The CyberWire Daily Briefing 5.16.19

Cyber Attacks, Threats, and Vulnerabilities

Dutch spy agency investigating alleged Huawei 'backdoor': Volkskrant (Reuters) Chinese telecoms equipment maker Huawei has a hidden "backdoor" on the...

Russian government sites leak passport and personal data for 2.25 million users | ZDNet (ZDNet) Passport data for high-ranking Russian politicians among the leaked information.

Hackers can fake radio signals to hijack aircraft landing systems, warn researchers (Computing) Attackers could potentially change the course of a flight using $600 worth of commercially available equipment

Attackers Are Messing with Encryption Traffic to Evade Detection (Dark Reading) Unknown groups have started tampering with Web traffic encryption, causing the number of fingerprints for connections using Transport Layer Security to jump from 19,000 to 1.4 billion in less than a year.

Billions of Malicious Bot Attacks Take to Cipher-Stunting to Hide (Threatpost) Attackers have been tampering with TLS signatures at a scale never before seen using the cipher-stunting approach.

Threat Actor Profile: TA542, From Banker to Malware Distribution Service (Proofpoint) Proofpoint researchers detail historic and current campaigns and activities from TA542, the prolific actor behind Emotet, a “malware multi-tool.”

Intel MDS Vulnerabilities: What You Need to Know (SecurityWeek) New Intel CPU vulnerabilities known as MDS, ZombieLoad, Fallout and RIDL impact millions of devices. Affected vendors published advisories and blog posts with information for users.

Google warns Bluetooth Titan security keys can be hijacked by nearby hackers (Ars Technica) Attackers can connect their own device to Bluetooth-enabled keys used for 2fa.

Winnti: More than just Windows and Gates (Medium) The Winnti malware family was first reported in 2013 by Kaspersky Lab. Since then, threat actors leveraging Winnti malware have victimized…

Hackers Inject Magecart Card Skimmer in Forbes’ Subscription Site (BleepingComputer) Forbes' subscription website got injected by hackers with a Magecart card skimming script designed to exfiltrate customer payment data to a server controlled by the cybercriminals behind the attack.

WhatsApp breach has huge privacy implications: Forcepoint (Hindustan Times) A bug in the Facebook-owned messaging app’s audio call feature allowed hackers to install spyware onto Android and iOS phones just by calling the target.

Who's behind the WhatsApp hack and should you be worried? | CBC News (CBC) WhatsApp began urging its 1.5 billion or so users to update their apps after a weekend cyberattack. Here's what you need to know about the company believed to be behind the hack and what you should do now.

Australian Member of Parliament’s Websites: How Secure Are They? (Network Dynamics) The 2019 federal elections are just around the corner, so we thought it would be an interesting exercise to review the websites of our state MPs and see how they perform against a relatively simple security and best practices check.

SRA Warn Conveyancers And Solicitors Over Fresh Phishing Scam (Today's Conveyancer) The Solicitors Regulation Authority (SRA) are warning its members of another high profile email conveyancing scam.

Porn Email Scam Nets Scammers Almost $1M In Bitcoin (PYMNTS) There’s an email scam going around that involves scammers claiming to have webcam footage of people watching porn, with threats to release the info if not paid a hefty ransom in bitcoin, according to a report by Fortune. Oren Falkowitz, who heads an anti-phishing company called Area 1, was contacted by a colleague about a […]

Israeli TV Eurovision webcast hacked with fake missile alert (the Guardian) Song contest semi-final interrupted with warnings of imminent attack on Tel Aviv

8 days after cyberattack, Baltimore’s network still hobbled (Washington Post) More than a week after a cyberattack hobbled the Baltimore government’s computer network, city officials say they can provide no real timeline for when its system will be up and running

Baltimore Ransomware Siege Enters Second Week of Bitcoin Extortion Attack (CCN) Most of the Baltimore City’s government systems have been locked down since May 7th as a result of the “Robbinhood” ransomware attack. The successful crypto locking has forced the city to go “manual” in

Marriott CEO: Cyber Attack Will Cost 'Millions of Dollars' (Bloomberg) Marriott International Inc. President and Chief Executive Officer Arne Sorenson tells David Rubenstein that last year's hack of its Starwood reservation system that exposed the data of up to 500 million guests will end up costing "a number of quarters of millions of dollars," plus still-unknown penalties. His comments come in the latest episode of "The David Rubenstein Show: Peer-to-Peer Conversations."

Security Patches, Mitigations, and Software Updates

Google Will Replace Titan Security Key Over a Bluetooth Flaw (WIRED) Google will replace any Titan BLE branded security key, after disclosing that a nearby attacker could use it to compromise your accounts.

Microsoft’s First Windows XP Patch in Years Is a Very Bad Sign (WIRED) A very bad vulnerability in Windows XP could have serious ramifications, even with a patch.

Apple posts instructions on how to enable full mitigation against Intel CPU attacks on Mac, up to 40 percent performance penalty (9to5Mac) Following the announcement of new speculative execution exploits that target Intel CPU architecture, Apple has posted a new document on its website that explains how customers with computers that a…

Cyber Trends

Valimail Industry Report: Global Finance, May 2019 (Valimail) Business email compromise (BEC) and phishing attacks are a major issue for companies...

VPN Use in the Age of Fumbled Data Privacy (OpenVPN) OpenVPN surveyed 1,000 full- and part-time employees to gauge their awareness of VPN use and the tech giants who abuse data privacy. See the results here.

Bitglass Report: Publicly Traded Companies Suffering the Worst Data Breaches Averaged a 7.5 Percent Decrease in Stock Price (BusinessWire) Bitglass releases findings from its latest report on the worst data breaches of the last 3 years: Kings of the Monster Breaches.

DataGrail Research Reveals 70% of Privacy Professionals Agree Their Systems Will Not Support New Privacy Regulations (Yahoo) DataGrail, the privacy management platform purpose-built for the European (GDPR), Californian (CCPA) and impending privacy regulations, today announced the publication of "The Age of Privacy: The Cost of Continuous Compliance." The report benchmarks

Record level of vulnerabilities sparks cybersecurity innovation among global enterprises (Yahoo) Dimension Data, the USD 8 billion global technology integrator and managed services provider for hybrid IT, has revealed exclusive findings from its Executive Guide to NTT Security's 2019 Global Threat Intelligence Report concerning the cybersecurity maturity

New Survey Finds Vast Majority of IT Security Pros Willing to Share Threat Intel to Improve Overall Collective Defense Efforts (IronNet Cybersecurity) Enterprises defending in isolation cannot ward off modern cyber threats; Faster, more effective threat sharing between industry peers and the government is necessary

Cybersecurity Market Review (Q1 2019) (Momentum Cyber) We are pleased to provide you with Momentum’s Cybersecurity Snapshot for April 2019. Strategic activity in April included 42 transactions completed totaling $1.7B in deal value across M&A (10 transactions, $1.03B) and financing (32 transactions, $627M).

Marketplace

NSO owner tells Amnesty it will prevent abuse of spyware linked to... (Reuters) NSO Group's owner said it will do whatever necessary to ensure the Israeli ...

Israeli spyware firm's British financial backer promises 'transparency' after WhatsApp hack (The Telegraph) The UK private equity fund backing Israeli spyware firm NSO has claimed it will toughen up the governance of the company after NSO’s software was allegedly used to hack WhatsApp.

The Trade Secret: Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers (ProPublica) As ransomware attacks crippled businesses and law enforcement agencies, two U.S. data recovery firms claimed to offer an ethical way out. Instead, they typically paid the ransom and charged victims extra.

VMware buys Bitnami, targets cloud and enterprise app stores (CRN Australia) This matters to MSPs who offer Bitnami catalogs, and to VMware partners.

CrowdStrike IPO Filing Touts Security Software (CFO) “We believe we are defining a new category called the Security Cloud," the company says in its prospectus.

Kaseya acquisition trail continues with ID Agent -- is DR next? (SearchDataBackup) ID Agent becomes the latest Kaseya acquisition following a $500 million funding round. The ID Agent brand and staff will stay, and work has already begun integrating ID Agent with products from other Kaseya acquisitions, like Spanning and Unitrends.

Arctic Wolf Networks Announces Move to 100 Percent Channel (BusinessWire) Arctic Wolf Networks, Inc., a leading security operations center (SOC)-as-a-service company, is excited to announce a “100 percent channel” strategy t

Cybersecurity industry veteran Matthijs van der Wel to lead Nixu in the Benelux (News Powered by Cision) European cybersecurity services company, Nixu, has appointed Mr. Matthijs van der Wel as Market Area Leader Benelux to lead the operations and further growth of Nixu in the region.

Menlo Security Hires Scott Fuselier as Chief Revenue Officer and Young-Sae Song as Chief Marketing Officer (MarTechSeries) Secure Web Visionary Expands Sales and Marketing Teams with New Executive Hires to Drive Global Expansion Menlo Security, a leader

Advanced Onion Enhances Executive Team in Pursuit of Corporate Growth (Odessa American) Advanced Onion, Inc. (AO) has added another layer of strategy to its best-in-class technology delivery and uniquely personalized business development. Romain Nowakowski joined the AO team in April 2019 as Vice President of Strategic Growth and Business Development.

Products, Services, and Solutions

Akamai Enterprise Defender Simplifies Journey to Zero Trust for Businesses (Yahoo) New offering provides secure app access, malware prevention, application security and acceleration in a single solution CAMBRIDGE, Mass. , May 16, 2019 /PRNewswire/ -- Akamai (NASDAQ: AKAM), the intelligent ...

Endgame Introduces Reflex™ Real-Time, Autonomous Protection Engine To Close Adversary ‘Breakout’ Window (West) Reflex is the first technology to move custom protection within reach of IT Operations

Tech Data Partners with Deep Instinct to Provide Deep Learning that Thwarts Cyberattacks (Deep Instinct) Tech Data has partnered with Deep Instinct to offer their deep learning cybersecurity platfom to customers in the US, Canada and Latin America

Distil Networks Strengthens Bot Management Solution with Significant Product Enhancements (Distil Networks) New Deployment Options Integrate Bot Defense into AWS, Cloudflare, F5 Networks and NGINX while Granular Web Traffic Analysis Enhances Capabilities for Sophisticated Bot Protection.

SecureLink launches SecureDetect Intelligence to provide digital risk protection through strategic partnership with Digital Shadows | Digital Shadows (Digital Shadows) SecureDetect Intelligence to help enterprises across Europe detect data loss, secure their online brand and reduce their attack surface San Francisco, London and Sliedrecht, the Netherlands.

HackerOne Achieves FedRAMP In Process Milestone (Yahoo) FedRAMP Authorization Streamlines HackerOne’s Ability to Provide Crowdsourced Security Solutions to U.S. Public Sector

Eastern Communications of the Philippines partners with DOSarrest to deliver cloud based Internet Security solutions (West) Leading Philippine based telecommunications carrier selects Internet Security firm DOSarrest to deliver cyber security solutions to their commercial client base. The partnership allows Eastern to provide a number of cloud based security solutions including DDoS Protection, Web Application Firewall, global load balancing and Content Delivery Network(CDN). The partnership also gives Eastern Communications access to DOSarrest’s traffic Analyzer (DTA) and Data Center Defender, a solution that allows its customer to protect thousands of IP addresses at the same time with one automated cloud based service.

Tresys Announces New Release of XD Air its Portable Media Threat Protection Appliance (Newkerala.com News) Tresys Technology, an industry leader in Cross Domain Solutions, today announced the release of XD Air version 5.0, a portable media inspection and file transfer appliance.

Cynet Introduces New Tool to Identify and Remove Cybersecurity Threats: Interview with Eyal Gruner, the CEO of Cynet. (TechBullion) Cynet recently announced a Free Incident Response (IR) Tool to remediate cybersecurity breaches. As pioneers in automated threat discovery and mitigation, this free offering for organizations identifies critically exposed attack surfaces and provides actionable knowledge of attacks that are currently alive and active in the environment. Eyal Gruner, the CEO of Cynet will be discussing this […]

LIFARS, eSentire Deliver Incident Response-as-a-Service (MSSP Alert) LIFARS & eSentire introduce Incident Response as a Service. Together, the two companies offer managed security (MSSP), managed detection & response (MDR) & digital forensics services.

Microsoft: 'We're detecting 5 billion cybersecurity threats on devices a month (ZDNet) Microsoft offers a new snapshot of the data that feeds into its Intelligence Security Graph.

IGEL Launches a Fast, Cost-Effective and Secure Endpoint Device for the Future of Work (IGEL) #IGEL launches the #UD2 as part of their Universal Desktop #endpoint solutions. The UD2 is a fast, cost-effective & #secure endpoint device to meet the needs for the “future of work”. Learn more.

Technologies, Techniques, and Standards

Seven in Ten Cybersecurity Professionals Are Using or Considering Honey Pots, Deception Technology to Deliver Advanced Forensic and Attribution Capabilities (BusinessWire) One in five companies are already using forensic investigations and other sophisticated methods to identify their attackers, like setting up honey pot

Three ways to prevent exchange hacks—how 3FA can foil cryptocurrency exchange robberies (CryptoSlate) The recent hack of the world’s biggest cryptocurrency exchange, Binance, highlights the need for heightened security in the crypto space. In what Wired reported as “a ‘large-scale security breach,’ hackers stole not only 7,000 bitcoin—equivalent to over $40 million ($56 million at the time of this writing, just one week later)—but also some user two-factor …

Design and Innovation

Behind Twitter’s Plan To Get People To Stop Yelling At One Another (BuzzFeed News) Twitter’s leadership knows that it’s fundamentally broken, and its latest attempt to fix itself shows how daunting of a task that will be.

YouTube’s Newest Far-Right, Foul-Mouthed, Red-Pilling Star Is A 14-Year-Old Girl (BuzzFeed News) "Soph" has nearly a million followers on the giant video platform. The site's executives only have themselves to blame.

What does it take to be an infosec product strategist? (Help Net Security) A good product strategist must be good at balancing local and global priorities, ensuring the near-term and specific fit in with the longer-term.

Forget endpoints—it’s time to secure people instead (Security Brief) Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.

Legislation, Policy and Regulation

Iran builds firewall against Stuxnet computer virus: minister (Reuters) Iran has developed software to protect its industry against the Stuxnet computer...

The Knowns and Unknowns of What’s Happening With Iran (The Atlantic) Conflicting signals from both sides could be read as a march to war or business as usual.

Jacinda Ardern's ambitious plan to end online extremism after the Christchurch massacre (ABC News) New Zealand's Prime Minister is taking her fight to end online extremism to Europe today, teaming up with Emmanuel Macron to try and curtail the power of tech companies to self moderate.

White House declines to back Christchurch call to stamp out online extremism amid free speech concerns (Washington Post) The White House will not sign an international agreement to combat online extremism brokered between French and New Zealand officials and top social media companies, amid U.S. concerns that the pact clashes with constitutional protections for free speech.

White House launches tool to report censorship on Facebook, YouTube, Instagram, and Twitter (The Verge) ‘If you suspect political bias caused such an action to be taken against you, share your story with President Trump’

Why Are the U.S.'s Cyber Secrets Getting Stolen? Because China’s Getting Better At Stealing Them. (Lawfare) America’s cyber adversaries are catching up to it. NOBUS no more.

Executive Order on Securing the Information and Communications Technology and Services Supply Chain | The White House (The White House) By the authority vested in me as President by the Constitution and the laws of the United States of America, including the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA), the National Emergencies Act (50 U.S.C. 1601 et seq.), and section 301 of title 3, United States Code, I, DONALD J. TRUMP, President of the …

Trump signs order to protect U.S. networks from foreign espionage, a move that appears to target China (Washington Post) A new executive order gives the federal government broad powers to bar U.S. companies from doing business with certain foreign suppliers.

Trump administration cracks down on giant Chinese tech firm, escalating clash with Beijing (Washington Post) The president also signed an executive order to protect U.S. networks from foreign espionage, a move that appears to target China.

Trump Telecom Ban Takes Aim at China, Huawei (Wall Street Journal) President Trump signed an executive order that allows the U.S. to ban telecommunications network gear and services from foreign adversaries, taking aim at Chinese telecom companies Huawei and ZTE and dialing up security and trade tensions.

Analysis | The Cybersecurity 202: Trump makes boldest strike yet to bar Chinese tech from U.S. (Washington Post) The executive order appears focused on Huawei but could be far broader.

Huawei hits back over Trump's national emergency on telecoms 'threat' (the Guardian) Chinese firm says ban on tech from ‘foreign adversaries’ will harm US consumers

Is Huawei a Pawn in the Trade War? (Foreign Affairs) The company's troubles are linked to the politics of the global tech race.

Analysis | The Cybersecurity 202: Trump officials and lawmakers say China is the problem not Huawei (Washington Post) ‘It’s not about overseeing Huawei. It’s about overseeing China,’ Lindsey Graham says.

Pompeo warns Russia: US won't tolerate election interference (TheHill) Secretary of State says Russian meddling in 2020 "would put our relationship in an even worse place"

The next Maria Butina? 2020 campaigns to be briefed on counterintelligence threat (CNN) In the wake of cybersecurity attacks and attempted infiltration by foreign nationals in the 2016 election, the FBI has offered defensive briefings to 2020 presidential campaigns, seeking to help them prepare for possible counterintelligence threats, a government official tells CNN.

As security officials prepare for Russian attack on 2020 presidential race, Trump and aides play down threat (Washington Post) The president’s refusal to focus on Russia’s past election interference invites more of it, analysts say.

House Homeland Gives Thumbs Up for Permanent DHS Cyber Response Team (Nextgov) The committee passed a trio of other bills that would fight digital spies, improve intelligence sharing and bolster counterterrorism tech research.

The Gravity Of Josh Hawley's Culture War Against Big Tech (The Federalist) As both parties grapple with surging populism, Missouri Sen. Josh Hawley has identified Big Tech as a worthy battleground.

One day they may part, but for now Cyber Command loves working with the NSA (Fifth Domain) Officials spoke favorably about the dual-hat arrangement.

Identity crisis: FBI plays catch-up as cyberthreats escalate (Yahoo News) In the United States, digital criminals using everything from weaponized botnets to ransomware are attacking private industry and the government on a daily basis, increasing the demand for experts with skills in cybersecurity, intelligence and law enforcement.

Lawmakers introduce legislation to improve cyber workforce funding (TheHill) Lawmakers in the House and Senate introduced legislation on Wednesday to improve the cybersecurity workforce by directing the Department of Labor to award grants that help create and expand cyber apprenticeship programs.

Litigation, Investigation, and Enforcement

UK Supreme Court Overturns Ultimate Authority of Investigatory Powers Tribunal (SecurityWeek) Over the last few years, the UK government has implemented 'national security' laws that many other countries might consider draconian.

Lawmakers seek probe on U.S. hacking services sold globally (Reuters) U.S. lawmakers are pushing legislation that would force the State Department to ...

US attorney John Durham has been reviewing origins of Russia probe 'for weeks': source (Fox News) The U.S. attorney appointed to examine the origins of the Russia investigation has been working on his review “for weeks,” a person familiar with the process told Fox News on Tuesday.

6 Things to Know About the Prosecutor Investigating Spying on Trump Campaign (The Daily Signal) Attorneys general under Republican and Democrat presidents have appointed Durham to lead special probes.

Europol, DOJ announce the takedown of the GozNym banking malware (TechCrunch) Europol and the U.S. Justice Department, with help from six other countries, have disrupted and dismantled the GozNym malware, which they say stole more than $100 million from bank accounts since it first emerged. In a press conference in The Hague, prosecutors said 10 defendants in five countries …

United States of America v. Alexander Konoolov [and 9 others] (US Department of Justice) At all times material to this Indictrnent, unless otherwise alleged...

A Shield From Cyber Liability: Diving Deeper Into the SAFETY Act (JD Supra) As we’ve discussed in previous posts, the SAFETY Act has the potential to serve as a valuable tool for companies looking to mitigate risk from...

Bring your own context.