The CyberWire Daily Briefing 1.3.19

Summary

By the CyberWire staff

The Dark Overlord has, as the group promised or threatened, released documents it claims it hacked from real estate and insurance companies. The group says the firms engaged in a far-fetched conspiracy to stage the 9/11 attacks. They've offered to sell the documents (for Bitcoin, of course), but so far the teasers they've posted to Pastebin seem for the most part to be old stuff recycled from earlier breaches (Naked Security). Need we add that the files don't remotely add up to evidence of much of anything, still less a 9/11 conspiracy? The Dark Overlord's posts have been fairly quickly removed from Pastebin, and Twitter has also blocked at least one account that was hawking the Overlord's wares.

It's become increasingly clear that the malware involved in the weekend's attack against US newspaper printing plants was a Ryuk variant (SecurityWeek). Ryuk has appeared in a number of extortion campaigns before, and it's said to be well-adapted for tailoring against specific targets and their high-value business processes. Check Point calls Ryuk "artisanal" as opposed to "commodity" malware. In this attack Check Point says it's seen little evidence of automatic propagation capability, which suggests some significant preliminary preparation by the attackers (Government Technology). Attribution remains unclear. Those willing to speculate cite mostly circumstantial code similarities to past attacks.

Australian media are claiming the first big breach of 2019 for Oz: a major, phishing-induced breach has exposed information on tens of thousands of government workers in the state of Victoria (Computer Business Review).

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, China, European Union, Russia, United States, and and Vietnam.

Visualize Your Network Like the Most Infamous Hackers

Cyber threats are becoming more frequent and targeted. Bad actors are more adept at social engineering and investigating your network and infrastructure to understand your organization’s cyber strengths and weaknesses. This webinar delves into a robust threat model capable of repelling the world's most sophisticated hackers and nation-state actors. Join us for an introduction to ScoutThreat™, a threat management platform that helps analysts streamline threat analysis work and extract the maximum value from threat intelligence.

On the Podcast

In today's podcast, out later this afternoon, we speak with our partners at the SANS Institute, as Johannes Ullrich (Dean of Research and proprietor of the ISC Stormcast podcast) tells us about cold boot attacks on laptops. Our guest is Sarah Squire from Ping Identity, with the results of a survey on consumer response to breaches.

Sponsored Events

Cyber Security Summits: 2019 (United States, January 1 - December 31, 2019) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the FBI, Darktrace and more at the 2019 Cyber Security Summits. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350).

Rapid Prototyping Event: The Wolf in Sheep's Clothing (Columbia, Maryland, United States, January 29 - 31, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event which is interested in identifying UAM solutions that employ advanced real-time analysis of multiple data sources for detecting unauthorized activities.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Dark Overlord hackers release alleged 9/11 lawsuit documents (Naked Security) The extortionists leaked a “small sample” of what they say are 18k classified legal documents containing 9/11 “truth” stolen from a law firm.

US newspapers battle ransomware (Naked Security) On 29 December one of America’s largest publishing groups, Tribune Media, found itself battling a major ransomware attack.

Cyber attack targets US newspapers, printing halted (IT PRO) The distribution of multiple newspapers across the country was delayed as a result

Ryuk Ransomware Suspected in U.S. Newspaper Attack (SecurityWeek) The recent cyberattack that disrupted the delivery of several major US newspapers may have involved Ryuk, a piece of ransomware typically used in targeted operations.

Ryuk Malware: Tailor-Made for Maximum Disruption (Government Technology) The ransomware launched against newspapers nationwide is not your typical malware. Experts say Ryuk is “artisanal” and meant to be used against certain companies for maximum disruption.

2019's First Data Breach: It Took Less than 24 Hours (Computer Business Review) 2019's first data breach was reported less than 24 hours into the New Year, after the details of an estimated 30,000 Australian civil servants were stolen

Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack (KrebsOnSecurity) Cloud hosting provider Dataresolution.net is struggling to bring its systems back online after suffering a ransomware infestation on Christmas Eve, KrebsOnSecurity has learned.

Data of 2.4 million Blur password manager users left exposed online (ZDNet) Company says data breach didn't expose any actual passwords stored inside users' Blur accounts.

Automated System Bypasses Google reCAPTCHA Again (SecurityWeek) The unCaptcha automated system can once again bypass Google’s reCAPTCHA challenges, despite major updates to the security service.

Hacker Streaming PewDiePie Videos on Exposed Chromecast Devices (BleepingComputer) A new hacking campaign is underway that is targeting Chromecast adapters, Smart TVs, and Google Home in order to play a YouTube video promoting PewDiePie's channel.

Warn your friends they can’t bypass Facebook with this hoax (Naked Security) No, none of us can “bypass” Facebook’s newsfeed algorithms by copy-pasting our way past them.

PayPal phishing scam posted as a promoted tweet on Twitter (Cyware Hacker News) Twitter allowed a scammer to post a PayPal phishing scam as a promoted tweet on its social networking site. The phishing page asked visitors to login to their accounts and verify their details to win new year gifts.

Don’t Get Caught in a SMiShing Scam (The State of Security) The word SMiShing may sound like gibberish -- we think it’s a weird one -- but some of the world’s largest enterprises are losing millions of dollars to these scams every year.

Security Patches, Mitigations, and Software Updates

Vulnerability in Chrome for Android Patched Three Years After Disclosure (SecurityWeek) A vulnerabilitiy recently patched by Google in Chrome for Android with the release of Chrome 70 in October 2018 was an information disclosure bug that was originally reported in 2015, security researchers say.

Cyber Trends

2019: Cyber War - Part 3 (Forbes) Cyber war is on its way? Will it be a Happy New Year?

Watch out, cyber fraud cases in banks are spiking (The Economic Times) Spike in cyber frauds is bigger than most other types of bank frauds (5,917) reported in 2017-18

Marketplace

Apple's shock profit warning chills Wall Street as Tim Cook blames China's economic slowdown (The Telegraph) Apple has sent a chill through Wall Street and the tech industry by cutting its sales forecasts for the first time since 2002, blaming a sharper than expected economic slowdown in China.

Stocks Tumble After Apple Sales Warning (Wall Street Journal) The Dow Jones Industrial Average fell more than 2% Thursday, with technology shares coming under pressure after Apple announced a rare cut to its sales forecast for the crucial holiday quarter.

Apple warning pummels markets worried about growth outlook (Yahoo) Stock markets retreated Thursday as China's slowing economy forced Apple to slash its revenue forecast, wiping more than $70 billion from its value and dragging down share prices in the wider technology sector. Apple late on Wednesday cut its revenue outlook for the latest quarter, citing steeper-than-expected

Top secret Israeli cyberattack firm, revealed (Haaretz) Candiru, named after an Amazon fish known to parasitize the human urethra, recruits heavily from 8200 intelligence unit and sells offensive tools for hacking computer systems.

EU to Run Bug Bounty Programs for 14 Free Software Projects (SecurityWeek) The European Union is offering nearly $1 million in bug bounties through the FOSSA project for vulnerabilities in 14 widely used free software projects.

Products, Services, and Solutions

Software Security: How To Protect Software From Cyber Security Attacks (PR Newswire) Zeus SW Defender, LLC (http://www.zeusswdef.com) has announced the Zeus Software Defender Technology ("Zeus") for...

CyberX ICS Incident Manager Now Certified in the ServiceNow® Store (GlobeNewswire News Room) First Integration of Industrial Cybersecurity Platform with Market-Leading IT Service Management Solution

Upstream Security and Arilou Partner to Build End-to-End Security for Smart Mobility (NNG) Integration of solutions tackles demand for cybersecurity created by rapid growth in connected vehicles

Inside PolySwarm's Decentralized Threat Intelligence Marketplace (SecurityWeek) PolySwarm's Threat Detection Marketplace adds the collective wisdom of independent malware analysts -- and rewards them.

French Startup Offers Dark Web Compass, But Not for Everyone (SecurityWeek) Over the past five years Aleph Networks has indexed 1.4 billion links and 450 million documents across some 140,000 dark web sites.

National Cyber Security Alliance commits to user education drive (The Daily Swig | Web security digest) Cyber, cyber, cyber

Microsoft Open Sources Homomorphic Encryption Library (Computer Business Review) Microsoft has open sourced a homomorphic encryption library its Cryptography Research group developed,saying the technique is ripe for widespread adoption

Technologies, Techniques, and Standards

Government Shutdown Impacts Enterprise Security (Decipher) The government shutdown isn’t impacting just security professionals working for the federal government. Corporate security teams have to pay attention to what public services are available and what aren’t during this time period.

USB-C upgrade allows cryptography to authenticate connected devices (9to5Mac) An upgrade to the USB-C standard allows cryptography to be used to authenticate connected devices. It will ensure that devices are properly certified, but can also be used to enhance security &#823…

Idaho Lab Protects US Infrastructure From Cyber Attacks (SecurityWeek) In the past decade, The Idaho National Laboratory's cybersecurity work has put it on the leading edge, and it is expanding.

How SMBs can minimize damage from ransomware attacks (TechRepublic) The costs incurred from a ransomware attack can devastate SMBs, but there are ways to minimize the impact.

Design and Innovation

Algorithms in Society: Protecting people v protecting IP (Computing) James Kitching, Solicitor - Corporate, Coffin Mew, discusses the growing controversy around the use of algorithms and AI affecting privacy

Peter Cochrane: We need 'truth engines' (Computing) Civilisations stand or fall on the strength of their truths, warns Professor Peter Cochrane OBE,Cloud and Infrastructure

Research and Development

As quantum computing draws near, cryptography security concerns grow (JAXenter) The new quantum computing leap forward has dizzying security implications for the whole tech ecosystem. Dan Timpson explains why you should be concerned.

Legislation, Policy and Regulation

Vietnam's Draconian Cybersecurity Bill Comes Into Effect (SecurityWeek) A law requiring internet companies in Vietnam to remove content communist authorities deem to be against the state came into effect Tuesday, in a move critics called "a totalitarian model of information control".

To The Dismay Of Free Speech Advocates, Vietnam Rolls Out Controversial Cyber Law (NPR) The law requires Internet companies to store locals' data in Vietnam and hand over user information if the government asks for it, among other contentious provisions.

Curbs on A.I. Exports? Silicon Valley Fears Losing Its Edge (New York Times) The Commerce Department is considering national security restrictions on artificial intelligence. Some worry they could stunt the industry in the U.S.

Equifax Is Back in Washington’s Crosshairs (Wall Street Journal) House Democrats have put legislation responding to the massive Equifax hack at the top of their agenda, indicating possible changes ahead for how the credit-reporting industry handles consumer information.

Litigation, Investigation, and Enforcement

U.S. Citizen Held in Moscow Not Likely a Spy (Foreign Policy) Arrest could be retaliation for U.S. conviction of Russian national in influence operation.

Ex-MtGox Bitcoin Chief Maintains Innocence in Trial Closing Arguments (SecurityWeek) Mark Karpeles, former head of collapsed bitcoin exchange MtGox, apologised for losses that bankrupted the firm but insisted he was innocent of charges including embezzlement at closing arguments in his Tokyo trial.

The FBI’s Interrogation of Reality Winner Was Like a Play — and Has Now Been Turned Into One (The Intercept) The more playwright Tina Satter read of the FBI's interview of Reality Winner, the more it started to seem like a thriller.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

NITSIG Meeting: Insider Threat Detection & Mitigation Using External Data Sources (Laurel, Maryland, USA, February 12, 2019) Gathering and analyzing Internal data sources is very important for Insider Threat Detection. Equally important is knowing what External data sources are also available to create the "Big Picture" of potential / actual Insider Threats. This meeting will focus on the many External data sources that are available from various companies, for organizations and businesses that want to be proactive in "Employee Threat Identification". This meeting will also provide insight into the possibility that your company's data may be "For Sale" on the Dark Web, and how to locate it.

upcoming Events

SINET Global Institute CISO Series (Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise and organizational threats. These are an intense “roll your sleeves up” thought leadership discussions on How Cyber is Driving the New Board Perspective on Enterprise Risk Management. Attendance is limited to 30 Security and Risk Executives from Global 2000 corporations.

CPX Asia 360 2019 (Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security professionals face. Experience insightful Cyber Talk keynotes, conference sessions, and hands-on labs covering the latest innovations. Register today!

CPX Americas 360 2019 (Las Vegas, Nevada, USA, February 4 - 6, 2019) CPX 360 promises to be the premier cyber security summit. CPX 360 is where you’ll receive up-to-the-minute intelligence about global threats and other vital topics from the world’s leading cyber security experts. In addition, you’ll enjoy getting hands on with cutting-edge security solutions from Check Point, networking with your peers, and celebrating with the world’s cyber security elite. If you attend one cyber security event this year, make it CPX 360.

QuBit Conference Belgrade 2019 (Belgrade, Romania, February 7, 2019) QuBit is a Cybersecurity Community Event connecting the East and West. We create a unique way to meet the best and the brightest minds in the information security fields across multiple industries, and all carrier levels. We are collecting great feedbacks on past conferences so we would be glad to cooperate with you, too. QuBit Conference consists of one day (2 in Prague) full of educational presentations, keynotes, case studies and interactive panel discussions in QuBit way - community spirit and tons of great networking opportunities. Not to mention popular pre-conference hands on training held a day before conference.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Dark Overlord hasn't got much. Ryuk versus newspapers in an "artisanal" attack. Australia claims 2019's first big breach.