We're pleased to announce our new subscription program, CyberWire Pro, launching early in 2020. For cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time as it keeps you informed. Learn more and sign up to get launch updates here.
More Signal. Less Noise.
AT&T Cybersecurity Insights Report: Security at the Speed of 5G
AT&T Cybersecurity teamed up with 451 Research to survey organizations on their 5G security plans. Download today and see organizations’ 5G cybersecurity preparedness responses followed by gap analysis on what’s possibly being overlooked plus recommendations for strengthening 5G security efforts.
Dridex gang indicted. Facebook sues over ad fraud. Unix-based VPN traffic vulnerable to tampering.
Announcements
CyberWire Pro, coming in 2020.
Summary
The US Justice Department indicted two Russian citizens, Maksim Yakubets and Igor Turashev, for developing, operating, and distributing the Dridex banking Trojan. Yakubets was named as the leader of a criminal group known as "Evil Corp," which is said to have used Dridex to steal upwards of $100 million from victims around the world. The charges are the result of a joint investigation by the UK's National Crime Authority, GCHQ's NCSC, and the US FBI. The US Treasury Department also announced sanctions against nine members of Evil Corp, six entities linked to the group, and eight individuals who served as “financial facilitators” for the cybercriminals. The State Department is offering a $5 million reward for information leading to Yakubets's arrest, the highest reward ever offered for a cybercriminal.
CISA released an alert with technical details on Dridex and recommendations for organizations to protect themselves. The financial sector in particular is heavily targeted by the malware.
Facebook filed a lawsuit yesterday against a Chinese advertising company that allegedly violated the social media platform's ad policies over the course of three years, Mashable reports. Facebook says the company utilized malware to compromise Facebook users' accounts and then used these accounts to host ads for counterfeit products.
Researchers at the University of New Mexico have discovered a flaw in Unix-based systems that could allow an attacker on the local network to inject packets into an adjacent user's encrypted VPN connection, the Register reports. The vulnerability affects Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android.
Notes.
Today's issue includes events affecting Australia, China, Denmark, India, Israel, Netherlands, Russia, Ukraine, United Kingdom, United States
Bring your own context.
Innovation can also be attended by risk.
"Attackers understand that [it's easy to forget that tools have a connection to the outside world]. So they understand how prevalent these type of new communication technologies are. They understand that when there is sort of a newness in the industry, that it presents a potential opportunity for attackers to leverage. And, you know, as soon as something like these type of communication platforms exist, attackers are going to be, you know, standing at the gates, trying to figure out ways that they could leverage them into providing sort of outbound or some sort of infection that they can leverage internally and kind of pivot around your digital environment with. And that's very interesting. So it's kind of always a race whenever these get in - you know, these type of technologies get deployed to make sure that those logs and the data that you're using them for internally also get captured and filtered back to a security team in an easy-to-evaluate way to look for suspicious and malicious events."
—Michael Sechrist of Booz Allen Hamilton, on the CyberWire Daily Podcast, 12.4.19.
Attackers can find opportunity in novelty.
A recommendation to our readers.
If you're interested in space and communications (technology, policy, business, and operations), take a look at Cosmic AES Signals & Space. It offers a monthly overview of news in this sector—take a look.
Without proper context, cyber threat intelligence is useless.
The appearance of new threats and security challenges requires effective tools for their timely identification and in-depth analysis. Without proper contextualization, intelligence is completely useless. Context™ – Cyber Threat Intelligence Platform for enterprises and government agencies delivers cyber threat intelligence harvested from millions of data points from the Deep and Dark Web, combined with data science for objective and actionable insights.
On the Podcast
In today's Daily Podcast, out later this afternoon, we speak with our partners at Webroot, as David Dufour takes a look back at 2019's nastiest cyber threats. Our guest, Robert Waitman from Cisco, shares results from their recent Consumer Privacy Survey.
Sponsored Events
CS4CA MENA returns to Dubai on 20th – 21st January 2020. Visit mena.cs4ca.com for details. (Dubai, UAE, January 20 - 21, 2020) #CS4CA MENA returns to Dubai on 20th – 21st January 2020 for an intimate and exclusive platform promoting in-depth cybersecurity knowledge and collaboration among IT & OT leaders from MENA’s Oil & Gas, Utilities, Chemicals, Aviation, Transport, Manufacturing industries.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
Ransomware Writes Drama at Shakespeare Theatre (BleepingComputer) A ransomware attack over the weekend has taken down the ticketing system and patron database for the New Jersey Shakespeare Theatre and has also affected at least one other organization in the Madison area.
Iranian Hackers APT33 Now Threatening ICS Security (CPO Magazine) As part of a major change in strategy, it now appears that Iranian hackers APT33 are shifting their focus to critical infrastructure targets, threatening ICS security.
Ethiopia briefly shut internet as a cyber attack hits (Borkena) Ethiopia Information Network Security Agency (INSA) said on Thursday that a cyber attack directed at financial institutions in the country is foiled.
Germany marks nearly 40 thousand e-banking phishing cases since 2008 (The Paypers) The number of officially reported phishing attacks on German online banking users in the last decade has reached nearly 40 thousand cases, according to PreciseSecurity.com research.
How to fool infosec wonks into pinning a cyber attack on China, Russia, Iran, whomever (Register) Learning points, not an instruction manual
Malicious Activity Aligning with Gamaredon TTPs Targets Ukraine (Anomali) OverviewThe Anomali Threat Research (ATR) team has identified malicious activity that we believe is being conducted by the Russia-sponsored Advanced Persistent Threat (APT) group Gamaredon (Primitive Bear). Some of the documents have been discussed by other researchers.[1] This Gamaredon campaign appears to have begun in mid-October 2019 and is ongoing as of November 25, 2019. Based on lure documents observed by ATR, we believe that at least the following Ukrainian entities and individuals may
Dridex Malware (CISA) This Alert is the result of recent collaboration between the Department of the Treasury Financial Sector Cyber Information Group (CIG) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) to identify and share information with the financial services sector. Treasury and the Cybersecurity and Infrastructure Security Agency (CISA) are providing this report to inform the sector about the Dridex malware and variants.
Weidmueller Industrial Ethernet Switches (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Weidmueller
Equipment: Industrial Ethernet Switches
Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Uncontrolled Resource Consumption, Missing Encryption of Sensitive Data, Unprotected Storage of Credentials, and Predictable from Observable State
2.
Thales DIS SafeNet Sentinel LDK License Manager Runtime (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.3
ATTENTION: Low skill level to exploit
Vendor: Thales DIS
Equipment: SafeNet Sentinel LDK License Manager Runtime
Vulnerability: Link Following
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a local attacker to escalate privileges.
Pune: Hackers bugged e-banking facility, broke security code (The Times of India) The prominent jewellery firm, whose 12 bank accounts were hacked in November this year, used to operate the accounts with the help of the bank app. Po
State audit of Middletown water system finds cybersecurity flaws (Times Herald-Record) MIDDLETOWN — An audit by the state Comptroller’s Office found cybersecurity electronic access vulnerabilities for the city’s water system.
Louisiana Ransomware Update: 75% of Motor Vehicle Offices Still Closed (MSSP Alert) Louisiana is still reeling from November 2019 ransomware attack on the state’s servers as nearly 75 percent of its motor vehicle offices are still closed, reports said.
After ransomware attack on state, Baton Rouge schools eye $215,000 backup system (The Advocate) The East Baton Rouge Parish school system is preparing to spend $215,000 to improve backup systems to protect its data from the kind of ransomware attacks that hit other schools
Over 70 Government Organizations Dealt With Ransomware This Year (NullTX) It seems likely to assume that even more government organizations will fall victim to ransomware attacks unless they step up their game.
Cookie-stealing malware wants to know your Facebook ad budget (Naked Security) The AdKoob malware that sneakily peeks at how much you’re spending on ads is back.
44 million Microsoft users reused passwords in the first three months of 2019 (ZDNet) Microsoft used a database of three billion publicly leaked credentials to identify users who reused passwords.
CallerSpy Android Malware Masquerades Chat Apps To Target Users (Latest Hacking News) Researchers found new malware in the wild, 'CallerSpy', which spies on users. It presently targets Android, but may target Apple and Windows in future too.
Lazarus supposedly behind new MacOS crypto malware (NEDEROB) Security researchers have discovered new crypto malware on MacOS, which presumably comes from the North Korea-funded hacker group Lazarus.
Yodel parcel tracking app blabs about other people’s parcels (Naked Security) Yodel’s mobile parcel delivery app was leaking people’s delivery data to others using the app, a security researcher discovered.
Machine-raiding Python libraries squashed by community (Naked Security) Python developers have once again fallen victim to malicious software libraries lurking in their favourite package manager.
New ransomware attacks target your NAS devices, backup storage (ZDNet) Ransomware attacks targeting these devices have surged in recent months.
Hackers have a shocking new tactic to scam you with fake products (Komando.com) If a hacker knows your interests and demographic information, it becomes much easier to target you with scams across the board. And that's just what happened recently when hackers pilfered data from a specific audience of internet users. Unlike previous campaigns, this one targets a vulnerable population with ruthless efficiency. Is this a new low for data theft? If not, it's definitely a close call.
Cybersecurity Rises To Surface Of Maritime Industry Concerns (Yahoo) Cynthia Hudson founded what would become the global maritime risk consultancy HudsonAnalytix in 1986, long before cybersecurity was a buzzword. The Camden, New Jersey-headquartered company has evolved ...
Beware of this malware which can sneak into your social media details (International Business Times, Singapore Edition) This information-stealing Trojan malware can disguise itself to steal Facebook and Amazon session cookies
Cyber security expert weighs in on recent LA OMV cyberattack (KLFY) Two weeks ago, several Louisiana DMV’s were the victim of a ransomware attack that hit computer servers and disrupted critical functions across the state. Many of the DMV branch locations rem…
Reasons to be fearful 2020: Smishing, public Wi-Fi, deepfakes... and all the usual suspects (The Register) Too soon for New Year Resolutions?
Why You Should ALWAYS Shred Your Boarding Pass (HuffPost) Your boarding pass contains a lot more data that you might realize.
Consumer Concern About Holiday Fraud Comes True (TransUnion) iovation, a TransUnion company, today released new findings around online retail trends during the start of the 2019 global holiday shopping season. The research shows a 29% increase in suspected online retail fraud during the start of the 2019 holiday shopping season compared to the same period in 2018, and a 60% increase in suspected e-commerc...
Why 5G could be a cyber security nightmare (IT PRO) The latest generation of mobile connectivity promises many marvellous things, but it could also be a hacker's dream
Security Patches, Mitigations, and Software Updates
Critical DoS messaging flaw fixed in December Android update (Naked Security) Android’s December 2019 updates arrived this week, patching a small list of system and Qualcomm flaws across the operating system’s two patch levels.
Cyber Trends
Head’s up Africa. You’ve Been Phished. (KnowBe4) The 2019 KnowBe4 African Cybersecurity Research Report found that Africans are largely unprepared for cyber threats.
New Report Reveals Rapid Growth in Crowdsourced Security Testing for Compliance (BusinessWire) Crowdsourced security testing adoption posed to increase by 4x in 2020 driven by compliance and a desire for a continuous cadence.
Marketplace
Global software sector has seen a surge in M&A deals (Information Age) In Q3 2019, there was a surge in global software sector M&A, with the highest volume of deals for two years, according to GCA Altium
CrowdStrike rises after beating in its third-quarter results (CNBC) The stock has been under pressure in recent months, as a result of a broader pullback in software stocks.
Apple Explains Mysterious iPhone 11 Location Requests (KrebsOnSecurity) KrebsOnSecurity ran a story this week that puzzled over Apple‘s response to inquiries about a potential privacy leak in its new iPhone 11 line, in which the devices appear to intermittently seek the user’s location even when all applications and system services are individually set never to request this data.
Instagram trying to protect kids by getting dates of birth from new users (Naked Security) It’s about showing age-appropriate content, it said. Though staying safe from child-privacy lawsuits doesn’t hurt, either.
Kaspersky partners with jewellery designer on biometrics (Planet Biometrics News) Kaspersky has teamed up with a 3D accessory designer from Stockholm and together they have created a showstopping piece of jewellery at the intersection of technology and art – a unique ring that serves as an extension of a person’s digital identity, designed to keep users unique biometric data safe.
Elron & RDC Divulge Insights to Danish Innovation Center, Strengthening The Israeli-Denmark Cyber Ecosystem (Journal of Cyber Policy) Zohar Rozenberg, VP of Cyber Investments at Elron & RDC, spoke at Innovation Centre Denmark in Copenhagen to help stakeholders in the Danish Cyber ecosystem learn about Israel’s hi-tech cyber landscape and ecosystem. In an event aimed at building Denmark’s Cybersecurity ecosystem and strengthening business ties between Israel and Denmark, Zohar Rozenberg mapped out the …
Hilfswerk Niederosterreich picks Fortinet to secure network infrastructure (Telecompaper) Austrian social service provider, Hilfswerk Niederosterreich, has picked Fortinet to secure its network infrastructure.
LandMark White rebrands as Acumentis (Business News Australia) Following a disastrous 2019 during which LandMark White (ASX: LMW) was hit with not one but two data breaches the property valuer has decided to rebrand.
Why I Don't Blame Boards for Underinvesting in Cybersecurity (Infosecurity Magazine) Security professionals need to present boards with something much more arresting: metrics and indicators
Products, Services, and Solutions
Microsoft Defender ATP Brings EDR Capabilities to macOS (Dark Reading) Mac computers will now have the option to use Microsoft Defender Advanced Threat Protection's endpoint and detection response.
How Palo Alto Networks SASE model changing the security infrastructure of companies (Elets CIO) In an interview with Anupama Mehra of Elets News Network (ENN), Anil Bhasin, Regional Vice President – India & SAARC, Palo Alto Networks, shares how SASE model is addressing the limitations of traditional architectures by converging networking and security in the cloud. Palo Alto Networks leaped aboard with the launch of its Secure Access Service […]
CrackQ Tool Adds Analysis and Reports to Password Cracking (BleepingComputer) There is a new tool offensive security teams can use for their password cracking needs. CrackQ is open-source and can provide metrics on the current jobs, queuing and re-queuing tasks.
Apptega Partners with Veristor to Streamline Cybersecurity Processes for Improved Security and Compliance (Veristor) In a partnership designed to solve business challenges through the intelligent application of next-generation technology, Apptega delivers a comprehensive platform for cybersecurity.
Technologies, Techniques, and Standards
Still running Windows 7? Cyber-criminals are on your trail (Legal Futures) When the end-of-life date arrives, it is estimated thone in four PCs will still be running Windows 7. This figure will be higher in industries slower to embrace IT developments - legal is likely to be amongst those.
How to spot if your child is a victim of cyberbullying (WeLiveSecurity) As children are increasingly at risk of cyberbullying, what are some of the most common warning signs that your child has fallen victim to cyber-abuse?
How to protect computers that store biometric data from malware (TechRepublic) More than a third of systems that handle biometric data were hit by at least one malware infection in the third quarter of 2019, according to a new Kaspersky report.
Finding a Better Route to Router and Home Network Security (TechHive) Hackers can attack your home router. Here's how to keep them away.
Closing the Gap Between Physical and Cyber Security (TechNative) Enterprises across the world are continuing to embrace digital services with the aim of becoming digitally adept. But, as these changes take place, security threats become increasingly prevalent. Companies need to be prepared for an attack – be it physical or digital – because in most cases, it isn’t if, but when, it will happen.
Cybersecurity 101: 5 lessons for businesses (The Hack Post) Did you know that only one cyber attack can cost your business up to $3 million? Lack of knowledge and resources is the number one reason behind an increasing number of cyberattacks on businesses. Their number has grown four-fold in the previous year. While fully providing your website with sophisticated protection admittedly isn’t cheap, a …
Why a Human Firewall is the biggest defence against data breach (Data Economy) This year has seen a massive 54% increase in data breaches compared to last year, according to a report published by Risk Based Security.
Research and Development
Number-crunchers set new record for cracking online encryption keys (New Scientist) A new record has been set for the largest encryption key ever broken, but there is little threat to online data for now
Academia
GFC MSU receives national cyber defense designation from NSA and DHS (Great Falls Tribune) The designation resulted from a yearlong process in which the curriculum of the college’s AAS in Network Support and Security was evaluated and found to meet the criteria set by the NSA for excellence in cybersecurity education.
Legislation, Policy and Regulation
EU's Progress On 5G Cybersecurity Plan Garners US Praise (Law360) The U.S. Department of State has commended the European Union for moving forward with a 5G cybersecurity initiative that nodded to steps the department has taken to bar Chinese telecom giants Huawei and ZTE from equipping U.S. networks.
DHS backtracks on expanding airport face scans to US citizens (TechCrunch) Homeland Security has confirmed it will not expand face recognition scans to U.S. citizens arriving and departing the country, days after it emerged the agency proposed making the scans for citizens mandatory. The department, whose responsibility is border protection and immigration checks, said in…
PRIMER: China’s cryptography law (International Financial Law Review) IFLR’s latest primer looks at China’s new law targeting blockchain development, how it relates to the country’s national digital currency, and the impact on the fintech community
Labor's plan to fix Australia's encryption laws doesn't go far enough (ZDNet) The new Bill to require judicial oversight and a clarification of definitions is a great start, Labor says, but the Assistance and Access regime needs reining in much more tightly.
RBI to issue cybersecurity guidelines to ATM service providers, urban cooperative banks by Dec 31 (MediaNama) The Reserve Bank of India (RBI) will issue new cybersecurity guidelines for ATM service providers by December 31, in a statement.
Encryption is under attack. Here’s why that matters (The European Sting) This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum. Author: Adrien Ogée, Project Lead, Cyber Resilience, World Economic Forum & Marco…
Litigation, Investigation, and Enforcement
International law enforcement operation exposes the world’s most harmful cyber crime group (National Crime Agency) A Russian national who runs Evil Corp – the world’s most harmful cyber crime group that created and deployed malware causing financial losses totalling hundreds of millions of pounds in the UK alone – has been indicted in the United States following unprecedented collaboration between the NCA, the FBI and the National Cyber Security Centre.
Alleged Russian Hacker Behind $100 Million Evil Corp Indicted (Wired) The US is charging Maksim Yakubets over two of the biggest cybertheft campaigns of the last decade, and offers a record reward for information on the case.
2 Russians charged in 'Evil Corp' global cybertheft ring (Star Tribune) The Justice Department unsealed charges Thursday against the alleged leader and a top associate of a Russian cybercriminal gang that U.S. and British officials say developed and distributed malware used to steal at least $100 million from banks and other financial institutions in more than 40 countries over the past decade.
Analysis | The Cybersecurity 202: Evil Corp indictments show cybercrime pays – for those at the top (Washington Post) Indicted hacker lived a lavish lifestyle with Lamborghinis and lion cubs
Software company that works with schools here fined $60,000 after hackers stole data of nearly 48,000 people (The Straits Times) Hackers stole data such as names, NRIC numbers, addresses and contact numbers.. Read more at straitstimes.com.
Malware, crypto scams, and boner pills: Facebook's had enough (Mashable) Facebook is taking a company to court over allegations it ran an elaborate, malware driven, ad-fraud scheme.
Fortinet Can’t Show English Court Would Hear BT Patent Case (Bloomberg Law) Fortinet Inc. couldn’t get a patent infringement dispute with British Telecommunications PLC dismissed from Delaware federal court because it didn’t prove for certain that an English court could hear BT’s claims.
Class action data breach litigation under CPR 19.6 is given the green light by the Court of Appeal in Lloyd v Google (Lexology) The recent judgment by the English Court of Appeal in Lloyd v Google LLC [2019] EWCA Civ 1599, a large-scale data breach claim, provides helpful…
Huawei sues over ban on rural carriers buying its gear with government funds (SiliconANGLE) Huawei sues over ban on rural carriers buying its gear with government funds.
FBI didn't tell U.S. targets as Russian hackers hunted emails (Valliant News) The FBI failed to notify scores of U.S. officials that Russian hackers were trying to break into their personal Gmail accounts despite having evidence for at least a year that the targets were in the Kremlin‘s crosshairs, The Associated Press has found.
Birmingham malware fraudsters stole tens of thousands from people across UK (BirminghamMail) The sophisticated criminal group used malicious software to infiltrate computers, enabling them to access the bank accounts of individuals and businesses between January 2016 and January 2019
US parents file class action against TikTok over children’s privacy (Naked Security) Collecting children’s data without their guardians’ consent is illegal under COPPA and already earned TikTok a huge fine.
Facebook Said A Chinese Company Compromised Users With Malware And Then Ran Ads Using Their Accounts (BuzzFeed News) The defendants allegedly used the accounts to run ads that often misused the images of celebrities to sell “counterfeit goods and diet pills.”
Woman says she can't file insurance claim, resolve accident involving MARTA officer because of GSP malware attack (WXIA) her insurance won't file a claim without a report, but the Georgia State Patrol says her report simply does not exist anymore.
iCloud-hacking politician to be sentenced on Christmas eve (Naked Security) Former Dutch city council member Mitchel van der K invaded hundreds of iCloud accounts “frequently and repeatedly”.
Industry Events
upcoming Events
International Cyber Risk Management Conference (Bermuda, December 4 - 6, 2019) The International Cyber Risk Management Conference (ICRMC) provides delegates with an essential forum to learn from experts, network and share experiences with peers and colleagues, and get the answers they need to help them manage the risk and impact caused by a cyber breach.
CyberMaryland 2019 (Baltimore, Maryland, USA, December 5 - 6, 2019) The CyberMaryland Conference includes thought leaders from Maryland’s Cyber Security sector and also features nationally recognized speakers and panelists on cyber and technology innovations. Sessions cover the most up-to-date information from thought leaders in all facets of the cyber ecosystem. The Cyber Maryland Industry showcase provides a full array of today’s top Cyber Security companies, prime contractors, small businesses, financial organizations, and educational institutions showcasing their products, services, and/or organizations.
Anaheim Cybesecurity Conference (Anaheim, California, USA, December 11, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel with three-to-five local CISOs discuss real-world problems and solutions.
Cincinnati Cybersecurity Conference (Cincinnati, Ohio, USA, December 12, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel with three-to-five local CISOs discuss real-world problems and solutions.
CPX 360 Bangkok (Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable business strategies that will help take your cyber security to the next level.
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.