The CyberWire Daily Briefing 3.11.19

Cyber Attacks, Threats, and Vulnerabilities

Venezuela Suffers Major Power Outages After Alleged Cyber Attack (Venezuelanalysis.com) Venezuelan authorities denounced repeated attacks against the central control system of Venezuela’s electricity grid.

Norway alleges signals jamming of its military systems by Russia (Defense News) The Norwegian government has decried what it calls continued “electronic harassment” of critical communications systems and networks by the Russian government.

Trump adviser John Bolton warns of Huawei's 'Manchurian' chips (The Sydney Morning Herald) Trump's national security adviser says China's attempts to influence opinion in the US and Australia "is far greater in magnitude" than any seen in history.

Send in the Troops? Let Malware Poke Around a Bit First (PCMAG) Major events in the political and military sphere are magnets for malware, says Comodo's Chief Research Scientist. 'You're not going to send in troops without malware anymore.'

Saboteurs blamed as power cut plunges Venezuela into darkness (South China Morning Post) It appeared to be one of the biggest blackouts yet in a country where power failures have become common.

Nerves fray, tempers flare as Venezuela blackout hits fourth day (Reuters) Furious Venezuelans lined up to buy water and fuel on Sunday as the country endu...

More blackouts hit Venezuela as opposition, government rally (AP NEWS) The Venezuelan opposition and government loyalists held rival demonstrations in Caracas on Saturday, as both sides prepared for what some fear could be a protracted power...

Venezuela enters fourth day of blackout as Maduro blames U.S. cyber-attack (The Daily Star Newspaper - Lebanon) Venezuelans woke up to a fourth day of an unprecedented nationwide blackout Sunday, leaving residents concerned about the impacts of the lack of electricity on the South American country's health, communications and transport systems.

Could Venezuela's Power Outage Really Be A Cyber Attack? (Forbes) While the reality is that Venezuela’s blackout this week was most likely due to chronic underfunding of its electrical infrastructure and deferred maintenance, the idea of a foreign nation state manipulating an adversary’s power grid to force a governmental transition is very real.

Venezuela's Maduro: Blackout due to cyber-attack, infiltrators (Al Jazeera) Venezuelan president says complete blackout caused by 'an international cyber-attack' with support from within.

Venezuela's Maduro Says Cyber Attack Prevented Power Restoration (TechBizWeb) Venezuela President Nicolas Maduro claimed on Saturday that a new cyber attack had prevented authorities from restoring power throughout the country following a blackout on Thursday that caused chaos. Maduro told supporters in Caracas that almost 70 percent of power had been restored when “we received at midday another cyber attack at one of the …

Russian Trolls Shift Strategy to Disrupt U.S. Election in 2020 (Bloomberg) Hackers infiltrate computers to create fake social media users. Fake accounts are used to amplify divisive messages by others.

Perspective | Russian trolls can be surprisingly subtle, and often fun to read (Washington Post) We did a deep dive into Twitter, and came away impressed by Russians’ skill

Report reveals how China leverages social media to influence U.S. (SC Media) A new report from Recorded Future examines how the Chinese government exerts influence on Americans through an organized social media campaign.

Chinese Hackers Target Universities to Acquire Military Technology (Campus Safety Magazine) Over two dozen universities in the U.S. and around the world have been singled out for access to maritime military research.

In the cyber break-in stakes, the champion is Russia (The Economist) Russian computer hackers are seven times faster than North Koreans

Citrix investigating unauthorized access to internal network (Citrix Blogs) On March 6, 2019, the FBI contacted Citrix to advise they had reason to believe that international cyber criminals gained access to the internal Citrix network.

Citrix hacked and didn't know until FBI alert (CRN Australia) "Business documents" downloaded but Citrix can't say what was lost.

Georgia county pays a whopping $400,000 to get rid of a ransomware infection (ZDNet) County hired cyber-security consultant to negotiate ransom fee with hacker group.

How to lose money to (credential) stocking stuffers (Digital News Asia) Credential stuffing uses automated scripts to try out username/password pairs to gain access to a system.

New SLUB Backdoor Uses GitHub, Communicates via Slack (TrendLabs Security Intelligence Blog) We discovered a malware that uses three different online services -- including Slack and GitHub-- as part of its routine. Analysis of the attacker's tools, techniques, and procedures lead us to believe that this might be a targeted attack from very capable threat actors.

Slack, GitHub Abused by New SLUB Backdoor in Targeted Attacks (SecurityWeek) New SLUB backdoor, used by threat actors in targeted attacks possibly aimed at South Korean users, abuses GitHub and Slack for C&C communications.

Several Industrial Automation Products Affected by WibuKey DRM Flaws (SecurityWeek) The products of several industrial automation companies are affected by the recently disclosed vulnerabilities in the WibuKey DRM solution.

RiskIQ: Magecart's Web-Based Supply Chain Attacks are Taking Over (Computer Business Review) Yonathan Klijnsma, head of threat research at RiskIQ, on the widening scope of Magecart attacks. RiskIQ Magecart analysis suggests...

Developer-only iPhones help reveal Apple’s secret security sauce (Naked Security) The prototype iPhones are slipping out of Apple’s supply chain with disabled security, to the delight of researchers and jailbreakers.

Hacking Our Identity: The Emerging Threats from Biometric Technology (Forbes) Biometrics-technology-driven human identity authentication applications are taking off. While these applications have seemingly enormous potential, are we prepared for the emerging threats to human identity?

How Internet of Things Could Be Posing A Serious Internet Security Risk Everywhere (Business Times) They may seem safe to the eyes but wait 'till you see how vulnerabilities penetrate through the Internet of Things

FTC says taxpayer voice phishing scams are up nearly 20x (Naked Security) The real Social Security people will never call to threaten your benefits or tell you to wire money, send cash, or put money on gift cards.

‘Ransomware’ attack on Lucknow’s 5-star hotel, cyber-cell grapples for clues (The Times of India) LUCKNOW: In a first-of-its-kind ransomware attack in the city, cyber criminals breached and blocked the computer system of The Piccadily, a five-star .

Opinion | YouTube has bolstered conspiracy theories about my daughter’s murder. It must stop. (Washington Post) Hopefully, the website’s leaders are not as soulless as its algorithms.

You May Have Forgotten Foursquare, but It Didn’t Forget You (WIRED) The once-hyped social media company, known for gamifying mobile check-ins, is still alive and well as an incomprehensibly vast data empire.

Coinhive Shuts Down: Bad for UNICEF - and Cybercriminals? (Computer Business Review) Coinhive officially closes today. It’s a loss for cryptocurrency miners and blockchain enthusiasts, but it may actually be a bigger blow to hackers.

Security Patches, Mitigations, and Software Updates

What can we expect of this March Patch Tuesday? (Help Net Security) March is here and that means it was time for RSA Conference in San Francisco. I’ve been on the expo floor all week and I can tell you the worldwide

Firefox picks up advertiser-dodging tech from Tor (Naked Security) Letterboxing comes straight from the Tor browser, and will help Firefox users avoid advertisers that follow them around the web.

Cisco Patches Two Dozen Serious Flaws in Nexus Switches (SecurityWeek) Over two dozen high severity vulnerabilities have been found in Cisco’s Nexus switches, including flaws that can be exploited for DoS attacks, code execution and privilege escalation.

Turn On Auto-Updates Everywhere You Can (WIRED) Meltdowns like the Chrome zero day bug show why enabling auto-updates can be the wisest choice for many consumers.

Cyber Trends

Organizations Not Positioned for Success in Tackling Cyber Demands: Deloitte (SecurityWeek) Organizations are tackling various aspects of security, such as data, application, identity, infrastructure and response, but are not doing well in aligning cyber initiatives to executive management's digital transformation priorities.

Cybersecurity skills gap worsens, security teams are understaffed (Help Net Security) The cybersecurity skills gap worsens, security teams are understaffed, and most IT sec pros say they are or will be facing difficulty in staffing them.

1 in 5 cyber incidents come from within (MyBusiness) Businesses face a significant cyber threat from within their own ranks, according to a new report, which found that one in five cyber “incidents” and 15 per cent of all data breaches are caused internally.

Here Are the Top Cybersecurity Insights for Public Sector (Tenable®) A new global study conducted by Ponemon Institute explores cyber risk in the public sector: What are the top priorities for public sector cybersecurity leaders in 2019?

Nigeria among top 10 countries attacked by mobile malware (Punch Newspapers) Kaspersky Lab, a global cybersecurity firm, says Nigeria is among the top 10 countries globally where users of mobile devices experienced attack by malware in 2018. Kaspersky, in its...

Marketplace

Courtrooms to canola fields: Huawei-US tensions span globe (Washington Post) Chinese tech giant Huawei’s tensions with Washington stretch across four continents from courtrooms to corporate boardrooms to Canadian canola fields

ZTE remains vulnerable amid Sino-US trade war (EJ Insight) As the Sino-US trade war rages, ZTE Corporation (00763.HK, 000063.CN), China’s second-biggest supplier of telecommunications equipment, remains vulnerable to punishment by the US side and enjoys less protection from Beijing. A ban on buying US components in 2018 forced the firm to close production temporarily and led to a loss of 7.8 billion yuan (US$1.16 billion)…

ZTE Loses Major German Mobile Contract With Telefonica‘s O2 (Clarksburg Caller) Chinese telecoms giant ZTE lost its biggest contract in Germany, network provider Telefonica on Friday told AFP, as resistance mounts across the West to Beijing‘s infrastructure manufacturers.

Israeli cyberattack firm woos investors amid a human rights firestorm (Fast Company) A lawsuit linked to Jamal Khashoggi and a spy scandal are among the challenges facing NSO Group’s new owners as they seek a $500 million loan.

Network Security Company Tufin Aiming for $100 Million NYSE IPO (CTECH) Founded in 2003, Tufin develops network security management software

Cybersecurity Budgets Are On the Rise -- Palo Alto Networks, Cisco, Others Compete for the Spoils (TheStreet) Enterprise cybersecurity budgets could increase by 20% in 2019, and players such as Palo Alto Networks, Cisco, Check Point and others are jockeying for their piece of the pie.

A Tale of Two Turnarounds: Juniper and Symantec’s Enterprise Security (SDxCentral) Juniper and Symantec's security stories stood out at RSA Conference in part for their business turnarounds.

Ginni Rometty is shaping IBM's future with a $34 billion acquisition (CNN) The CEO is on course to remake a century-old company with the largest software deal ever.

Australian channel lacks innovation says security vendor exec (CRN Australia) Deep Instinct's APAC boss says channel should "move out of comfort zone".

Facebook's sudden embrace of privacy is nothing more than good business (The Telegraph) It is easy to underestimate Mark Zuckerberg.

Crowdfense launches $15M 0-day 2019 global Acquisition Program (Help Net Security) Crowdfense announces the launch of a $15M global Acquisition Program dedicated to the purchase and further refinement of "0day" vulnerabilities.

Products, Services, and Solutions

42Crunch announces the launch of the first API Security platform (42Crunch) 42Crunch announced the release of 42Crunch Platform, the first API security cloud platform to discover API vulnerabilities and protect API from attacks.

Optiv Security announces new enterprise Risk Transformation Service (Help Net Security) Optiv, the leading security solutions integrator, announced its new Risk Transformation Service, an end-to-end solution that includes strategy execution.

Zimperium provides next generation mobile threat defense (Help Net Security) Zimperium announced an extended partnership with Samsung to provide advanced protection against sophisticated mobile attacks.

Napatech Accelerates Cybersecurity and Network Monitoring Applications up to 100G (PR Newswire) Napatech™ (OSLO: NAPA.OL), the leading provider of reconfigurable computing platforms, today announced that...

FireEye empowers security teams with Expertise On Demand (Saudigazette) Further augmenting these technologies with processes and tools is FireEye Helix, which provides SIEM, SOAR, and investigative capabilities in a single security operations platform. Working together, Expertise on Demand, the FireEye email, network and endpoint security solutions, and Helix help organizations apply a comprehensive range of technologies and expertise for the best security posture.

Technologies, Techniques, and Standards

The need to train control system engineers and monitor process sensors for possible cyber attacks (Control Global) It may not be possible to discriminate between cyber attacks, equipment malfunctions, or cyber attacks meant to look like equipment malfunctions. Consequently, the need to train the engineers and to monitor the sensors is becoming more critical as some of the most critical information to discriminate between these types of events may not be available to OT networks.

Marriott cyber attack: could it have been prevented? (Strategic Risk Europe) The hotel chain was hit by a significant cyber hack, affecting 500,000 customers, who had sensitive data stolen, including names, addresses, dates of birth and passport numbers. From IT security, due diligence to cyber insurance, risk managers draw out lessons for the future

Defending Against Malicious and Accidental Insiders (BankInfo Security) Malicious and accidental insiders alike have drawn renewed attention to the insider threat. Patrick Knight of Veriato offers new insight on the scale of the problem

Can DoD’s cyber teams overcome readiness issues? (Fifth Domain) A Government Accountability Office report assesses that Cyber Command's cyber mission force teams need to improve aspects of training.

The roastings will continue until security improves (Fifth Domain) Making work in the fifth domain visible is vital to mitigating threats.

The impact of spear phishing on organizations and how to combat this growing threat (Help Net Security) In this Help Net Security podcast, Scott Olson, the VP of Product Marketing at iovation, talks about the impact of spear phishing, and offers practical

How can healthcare organizations remedy their cybersecurity ailments? (Help Net Security) Cybersecurity is a constant concern for healthcare organizations, and the previous 12 months have done little to quell anxieties. In 2017, the Department

National Security Agency Gives Away FreeCybersecurity Tools to Help Analyze Malicious Code and Malware (Lexology) The National Security Agency is providing for free reverse engineering tools to assist cybersecurity professionals analyze malicious code and…

Design and Innovation

Facebook finally wants to help humans build meaningful connections (Quartz) Will connecting people in more intimate settings promote actual social connection, which appears to be fraying in contemporary culture?

RBS to test biometric fingerprint bank cards to replace PINs (Computing) Only 200 customers will be involved in the first phase of the fingerprint-card trial

Research and Development

New System Uses Machine Learning to Scan Tweets for Security Flaws (Security Today) Machine learning and Twitter could be the future of catching security flaws and vulnerabilities early.

DARPA takes on cyber defense with hackathons (FCW) Dr. Jennifer Roberts, program manager for the Defense Advanced Research Projects Agency’s information innovation office, talks about what cyber capabilities are in the works.

Inside the High-Stakes Race to Make Quantum Computers Work (WIRED) Quantum computers could help explain some of the most fundamental mysteries in the universe and upend everything from finance to encryption—if only someone could get them to work.

Legislation, Policy and Regulation

Analysis | The Cybersecurity 202: After parliament hack, Australia learns from U.S. missteps (Washington Post) The government hopes transparency will blunt possible election interference.

Thousands of Russians march in protest against new 'internet iron curtain' (The Telegraph) Thousands of people in Moscow and two other Russian cities marched against their government's new internet restriction laws on Sunday.

Cyber Warfare: Competing National Perspectives (Modern Diplomacy) The threat of cyberwarfare is a growing fear among all intelligence communities. “In June 2009 the U.S. Cyber Command was created and in July of 2011 Deputy Secretary of Defense William J. Lynn III announced that as a matter of doctrine, cyberspace will be treated as an operational domain similar to land, air, sea, and […]

Shuttering of NSA surveillance program emboldens privacy groups (TheHill) The potential end to a controversial National Security Agency phone records collection program is energizing privacy groups and lawmakers who have long called for stricter limits on domestic surveillance powers.

FBI Intensifies Its Focus on Cybercrime (Decipher) FBI Director Christoper Wray said the bureau considers cybercrime and other cyber attacks to be an unprecedented threat right now.

New FBI Director, Same Message on Encryption (PCMAG) FBI Director Christopher Wray reiterates that law enforcement should have access to encrypted data, but acknowledges that privacy advocates are not trying to weaken national security.

Navy scuttles its plan to elevate IT, cyber to new assistant secretary position (Federal News Network) The Navy's plan to eliminate its assistant secretary for installations in favor of a new assistant secretary for IT turned out to be untenable, in light of recent revelations about substandard military housing.

Litigation, Investigation, and Enforcement

Chinese foreign minister praises Huawei for ‘refusing to be victimized like silent lambs’ (Washington Post) China’s top diplomat backs Huawei at a time when the company is trying to distance itself from Beijing.

Chelsea Manning back in jail after refusing to testify on WikiLeaks (Military Times) The 31-year-old can face up to 18 months in jail for refusing to testify before a grand jury.

Facebook Suit Reveals Ukrainian Hackers Used Quizzes to Take Data from 60,000 Users (The Daily Beast) The company revealed the latest in a long line of breaches in a suit filed late Friday.

OneCoin Founders Charged With Operating Crypto Ponzi Scheme (New York Law Journal) The company claims to have 3 million members across the globe, who prosecutors say have invested billions of dollars in the fraudulent scheme.

Hungarian Judge OKs Extradition of Portuguese Hacker (SecurityWeek) A Portuguese man linked to the publication of internal documents that embarrassed top European clubs and soccer officials in the Football Leaks case will be extradited to his home country, a Hungarian court has ruled.

Man Admits to Hacking Minnesota Databases Over Cop Acquittal (SecurityWeek) A Minnesota man admitted that he hacked into state government databases in 2017 as an act of retaliation after the acquittal of an officer who fatally shot Philando Castile during a 2016 traffic stop