The CyberWire Daily Briefing, 10.31.19

Cyber Attacks, Threats, and Vulnerabilities

Russia isn't the only threat to 2020 elections, says U.S. intel (The Christian Science Monitor) Russia, China, and Iran used social media to target the 2018 midterm elections and could try again in 2020.

Thousands of Websites Offline as Georgia Suffers Major Cyber-Attack (Infosecurity Magazine) Thousands of Websites Offline as Georgia Suffers Major Cyber-Attack. Broadcasters also disrupted in unprecedented operation

Georgia Web Attack: What We Can Learn and Do Better (Indusface) Largest cyberattack hit the country of Georgia on October 28, 2019. Lean what caused this attack, lessons learned from Georgia attack and what can be done better.

Facebook says it suspends accounts tied to Putin ally for meddling in Africa (Reuters) Facebook said on Wednesday it had suspended three networks of Russian accounts t...

‘Putin’s chef,’ architect of interference in 2016 U.S. election, is now meddling in African politics, Facebook says (Washington Post) The man behind Russia's Internet Research Agency trolls that worked to elect Donald Trump has been active in Africa, too, according to Facebook, which took down more than 170 accounts with nearly 1 million followers overall.

Removing More Coordinated Inauthentic Behavior From Russia (Facebook Newsroom) We removed three networks of accounts, Pages and Groups for engaging in foreign interference on Facebook and Instagram.

The Conditions That Created ISIS Still Exist (Foreign Policy) Abu Bakr al-Baghdadi’s death won’t eliminate the threat of Islamist extremism so long as autocratic regimes continue to hold sway in the Middle East.

Nuclear Power Corp of India says detected malware in its systems (Reuters) State-run Nuclear Power Corp of India Ltd (NPCIL), which runs nuclear reactors a...

Indian nuke plant’s network reportedly hit by malware tied to N. Korea (Ars Technica) Information, not nuclear reactor controls, were the target.

Kudankulam Cyber Attack Did Happen, Says NPCIL A Day After Denial (The Quint) NPCIL confirmed on Wednesday that identification of malware in Kudankulam Nuclear Power Plant is correct.

What is DTrack: North Korean virus being used to hack ATMs to nuclear power plant in India (India Today) A virus, which originated in North Korea, could be the weapon used in the cyberattack on Kudankulam nuclear power plant.

Microsoft Users Hit with Phishing Kits Hosted on Thousands of Domains (BleepingComputer) Microsoft's users were the most targeted by phishing campaigns among the top targeted brands with attackers using a thousands of domains specifically registered to be used for harvesting credentials from their targets.

World's First Domain Registrar Network Solutions Discloses Breach (BleepingComputer) World's first domain registrar Network Solutions disclosed a security breach that happened in late August 2019, and allowed a third-party to infiltrate some of the company's computing systems without authorization and potentially access some customers' personally identifiable information (PII).

Upstream | Trick or treating Android Emoji keyboard app makes millions of unauthorized purchases (RealWire) $18 million of fraudulent charges from the app blocked by malware security platform Secure-DLondon, October 31, 2019 – A popular Android keyboard app, ai.type, downloaded more than 40 million ti

16M passwords from Fortune 500 companies found on the dark web (SiliconANGLE) 16M passwords from Fortune 500 companies found on the dark web - SiliconANGLE

UniCredit discloses 2015 data breach, three million Italians affected (SC Magazine) Italian banking and financial services company UniCredit discloses data breach incident involving a file containing roughly three million records

Misconfiguration: most common IT mistake by SMBs (SC Magazine) Misconfiguration - weak passwords, default log-ins and poor patching -- remain the most common IT mistakes made by small and medium businesses, say MSP execs

Happy Dyn Attack Anniversary! (Radware Blog) There is a vast underground that thrives and grows on the digitization of our economy, and demonstrate no signs of slowing down any time soon.

Sextortion scammers are hijacking blogs – and victims are paying up (Naked Security) Sextortion scammers have started hijacking poorly managed or defunct blogs to expand an increasingly profitable business.

Card skimming scam discovered in West Lafayette bank ATM (13 WTHR Indianapolis) Police in West Lafayette are looking for suspects after the discovery of a skimming device last week at a local ATM.

Security Patches, Mitigations, and Software Updates

Chrome 78 Disables Code Integrity Check to Mitigate "Aw Snap!" Crashes (BleepingComputer) Google decided to temporarily disable the Code Integrity feature activated in Chrome as users report more "Aw Snap!" crashes caused by incompatible software on the system.

Got an early iPhone or iPad? Update now or turn it into a paperweight (Naked Security) Calling Apple iPhone 5, iPhone 4s or early iPad owners – your device may be about to turn into a vintage technology paperweight.

Cyber Trends

A Turning Point for Tech – Global survey on digital regulation (Hogan Lovells) Technological developments and tech-based business models have become a focus for global regulation across borders and industries in recent years.

Akamai Security Research: Cybercriminals Using Enterprise-Based Strategies For Phishing Kit Development And Deployment (Akamai) Latest State of The Internet / Security Report indicates that cybercriminals use enterprise strategies such as phishing as a service (PaaS) to leverage the world's largest tech brands.

Cofense Releases Annual Phishing Report; Flips Myth that Employees Are the Weakest Link in Cyber Defense (PR Newswire) Armed with data generated by millions of real people, along with intelligence collected from more than 10 million...

Phishing — Baiting the Hook (Akamai) Data science is hard. But data itself is malleable and open to interpretation.

Threat Spotlight: Cyberattacks against schools (Barracuda) A new school year is underway, and cyberattacks against schools are increasing dramatically.

More than 1 in 3 Enterprises Say Cloud Apps Are the Most Vulnerable to Insider Threat (West) New Insider Threat Report Reveals How Cloud Affects Risk from Insiders and How Enterprises are Protecting Themselves

Opportunities growing for MSPs, so are threats, says Datto CEO (SC Magazine) MSPs globally manage business worth £78 billion, making attractive targets for cyber-criminals, says Datto Inc CEO Tim Weller

Are Cybercriminals Winning the Mainframe Security Cat-and-Mouse Game? (Security Intelligence) The current state of mainframe security often amounts to bringing a knife to a gun fight: The number of available fighters is shrinking as skilled mainframe security practitioners hang up their hats.

Finally, a key to the Boardroom for control system cyber security – Moody’s steps up (Control Global) It is critically important for the safety and reliability of our infrastructures that credit rating agencies such as Moody’s consider control system cyber security in their risk ratings assessments. For that, there needs to be control system metrics for evaluating technology and people. Based on history, Moody’s (and other credit rating agencies) participation may be the only way to get senior management to take appropriate actions to address control system cyber security, and thus, reduce enterprise risk.

Email Threats Poised to Haunt Security Pros into Next Decade (Dark Reading) Decentralized threat intel sharing, more public-private collaboration, and greater use of automated incident response are what's needed to combat phishing

Growing up with technology doesn’t make you more cyber-secure: Report (Express Computer) In today’s multigenerational workforce, the over-30s are more likely to adopt cybersecurity good practice than their younger colleagues who have grown up with digital technology

Deepfakes and the New Disinformation War (Foreign Affairs) Thanks to the rise of “deepfakes”—highly realistic and difficult-to-detect digital manipulations of audio or video—it is becoming easier than ever to portray someone saying or doing something he or she never said or did, with potentially disastrous consequences for politics.

Marketplace

Twitter to Ban Political Ads (Wall Street Journal) Twitter is banning political advertising from its platform, a move that comes as social-media firms have faced scrutiny over promoting messages that potentially contain false or misleading information.

Twitter to ban all political ads amid 2020 election uproar (Washington Post) The policy announced by Twitter CEO Jack Dorsey on Wednesday will take effect in November.

Twitter bans political adverts before UK election (The Telegraph) Twitter is banning all political advertising ahead of the UK's general election in December.

FireEye CEO coy on sale rumours (CRN) Kevin Mandia swerves analyst question after reports of a private equity buyout surfaced earlier this month

ConnectWise Redefines Business Automation for Technology Solution Providers with Acquisitions of Continuum and ITBoost (West) The company also announces a strategic partnership and an industry-wide initiative

Major Employers Commit to Build a Stronger Cybersecurity Workforce Pipeline (The Aspen Institute) Major Employers Commit to Build a Stronger Cybersecurity Workforce Pipeline Date: 10/30/2019 By: John Carlin Chair, Cyber & Technology Program, The Aspen Institute For the past four years, the Director of National Intelligence has named cyber threats to critical infrastructure as the top national security concern. Attacks on Atlanta, Baltimore, Louisiana, Florida, Texas show how, …

Products, Services, and Solutions

Address Persistent Threats Faster: Huntress Introduces Assisted Remediation (West) Huntress Labs, a provider of managed breach detection for Managed Service Providers (MSPs), SMBs and enterprises, today announced Assisted Remediation, a new product feature that automates execution of targeted remediation actions. Assisted Remediation enables the Huntress agent to automatically perform remediation recommendations that previously required manual response by an IT administrator

Flashpoint Extends Integration Ecosystem, Arming More Users with Uniquely Sourced Intelligence, Visibility into Threats (West) New SIEM Integrations, TIP Enrichments Powered by Technical Indicators and Data from Illicit Online Communities Bring Wealth of Contextualized Data to Users

Using Microlearning to Create Cybersecurity Awareness (PR Newswire) Even the best technology can't stop a virus from attacking if a company's employees are not aware of risks...

Syapse Selects Sumo Logic to Enhance Data Security and Operational Insights (West) Leader in Precision Medicine Leverages Continuous Intelligence to Safeguard Data Sharing Across its Global Network of Health Systems

Keeper Security Unveils Exclusive Solution for Managed Service Providers (PR Newswire) Today at ConnectWise IT Nation Connect 2019, Keeper Security, Inc., provider of the leading...

Snow Software Unveils Risk Monitor to Combat Security and Compliance Threats (AP NEWS) Press release content from Business Wire. The AP news staff was not involved in its creation.

KnowBe4 Achieves FedRAMP Authorization From U.S. Federal Government (West) KnowBe4, a security awareness training and simulated phishing provider, receives FedRAMP Authorization designation

Druva integrates with Slack, Teams, ServiceNow, Splunk and Okta (SiliconANGLE) Druva integrates with Slack, Teams, ServiceNow, Splunk and Okta - SiliconANGLE

Splunk Cloud Attains FedRAMP Authorization (Techwire.net) Splunk Inc., announced that Splunk Cloud™ has received FedRAMP authorization - moderate impact level, see link below for details.

Splunk Mission Control launch enables a unified SOC (SearchSecurity) Splunk has rolled out Splunk Mission Control, a platform aimed at enabling security analysts to detect, investigate, hunt, contain and remediate threats from one work surface.

KnowBe4 introduces two initiatives to strengthen organisational security culture (Paypers) KnowBe4, a provider of security awareness training and simulated phishing platform, has introduced two new assessment capabilities.

Delve Launches Contextual Vulnerability Prioritization (PR Newswire) Delve, the pioneer in AI-Based vulnerability assessment and prioritization, today announced the release of...

Exabeam Partners with Westcon-Comstor Americas to Accelerate Business Growth in Latin America Region (BusinessWire) Exabeam and Westcon-Comstor Americas have signed an exclusive distribution agreement to accelerate Exabeam's business growth in Latin America.

Revolut's new privacy policy assumes user consent to share data for "marketing purposes" (Reclaim The Net) You don't opt in. You have to opt out.

Technologies, Techniques, and Standards

NIST Seeking Comments on Cryptography Changes (MeriTalk) The National Institute of Standards and Technology (NIST) is looking to update the techniques used to generate digital signatures under FIPS 186-5 and is seeking public comment, as noted in an upcoming Federal Register post.

Threat Intel Versus Threat Hunting, What's the Difference? - Active Countermeasures (Active Countermeasures) I see a lot of confusion around threat hunting and threat intelligence. In fact, it’s not uncommon to hear people conflate the two. …

How can cybersecurity threat hunters measure success? (Authentic8 Blog) The answer may lie in a strategy and tool selection that avoids mission and cost creep, and results in measurable effects - and savings - to prove it.

Tips for Your Vendor Security: Closing the Most Common Cyber Gaps (Panorays) Learn about your vendors’ most common cyber gaps and how to close them. The fourth in a series on guiding companies about suppliers’ cybersecurity, as part of Cybersecurity Awareness Month.

If You Want Cybersecurity, Prepare For Cybercrime (Forbes) The probability of cybercrime committed against any business is high; the impact can be devasting, and the response is complicated. Every business, big or small, needs to have a cyber breach strategy, and it needs to practice it.

How Bitcoin And Blockchain Technology Evolved (Avast) Read why veteran cybersecurity blogger Byron Acohido believes public blockchains are in a nascent stage, approximately where the internet was in the 1990s, but headed in a very different direction.

Research and Development

Northrop Grumman and Carnegie Mellon Enter Into Research Agreement to Collaborate on Artificial Intelligence Projects (Northrop Grumman Newsroom) Northrop Grumman Corporation (NYSE: NOC) and Carnegie Mellon University (CMU) have formally signed a master research agreement (MRA) that will help foster innovation between the two organizations. The signing also ...

Academia

Okemos High School wins Governor’s High School Cyber Challenge (WSYM) Highlighting the skills needed to fill the growing demand for cybersecurity talent in Michigan and beyond, students from Okemos High School were crowned champions of the 2019 Governor’s High School Cyber Challenge.

St. Pete College Named Center of Excellence in Cyber Defense Education (Bay News 9) SPC Named Center of Excellence in Cyber Defense Education

Legislation, Policy and Regulation

With eye to China, Israel forms panel to vet foreign investments (Reuters) Israel decided on Wednesday to form an advisory committee to weigh national secu...

US, Montenegro work together to defend against malicious cyber actors (U.S. Cyber Command) For the second year in a row, at the invitation of the Montenegrin Government, an elite cyber team of U.S. service members is working alongside Montenegrin cyber defenders to counter malicious cyber

U.S. military cyber warfare and cyber security strategies take aggressive approach, but what are the risks? (Military & Aerospace Electronics) America must consider whether concepts like offense, defense, and deterrence are applicable to continuing cyber warfare and cyber strategies.

Should Tech CEOs Go to Jail Over Data Misuse? Some Senators Say Yes (Wired) Ron Wyden turned heads this month with a bill that would put tech executives behind bars, but not all of his colleagues agree it would be effective—or constitutional.

Senators introduce bill to strengthen cybersecurity of local governments (TheHill) A bipartisan group of senators on Wednesday introduced legislation intended to shore up cybersecurity for local governments by providing resources for them to switch to secure internet domains administered by the federal government.

Analysis | The Cybersecurity 202: Free cybersecurity help for campaigns is on its way (Washington Post) The group led by Clinton and Romney vets wants to prevent another 2016.

Don’t Be Evil: The Case Against Big Tech by Rana Foroohar review — break up the giants (Times) The blimp was a portent of doom. In April footage emerged of a hulking, Amazon-branded zeppelin flying slowly over a Japanese fishing village while disgorging an army of drones that proceeded to...

Should contractors be fined for their subprimes’ cybersecurity? (Fifth Domain) In a wide-ranging confirmation hearing, DoD CIO Dana Deasy discussed holding prime contractors accountable.

Rules to stop China buying sophisticated U.S. tech should move faster: lawmaker (Reuters) A leading Republican lawmaker has called for swifter action on the U.S. governme...

Air Force Cyber launches 12N12 effort (Intelligence Community News) Leaders from the 16th Air Force, Air Force Cyber, recently launched an initiative called 12N12 to streamline its cyber weapon systems tools. Launched on July 1, 12N12 aims to replace, reduce and co…

Sen. Warner: Consider CISA chief Krebs for DHS Secretary as McAleenan exits (InsideCyberSecurity.com) Senate Intelligence ranking member Mark Warner (D-VA) is touting CISA Director Christopher Krebs as a strong candidate to take over as DHS secretary, with Acting Secretary Kevin McAleenan preparing to step down Thursday.

Kenya urges cyberspace innovators to emulate Chinese innovation (News Ghana) A Kenyan official on Wednesday called on Kenyan cyberspace innovators to embrace the concept of Chinese inventiveness to help come up with products suitable for the local market. Ababu Namwamba, chief administrative secretary in the ministry of foreign affairs, said Chinese innovators create products that are suitable to the local…

Litigation, Investigation, and Enforcement

Spain and GitHub Are Blocking an App That Helped Protesters Organize (Vice) As thousands of people protest in Barcelona, an app meant to organize activists was blocked by Github on request of the government.

Egypt expands its crackdown to target foreigners, journalists and even children (Washington Post) An American student was among thousands swept up in the Sissi government’s campaign.

Facebook launches $2m suit against alleged phishing, hacking sites (Naked Security) Facebook is using trademark law to target the operators of sites that imitate or target Facebook and Instagram sites.

WhatsApp's Case Against Alleged Hackers Might Be an Uphill Battle (Wired) The Facebook-owned messaging company is taking on a notorious malware vendor in what could be an uphill battle.

Facebook deletes the accounts of NSO Group workers (Ars Technica) Deletions come after allegations NSO exploit targeted 1,400 WhatsApp users.

'SpyHunter' Ruling Undermines Congress' Approach To Malware, Security Company Argues (Media Post) Malwarebytes is asking a courtt to reconsider a recent ruling that revived a lawsuit by rival security company Enigma Software, which said its SpyHunter and RegHunter programs were wrongly flagged as potentially problematic.

Victoria Police arrest man over telco DDOS attack (CRN Australia) Allege action against telco.

2 Plead Guilty in 2016 Uber and Lynda.com Hacks (New York Times) Guilty pleas to charges of hacking and an extortion conspiracy cap a legal saga that ensnared the tech companies in data breach scandals.

Coalfire CEO says Dallas County Courthouse doors were unlocked (KCCI) The CEO of a company hired by the state to conduct security tests at Iowa courthouses and the state court building released a statement Wednesday in support of two employees now charged with trespassing.

We are supporting Coalfire (Social-Engineer) If you haven’t read the post from Coalfire’s CEO, Tom McAndrew, you should.

Bring your own context.