The CyberWire Daily Briefing, 12.9.19

Cyber Attacks, Threats, and Vulnerabilities

BMW and Hyundai hacked by Vietnamese hackers, report claims (ZDNet) Hacks linked to Ocean Lotus (APT32), a group believed to operate with orders from the Vietnamese government.

Hackers targeted BMW, Hyundai in hunt for trade secrets (Engadget) Vietnam may have backed the campaign.

Reddit links leak of US-UK trade documents to Russian influence campaign (ZDNet) Reddit bans 61 accounts and one subreddit for "misuse of the platform."

Leaked NHS documents controversy is nonsense, says Corbyn (the Guardian) Labour leader declines to reveal source of documents but says PM has questions to answer on Russian donations

Analysis | The Cybersecurity 202: Russia's efforts to target U.K. elections a stark warning for 2020 (Washington Post) Influence operations can be highly effective even before they’re identified.

Power Sector facing 30 cyber attacks a day (National Herald) The KKNPP, run by the Nuclear Power Corporation of India Limited (NPCIL) boasts two of the most advanced nuclear reactors in operation

Mac users targetted by Lazarus ‘fileless’ Trojan (Naked Security) The Lazarus hacking group are trying to sneak a ‘fileless’ Trojan on to Apple computers, disguised as a fake cryptocurrency trading program.

GE, Dunkin’, Forever 21 Caught Up in Broad Internal Document Leak (Threatpost) A PR and marketing provider exposed sensitive data for a raft of big-name companies.

Fake Elder Scrolls Online Devs Run PlayStation Phishing Scam (BleepingComputer) Scammers are masquerading as The Elder Scrolls Online developers and sending Playstation private messages that state your account will be banned if you do not provide your login credentials.

More than 200,000 NHS devices still running Windows 7 (Computing) More than 20 per cent of NHS Trusts have no plans to migrate away from Windows 7, support for which ends in January

Ransomware at Colorado IT Provider Affects 100+ Dental Offices (KrebsOnSecurity) A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned.

East Greenwich town computers fall victim to ‘ransomware’ attack (WPRI.com) A cyber attack has knocked out some parts of the town computer network in East Greenwich, according to Town Manager Andrew Nota. It happened at the end of the wo…

Security Patches, Mitigations, and Software Updates

OpenBSD devs patch authentication bypass bug (Naked Security) One of the internet’s most popular free operating systems allowed attackers to bypass its authentication controls.

Marketplace

Shutterstock Is Latest Tech Company to Censor Itself for China (The Intercept) More than 180 employees signed a petition opposing the censorship, which blocked searches for “Taiwan flag,” “dictator,” “yellow umbrella,” and more.

All the King’s Consultants (Foreign Affairs) Experts play valuable and highly visible roles advising leaders in wealthy liberal democracies and international institutions. But far less is known about what they do—and to what effect—for authoritarian regimes and developing countries.

Ernst & Young Acquires Sila Solutions Group's Cybersecurity Practice (MSSP Alert) Ernst & Young (EY) acquires Sila Solutions Group's cybersecurity practice & plans to deliver the company's security offerings to global organizations.

These companies are teaming up to pursue a $1B cyber contract (Fifth Domain) The primary component of the contract is the Persistent Cyber Training Environment, an online client in which members of U.S. Cyber Command’s cyber mission force can log on from anywhere in the world for training and to rehearse missions.

ThetaRay Names Edward Sander as Chief Product Officer (PR Newswire) ThetaRay, a leading provider of AI-based Big Data analytics, today announced the appointment of Edward Sander as Chief Product Officer. He will...

Products, Services, and Solutions

Hawk Security Limited began selling a hardware-protected external SSD drive with AES 256 XTS military grade encryption (Bernama) Hawk Security Limited began selling a hardware-pro

Nucleus Cyber Partners with Inceptus to Deliver NC Protect as a Managed Security Service (Nucleus Cyber) Nucleus Cyber announced a partnership with Inceptus to offer NC Protect to customers as a managed security service and provide permissions auditing services using the platform.

San Francisco International Airport (SFO) Selects Telos ID to Process Background Checks for Aviation Workers (West) Telos ID’s DAC services offer increased efficiency and flexibility in background checks and credentialing operations at California’s second busiest airport

Image Protect Attracts First Four Websites for Conversion to Fotofy Model (West) Image Protect Inc. (OTC: IMTL) (imageprotect.com) (“Image Protect”, “IMTL”, or the “Company”), a global leader in the end-to-end copyright infringement sector, is excited to announce that the Company has engaged four popular, high-quality websites for conversion to the Fotofy model for all native images currently hosted, or to be hosted in the future, on those four sites.

Technologies, Techniques, and Standards

When the screens went black: How NotPetya taught Maersk to rely on resilience – not luck – to mitigate future cyber-attacks (The Daily Swig) Serendipity intervened to rescue world’s largest shipping conglomerate in 2017

New Self-Assessment Tool Helps Identify Next Generation 911 Readiness (EfficientGov) The easy-to-use checklist establishes a common terminology and identifies key milestones to help 911 call centers understand the multi-year NG911 implementation process.

How to remove GESD ransomware (Virus Removal Guide) (MalwareTips Guides) This guide teaches you how to remove GESD ransomware for free by following easy step-by-step instructions.

Detecting the enemy within: Why deception technology provides powerful protection for businesses in today’s hyper-connected world (CSO) Tricking cyber-criminals into revealing their presence is becoming an increasingly popular way to safeguard systems and data from attack.

Election security bolstered in key states for 2020 presidential race (The Fulcrum) In the 13 states that are likely to decide the 2020 presidential election a variety of new security measures have been put in place to prevent hacking by Russia and other countries.

Here’s what the Marines’ information command centers will do (C4ISRNET) These centers will help commanders better understand the threats and vulnerabilities in the information sphere.

The Navy will build tactical cyber teams (Fifth Domain) In a new strategy document released Dec. 4, Chief of Naval Operations Adm. Michael Gilday said he wanted the service to develop a plan to field small tactical cyber teams by February 2020.

Design and Innovation

Instagram trying to protect kids by getting dates of birth from new users (Naked Security) It’s about showing age-appropriate content, it said. Though staying safe from child-privacy lawsuits doesn’t hurt, either.

Legislation, Policy and Regulation

()

EU Council agrees 'risk-based' approach to 5G following bout of US lobbying (Computing) The US is 'pleased' to see the EU's conclusions on 5G

In cyber, the US can’t ‘enforce standards that don’t exist’ (Fifth Domain) With no global playbook for proper behavior in cyberspace, the United States and allies can't police adversaries as needed to protect data and systems.

A Framework for Regulating Competition on the Internet (Stratechery) Understanding the differences between platforms and Aggregators is critical when it comes to considering regulation.

DHS chooses Bryan Ware, former AI entrepreneur, as assistant director for cybersecurity (CyberScoop) Department of Homeland Security officials have selected Bryan S. Ware, a tech-savvy entrepreneur and holder of multiple patents, to be the department’s most senior official focused exclusively on cybersecurity, according to multiple people familiar with the matter.

Top U.S. Cybersecurity Officials to Depart as Election Season Enters Full Swing (Wall Street Journal) Two top government officials with broad cybersecurity and election-integrity portfolios have said they are stepping down, a loss of expertise in a critical area less than a year before the 2020 presidential election.

Voting-Machine Upgrade Stirs a Partisan Clash in Pennsylvania (Wall Street Journal) A partisan clash is unfolding over an effort to upgrade voting systems in Pennsylvania, after Republicans accused the Democratic governor of rushing the deployment of new voting machines, some of which malfunctioned in November. Democrats called the claims inaccurate.

PRIMER: China’s cryptography law (IFLR) IFLR’s latest primer looks at China’s new law targeting blockchain development, how it relates to the country’s national digital currency, and the impact on the fintech community

Litigation, Investigation, and Enforcement

Reveton ransomware schemer stripped of six years of freedom, £270,000, and a Rolex (ZDNet) UK prosecutors say 25-year-old computer science student needs to pay up or face more time behind bars.

Twitter, McKinsey Ripped by Saudi Dissident Suing Over Hacks (Bloomberg) Critic of royal family says companies are trying to stall suit. Social network, consulting firm expect judge will toss case.

$5 million bounty placed on Russian hackers responsible for Dridex banking malware (Computing) The FBI and US Department of State have placed a record-breaking bounty on Maksim Yakubets and Igor Turashev

Analysis | The Cybersecurity 202: Evil Corp indictments show cybercrime pays – for those at the top (Washington Post) Indicted hacker lived a lavish lifestyle with Lamborghinis and lion cubs

Long-awaited inspector general report on FBI’s Russia investigation set to be made public (Washington Post) The report is expected to conclude that bias did not taint bureau leaders running the probe but detail other problems.

WSJ News Exclusive | Trump Administration Weighs Putting Amazon Foreign Sites on ‘Notorious Markets’ List (Wall Street Journal) The Trump administration is considering putting some of Amazon.com Inc.’s overseas operations on a list of global marketplaces known for counterfeit goods, according to people familiar with the matter.

Taking Action Against Ad Fraud (About Facebook) Facebook filed suit in California today against one entity and two individuals for violating our Terms and Advertising Policies.

US parents file class action against TikTok over children’s privacy (Naked Security) Collecting children’s data without their guardians’ consent is illegal under COPPA and already earned TikTok a huge fine.

House Democrat presses Google executives for answers on handling of health data (TheHill) Rep. Pramila Jayapal (D-Wash.) on Friday pressed Google executives for answers on how the company is collecting and protecting sensitive consumer health data as part of a special project with a health care group.

Russia banned for four years to include 2020 Olympics and 2022 World Cup (BBC Sport) Russia is handed a four-year ban from all major sporting events - including the Tokyo 2020 Olympics and Paralympics - by the World Anti-Doping Agency.

Ocean Lotus takes root in car manufacturers. Influence operations and national elections. People are still using Windows 7.

Bring your own context.