The CyberWire Daily Briefing, 12.9.19

Summary

By the CyberWire staff

Bayerische Rundfunk reports that Ocean Lotus (also known as APT32), a hacking group associated with the government of Vietnam, has been detected in the networks of BMW and Hyundai. Engadget calls it cyberespionage.

The UK will hold its general elections this Thursday. Campaigns are being roiled in the last week by the documents Labour brandished to accuse the Conservatives of planning to sell the National Health Service to the US, or, put somewhat more plausibly, that the Tory Government was planning to offer thorough control of the NHS's place in the healthcare market to a set of US firms in order to sweeten negotiation of a new UK-US trade deal. Labour's leader Jeremy Corbyn is hanging tough, saying it's an important issue the Prime Minister has yet to address, and that he won't reveal where the documents came from, the Guardian reports. Besides, even if accusations that the documents were planted in Reddit by Russian operators (and ZDNet has a useful account of what Reddit found), no one has yet made the case for the documents' inauthenticity. The Washington Post points to the incident with glum alarm as a "stark warning" for the US 2020 elections, if only because, as the Post puts it, "politicians are not exactly serving as a deterrent right now to would-be adversaries."

Here's one National Health Service cyber issue that seems beyond dispute: according to Computing, the NHS still has about two-hundred-thousand machines running Windows 7, which really and truly reaches its end-of-life next month.

Have Your Users Made You an Easy Target for Spear Phishing?

Notes.

Today's issue includes events affecting China, European Union, India, Democratic Peoples Republic of Korea, Russia, Saudi Arabia, United Kingdom, United States and Vietnam

Bring your own context.

What once was old is now new again.

"So botnets, we're again seeing an increase in - and you and I have talked about this before, David, but it's one of those things where what's old is new. We'd seen a huge decrease in botnets in the early 2010s because folks had become very, very good at detecting and preventing those on Windows platforms. But as we've seen, the growth of IoT infrastructures and, you know, more sophisticated organizations building botnets, we're seeing a lot more growth in that area. I would say at the moment, what we're seeing are kind of flagship projects where they're going out and testing the capabilities of what they could do. And I would guess within the next year or two, we'll see some fairly large botnets attacking large IoT infrastructures and things like that as they really hone in their skills on being able to attack these new environments."

—David Dufour, vice president of engineering and cybersecurity at Webroot, on the CyberWire Daily Podcast, 12.6.19.

Thank the IoT. And once 5G arrives, well, Katie bar the door (at least for a little).

Meet the team of leading experts dedicated to making the world a safer place.

If cybersecurity is important to your business (and of course it is), work with the team whose entire mission is to make the world a safer place for everyone. Based on years of law enforcement and military experience, our team pulls and analyzes the best data and delivers it in the most actionable format. Get human-curated, in-depth analysis, layered on top of the most comprehensive, exclusive sets of data from the Deep and Dark Web.

On the Podcast

In today's Daily Podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan reviews McAfee's predictions of two-stage ransomware extortion.

Sponsored Events

CS4CA MENA returns to Dubai on 20th – 21st January 2020. Visit mena.cs4ca.com for details. (Dubai, UAE, January 20 - 21, 2020) #CS4CA MENA returns to Dubai on 20th – 21st January 2020 for an intimate and exclusive platform promoting in-depth cybersecurity knowledge and collaboration among IT & OT leaders from MENA’s Oil & Gas, Utilities, Chemicals, Aviation, Transport, Manufacturing industries.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

BMW and Hyundai hacked by Vietnamese hackers, report claims (ZDNet) Hacks linked to Ocean Lotus (APT32), a group believed to operate with orders from the Vietnamese government.

Hackers targeted BMW, Hyundai in hunt for trade secrets (Engadget) Vietnam may have backed the campaign.

Reddit links leak of US-UK trade documents to Russian influence campaign (ZDNet) Reddit bans 61 accounts and one subreddit for "misuse of the platform."

Leaked NHS documents controversy is nonsense, says Corbyn (the Guardian) Labour leader declines to reveal source of documents but says PM has questions to answer on Russian donations

Analysis | The Cybersecurity 202: Russia's efforts to target U.K. elections a stark warning for 2020 (Washington Post) Influence operations can be highly effective even before they’re identified.

Power Sector facing 30 cyber attacks a day (National Herald) The KKNPP, run by the Nuclear Power Corporation of India Limited (NPCIL) boasts two of the most advanced nuclear reactors in operation

Mac users targetted by Lazarus ‘fileless’ Trojan (Naked Security) The Lazarus hacking group are trying to sneak a ‘fileless’ Trojan on to Apple computers, disguised as a fake cryptocurrency trading program.

GE, Dunkin’, Forever 21 Caught Up in Broad Internal Document Leak (Threatpost) A PR and marketing provider exposed sensitive data for a raft of big-name companies.

Fake Elder Scrolls Online Devs Run PlayStation Phishing Scam (BleepingComputer) Scammers are masquerading as The Elder Scrolls Online developers and sending Playstation private messages that state your account will be banned if you do not provide your login credentials.

More than 200,000 NHS devices still running Windows 7 (Computing) More than 20 per cent of NHS Trusts have no plans to migrate away from Windows 7, support for which ends in January

Ransomware at Colorado IT Provider Affects 100+ Dental Offices (KrebsOnSecurity) A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned.

East Greenwich town computers fall victim to ‘ransomware’ attack (WPRI.com) A cyber attack has knocked out some parts of the town computer network in East Greenwich, according to Town Manager Andrew Nota. It happened at the end of the wo…

Security Patches, Mitigations, and Software Updates

OpenBSD devs patch authentication bypass bug (Naked Security) One of the internet’s most popular free operating systems allowed attackers to bypass its authentication controls.

Marketplace

Shutterstock Is Latest Tech Company to Censor Itself for China (The Intercept) More than 180 employees signed a petition opposing the censorship, which blocked searches for “Taiwan flag,” “dictator,” “yellow umbrella,” and more.

All the King’s Consultants (Foreign Affairs) Experts play valuable and highly visible roles advising leaders in wealthy liberal democracies and international institutions. But far less is known about what they do—and to what effect—for authoritarian regimes and developing countries.

Ernst & Young Acquires Sila Solutions Group's Cybersecurity Practice (MSSP Alert) Ernst & Young (EY) acquires Sila Solutions Group's cybersecurity practice & plans to deliver the company's security offerings to global organizations.

These companies are teaming up to pursue a $1B cyber contract (Fifth Domain) The primary component of the contract is the Persistent Cyber Training Environment, an online client in which members of U.S. Cyber Command’s cyber mission force can log on from anywhere in the world for training and to rehearse missions.

ThetaRay Names Edward Sander as Chief Product Officer (PR Newswire) ThetaRay, a leading provider of AI-based Big Data analytics, today announced the appointment of Edward Sander as Chief Product Officer. He will...

Products, Services, and Solutions

Hawk Security Limited began selling a hardware-protected external SSD drive with AES 256 XTS military grade encryption (Bernama) Hawk Security Limited began selling a hardware-pro

Nucleus Cyber Partners with Inceptus to Deliver NC Protect as a Managed Security Service (Nucleus Cyber) Nucleus Cyber announced a partnership with Inceptus to offer NC Protect to customers as a managed security service and provide permissions auditing services using the platform.

San Francisco International Airport (SFO) Selects Telos ID to Process Background Checks for Aviation Workers (West) Telos ID’s DAC services offer increased efficiency and flexibility in background checks and credentialing operations at California’s second busiest airport

Image Protect Attracts First Four Websites for Conversion to Fotofy Model (West) Image Protect Inc. (OTC: IMTL) (imageprotect.com) (“Image Protect”, “IMTL”, or the “Company”), a global leader in the end-to-end copyright infringement sector, is excited to announce that the Company has engaged four popular, high-quality websites for conversion to the Fotofy model for all native images currently hosted, or to be hosted in the future, on those four sites.

Technologies, Techniques, and Standards

When the screens went black: How NotPetya taught Maersk to rely on resilience – not luck – to mitigate future cyber-attacks (The Daily Swig) Serendipity intervened to rescue world’s largest shipping conglomerate in 2017

New Self-Assessment Tool Helps Identify Next Generation 911 Readiness (EfficientGov) The easy-to-use checklist establishes a common terminology and identifies key milestones to help 911 call centers understand the multi-year NG911 implementation process.

How to remove GESD ransomware (Virus Removal Guide) (MalwareTips Guides) This guide teaches you how to remove GESD ransomware for free by following easy step-by-step instructions.

Detecting the enemy within: Why deception technology provides powerful protection for businesses in today’s hyper-connected world (CSO) Tricking cyber-criminals into revealing their presence is becoming an increasingly popular way to safeguard systems and data from attack.

Election security bolstered in key states for 2020 presidential race (The Fulcrum) In the 13 states that are likely to decide the 2020 presidential election a variety of new security measures have been put in place to prevent hacking by Russia and other countries.

Here’s what the Marines’ information command centers will do (C4ISRNET) These centers will help commanders better understand the threats and vulnerabilities in the information sphere.

The Navy will build tactical cyber teams (Fifth Domain) In a new strategy document released Dec. 4, Chief of Naval Operations Adm. Michael Gilday said he wanted the service to develop a plan to field small tactical cyber teams by February 2020.

Design and Innovation

Instagram trying to protect kids by getting dates of birth from new users (Naked Security) It’s about showing age-appropriate content, it said. Though staying safe from child-privacy lawsuits doesn’t hurt, either.

Legislation, Policy and Regulation

()

EU Council agrees 'risk-based' approach to 5G following bout of US lobbying (Computing) The US is 'pleased' to see the EU's conclusions on 5G

In cyber, the US can’t ‘enforce standards that don’t exist’ (Fifth Domain) With no global playbook for proper behavior in cyberspace, the United States and allies can't police adversaries as needed to protect data and systems.

A Framework for Regulating Competition on the Internet (Stratechery) Understanding the differences between platforms and Aggregators is critical when it comes to considering regulation.

DHS chooses Bryan Ware, former AI entrepreneur, as assistant director for cybersecurity (CyberScoop) Department of Homeland Security officials have selected Bryan S. Ware, a tech-savvy entrepreneur and holder of multiple patents, to be the department’s most senior official focused exclusively on cybersecurity, according to multiple people familiar with the matter.

Top U.S. Cybersecurity Officials to Depart as Election Season Enters Full Swing (Wall Street Journal) Two top government officials with broad cybersecurity and election-integrity portfolios have said they are stepping down, a loss of expertise in a critical area less than a year before the 2020 presidential election.

Voting-Machine Upgrade Stirs a Partisan Clash in Pennsylvania (Wall Street Journal) A partisan clash is unfolding over an effort to upgrade voting systems in Pennsylvania, after Republicans accused the Democratic governor of rushing the deployment of new voting machines, some of which malfunctioned in November. Democrats called the claims inaccurate.

PRIMER: China’s cryptography law (IFLR) IFLR’s latest primer looks at China’s new law targeting blockchain development, how it relates to the country’s national digital currency, and the impact on the fintech community

Litigation, Investigation, and Enforcement

Reveton ransomware schemer stripped of six years of freedom, £270,000, and a Rolex (ZDNet) UK prosecutors say 25-year-old computer science student needs to pay up or face more time behind bars.

Twitter, McKinsey Ripped by Saudi Dissident Suing Over Hacks (Bloomberg) Critic of royal family says companies are trying to stall suit. Social network, consulting firm expect judge will toss case.

$5 million bounty placed on Russian hackers responsible for Dridex banking malware (Computing) The FBI and US Department of State have placed a record-breaking bounty on Maksim Yakubets and Igor Turashev

Analysis | The Cybersecurity 202: Evil Corp indictments show cybercrime pays – for those at the top (Washington Post) Indicted hacker lived a lavish lifestyle with Lamborghinis and lion cubs

Long-awaited inspector general report on FBI’s Russia investigation set to be made public (Washington Post) The report is expected to conclude that bias did not taint bureau leaders running the probe but detail other problems.

WSJ News Exclusive | Trump Administration Weighs Putting Amazon Foreign Sites on ‘Notorious Markets’ List (Wall Street Journal) The Trump administration is considering putting some of Amazon.com Inc.’s overseas operations on a list of global marketplaces known for counterfeit goods, according to people familiar with the matter.

Taking Action Against Ad Fraud (About Facebook) Facebook filed suit in California today against one entity and two individuals for violating our Terms and Advertising Policies.

US parents file class action against TikTok over children’s privacy (Naked Security) Collecting children’s data without their guardians’ consent is illegal under COPPA and already earned TikTok a huge fine.

House Democrat presses Google executives for answers on handling of health data (TheHill) Rep. Pramila Jayapal (D-Wash.) on Friday pressed Google executives for answers on how the company is collecting and protecting sensitive consumer health data as part of a special project with a health care group.

Russia banned for four years to include 2020 Olympics and 2022 World Cup (BBC Sport) Russia is handed a four-year ban from all major sporting events - including the Tokyo 2020 Olympics and Paralympics - by the World Anti-Doping Agency.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Anaheim Cybesecurity Conference (Anaheim, California, USA, December 11, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel with three-to-five local CISOs discuss real-world problems and solutions.

Cincinnati Cybersecurity Conference (Cincinnati, Ohio, USA, December 12, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel with three-to-five local CISOs discuss real-world problems and solutions.

CPX 360 Bangkok (Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable business strategies that will help take your cyber security to the next level.

Cyber Security for Critical Assets, MENA 2020 (Dubai, United Arab Emirates, January 20 - 21, 2020) The 17th in a global series of Cyber Security for Critical Assets summits, #CS4CA MENA 2020 focuses on safeguarding the critical industries of the Middle East and Northern Africa from cyber threats. CS4CA MENA unites IT & OT security leaders to network, learn, be inspired, and collaborate towards cyber resilience by exchanging first-hand expert information and joining forces in addressing common concerns.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.