The CyberWire Daily Briefing, 11.18.19

Cyber Attacks, Threats, and Vulnerabilities

Opinion | Here’s how Russia will attack the 2020 election. We’re still not ready. (Washington Post) Traditional and social media organizations must both prepare for an onslaught of Russian disinformation.

After reports of cyber attack, India assures Russia that Kudankulam nuclear power plant is safe (Hindustan Times) A part of a network at the Kudankulam in Tamil Nadu, India’s largest civil nuclear facility, was breached earlier this year during a hacking attack believed to have originated on foreign soil.

The Evidence That Links Russia’s Most Brazen Hacking Efforts (Wired) From the 2017 French election to the Olympics to NotPetya, the same group's fingerprints have appeared again and again.

Notorious hackers claim responsibility for Labour DDoS (ComputerWeekly.com) Hackers claiming to represent Lizard Squad say they were behind a distributed denial of service attack on the UK’s Labour Party.

No data breach after cyber attack on Labour Party systems, officials say (HeraldScotland) A large scale cyber attack on Labour Party digital platforms failed due to robust security sytems, the party has said.

The Iran Cables: Secret Documents Show How Tehran Wields Power in Iraq (New York Times) Hundreds of leaked intelligence reports shed light on a shadow war for regional influence — and the battles within the Islamic Republic’s own spy divisions

APT33 sics small, elusive botnets on US and global targets (SC Magazine) Iranian threat actor APT33 employs more than a dozen secret botnets to infiltrate and spy on the networks of various Middle Eastern, US and Asian organisations

Secret Iranian Network Behind ‘Aggressive’ U.S. Cyberattacks Exposed In New Report (Forbes) Iranian cyberattacks on strategic industries in the U.S. and elsewhere have been hiding in plain sight.

Iranian hacking group built its own VPN network (ZDNet) Security researchers identify APT33's private network of 21 VPN nodes.

More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting (TrendLabs Security Intelligence Blog) The threat group APT33 is known to target the oil and aviation industries aggressively. Our recent findings show that the group uses about a dozen live Command and Control (C&C) servers for extremely narrow targeted malware campaigns against organizations in the Middle East, the U.S., and Asia.

Office 365 phishing campaign uses multiple validated domains (SC Magazine) Security researchers have discovered a new phishing campaign that targets Microsoft Office 365 administrators to compromise domains.

Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies (Vice) It’s a reward for hacktivists and criminals who break into capitalist institutions, offered by one of the most infamous hackers of all time.

Remounting the Pegasus Named NSO (Beyond Search) Those who care about security will want to check out the article, “Pegasus Spyware: All You Need to Know” from the Deccan Herald. Approximately 1,400 smartphones belonging to activists, lawyers, an…

Chrome, Edge, Safari hacked at elite Chinese hacking contest (ZDNet) China's top white-hat hackers have gathered in Chengdu to test zero-days against today's top software.

Ukrainian Railways Uncovers Bitcoin Mining Farm at Lviv Branch (CryptoGlobe) On Friday (November 15), the state-owned Ukrainian Railways (Ukrzaliznytsia) announced that it had found out that its Lviv branch was illegally operating a Bitcoin mining farm powered by the company's electricity (which is paid for by taxpayers in the country).

Bugs in Qualcomm chips leaked private data from Samsung and LG phones (The Next Web) Researchers have disclosed a set of vulnerabilites affecting Qualcomm chipsets that could allow a potential attacker to steal critical information.

Beware of the 'Juice Jacking' Scam (NBC Southern California ) Travelers should beware of using public USB power charging stations in hotels, airports and other public places after a warning from the Los Angeles County District Attorney's Office.

Attack tools and techniques used by major ransomware families (Help Net Security) Sophos covers the ransomware attack techniques used by 11 major families including WannaCry, SamSam, RobbinHood, Ryuk, MegaCortex, and more.

Thousands of hacked Disney+ accounts are already for sale on hacking forums (ZDNet) Hackers began hijacking accounts hours after Disney+ launched earlier this week.

Facebook reports WhatsApp bug that could allow hackers to infect your phone via video file; update now (Tech2) The bug has been patched in the latest versions of WhatsApp, and was reported to India's CERT-IN.

Another Pegasus-like spyware found targeting WhatsApp with MP4 files (India Today) Similar to the Pegasus incident, the new kind of security vulnerability is also being called "a stack-based buffer overflow vulnerability". It allows a remote attacker to target phones by sending a video file in MP4 format.

Nearly 150 vulnerabilities come on many Android devices out of the box (Android Authority) The vulnerabilities span across 29 different device OEMs, including Sony, Xiaomi, Asus, and Samsung.

Holiday Shoppers Beware: Look-Alike Domains Are Targeting Your Wallet (Venafi) Venafi research details the explosion of look-alike domains, which are often used to steal sensitive data from online shoppers. Find out what we discovered in our study.

How Fraud Stole Christmas (Terbium Labs®) We take a closer look at their growing fears about data loss, fraud, and identity theft – and how these fears could influence their choice of payment methods and impact their loyalty with businesses after their data has been compromised.

Woman loses $300k to 'Singtel customer service' caller helping her solve Wi-Fi connectivity problem (The Straits Times) At least 156 reports of such scams have been lodged from January to October, with victims losing at least $6 million in all.. Read more at straitstimes.com.

Port Neches-Groves ISD computers attacked by ransomware, systems shut down (KBMT) Superintendent Dr. Mike Gonzales said employees were unable to clock in on Tuesday, leading to the discovery of the attack.

FBI working to restore Port Neches-Groves ISD database after hackers hold it for ransom (KFDM) Cybersecurity specialists and the FBI are working around the clock to restore ownership of the Port Neches-Groves ISD online database after hackers took hold of it with ransonware.

Prophet or puppet-master? Meet the man behind the Zuckerberg deepfake (Digital Trends) Bill Posters is a former street artist based in the U.K. You may not know his name, but if you’ve been paying attention, you’ve likely seen his work.

Disinformation Please: Facebook's False Ads (Aish) Should false ads be banned?

150 infosec bods now know who they're up against thanks to BT Security cc/bcc snafu (Register) Mass-mail fail followed outfit's appearance at jobs fair

‘Magic: The Gathering’ game maker exposed 452,000 players’ data (TechCrunch) A exposed database file contained account data on 452,634 players.

Security Patches, Mitigations, and Software Updates

Symantec, McAfee Patch Privilege Escalation Bugs (Dark Reading) All versions of endpoint protection software from both vendors were susceptible to near identical issue, SafeBreach says.

Cyber Trends

Disruptive technology predictions: 2020 will see the creation of completely connected environments (Help Net Security) NTT experts made a series of disruptive technology predictions. In 2020 we'll probably see connected environments that are capable of running themselves.

Three Cybersecurity Lessons Learned in the 2010s (CyberArk) Big cybersecurity lessons from the past decade include eliminating security silos, using AI more effectively and threat intelligence and response.

Cybersecurity Is An Asset, Not A Nuisance (Forbes) When you have your cybersecurity house in order, you can focus on your true goal: growing your business.

20 Alarming Identity Theft Statistics 2019 (And How To Protect Yourself) (Safe Smart Living) ID theft is on the rise. Don't be the next victim. Check out these stats and learn how to protect yourself from this cyber-age threat.

IT professionals deem hybrid cloud as most secure (Help Net Security) 85% of enterprises believe in hybrid cloud security, and have selected hybrid cloud as their ideal IT operating model, a Nutanix survey reveals.

Bitcoin Revolution Meets Protestant Reformation, Crypto Drives Change? (Cointelegraph) “The Bitcoin Reformation” points to four fundamental parallels between the Protestant Reformation and the present day — do they have merit?

75 Percent of German Companies Affected by IT Security Incidents in 2019 (Global Security Mag Online) German companies are plagued with an increasing number of cyber-attacks and IT security incidents. According to PreciseSecurity.com research, 75 percent of them have been affected by some sort of IT security incidents in 2019, causing total damage of €102.9 billion this year.

Marketplace

Q&A: Cybersecurity must be a priority in M&A strategies (Includes interview) (Digital Journal) The mergers and acquisitions process is critical. Companies are using different clouds and containers – which add to the complexity. Anurag Kahol provides Digital Journal readers with the main cyber-risks faced by companies undergoing the M&A process.

New York startup wins $2M backing from DataTribe, plots move into Maryland (Baltimore Business Journal) Code Dx CEO Anita D'Amico said she hopes to achieve $4 million in sales in 2020, and the new funding will help her company get there.

Mimecast Buys Email Security Firm DMARC Analyzer To Block Spoofing (CRN) Mimecast has purchased small email security vendor DMARC Analyzer to reduce the time, effort and cost associated with stopping domain spoofing attacks.

IPKeys Acquires Cyber Monitoring Leader N-Dimension (Environmental XPRT) IPKeys Power Partners, a leading provider of integrated technology solutions for intelligent utilities and smart cities, this week ...

HP rejects acquisition offer from Xerox, but leaves door open to raised bid (Computing) HP Inc's board of directors believe that Xerox's offer significantly undervalues the PC and printer maker

WSJ News Exclusive | TikTok Looking at Ways to Shake Off Its Ties to China (Wall Street Journal) TikTok this year made history as China’s first social-media company to make it big in the U.S. Now, TikTok wants to shed its label as a Chinese brand.

Getting into cybersecurity: Self‑taught vs. university‑educated? (WeLiveSecurity) Are you considering a career in cybersecurity? What learning path(s) should you take? Does formal education matter? ESET experts share their insights.

Booz Allen appoints Jerry Bessette to lead firm's cyber incident response team (Help Net Security) Booz Allen Hamilton announced that Jerry Bessette has joined Booz Allen as a senior vice president of the firm’s Commercial business.

SKOUT CYBERSECURITY Welcomes SecureWorks Veteran Tyler Winkler To Board of Directors (Olean Times Herald) SKOUT CYBERSECURITY, a cloud-native cybersecurity provider for small and mid-sized businesses (SMBs), delivered by managed service providers (MSPs), today announced the appointment of

NightDragon Security Expands Team And Advisory Council (Pulse 2.0) Cybersecurity investment firm NightDragon Security announced it expanded its team and advisory council.

Products, Services, and Solutions

New infosec products of the week: November 15, 2019 (Help Net Security) New infosec products for this week of November 2019 include the following vendors: Sysdig, HiveIO, Jamf, ZeroNorth and Bitglass.

IBM and Wells Fargo Collaborate to Accelerate Innovation (IBM Research Blog) At IBM we’re committed to an exploratory science agenda, working with companies to advance innovation research and learning within their ecosystem.

NanoLock Security joins with Mekorot to deliver cyber protection for water and energy utilities (SecurityInfoWatch) NanoLock and Mekorot collaborate on device-level cyber defense solutions to protect critical infrastructure from outsider, insider and supply chain cyberattacks.

Tech Data launches cyber range to fight simulated threats (Fifth Domain) Tech Data is partnered with the National Cyber Warfare Foundation, which built its own cyberwarfare range in 2012.

Technologies, Techniques, and Standards

DHS Cyber Monitoring Program Is Shedding Light on Agencies’ Shadow IT (Nextgov.com) Before using tools provided under the Continuous Diagnostics and Mitigation program, agencies only knew about four of every seven devices that connected to their networks, according to program manager Kevin Cox.

IAEA Conducts Training Course on Protecting Nuclear Facilities from Cyber-Attacks (IAEA) A mock scenario that included adversaries taking control of a nuclear research institute’s physical protection system and implanting malware at a nuclear power plant, to compromise security and cause sabotage, provided for intense learning this month, during an IAEA International Training Course (ITC) on Protecting Computer Based Systems in Nuclear Security Regimes.

The energy industry practices for a 'black swan' cyberattack that could take down the grid (CNBC) The event is called GridEx, and takes place every two years. It imagines the U.S. under attack from a foreign country, through the power grid.

Think you're covered? Cyber insurance can have big gaps (Houston Chronicle) Forty-three percent of cyberattacks are targeted at small businesses.

It Takes A Global Village: Smart Companies Must Come Together To Take Stronger Action On OT Security (Forbes) The transnational and cross-business nature of this issue requires companies to take stronger, independent action to secure OT

Ransomware Campaigns Underscore Need for Dynamic Security (The CloudPassage Blog) Ransomware defense costs can be justified by the potential finanial impact of attacks, such as those incurred by Pitney Bowes by the Ryuk virus infection.

Avoid the scam: Small business owners shouldn't skimp on cybersecurity (Yakima Herald-Republic) Tyler Russell is the media and community contact person for the Better Business Bureau Northwest & Pacific’s Eastern Washington and North Idaho area. Email him at tyler.russell@thebbb.org.

Being Cybersecure Is Not Enough, Become Cyber-Resilient Instead (CircleID) Technology, for its immense evolution, has now become a significant driver of the economy – both digital and global. Along with developments and innovations such as cloud-based computing and Internet-connected mobile devices, however, cybercrime lurks in the shadows.

US Govt Recommends Vendor System Configs To Block Malware Attacks (BleepingComputer) The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) today reminded users and system administrators to properly configure their systems to defend against malware that can exploit improper configurations.

Air Force creates Cyberspace Capabilities Center to streamline communi (U.S. Air Force) The Air Force created a new Cyberspace Capabilities Center Nov. 7, in an effort to bridge cyber support gaps and synchronize enterprise requirements to best support today’s warfighter.

Design and Innovation

Can open source intelligence combat Russian disinformation in the Baltics? (C4ISRNET) NATO will need to utilize social media and other publicly available information to combat Russian disinformation.

Twitter to Restrict How Certain Advertisers Target Users (Wall Street Journal) Twitter said it would no longer allow certain types of geographic or keyword targeting for advertisers promoting any type of cause.

Twitter unveils final details for political ad ban, but it's still looking murky (CNBC) Twitter laid out the framework for its new policy on political ads, which bans certain advertisers and issue ads.

Twitter is walking into a minefield with its political ads ban (Vox) Twitter just released the first iteration of its policies banning political ads — and appears to have changed course on CEO Jack Dorsey’s declaration it would ban issue ads.

Boeing gives pink slips to robots, trying out 'humans' (MyNorthwest.com) Boeing gave their large-scale robotic system the old heave-ho recently after years of messing up the assembly of the 777 fuselage.

Boeing’s Sidelined Fuselage Robots: What Went Wrong? (Mind Matters) By all means, let’s build machines that enhance our abilities. But let’s not forget that the really amazing thing is not the tool, but the tool builder.

Research and Development

Galois to Develop Secure Computing Tech Under IARPA Program (ExecutiveBiz) Galois has received a five-year, $15.2M contract from the Intelligence Advanced Research Projects Activity to develop a software development platform to facilitate secure computation by public and private sector programmers who are not particularly skilled in cryptography.

Information overload: The promise and risk of quantum computing (Bulletin of the Atomic Scientists) Google announced a breakthrough in quantum computing, a perennially just-over-the-horizon technology that promises to dramatically increase the speed at which computers can complete complex tasks. While the technology promises to unlock vast new areas of knowledge, it carries with it national security and other risks.

Academia

This year’s NSA Codebreaker Challenge is in full swing (Federal News Network) Every year the NSA conducts its Codebreaker Challenge to encourage students interested in cybersecurity to apply their talents in service of national security.

GCU nationally recognized for cyber defense (Chamber Business News) Grand Canyon University has been recognized as a National Center of Academic Excellence in Cyber Defense by the NSA and Department of Homeland Security.

PNNL hosts third annual CyberForce Competition (NBC Right Now ) College students spent their Saturday at Pacific Northwest National Laboratory in Richland to compete against each other and other students around the country in a simulated cyber attack.

Registration nears for Illinois girls’ cybersecurity program (Baltimore Sun) A statewide program helping female high school students learn about cybersecurity and potential jobs in the field begins accepting registration next month.

Legislation, Policy and Regulation

The U.S. is urging a no vote on a Russian-led U.N. resolution calling for a global cybercrime treaty (Washington Post) The Russian proposal could allow state control of the Internet, officials and human rights groups warn.

China’s Surveillance State Has Eyes on Central Asia (Foreign Policy) Autocrats are handing their citizens’ data to Beijing under so-called smart city programs.

‘Absolutely No Mercy’: Leaked Files Expose How China Organized Mass Detentions of Muslims (New York Times) More than 400 pages of internal Chinese documents provide an unprecedented inside look at the crackdown on ethnic minorities in the Xinjiang region.

Taiwan halts sale of Huawei phones over territorial dispute (South China Morning Post) National Communications Commission orders firms to stop offering P30, P30 Pro and Nova 5T models because their displays include the words ‘Taiwan, China’ for time zones and contacts.

Huawei, ZTE 'cannot be trusted' and pose security threat: U.S. attorney general (Reuters) Huawei Technologies Co and ZTE Corp <000063.SZ> "cannot be trusted," U...

U.S. Said to Extend Reprieve for Huawei (New York Times) The Trump administration is set to extend a license that will allow American companies to continue doing business with the Chinese telecom giant Huawei.

How Iran's Government Shut Off the Internet (Wired) After years of centralizing internet control, Iran pulled the plug on connectivity for nearly all of its citizens.

AI for health, infrastructure and natural resources key to Australia's future prosperity (Mirage News) The Australian Government released its artificial intelligence (AI) technology roadmap, developed by CSIRO, Australia's national science agency, at...

COMMENTARY: Three ominous policy challenges await Canada’s new Parliament (Global News) China, Russia and defence procurement will test the mettle of Canada's minority Liberal government, Matthew Fisher says.

Experts call for adoption of framework to ensure stability in cyberspace (IT World Canada) Governments, their supporters and technology companies have to adopt internationally-accepted rules to limit online misconduct and a forum for hearing complaints or

Cyber Battles, Nuclear Outcomes? Dangerous New Pathways to Escalation (Arms Control Today) In January 2018, details of the Trump administration’s Nuclear Posture Review (NPR) were posted online by the Huffington Post, provoking widespread alarm over what were viewed as dangerous shifts in U.S. nuclear policy.

Exclusive: Interpol plans to condemn encryption spread, citing predators, sources say (Reuters) The international police organization Interpol plans to condemn the spread of st...

Labour plan to nationalise BT Openreach and provide 'free' fibre broadband for all (Computing) TalkTalk pulls sale of FibreNation business and BT shares fall following new Labour giveaway offer

Agencies need a long view on infrastructure for connected devices (Fifth Domain) Agencies need to be cognizant of the security approach to IoT platforms, one that includes digital certificates and physical security.

Litigation, Investigation, and Enforcement

U.S. Struggles to Stem Chinese Efforts to Recruit Scientists (Wall Street Journal) National security officials say universities are at the leading edge of a plan by Beijing to gain scientific expertise and illicitly leapfrog the technology gap with the West, but prosecutors face challenges proving wrongdoing in court, as new allegations in a criminal case in Kansas underscore.

Is Silicon Valley full of Chinese and Russian spies? (The Telegraph) Recent arrests raise fears spymasters are tapping the vast reach of social media giants

Analysis | The Cybersecurity 202: Schiff hammers Trump’s Crowdstrike conspiracy theory at impeachment hearing (Washington Post) The GOP didn't name check the firm, for once.

UK Government Will Publish Russia Report After Election-Minister (New York Times) The British government will publish a parliamentary report examining alleged Russian meddling in British politics after the country's Dec. 12 election, security minister Brandon Lewis said on Sunday.

Microsoft updates privacy policy following intervention by EU data protection watchdog (Computing) Microsoft amends cloud privacy policy following investigation by European Data Protection Supervisor

Former Operator of Illegal Booter Services Sentenced for Conspiracy to Commit Computer Damage and Abuse (Department of Justice Office of Public Affairs) An Orland Park, Illinois, resident was sentenced yesterday to 13 months in prison, followed by three years of supervised release on one count of conspiracy to cause damage to internet-connected computers for his role in owning, administering and supporting illegal booter services that launched millions of illegal denial of service, or DDoS, attacks against victim computer systems in the United States and elsewhere.

The Dark Overlord hacking suspect who's fighting extradition to the U.S. is running out of options - CyberScoop (CyberScoop) An alleged member of the Dark Overlord hacking crew could be extradited to the U.S. before the end of the year. Nathan Wyatt, a 38-year-old U.K. resident, has been charged with conspiracy, two counts of aggravated identity theft and three counts of threatening damage to a computer in connection with a U.S. investigation into the Dark Overlord, according to British court documents.

Despite bans, Giphy hosts self-harm and child abuse content (TechCrunch) Researchers found pedophiles were using Giphy to spreading illegal materials online.

Booz Allen, CACI Must Face No Poach Class Action (Bloomberg Law) Booz Allen Hamilton Inc., Mission Essential Personnel LLC, and CACI International Inc.—defense contractors that perform intelligence work in England—must face a class action accusing them of violating antitrust rules by agreeing not to hire one another’s workers, an Ohio federal court said.

British company linked to Bitcoin exchange at centre of FBI money laundering claims (The Telegraph) A British company regulated by the City watchdog has links to a notorious cryptocurrency exchange at the centre of a US money laundering trial, according to anti-corruption investigators.

Iowa hired hackers to break into courthouse, then locked them up (Fox Business) The CEO of Coalfire called the charges "completely ridiculous."

Immigration officials nab 36 Japanese tagged in telecoms scam (ABS-CBN News) MANILA - The Bureau of Immigration (BI) on Wednesday arrested 36 Japanese nationals, including 2 wanted criminals, for their alleged involvement in a telecommunications scam.

Woman who made documentary on elephants in Kerala faces cyber-bullying (The New Indian Express) The Viswa Gaja Seva Samithi has filed a petition in the Kerala High Court seeking an order to the state government to dissociate itself from the woman who is a foreign citizen.

Bring your own context.