The CyberWire Daily Briefing 4.25.19

Cyber Attacks, Threats, and Vulnerabilities

Analysis: The Islamic State's allegiance videos (FDD's Long War Journal) The Islamic State's Amaq News Agency has released a video of eight jihadists in Sri Lanka swearing allegiance to Abu Bakr al-Baghdadi before a series of bombings on Easter Sunday. The video is similar to a string of others released by Amaq since mid-2016.

Amnesty says Hong Kong office hit by China-linked cyber attack (France 24) Amnesty International's Hong Kong office has been hit by a years-long cyberattack from hackers with known links to the Chinese government, the rights group said Thursday.

Bayer contains cyber attack it says bore Chinese hallmarks (defenceWeb) German drugmaker Bayer has contained a cyber attack it believes was hatched in China, the company said, highlighting the risk of data theft and disruption faced by big business. Bayer found the infectious software on its computer networks early last year, covertly monitored and analyzed it until the end of last month and then cleared …

Qbot Malware Dropped via Context-Aware Phishing Campaign (BleepingComputer) A phishing campaign dropping the Qbot banking Trojan with the help of delivery emails camouflaging as parts of previous conversations was spotted during late March 2019 by the JASK Special Operations team.

Malicious lifestyle apps found on Google Play, 30 million installs recorded (ZDNet) The adware-laden apps attempt to lure victims into installing additional software.

Adware Plagues Google Play Store (Avast) Adware installed 30 million times before being removed from Google Play Store, Avast research finds.

DNSpionage Attackers Deploying New Karkoff Backdoor (Decipher) The DNSpionage attack group is now using a new backdoor called Karkoff, which may have ties to the OilRig leaks as well.

DNSpionage group's Karkoff malware selectively pick victims (HackRead) Karkoff creates a timeline of the command execution which can be “extremely” useful when responding to this type of threat.

DNSpionage brings out the Karkoff (Talos Intelligence) A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

Emotet Adds New Evasion Technique and Uses Connected Devices as Proxy C&C Servers (TrendLabs Security Intelligence Blog) Recently, an analysis of Emotet traffic has revealed that new samples use a different POST-infection traffic than previous versions. It is also attempting to use compromised connected devices as proxy command and control (C&C) servers that redirect to the real Emotet C&Cs.

TA505 hackers thwarted at the door of a big financial org (CyberScoop) A failed attempt to breach a big financial institution is providing new data on a global criminal hacking group known for authoring the widely-used Locky ransomware. The group, dubbed TA505, has stalked financial organizations on multiple continents.

Russian-speaking hackers are using email to attack US retailers and others (Digital Commerce 360) Inside the United States, the hacking group called TA505, has focused its attacks on the retail and hospitality sectors, with an emphasis on large targets.

TA505 Abusing Legit Remote Admin Tool in String of Attacks (Dark Reading) Russian-speaking threat group has been targeting retailers and financial institutions in the US and abroad via a spear-phishing campaign.

A new cryptocurrency mining malware uses leaked NSA exploits to spread across enterprise networks (TechCrunch) Two years after highly classified exploits built by the National Security Agency were stolen and published, hackers are still using the tools for nefarious reasons. Security researchers at Symantec say they’ve seen a recent spike in a new malware, dubbed Beapy, which uses the leaked hacking t…

Point Blank Gamers Targeted with Backdoor Malware (Threatpost) The malware hides in the legitimate game downloads, signed with a real certificate; connections to ShadowHammer have been found.

Threat actors abuse GitHub service to host a variety of phishing kits (Proofpoint) Proofpoint describes how phishers are abusing the popular software development platform.

GandCrab attackers exploit recently patched Confluence vulnerability (CSO Online) If your company uses Confluence, make sure you have the latest available patches for this vulnerability.

Cyber Threats Report Reveals that DDoS Attacks Still Challenging (Neustar) Cyberattacks are becoming more complex. Here's what you need to know.

GoDaddy Takes Down 15,000 Spammy 'Snake Oil' Subdomains (WIRED) You know those ads hawking bogus brain pills? Security researchers just helped take out a bunch of the spammers behind them.

Twitter shuts down 5,000 pro-Trump bots retweeting anti-Mueller report invective (Ars Technica) Bots were tied to account formerly used for pro-Saudi messaging.

Security Patches, Mitigations, and Software Updates

With Notarization, Apple Moves to Greatly Reduce Malware on Macs (The Mac Observer) Notarization is an automated code scan service for Mac developers that looks for malicious code and blesses it if none found.

Cyber Trends

New Trustwave Report Underscores Progressing Global Cybersecurity Threats (Global Banking & Finance Review) Trustwave today released the 2019 Trustwave Global Security Report, which reveals the top security threats, breaches by industry and cybercrime trends

nCipher Survey Reveals Americans Trust Banks Most With Their Personal Data (nCipher Security) nCipher Security, the provider of trust, integrity and control for business-critical information and applications, reveals new research indicating that people trust banks and other financial entities to safeguard their personal data more than other organizations. The findings also illustrate how easily that trust can be eroded, along with Americans’ personal data protection concerns relative to banking and digital payments.

2019 Payment Card Fraud & the Financial Crime Ecosystem Report (Security Scorecard) Cybercriminals continue to infiltrate payment card systems to obtain cardholder data. Despite the rigorous compliance requirements set out by the Payment Card Industry Security Standards Council (PCI SSC), merchants and vendors find themselves as prime targets.

Majority of SMB Leaders Say They Would Pay Ransom to have Stolen Data Returned (AppRiver) Survey Reveals Unexpected Willingness to Render Payoffs to Cybercriminals,

Speed: The Most Essential Concept in Cyber (Nextgov) Speed defines both the success of the defender and the attacker.

Healthcare workers still a weak link in cyber defense plans (Health Data Management) Hackers are increasingly focusing attention on the people working at healthcare organizations, not worrying about the technical defenses that providers, payers and others have erected.

Report: 42% of Used Drives Sold on eBay Hold Sensitive Data (Infosecurity Magazine) For every 20 used drives analyzed, at least three contained PII

Fast and Furious Phishing Attacks – The Race Against Time Matters (Infosecurity Magazine) The race against time matters when defending against phishing attacks

Marketplace

Made in China, Exported to the World: The Surveillance State (New York Times) In Ecuador, cameras capture footage to be examined by police and domestic intelligence. The surveillance system’s origin: China.

Facebook Will Finally Pay—Billions—for Its Privacy Missteps (WIRED) In releasing its quarterly financial results Wednesday, Facebook said it expects to pay a fine of $3 billion to $5 billion to the FTC for violations related to user privacy.

Facebook profits soar as it brushes off Cambridge Analytica scandal (The Telegraph) Facebook has reported a 63pc increase in quarterly profits, with the under-pressure social network giving no evidence that the Cambridge Analytica row has halted its breakneck growth.

Facebook to take $5bn hit over privacy investigation (Times) Facebook could pay as much as $5 billion to settle an investigation by the American consumer watchdog into alleged violations of its users’ privacy. The technology company and publisher made the...

Facebook Sets Aside $3 Billion to Cover Expected FTC Fine (Wall Street Journal) Facebook set aside $3 billion for an expected fine from the Federal Trade Commission over privacy issues, cutting into profit even as its underlying business remained strong.

This Browser Will Pay You to Surf the Web (WIRED) Brave says it can show users ads while protecting their privacy; eventually, it hopes to also pay publishers.

Lydsec Acquires Keypasco Security Business (Global Security Mag Online) The Taiwanese tech company Lydsec Digital Technology Co., Ltd. acquires the online security business of Swedish security company Keypasco AB. The two companies have been partners since 2012 and this is the natural next step towards a stronger brand and continued strong product development.

How this Coimbatore-based cybersecurity firm caught the eye of Copenhagen's Zacco (YourStory) The 150-year-old Copenhagen-based Zacco, a consultancy-driven intellectual property software firm, has acquired Coimbatore-based cybersecurity startup Lakhshya in an all-cash deal. The startup will now serve as the cybersecurity R&D Centre of Excellence for Zacco India R&D.

After raising cash, Seattle cybersecurity startup Cyemptive acquires Adaptive Technology Group (GeekWire) Seattle-area cybersecurity startup Cyemptive today announced the acquisition of Adaptive Technology Group (ATG), a 14-year-old IT consulting service company also based in the Seattle region. The ten…

Digital Guardian Raises $30 Million; Bolsters Leadership Team to Accelerate Growing Global Demand for Data Protection (Yahoo) Digital Guardian today announced it has received $30 million in additional financing. LLR Partners, a leading private equity firm and existing investor, was the lead on the round and previous investors also participated. “We are seeing increasing demand from organizations around the world for

VDOO secures $32M for a platform that uses AI to detect and fix vulnerabilities on IoT devices (TechCrunch) Our universe of connected things is expanding by the day: the number of objects with embedded processors now exceeds the number of smartphones globally and is projected to reach some 18 billion devices by 2022. But just as that number is growing, so are the opportunities for malicious hackers to us…

Censinet Takes Off With $7.8M to Track Cyber Risks in Healthcare (Xconomy) Censinet, a Boston startup helping hospitals and other healthcare providers manage the cyber risk of their hundreds of third-party vendors, has launched

Stuart McClure on BlackBerry/Cylance (InnovationsAus.com) The first time Cylance founder chief executive Stuart McClure travelled to Australia, as a 19-year-old, he had a near-death experience en-route that changed his outlook on life quite profoundly. He says he began seeing the world in a different way.

Top 10 global cybersecurity hubs for 2019 (CSO Online) Many cities and regions are vying for the title of Cybersecurity Capital. Here are 10 of the leading and emerging contenders.

Booz Allen Hamilton adding 250 new jobs in San Antonio (ExpressNews.com) Booz Allen Hamilton plans to expand its workforce in downtown San Antonio if it receives city and county incentives.

Adams locates appʼ in Flatiron innovation hub (Real Estate Weekly) Adams & Co. Real Estate announced that Dashlane, Inc., a tech firm specializing in password management, has signed a 16,625 s/f ten-year lease at 44 West 18th Street. The New York-based, award-winning firm will utilize the full fourth floor for its national headquarters. James Buslik and Alan Bonett of Adams...

Oana Olteanu joins Scale Venture Partners (Scale Venture Partners) The newest member of our investing team adds to Scale’s technical depth in AI and machine learning

HyperGrid Accelerates Growth Strategy with Key Executive Appointments (PRWeb) HyperGrid, a market leader in hybrid Cloud Management Platforms (CMP), today announced the appointment of key executives in sales, marketing and produ

SailPoint Announces Upcoming Departure of Chief Revenue Officer (BusinessWire) SailPoint Technologies Holdings, Inc. (NYSE: SAIL), the leader in enterprise identity governance, today announced that Howard Greenfield will continue

Products, Services, and Solutions

ThreatConnect’s New Features Make Creating Security Playbooks Easier for All Users (ThreatConnect) New In-Platform App Builder and other capabilities provide more precise control for security operations, threat intelligence, and incident response teams

Recorded Future Simplifies Intelligence Operations (PR Newswire) Recorded Future, the largest threat intelligence company, today announced the release of the Recorded Future...

BitDam Now Available in the Microsoft Azure Marketplace (PRWeb) BitDam, Cross-channel Advanced Threat Protection (ATP), today announced the availability of BitDam in the Microsoft Azure Marketplace, an online store prov

NXM Labs Announces Breakthrough in Quantum-Safe Security for Existing Computers and IoT Devices (Yahoo) NXM QUAKE Strengthens Existing Security and IT Practices to Keep Devices, Software, Communications and Data Safe from Future Quantum Attacks

Acceptto Announces Continuous Authentication Integrations with Global Cloud Software Providers (Benzinga) Acceptto, a leading provider of Cognitive Continuous Authentication, today announced the extension of its Cognitive Continuous...

Secure Your Domains with DNSimple (PR Newswire) DNSimple, a leader in domain name management security, announces the ability to use the DNSimple API to request ...

HP aims to secure its PC portfolio with Sure Sense malware blocker (ZDNet) Sure Sense uses AI to prevent and block malware in near-real-time, including ransomware and previously unknown malware.

UK bank to trial fingerprint technology for card payments (CNBC) Contactless payment technology is becoming an increasingly popular way of purchasing things.

Closing the IoT Security Gap: Great Bay Software™ Unveils the Industry's First Enterprise-Class Risk Intelligence and Scoring Module (PR Newswire) Great Bay Software, an IoT security and operations leader, today unveiled Great Bay Risk Intelligence™, a new...

Kaspersky Lab announces enhancements to APT Intelligence Reports (Intelligent CIO Europe) Kaspersky Lab has enhanced its APT Intelligence Reports with contextual information related to advanced persistent threat (APT) actors and added mapping to the MITRE ATT&CK threat model for pre…

AppRiver Bolsters Email Encryption Offering (AP NEWS) AppRiver, a Zix (NASDAQ: ZIXI) company and leading provider of cloud-based cybersecurity, productivity, and compliance services, today announced that ZixEncrypt, will be available for AppRiver partners beginning on April 25, 2019.

Priceline Protects Customers With Newly Expanded HackerOne Bug Bounty Program (AP NEWS) Priceline.com (“priceline”), a world leader in online travel deals, today announced the expansion of its public bug bounty program with HackerOne, the global leader in hacker-powered security.

Flashpoint Improves Business Risk Intelligence Platform (eWEEK) Flashpoint is adding new visibility for dark web account and card store data alongside an enhanced dashboard in an effort to deliver actionable intelligence that advances the state of security.

Technologies, Techniques, and Standards

How IBM X-Force IRIS Prepared for the Ukraine Election (Security Intelligence) More than a month before the first round of the Ukraine election in March, we decided that we couldn't afford to sit on our heels until an attack was launched.

Debunking The Myths And Reality Of Artificial Intelligence (Forbes) In this article, we debunk key AI myths and misunderstandings that are distracting organizations and derailing many AI initiatives. We recommend practical solutions to accelerate AI adoption with fewer risks and maximum transformative effects on current and future business and workforce.

DNS over HTTPS is coming whether ISPs and governments like it or not (Naked Security) DNS over HTTPS (DoH), backed by Google, Mozilla and Cloudflare, is about to make web surveillance a lot more difficult.

Strengthening our approach to deliberate attempts to mislead voters (Twitter) Twitter is strengthening our approach to deliberate attempts to mislead voters by creating a dedicated reporting feature within the product to allow users to more easily report this content to us.

Facebook's flood of languages leave it struggling to monitor content (Reuters) Facebook Inc's struggles with hate speech and other types of problematic co...

Thycotic debunks top Privileged Access Management myths (Security Brief) Privileged Access encompasses access to computers, networks and network devices, software applications, digital documents and other digital assets.

How to Protect WordPress Websites from SQL Injection (Security Boulevard) If you are using WordPress as your website CMS, it's important to be aware of SQL injection threats that could take down your business.

Is the Navy's New Cybersecurity Program Shipshape? (SIGNAL Magazine) The Navy's Combat to Connect in 24 Hours program uses open source technologies and a unique cloud infrastructure to reduce the network attack surface and vulnerabilities.

Air Force Launches Electronic Warfare Roadmap: EMS ECCT 2.0 (Breaking Defense) The Air Force is looking across the enterprise to build a comprehensive map of all electronic warfare capabilities for the second stage of its landmark service-wide probe of how to bolster the Air Force’s EW and cyber warfare capabilities.

Design and Innovation

Microsoft knows password-expiration policies are useless (Engadget) Microsoft says password-expiration policies are "an ancient and obsolete mitigation of very low value."

Does your company have an AI ethics dilemma? (Information Age) The ethics of Artificial Intelligence has been in the news -- particularly with the creation and almost immediate collapse of Google’s AI Ethics board. But do companies that are new to AI tools need to be asking themselves: 'Do I have to 'care' about ethics?' asks Alexa Hagerty and Igor Rubinov.

Technology ethics campaigners offer plan to fight 'human downgrading' (Reuters) (Quartz) Technology firms should do more to connect people in positive ways and steer awa...

Research and Development

Electron qubit non-destructively read: Silicon qubits may be better (Ars Technica) Qubit avoids quantum wrecking ball, silicon may be future for quantum computers.

In-Q-Tel President Chris Darby on the intelligence community's innovation challenges (CBS News) Technology "underpins society today in a way it never has before," Darby said

Academia

Coastline College Designated Again as National Center of Academic Excellence in Cyber Defense Education (Longview News-Journal) Coastline College has been named again a National Center of Academic Excellence in Cyber Defense Education (CAE2Y) by the National Security Agency

Legislation, Policy and Regulation

Cyberspace new battle ground against ISIS, says Mohamad Sabu (Malay Mail) Defence Minister Mohamad Sabu has called for greater vigilance against the threat of ISIS in cyberspace, warning that it “keeps the virtual form of caliphate alive through the diabolical language of hatred.” Condemning the recent terror attacks in Sri Lanka and New...

Blocking social networks after terrorist attacks can do more harm than good (The Verge) We should be suspicious when governments crack down on speech in the name of safety

Disinformation Is Drowning Democracy (Foreign Policy) In the new age of lies, law, not tech, is the answer.

US Urges ‘Like-Minded’ Countries To Collaborate On Cyber Deterrence (Breaking Defense) “We have a saying in Asia...When the elephants fight, the ants get smashed.”

DNS hacks are attacks on critical infrastructure, senior U.S. diplomat says (CyberScoop) Any nation-state behind recent hijackings of Domain Name System (DNS) records should, in theory, be held responsible under the latest cyberwarfare norms agreement made by 20 countries at the UN in 2015, says America’s top cyber diplomat. “One of the norms is disrupting physical infrastructure providing services to the public, and I think that fully encapsulates the internet’s DNS function,” Amb. Robert Strayer told CyberScoop Tuesday on the sidelines of the Atlantic Council’s International Conference on Cyber Engagement.

Defending the nation in cyberspace — a call to action (TheHill) The threat we face is complicated by the fact that, in most cases, the private sector stands on the front lines alone.

In era of ‘defend forward,’ what does success look like? (Fifth Domain) U.S. Cyber Command’s new operating philosophy of “defend forward” has helped clarify how the Department of Defense can protect the United States from cyberattacks, a Pentagon official said April 23.

ZTE prepares for 5G trials in India despite security concerns (TelecomLead) ZTE, one of the telecom network makers from China, said it is awaiting spectrum allocation to mobile operators to conduct the 5G tests in India. Indian telecom operators such as BSNL, Bharti Airtel, Vodafone Idea and Reliance Jio are planning to join the 5G race in 2020. But the Government is yet to finalize the …

'Five Eyes' Intelligence Members to Detail Cyber Threats (BankInfo Security) For the first time, members of the secretive "Five Eyes" intelligence-sharing group will make a joint public appearance to discuss how they collaborate,

Huawei will help build Britain’s 5G network, despite security concerns (The Verge) Experts and policymakers are wary of letting China get involved in domestic infrastructure

Spy chiefs in uproar over leak from secret Huawei talks (Times) An unprecedented leak from highly confidential talks with senior ministers about the Chinese telecoms company Huawei has caused outrage among spy chiefs. There were calls for an inquiry after...

Huawei frustration boils over as CIA allegedly shows the goods (Telecoms.com) In China, Huawei cybersecurity bosses vented their frustrations, while in the US, the CIA has reportedly produced evidence of Chinese Government investment in the telco vendor.

U.S. and British Intelligence Agencies Downplay Disagreement Over Huawei 5G (Forbes) Huawei risk assessments differ, but NSA, GCHQ and other spy agencies seek to allay concerns over any divide.

UK at odds with cyber-allies over Huawei (BBC News) The US has been pressing other nations to ban use of the Chinese firm's 5G kit on security grounds.

Brit spy chief: We need trust or we won't have a 'licence to operate in cyberspace' (Register) GCHQ U-turns, wants Joe Public onside as well as industry

GCHQ to share threat intelligence with UK businesses (The Daily Swig) Huawei bosses should put the champagne on ice

NSA Recommends Dropping Phone-Surveillance Program (Wall Street Journal) The National Security Agency has recommended that the White House abandon a U.S. surveillance program that collects information about Americans’ phone calls and text messages, saying the logistical and legal burdens of keeping it outweigh its intelligence benefits.

Suppliers criticise government over Huawei snub (CRN) Chinese vendor will be allowed to play a part in UK's 5G network but will be banned from 'core infrastructure', according to reports

Trump makes security clearance transfer official with executive order (Federal News Network) After months of promises that the move was imminent, President Donald Trump has made the transfer of the governmentwide security clearance program from the Office of Personnel Management to the…

Progress Is Finally Being Made on Security Clearance Backlog (Government Executive) Improvements to processing times are still needed.

Adam Vincent, ThreatConnect: IoT Needs Regulation Because Our Safety Is Involved (TechNadu) Adam Vincent, co-founder and CEO of ThreatConnect, discusses in an interview with TechNadu the need for proper cyber budgets, threats, IoT, VPNs, and more.

A new bill would force companies to check their algorithms for bias (The Verge) It’s trying to hold big companies and data brokers accountable

In Push for 2020 Election Security, Top Official Was Warned: Don’t Tell Trump (New York Times) As homeland security secretary, Kirstjen Nielsen became increasingly worried about Russian attempts to influence the 2020 election. But she couldn’t discuss it at high-level White House meetings.

Litigation, Investigation, and Enforcement

Sri Lanka blasts expose flaws in organisational culture of country's security apparatus, its complacency in face of jihadist terror (Firstpost) The changing nature of global terrorism, transnational organised crimes and cyber-sabotage continue to pose serious security threats to all littoral states in the Indian Ocean region.

All Sri Lanka Catholic church services suspended: Senior priest (CNA) All of Sri Lanka's Catholic churches have been ordered to stay closed and suspend services until security improves after deadly Easter ...

Fourth Sri Lanka hotel bomb failed to explode (Times) One of the Easter Day bombers tried to attack a fourth luxury hotel in the Sri Lankan capital but was foiled by a faulty suicide vest, The Times has learnt. The bomber, who once studied in England...

Russia's hack into the US election was surprisingly inexpensive, Mueller report shows (CNBC) After reading special counsel Robert Mueller's report, experts noted how Russian internet trolls and hackers appeared to use limited resources in carrying out cyberattacks and online campaigns during the 2016 U.S. elections.

The Press Will Learn Nothing From the Russiagate Fiasco (Rolling Stone) The inability to face the enormity of the last few years of errors will cost the news media its credibility, even with blue-state audiences

Venezuelan Government Announces Arrests over Electrical Blackouts (Venezuelanalysis) The government issued an arrest warrant request for the ex-security chief of the Guri Complex, who allegedly fled to the US following the March blackouts.

American, 2 more accused of powerjacking Venezuela (Business Standard) An American, a Colombian and a Spanish citizen has been accused by the Nicolas Maduro government of carrying out alleged "attacks" on the country's electricity grid in March.

This Nonprofit Wants to Offer Political Campaigns Free Protection From Hackers. Here’s the Catch. (Slate Magazine) A logical FEC proposal—with one potentially fatal flaw.

Dark Web’s Wall Street Market Suspected of Exit Scam (Infosecurity Magazine) Admins look like they’re taking the money and running

Another dark web marketplace bites the dust --Wall Street Market (ZDNet) Two major dark web marketplaces for buying illegal products shut down in the span of a month.

IT boss admits cyber attack on his employer (Echo) A man has pleaded guilty to carrying out a cyber-attack on his former employer in Great Baddow after he was dismissed.

‘If You Want to Kill Someone, We Are the Right Guys’ (WIRED) In a small Minnesota town, an IT technician found his way to the darkest corner of the web. Then he made a deadly plan.

Coast Guard officer accused of making hit list targeted Supreme Court justices, feds say (Navy Times) A Coast Guard lieutenant accused of stockpiling guns and compiling a hit list of prominent Democrats and network TV journalists looked at other targets: two Supreme Court justices and two executives of social media companies, according to federal prosecutors.

Air Force Academy ethics instructor arrested for luring child on the internet (Air Force Times) Sikkema is scheduled to appear in court Thursday morning.

Gunpoint domain hijack turns out to have been a family affair (Naked Security) The owner of State Snaps hired his cousin to break into the home of the owner of DoItForState.com to force him to transfer the domain.

NYPD forgets to redact facial recognition docs, asks for them back (Naked Security) The privacy think tank had them for 20 days, and one of the docs was already displayed at a conference, but the NYPD is still clawing them back.

Bring your own context.