The CyberWire Daily Briefing 4.11.19

Summary

By the CyberWire staff

CISA has issued a joint Homeland Security/FBI Malware Analysis Report on the "HOPLIGHT" Trojan, attributed to North Korea's Hidden Cobra (a.k.a. the Lazarus Group).

Kaspersky describes an operation by the "politically motivated" Gaza Cybergang Group 1, which Kaspersky calls "SneakyPastes."

Finland's election-results reporting system sustained a denial-of-service attack this week, Bloomberg says. Authorities are investigating, but there is so far no attribution. Finland votes this Sunday.

Computing reports that Ecuador ejected WikiLeaks founder Julian Assange from its London embassy this morning, citing "repeated violations to international conventions and daily-life protocols." Mr. Assange has been arrested by the Metropolitan Police for bail jumping. (Russia's government denounced the arrest as "strangling freedom.") He may be returned to Sweden, should assault charges there be reopened, or (more probably) extradited to the United States, where he's under indictment on a single count of conspiring to release classified information. That indictment, the Washington Post says, was unsealed shortly after Ecuador showed Mr. Assange the door. The alleged conspiracy was with former US Army Specialist Manning.

Accounts in the Times and elsewhere suggest the expulsion may be connected with an attempt to blackmail Mr. Assange for €3 million: the extortionists claimed to have discreditable security audio and video of the asylum seeker that they somehow obtained from embassy systems.

There's widespread agreement that incident response plans are a security essential. It's therefore dispiriting that an IBM Security study should find that over half of the organizations that have such plans never get around to exercising them.

Have Your Users Made You an Easy Target for Spear Phishing?

Notes.

Today's issue includes events affecting Australia, China, Ecuador, Finland, India, Israel, Japan, Democratic Peoples Republic of Korea, NATO/OTAN, Palestinian Territories, Russia, Serbia, Sweden, United Kingdom, United States

A note to our readers: The CyberWire is a finalist in the Cybersecurity Association of Maryland's 2019 Awards, eligible to win the 2019 People's Choice Award, and we'd appreciate your support. Please vote for us here, and feel free to spread the word. The deadline for voting is 4:00 PM Eastern Time today, April 11th. Thanks for your support.

Get a Backstage Pass to LookingGlass’ Digital Business Risk Roadshow

When it comes to digital business risk, you don’t want a general admission perspective. Get a backstage pass for the LookingGlass Digital Business Risk Roadshow to learn the industry-latest on effective third party risk management, taking a proactive security approach, and get a cybercriminal mastermind's insights on manipulating your organization’s cyber strengths and weaknesses. Come see us in a city near you. The tour includes San Francisco, NYC, D.C., and Houston!

On the Podcast

In today's podcast, out later this afternoon, we speak with our partners at the University of Maryland, as Jonathan Katz responds to a skeptical critique of quantum computing. Our guest, Maurice Singleton from Vidsys, discusses the convergence of IoT security devices and IT security.

And Hacking Humans is also up. In this episode, "Scammers have no ethics whatsoever," Joe describes a study of people's perceptions when presented with a magic trick. Dave shares the story of fake boyfriend app. Our catch of the day involves the promise of millions from a bank in Africa. Dave interviews Chris Parker from WhatIsMyIPaddress.com.

Sponsored Events

Global Cyber Innovation Summit (Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.

Cybersecurity Impact Awards (Arlington, Virginia, United States, May 14, 2019) The inaugural Cybersecurity Impact Awards are open for nominations until April 12 and are dedicated to recognizing companies that have corporate or Federal headquarters in the DMV area for their leadership and innovation within the cybersecurity industry. Award winners will be honored during an awards ceremony on May 14.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Finland Detects Cyber Attack on Online Election-Results Service (Bloomberg) Finnish police are probing a cyber attack on a web service that publishes vote tallies less than a week before national elections.

US government publishes details on North Korea's HOPLIGHT malware (ZDNet) DHS and FBI publish their sixteenth report on North Korean malware.

Lazarus rises: Warning over new HOPLIGHT malware linked with North Korea (Computing) The new malware is thought to be the work of North Korean state-linked hacking group HIDDEN COBRA, aka Lazarus Group

Malware Analysis Report (AR19-100A) MAR-10135536-8 – North Korean Trojan: HOPLIGHT (US CERT) This Malware Analysis Report (MAR) is the result of analytic efforts between Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. Government partners, DHS and FBI identified Trojan malware variants used by the North Korean government. This malware variant has been identified as HOPLIGHT. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.

Taj Mahal and SneakyPastes: Kaspersky reveals pair of attacks menacing Asia, Middle East (Register) Fresh round of targeted operations unearthed

Gaza Cybergang Group1, operation SneakyPastes (Securelist) Gaza Cybergang(s) is a politically motivated Arabic-language cyberthreat actor, actively targeting the Middle East North Africa region. Group1 is the least sophisticated of the three attack Gaza groups.

'MuddyWater' APT Spotted Attacking Android (Dark Reading) Cyber espionage attack group adds mobile malware to its toolset.

New Cyberattack by Group Behind TRITON/TRISIS Reported (POWER Magazine) Cybersecurity firm FireEye has uncovered and is responding to a new intrusion at an unnamed critical infrastructure facility that it suggests in an April

Two in Three Hotel Websites Leak Guest Booking Details and Allow Access to Personal Data (Symantec) Hospitality services’ websites may leak your booking details, allowing others to view your personal data or even cancel your reservation.

Security flaws in WPA3 allow attackers to hack passwords (Computing) Vulnerabilities in WPA3 enable attackers to take control of Wi-Fi networks and crack encrypted passwords

What's The Best Name? ThreadJacking or Man-in-the-Inbox Attacks? (KnowBe4) We are seeing a new type of attack popping up more and more. Bad guys send a phishing attack and steal the credentials of your employee. But they stay under the radar and lurk for a while to understand the email traffic and the people the compromised account regularly talks to.

Mailgun hacked part of massive attack on WordPress sites (OODA Loop) Threat actors on Wednesday launched a massive hacking campaign targeting WordPress websites that use the Yuzo Related Posts plugin, a recently discontinued plugin that is vulnerable to a cross-site scripting (XSS) attack. The flaw allows

Google Play app "Peel Smart Remote" leaks users' pictures (Pradeo) Last week, the Pradeo Security engine alerted its users about severe security issues found in the app’s 10.7.3.3 version. It has been found that the App was collecting and leaking users’ pictures to a server that does not belong to the app publisher.

ESET warns users of fraudulent e-mail messages (IT News Africa) ESET has recorded a wave of multi-lingual e-mail based extortion scams scaring victims into paying. The attacker in the email claims they have hacked the

The Risk of Credential Stuffing to the Smart Home (The State of Security) With breaches happening often and aggregated data from previous breaches circulating, the greatest threat in the smart home is probably credential stuffing.

Security Patches, Mitigations, and Software Updates

Google Wants To Block Potentially Risky Non-Secure Downloads (BleepingComputer) Google proposed the addition of automatic blocking of high-risk downloads from non-secure websites in future versions of its Chrome web browsers as revealed by a proposal from Google Chrome security engineer Emily Stark in the World Wide Web Consortium (W3C) public mailing list.

Microsoft finally killed Windows XP this week (CRN Australia) Support ended for Windows Embedded POSReady 2009 on 9 April.

Verizon patches FiOS routers to fix three security flaws (Engadget) A security researcher discovered flaws that could let attackers take over certain Verizon FiOS routers, and a patch has already rolled out.

Cyber Trends

It's Not Just You They're After -- It's Your Supply Chain Too (Forbes) Cyber attackers are looking to expand and diversify. They're not after just a single victim, but that victim's entire supply chain as well, through techniques like "island hopping" and "counter-incident response.

Cybersecurity is a science, not an art, says Fortinet CISO (SiliconANGLE) The current explosion of data has been compared to the oil boom of the 1900s, and the analogy holds true in more ways than as a catalyst for wealth and power.

Marketplace

Women paid more than men in senior IT roles (Computing) Men outnumber women in technology leadership roles, with only 16 per cent of roles being filled by women, according to recruitment firm Michael Page

Cybersecurity firm Cofense says Pamplona to sell stake after U.S.... (Reuters) U.S. cybersecurity firm Cofense Inc said on Wednesday that buyout firm Pamplona ...

U.S. Officials Pressure Russia-Linked Buyout Firm to Sell Stake in Cybersecurity Company (Wall Street Journal) U.S. national security officials told a private-equity firm partly backed by a Russian billionaire named in the Steele dossier to sell its stake in cybersecurity firm Cofense.

Israeli cybersecurity company Tufin prices IPO at $14 a share (MarketWatch) Tufin Software Technologies Ltd. priced shares at $14 in its initial public offering Wednesday evening, setting up the Israeli cybersecurity company for a...

Nasdaq and Tel Aviv-Listed Cyber Company Safe-T Acquires Proxy Network Startup NetNut (CTECH) Safe-T offers anti-hacking services to financial institutions, mainly Israeli government and academic entities, as well as commercial companies

Provenance.io Blockchain Raises $20 Million in Security Token Offering (PR Newswire) Provenance Blockchain, Inc. ("PBI"), the administrator for the Provenance.io blockchain, announced it has...

High-Tech Bridge is now ImmuniWeb® (BusinessWire) High-Tech Bridge, a global provider of application security testing and risk scoring, is now ImmuniWeb.

California cybersecurity firm expanding in Northern Virginia (Washington Business Journal) California-based FireEye Inc. is expanding its Northern Virginia presence.

Applied Insight adds to leadership team, moves HQ to Tysons Corner (Technical.ly DC) Previously headquartered in Ashburn, Va., the tech company made some major moves through a pair of acquisitions, and hiring.

Netography Adds Bill Magnuson to Board, Gus Cunningham to Management Team, Receives Additional Funding (BusinessWire) Netography, an autonomous network security platform, adds Bill Magnuson to its board, Gus Cunningham to management team, receives additional funding

RackTop Systems Bolsters Federal Sales Team with Key Hires of IT Industry Veterans (Benzinga) RackTop Systems, the pioneer of CyberConverged™ data security, a new market that fuses data storage with advanced security and...

Products, Services, and Solutions

Security Industry Association Announces Winners of the 2019 SIA New Product Showcase Awards (Security Industry Association) IPVideo Corporation took the top honors in SIA’s annual award program recognizing innovative security products at ISC West.

Pulse Secure Announces Collaboration with New Strategic Authorized Education Partners (West) Pulse customers and partners now able to gain recognition as a Certified Technical Expert

Kudelski Security Partners with BTblock to Deliver Secure Blockchain and DLT Deployments (PR Newswire) Kudelski Security, the cybersecurity division of the Kudelski Group ...

When is a phone not a phone? When it's an Android security key (Register) Google Cloud product deluge spans security, analytics and AI

Cavirin Showcases Google Cloud Closed-Loop Security and Security Command Center Integration at Google Cloud Next ‘19 (BusinessWire) Cavirin Systems, Inc., the only1 company providing risk, cybersecurity and compliance management for the enterprise hybrid cloud, will be demonstratin

Indian media mogul turns to Darktrace cyber defence technology (BusinessWeekly) Network 18 has deployed Darktrace’s AI technology to safeguard its intellectual property from sophisticated cyber attacks. As one of India’s largest media corporations, Network 18 manages a holistic business, including 73 broadcast channels, as well as leading online news portals and publishing brands. Network 18 runs the biggest news broadcast network in India through its

Syncsort Launches Assure Security to Address Increasing Sophistication of Cyber Attacks and Expanding Data Privacy Regulations (AiThority) Syncsort, the global leader in Big Iron to Big Data software, announced Assure Security, combining access control, data privacy, compliance monitoring and risk assessment into a single product.

Technologies, Techniques, and Standards

Security Think Tank: Incident response vital to guard against catastrophic cyber attack (ComputerWeekly) How should businesses plan to survive a potential cyber attack extinction event?

IBM Study: More Than Half of Organizations with Cybersecurity Incident Response Plans Fail to Test Them (IBM News Room) Yet Use of Automation Improved Detection and Containment of Cyberattacks by nearly 25%

The National Guard decodes how to beat encrypted attacks (Fifth Domain) Cyber Shield 19 aims to train National Guardsman on best practices in cyber detection while building industry partnerships.

CISA Partners with Secure Community Network to Hold Incident Response Exercise (Department of Homeland Security) Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) hosted a tabletop exercise in collaboration with the Secure Community Network (SCN). The exercise brought together Jewish community leaders from across the nation, along with federal and state law enforcement and interagency partners to examine how they would act in a notional event focused on threats of violence including scenarios based on current events.

Hometown Security (Department of Homeland Security) The U.S. Department of Homeland Security’s (DHS) most important mission it to protect the American people. As part of this mission, DHS fosters collaboration between the private sector and the public sector to mitigate risk and enhance the security and resilience of public gathering sites and special events.

Busting the myths of working in a secure operations centre (CRN) 'People would be surprised at how much talking we do', NTT Security threat intelligence manager tells CRN sister publication Channel Partner Insight during an all-access tour of one of its ten global SOCs

4 ways to minimize IoT cybersecurity risk (GCN) Despite the security threats posed by internet-of-things devices, agencies can take basic steps to protect themselves from their cyber vulnerabilities.

Design and Innovation

With over 54 mn users in India, LinkedIn focusses on AI to remove fake profiles (ETCIO) India is the fastest growing market, outside the US, for the networking site.

Google Could Get Tons of Data From Its Gaming Platform (OneZero) Stadia sounds great, but don’t forget Google is a research company

PC gone mad? Google bans the word 'no' and makes guests promise not to sexually pester or make inappropriate jokes (The Telegraph) Google famously based its early corporate culture on the motto:

Verizon’s approach to 5G security (Verizon) The security of our networks is as important to us as their reliability and speed.

Academia

Southern University to open cybersecurity center near Quantico, nation’s capital (KSLA) Southern University will take part in the high-demand cybersecurity industry by opening up a center near the nation’s capital.

UNCW hopes to prepare 'Cyber Warriors' to combat future cyber threats | WilmingtonBiz (WilmingtonBiz) With an increasing threat of cyberattacks on financial, health and other institutions, the University of North Carolina Wilmington is looking ahead with the goal of preparing students in the information technology and cyber defense field. That was one main message from UNCW officials and featured speakers at the annual WITX (Wilmington Information Technology eXchange) conference this week.

Legislation, Policy and Regulation

For NATO, China is the new Russia (POLITICO) Beijing, rather than Moscow, is the top concern as the alliance gathers in Washington this week.

Japan allocates 5G spectrum to carriers, blocks Huawei and ZTE gear (VentureBeat) Lagging behind South Korea and the United States in 5G deployments, Japan has allocated spectrum to four top carriers while saying no to Chinese 5G gear.

Huawei's surveillance system in Serbia threatens citizens' rights, watchdog warns (ZDNet) The Chinese giant's Safe City Solution for Belgrade is raising questions about its use of personal data.

Subsea cable plan for Australia-China link leaves Huawei trailing (CRN Australia) SubCom wants to lay a link from Australia to Hong Kong through PNG.

Australia is vulnerable to a catastrophic cyber attack, but the Coalition has a poor cyber security track record (The Conversation) Scott Morrison has bragged about 'stopping the boats', but his government has failed to do anything meaningful to bolster cyber security and stop the malware.

Detour Act Final | Informed Consent | Internet (Scribd) U.S. Sens. Mark R. Warner (D-VA) and Deb Fischer (R-NE) have introduced the Deceptive Experiences To Online Users Reduction (DETOUR) Act, bipartisan legislation to prohibit large online platforms from using deceptive user interfaces, known as “dark patterns” to trick consumers into handing over their personal data.

Dark Patterns: How Weaponized Usability Hurts Users (GovInfo Security) Dark patterns are out to get you. The term describes the practice of abusing usability norms to create user interfaces that trick users into divulging their

Will DHS leadership upheaval affect CISA? (FCW) As the Department of Homeland Security scrambles following the abrupt departures of Secretary Kirstjen Nielsen and number of top officials, the newly formed Cybersecurity and Infrastructure Security Agency could get caught up in the chaos.

SECNAV: Navy Must Take Lead In Providing Industrial Base Cybersecurity (USNI) Securing the vast data-sharing network used by the Department of the Navy and its industrial base will require a significant investment of time and expertise from the department, Secretary of the Navy Richard V. Spencer told lawmakers on Wednesday.

Safe Harbor Programs: Ensuring the Bounty Isn't on White Hat Hackers' Heads (Dark Reading) As crowdsourced security-testing surges in popularity, companies need to implement safe harbor provisions to protect good-faith hackers -- and themselves.

Litigation, Investigation, and Enforcement

DHS, FBI say election systems in all 50 states were targeted in 2016 (Ars Technica) Joint Intelligence Bulletin issued in March says Russian hacking efforts were wide-ranging.

Julian Assange booted out of Embassy of Ecuador in London - and arrested by Metropolitan Police (Computing) Ecuador expels WikiLeaks' founder Assange after seven years in Ecuador's London embassy

Assange accused of conspiring with Chelsea Manning in 2010 WikiLeaks release, says unsealed U.S. indictment (Washington Post) He faces charges in Britain for jumping bail in 2012 — and an extradition request from the United States, according to British and U.S. officials.

Blackmailers threaten release of Assange embassy ‘sex secrets’ (Times) Blackmailers threatened to reveal sexual secrets of Julian Assange’s life insidethe Ecuadorean embassy as part of a €3 million extortion attempt, it was claimed yesterday. Security footage and...

Just and Unjust Leaks (Foreign Affairs) Revealing official secrets and lies involves a form of moral risk-taking. And drawing the line between the right and wrong kinds of disclosures has grown harder than ever in the Trump era.

Attorney general says he believes ‘spying did occur’ in campaign probe of Trump associates (Washington Post) Law enforcement officials have defended their handling of the Russia investigation, and they have denied they engaged in political spying.

Barr seems to embrace GOP talking points on Mueller Russia probe (NBC News) Analysis: Barr appeared to endorse a widespread GOP view that the Mueller probe may have involved inappropriate surveillance of the Trump campaign.

William Barr Sends Troubling Signals Ahead of Mueller Report Release (WIRED) Attorney general William Barr will have tremendous sway over how much of the Mueller report the public can see. Right now, it doesn't look promising.

Eric Holder rebukes William Barr: It’s called 'investigating' not 'spying' (Washington Examiner) An Obama-era Justice Department chief took issue with Attorney General William Barr saying Wednesday that "spying did occur" on President Trump's 2016 campaign.

Gregory Craig, ex-Obama White House counsel, expects to be charged in relation to Ukrainian work with Manafort, his lawyers say (Washington Post) Craig has been scrutinized as part of a foreign lobbying investigation spun out of special counsel Robert S. Mueller III’s probe into Russian interference in the 2016 presidential election.

Two robocallers fined $3m for Google listings scam (Naked Security) The robocall scammers were defrauding small businesses who were scared of seeing their Google search listings drop off.

Two teens charged with jamming school Wi-Fi to get out of exams (Naked Security) They’re facing charges of computer criminal activity after allegedly disrupting the network at the request of their friends.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

San Antonio Cybersecurity Conference (San Antonio, Texas, USA, April 16, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel with three-to-five local CISOs discuss real-world problems and solutions.

Chicago Cybersecurity Conference (Chicago, Illinois, USA, May 9, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel with three-to-five local CISOs discuss real-world problems and solutions.

Louisville Cybersecurity Conference (Louisville, Kentucky, USA, May 30, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel with three-to-five local CISOs discuss real-world problems and solutions.

Seattle Cybersecurity Conference (Seattle, Washington, USA, June 6, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel with three-to-five local CISOs discuss real-world problems and solutions.

Baltimore Cybersecurity Conference (Baltimore, Maryland, USA, June 13, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel with three-to-five local CISOs discuss real-world problems and solutions.

upcoming Events

QuBit Conference Prague 2019 (Prague, Czech Republic, April 9 - 11, 2019) Over the past 5 years, QuBit has grown to be a leading cyber security community event in CEE region. This year's highlights include: excellent speakers and educational sessions, popular networking events, peer to peer meeting opportunities, pre-conference hands-on full day training. In its sixth year, in addition to speakers and panels, QuBit offers its usual leading edge topics, case studies, and popular networking events. The first day, April 9, is dedicated to full day hands-on training. April 10 and 11 are dedicated to two parallel tracks: cyber and management. This year QuBit expects some 240 delegates, including more than 220 C-level managers, experts, and practitioners.

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, April 10 - 11, 2019) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

ISC West 2019 (Las Vegas, Nevada, USA, April 10 - 12, 2019) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing everything from access control to unmanned vehicles from over 1,000 Exhibitors & Brands. With different activities taking place each day and over 1000 exhibitors and brands, there will be plenty of opportunities for you to maximize your time.

Maryland Cyber Day (Hanover, Maryland, United States, April 11, 2019) Maryland Cyber Day is a combination of two events, MD Cyber Day Marketplace followed by MD Cybersecurity Awards Celebration. Marketplace features cybersecurity innovation, an expo, technology demos, “Ask an Expert” Stations and Fireside Chat. Awards Celebration recognizes companies, individuals and organizations doing exemplary work in Maryland’s cybersecurity industry.

Data Connectors Cybersecurity Conference Los Angeles (Los Angeles, California, USA, April 11, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel with three-to-five local CISOs discuss real-world problems and solutions.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.