The CyberWire Daily Briefing, 12.19.19

Cyber Attacks, Threats, and Vulnerabilities

Spanish TVE says unidentified group aired Russia Today show on its website (Reuters) Spanish state-owned broadcaster TVE said on Wednesday that unidentified people s...

Chinese Hacking Group, Quiet for Years, Resumes Global Attacks (Financial Post) A Chinese government-linked hacking group that was thought to be dormant has been quietly targeting companies and government agencies for the last two years, harvesting data aft…

Attackers Posing as German Authorities Distribute Emotet Malware (BleepingComputer) An active malspam campaign is distributing Emotet banking Trojan payloads via emails camouflaged to look like messages delivered by several German federal authorities warns the BSI, Germany's federal cybersecurity agency.

ConnectWise Control Abused Again to Deliver Zeppelin Ransomware (Morphisec) Threat actors have used Connect Wise Control to deliver the Zeppelin ransomware -- the latest VegaLocker variant.

MyKings: The slow but steady growth of a relentless botnet (Sophos) The botnet known as MyKings wields a wide range of automated methods to break into servers – all just to install cryptocurrency miners

Untangling Legion Loader’s Hornet Nest of Malware (Deep Instinct) Deep Instinct discovered a version of Legion loader which was remarkable in terms of the sheer volume and variability of malware and droppers it delivers

Malware Spotlight: What is BabaYaga? (Infosec Resources) Introduction In traditional Slavic cultures, Baba Yaga is an entity that haunts the dreams of children and a common threat that parents use when their

LifeLabs data breach: Hackers could still hold health records of 15M Canadians (The Conversation) Government privacy commissioners are investigating a data breach at one of Canada's largest medical services companies, after hackers gained access to the personal information of 15 million customers.

LifeLabs hack raises questions about health data security (Toronto Sun) Ontario’s health ministry is looking at beefing-up its cyber attack awareness and end-user education in the wake of Tuesday’s LifeLabs data theft.Despite having strong emergency managem…

Cybersecurity threat analyst says LifeLabs made "absolutely terrible decision" by paying ransom (The Georgia Straight) "LifeLabs is working on nothing more than a pinky promise that the data won't be used," says Brett Callow.

Extortion attacks are ‘worst-case scenario:’ expert (Toronto Sun) Cyber attacks like the one inflicted upon LifeLabs are among the most concerning, says a Vancouver-based cybersecurity expert.“Attacks like these are the worst-case scenario for any security …

Ransomware Gangs Outing Victims – and That Makes It a Data Breach (Ride The Lightning) For a long time, it was safe to say that ransomware attacks were only rarely data breaches – mostly they were cyber incidents. That generally meant that you didn't need to report them under state data breach laws or in...

A Troubling (and Costly) Trend for Private Equity (Radware Blog) In the face of rising ransomware attacks, private equity companies need expertise and a clear set of cybersecurity best practices.

Don’t fall for this porn scam – even if your password’s in the subject! (Naked Security) This “I am well aware” email is just another sextortion scam where crooks try to blackmail you with a video they don’t actually have.

I created my own deepfake—it took two weeks and cost $552 (Ars Technica) I learned a lot from creating my own deepfake video.

Nearly Two-Thirds Of Holiday E-Commerce Traffic Was Bad Bots (Radware Blog) All large e-commerce platforms have sophisticated bot activity on their website, mobile apps, and APIs that can expose them to attacks.

Cloud flaws expose millions of child-tracking smartwatches (TechCrunch) Exclusive: Researchers say a common cloud platform used by internet-connected devices are exposing the locations of child tracker watches.

Cyber attack shuts down 12-year-old Dublin business (Columbus Business Journal) A massive cyber attack so damaged the servers running a company that it had to close its doors and seek new homes for hundreds of products and businesses. "It’s devastating," the company's CEO said.

Opinion | Twelve Million Phones, One Dataset, Zero Privacy (New York Times) What we learned from the spy in your pocket.

Security Patches, Mitigations, and Software Updates

Microsoft releases an out-of-band security update to address information-disclosure vulnerability in SharePoint Server (Computing) To exploit the SharePoint flaw, an attacker would need to send a specially crafted request to a vulnerable SharePoint Server instance

Cyber Trends

Analysis | The Cybersecurity 202: 2019’s top cybersecurity story is still what Russia did in 2016 (Washington Post) The year also underscored a cyber arms race with China the U.S. risks losing.

BioCatch Warns About Threat of Deepfakes with 2020 Security Predictions (FindBiometrics) BioCatch Chief Cyber Officer Uri Rivner is looking to the future with a new blog post that offers a slew of cybersecurity predictions for 2020

Integris Software 2020 Financial Services Data Privacy Maturity Study (Integris Software) Integris Software recently surveyed an exclusive community of 258 top business executives and IT decision-makers across financial services, retail, government, and healthcare organizations to compile a series of reports to determine privacy practices, challenges, data complexities, and preparedness to comply with privacy regulations.

Illumio Report Reveals Few Companies Protect Against Breaches with Segmentation (West) Findings also suggested firewalls are misused for segmentation

MS Office Represents 73% Of The Most Commonly Exploited Applications Worldwide (PreciseSecurity.com) According to the recent research, the most commonly exploited applications worldwide as of the third quarter of this year were related to MS Office.

Holiday Threat Report (DEVCON | Cybersecurity for the Web) The DEVCON 2019 Holiday Threat Report details ad threat activity during the critical online shopping period between Thanksgiving and Cyber Monday, and describes how attacks are evolving into broader, more sophisticated risks for companies and their customers.

2020 Cybersecurity Forecasts: 5 trends and predictions for the new year (Digital Shadows) In this blog, we discuss several significant trends and events that have helped shape the cyber threat landscape, all of which will almost certainly continue through 2020.

2019 State of the API (Postman) Postman's 2019 “State of the API” report is based on an exclusive survey of more than 10,000 API developers, users, testers, and executives.

IBM X-Force Security Predictions for 2020 (Security Intelligence) Experts from IBM X-Force reflect on the past year and also share security predictions for 2020, including evolutions in ransomware, AI adoption and targets for cybercriminals.

Automated hacking, deepfakes are going to be major cybersecurity threats in 2020 (CNBC) Wider adoption of 5G would also allow cybercriminals to transfer large volumes of data from one server to another online at faster speeds.

Dashlane Lists 2019's Most Egregious Password Blunders (Mobile ID World) Dashlane is once again calling attention to bad password practices with the release of its fourth annual “Worst Password Offenders” list

Study: 3 in 4 Users Required a Reset of a Forgotten Password in the Last 90 Days (Security Intelligence) A new study found that most users required a password reset in the last 90 days due to a forgotten password.

Survey Shows Decreasing Concern Of Data Theft Amidst Increasing Data Breach Environment (PR Newswire) Generali Global Assistance, a developer of a proprietary and innovative identity and digital protection platform, has announced the findings of...

Proofpoint’s 2020 Predictions: Downloaders and botnets abound while supply chains and account compromises will drive phishing (Proofpoint US) The supply chain will be key to cybersecurity in 2020 while defenders should work to harden cloud infrastructure and email defenses.

Marketplace

WSJ News Exclusive | Broadcom Looks to Sell Unit That Could Fetch $10 Billion (Wall Street Journal) Broadcom is looking to sell one of its wireless-chip units, a move that would accelerate the company’s shift away from its roots as a semiconductor maker.

Huawei boss Liang Hua: 'Our top priority is to ensure survival' (Taiwan News) In an exclusive interview with DW's editor-in-chief, Ines Pohl, Huawei Chairman Liang Hua spoke about how the tech giant is grappling with its current challenges. US President Trump says Huawei is "very dangerous."

Analysis | How Huawei Landed at the Center of Global Tech Tussle (Washington Post) This was supposed to be the year that Huawei Technologies Co., China’s biggest tech firm, rose to global prominence as the leader in 5G, the much ballyhooed, next-generation wireless technology. Instead, it’s landed in the crossfire of a brutal trade war between the U.S. and China, with the Trump administration pushing allies to ban Huawei equipment from their telecom networks over security concerns. The dispute is threatening to divide German Chancellor Angela Merkel’s ruling coalition, after C

BAE Systems wins prime position on DIA SIA 3 contract (Army Technology) BAE Systems has secured a prime contractor position on a Defense Intelligence Agency (DIA) contract to help deliver worldwide military intelligence.

Global Cyber Alliance Launches Craig Newmark Trustworthy Internet and Democracy and Craig Newmark Scholars Programs (PR Newswire) The Global Cyber Alliance (GCA) announces the launch of the Craig Newmark Trustworthy Internet and Democracy Program. In preparation for the...

Rich Armour, Former General Motors CISO, Joins Nozomi Networks (MarketWatch) Nozomi Networks Inc., the leader in OT and IoT security today announced that Rich Armour has...

Products, Services, and Solutions

The Hartford Enhances Cyber Service Offerings With The Addition Of Two New Partnerships (The Hartford) Customers now have access to protection from dark web exposures and malicious cyber attacks

Exabeam Signs Multi-Year Agreement to Run SaaS Cloud Offering on Google Cloud (Exabeam) Exabeam, the Smarter SIEM™ company, has announced a multi-year agreement to[...]

Portshift Syncs Kubernetes Policies to Container Vulnerabilities in CI (PRWeb) Portshift, a leader in identity-based workload protection for cloud-native applications, today announced a new capability that delivers runtime policies

6.2 Billion GlobalPlatform-Compliant Secure Elements Deployed in 2018 (GlobalPlatform) The standard for secure digital services and devices

Keysight and Nozomi Networks deliver real-time visibility to secure ICS, IIoT and IT networks (Help Net Security) Keysight collaborates with Nozomi Networks to deliver a joint solution that enables utilities, oil and gas facilities to defend against cyberattacks.

Tide partner with CryptoHopper to enable keyless algo-trading on crypto-exchanges (Tide Foundation) Collaboration enables unprecedented advanced cryptocurrency trading capabilities without compromising security.

Nozomi Networks Delivers OT and IoT Cybersecurity to Cisco ISE (West) Latest Cisco-certified integration extends network access controls to OT and IoT networks – adds to a growing arsenal of Cisco with Nozomi Networks technology integrations

Technologies, Techniques, and Standards

Preparing for Cyberattacks and Technical Failures: A Guide for Election Officials (Brennan Center for Justice) How to prevent and recover from Election Day cyberattacks and technical failures.

Ransomware can hold cities hostage. Will cyber insurance help? (The Christian Science Monitor) Cyber insurance offers municipalities peace of mind in the event of a cyberattack. But does it embolden hackers?

Ground-up cybersecurity (Control Global) Just as users must be sure their contractors and clients are protected—and not just themselves—they must also extend cybersecurity beyond—and below—their usual networks, especially to sensors, instruments and other plant-floor devices.

Apple, Google and Amazon are cooperating to make your home gadgets talk to each other (CNBC) The Project Connected Home over IP group will create standards that work across all major smart home platforms.

Anyone Can Check for Magecart with Just the Browser (Trustwave) In the past, there have been plenty of articles and blog posts recommending the use of Content Security Policy (CSP) and Sub Resource Integrity (SRI) to prevent the insidious skimming malware from taking hold of a website. However, what can a small business owner do if resources are limited and implementing these countermeasures is just not feasible?

Moving beyond security 'blocking and tackling' (Healthcare IT News) Darren Lacey, CISO at Johns Hopkins University and Johns Hopkins Medicine, says vulnerability management looks at a more balanced security world that protects not only data, but also transactions and systems integrity.

Saying no to vendors' forced march to the cloud (Computing) You need to weigh up several criteria before you jump wholesale to the big vendors' SaaS propositions

Design and Innovation

Data storage military aerospace applications (Military & Aerospace Electronics) It’s not just about shielding data drives from shock and vibration; designers also are looking for the latest in speed and capacity, and want encryption to protect data at rest, and security to foil tampering.

Who’ll Fix EW? Task Force Gropes For Answers (Breaking Defense) Russian and Chinese jammers could cripple US radio, radar, and GPS. The Pentagon's still wrestling with who should fix that, let alone how.

Academia

EC-Council co-hosts the Hackathon Event at the Cardiff Met 2019 in Wales (EC-Council Official Blog) EC-Council and Cardiff School of Technologies unite to host Hackathon on December 11, 2019, at Cardiff School.

Legislation, Policy and Regulation

Russia Is Waging Asymmetric Warfare Against the US — And We’re Letting Them Win (Defense One) We must do more to harden against these attacks on our economy, institutions, and the public.

The Drums of Cyberwar (terrorism Watch) In mid-October, a cybersecurity researcher in the Netherlands demonstrated, online, as a warning, * the easy availability of the Internet...

How India Dealt With Cyberattacks In 2019 (Analytics India Magazine) Cyberattacks are rife in India, only the US and China are placed higher on this list. Bangalore, Mumbai, Delhi are among states which receives the highest traff

Facebook fails to convince lawmakers it needs to track your location at all times (CNBC) Facebook told two senators why it tracks users' locations even when their tracking services are turned off.

Opinion | Congress on China: Don’t trust, and verify (Washington Post) Trump says he's neutralizing the Chinese challenge. Congress doesn't buy it.

Poland may vary security demands for different parts of 5G: minister (Reuters) Poland might impose stricter security demands for core elements of its future 5G...

French telco boss says Huawei fears are 'complete nonsense' (iTnews) As concerns threaten 5G rollout.

House Okays $1 Billion Huawei/ZTE ‘Rip and Replace’ for Comms Providers (MeriTalk) The House voted Dec. 16 to approve legislation that would provide $1 billion to smaller-sized private sector communications service providers to remove from their networks equipment purchased from China-based equipment makers Huawei and ZTE, and replace that gear with equipment that does not pose a threat to U.S. national security.

Here are the civilian cyber highlights in the must-pass spending bills (Fifth Domain) Congress plans to shell out billions for cyber-related projects across the government.

Senate panel advances Russia sanctions bill 'from hell' (Reuters) The U.S. Senate Foreign Relations Committee approved legislation on Wednesday th...

Senate advances bill to punish Russia for election interference (WCBI TV) On the same day that the House is expected to impeach President Trump for soliciting a foreign country’s help in the 2020 election, the Senate advanced a bill to punish Russia for meddling in America’s 2016 election. The Defending American Security from Kremlin Aggression Act (DASKA) passed the Senate Foreign Relations Committee on …

Senate Passes Portman, Peters Bipartisan Bill to Save Taxpayer Dollars on Federal Vehicles (Office of Senator Rob Portman) U.S. Senators Rob Portman (R-OH) and Gary Peters (D-MI) applauded the Senate passage of their bipartisan bill to help save taxpayer dollars by updating policies to help federal agencies adopt electric vehicles, which are more fuel efficient than traditional gas-powered vehicles.

Senators' K-12 Cybersecurity Act would mandate national study of school practices (Education Dive) If passed, the legislation would require the Department of Homeland Security to conduct a review of K-12 cybersecurity programs and develop guidelines and resources to strengthen them.

Does the Defense Department’s New Approach to Industrial Base Cybersecurity Create More Problems Than It Solves? (CSIS) Malicious cyber actors increasingly target the defense industrial base for both economic and security gains. For example, in 2018, the Chinese government hacked a U.S. defense contractor and stole 614 gigabytes of sensitive material from the Navy’s Sea Dragon program.

CISA’s ICT Supply Chain Risk Management Task Force Approves New Working Group for Second Phase (CISA) The Cybersecurity and Infrastructure Security Agency’s (CISA) Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force met today to discuss the next phase of its work.

Hacking back: The dangers of offensive cyber security (Open Access Government) Morey Haber, Chief Technology Officer, Chief Information Security Officer, BeyondTrust highlights the dangers of hacking back against cyber criminals

Trump nominates DHS senior cyber director (TheHill) President Trump on Wednesday formally submitted the nomination for a new assistant director of cybersecurity at the Department of Homeland Security (DHS), one of the top-ranking cyber officials at the agency.

CNO Gilday Wants Every New Sailor Tested For Cyber Skills Aptitude (USNI News) The Navy needs cyber experts and CNO Adm. Mike Gilday wants the service to test every incoming sailor to ensure no potential digital realm talent is missed.

Litigation, Investigation, and Enforcement

Warrant not always needed for 'inadvertent' NSA surveillance of Americans: U.S. court (The Mighty 790 KFGO) The U.S. government may collect information about U.S. citizens without obtaining a warrant if the information is gathered inadvertently while legally carrying out surveillance of non-nationals abroad, a U.S. appeals court ruled on Wednesday.

In a first, appeals court raises privacy questions over government searches for Americans’ emails (Washington Post) The warrantless surveillance program is lawful, court says in case involving man convicted of supporting terrorist group.

Security researchers seek clarity on legal protections in CISA bug bounty draft (FCW) Some notable names in the security research community have already weighed in on a draft order directing federal agencies to set up their own vulnerability disclosure programs.

European Court of Justice opinion backs Facebook in privacy case brought by Max Schrems (Computing) ECJ advocate general Henrik Saugmandsgaard Øe backs standard contract clauses, but warns that they require ongoing scrutiny

A Surveillance Net Blankets China’s Cities, Giving Police Vast Powers (New York Times) The authorities can scan your phones, track your face and find out when you leave your home. One of the world’s biggest spying networks is aimed at regular people, and nobody can stop it.

Inspector general: FBI should have reassessed whether to continue investigating former Trump campaign adviser Carter Page (Washington Post) Michael Horowitz testified before the Senate Homeland Security Committee about his assessment of the FBI’s 2016 investigation into the Trump campaign.

Accused 'Dark Overlord' hacker extradited from Britain, appears in U.S. court (Reuters) A British man who prosecutors say was a member of the hacking collective known a...

Siemens Contract Employee Gets Jail Time for Intentionally Damaging Computers (U.S. Attorney’s Office for the Western District of Pennsylvania) A contract employee for Siemens Corporation at the Monroeville, PA location has been sentenced in federal court to a six-month term of imprisonment to be followed by a two-year term of supervised release, and a fine of $7,500 on his conviction of intentional damage to a protected computer, United States Attorney Scott W. Brady announced today.

Siemens Contractor Jailed for Sabotage With Logic Bombs (BleepingComputer) Former Siemens contract employee David Tinley was sentenced to six months in prison for sabotaging his employer over a span of roughly two years using logic bombs planted in company spreadsheets.

Huawei’s Battle Against FCC’s Subsidy Ban Faces Long Odds (Bloomberg Law) Huawei Technologies Co.'s Fifth Circuit challenge to a Federal Communications Commission ban against carriers using federal subsidies to buy its equipment is unlikely to succeed, attorneys and academics watching the case say.

BlackBerry tells UK High Court that security outfit SentinelOne is its direct rival (Register) Non-compete legal brouhaha reveals how once-mighty handset biz now sees itself

Employees of Cyber Deception Company Cymmetria File for Liquidation (CTECH) In September, Cymmetria was acquired by private equity firm Stage Fund; months later, Stage Fund shut down the operation

Companies Can Ban Use of Work Email in Union Organizing (1) (Bloomberg Law) Businesses can ban workers from using company email for union and other organizing purposes, the National Labor Relations Board decided in a Dec. 17 decision.

NSA contractor sentenced to 5 years probation for lying about $250,000 in hours worked (Baltimore Sun) Leasure turned in timesheets claiming to work 1,533 hours more than he actually worked. Leasure included 33 days where he worked 6.9 hours on average — earning $250,000 — when he never worked at all on those days, charging documents state.

Alleged bank vault robber posed with cash on Instagram, Facebook (Naked Security) He allegedly stole over $88,000 from Wells Fargo’s vault, then posed with cash and “his” Mercedes-Benz in posts and an Instagram rap.

U.S. State Department worker in Seoul accused of using embassy computer to sell counterfeit Vera Bradley bags with Oregon accomplice (Oregon Live) Gene Leroy Thompson Jr., 53, and his wife Guojiao “Becky” Zhang, 39, were arrested Thursday, accused of working with an alleged accomplice who stored and shipped the goods from a home in Nyssa, Oregon, according to an indictment.

RT via TVE. APT20 returns? More Zeppelin. BSI warns of malspam campaign. Congress gets tough. Alleged Dark Overlord arraigned.

Bring your own context.