The CyberWire Daily Briefing 2.22.19

Cyber Attacks, Threats, and Vulnerabilities

China, not Iran, still the main suspect in hacking of Australia's political parties, say sources (The Sydney Morning Herald) Top-level sources with detailed knowledge of the cyber attack on Australia's political parties and Parliament have dismissed a report that Iran and not China was behind the hacking of Australia's main political parties.

Ukraine security service accuses Russia of meddling in election (Reuters) Ukraine's State Security Service SBU accused Russia on Thursday of meddling...

Huawei And Facing Up To 5G-Related Cyber Risks (Forbes) Does it matter, that in spite of efforts by the U.S. government, and a history of cyber intrusion from China, Germany and the U.K. are poised to allow Huawei equipment to be part of their 5G networks? Yes, so we need to pay more attention to securing our physical infrastructure, not just networks.

Toyota Aust still affected by cyber attack (Cowra Guardian) Toyota Australia's corporate IT systems remain offline days after an attempted cyber attack on the company. The company's dealer network remains up and runnin...

Catholic Church, major super fund and Toyota hit by cyber attacks (The Age) A day after The Age revealed that a cyber crime syndicate hacked and scrambled the files of Melbourne Heart Group, a cardiology unit based at Cabrini Hospital, it can also be revealed that the entire Melbourne Archdiocese was also recently the subject of a brazen attack.

Experts Find Serious Problems With Switzerland's Online Voting System (Motherboard) The public penetration test doesn’t begin until next week, but experts who examined leaked code for the Swiss internet voting system say it’s poorly designed and makes it difficult to audit the code for security and configure it to operate securely.

Russian Military Says Nyet to the Internet (Foreign Policy) Putin wants soldiers to stop revealing secrets of his shadow wars on their social media pages.

CrowdStrike report says breakout time for threat actors is increasing (SearchSecurity) Cybersecurity defenders need to embrace speed to detect and respond against intruders, according to CrowdStrike's 2019 Global Threat Report. Learn why 'breakout time' is a key metric.

Russian State-Sponsored Hackers Are Fastest: CrowdStrike (SecurityWeek) It takes Russian state-sponsored hackers less than 20 minutes to start moving laterally within a network after the initial breach, CrowdStrike says in its latest Global Threat Report.

Shifting in the Wind: WINDSHIFT Attacks Target Middle Eastern Governments (Unit42) Executive Summary In August of 2018, DarkMatter released a report entitled “In the Trails of WINDSHIFT APT”, which unveiled a threat actor with TTPs very similar to those of Bahamut. Subsequently, two additional articles (here and here) were released by Objective-See which provide an analysis of some validated WINDSHIFT samples targeting OSX systems. Pivoting on

WinRAR Vulnerability Exposes Millions of Users to Attacks (SecurityWeek) A vulnerability in WinRAR, the archiver used by over 500 million users worldwide, can be exploited to execute arbitrary code by getting the target to open a specially crafted ACE file.

Windows Servers Vulnerable to DoS Attacks, Microsoft Warns (SecurityWeek) Microsoft warns users that Windows servers running IIS are vulnerable to DoS attacks that cause CPU usage to spike to 100%. Similar flaw discovered by the same researcher recently in nginx.

US Stryker Vehicles in Europe Have Deep Cyberwar Weaknesses - Pentagon Report (Sputnik) The two newest versions of the US Army’s Stryker combat vehicle in Europe have “cybersecurity vulnerabilities that can be exploited,” a US Department of Defense report reveals. It’s a growing problem for the US’ high-tech vehicles and weapons systems ‒ and one that reflects the priorities of the military-industrial complex, an expert tells Sputnik.

A Decryption Key for Law Firm Emails in Hacked 9/11 Files Has Been Released (Motherboard) Someone has published the decryption key for the third layer of allegedly 9/11-linked documents from The Dark Overlord hacking group.

Azorult via fake Chinese Government New Import Export Regulations (My Online Security) I am quite impressed with the level of Social Engineering with this malware delivery Malspam campaign. With Brexit fast approaching and the likelihood of no deal between UK and Europe…

Is your phone always low on battery and chewing through data? The ‘DrainerBot’ could be to blame. (Washington Post) A massive fraud operation affects potentially millions of Android users, according to Oracle researchers.

Oracle: Major ad scam 'DrainerBot' is rinsing Android users of their battery life and data (Register) App piracy fighter Tapcore strenuously denies involvement

Google removes 28 fake apps from Play Store: Quick Heal (The Indian Express) Google has removed 28 fake apps from its Play Store with the most downloaded being Virtual Data with over 10,000 downloads, followed by Bike insurance Advisor, Health Cover and Chit Funds with more than 5,000 downloads each.

Google's Nest Hub Has a Microphone It Forgot to Mention (SecurityWeek) Google said it forgot to mention that it included a microphone in its Nest Secure home alarm system, the latest privacy flub by one of the tech industry’s leading collectors of personal information.

A Tale of Epic Extortions - How Cybercriminals Monetize Our Online Exposure (Digital Shadows) Digital Shadows’ Photon Research Team has found that cybercriminals have diversified their extortion methods, and the threat landscape is as wide and varied as it’s ever been.

Cybercrime Groups Promising $360,000 Annual Salaries to Accomplices Helping to Extort High Net Worth Individuals: C-Level Executives, Lawyers and Doctors in Threat Actors’ Cross Hairs (BusinessWire) Digital Shadows today published new research looking at the business of cyber extortion, entitled 'A Tale of Epic Extortions.’

Dark Web Market Price Index - 2019 (UK Edition) (Top10VPN) We’ve been monitoring the thriving illicit trade in stolen personal info to create this annual update to the Price Index. Hacked data is cheap on the dark web: most individual accounts continue to sell for less than £10, even big names like Apple, Fortnite, Netflix and Airbnb. Notable exceptions to the rule include Amazon and British Airways accounts, which have soared in value since last year.

PayPal Processes Payments for ‘Stalkerware’ Software Sold to Abusive Partners (Motherboard) The booming industry of spyware to spy on romantic partners doesn’t exist in a vacuum: Companies need financial and tech giants to process their payments and advertise their wares.

WinPot ATM Malware Resembles a Slot Machine (SecurityWeek) A piece of malware targeting automated teller machines (ATMs) has an interface that looks like a slot machine, Kaspersky Lab reports.

Major companies pull ads from YouTube after they appear next to disturbing videos featuring children (Telegraph) Epic Games, AT&T and Nestle have pulled their pre-roll advertising on YouTube over concerns that their brands were appearing alongside disturbing videos of children online.

As fallout over pedophilia content on YouTube continues, AT&T and Hasbro pull all advertisements (CNBC) AT&T is pulling its ads from YouTube following reports that pedophiles have latched onto videos of young children.

Malware that hunts for account credentials on adult websites tripled in 2018 (ZDNet) The number of adverts selling logins for hacked accounts on adult websites doubled in 2018.

Security Patches, Mitigations, and Software Updates

WinRAR patches 19-year-old security vulnerability that put millions at risk (The Verge) Support for an outdated format was to blame

Adobe Releases Second Patch for Data Leakage Flaw in Reader (SecurityWeek) Adobe releases second patch for the Reader vulnerability tracked as CVE 2019-7089 after the researcher who found it managed to bypass the first fix.

Cisco Patches High Severity Flaws in HyperFlex, Prime Infrastructure (SecurityWeek) Cisco this week released patches for more than a dozen vulnerabilities across its product portfolio, including high severity flaws in HyperFlex, Prime Infrastructure, and Prime Collaboration Assurance.

Critical Drupal Vulnerability Allows Remote Code Execution (SecurityWeek) Updates released for the Drupal CMS patch a “highly critical” vulnerability that can be exploited for remote code execution (CVE-2019-6340).

Cyber Trends

Are zero-day exploits the new norm? (CSO Online) Research from Microsoft's Matt Miller shows that every actively exploited Windows vulnerability in 2017 was first done using a zero-day attack. Other research shows this trend extends across the IT landscape.

Understanding the mobile threat landscape in 2019 (Wandera) It should be another momentous year for mobile security, with cyber attacks growing rapidly in sophistication and distribution. This report will cover the key mobile security trends that emerged last year as well as summarize thoughts for the mobile threat landscape for the year ahead.

Business-Critical Cloud Adoption Growing yet Security Gaps Persist, Report Says (Oracle) Oracle and KPMG study finds that confusion over cloud security responsibilities, lack of visibility and shadow IT complicate corporate security

The risks associated with the influx of unauthorized collaboration tools (Help Net Security) A majority (82 percent) of end-users are pushing back on IT or management when the company tries to dictate which collaboration tools should be used.

Downtime Can Cost a Company up to $67 Million Over Two Years, Threatening Brand Reputation (Security Boulevard) A cyber-incident inflicts damage beyond just downtime and recovery costs. A breach can spell disaster for a company’s image, leading to devaluation, lost business, high turnover, and even bankruptcy in extreme cases. However, a breach isn’t the only cyber-threat lurking in the business sector.

Former Director of National Intelligence James Clapper warns against media misinformation at SIPA event (Columbia Daily Spectator) Former Director of National Intelligence James Clapper encouraged students to absorb daily news with a healthy dose of skepticism at a panel discussion held at the School of International and Public Affairs on Thursday.

edgescan Release the 2019 Vulnerability Stats Report (Benzinga) edgescan, a leader in fullstack vulnerability management via its cloud based SaaS released their "Vulnerability Stats Report 2019"...

Marketplace

Huawei speeds up efforts to address security concerns as Trump leaves door open to US market (Telegraph) Huawei is speeding up its $2bn (£1.

Huawei plan to fix British security fears due in H1 this year:... (Reuters) Huawei will present a plan to address British security concerns about its equipm...

Huawei Is Expanding in Canada, Despite U.S. Pressure (New York Times) The Chinese technology company, accused by American authorities of posing a security risk, will add to its research and development group in Canada.

Investors fear bill to restrict TEDCO funding might hurt Md. startups (Baltimore Business Journal) "If startups they can’t find the resources they need in Maryland, they’ll leave," said longtime venture investor Bob Ackerman.

BlackBerry Completes Acquisition of Cylance (Cylance) BlackBerry Limited (NYSE: BB; TSX: BB) today completed its previously-announced acquisition of Cylance, a privately-held artificial intelligence and cybersecurity company based in Irvine, California.

Zix Completes AppRiver Acquisition: Cloud Security Provider's Next Moves (ChannelE2E) Zix completes AppRiver acquisition. Among CEO David Wagner's top priorities for the cloud-based security provider: Accelerating growth through channel partners.

Leidos closes sale of commercial cyber business (Washington Technology) Leidos completes the divestiture of its commercial cyber business and becomes the latest in a long line of government contractors to do the same.

Harris Beach Launches Software Company to Address Gaps in Cybersecurity Regulatory Compliance (PR Newswire) Harris Beach PLLC, one of the country's top law firms according to The National Law Journal, today announced the ...

Blockchain Security Leader CertiK Joins the Universal Protocol Alliance (BusinessWire) The Universal Protocol Alliance, a coalition of leading blockchain organizations including Bittrex International, Uphold, Brave, Cred, Blockchain at B

Startup that offers free online cybersecurity courses will move to College Park (Arc Publishing) Cybrary will initially set up shop in the Discovery District and later relocate to River Road

Georgia cyber firms visit Maryland to see how federal, private entities can cooperate (Baltimore Business Journal) Representatives from Georgia-based cybersecurity firms met in Maryland this week to discuss synergies between the two states' cyber industries.

Deep Instinct Appoints Deborah Chase Hopkins to Its Board of Directors (BusinessWire) Deep Instinct, the first company to apply Deep learning to cybersecurity, today announced the appointment of Deborah Chase Hopkins to its Board of Dir

Products, Services, and Solutions

Iskraemeco to use MTG's cryptographic key management system (UNN) Key management systems are becoming increasingly important in the production of smart meters and in their management in operational business

ISARA Corp. Unveils Tools To Simplify and Accelerate Quantum-Safe Cryptography Rollout (BusinessWire) ISARA Corp., the leading provider of agile quantum-safe security solutions, today announced new and updated tools that make it easy to test and implem

Comodo Cybersecurity Sets the Stage for Another Record Year of Channel Growth with New Channel Partner Program (GlobeNewswire News Room) New partner program will support 100% of revenue growth and incent partners heavily to lead with Comodo’s leading solution

Lacework Extends Multicloud Support to Google Cloud Platform (Lacework) Lacework now delivers automated threat detection and deep visibility for Google Cloud Platform, Amazon Web Services, Azure, and Kubernetes platforms.

Accedian and Quali partner to tackle the challenges of cloud migration and 5G test automation for network slices (Accedian) Secure and Fast offering is designed to automate the management of data, services and workflows to hybrid clouds without causing disruption.

Don’t Caulk Your USB Ports (Interfocus) It was difficult to imagine how disruptive a piece of technology it would become when the venerable thumb drive hit the market.

Aquilai Launches Ajax Intelligence Phishing Solution. (IT Security Guru) Aquilai has launched their cloud based Ajax Intelligence solution to combat all forms of email phishing prevalent on Microsoft Exchange,

SecureLink and Thycotic Partner to Provide Enhanced Credential Management Capabilities (PR Newswire) SecureLink, the leader in vendor privileged access and Thycotic, provider of privileged access...

PacketViper Announces Version 5.0 of its Cyber Deception Platform (BusinessWire) PacketViper, a leading provider of cybersecurity deception solutions, today announced version 5.0 of their active, threat facing deception platform.

K2 claims victory over zero-day attacks (ZDNet) K2 says it has a future-proof method of stopping all attacks on unknown and unpatched vulnerabilities in applications.

Bkav releases free tool to check server security (SGGP English Edition) Bkav Corporation has just introduced a free tool to help network administrators to check the security status of their servers against bruteforce attacks on password of remote desktop services. This tool can be accessed at http://tools.whitehat.vn/online/84.

Technologies, Techniques, and Standards

2 of our reporters asked to be hacked, so you don't have to learn the hard way (CBS News) CNET senior producer Dan Patterson and CBS News investigative reporter Graham Kates asked a professional team to hack them. The two join CBSN to discuss broader implications of the experiment, including for the 2020 election.

Cyber Incident Response and Resiliency in Cities (New America) How cities can work with federal, state, private, and nonprofit partners to improve their cybersecurity and resiliency.

Creating Civic Collaboration on Cyber for Cities (Meritalk) A paper released by think tank New America on Thursday recommends that local governments build partnerships with Federal, state, and other local partners to prepare for major cyberattacks. At the Federal level, strategies for doing helping cities include providing grants targeted specifically to cybersecurity help, the report suggests.

Why Social Network Analysis Is Important (News from the Lab) I got into social network analysis purely for nerdy reasons – I wanted to write some code in my free time, and python modules that wrap Twitter’s API (such as tweepy) allowed me to do s…

Red Teaming: The Vulnerabilities We Find Time and Time Again (Computer Business Review) These are the key vulnerabilities typically identified in Red Teaming exercises, a simulated, targeted cyber-attack that typically...

There is more to cyber risk than security, says thryve expert (Intelligent CIO Middle East) Riaan Bekker, Force Solutions Manager at thryve, which provides risk and governance management technologies, says cyber risk isn’t just about security; it has become a serious issue of business continuity and is the core responsibility of executives of businesses of any size to protect shareholder value. Risk experts hold no doubts. The changes technology is […]

Bitdefender decryptor saves over $2M for Gandcrab victims in 48 hours (2-Spyware) The infamous Gandcrab 5.1 is decryptable thanks to Bitdefender. For almost one year now, we all have been hearing about the infamous Gandcrab ransomware and

Academia

IBM will get up to $300 million from state toward its $2 billion SUNY Poly AI project (Albany Business Review) The state approved a grant on Thursday for IBM to create more than 300 new jobs at SUNY Polytechnic Institute in Albany.

18 California Cyber Teams Heading to CyberPatriot National Competition (PR Newswire) Once again, this year, California's cyber athletes will be well represented at the annual CyberPatriot XI...

Legislation, Policy and Regulation

Rethink 2%: NATO ‘Defense Spending’ Should Favor Cyber (Defense One) Today, a dollar or euro spent on network security goes farther than one spent on conventional arms.

China Uses DNA to Track Its People, With the Help of American Expertise (New York Times) The Chinese authorities turned to a Massachusetts company and a prominent Yale researcher as they built an enormous system of surveillance and control.

China, Australia on a cyber-collision course (Asia Times) A hack attack on Australia’s parliamentary servers points towards Beijing’s known desire to penetrate the Five Eyes intelligence-sharing alliance

U.S. won't partner with countries that use Huawei systems: Pompeo (Reuters) U.S. Secretary of State Mike Pompeo on Thursday warned that the United States wo...

You're on a Huawei to Hell, US Sec State Pompeo warns allies: Buy Beijing's boxes, no more intelligence for you (Register) Don't need reason, don't need rhyme. Ain't nothing I would rather do: going down, party time

U.S. Campaign Against Huawei Runs Aground in an Exploding Tech Market (Wall Street Journal) The Chinese company’s low prices outweigh spying concerns for many countries ramping up 5G spending, in particular the pivotal internet economy of India. “The perception here is that the U.S. action is more a matter of foreign policy.”

New report questions effectiveness of cyber indictments (Fifth Domain) A new report from CrowdStrike asserts indictments of hackers has had little effect in deterring continued malicious cyber behavior globally.

Analysis | The Cybersecurity 202: Election security is going to be the hot new Democratic campaign issue in 2020 (Washington Post) Once-wonky security proposals are now applause lines with voters.

Trump Won’t Rule Out Using Stolen Data in 2020 Campaign (Daily Beast) Democratic candidates have committed not to use hacked materials against one another. The Trump campaign declined to make such a pledge.

Lawmakers probe for Stingray info in funding bill (FCW) Congress wants to know more about how the Department of Homeland Security and state and local partners use cell-site simulators and whether they are complying with existing departmental regulations.

Rights advocates worry cyber bills a major threat (The Nation) Some tweaks made after outcry, but sweeping state powers raise fears of invasion of privacy

Analysis | The Cybersecurity 202: California wants to let political candidates use campaign cash to secure their devices (Washington Post) The bill could be a model for other states.

California to close data breach notification loopholes under new law (TechCrunch) California, which has some of the strongest data breach notification laws in the U.S., thinks it can do even better. The golden state’s attorney general Xavier Becerra announced a new bill Thursday that aims to close loopholes in its existing data breach notification laws by expanding the req…

Litigation, Investigation, and Enforcement

The Russian Sleuth Who Outs Moscow's Elite Hackers and Assassins (WIRED) Roman Dobrokhotov has been playing a dangerous game for a Russian reporter: identifying agents of the GRU military intelligence agency.

Canada Helping Australia Determine 'Full Extent' of Hack (SecurityWeek) Canada's Communications Security Establishment (CSE ) said it is working with Australia to try to determine the scale of computer hacking on Australia's parliament and political parties just months from an election.

Roger Stone Allegedly Communicated With Mysterious Hacker Guccifer 2.0 (SecurityWeek) Search warrants allegedly discovered that Roger Stone had communications with hacker known as Guccifer 2.0 and with WikiLeaks (AKA Organization 1).

Justice Department preparing for Mueller report in coming days (Washington Post) With dwindling personnel, the special counsel appears to be close to ending his investigation of the president and alleged Russian election interference.

Analysis | Power Up: 'By the Book Bob:' Prosecutors say Mueller will tightly hug Justice guidelines in report (Washington Post) One lawyer even speculated Congress could subpoena Mueller.

Thais give Russia, US right to extradite hacking suspect (AP NEWS) A Thai court ruled Wednesday that a Russian man who allegedly was part of a gang that stole millions of dollars online from bank accounts can be extradited to the United States to...

Hacker Lauri Love denied bid to get computers back (Naked Security) Hacker Lauri Love has failed to get his computers back six years after UK’s National Crime Agency took them as part of a criminal investigation.

Consumer groups accuse Facebook of duping children (Silicon Valley Business Journal) The Federal Trade Commission has been asked to investigate whether Facebook violated consumer protection and child privacy laws by duping children into making in-app purchases in Angry Birds and other games

Lawyers call for judges to learn emojis (Times) To a typical High Court judge, a text message containing an aubergine or a maple leaf might seem fairly innocuous. Senior lawyers, however, are urging the judiciary to learn to interpret the use of...

Sino-Australian tensions rise over cyberattcks. Kiev calls out Russian influence ops. Huawei trending. DrainerBot notes.