DDoS against NZX continues. Pioneer Kitten's revenue diversification. Mac notarization failure. Gaming's black market.

Summary

By the CyberWire staff

The New Zealand Herald reports that, after a good start yesterday, New Zealand’s NZX stock exchange again sustained a disruptive distributed denial-of-service attack. The exchange was able to work through the attack and continue trading by deploying a range of workarounds and alternative procedures. The incident remains under investigation by GCSB and law enforcement authorities.

CrowdStrike has released a report on Pioneer Kitten (also known as “Fox Kitten” or “Parisite”), an Iranian threat actor believed to be a contractor providing cyberespionage support to the government of Iran. Last month Pioneer Kitten was observed in various black market souks offering to sell access to compromised networks. CrowdStrike thinks this represents an attempt on the group’s part at “revenue diversification.” Pioneer Kitten’s espionage targets have for the most part been in Israel or North America, and the network access they’re selling appears to be just bycatch of their espionage take. ZDNet observes that the biggest customers of such initial access brokers tend to be ransomware gangs.

TechCrunch reports that Apple’s well-regarded notarization process, designed to keep malware out of its app store, has permitted some malware to slip into approved software. Malwarebytes this morning argued that this ought to shake Mac users out of security complacency.

Night Lion Security has taken a look at the ways in which cybercriminals monetize exploitation of online games like Fortnite. It amounts in the aggregate to a billion-dollar black market in accounts and in-game commodities.

And a happy sixth birthday to the US Army’s Cyber Branch.

Get your monthly SIGINT and space-related cyber news with Cosmic AES’ Signals & Space.

Notes.

Today's issue includes events affecting Australia, Canada, China, Estonia, France, India, Iran, the Democratic Peoples Republic of Korea, New Zealand, Russia, the United Kingdom, and the United States.

[NextGov Webcast] Cyber Best Practices - Hygiene for a Remote Government Workforce

Mandiant’s Jason Atwell will join a panel of government leaders, including, Kevin Stine, Chief, Applied Cybersecurity Division, Information Technology Laboratory, NIST, Dr. Daniel Ragsdale, Assistant Director for Cyber, Office of the Director of Defense Research and Engineering, and Lerone Banks, Technologist, Division of Privacy and Identity Protection, Federal Trade Commission. Panelists will discuss how agencies are adapting to remote work and offer guidance on how to keep IT protected across disparate networks, how frequently an agency should patch and the steps necessary to secure digital infrastructure.

Sponsored Events

Virtual Cyber Security Summits - Upcoming Events (Online, August 27 - September 1, 2020) Senior Level Executives are invited to the upcoming Virtual Cyber Security Summits! Learn from Industry Experts from The U.S. DHS, DOJ, Verizon, ExtraHop, Darktrace & more as they discuss the latest security challenges & develop cyber security battle plans in today’s unprecedented times. You will receive CPE / CEU credits by attending. Register for the upcoming event in your region! Free to register with code: CyberWire20 at CyberSummitUSA.com.

11th Annual Billington CyberSecurity Summit (Online, September 8 - 9, 2020) Meet an all-star line-up of cyber leaders from DOD, DHS, NGA, ODNI, FBI, Navy, Air Force & Five Eyes countries September 8-9 at the Virtual Billington CyberSecurity Summit.

AusCERT2020 (Online, September 15 - 18, 2020) AusCERT is Australia’s pioneer cyber emergency response team. Attend AusCERT2020 virtually and experience 4-days packed with world-class tutorials and presentations delivered to you by speakers from around the globe.

Free Virtual Event, Sept. 17: Insider Risk Summit (Online, September 17, 2020) Insider Risk Summit: Free virtual event on Sept. 17 for security leaders to gain knowledge, share insights and advance strategies to address the growing data risks from insider threats.

The Virtual 2020 FAIR Conference (Online, October 6 - 7, 2020) The Virtual 2020 FAIR Conference (FAIRCON2020), the premiere, global, quantitative risk management conference on October 6 & 7 brings leaders from Global 2000 companies and U.S. Federal Government Agencies together to provide ground-breaking keynote addresses, engaging C-suite panels, and expert case studies.

CyberSec&AI Connected (Online, October 8, 2020) CyberSec&AI Connected is a virtual conference exploring the critical issues around AI for privacy and cybersecurity. CyberWire readers can get 20% off by using ‘CyberWire’ as a discount code when booking their place before September 15.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

NZX website down again having started the day well (New Zealand Herald) NZX is working closely with network service provider Spark and the GCSB.

NZX may only have itself to blame for cyberattacks (Stuff) OPINION: Is this a focus on cost-cutting coming back to bite the stock exchange?

NZX attacks embarrassing and unusual, head of TUANZ says (RNZ) The head of the Telecommunications Users Association of New Zealand says the attacks on the NZX are highly unusual and serve as a good reminder for corporates to make sure their defences are up.

Iranian hackers are selling access to compromised companies on an underground forum (ZDNet) The Iranian hacker group who's been attacking corporate VPNs for months is now trying to monetize some of the hacked systems by selling access to some networks to other hackers.

PIONEER KITTEN: Targets & Methods [Adversary Profile] (CrowdStrike) PIONEER KITTEN is an Iran-based adversary that's highly opportunistic and has been active since at least 2017. Learn about its origins, methods, targets, and more.

Credit cards stolen via Telegram messages in first documented web skimmer variant (Malwarebytes) The digital credit card skimming landscape keeps evolving, often borrowing techniques used by other malware authors in order to avoid detection.

Apple mistakenly approved a widely used malware to run on Macs (TechCrunch) Researchers say they've found the first Mac malware 'notarized' by Apple.

Apple's notarization process fails to protect (Malwarebytes Labs) Apple introduced the concept of notarization to ensure any new software submitted to the App Store is malware-free. But is it all for show?

Hackers are backdooring QNAP NAS devices with 3-year old RCE bug (BleepingComputer) Hackers are scanning for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions, trying to exploit a remote code execution (RCE) vulnerability addressed by QNAP in a previous release.

Cisco warns of actively exploited bug in carrier-grade routers (BleepingComputer) Cisco warned over the weekend that threat actors are trying to exploit a high severity memory exhaustion denial-of-service (DoS) vulnerability in the company's Cisco IOS XR software that runs on carrier-grade routers.

Cisco issues alert for zero-day DVMRP vulnerability being actively exploited by attackers (Computing) The bug in carrier-grade routers could allow a remote hacker to exhaust target device's process memory by sending crafted IGMP traffic

Commodified Cybercrime Infrastructure: Exploring the Underground Services Market for Cybercriminals (Trend Micro) The provision of services, as well as the way criminals operate in the underground, have gone through many changes over the years to cater to the market’s different infrastructure demands.

Phishing with Slack-Files.com: Bad Guys Find Yet Another Free Host for Malicious Files (KnowBe4) Phishing with Slack-Files.com: Bad Guys Find Yet Another Free Host for Malicious Files

Vulnerability Summary for the Week of August 24, 2020 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA.

American Payroll Association discloses credit card theft incident (BleepingComputer) The American Payroll Association (APA) disclosed a data breach affecting members and customers after attackers successfully planted a web skimmer on the organization's website login and online store checkout pages.

Surge in School Cyberattacks Expected, Ransomware Leading Threat (Channel Futures) The FBI has issued a warning that school cyberattacks will increase with the rise in remote learning due to the COVID-19 pandemic.

Stolen Fortnite Accounts Earn Hackers Millions Per Year (Threatpost) More than 2 billion breached Fortnite accounts have gone up for sale in underground forums so far in 2020 alone.

Security Patches, Mitigations, and Software Updates

Patch Priority Index for August 2020 (The State of Security) Tripwire's August 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, and Apple.

Cyber Trends

Phishing Attacks Have Multiplied Since the Start of the Pandemic, Leaving Companies More Vulnerable and Strapped for Time (GreatHorn) New research from GreatHorn reveals a significant spike in phishing attempts since the pandemic began, leading to more frequent successful attacks and a heavier burden on IT teams to constantly remediate incidents WALTHAM, MA– September 1, 2020 – According to new survey data from GreatHorn, the frequency of phishing threats has risen considerably throughout the […]

BEC Wire Transfer Losses Soar 48% in Q2 2020 (Infosecurity Magazine) BEC Wire Transfer Losses Soar 48% in Q2 2020. Agari stats reveal continued risk from email scammers

A critical look at the CSIS Report “Dismissing Cyber Catastrophe” (Control Global) Jim Lewis is a Sr VP at the Center for Strategic and International Studies (CSIS). He wrote the article “Dismissing Cyber Catastrophe” dated August 17, 2020...

Marketplace

ZIM, Konfidas launch cybersecurity consulting company (The Jerusalem Post) Levi, Konfidas’s founder, said that the maritime and logistics industries have witnessed an unprecedented rise in cyberattacks in recent years.

TikTok deal to sell U.S. business could be announced as soon as Tuesday (CNBC) Microsoft, in partnership with Walmart, and Oracle are the top contenders to win the deal.

TrueFort Named TiE50 Winner for 2020 (WFMJ) Application Detection and Response Platform Provider Recognized for Reversing Traditional Infrastructure Approach to Security

Life on the front lines of next cyber fight (Australian Financial Review) The nation's chief information security officers earn their titles and offices in the C-suite the hard way.

White Hat Hackers on the Trail of Cybercriminals (Now. Powered by Northrop Grumman) White hat hackers find flaws in computer systems before cybercriminals do.

Proofpoint tasks 20-year security veteran with running APJ (Channel Asia) Proofpoint has appointed Alex Lei as new regional leader of Asia Pacific and Japan, recruiting the industry veteran from Dell Technologies.

Products, Services, and Solutions

Proofpoint Launches Security Awareness Training for SMBs to Reduce Successful Phishing and Malware Infections by up to 90 Percent (GlobeNewswire) Cybersecurity leader’s award-wining solution delivers the right training to the right people at the right time

ReversingLabs Titanium Platform Delivers ROI of 397 Percent According to Independent Research Firm Analysis (GlobeNewswire) Study Finds Overall Security Analyst Productivity Doubled with Use of the Titanium Platform

US Homeland Security Can Now Track Privacy Crypto Monero (Decrypt) The popular privacy coin might not be so private anymore, as CipherTrace claims to have developed tools to trace it.

Attivo Networks Covers 27 out of the 33 Defense Techniques Identified in MITRE Shield (Yahoo) Attivo Networks®, an award-winning leader in cyber deception and attacker lateral movement threat detection, today announced that its solutions provide organizations with a vast majority – 82 percent – of the active defense measures presented in MITRE Shield. The ThreatDefend® Platform components – ADSecure

Developer-Centric Application Security Company StackHawk Announces its General Availability Launch (PR Newswire) StackHawk, the software-as-a-service startup that empowers software engineers to easily find and fix application security bugs before they hit...

U.S. Department of Defense Selects Forescout to Protect Millions of Mission Critical Devices Across Global Networks (Forescout) Multi-year “Comply to Connect” (C2C) program delivers enterprise-wide capabilities to secure DoD networks Forescout provides foundational cybersecurity capabilities for C2C, and has been implemented by the Navy and U.S. Marine Corps, the pathfinders for C2C SAN JOSE, Calif., Sept. 1, 2020 – Forescout Technologies, Inc., the leader in Enterprise of Things security, today announced it was selected by […]

Stellar Releases BitRaser®, a Powerful Data Erasure and Diagnostic Tool (PR Newswire) Stellar, a global leader in data recovery, data erasure, and data migration solutions, today announced the release of BitRaser®, a simple,...

TunnelBear Circumvents Iran VPN Block, Launches 10GB Monthly Offer in the Country (BusinessWire) As TunnelBear supports individuals in countries like Venezuela and Belarus that have recently experienced internet censorship by providing short-term

Technologies, Techniques, and Standards

Alert (AA20-245A) Technical Approaches to Uncovering and Remediating Malicious Activity (CISA) This joint advisory is the result of a collaborative research effort by the cybersecurity authorities of five nations: Australia,[1] Canada,[2] New Zealand,[3][4] the United Kingdom,[5] and the United States.[6] It highlights technical approaches to uncovering malicious activity and includes mitigation steps according to best practices. The purpose of this report is to enhance incident response among partners and network administrators along with serving as a playbook for incident investigation.

Trusted Connectivity Alliance Publishes Recommendations to Enhance Subscriber Privacy in 5G (Global Security Mag Online) Trusted Connectivity Alliance (TCA), formerly SIMalliance, has published a white paper outlining the clear benefits of 5G SIM capabilities to protect the most prominent personal data involved in mobile communications – the International Mobile Subscriber Identity (IMSI). The paper has already been welcomed by Eurosmart, and the digital security organisation has expressed its full support for Trusted Connectivity Alliance’s recommendations.

How DHS is Securing Data in the Telework Era (Government CIO) Zero trust is more than verifying users, it's also verifying infrastructure.

How government is delivering better election security (GCN) While it becomes increasingly difficult to ensure the security and integrity of the 2020 election, plenty of progress has been made on the cybersecurity front since 2016, experts say.

Design and Innovation

US Air Force seeks better electronic intel amid more complex battlefields (C4ISRNET) The Air Force is soliciting industry's help in developing new ELINT capabilities.

The Blurred Lines and Closed Loops of Google Search (Wired) Seemingly small design tweaks to the search results interface may change how and where people find information online.

Research and Development

Facebook’s new research project will show how it influenced the 2020 election — after it's over (Protocol) To study its impact on the 2020 election, Facebook will ask some people to stop using Facebook

Legislation, Policy and Regulation

What is the rationale behind election interference? (C4ISRNET) Attacking the American cognitive space, in pursuit of split and division in this democratic republic, has an obvious goal. But what is the Russian return on investment?

North Korea denies ATM hacking scheme (ATM Marketplace) North Korean authorities are publicly denying the U.S. government's claim the country is involved in a financial cybercrime campaign targeting international ATMs. The denial was released in a press statement from North Korea's National Coordination Committee for Anti-Money Laundering and…

Readying cyber-defence! Need a more pro-active regulator to keep citizens informed (Financial Express) Need a more pro-active regulator to keep citizens informed

Coalition countering Huawei faces hurdles (Asia Times) This summer has seen the tech war between China and the US take on new dimensions. From new export controls via the US Department of Commerce banning the sale of US semiconductor “software” and “te…

U.S. Increasingly Uses Trade Blacklist for Foreign Policy Goals (Wall Street Journal) In the past, the list was more closely tied to violations of U.S. export control regulations, international trade experts say.

Bad Cyber Actors Don’t Fear the Law. We Can Change That. (Defense One) Better coordination among law enforcement agencies at home and abroad are key to the layered deterrence strategy we need.

The Department of Homeland Security is broken. Here’s what it needs in a boss. (Washington Post) Even in normal times, the job is hard to fill. And these aren’t normal times.

Cloud tech great for security but poses systemic risks, according to new report (Channel Asia) A new report from the Carnegie Endowment for International Peace seeks to give law and policy makers a better understanding of cloud security risks.

Litigation, Investigation, and Enforcement

Fresh Snowden Reports Have One Lawmaker Questioning if Congress Was Surveilled (Nextgov.com) It follows the release of new allegations related to Edward Snowden.

Proposed class action lawsuit launched against CRA over data breaches (Insurance Business) Lawsuit says the actions of the agency in response to the data breach incidents were "reprehensible"

Class Action Lawsuit Questions Blackbaud's Hacker Payoff (BankInfo Security) Blackbaud is one of a growing number of organizations that say they paid ransomware attackers primarily for their promise to delete exfiltrated data. A class-action

ALP calls for action after data breach affects 50,000 NSW drivers (Echonetdaily) NSW Labor is demanding the state government notify more than 50,000 motorists whose licences were exposed through an unsecured cloud storage site.

Facebook sues UK-based app developer for illegally collecting user data (teiss) Facebook has sued app developer Fatih Haltas and his company MobiBurn for using a malicious SDK to collect user data.

UK man arrives to face charges in US after alleged $2 million email scam (CyberScoop) A man charged as part of a business email compromise money laundering scheme that allegedly defrauded victims out of $2 million over the course of at least six years is set to face a judge in U.S. court in the Southern District of New York.

Ministry of Justice has not informed people of data breach (ERR) The Ministry of Justice has not informed approximately 1,000 people who sought legal advice and whose data was accidentally made public. According to the ministry, the article published by ERR at the end of July is enough.

Chinese researcher charged with destroying evidence relating to illegal transfer of US tech (ZDNet) If convicted, the researcher could face up to 20 years of prison time.

Chinese Researcher Arrested for Destroying Evidence of Data Transfer to China (SecurityWeek) Chinese researcher Guan Lei was observed throwing a damaged hard drive into a trash dumpster near his residence, and was arrested.

Doorbell Cameras Like Ring Give Early Warning of Police Searches, FBI Warned (The Intercept) Two leaked documents show how a monitoring tool used by police has been turned against them.

Should CEOs take responsibility for cyber-physical security incidents? (Information Age) Gartner predicts that 75% of CEOs will be liable for cyber-physical security incidents by 2024, as the financial impact of breaches grows

75% CEOs will be personally liable for hackings by 2024: Report (Sify) New Delhi, Sep 1 (IANS) As cyber incidents increase globally, three out of four CEOs will be personally liable for hacking events by 2024 as they will not be able to plead ignorance or retreat behind insurance policies, a Gartner report said on Tuesday.

Amazon's surveillance can boost output and possibly limit unions: study (Reuters) Amazon.com relies on extensive worker surveillance to boost employee output and potentially limit unionization efforts around the United States, says a research paper issued on Monday by the Open Markets Institute.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

SecurityWeek's 2020 ICS Cyber Security Conference (Online, October 19 - 22, 2020) This 3-day virtual conference and 1-day of optional advanced trainings and workshops will dive deep into the world of industrial cybersecurity and help those charged with protecting operational technology (OT) environments defend against cyber threats. The 2020 Conference is expected to attract thousands of attendees from around the world, including large critical infrastructure and industrial organizations, military, and state and Federal Government delegates.

National Cyber League 2020 Fall Season: Individual Game (Online, October 23 - 25, 2020) Compete and show off your individual cyber skills. Open to U.S. high school and college students, the competition consists of a series of challenges that allow students to demonstrate their ability to identify hackers from forensic data, pentest and audit vulnerable websites, recover from ransomware attacks, and more. Student players compete in the NCL to build their skills, leverage the NCL Scouting Reports for career and professional development, and to represent their school in the national Cyber Power Rankings.

National Cyber League 2020 Fall Season: Team Game (Online, November 6 - 8, 2020) Sign up as a team to compete in the Team Game. Open to U.S. high school and college students, the competition consists of a series of challenges that allow students to demonstrate their ability to identify hackers from forensic data, pentest and audit vulnerable websites, recover from ransomware attacks, and more. Student players compete in the NCL to build their skills, leverage the NCL Scouting Reports for career and professional development, and to represent their school in the national Cyber Power Rankings.

upcoming Events

WSIS Forum 2020 (Online, June 22 - September 10, 2020) The World Summit on the Information Society (WSIS) Forum 2020, celebrates 15 years of providing a multi-stakeholder platform to discuss, share experiences, showcase innovation, and foster partnerships in strengthening the impact of ICTs for sustainable development. Online sessions to be held from 22 June, 12:00-13:00 onwards, featuring a weekly program, including a series of thematic/country workshops which are hosted by WSIS Stakeholders, high-level policy sessions, special tracks on various themes, a virtual knowledge café, a Hackathon, WSIS Action Line meeting and a virtual exhibition addressing issues that are critical to WSIS implementation and follow-up in a multi-stakeholder setting.

5th Annual Chicago Cyber Security Summit (Online, September 1, 2020) C-Suite & Senior Level Executives: Register with Promo Code CYBERWIRE95 to receive $95 Admission (Standard Price is $350). Learn from renowned experts from the U.S. Dept. of Justice, Verizon, Google, IBM, Darktrace, and more about the latest threats facing your company.

Johns Hopkins University Insider Threat Day (Online, September 1, 2020) The Insider Threat Day with Johns Hopkins University Applied Physics Lab, hosted by the ISSA Central Maryland Chapter, will take place on Thursday, September 1, 2020. This one-day event will be part of the Insider Threat Awareness Month declared by the U.S. National Counterintelligence and Security Center (NSCS) and the National Insider Threat Task Force (NITTF). The goal of Insider Threat Day is to raise awareness and help organizations develop proactive strategies for detecting and combating these threats, as well as to reduce the risk of compromised information.

2020 Billington CyberSecurity Summit (Online, September 8, 2020) Billington CyberSecurity produces world class educational forums and virtual seminars about the threats, challenges, and opportunities related to protecting our nation's critical cyber infrastructure.The company is best known for its trusted Annual Billington Cybersecurity Summit, now entering its 11th year. The annual summit, which will occur this year on September 8-9 at the Washington Marriott Wardman Park, is the top government summit on cybersecurity. Last year, it attracted nearly 800 attendees, over 50 sponsors and exhibitors and more than 75 speakers. (This event has now moved online.)

IFSEC 2020 (London, England, UK, September 8 - 10, 2020) IFSEC presents up-to-date information on the newest products, emerging trends and best practices in the safety and security industry, and access control. You will see established and emerging companies in the industry present their best products and services. The international trade fair has been a linchpin right from the start in 1988 and today shares the stage with three other influential events – Facilities Show, FIREX International and Safety & Health Expo (SHExpo). What trade visitors come to see at the exhibition ground is the incredible variety of products - CCTV, security systems, video surveillance systems, alarm systems, internet security systems, security locks, biometrics and fire protection systems. But IFSEC is more than just a marketplace. It’s a place of know-how as seen through the expert education seminars and case-studies that place all these new technologies in their context.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.