The CyberWire Daily Briefing 2.15.19

Cyber Attacks, Threats, and Vulnerabilities

Facebook scrubs accounts spreading disinformation in Moldova ahead of heated election (CyberScoop) Facebook has removed nearly 200 accounts and pages for spreading fake news about Moldova ahead of an election that could deepen the divide between the country’s pro-Russian and pro-Western lawmakers.

Head of security at DNC issues stark warning to presidential candidates (CNN) The Democratic National Committee's head of cybersecurity is warning presidential primary candidates that the best time for hackers to target their campaigns is right now -- in the early days of the cycle.

China is a Target - Just Like Us (SecurityWeek) As we search for solutions to secure organizations around the world, we need to learn from the cybersecurity challenges that China is addressing today.

Scammers exploit Azure blob stores, Optus accounts (CRN Australia) Phishers target unsuspecting customers.

Hackers Target WordPress Sites via WP Cost Estimation Plugin (SecurityWeek) Malicious actors have been hacking WordPress websites by exploiting vulnerabilities in a fairly popular plugin called WP Cost Estimation & Payment Forms Builder.

What’s behind this 1,000-character phishing URL? (Naked Security) Bleeping Computer learned of a strange phishing campaign which uses an unusually long URL – but why?

Pirates found a way to load paid apps on iPhones for free, and Apple could be losing money (CNBC) Software pirates have hijacked versions of legitimate apps, like Spotify, Reuters says.

GandCrab Ransomware Slingers Target MSPs (Infosecurity Magazine) GandCrab Ransomware Slingers Target MSPs. Plug-in vulnerability is said to have enabled mass infection

Inside a GandCrab targeted ransomware attack on a hospital (Naked Security) A recent attack on a US hospital gives us a colourful picture of both how a targeted ransomware attack happens, and how it can be stopped.

Cyber criminals target cable cars to extort ransoms (The National) Hackers pose a threat to safety in hitting a global cable cars and ropeways market that is predicted to be worth $4.6bn by 2024

Old Phantom Crypter upends malicious document tools (Sophos News) As the new year began, the makers of tools that generate the malicious documents used in social engineering spam attacks threw out the rule book and started fresh with an entirely new batch of Offi…

Cyber attack on Malta's Bank of Valletta (Star Online) Malta's largest bank was the target of a cyber attack Wednesday, with hackers attempting to withdraw €13mil (RM59.7mil), Prime Minister Joseph Muscat said.

Klaussner hit by cyber attack (GoUpstate) Klaussner Home Furnishings suffered a cyber attack this week that affected some of its operations, the company said in a statement released Thursday night.

5G Security Concerns and Huawei (The Mac Observer) As the rollout of 5G comes ever closer, there has been an increased focus on Huawei's role, with Western country's accusing it of spying.

Analysis | Why 5G Phones Are New Focus of Freakouts About Huawei (Washington Post) For years, consumers and service providers have been looking ahead to 5G, the next generation of wireless networks, as the solution to growing demands for mobile data and the gateway to a world full of connected toasters, self-driving cars and robot surgeons. But just as its rollout was gathering speed, a wave of alarms were sounded. Would 5G bring new levels of connectivity or unprecedented risks? Many of the suspicions center on Huawei Technologies Co., China’s largest tech company, which was

Facebook uses its apps to track users it thinks could threaten employees and offices (CNBC) Facebook security monitors users who have made aggressive comments, as well as former employees, through a "be on lookout" or "BOLO" list. It can use its apps and web sites to track the location of these people as it deems necessary.

Critical OkCupid Flaw Exposed Daters to MiTM, Phishing Attacks (Threatpost) The flaw is only one of many romance-related scams as bad actors take advantage of Valentine's Day.

6M accounts compromised in hack of dating app Coffee Meets Bagel (SiliconANGLE) 6M accounts compromised in hack of dating app Coffee Meets Bagel

Happy Valentine’s Day: your dating app account was hacked, says Coffee Meets Bagel (TechCrunch) Good news for love-seekers this Valentine’s Day. In a bit of odd timing, users of the dating app Coffee Meets Bagel woke up this morning to find an email in their inboxes warning that their account information had been stolen by a third-party who gained unauthorized access to the company&#821…

Tech firm warns of online dating scams, Nigerian connection (ABC News) A new report says thousands of American men and women fall victim.

Ransomware warning: That romantic message may hide a nasty surprise (ZDNet) Cyber extortionists are sending 'romantic' phishing emails to distribute file-locking malware, warn researchers.

Apple phone users targeted with hardcore porn and gambling apps (Naked Security) The apps, which violate content policies, got in there via the same Enterprise Certificate program that Facebook and Google exploited.

Before There Was Internet Paranoia, There Was Lyndon LaRouche (WIRED) He was considered a wacko and denied access to a broad audience. Today, anyone can spread wild ideas online.

Cyber Trends

6,500 Publicly Disclosed Data Breaches in 2018: Report (SecurityWeek) Over 5 billion records were exposed last year in 6,515 publicly disclosed data breaches, new report from Risk Based Security shows..

Dragos releases Industrial Control Systems 2018 Year in Review Reports (SecurityInfoWatch) Reports provide the ICS community with lessons learned from its industrial threat intelligence team and threat operations team from 2018

A cyber security incident can be catastrophic for small businesses (The Economic Times) The survey highlights some of the major deterrents that limit the value delivery as well as the operational effectiveness of the information security function in organisations.

Three reasons employee monitoring software is making a comeback (Help Net Security) While employee monitoring software can be configured to spy on employees, the primary use cases are surprisingly more pragmatic.

How organizations handle disruptive data sources (Help Net Security) In the fifth annual survey, business and IT professionals shared their insights on the latest trends within the rapidly changing enterprise data market.

Users are still terrible with passwords, but popularity of security apps suggests they want to get better (CSO) End users have terrible password-management practices but the popularity of security apps suggests their companies are at least trying to change their habits, according to a new survey of application usage.

Increased appetite for biometrics fueled by speed, security and convenience (Help Net Security) 70% of consumers would like to expand use of biometric authentication into the workplace, citing speed, security and not having to remember passwords.

Marketplace

MacGov boss slams Huawei over letters sent to partners, including Telstra, Google (CRN Australia) Vendor critical of ASPI in letters sent to partners including Google, Telstra.

Telus says ban on Huawei over national security concerns could set back 5G network plan (Global News) The company acknowledged Thursday that the deployment of its fifth-generation wireless network could be delayed and be more expensive than anticipated if Ottawa chooses to ban equipment from Huawei.

U.S. fund sells Israeli hacking firm NSO Group amid spy mystery (Fast Company) NSO’s cofounders bought the controversial spyware maker back from Francisco Partners, which spent years trying to unload the company.

Google Paid Out $3.4 Million for Vulnerabilities Reported in 2018 (SecurityWeek) Google paid out $3.4 million for flaws reported by researchers in 2018, which brings the total awarded since the launch of its vulnerability reward program to $15 million.

Cybersecurity Center of Excellence Acquires an Additional Parcel for Phase Two of Development (Digital Journal) X Corp Solutions (X Corp), a growing defense contractor headquartered in Stafford, commenced construction in April of the Cyber Security Center of Excellence (CSCE) located at Quantico Corporate Center.

Former IBM, Northrop Exec Kris Lovejoy Named EY Global Cybersecurity Leader (GovCon Wire) Kris Lovejoy, former CEO of network security technology provider BluVector, has joined EY as global

The startup that pays people to legally hack companies like Nintendo and Uber is adding an industry veteran as a new board member (Business Insider) HackerOne, which pays people for legally hacking into companies like Nintendo and Uber, is adding Hilarie Koplow-McAdams to the board.

Products, Services, and Solutions

Hysolate Extends Cybersecurity Isolation Platform with Advanced Features for Protecting Sensitive Information (Hysolate) Hysolate announces major extensions to its cybersecurity isolation platform. The new capabilities make it easier than ever for enterprises to fully protect endpoints from cyberattacks while freeing end-users to access the resources.

HubStor Advances Cloud Data Management with Identity Intelligence (HubStor) HubStor announces new cloud data management capabilities that enable enterprises to use Microsoft Azure Active Directory’s extended identity attributes in policies that control the storage, preservation, and security of unstructured data.

Swisscom selects Ericsson Security Manager (Ericsson.com) Ericsson Security Manager solution to provide increased security automation, visibility and control for Swisscom Security Operation Center

Untangle, Malwarebytes partner to offer simplified approach to layered security for SMBs (ITWeb) Untangle and Malwarebytes agree to integrate Malwarebytes' Endpoint Protection and Untangle's cloud security platform, Command Center.

Technologies, Techniques, and Standards

Telecoms industry calls for Europe-wide network testing regime (Reuters) The telecoms industry has called on European governments to join mobile operator...

Trade group pushes DoD to get on the same page with industry on cybersecurity standards (Fifth Domain) The message to DoD is one of a handful from the Aerospace Industries Association to encourage what CEO Eric Fanning called “smart regulation” during a media briefing about AIA’s 2019 agenda.

Mitre Develops Cyber Threat Intelligence Tool to Share Attack Methods, Verify Attribution (GovCon Wire) TYSONS CORNER, VA, February 14, 2019 — Mitre has built a database that works to curate public inform

Machine learning fundamentals: What cybersecurity professionals need to know (Help Net Security) Chris Morales, Head of Security Analytics at Vectra talks about machine learning fundamentals for cybersecurity professionals.

Schrodinger’s vulnerability - Using Exploitability to Avoid Chasing Phantom Risk (Infosecurity Magazine) Regardless of what version of software you are on, there may be a zero-day that exists

Sensible Ways to Use Cyber Risk Ratings, Despite Methodological Shortcomings (Infosecurity Magazine) Cyber risk ratings, though attractive as a concept, are constrained by methodological shortcomings

Does Compliance Equal Security in the Age of Data Privacy? (Infosecurity Magazine) Does compliance lead to security? That's the €20 million question.

Partners should start embracing cloud security: Palo Alto Networks (CRN - India) Harpreet Bhatia, Director, Channels & Strategic Alliances – India & SAARC, Palo Alto Networks, shares the company's channel strategies for 2019

Google Rejecting More Harmful, Suspicious Apps From Play Store (Decipher) Google has increased the number of apps rejected from the Play Store by 55 percent, thanks to new policies and technology to identify potentially harmful apps.

Google Play App Suspensions Jump 66% (Infosecurity Magazine) Android giant says its malware-hunting capabilities are improving

Security Spills: 9 Problems Causing the Most Stress (Dark Reading) Security practitioners reveal what's causing them the most frustration in their roles.

How the security clearance backlog hurts cybersecurity (Fifth Domain) Tempers flared during a Feb. 14 Senate hearing about cybersecurity in the energy sector.

Design and Innovation

IBM CEO Ginni Rometty: 'We Never Overpromised' on Watson A.I. (Fortune) It's the world's fault for being "mesmerized."

Mozilla will use AI coding assistant to preemptively catch Firefox bugs (Help Net Security) Mozilla will start using Clever-Commit, an AI coding assistant developed by Ubisoft, to make the Firefox code-writing process more efficient.

Opinion: How to combat the threat to 5G networks (Telecom Tech News) Service providers are in a race to rollout 5G services but with this opportunity comes significant cybersecurity risks.

Research and Development

Darpa Wants to Solve Science's Replication Crisis With Robots (WIRED) Social science has an image problem—too many findings don't hold up. A new project will crank through 30,000 studies to try to identify red flags.

Blame, Sway, and Vigilante Tactics: How Other Cultures Think Differently and Implications for Planning (Strategic Multilayer Assessment (SMA) Periodic Publication) The purpose of this SMA White Paper is to synthesize ideas across cognitive science and applied social science and translate their application for use in operations and planning within the span of a single document.

The AI Text Generator That's Too Dangerous to Make Public (WIRED) Researchers at OpenAI decided that a system that scores well at understanding language could too easily be manipulated for malicious intent.

Academia

How 5 universities stretch security capabilities, budgets with shared SOC (CSO Online) Faced with limited resources and constant threat of attack, five midwestern universities created OmniSOC, a CSO50 award-winning joint security operations center, to complement their own on-site SOCs with 24/7 analysis, triage and threat hunting.

Legislation, Policy and Regulation

UkrInform: Klimkin at Warsaw conference urges to counter Russia’s cyber threats (KyivPost) Ukrainian Foreign Minister Pavlo Klimkin called for close cooperation to counter the challenges and hybrid threats that Russia creates for the whole world. The minister said this while speaking at a conference on Peace and Security in the Middle East held in Warsaw, Poland, on February 14, the press service of the Ukrainian Foreign Ministry …

U.S. Warns of Russian, Chinese Cyber Threats at NATO Meeting (Bloomberg) The U.S. warned that the danger of cyber attacks isn’t taken seriously enough by the general public after NATO allies discussed online threats at a meeting in Brussels.

Don’t Let Cyber Attribution Debates Tear Apart the NATO Alliance (Lawfare) Debates about cyber attribution already divide the U.S. policy process. NATO is at risk of the same problem.

The US is about to Balkanise the internet (South China Morning Post) Former British cybersecurity chief says there is no evidence Huawei has taken part in spying activities, and US expert believes data centres, not physical equipment, are key

Germany to Let NATO Use its Cyber Skills (SecurityWeek) Germany is to join the ranks of NATO countries making its cyber warfare skills available to the alliance to help fight hacking and electronic warfare, officials said.

NSA Director: Russian Election Interference Threat Remains Concerning (Meritalk) Gen. Paul Nakasone, director of the National Security Agency and head of U.S. Cyber Command, told senators today he was optimistic about the future of U.S. cybersecurity, but also warned that Russian attempts to influence U.S. elections remain a threat.

How Cyber Command’s plan to ‘frustrate’ hackers is working (Fifth Domain) Cyber Command is now taking the fight to adversaries in cyberspace.

U.S. cyber force credited with helping stop Russia from undermining midterms (Washington Post) The group, comprising personnel from U.S. Cyber Command and the NSA, used new powers to keep Russia off balance during the lead up to November’s elections.

Defense Officials Testify on SOCOM and Cybercom (DVIDS) Owen West, assistant defense secretary for special operations and low-intensity conflict; Army Gen. Raymond Thomas III, commander of U.S. Special Operations Command; and Army Gen. Paul Nakasone, commander of U.S. Cyber Command, testify at a Senate Armed Services Committee hearing on U.S. Special Operations Command and U.S. Cyber Command in Washington, Feb. 14, 2019.

Владислав Сурков: Долгое государство Путина (Независимая) «Это только кажется, что выбор у нас есть». Поразительные по глубине и дерзости слова.

Analysis | The Cybersecurity 202: 'We're doubling down.' DHS insists it's not reducing election security efforts (Washington Post) Cyber chief Chris Krebs is disputing a report that the department is scaling back.

What Happens When Techno-Utopians Actually Run a Country (WIRED) Direct democracy! Universal basic income! Fascism!? The inside story of Italy’s Five Star Movement and the cyberguru who dreamed it up.

It’s time to terminate killer robots, world leaders are told (Times) Killer robots are a threat to humanity, scientists were told yesterday, and polling suggests that opposition to autonomous weapons systems is rising. Mary Wareham, co-ordinator of the Campaign to...

Vatican, Microsoft Team up on Artificial Intelligence Ethics (Manufacturing.net) The Vatican says it is teaming up with Microsoft on an academic prize to promote ethics in artificial intelligence.

That Time Microsoft President Brad Smith Met the Pope (Fortune) On their agenda? A.I. ethics and the digital divide.

There’s a Big Obstacle to the Pentagon’s New Strategy to Speed AI to Troops (Defense One) Defense officials want to accelerate the delivery of artificial-intelligence tools from the lab to the field. But it's hard to obtain the massive data streams that make AI work.

Cyber Command looks to expand (FCW) U.S. Cyber Commander Gen. Paul Nakasone said, with the current state of threats, he expects the cyber mission force to expand beyond 133 teams.

Navy renames system centers to information warfare centers (C4ISRNET) SPAWAR Systems Centers will now be known as Naval Information Warfare Centers.

William Barr confirmed to lead the Justice Department (TechCrunch) On Thursday, the Senate voted to confirm Trump nominee William Barr as the next head of the Justice Department. Barr was nominated to replace former Attorney General Jeff Sessions who fell out of favor with the Trump administration and resigned last year. Barr will step in for acting Attorney Gener…

Queen unveils secret-message plaque to mark UK security agency centenary (Reuters) Queen Elizabeth unveiled a plaque bearing a secret message on Thursday as she to...

Litigation, Investigation, and Enforcement

US Air Force Defector Allegedly Helped Iran Hack Americans (WIRED) In an astonishing indictment, the DOJ details how Monica Witt allegedly turned on her former counterintelligence colleagues.

Air Force Vet Aided Iranian Intelligence (ClearanceJobs) Former Tech Sergeant Monica Witt defected to Iran in 2013 and has been actively engaged with Iran intelligence targeting U.S. intelligence personnel

That airman charged with spying? Here’s how she earned an Air Medal (Air Force Times) Former Tech. Sgt. Monica Elfriede Witt, who was charged with espionage Wednesday, earned an Air Medal for her contributions during the early days of the Iraq War.

Bomb Threat Hoaxer Exposed by Hacked Gaming Site (KrebsOnSecurity) Federal authorities this week arrested a North Carolina man who allegedly ran with a group of online hooligans that attacked Web sites (including this one), took requests on Twitter to call in bomb threats to thousands of schools, and tried to frame various online gaming sites as the culprits.

Senate: No direct proof of conspiracy between Trump campaign, Russia (NBC News) "We were never going to find a contract signed in blood saying, 'Hey Vlad, we're going to collude,'" one Democratic aide said.

McCabe says he quickly opened FBI investigation of Trump for fear of being fired (Washington Post) The former acting director of the FBI spoke out in a television interview about his response to a meeting with the president. President Trump later hit back at McCabe on Twitter.

As The Russia Hoax Begins To Unravel, The Gaslighting Begins (The Federalist) The media is giving clues that they know they're wrong, but pushing the collusion story makes them money, so why stop now?

The U.S. government and Facebook are negotiating a record, multibillion-dollar fine for the company’s privacy lapses (Washington Post) The fine would be the largest the agency has ever imposed on a technology company, but the two sides have not yet agreed on an exact amount. Facebook has expressed initial concern with the FTC’s demands, one of the people said. If talks break down, the FTC could take the matter to court in what would likely be a bruising legal fight.

Facebook, Facing Lawmaker Questions, Says It May Remove Anti-Vaccine Recommendations (Bloomberg) Facebook Inc., under pressure to reduce harmful, misleading and fake content, said it is exploring removing anti-vaccine information from software systems that recommend other things to read on its social network.

Don’t Blame Employees who fall for a BEC scam! - (Trend Micro) The BBC reports that a media company based in Scotland is now suing a former employee who fell for a Business Email Compromise (BEC) scam. In the scam, the employee received emails which appeared to be from the managing director and requested wire transfers. The employee worked with her line manager on the first payment...

Student activist charged with illegally livestreaming Harris staffer (Daily Record) A Salisbury University student and political activist is facing wiretapping charges for allegedly live-streaming a meeting with a staffer for Rep. Andy Harris

GandCrab exploits unpatched plug-in. Big Tech and privacy, content moderation. Security testing for 5G. Info ops. Apophis Squad.