The CyberWire Daily Briefing, 11.21.19

Cyber Attacks, Threats, and Vulnerabilities

Microsoft: Iranian hacker group homing in on industrial systems (Axios) Researcher warns this may be a foothold for future

Iran’s APT33 Hackers Are Targeting Industrial Control Systems (Wired) The recent focus on ICS raises the possibility that Iran's APT33 is exploring physically disruptive cyberattacks.

ISIS expected to revamp operations in Syria, grow ability to target the West, says Pentagon watchdog (Military Times) Without counterterrorism pressure, the Defense Intelligene Agency anticipates ISIS will have a better opportunity to cultivate its covert networks, the report said.

Analysis | How Russia weaponized social media, got caught and escaped consequences (Washington Post) Russia weaponized social media in an attempt to influence the 2016 presidential election. But its efforts didn't end after it was caught.

Dtrack: In-depth analysis of APT on a nuclear power plant (Cyberbit) Dtrack is a RAT (Remote Administration Tool) allegedly written by the North Korean Lazarus group.

Nyotron Discovers Technique That Renders Ransomware Invisible to Security Software (PR Newswire) Nyotron, provider of the industry's first automatic Endpoint Detection and Response (EDR) solution that both detects malware and prevents...

RIPlace Evasion Technique (Nyotron) In Spring 2019, Nyotron’s Research team discovered an evasion technique that could allow malicious actors to alter files (including encryption) in a way that enables them to bypass most antivirus, anti-ransomware and Endpoint Detection and Response (EDR) solutions’ detection capabilities.

Microsoft Denies Bluekeep Ransomware Rumors (Infosecurity Magazine) Microsoft Denies Bluekeep Ransomware Rumors. Redmond also says no Teams link to recent Spanish outages

Microsoft rebukes rumors that Microsoft Teams is being used in ransomware attack (ZDNet) Microsoft also knocks down rumor that hackers are using the BlueKeep exploit to install the DoppelPaymer ransomware.

Customer Guidance for the Dopplepaymer Ransomware (Microsoft Security Response Center) There is misleading information circulating about Microsoft Teams, along with references to RDP (BlueKeep), as ways in which the Dopplepaymer malware spreads. Our security research teams have investigated and have found no evidence to support these claims. In our investigations we have found that the malware relies on remote human operators using existing Domain Admin credentials to spread across an enterprise network.

FBI says hackers are targeting US auto industry (CNN) The American automotive industry has been the target of malicious cyber actors since at least late 2018, according to an FBI report obtained by CNN.

Report: AccorHotels Subsidiary Exposes Hotels and Travelers in Massive Data Leak (vpnMentor) Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach belonging to Gekko Group, a subsidiary of Accor Hotels. Based in France,

XSS security hole in Gmail’s dynamic email (Naked Security) The bug was fixed at least a month ago so users receiving dynamic email content have one less thing to worry about.

WeWork Developers Exposed Contracts and Customer Data on GitHub (Vice) The agreements contain phone numbers and addresses of individuals, and others have bank account information.

Official Monero website is hacked to deliver currency-stealing malware (Ars Technica) GetMonero.com delivers Linux and Windows binaries that steal users' funds.

Instagram stalker app Ghosty yanked from Play store (Naked Security) It was sucking up private profiles by requiring users to hand over their logins, giving it access to whatever accounts they follow.

Cyber thieves target medical group in Sikeston, Mo. (KFVS 12) According to Saint Francis Healthcare System, the computer network at Ferguson Medical Group, LP (FMG) experienced a cyber attack on Sept. 20.

Beware the Gift Card Scam: How One Family Learned the Hard Way (Wall Street Journal) Scammers are calling or emailing people, often seniors, under a variety of pretenses—grandchildren, tech support, tax collectors, etc.—that culminate in requests to purchase retail gift cards.

Security Patches, Mitigations, and Software Updates

Google introduces new G Suite security options (Help Net Security) Google has introduced new G Suite security options, including Advanced Protection for enterprise users and access control for apps accessing account data.

Update WhatsApp now: MP4 video bug exposes your messages (Naked Security) A now-patched-hole could have allowed remote code execution that could have exposed files and messages. Update your WhatsApp now.

Adobe Acrobat and Reader 2015 reach end of support (Naked Security) If you’ve been happily using Adobe Reader 2015 software for the last few years, you’re in for a rude awakening.

Microsoft starts releasing fixes for Access bugs introduced in Office security patches this month (Computerworld) If you’ve been seeing new Access 'Query is corrupt' errors, they’re likely caused by buggy Office patches released on Patch Tuesday last week. Microsoft has started releasing fixes for the bad Office security patches. One of them, for Access 2016, arrived yesterday.

Cyber Trends

Retail E-Commerce Report 2019: The Rising Tide of Fraud (Signals Intelligence) Download the 2019 Retail E-Commerce Report from Signal Sciences to learn our key findings...

Attackers increasingly embrace small-scale DDoS attacks to evade detection (Help Net Security) Neustar research on cyber threats and trends reveals continued increase in both large- and small-scale DDoS attacks, new threat vectors.

Forcepoint Presents Cybersecurity Predictions for 2020 (ExecutiveBiz) Forcepoint called on its strategists, researchers and engineers to identify and discuss cybersecurity trends they forecast for the coming year and one of those predictions concerns with the Cloud Smart strategy. Eric Trexler, vice president of global government at Forcepoint, shared that more organi

Food firms ‘invest least’ in cyber attack security (Food Manufacture) Food firms rank the lowest in terms of investment to prevent the threat of cyber attacks, according to the latest government data.

Miners not taking cybersecurity risks seriously, report finds - International Mining (International Mining) “In an increasingly automated and interconnected world, the risk of rogue systems and equipment is growing rapidly," Graeme Stanway says

Marketplace

Banyan Security Raises $17 Million to Help Enterprises Modernize their Secure Remote Access Infrastructure (PR Newswire) Banyan Security, a leading provider of cloud-centric secure remote access solutions based on Zero Trust security principles, today announced it...

Perimeter 81 Announces $10 Million Funding Round to Expand its Network as a Service Platform; Partners with SonicWall to Add Unified Security Services (PR Newswire) Perimeter 81, a leading Zero Trust network provider for enterprises and organizations, announced today a $10 million Series A investment round...

SonicWall Leads Series A Round Funding In Zero Trust Security Provider Perimeter 81 (PR Newswire) SonicWall, the trusted security partner protecting more than 1 million networks worldwide, today announced that it is leading the Series A...

ZecOps raises $10.2 million to automatically detect and remediate cyberattacks (VentureBeat) Cybersecurity startup ZecOps announced that it's raised $10.2 million in seed funding for its automated threat detection and remediation technology.

CI Security raises another $6.4M to help hospitals implement cybersecurity tech (GeekWire) New funding: CI Security, a 85-person cybersecurity startup with offices in Seattle, Bremerton, and Ellensburg, Wash., has raised an additional $6.4 million, adding to its $16 million Series B round.

CyberGhost owner buys PIA for $95.5m to create VPN giant (TechRadar) Private Internet Access will become part of a huge global VPN operation

Facebook and Google surveillance is an ‘assault on privacy,’ says Amnesty International (The Verge) The tech giants’ business model is at odds with human rights, according to new report

How UK tech is confounding Brexit uncertainty to attract record investment (The Telegraph) The UK's world-leading fintech sector is one of the main reasons why its tech companies are receiving unprecedented levels of investment

Britain will prosper regardless of politics, says ex-Google boss Eric Schmidt (The Telegraph) Britain’s technology industry has reached a critical mass where it will continue to prosper “independently of what happens politically in the country”, according to one of Silicon Valley’s most powerful figures.

Google Hires Firm Known for Anti-Union Efforts (New York Times) After nearly two years of unrest, the company appears to be cracking down on employee activism.

MSSP giant Optiv to shutter UK operation - sources (CRN) Optiv launched in the UK last year but is rumoured to be pulling out of the market

Westpac and Microsoft are collaborating on a new intelligence hub (Business Insider) Westpac designed an intelligence hub with Microsoft, enabling it to analyze user data in real time and offer tailored services and account analytics.

U.S.Air Force Awards ReFirm Labs $1M Contract to Accelerate IoT Security Innovation (Yahoo) ReFirm Labs, a provider of the industry's first proactive IoT and firmware security solutions, today announced it has been awarded a $1 million Phase II Small Business Innovation Research (SBIR) contract from the U.S. Air Force (USAF) Life Cycle Management

Enveil Awarded Air Force Contract to Address Mission-Critical Supply Chain Needs (West) Engagement will utilize the company’s groundbreaking ZeroReveal® solution to advance supply chain security

Network Designs, Inc. (NDi) on Team Selected to Provide Open Source Intelligence Support to the U.S. Army (PR Newswire) Network Designs, Inc. (NDi) announced today that it is a key member of a team led by prime contractor BAE Systems, Inc. that was recently...

Lockheed wins $3.3 billion contract for anti-jamming support (C4ISRNET) Lockheed Martin will perform support services for a trio of anti-jamming satellite communications systems.

IronNet Cybersecurity Announces Growth Plans in EMEA (IronNet) New regional leadership and headquarters in London, along with a new strategic partnership to drive growth in EMEA for IronNet Cybersecurity’s collective defense platform

Carbon Black to open Australia datacentre in 2020 (ComputerWeekly.com) The Australia datacentre comes on the heels of VMware’s acquisition of Carbon Black and will serve organisations with data sovereignty requirements

GrammaTech Appoints Vince Arneja as Chief Product Officer (Herald-Mail Media) GrammaTech, a leading developer of software-assurance tools and advanced cyber-security solutions, today announced that it has appointed Vince Arneja as

Products, Services, and Solutions

IBM Launches Open Technology to Speed Response to Cyber Threats Across Clouds (PR Newswire) IBM (NYSE: IBM) today announced Cloud Pak for Security, featuring industry-first innovations to connect with any security tool, cloud or...

Arctic Wolf Introduces Account Takeover Risk Detection (Arctic Wolf) SOC-as-a-Service Leader Augments Portfolio with Corporate Credential Exposure Detection

ReversingLabs Enhances Splunk Integration to Improve SOC Automation and Decision Making (Yahoo) ReversingLabs, the leading provider of destructive object insights delivering SOC decision support, automation and threat analytics solutions.

Shared Assessments Introduces 2020 Third Party Risk Management Toolkit Updates (BusinessWire) Shared Assessments Introduces 2020 Third Party Risk Management Toolkit Updates; Expanded Privacy Tools for GDPR and CCPA

Acceptto's Continuous Behavioral Authentication™ Verified as Citrix Ready. (PR Newswire) Acceptto today announced that its Continuous Behavioral Authentication solution has been verified as Citrix Ready. The Citrix Ready Program is...

Bugcrowd Adds Asset Inventory to Attack Surface Management (Bugcrowd) For more than seven years, organizations around the world have trusted Bugcrowd to help identify more than 300,000 vulnerabilities in their known IT ecosystems.

Tripwire Teams with Baker Hughes on Industrial Cybersecurity (Tripwire) Nexus Controls, a Baker Hughes business, to Integrate Tripwire ICS Capabilities into SecurityST Solution

Fugue Announces Free Tier to Empower Engineers to Build and Operate Secure Cloud Systems (Fugue) Fugue Developer provides automation tools to visualize cloud infrastructure, identify misconfiguration risks, and demonstrate compliance

Ooredoo Kuwait Chooses Fortinet to Deliver the Region’s First Secure SD-WAN Managed Service to Enterprise Customers (Yahoo) Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced that it has been.

Perception Point Announces SOC 2 Compliance (PR Newswire) Perception Point, a leading cybersecurity firm that protects content-exchange channels from file and URL based attacks, today announced that it...

Illumio Updates ServiceNow App with Support for New York Release (Yahoo) Illumio, the leader in segmentation for workload security, today announced an enhancement to its application for ServiceNow, available now in the ServiceNow Store with support for ServiceNow’s New York release, in addition to the London and Madrid releases. Certification by ServiceNow is only granted

KPMG & nsKnox Partner to Mitigate Payment Fraud with Innovative Anti-Fraud Cyber Solution (BusinessWire) KPMG & nsKnox Partner to Mitigate Payment Fraud with Innovative Anti-Fraud Cyber Solution.

Technologies, Techniques, and Standards

Emsisoft releases new decryptor for Jigsaw ransomware (Emsisoft | Security Blog) We just released a new decryptor for Jigsaw ransomware.

Exclusive: Labour sticks to 'basic' $20 cyber defence after attacks, emails show (Reuters) Britain's opposition Labour Party was using a $20-a-month "basic secur...

How far behind is the Pentagon in electronic warfare? (C4ISRNET) A new report warns of ground lost and suggests asymmetries the Department of Defense can exploit to help regain advantage in the electromagnetic spectrum.

CISA Leads Incident Response Exercise at BOK Center and Cox Business Center in Tulsa (CISA) On Tuesday, November 19, the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with public and private sector partners, held a tabletop exercise in Tulsa, Okla. to test emergency response plans.

What is Password Recovery and How It Is Different from Password Cracking (ElcomSoft blog) Why wasting time recovering passwords instead of just breaking in? Why can we crack some passwords but still have to recover the others? Not all types of protection are equal. There are multiple types of password protection, all having their legitimate use cases. In this article, we’ll explain the d

An open conversation about cyber-risk reporting to the BOD (Balbix) An insightful open conversation with 17 CISOs on the topic of cyber-risk reporting for board of directors.

Design and Innovation

Privacy Engineering Challenge Winner: Geofencing to Prevent Unauthorized Access (Virtru) To inspire innovative, privacy-preserving data protection solutions, Virtru hosted a privacy engineering challenge during the fall of 2019. Today, we are pleased to announce the winner of this challenge: Krish Suchak’s Audit Map submission introduced geolocation features to help prevent unauthorized data access.

Facebook launches new safety tools for advertisers as criticism continues over false political ads (CNBC) Facebook plans to announce a slate of changes Wednesday to help advertisers control the kind of content their ads show up on.

Google to Restrict Political Ad Targeting on Its Platforms (Wall Street Journal) Under the new policy, political ads can only be targeted based on users’ age, gender and postal code.

An update on our political ads policy (Google) An update on some changes we’re making to how we handle political ads on our platforms globally.

How an Ex-Twitter Adman Plans to Squash Email’s Most Pernicious Threats (Fortune) Abnormal Security is taking on "business email compromise," a social engineering attack that has victimized Facebook and Google and attracted the attention of the FBI.

Research and Development

Much of what's being sold as 'AI' today is snake oil, says Princeton professor (Computing) AI companies have raised millions of dollars in funding from investors - but their technology isn't really artificial intelligence.

Why AI will be Inhuman (APN) Cyber security provider F-Secure has launched a new research project to further develop the decentralized artificial intelligence (AI) mechanisms currently used in its detection and response technologies. The initiative, dubbed Project Blackfin, aims to leverage collective intelligence techniques, such as swarm intelligence, to create adaptive, autonomous AI agents that collaborate with each other […]

The problem with the Army’s ‘Go’ metaphor — besides being 2,500 years old (C4ISRNET) AI development is under-served by metaphors that obscure instead of illuminating.

IBM: The Fight Against A.I. Bias Is Never Over (Fortune) Bias needs to be fought even in the design process, IBM Research A.I. ethics chief Francesca Rossi said at the Fortune Global Forum in Paris.

To tackle 5G, the key will be collaboration (C4ISRNET) New 5G technology offer capabilities to our warfighters, such as more data, more speed, reduced latency, and the ability to “operate through” untrusted networks that will likely be the next discriminator on the battlefield.

Academia

The top colleges at the Energy Department’s cyber competition (Fifth Domain) The Department of Energy hosted its fifth CyberForce Competition on Nov. 16, during which 105 college teams worked to defend simulated energy infrastructure from cyberattacks.

Prairie View A&M University Selects Spirent Technology to Expand Cybersecurity Research and Teaching (Yahoo) Spirent Communications plc (SPT.L), the trusted provider of test, measurement, assurance and analytics solutions for next-generation devices and networks, today announced that the Prairie View A&M University (PVAMU), a member of the prestigious Texas A&M University System, has procured the Spirent CyberFlood

Legislation, Policy and Regulation

Here are the problems offensive cyber poses for NATO (Fifth Domain) Speaking at CyCon U.S., international legal experts expressed some doubts regarding how seamless cyber can be integrated into NATO operations.

UN passes Russian cyber crime resolution critics say will be used to justify state internet control (Computing) Final vote to adopt the resolution in the UN General Assembly will be held next month

What Is End-to-End Encryption? Another Bull’s-Eye on Big Tech (New York Times) After years of on-and-off debate over nearly snoop-proof security, the industry is girding for new pressure from law enforcement around the world.

Don’t Believe the Hype. Russia Is Losing in the Middle East—and Around the World. (Foreign Policy) Putin’s apparent victories in spreading Russian influence are mirages, some of which have come at a great cost.

Information sharing is critical. So will DHS fund it in 2020? (Fifth Domain) Three Senate Democrats are concerned that the Department of Homeland Security’s cyber unit won’t provide adequate funding to an information sharing program with less than one year until the 2020 presidential election.

Senate Committee Approves $250 Million to Fund the Electric Grid Security (Nextgov.com) The PROTECT Act would create a federal grant program to help small utility companies improve their digital defenses.

House committee advances legislation to secure telecom networks against foreign interference (TheHill) A key House committee on Wednesday advanced legislation that would ban the government from buying telecommunications equipment from companies deemed to be national security threats, such as Chinese telecom giant Huawei.

Sec. of Commerce Ross: ZTE, Huawei extensions were made to help rural America (Fox Business) U.S. Commerce Secretary Wilbur Ross defends the decision to grant extensions to companies doing business with China’s Huawei Technologies

Attorney General Barr rehashes failed arguments in the encryption debate (American Enterprise Institute - AEI) The Department of Justice’s renewed push for tech companies to grant law enforcement access to encrypted communications ignores the historical record and expert opinions: Weakening strong encryption would compromise Americans’ cybersecurity and national security.

Jeanette Manfra, senior DHS cyber official, to step down (CyberScoop) Jeanette Manfra, a senior cybersecurity official at the Department of Homeland Security, plans to step down from her position.

Does the federal government need a 5G coordinator? (C4ISRNET) A bipartisan group of senators called on the White House to name a 5G coordinator to tackle what lawmakers described as an “unprecedented security challenge” presented by the new technology.

Analysis | The Cybersecurity 202: The White House needs a 5G czar to win the race to secure next-generation networks, senators warn (Washington Post) The China threat looms large.

California IoT security law: What it means and why it matters (Help Net Security) Let’s use the California IoT security law as a lesson for how to improve future guidance and ensure better security for everyone.

Litigation, Investigation, and Enforcement

[Letter to Amazon from Five US Senators] (US Senate) Dear Mr. Bezos: We write to request information about the data security practices of Ring...

Turkey Surveillance: No, Not the Bird Watching Context (Beyond Search) A company that makes surveillance software and sells it assorted governments, FinFisher, is fighting back against Netzpolitik, a website working to hold such companies accountable. Bloomberg declar…

GDPR Decision on WhatsApp Delayed Over Company’s Concerns (Wall Street Journal) A decision in Ireland’s privacy investigation into Facebook’s WhatsApp has been delayed because the company’s lawyers raised concerns about how the regulator will share potentially sensitive commercial data with authorities in other European countries.

Bank Accused of Breaching Money Laundering Laws—23 Million Times (Wall Street Journal) Westpac, Australia’s second-largest bank, has been accused of the biggest breach of the country’s money laundering and terrorism financing laws in history, including failing to detect transfers that may have been used to facilitate child exploitation.

Watch: Vindman calls Ukrainian election interference conspiracy theory "a Russian narrative" (Axios) He said it was one "that President Putin has promoted."

Analysis | The Cybersecurity 202: Impeachment hearing highlights Trump’s apathy toward cybersecurity (Washington Post) Gordon Sondland spoke with Trump on an open line from Kyiv. That’s risky.

APT33 update. Microsoft debunks Teams, BlueKeep claims. Amazon questioned on Ring security. RIPlace attack tactics. 5G czar?

Bring your own context.