The CyberWire Daily Briefing, 10.7.19

Cyber Attacks, Threats, and Vulnerabilities

Hibiscus Petroleum suffers cyber attack (Energy Voice) Hibiscus Petroleum said today that its IT system was "subjected to an attack" last week.

No one could prevent another ‘WannaCry-style’ attack, says DHS official (TechCrunch) The U.S. government may not be able to prevent another global cyberattack like WannaCry, a senior cybersecurity official has said. Jeanette Manfra, the assistant director for cybersecurity for Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), said on stage at TechCr…

Warnings Issued For Millions Of Microsoft Windows 10 Users (Forbes) New Windows 10 warnings have been issued which millions of users need to know about...

Windows 10 KB4524147 Update May Cause Boot and Printing Issues (BleepingComputer) Windows 10 1903 users have started reporting boot, printing, and Start Menu issues after installing the KB4524147 cumulative update that go away once the update is uninstalled. Microsoft has not acknowledged any of these issues as of yet, but the amount of reports indicate that there is something going on with this update.

Report: Nation state hackers and cyber criminals are spoofing each other (ZDNet) It's difficult to tell hackers apart says Optiv as US government agencies are warned by Check Point about new threats from a Chinese government-backed group.

Novter Trojan Sets its Sights on Microsoft Windows Defender (BleepingComputer) The Novter Trojan, also known as Nodersok or Divergent, is the latest Trojan to actively target Microsoft's Windows Defender by attempting to disable it.

This mysterious hacking campaign snooped on a popular form of VoiP software (ZDNet) Researchers uncover a campaign which is snooping on call data and recordings of conversations - and could even spoof calls.

Hacker auctioning database containing info on 92m Brazilian citizens (Teiss) A 16GB SQL database that contains personal data of up to 92 million Brazilian citizens is being auctioned on underground restricted-access forums.

Cybervillains Are ‘Harvesting’ Crypto in Low-cost Hacking Campaigns (Cryptonews) Security experts are warning cryptocurrency holders to be aware of cyber thieves who are using a wide range of often low-cost software to “harvest” Bitcoin and altcoins from wallets all over the world.

Undetected cyber attack puts health details of millions at risk in New Zealand (International Business Times, Singapore Edition) After conducting a cyber investigation, it was revealed that sophisticated hacking, that occurred three years ago exposed people's personal data back to 2002.

HP Study Exposes a Different Kind of Hacker: The Creeping Peeker (PCMAG) The HP Creepers & Peekers Study has some startling revelations about how co-workers creep and peep on one another's screens and print trays. Is this a new kind of hacker threat?

Virus Bulletin 2019: Magecart Infestations Saturate the Web (Threatpost) There are dozens of known groups, hundreds of C2 servers and millions of victim websites.

Magecart: The State of a Growing Threat - RiskIQ (RiskIQ) Magecart is a rapidly growing cybercrime syndicate comprised of dozens of subgroups that specialize in cyberattacks involving digital credit card theft. By placing its malicious JavaScript skimmers on online payment forms at a massive scale, Magecart is threatening the ability of consumers worldwide to shop online safely.

WhatsApp vulnerability could compromise Android smartphones (Naked Security) A researcher has released details of a WhatsApp flaw that could be used to compromise the app and the mobile device the app is running on.

New 'Reductor' malware compromises machines' encrypted TLS traffic (SC Magazine) Malware marks victims' TLS-encrypted outbound traffic with identifiers so it can be compromised and potentially decoded later

COMpfun successor Reductor infects files on the fly to compromise TLS traffic (SecureList) In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. We called these new modules ‘Reductor’ after a .pdb path left in some samples.

Iran-backed hack attempt on government officials ‘completely routine activity’ (Fifth Domain) Microsoft observed thousands of attempts to breach email accounts of U.S. officials and a presidential campaign.

Iranian Hackers Target Trump Campaign as Threats to 2020 Mount (New York Times) The news, according to two people with knowledge of the attacks, followed a Microsoft report that said hackers had targeted a campaign, U.S. officials and journalists.

Iranian hackers targeted a US presidential campaign, Microsoft says (CNET) Between August and September, Microsoft discovered more than 2,700 attempts to hack a presidential campaign as well as US officials.

Iranians tried to hack U.S. presidential campaign in effort that targeted hundreds, Microsoft says (Washington Post) The software giant said it detected a campaign linked to the Iranian government attempted to breach email addresses belonging to a U.S. presidential campaign, government officials and journalists.

Presidential Campaign Targeted by Suspected Iranian Hackers, Microsoft Says (Wall Street Journal) Microsoft said that at least one U.S. presidential campaign has been targeted by cyberattacks linked to the Iranian government, in the latest indication that foreign actors are interested in potentially disrupting the 2020 election.

Iranian Hackers Targeted a US Presidential Candidate (Wired) A revelation from Microsoft offers a chilling reminder that Russia is not the only country interested in swaying the 2020 election.

How Iran Would Wage Cyber War Against the United States (The National Interest) Who would win? How bad could it get? Could it lead to a larger war?

Military warns of Iranian hackers targeting American troops with fake jobs website (Stars and Stripes) “Hire Military Heroes” targets servicemembers considering a transition back to civilian life via a web application that visitors are encouraged to download. However, the app actually drops malicious malware and spyware into the users’ computer system.

HildaCrypt Ransomware Developer Releases Decryption Keys (BleepingComputer) The developer behind the HildaCrypt Ransomware has decided to release the ransomware's private decryption keys. With these keys a decryptor can be made that would allow any potential victims to recover their files for free.

FBI Issues ‘High-Impact’ Cyber Attack Warning—What You Need To Know (In Homeland Security) One “high impact” and ongoing cyber threat has become such a critical concern that on Oct. 2, the FBI issued a warning to U.S businesses and organizations.

DCH Regional Medical Center pays hackers in ransomware attacks (WSFA) The medical center purchased an encryption key from hackers.

Report: Alabama hospitals pay hackers in ransomware attack (WHNT) An Alabama hospital system that quit accepting new patients after a ransomware attack said Saturday it had gotten a key to unlock its computer systems. A statement from DCH Health Systems didn't say how the three-hospital system got the information needed to unlock its data. But The Tuscaloosa News quoted spokesman Brad Fisher as saying the hospital system paid the attackers.

Cyber attack hits Bonjour-Santé (Montreal Gazette) The private Quebec medical-booking service that promises quick appointments was the victim of a cyber attack on Sunday, its president said

Prepare for the Deepfake Era of Web Video (Wired) “We’re going to get more and more of this content and it’s probably going to get of better quality,” says Sam Gregory of the human-rights nonprofit Witness.

Understand: How deepfake videos work to trick online users (KSAT) A local cybersecurity company is keeping a close eye on deepfake videos and the effect they could have on online users.

The Cyberthreat Handbook: Thales and Verint Release Their "Who's Who" of Cyberattackers (BusinessWire) Powered by the cutting-edge technologies and products of Thales and Verint, the two companies are pleased to present The Cyberthreat Handbook, a repor

Monthly Threat Actor Group Intelligence Report, August 2019 (ThreatRecon) This is a summary of activity of suspected state sponsored Threat Actor Groups analyzed by the ThreatRecon Team, based on data and information collected from July 21 to August 20, 2019.

Cyber Trends

Michael Chertoff on OT cybersecurity in the utilities industry. (The CyberWire) Threats to power production and distribution are no longer purely theoretical: they're here, and they're real.

Reducing risk by increasing visibility (The CyberWire) When defending power production and distribution, visibility is the essential first step. Defenders must see everything, from ICS sensors to business systems.

Siemens-Poneman Study: Cyber attacks on power utilities are growing in numbers, complexity (Power Engineering) The cybersecurity risks against critical power infrastructure seems to be worsening, as a new study indicates that 56 percent of respondents reported their companies suffered one or more shutdowns or loss of operational data per year. The joint report by Siemens and the Poneman Institute assesses the growing threats as utility business models connect operational...

Report finds cyberattacks on critical utility operating systems are increasing (TheHill) A new study published Friday finds that cyberattacks on the operational technology (OT) involved in running critical utilities are increasing and says these attacks have the potential to cause “severe” damage.

A third of industrial plants have no response plan for cyberattacks (Axios) A new Siemens survey prods IT staff on cyber readiness.

Cyber Security Nordic: Trickle-down effect of cyber-warfare prolongs firefighting (SC Magazine) Cyber-attacks tend to have a trickle down effect via a pyramid structure, with the top slot often occupied not by the cliched men in hoodies but by state intelligence organisation

Security Was Perfect—They Just Forgot About the Smart Aquarium (CTECH) Michal Braverman-Blumenstyk, the chief technology officer of the cloud and AI division of Microsoft, spoke with Calcalist about the public concern over security breaches of IoT devices

Coalfire Cloud Study: Security Concerns Still a Barrier to Cloud Adoption (HostReview.com) Coalfire, a provider of cybersecurity advisory and assessment services, today announced the release of a new Securealities research report:

Hiring security pros will cut cyberattack impact cost: Study (Outlook) Enterprises which deployed an internal Security Operation Center (SOC) have been able to reduce financial damage from a cyberattack at $675,000 -- less than half the average impact cost for all enterprise-level organizations at $1.41 million, a new survey from Kaspersky and market research firm B2B International has revealed.

Phishing leading cause of data breaches across Australia (Security Brief) This indicates hackers are targeting the weakest link in the security chain – end users.

Talent, funding and evolving threats: Inside Ireland's ever-changing cybersecurity scene (Fora.ie) Fora catches up with various players in the ecosystem to survey the lay of the land.

Marketplace

VMware and Carbon Black Announce Satisfaction of the Remaining Regulatory Condition for Tender Offer (Yahoo) VMware, Inc. (VMW) and Carbon Black, Inc. (CBLK) today announced that the required waiting period under the Austrian Cartel Act applicable to VMware’s Tender Offer (as defined below) for Carbon Black has expired. The termination of the waiting period under the Austrian Cartel Act satisfies the last

Questor: this British tech star is recovering well but looks cheap relative to peers. Buy (The Telegraph) Questor share tip:

Northrop hires DHS vet Phyllis Schneck (Washington Technology) Northrop Grumman adds former Homeland Security Department cybersecurity lead Phyllis Schneck to the company's leadership team.

KnowBe4 Hires Karina Mansfield as New Managing Director for Australia (AsiaOne) New managing director part of KnowBe4's efforts to build strong team and bolster activities in a new region

Products, Services, and Solutions

New infosec products of the week: October 4, 2019 (Help Net Security) The most important infosec releases of the week come from: HITRUST, Tripwire, Anomali, TITUS, ACA Compliance Group, Ping Identity,

Veristor Announces Partnership with eSentire to Deliver MDR Services to Mutual Customers (Veristor) Veristor, a leading provider of transformative business technology solutions, today announced that it has signed a partnership agreement with eSentire.

Raytheon System Would Warn Military Aviation Units of Cyber-Hijacking Attempts (Military.com) One defense company says it has a solution to detect hacks in real time and warn troops in the fight.

Box launches content security tool Shield to combat data leak (Verdict) Cloud content management company Box has launched a new content security product to assist in preventing accidental data leakages.

BULLETPROOF Expands Cybersecurity Services in Europe to Multiple Industries (PR Newswire) Leading cybersecurity firm BULLETPROOF, a GLI company has a storied history of success in the gaming...

Sophos launches managed threat response service (Security Brief) The resellable service provides organisations with a dedicated 24/7 security team to neutralise threats.

Taiwan flag emoji disappears from latest Apple iPhone keyboard (Hong Kong Free Press HKFP) The Republic of China flag emoji has disappeared from Apple iPhone’s keyboard for Hong Kong and Macau users. The change happened for users who updated their phones to the latest operating system. Updating iPhones to iOS 13.1.1 or above caused the flag emoji to disappear from the emoji keyboard. The flag, commonly used by users to …

wolfCrypt Embedded Cryptography Engine | wolfSSL Products (wolfSSL) The wolfCrypt cryptography engine is a lightweight crypto library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments.

Technologies, Techniques, and Standards

Buying a new laptop? Here’s how to secure it (Naked Security) Getting the basics right gives you a lot of protection. Here’s how.

Rolling back Ryuk Ransomware (Sophos News) To understand how to stop Ryuk ransomware we look at how the attacks unfold.

FBI Okays Paying in a Ransomware Attack (Decipher) The FBI does not advocate paying a ransom because there’s no guarantee the organization will get the data back, but acknowledged in an updated guidance that sometimes, for some organizations, paying the ransom makes a lot of sense.

Microsoft: Any form of MFA takes users out of reach of most attacks (Help Net Security) Users need to know that not all MFA options are equally secure but that, generally, they are all a safer option than using just a password.

DNS-over-HTTPS causes more problems than it solves, experts say (ZDNet) Several experts, companies, and national entities have voiced very convincing concerns about DoH and its features.

Design and Innovation

An Open Source License That Requires Users to Do No Harm (Wired) Open source software can generally be freely copied and reused. One developer wants to impose ethical constraints on the practice.

Artificial intelligence isn’t very intelligent and won’t be any time soon (Salon) For all of the recent advances in artificial intelligence, machines still struggle with common sense

New Department of Homeland Security biometrics system will identify people by scars, tattoos and palm prints (Computing) The cloud-based system will be able to identify people through scars and tattoos

Academia

Top Ten Finalists Named In Governor's High School Cyber Challenge (MITechNews) Round 1 of the Governor’s High School Cyber Challenge has closed. The top 10 teams named this week now move on to Round 2 to be hosted during the North American International Cyber Summit Oct. 28 at the TCF Center. The Governor’s High School Cyber Challenge is designed to test students’ knowledge …

Legislation, Policy and Regulation

27 Countries Agreed on ‘Acceptable’ Cyberspace Behavior. Now Comes the Hard Part (Legaltech News) While dozens of countries were able to come together on a joint agreement outlining principles of behavior in cyberspace, the actual consequences for cyber crimes may be drafted away from the world stage.

Wilbur Ross warns India about Huawei but says the country must 'make its own decision' (CNBC) U.S. Commerce Secretary Wilbur Ross says he hopes India "does not inadvertently subject itself to untoward security risk" by using 5G equipment from Huawei.

Myanmar to Keep Huawei Despite Security Concerns (VOA) Myanmar has decided to keep using China’s Huawei to develop its new mobile communications system. The decision comes despite national security concerns about Huawei by the United States and some other nations.

UAE telecom du sees no evidence of ‘security holes’ in Huawei's 5G technology: CTO (Reuters) United Arab Emirates (UAE) telecoms company du saw no evidence of security conce...

Cybersecurity and geopolitics: why Southeast Asia is wary of a Huawei ban (The Strategist) ‘The race to 5G is a race America must win’, US President Donald Trump said on 12 April. Just over a month later, on 15 May, he issued an executive order banning Huawei equipment in ...

China Masters Political Propaganda for the Instagram Age (New York Times) Leveraging celebrities, the know-how of tech companies and images built for social media, the Communist Party can effectively stir patriotism among the youth.

US and UK sign deal to speed up electronic evidence collection from tech firms in serious criminal cases (Computing) The current process for receiving evidence can take years

The Same Old Encryption Debate Has a New Target: Facebook (Wired) Attorney general William Barr seems eager to reignite the encryption wars, starting with the social media giant.

Should governments be given keys to access our messages? (BBC News) Facebook has been asked to roll back plans to bring end-to-end encryption to its platforms.

What Would Facebook Regulation Look Like? Start With the FCC (Wired) Opinion: Platform giants need to meet the public interest standard, just like broadcast media.

Senior technologist returns to Army Cyber Command as first Science Advisor (DVIDS) Mark A. Mollenkopf will serve at the Defense Intelligence Senior Level, a senior technician position equivalent to a Senior Executive Service federal civilian employee.

Navy Cyber Defense Operations Command Retires a Plank Owner (DVIDS) Navy Cyber Defense Operations Command’s (NCDOC) Senior Policy Advisor, James Granger, retired from government service after thirty-four years, during a ceremony in the Hall of Heroes Auditorium, Sep. 20.

Litigation, Investigation, and Enforcement

Qatar seeks enhanced international cooperation in combating cyber crimes (The Peninsula Qatar) The State of Qatar has said that it is actively seeking to enhance information security within the country and to encourage international cooperation in combating cybercrime, noting that it was a victim of cyber-piracy, which was a cover for creating a plotted regional crisis that has severely harmed regional and international security and stability.

US researchers on front line of battle against Chinese theft (The Mercury News) As the U.S. warned allies around the world that Chinese tech giant Huawei was a security threat, the FBI was making the same point quietly to a Midwestern university.

FBI investigating if attempted 2018 voting app hack was linked to Michigan college course (CNN) An attempted hack into a mobile voting app used during the 2018 midterm elections may have been a student's attempt to research security vulnerabilities rather than an attempt to alter any votes, three people familiar with the matter told CNN.

Half a million customers can sue BA over huge data breach (Times) Half a million British Airways customers have been given the go-ahead to sue the airline over its cybersecurity breach last summer. Yesterday a High Court judge granted a group litigation order...

£3 billion Safari iPhone privacy lawsuit given go-ahead (Naked Security) A UK class action lawsuit against Google, that represents around 5 million iPhone users, can go ahead, according to the UK Court of Appeal.

Prince Harry sues newspapers over hacking claims (Times) The Duke of Sussex has raised the prospect of appearing in the witness box at the High Court as it emerged that he is suing two newspaper groups over the alleged hacking of his mobile phone. Court...

Risk & Repeat: Trump takes aim at DNC hack and CrowdStrike (TechTarget) This Risk & Repeat podcast looks at how a conversation between President Trump and Ukraine President Volodymyr Zelensky, in which Trump asked for assistance in finding 'the server,' has sparked controversy once again around the DNC hack and CrowdStrike.

House Democrats subpoena White House for Ukraine documents (POLITICO) They also demanded Ukraine documents from Vice President Mike Pence.

GOP House Intel Committee members speak out against chairman Adam Schiff (OAN) Breaking News, Latest News and Current News from OANN.com. Breaking news and video. Latest Current News: U.S., World, Entertainment, Health, Business, Technology, Politics, Sports.

Marine who uncovered Russia 2016 hack says Trump is 'babbling old conspiracy theories' (WUSA) Robert Johnston was the first to discover Russia hacked the Democratic National Committee’s servers.

Pence's Chief of Staff Marc Short says impeachment subpoena based on 'fake news' (Fox News) A letter sent from House Democrats to Vice President Mike Pence requesting documents as part of the impeachment inquiry was based on "fake news," Chief of Staff Marc Short said Saturday.

The tough war against cyber criminals in the dark Web (Techgoondu) International cooperation among law enforcement agencies is needed to nab increasingly sophisticated cyber criminals using the dark Web.

Iowa Chief Justice Mark Cady apologizes for courthouse break-ins (CBS2 Iowa) Chief Justice of the Iowa Supreme Court Mark Cady apologized to state lawmakers on Friday for the alleged break-ins at county courthouses that were ordered by judicial branch officials as part of a cybersecurity test.

Hacker’s parents sentenced for selling his cryptocurrency (Naked Security) “You misguidedly tried to help your son” by moving his cryptocurrency, but it “didn’t help him at all,” a judge said.

IT contractor charged over cyber attack on property valuation firm (ComputerWeekly) Australian police charge 49-year-old man with stealing and posting more than 170,000 data records belonging to ASX-listed Landmark White on the dark web.

Bring your own context.