The CyberWire Daily Briefing 4.26.19

Cyber Attacks, Threats, and Vulnerabilities

Beapy: Cryptojacking Worm Hits Enterprises in China (Symantec) Cryptojacking campaign we have dubbed Beapy is exploiting the EternalBlue exploit and primarily impacting enterprises in China.

Cryptomining worm 'Beapy' targets Asian enterprises, ignores consumers (SC Media) Researchers have discovered a previously unknown, file-based cryptominer worm that has been heavily targeting enterprises based in Asia.

EternalBlue Exploit Serves Beapy Cryptojacking Campaign (BleepingComputer) A cryptojacking campaign uses NSA's leaked DoublePulsar backdoor and the EternalBlue exploit to spread a file-based cryptocurrency malware on enterprise networks in China.

The Economy of Credential Stuffing Attacks (Recorded Future) Insikt Group reviews popular tools used by cybercriminals to initiate credential stuffing and explores marketplaces that sell compromised credentials.

An inside look at how credential stuffing operations work (ZDNet) Data breaches, custom software, proxies, IoT botnets, and hacking forums -- all play a role.

The Anatomy of Highly Profitable Credential Stuffing Attacks (BleepingComputer) Even though credential stuffing is a popular method used by hacking groups to attack businesses since at least late 2014, there still is a lot to be uncovered about the techniques malicious actors use to run them.

DNSpionage actors adjust tactics, debut new remote administration tool (SC Media) The actors behind DNSpionage DNS hijacking campaign have introduced a new reconnaissance phase and a new malicious remote administration tool, Karkoff.

Emotet Uses Compromised Devices as Proxy Command Servers (BleepingComputer) A new Emotet Trojan variant has been observed in the wild with the added capabilities of using compromised connected devices as proxy command-and-control servers and of employing random URI directory paths to evade network-based detection rules.

ExtraPulsar backdoor based on leaked NSA code – what you need to know (Naked Security) A US security researcher has come up with an open-source Windows backdoor loosely based on NSA attack code that leaked back in 2017.

Qualcomm Critical Flaw Exposes Private Keys For Android Devices (Threatpost) A side-channel attack in Qualcomm technology, which is used by most Android devices, could allow an attacker to snatch private keys.

New Oracle WebLogic zero-day discovered in the wild (ZDNet) Chinese cyber-security firm warns about impending attacks on Oracle WebLogic servers.

Romanian intelligence service outlines cyberattack scenarios during elections (Romania Insider) The National Cyberint Center, part of the Romanian Intelligence Service (SRI), has outlined five scenarios of possible cyberattacks on the IT systems of public institutions during the EU and presidential elections of this year, Agerpres reported.

Fake Social Accounts Multiply; Can Users ID Them? (Infosecurity Magazine) A new quiz tests user ability to detect fake social accounts.

Amazon's Alexa Data Services team could track users to their homes, claim insiders (Computing) Insiders reveal more about the personal information the Alexa Data Services team are able to read from users' Alexa personal assistants

Supply Chain Attacks: When Things Go Wrong (Infosecurity Magazine) How supply chain attacks have leveraged the weakest links in security

Browser Security: The Worst Code Injections and How They Work (Security Boulevard) What do browser-based attacks have in common? They target locally installed browsers through malicious code injects.

Avengers: End Game leaked online soon after releasing in China (HackRead) Avengers: End Game has been leaked online because why not?

Security Patches, Mitigations, and Software Updates

ProtonMail now offers elliptic curve cryptography for advanced security and faster speeds (Security Boulevard) Elliptic curve cryptography is the most advanced cryptographic system available. Now ProtonMail is making this technology available to all users.

Cyber Trends

National Security Council cyber chief: Criminals are closing the gap with nation-state hackers (CyberScoop) Cybercriminals are catching up to nation-states’ hacking capabilities, and it’s making attribution more difficult, the National Security Council’s senior director for cybersecurity policy said Thursday. “They’re not five years behind nation-states anymore, because the tools have become more ubiquitous,” said Grant Schneider, who also holds the title of federal CISO...

Cybercriminals are becoming more methodical and adaptive (Help Net Security) Global cybersecurity threats are progressing as organizations improve in areas such as time to detection and response to threats.

New Glasswall-sponsored Research Reveals Security Leaders' Ongoing Conundrum (BusinessWire) Glasswall Solutions today released its latest research report “Keeping the Enterprise Secure: A Tangled Web of Contradictions,” revealing the increasi

Attacks on Businesses Soar 235% in Q1 (Infosecurity Magazine) Malwarebytes report reveals growth in Trojans and ransomware

Connected devices, legacy systems leave hospitals wide open to cyber attack (Healthcare IT News) A new study from vendor Vectra monitored network traffic for six months to find the most prevalent methods attackers use to gain control and access protected information.

Marketplace

IoT Set to Put Strain on Cyber Skills Market (Infosecurity Magazine) Demand soars for specific roles

Former BAE exec to promote UK cybersecurity ‎exports (Sky News) Dr Henry Pearson will help UK companies bid for contracts with foreign governments and central banks, Sky News understands.

Raytheon services biz continues shift beyond traditional defense (Washington Technology) Raytheon's government services business continues to bet on itself and partnerships as it pursues more space, cyber and command-and-control opportunities.

Nadella claims Microsoft is the 'clear leader in cloud security' as sales rise again (CRN) Azure sees revenue growth of 73 per cent

Dan Gilbert's Detroit startup has no profits. But it could be worth $1B (Detroit Free Press) Dan Gilbert-backed StockX would mark the third time in the past couple of years that a southeast Michigan startup has become a unicorn.

'On borrowed time with the arrogance they show': The most brutal 2019 Vendor Report comments so far (CRN) Which vendor has been castigated for its 'wide boy' sales staff, and whose 'stupid schemes and obscure rebates' are driving the channel mad?

Armis Raises $65 Million to Accelerate Its 700% Growth in Addressing Massive Enterprise IoT Security Exposure (Armis) Armis, the enterprise IoT security company, today announced it has raised $65 million in Series C …

Canadian Innovation Investment Marks Another Funding Milestone for ISARA Corp. (BusinessWire) With this month’s strategic investment of $7.2 million from Canada’s Strategic Innovation Fund, ISARA Corp., the world’s leading provider of agile qua

DISA Awards Two Contracts to Build a Moat Around the Pentagon’s Internet (Nextgov.com) The two selected vendors will prototype cloud-based systems that isolate the department’s internal network from the public internet while still allowing employees to browse the web.

Collibra appoints new Chief Information Security Officer, Myke Lyons (Collibra) Former ServiceNow executive joins leader in data governance, catalog, and privacy

McLean cybersecurity firm Cyren appoints new CEO (Washington Business Journal) Brett Jackson, former CEO of Digital Reasoning, has been appointed CEO of McLean-based Cyren.

Products, Services, and Solutions

Introducing the threat bounty (Medium) PolySwarm’s threat detection marketplace has created the possibility of a new type of cyber-related bounty: Say hello to the threat…

Center for Internet Security (CIS) Selects Qualys to Provide its Members with Continuous Monitoring of their Internet facing Digital Certificates and SSL/TLS Configurations (PR Newswire) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance...

AT&T Cybersecurity develops new AlienApp for Box for highly secure content management in the cloud (Alien Vault) Today, I’m excited to share that we have released AlienApp for Box, a new security integration between AT&T Cybersecurity and Box, a leader in cloud content management. This new feature within USM Anywhere takes advantage of Box's granular logging capabilities and powerful APIs to add an additional layer of security for Box Enterprise customers that enables you to monitor your Box environments for potential threats and malicious activities. With the AlienApp for Box, you can enhanc

Protiviti Offers Cyber Risk Quantification Through New Partnership with RiskLens (PR Newswire) Global consulting firm Protiviti has launched a Cyber Risk Quantification as a Service offering in alliance...

United Bulgarian Bank Selects OneSpan to Help Fight Social Engineering and Mobile Malware Attacks (West) Leading bank implements OneSpan’s Cronto and Mobile Security Suite to protect online and mobile banking applications while meeting PSD2 Requirements

Fortinet Claims Industry's First SD-WAN ASIC (Virtualization Review) Security specialist Fortinet announced what it claims is the industry's first application-specific integrated circuit for the burgeoning software-defined wide-area networking space.

Centrify Achieves FedRAMP Authorization (Yahoo) Federal agencies can now accelerate cloud deployments by securing privileged access with Centrify cloud-ready Zero Trust Privilege Services

ESET Partners with Alphabet’s Chronicle (AP NEWS) ESET, a global leader in cybersecurity, today announced it has partnered with Chronicle, an Alphabet company, to provide essential validation on security incidents and alerts within Backstory, Chronicle’s global cloud service where companies can privately upload, store, and analyze their internal security telemetry to detect and investigate potential attacks.

Technologies, Techniques, and Standards

Nato rüstet sich für den Cyberkrieg (Tagespiegel) Virtuell und doch ganz real: Die Nato übt mit IT-Experten aus fast 30 Ländern in Talinn, Angriffe auf ihre Infrastruktur abzuwehren.

Fort Bragg cut power for thousands to test ‘real-world reactions’ to a cyber-attack (Miami Herald) Fort Bragg Army base in eastern North Carolina went into a “blackout” for more than 12 hours as part of cyber attack military exercise. The base sought to see ‘real world reactions’ to a power outage.

Twitter launches reporting tool to curb misinformation during campaigns (Washington Post) It allows users to flag posts that attempt to mislead users about registering to vote or cast a ballot; identification requirements; and the date and time of an election.

Are election tech vendors making the right cybersecurity moves? (CyberScoop) Election tech companies are telling the world they are fixing their cybersecurity issues. Will the changes they make satisfy everyone ahead of 2020?

How to Easily Spot and Avoid Apple ID Phishing Scams (Heimdal Security Blog) Apple ID users are frequent targets of phishing scams. Here is how the Apple ID phishing scams work and what you can do to avoid them.

What does a threat intelligence team do? - (Enterprise Times) Joel Cedersjö, Threat Intelligence Manager, NTT Security explains what a threat intelligence team does and who he recruits.

Research and Development

Quantum Xchange Tests Toshiba’s Quantum Key Distribution System; Doubles Network Capacity with Optical Multiplexing (BusinessWire) Quantum Xchange has collaborated with Toshiba Corporation to double the capacity of Phio, the first nationwide QKD network in the U.S.

Legislation, Policy and Regulation

Putin won the battle, but the outcome of the war is still uncertain (Center for Public Integrity) The Kremlin’s election triumph has been undermined by Mueller’s disclosures and by Washington’s renewed strategic wariness.

Information Warfare Is Here To Stay (Foreign Affairs) States have always fought for the means of communication.

Five Eyes cyber summit – five things we learned (PublicTechnology.net) If you spend too much time in certain poorly illuminated corners of the internet, you will find a fair few people who characterise the Five Eyes intelligence alliance as a front for a shadowy cabal committed to spying on citizens, no doubt while spreading chemtrails and pulling the strings of the New World Order.

Is Cyber Command really being more ‘aggressive’ in cyberspace? (Fifth Domain) Some inside and outside government are careful to couch new cyber authorities as offensive in nature, saying they allow greater flexibility in defense.

Huawei Still Has Friends in Europe, Despite US Warnings (WIRED) The UK appears ready to allow Huawei gear in "non-core" parts of its 5G network. Many European countries rely heavily on Chinese equipment.

Here's which leading countries have barred, and welcomed, Huawei's 5G technology (CNBC) Huawei has faced mounting political pressure as the U.S. asks other countries to block the Chinese firm from being involved in 5G networks.

Federal CISO Wants To Move Beyond ‘Whack-a-Mole’ Supply Chain Security (Nextgov) Sweeping bans on Kaspersky Lab, ZTE and Huawei products were the right move, but Grant Schneider thinks the government needs a more scalable approach.

U.K. Cybersecurity Agency Won't Tip Regulator on Breaches (Bloomberg) Policy to allay fears of GDPR chill on information sharing. Data regulator reiterates legal duty to notify it of breaches.

Should Canadian technology be used to stifle free speech? (National Post) Opinion: Canadian-made technology seems to be enabling the Egyptian regime to block access to tens of thousands of internet sites

Spain on the front line of election security ahead of EU-wide poll (Daily Swig) Combating disinformation and election meddling, one bot at a time

State of Washington Expands Breach Notice Laws (Infosecurity Magazine) Companion bills try to give citizens the right to know what data companies are collecting.

Litigation, Investigation, and Enforcement

Sri Lankan spice tycoon’s sons and daughter-in-law were suicide bombers in Easter attacks (Washington Post) The explosions around the country Sunday killed 359 people.

Sri Lankan attacks example of ISIS spreading from Iraq, Syria into Afghanistan: Iran FM Zarif (Business Standard) The Islamic State (ISIS) has been "airlifted" from Iraq and Syria into Afghanistan and one example of it is the barbaric attack in Sri Lanka on Easter Sunday, Iran's Foreign Minister Mohammad Javad Zarif said here.

Sri Lanka tourists warned of more terror (Times) The Foreign Office has warned against all but essential travel to Sri Lanka amid fears that Islamist terrorists are preparing more attacks after the Easter Sunday bombings. Sri Lankan police...

Sri Lanka’s Christians and Muslims Weren’t Enemies (Foreign Policy) The country’s real divide has been between Buddhists and Muslims, but the Easter attacks may change all that.

Ultimatum to cabinet ministers in Huawei leak investigation (Guardian) Senior figures in Theresa May’s cabinet deny role in leaking details of vote in National Security Council meeting

Calls for criminal inquiry as top ministers deny Huawei security leak (Times) Jeremy Hunt led a chorus of denials from senior ministers last night that they were responsible for the first known leak from Britain’s top national security body. Theresa May came under pressure...

Minister says 'criminal inquiry' possible into leak of Huawei decision over new 5G network (The Telegraph) Jeremy Wright, the Culture Secretary, has refused to rule out a criminal inquiry into the leak of a Government decision to allow Chinese telecommunications giant Huawei to work on the UK's new 5G mobile network.

How the case against Maria Butina began to crumble (CNN) Prosecutors have recanted some allegations and already dropped one charge against her as part of a plea deal.

Facebook hit with three privacy investigations in a single day – TechCrunch (TechCrunch) Third time lucky — unless you’re Facebook . The social networking giant was hit Thursday by a trio of investigations over its privacy practices following a particularly tumultuous month of security lapses and privacy violations — the latest in a string of embarrassing and damaging breaches at…

Canada accuses Facebook of breaking privacy laws, promises to take the company to court (Washington Post) Canadian regulators on Thursday found that Facebook committed "serious" breaches of local laws over its mishandling of users' personal information, announcing they would take the company to court to force it to change its privacy practices.

Facebook says it filed a US lawsuit to shut down a follower-buying service in New Zealand (TechCrunch) Facebook is cracking down on services that promise to help Instagram users buy themselves a large following on the photo app. The social network said today that it has filed a lawsuit against a New Zealand-based company that operates one such ‘follower-buying service.’ The suit is in a …

Poland joins Europol’s cyber-crime taskforce (Global Government Forum) Poland has become the latest country to join an international initiative to tackle the growing problem of cyber-crime, such as payment fraud and malware. Europol, the European Union's law-enforcement agency headquartered in The Hague, has announced that the country has deployed a cybercrime speci

Analysis | The Cybersecurity 202: Cybersecurity proposal pits cyber pros against campaign finance hawks (Washington Post) Ex-Clinton and Romney aides want to help campaigns combat foreign hackers

Teen sues Apple for $1 billion over Apple stores’ facial recognition (Naked Security) He claims that Apple allegedly uses the technology to spot shoplifters and that it falsely linked him to a series of Apple store thefts.

Bring your own context.