The CyberWire Daily Briefing 5.8.19

Summary

By the CyberWire staff

Microsoft Exchange has received a good bit of hacking attention recently, and ESET has a partial explanation. Turla, also known as Snake or Uroburos, a Trojan long used by Russian intelligence services, is back, and using what ZDNet calls "one hell of a clever backdoor." The backdoor is called "LightNeuron," and it functions as a mail transfer service, which is thought to be a first. It's been active since 2014, and it's hit targets in Brazil, Eastern Europe, and the Middle East. It's an espionage tool, not a conventionally criminal one.

SafeGuard Cyber says the bad actors never left the European elections' fields of influence. They've been tracking bots, trolls, and hybrids, all of which have been active against the electorates of Germany, Italy, France, Spain, Poland, and the United Kingdom.

In the US, outlines of Cyber Command's preparations to help secure the 2020 elections grow clearer. The Command seems likely to take a more active approach, hunting for cyber operators and influence campaigns in foreign networks, the Washington Post reports. Bot herders and troll masters can at the very least expect some stern talking-tos by direct message.

Another large cryptocurrency exchange has been looted. Binance, the world's leading alt-coin trading system by volume, lost some $41 million to hackers, Reuters reports. Binance, founded in China but now operating out of Japan and Taiwan, has suspended trading until it gets a handle on security.

Closer to home, Baltimore's city government was hit yesterday by ransomware, Fifth Domain and others report.

Analyze Who Has Access to What Within Your IT Infrastructure Now

Notes.

Today's issue includes events affecting Canada, China, European Union, France, Germany, Israel, Italy, Japan, Pakistan, Poland, Russia, Spain, Taiwan, United Kingdom, and United States.

Bring your own context.

There are any number of reasons, some good, some not so good, others downright bad, to put off patching. But delayed or disregarded patches may have been at the root of the recently disclosed cyber incident affecting the power grid in three western US states.

"And in fact, the Department of Energy disclosure that this utility in question didn't patch this vulnerability that was available for apparently quite a long time, that's the sort of thing that could invite regulatory scrutiny from the North American Electric Reliability Corporation. So I expect perhaps we haven't heard the last from them. And, you know, it wouldn't be hard to imagine regulators there pursuing some sort of fine or enforcement action against this utility if they - if it did emerge that, you know, this vulnerability in some presumably pretty critical grid software just went unpatched for a long time." Blake Sobczak, E&E News, on the CyberWire Daily Podcast, 5.6.19.

Manage risk in haste, repent at leisure. (And remediate with a whole lot more haste.)

The CISO's ultimate guide to AppSec: 11 essential best practices you should know

By now, we are all too aware of the consequences of a data breach: brand damage, loss of customer confidence, potentially costly litigation, regulatory fines, and more. But most organizations aren’t as familiar with how to prevent these attacks. This guide highlights 11 data security best practices to minimize risk and protect your data.

On the Podcast

In today's podcast, out later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin tells us all about how emojis get interpreted in court. And our guest, Meny Har from Siemplify, talks SOCs and SOAR.

And some of our correspondents are down in Florida this week for KB4-Con. Stand by for notes in our social media channels (Twitter, Instagram, or Facebook), and for special editions of Hacking Humans.

Sponsored Events

Cybersecurity Impact Awards (Arlington, Virginia, United States, May 14, 2019) Winners of the Cybersecurity Impact Awards will be announced and recognized at the May 14, 2019 CYBERTACOS event. The event will start at 5:30 p.m. and the award presentation will begin at 6:00 p.m.! Join us afterwards for tacos and networking!

Cyber Investing Summit (New York City, New York, United States, May 16, 2019) The Cyber Investing Summit is a conference focused on financial opportunities and strategies in the cybersecurity sector. Join key decision makers, investors, and innovators to network, learn, and develop new partnerships May 16th in NYC. More information: www.cyberinvestingsummit.com.

Cyber Security Summits: May 16 in Dallas and in Seattle on June 25th (Dallas, Texas, United States, May 16 - June 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Verizon, Center for Internet Security, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com

Uniting Women in Cyber (Arlington, VA, United States, May 17, 2019) Join us as we celebrate the women in today’s cybersecurity ecosystem at the Uniting Women in Cyber Symposium on May 17, 2019! This full-day event features dynamic women speakers discussing the future of tech, cybersecurity and business. Network among 300–400 business and technical professionals and attend our awards reception recognizing women in tech and business.

DreamPort Event: Tech Talk Series: How DevOps and Automation Can Accelerate Warfighting Readiness (Columbia, Maryland, United States, June 19, 2019) Come hear NetApp's own DevOps journey and lessons learned and see how NetApp has equipped large enterprises to change fast and manage risk, with its deep integration with DevOps tools. In this interactive demonstration and discussion, NetApp will guide conversation towards a DevSecOps vision that can be realized immediately with capabilities that are available today to Defense Department developers.

DreamPort Event: RPE- 006: The Defense at Pemberton Mill (Columbia, Maryland, United States, June 21, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM is hosting RPE -006: The Defense at Pemberton Mill. For this event, we'll be looking for solutions that monitor a fictitious network for vulnerabilities and detect attacks in progress. We want participants to bring solutions for monitoring both information technology (IT) and operational technology (OT) networks both in live (with network taps) and offline (PCAP) mode. This event is June 21.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Bad actors increasingly spreading misinformation via social media ahead of EU elections (Help Net Security) Bad actors are amplifying misinformation content directed at EU member states to shape public perception, a report by SafeGuard Cyber reveals.

EU Election Security Report (SafeGuard Cyber) This report outlines our investigation into Russian Twitter bot disinformation campaigns in the EU parliamentary elections.

Researchers discover highly stealthy Microsoft Exchange backdoor (Help Net Security) The LightNeuron Microsoft Exchange backdoor can read, modify or block emails going through the compromised server, and even compose and send new emails.

Russian cyberspies are using one hell of a clever Microsoft Exchange backdoor (ZDNet) Turla APT found exploiting LightNeuron backdoor, a first of its kind targeting Microsoft Exchange email servers.

Russian Nation-State Group Employs Custom Backdoor for Microsoft Exchange Server (Dark Reading) Turla hacking team abuses a legitimate feature of the Exchange server in order to hide out and access all of the target organization's messages.

Hackers steal $41 million worth of bitcoin from Binance... (Reuters) Hackers stole bitcoin worth $41 million from Binance, one of the world's la...

Hackers Steal $40.7 Million in Bitcoin From Crypto Exchange Binance (CoinDesk) Crypto exchange Binance has disclosed a 7,000 BTC loss following the discovery of what it called a "large scale security breach."

Hackers Steal $40 Million Worth of Bitcoin From Binance Exchange (Bloomberg) Deposits and withdrawals suspended pending security review. Binance says hackers may still control some user accounts.

MegaCortex ransomware distracts victims with Matrix film references (Naked Security) One moment, the defenders’ network looked secure but the next, as if out of nowhere, the ransom note pops up.

iTWire - Ex-NSA man slams Israel for strike on alleged Hamas cyber attackers (ITWire) Israel has crossed the Rubicon with its attack on alleged cyber attackers belonging to the Palestinian group Hamas, a well-known information security...

Flaws in the design of IoT devices prevent them from notifying homeowners about problems (Help Net Security) Design flaws in “smart home” Internet-of-Things (IoT) devices that allow third parties to prevent devices from sharing information have been identified.

Cyberattack cripples Baltimore’s government computer servers (Fifth Domain) The Tuesday problems come just over a year since another ransomware attack hit Baltimore's 911 dispatch system, prompting a worrisome 17-hour shutdown of automated emergency dispatching.

Baltimore city government computer network hit by ransomware attack (Baltimore Sun) Baltimore City government computers were infected with ransomware Tuesday, the mayor's office said, shutting down many technology systems while officials battle the attack.

Mayor Young’s Statement on Baltimore City IT Issue (Baltimore City Hall) Baltimore City core essential services (police, fire, EMS and 311) are still operational but it has been determined that the city’s network has been infected with a ransomware virus.

Cyber attack leaves Huntington voters concerned during primary election (WPTA) A cyber attack left a few Huntington voters concerned during Tuesday's primary election.

Report: Freedom Mobile Customer Data Breach Exposes 1.5 Million Customers (vpnMentor) vpnMentor‘s research team recently discovered that Freedom Mobile experienced a huge data breach. Led by hacktivists Noam Rotem and Ran Locar, ...

Security Patches, Mitigations, and Software Updates

Google to enable Chrome users to block tracking cookies (Computing) Google Chrome clampdown on tracking cookies unlikely to affect Google's own user tracking

We are too lazy to protect our privacy - and Google knows it (The Telegraph) Nobody imagined they would be wed to Google for their entire life.

Verizon Galaxy S10, S10+, S10e Updated With April Security Patch (Droid Life: Just Doing Android News, Man.) Verizon is shipping out the April security patch to the Galaxy S10, Galaxy S10+, and Galaxy S10e today...

Cyber Trends

Over 1,900 breaches reported in the first three months of 2019, a new Q1 record (Risk Based Security) Risk Based Security today announced the release of its Q1 2019 Data Breach QuickView Report, which found that there were 1,903 publicly disclosed data compromise events in the first three months of the year, exposing over 1.9 billion records...

Webroot Releases Report Ranking U.S.A. (Webroot) Top 5 Risky States Are Mississippi, Louisiana, California, Alaska, and Connecticut

2019 Data Breach Investigations Report (Verizon) The Verizon Data Breach Investigations Report (DBIR) provides you with crucial perspectiveson threats that organizations like yours face.

Control system cyber security conferences are actually impacting control system cyber security (Control Global) There is a need for cyber security conferences for control system engineers that focus on control systems and control system impacts. OT network cyber security and OT network cyber security conferences are important but still leave a gaping hole - the control system devices.

Ponemon’s Third Annual Study on Third Party IoT Risk: Companies Don’t Know What They Don’t Know (BusinessWire) Ponemon’s Third Annual Study on Third Party IoT Risk: Companies Don’t Know What They Don’t Know; Third Party Risk Factors Require More Attention

C-Suite execs and policy makers find cybersecurity technology investments essential (Help Net Security) The majority of C-Suite executives and policy makers in the United States believe the government should invest more in advanced cybersecurity technology.

Marketplace

Proofpoint To Buy Cybersecurity Startup Meta Networks For $120M (CRN) Proofpoint has agreed to purchase cybersecurity startup Meta Networks to help customers better protect people, applications and data as they move beyond the traditional perimeter.

Orange Signs an Agreement to Acquire SecureLink and Accelerate Its Leadership in the European Cybersecurity Industry (BusinessWire) On 7 May 2019, Orange entered into an agreement with Investcorp to acquire 100% of SecureLink on a €515m Enterprise Value basis. SecureLink, based in

LexisNexis Risk Solutions Acquires Lumen from Numerica Corporation (Yahoo) LexisNexis® Risk Solutions today announced it is further expanding its public safety solutions with the acquisition of all Lumen assets, a product line owned by Numerica Corporation, a Colorado-based company. Lumen is an integrated data platform leveraged

San Mateo 'Splunk killer' scores second big funding in 8 months (Silicon Valley Business Journal) The San Mateo cybersecurity company [Exabeam] is on track to more than double its workforce by the end of 2019 compared to where it was a year ago.

Synack Veterans Referral Program (Synack) Every year, 250,000 servicemen and women leave the armed forces. Of those who leave, 65% struggle to find jobs, despite their highly specialized skill sets in fields like cybersecurity. In my view, active duty military, veterans, and spouses comprise a largely untapped market for technology companies and startups. Their hands-on training in cybersecurity, particularly in […]

Skybox Security and Indegy join hands to boost cybersecurity in critical infrastructure (CISO MAG | Cyber Security Magazine) The technical integration of Skybox and Indegy will help organizations see and understand risks in connected IT and operational technology networks.

Products, Services, and Solutions

Allure Security Introduces Data Loss Risk Monitoring for Critical Visibility into Microsoft Office365 Activity (PR Newswire) Allure Security, the data loss detection and response company, now offers data loss risk monitoring for Microsoft...

Digital Reasoning Announces Managed Hosted Conduct Surveillance Solution on Google Cloud and Amazon Web Services | Digital Reasoning (Digital Reasoning) Digital Reasoning, a leader in Artificial Intelligence (AI) that understands human intentions and behaviors, today announced the availability of a managed hosted version of its market-leading Conduct Surveillance solution on Google Cloud Platform (GCP) and Amazon Web Services (AWS). Developed with Digital Reasoning’s banking partners, it brings the firm’s …

Quad9 Offers Owners of Android-based Mobile Devices Domain Name Service (DNS) Security Protections for Free (Quad 9) Today Quad9 released Quad9 Connect - a mobile app allowing the more than 2.5 billion global users of smartphones built on Android to use the free security and privacy driven recursive domain name service (DNS) to block access to malicious websites and maximize web browsing privacy while using an Android mobile device.

New Solution from Shape Security brings Enterprise-grade Online Fraud Protection to the Mid-Market (Shape Security) Shape Connect™ Provides Industry's Highest Level of Defense for Mid-market Organizations at Unrivaled Value to Defeat Fake Traffic Online

DLT Solutions to Offer Pulse Secure Cybersecurity Solutions for Secure Access to Public Sector (Pulse Secure) Partnership to accelerate channel growth and help government organizations and critical infrastructure operators fortify hybrid IT defenses and progress Zero Trust access controls

ArcBlock Releases Forge SDK, The Easiest Way to Build Blockchains and Decentralized Applications (PR Newswire) ArcBlock has officially released the ArcBlock Forge Software Developer Kit (SDK). The Forge SDK is a...

VinaPhone Selects KoolSpan to Power ProCall Secure Communications Solution (AP NEWS) VinaPhone ( http://vinaphone.com.vn ), the leading provider of advanced telecommunications technologies and services to government, enterprise, small & medium-sized business, and consumers in Vietnam announces its partnership with KoolSpan..., to power VinaPhone ProCallTM,..., the secure mobile communications solution for Vietnam.

Onapsis and Verizon Join Forces to Accelerate and Secure SAP Customers’ Digital Transformation (Yahoo) Onapsis, the leader in business application cyber resilience, is joining forces with Verizon to accelerate and protect SAP customers’ digital transformation initiatives. Customers of the two companies who are migrating their critical business applications to the SAP S/4HANA

Technologies, Techniques, and Standards

The CIA Sets Up Shop on Tor, the Anonymous Internet (WIRED) Even the Central Intelligence Agency has a so-called onion service now.

The CIA Will Use its New Dark Web Site to Collect Anonymous Tips (Vice) The intelligence agency is stoked about its new Onion site on the dark web: "Our onion site is one of several ways individuals can contact the CIA."

App Developers Must Consider Platform Rules in Addition to Legal Requirements (Cooley) Recently, app store providers have become increasingly active in imposing and enforcing privacy requirements for developers. For example, both Apple and Google have threatened removal of apps from …

5 Emerging Vectors of Attack and Recommendations for Mitigating the Risks (Security Boulevard) DNS manipulation, domain fronting, targeted cloud individual attacks, HTTPS and encryption, and the exploitation of hardware features are among the emerging challenges adversaries can exploit according to cybersecurity experts at SANS.

The Problem with Too Many Security Options (CSO Online) For organizations looking to expand or upgrade their security, there is literally too much information to consume.

DISA Seeks Info on Quantum-Resistance Cryptography (ExecutiveBiz) The Defense Information Systems Agency is in need of industry-based information regarding the use of quantum-safe algorithms for cybersecurity. DISA said Monday in a FedBizOpps notice that it intends to evaluate the use of these algorithms and cryptographic approaches to protect the Department of De

Design and Innovation

SolarWinds: Looking beyond DevOps to fix cybersecurity (Data Center News) The role of DevOps in security has seen increasing popularity due to its sound philosophy around productivity and adaptability.

Research and Development

Cryptographic breakthrough allows using handshake-style encryption for time-delayed communications (Help Net Security) Researchers have solved a 15-year-old problem that allows handshake-style encryption to be used for time-delayed digital communications such as email.

Unhackable? New chip makes the computer an unsolvable puzzle (Help Net Security) Researchers have developed a new computer processor architecture that could usher in a future where computers proactively defend against threats.

Diamond Key Security Receives Research and Development Grant from Vietsch Foundation (Morningstar) Diamond Key Security Receives Research and Development Grant from Vietsch Foundation, Read most current stock market news, Get stock, fund, etf analyst reports from an independent source you can trust – Morningstar

Legislation, Policy and Regulation

At nations’ request, U.S. Cyber Command probes foreign networks to hunt election security threats (Washington Post) Officials are increasingly focused on the activities of Russia, China, North Korea and Iran.

Analysis | The Cybersecurity 202: Here's how the military’s hacking arm is gearing up to protect the 2020 election (Washington Post) It includes probing allies' computer networks to glean insights about Russian threats.

Election Assistance Commission loses key tech expert ahead of 2020 (CyberScoop) The top official responsible for certifying voting systems at the federal Election Assistance Commission is stepping down, multiple sources confirmed to CyberScoop.

Senators want answers on expiring NSA surveillance program (FCW) A group of senators are asking the National Security Agency for an update on the current status of its controversial bulk telephony metadata collection program.

The Pentagon Still Buys Software Like It's 1987 (Defense One) The Defense Innovation Board recently discovered that a 32-year-old report "pretty much said it all."

Litigation, Investigation, and Enforcement

Everything you need to know before Huawei CFO Meng Wanzhou returns to court Wednesday (The Star) From the extradition battle to the fraud charges to Meng’s lawsuit and the international fallout, this story is far from over.

15 police stations set up to deal with cyber crime: Senate told (The Nation) Minister of State for Parliamentary Affairs Ali Muhammad Khan on Tuesday apprised the Senate that around 15 police stations had been set up across the country

Navy mulls punishment for cyber neglect (FCW) The Navy is looking at punitive measures for careless users to get them to take basic cyber hygiene seriously.

Chelsea Manning says she’ll never testify, seeks release (Army Times) Former Army intelligence analyst Chelsea Manning said in a new legal motion that she will never testify to a grand jury in Virginia investigating the website Wikileaks, and it therefore makes no sense to continue to keep her in jail for refusing to do so.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

SINET Innovation Summit 2019 (New York, New York, USA, June 13, 2019) SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.

upcoming Events

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech Midwest 2018 kickoff event was a conference and exhibition on global cyber threats, solutions, innovations, and technologies. It featured discussions by the industry's most renowned technology company executives, startups, government officials and contractors, investors, academics, media experts and other professionals changing the global cyber landscape—covering the most trending topics in the area of cyber and innovation.

SecureWorld Kansas City (Kansas City, Missouri, USA, May 8, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event in the InfoSec industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

RiskSec 2019 (Philadelphia, Pennsylvania, USA, May 8, 2019) RiskSec 2019 will provide insights from thought leaders across various industries, focusing on the most significant issues that CISOs and other security professionals face every day. Learn about new approaches to security, discover the latest technology and interact with the best in the business. We hope to see you there!

Digital Utilities Europe 2019 (London, England, UK, May 8 - 9, 2019) Following three successful editions of ACI’s Digital Utilities Europe Summit, the 4th edition will be taking place in London, United Kingdom on 8th-9th May 2019. The conference will bring together key industry stakeholders to address the current challenges of the digitalization in the utilities sector. The two day event will offer insight on business cases, financial aspects and technological advancements in the industry. Digital Utilities Europe 2019 will allow you to explore the successful implementation of recent case studies within digital business and its unique strategies.

Secutech 2019 (Taipei, Taiwan, May 8 - 10, 2019) As the largest regional business platform for professionals in the security, mobility, building automation and fire safety solution sectors, Secutech is the annual gathering place for key players from Japan, Thailand, Vietnam, Malaysia, the Philippines, Singapore, Myanmar andother Southeast Asian countries looking for integrated security systems and smart solutions powered by AI analytics and IoT technologies. Join the one-stop platform to introduce the latest innovations, find cross-industry partners, and tap into high-potential markets.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Turla is back, in Microsoft Exchange. EU influence ops. US CYBERCOM preps for 2020 elections. Binance alt-coin exchange looted.

Bring your own context.