with our forecast for 2020 and 2021 in an interactive dashboard. We maintain a $87 fair value for Akamai’s stock – with cloud security expected to be the primary driver for the company’s value.

BlackBerry CEO says the mobile company's turnaround has hit a tipping point after near-death experience (CNBC) BlackBerry has reinvented itself to become a leader in securing mobile communications and in embedded communications. Next year it plans to roll out new products. CEO John Chen says he expects revenue to grow 23% to 27% in fiscal 2020.

AT&T Chief Laid Plans for His Exit. That Set Off an Activist Challenge. (Wall Street Journal) Plans by CEO Randall Stephenson to leave the helm to a longtime ally triggered the threat of a proxy fight by an aggressive Wall Street activist investor.

Top data firm cites hypocrisy in boycott over ICE work (Washington Examiner) One of Silicon Valley’s top data firms is pushing back hard on a boycott effort tied to its work for Immigration and Customs Enforcement, and its founder’s connection with President Trump.

How Palantir Falls Short of Responsible Corporate Conduct (Forbes) Karp fails to acknowledge that companies like Palantir decide with whom they do business and have an obligation to address the harmful consequences of their business relationships. This responsibility rests not only on tech companies but on all corporations.

Tor's Bug Bash Fund Raises $86K to Fix Critical Issues (BleepingComputer) The Tor Project has raised $86,000 for a Bug Bash Fund that will be used to pay developers to quickly fix critical bugs such as vulnerabilities or privacy issues that leak personal information about a Tor user.

Exclusive: Spotify Pays Hackers $120,000 (Forbes) Spotify has paid out $120,000 (£97,000) to hackers to avoid potential security nightmares; music lovers everywhere should be grateful for that.

Pagefreezer Ranks on Growth 500 List for 3rd Consecutive Year (PR Newswire) Pagefreezer, a leading web and social media compliance archiving and data loss prevention provider,...

Bishop Fox appoints two associate vice presidents (Consulting) Security consulting firm Bishop Fox has announced the appointment of two associate vice presidents.

Products, Services, and Solutions

New infosec products of the week: September 13, 2019 (Help Net Security) The most important releases of the week feature the following vendors: Awake Security, RocketBroadband, Apricorn, Dragos and AWS.

Irdeto Launches Trusted Home to Enable IoT Security Through Smart Home Gateway (Irdeto) New solution enables CSPs to offer greater security and control to customers, increasing efficiency and ARPU

Raytheon Unveils Cyber Threat Detection System for Aircraft, Weapon Systems (ExecutiveBiz) Raytheon has developed a threat detection software designed to alert users to cyber vulnerabilities and prevent attacks to aircraft, satellite, missile and vehicular systems.

ImmuniWeb® Discovery | Asset Inventory, Security Ratings, Compliance (ImmuniWeb) One-click visibility of your web, cloud and IoT assets, security ratings, GDPR, PCI DSS and HIPAA compliance.

Heimdal Security™ Launches Thor MailSentry™, the Solution against Business Email Compromise (BEC) (EIN News) How the new email security solution will work & how this innovation will impact the security landscape.

Barracuda’s new release automates and secures enterprise migrations to public cloud (Moneycontrol) The new functionality will help optimize cloud connectivity and automate scalable protection across multi-cloud deployments.

IBM unveils new platform for hybrid multi-cloud security (TahawulTech.com) IBM has announced IBM z15, a new enterprise platform delivering the ability to manage the privacy of customer data across hybrid multi-cloud environments.

Technologies, Techniques, and Standards

Census Bureau stands up ‘fusion center’ to combat misinformation during 2020 count (Federal News Network) The Census Bureau has stood up a “fusion center” to monitor social media for misinformation during the 2020 count.

County boosts election security (Journal Gazette) Allen County was picked to be one of eight pilot counties where the program will be deployed by Oct. 1.

Security clearance background checks should take three days, Rep. Will Hurd says (CyberScoop) Rep. Will Hurd, who recently announced he is leaving Congress after his current term is up, has something to get off his chest. The Texas Republican has previously said he thinks the federal government should be able to issue security clearances in one week — but now he says it can be done in three days.

Design and Innovation

Kenes Rakishev dream come true: Blockchain-enabled smartphones are entering the mainstream - The Unfiltered Lens (The Unfiltered Lens) Kenes Rakishev pioneered crypto+smartphone combo in Sirin Labs Finney smartphone. Being the first means to bear heavy burden of opening and exploring entire market alone. It is not always - if never - a good option.

What Are Zero-Knowledge Proofs? (Wired) How do you make blockchain and other transactions truly private? With mathematical models known as zero-knowledge proofs.

Academia

Norwich University to partner with UMBC Training Centers (Vermont Business Magazine) Vermont Business Magazine Norwich University and University of Maryland, Baltimore County (UMBC) Training Centers have partnered to offer 15 credit hours from UMBC Training Centers courses to professionals in cybersecurity who wish to enter into Norwich’s online Bachelor of Science in Cyber Security program through the College of Graduate and Continuing Studies (CGCS).

Legislation, Policy and Regulation

Iran tells US it is ready for ‘fully fledged war’ (Times) Iran has warned that it is prepared for “fully fledged war” after the United States accused it of launching devastating drone attacks on two oil facilities in Saudi Arabia. The two powers are at...

Poland to launch cyberspace defence force (Tech Xplore) NATO member Poland will launch a cyberspace defence force by 2024 made up of around 2,000 soldiers qualified in cybersecurity, the defence minister said on Thursday after formally approving it.

A zero-day is here. India should quickly build an impenetrable firewall in the age of cyberwarfare. (Economic Times) With the Persian Gulf becoming a hotbed of cyberwarfare and countries such as the US, China, and Russia engaging in covert and offensive digital operations, the clock is ticking on India. Though the country flagged off its proactive defence initiative with the CyberEx earlier this year, creating a comprehensive deterrence mechanism is still a long haul.

Huawei's Dominance of Africa's Mobile Networks Mean More Spying on African Citizens (The National Interest) A huge problem.

A US official says tech giants Alibaba and Tencent present similar risks as Huawei (Quartz) "Firms such as Huawei, Tencent, ZTE, Alibaba, and Baidu have no meaningful ability to tell the Chinese Communist Party 'no'," said the official.

Chinese tech trio part of 'malignant ecosystem': US official (Nikkei Asian Review) Alibaba, Baidu and Tencent lumped with Huawei as security threats

Senators Urge F.C.C. to Review Licenses of 2 Chinese Telecom Companies (New York Times) In a letter, Senators Chuck Schumer and Tom Cotton say the companies could use their access to U.S. networks to “target” Americans’ communications.

U.S. Targets North Korean Hacking as Rising National-Security Threat (Wall Street Journal) New U.S. sanctions against North Korean hackers and revelations about North Korean malware show how Pyongyang’s cyber operations have become a crucial revenue stream and a security threat that soon could rival its weapons program, U.S. and industry officials say.

EXPLAINED: What is the National Intelligence Grid? (TimesNow) NATGRID is believed to be the brainchild of then home minister P Chidambaram, but with the current home minister Amit Shah taking interest in the project, it's set to proceed at a much quicker pace.

Donald Trump’s sloppiness with secrets threatens Britain too (Times) Imagine you are risking your life to spy for the West in Russia and China, stealing secrets, recruiting sources, or running the vital, boring errands that keep operations going. Trust is crucial.

UK committee condemns loot boxes ('surprise mechanics') as gambling (The Next Web) The UK Parliament’s Digital, Culture, Media and Sport Committee today released their conclusions from their investigation into addictive game mechanics. While the report is a long one not solely focused on games or loot boxes, the committee firmly condemns the use of such mechanics, in spite of attempts by gaming reps to spin them the other …

What happens when you ban loot boxes in gaming? (BBC News) Belgium banned loot boxes in video games in 2018. This is how it affected gaming in the country.

Cyber War as an Intelligence Contest (War on the Rocks) Editor’s Note: Joshua Rovner’s special series, “The Brush Pass,” is back. Rovner is rejoining us after spending a year at the National Security Agency and

With John Bolton gone, White House cybersecurity strategy may change (Axios) Will a new adviser bring back the cybersecurity coordinator position?

Bolton Leaves the National Security Council in Ruins (Foreign Policy) The former Trump advisor helped trash the institution—but the process began long before he was hired.

Washington, Silicon Valley Struggle to Unify on Protecting Elections (Wall Street Journal) A recent meeting between U.S. national-security officials and Silicon Valley executives shows how the two sides aren’t unified on how best to combat foreign election interference.

CISA’s ICT Supply Chain Risk Management Task Force Makes Key Acquisition Recommendation (Department of Homeland Security) The Cybersecurity and Infrastructure Security Agency (CISA) and government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force gathered in Washington, D.C. today to update members on progress towards the development of an initial recommendation to help industry and government stakeholders more effectively identify and manage risks to global ICT supply chains.

The Pentagon’s top AI official explains ‘computer vision’ (C4ISRNET) Lt. Gen. Jack Shanahan, director of the Joint Artificial Intelligence Center, talks about drawing new lines of AI effort.

Army nominee says people are the key to improving cyber (Fifth Domain) Improving recruitment and training is essential to improving the Army's cyber capabilities, said Ryan McCarthy, the White House nominee for Army secretary.

Federal Cybersecurity Policy Priorities Forum, Part 1 (C-SPAN.org) Cybersecurity officers from the military, federal agencies, and government contractors discuss policy priorities across the federal government.

Senate panel guts funding for Army visualization tool (C4ISRNET) The Army could lose nearly $46 million in funding that would slow the fielding of the Command Post Computing Environment.

Crypto Firms Assess How to Comply With Anti-Money-Laundering Standards (Wall Street Journal) The cryptocurrency industry is rushing to comply with new anti-money-laundering standards that require exchanges and other firms to share information about their customers.

With hacks on the rise, is it time to revisit a national ID? (FCW) Our process for verifying people's identities is broken, leading some to revisit the idea of a national ID system. But politics, cybersecurity and other concerns loom large in the debate.

Litigation, Investigation, and Enforcement

Exclusive: Russia carried out a 'stunning' breach of FBI communications system, escalating the spy game on U.S. soil (Yahoo News - Latest News & Headlines) Russian compounds and diplomats in the U.S. played key roles in a counterintelligence operation that stretched from the Bay Area to the nation’s capital, according to former U.S. officials.

U.S. imposes sanctions on North Korean hackers accused in Sony attack, dozens of other incidents (Washington Post) The Treasury Department said a mysterious group of hackers stole billions of dollars through cybercrimes and used the proceeds to develop weapons.

US Sanctions 3 Cyber Attack Groups Tied to DPRK (Dark Reading) Lazarus Group, Bluenoroff, and Andariel were named and sanctioned by the US Treasury for ongoing attacks on financial systems.

Bin Laden's son Hamza was killed in counterterrorism operation, President Trump confirms (Fox News) President Trump has confirmed that Hamza bin Laden, the son of former Al Qaeda leader and 9/11 mastermind Usama bin Laden, has been killed.

Schiff subpoenas acting national intelligence director over 'urgent' whistleblower complaint (Fox News) Rep. Adam Schiff, D-Calif, the chairman of the House Intelligence Committee, subpoenaed acting Director of National Intelligence Joseph Maguire on Friday, claiming Maguire is unlawfully withholding a whistleblower complaint from Congress.

Trump’s acting intel chief may be hiding evidence of serious White House misconduct (Quartz) What is Trump's acting Director of National Intelligence Joseph Maguire trying to hide?

Adam Schiff says DNI cited "higher authority" in refusal to turn over whistleblower complaint (CBS News) Schiff believes the complaint of "serious misconduct" may involve the president "and/or other senior White House officials"

Police arrest workers of Israeli cyber group Ability on suspicion they violated defense export law (Haaretz) A number of suspects associated with two of the cyber group's subsidiaries are facing charges of fraud, smuggling and money-laundering

RCMP official charged with breaching official secrets law oversaw Russian money-laundering probe (The Globe and Mail) Cameron Jay Ortis, charged on Friday with illegally storing and communicating classified information, was working on the case as recently as August, The Globe and Mail has learned

Top Canadian Intelligence Official Charged With Leaking Secrets (New York Times) Cameron Ortis, a senior official with the Royal Canadian Mounted Police’s intelligence unit, faces three charges under a 2012 security of information law.

Mounties employee held under national security act (BBC News) Cameron Ortis, a civilian member of the RCMP, is charged with breach of security laws.

Senior RCMP official charged in breaching Security of Information Act known as secretive, friends say (The Globe and Mail) News of Cameron Ortis’s arrest on allegations of breaching the federal secrets act and Criminal Code comes as a shock to those who knew him

Western Canada: Piecing together the puzzle of Cameron Ortis (The Globe and Mail) The 47-year-old intelligence official, who was charged for breaching secrets laws, has been described as tight-lipped but ‘interesting’

Five Eyes allies raising questions as damage control continues in Cameron Ortis case: sources (CBC) Members of the Five Eyes intelligence bloc are already raising questions about the type of information accessible to Cameron Ortis as the director of an intelligence unit within the RCMP, diplomatic sources tell CBC News.

Kremlin shaken by Oleg Smolenkov, superspy who sailed to safety (Times) The yacht slipped past the piers of the marina and through the azure waters of the Adriatic. On board was Oleg Smolenkov and his family, already dreaming of a new life in a distant land after days...

More From Edward Snowden (NPR.org) Six years ago, Edward Snowden gave classified documents from the U.S. government's surveillance programs to journalists. He talks about his motivations and his new memoir with NPR's Scott Simon.

Edward Snowden on 9/11 and why he joined the army: ‘Now, finally, there was a fight’ (the Guardian) In an extract from his memoir, the US whistleblower shares his experiences on the day the twin towers fell – and the aftermath that led him to join up

Private Security Firms Help FBI Bring Down Cybercriminals - Hacker Arrested in Slovenia (Panda Security Mediacenter) Slovenian authorities working with the FBI arrest a man accused of creating malicious software and selling it to other cybercriminals...

Malwarebytes back to square one as appeals court rules blocking rival antivirus maker isn't on (Register) Section 230 has legal eagles split over censorship

Anti-Malware Company Must Face Suit For Blocking 'SpyHunter,' Court Rules (MediaPost) A federal appellate panel ruled that Enigma Software can proceed with claims that allows Enigma to proceed with claims that Malwarebytes acted anti-competitively by flagging SpyHunter and RegHunter as "potentially unwanted programs."

Chicago brokerage to pay $1.5 million for cyber attack lapses: U.S. CFTC (Reuters) The U.S. Commodities Futures Trading Commission (CFTC) said on Friday that a Chi...

House lawmakers ask Apple, Amazon, Facebook and Google to turn over trove of records in antitrust probe (Washington Post) The requests ask each of the tech giants to provide detailed information about their internal operations, including copies of key communications between top-level executives and records related to "any prior investigation" they have faced on competition grounds.

Lyle Lindsey died as a toddler. So why was he racking up convictions and student debt decades later? (San Diego Union-Tribune) Investigators uncovered a Senegalese man using a dead child's identity for 31 years, court records show

Billionaire founder of Comodo branded a liar in shares battle (The Telegraph) The billionaire founder of one of the world’s biggest cybersecurity firms could lose control of his company after a court ruled he swindled the family of his dead business partner out of their stake in its success.

Ransomware cyber attack at Souderton SD prompts FBI probe (Bucks County Courier Times) Ransomware shut down Souderton Area School District's network the first week of school, prompting a response by the FBI, Secret Service and Homeland

Oklahoma Pension Fund Cyber Attack Shows Rising Risk for Munis (AdvisorHub) Oklahoma has joined the ranks of state and local governments struck by hackers, fueling concerns about the escalating risk of such attacks on municipalities.

Men hired to test court security arrested for doing job too well (Vanguard News) Nigeria News - The US law enforcement arrested two men who broke into Iowa’s Dallas County Courthouse this week, eventhough they were hired to do so.

Pen test goes pear-shaped: cybersecurity firm staff arrested over courthouse burglary (ZDNet) A midnight raid was not what court administrators had in mind for electronic record security tests.

Check the scope: Pen-testers nabbed, jailed in Iowa courthouse break-in attempt (Ars Technica) Iowa court officials authorized "various means" to check county court's security.

Teenager arrested in UK for allegedly hacking 'world-famous' musicians - CyberScoop (CyberScoop) A 19-year-old man has been arrested for allegedly hacking the websites and “cloud-based accounts” of “world-famous” musicians, stealing their unreleased work, and selling the music for cryptocurrency, U.S. and British authorities announced Friday.

Victim of BA data breach? You have only 17 weeks to claim compensation (SC Magazine) Lawyers accuse British Airways of trying to limit the £3 billion payout over data breach that affected more than 500,000 customers by narrowing the claim window to 17 weeks.

RCMP spy case. China hacked Australian Parliament? US sanctions DPRK. FBI comms compromised, 2010-2016. Vote meddling evolves.

Bring your own context.