The CyberWire Daily Briefing, 2.11.20

Cyber Attacks, Threats, and Vulnerabilities

Hostile Spies Target U.S. With Cyber, Encryption, Big Data, Report Finds (Wall Street Journal) Intelligence threats against the U.S. are becoming more complex, diverse and harmful as adversaries turn to innovative hybrid techniques to steal secrets, according to a government report.

The U.S. Is Vulnerable to an Iranian Cyberattack. Here's How. (Wall Street Journal) U.S. tensions with Iran have escalated after the assassination of Gen. Qassem Soleimani, and experts are worried about retaliatory cyberattacks. Cybersecurity expert John Hultquist and WSJ's Dustin Volz discuss what new tactics hackers have at their disposal and whether the U.S. is prepared to defend itself. Photo illustration: Alexandra Cardinale.

Iran, foreign agencies may have access to data on Israeli intel officials (The Jerusalem Post) The leaked information includes names, identification numbers, phone numbers and addresses.

FBI warns about ongoing attacks against software supply chain companies (ZDNet) Exclusive: FBI alerts US private sectors about attacks aimed at their supply chain software providers.

A US House candidate says she was hacked — now she’s warning others (TechCrunch) "I cannot think of a reason not to share this with the public," said Brianna Wu, a Democratic candidate for the U.S. House.

Software error exposes the ID numbers for 1.26 million Danish citizens (ZDNet) Danish tax portal accidentally shares tax payer identification numbers with Google and Adobe analytics services.

How Big Companies Spy on Your Emails (Vice) Multiple confidential documents obtained by Motherboard show the sort of companies that want to buy data derived from scraping the contents of your email inbox.

Scammers are trying to exploit coronavirus concerns to breach companies (CyberScoop) Hackers are preying upon fears about the new coronavirus from China by sending companies malicious emails cloaked as warnings about the economic repercussions that could occur as the illness spreads.

Frustrated author cybersquats novelist’s website (Naked Security) If you visit the website of renowned Canadian novelist Patrick deWitt today, you’ll see a surprising message. “THIS IS NOT PATRICK DEWITT”, it says.

Passport office had 100 data breaches (Irish Examiner) 32 passports were also sent to the wrong addresses last year

Active PayPal Phishing Scam Targets SSNs, Passport Photos (Threatpost) Phishing emails have been uncovered that request a full rundown of personal data – even asking for photos of passports.

Report: Inmates’ Prescriptions & PII Leaked in Breach Spanning Multiple Jailhouses (vpnMentor) The vpnMentor cybersecurity research team, led by Noam Rotem and Ran Locar, have uncovered a leaking S3 Bucket with 36,077 files of visible data on an Amazon

WI Department of Health Services warns people about coronavirus phishing scam (WKBT) There is new information about coronavirus in Wisconsin, but it's not related to new cases.

Fifth Third warns customers of data breach by former employees (Cincinnati.com) In a letter to customers, Fifth Third said it believes "a small number of former employees" misused the info dating back to the summer of 2018.

13 tips to avoid Valentine's Day online romance scams (TechRepublic) Scammers use dating sites to try to build relationships with people to get money or personal information. Here are 13 tips to protect yourself.

Shadow IT accounts with weak passwords endanger organization (Help Net Security) 63% of enterprise pros have created at least one shadow IT account, and two-thirds of those have created two or more. Some of those have poor passwords.

North Miami Beach Police Department Hit With Ransomware Attack (NBC 6 South Florida) The North Miami Beach Police Department was hit with a ransomware attack and is now being told to pay millions to regain access to information it stored online. The department said in a statement Friday that it was impacted by ransomware earlier that week and contacted the FBI, Secret Service and the Miami-Dade Police Department to investigate. “The most important…

Ransomware Attacks Grow, Crippling Cities and Businesses (New York Times) Hackers are locking people out of their networks and demanding big payments to get back in. New data shows just how common and damaging the attacks have become.

Cyber criminals in the frame after National Portrait Gallery is hit with 350,000 email attacks (Commentator) London's leading art gallery hit with over 100,000 cyber attacks every month, including phising scams, spam emails, malware and viruses. Andy Heather VP at Centrify warns that attacks could be used to steal confidential membership data

LPSO Fends Off Cyber Attack (News15 | Lafayette, LA) The Lafayette Parish Sheriff’s Office has confirmed that its IT department successfully defended the agency against a recent attempted cyber attack. Lt. John Mowell, the LPSO’s public information officer, tells News15 the attempted attack triggered security measures already in place following a successful cyber attack against the department in 2017. “It’s not a big deal …

Bulletin (SB20-041) Vulnerability Summary for the Week of February 3, 2020 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.

How Cybercriminals Recruit and Look for Skilled Developers (Dice Insights) Certain programming skills are always in demand—even among cybercriminals. Recently, an underground Russian forum known as XXS held a

How Chinese Cybercriminals Use Business Playbook to Revamp Underground (McAfee Blogs) Preface Because of its longevity and technical sophistication, the Russian cybercriminal underground has long been the benchmark for threat researchers

Security Patches, Mitigations, and Software Updates

Windows Server 2008 Servers Don’t Boot After KB4539602 Update (BleepingComputer) Windows Server 2008 servers will no longer boot if prerequisites aren't installed before applying the out-of-band KB4539602 update released by Microsoft on February 7 to patch a wallpaper bug.

Cyber Trends

2019 Year End Data Breach QuickView Report (Risk Based Security) Our QuickView Report is sourced from our product Cyber Risk Analytics® and has garnered media attention from publications such as Forbes and USA Today.

SolarWinds Report Shows Managed Services Remain Healthy and Profitable—Findings Reveal Key Opportunities for Growth, Including Advanced Security, Automation, and Business Operations (Yahoo) SolarWinds (NYSE:SWI), a leading provider of powerful and affordable IT management software, today released the findings of its "2019 Trends in Managed Services" report, showing the health of managed services and the forces shaping the market across North America and Europe.

60% of Enterprise Ill-equipped to Detect and Respond to Public Key Inf (PRWeb) Keyfactor, the leader in securing digital identities, and Ponemon Institute today released the 2020 edition of “The Impact of Unsecured Digital Identities,” a

Overwhelming Number of Internet Users now Fear Becoming a Victim Of Identity Theft and Account Takeover -- and Most are Right (PR Newswire) As massive data breaches continue to make international headlines and the Internet is an integral part of our daily lives, consumers are now...

10 Hot Cybersecurity Topics at RSA Conference 2020 (BankInfo Security) Which cybersecurity topics are hot? One topical answer to that question comes via the upcoming RSA Conference 2020. Organizers say they received 2,400 responses to their call for speakers, and they've have highlighted 10 predominant themes, including secure design, frameworks, privacy and the human element.

These 20 ‘Hackers’ Helped Shape The Cybersecurity Landscape Forever (Forbes) I asked cybersecurity experts to name the hackers who have made an impact, good or bad, that has helped shape the security landscape today.

Cyber attacks worsening among Australian businesses, costing economy $1 billion a year (IT Brief) Cybercrime is becoming increasingly sophisticated and is harming more and more Australians each day.

Marketplace

Cybersecurity is a board level issue: 3 CISOs tell why (Help Net Security) Has cybersecurity reached the board level? Organizations should treat security as a top business risk as well as a top business opportunity.

Develop a serious cybersecurity strategic plan that incorporates CCM (TechCrunch) It’s time for enterprises to strategize seriously and realize they must move from firefighting to fireproofing.

Israel Spyware Firm NSO Group Maintains Its Products 'Battle Terrorism' Alone (The Wire) The creators of Pegasus, a spyware used to snoop on several journalists and lawyers associated with the Bhima Koregaon case, have said they have 'shut down' those who have abused their well-intentioned systems.

No Relief for Cybersecurity Teams Yet, Says Tripwire’s Skills Gap Report (The State of Security) We surveyed 342 security professionals on how they are experiencing the skills gap and how they intend to address the issue going forward.

CIT GAP Funds Invests in HyperQube to Accelerate the Creation of Virtualized Test Environments (CIT) HyperQube is the answer to the question, “What if the enterprise could instantly create a carbon copy of their network to test the impact of a cyber-attack?”

2020 MD Cybersecurity Buyer's Guide (CAMI) Below are details for the 5th Annual Maryland Cybersecurity Buyer's Guide on which the Cybersecurity Association of Maryland, Inc. (CAMI) is once again partnering with the Baltimore Business Journal (BBJ) to produce, print and distribute.

U.S. judge expected to rule in favor of Sprint, T-Mobile merger: sources (Reuters) A U.S. district judge is expected to rule in favor of allowing Sprint and T-Mobi...

Xerox ups its offer for HP — how much is it worth to Xerox now? (Silicon Valley Business Journal) Whether by hook or by crook, carrot or stick, Xerox seems determined to bring HP into its fold — this time by offering even more money to buy the company.

Israel strengthens as cyber superpower (Globes) The $1.9 billion acquisition of Forescout underlines Israel's preeminence in the sector.

Axonius appoints Mark Daggett as Vice President of Channels and Allian (PRWeb) Axonius, the cybersecurity asset management company, today announced the appointment of Mark Daggett as Vice President of Channels and Alliances in addition to the expansion of its partner program.

Post-Thales sale, nCipher looks to channel to stamp A/NZ foothold (ARN) One year after its divestment from Thales, encryption specialist nCipher has made a major push into the regional channel by signing DNA Connect as its second distributor.

Industry Veteran Chris Peterson Joins Centrify To Accelerate Global Channel Growth (Al Bawaba) Centrify, a leading provider of cloud-ready Zero Trust Privilege to secure modern enterprises, today announced the appointment of Chris Peterson as Vice

Gianluca Busco Arre, Panda Security's VP of Sales and Operations, North America Recognized as 2020 CRN® Channel Chief (PR Newswire) Panda Security, a world leader in advanced cybersecurity solutions and services, announced today that CRN®, a brand of The Channel Company, has...

Cyware Labs Names Accomplished Sales Executive, Amit Patel, as Vice President of North America Sales (Yahoo) Cyware Labs, provider of advanced threat intelligence sharing and cyber fusion products, today announced the appointment of Amit Patel as their Vice President of North America Sales.

Products, Services, and Solutions

Kount Unveils Identity Trust Global Network With New Adaptive AI Technology, Largest Data Network of Trust and Fraud Signals, and User Experience Engine (Yahoo) Kount, the leading AI-driven fraud prevention solution, today unveiled its Identity Trust Global Network, flipping the script on fraud management from just blocking bad transactions to empowering organizations to unlock previously untapped revenue streams through delivering personalized user experiences

Nok Nok Labs Introduces Strong Authentication for IoT Devices - Standalone and Connected to Cloud Services (PR Newswire) Nok Nok Labs (Nok Nok), the trusted leader in passwordless consumer authentication, today announced the "Nok Nok™ IoT SDK," as the industry's...

IRONSCALES Delivers the ‘Power of the Pack’ to Email Security; Surpass (PRWeb) IRONSCALES, the pioneer of self-learning email security, today announced that its email security platform has surpassed more than 1,000 acti

Underwriters Labs wants to certify IoT security (TheNewsTrace) In a bid to beef up security across the burgeoning realm of the Web of Issues (IoT), product security testers Underwriters Laboratories (UL) launched new requirements to take a look at web-connected units for vulnerabilities. In accordance to the Christian Science Monitor, UL’s transfer to start scrutiny of IoT programs follows the Cybersecurity Nationwide Motion …

ZeroFOX Announces Advanced Business Email Compromise Protection for Google and Microsoft Platforms (Yahoo) ZeroFOX launches AI-powered Advanced Email Protection, extending its impersonation detection capabilities to provide BEC, abuse, & phishing protection

Cybereason lance l’outil Emotet-Locker pour aider les entreprises et les institutions publiques à combattre le malware Emotet (Global Security Mag Online) Cybereason annonce la publication par son équipe de recherches, Nocturnus, d’un outil gratuit baptisé « Emotet-Locker » visant à aider les organisations publiques et privées à lutter contre la vague d’attaques par le malware Emotet. Emotet-Locker évitera à la plupart des variantes d’Emotet d’infecter les machines Windows. Il est disponible ici : Cybr.ly/emotet.

Fortinet Further Expands Integration with Amdocs to Enable Service Providers to Deliver Advanced Secure SD-WAN Services (Wallstreet-online.de) John Maddison, EVP of products and CMO, Fortinet “Secure SD-WAN is becoming the most significant WAN service for enterprise organizations for its ability to facilitate digital innovation via ...

Technologies, Techniques, and Standards

Teaming up with Defending Digital Campaigns on election security (Google) We’re announcing a new partnership with Defending Digital Campaigns to provide federal campaigns access to free Titan Security Keys.

The Cybersecurity 202: Iowa's app fiasco worries mobile voting advocates (Washington Post) The fiasco caused by an app that failed to properly transmit votes in the Iowa caucuses is worrying the mobile voting industry, which hoped 2020 would be a banner year.

Voting by smartphone in Seattle pushes the limits of electronic balloting (Washington Post) Election officials are letting voters in a little-known race cast ballots with their mobile phones, even as critics raise concerns over the vulnerability of digital ballots.

Presidential campaigns reach email security milestone (Valimail) For the first time, more than half of the candidates for U.S. president have domains that are protected from spoofing via DMARC at enforcement.

Why New Hampshire says it won’t be the next Iowa (POLITICO) The meltdown of last week’s Democratic caucus is upping the pressure on the nation’s first primary to go off without a hitch.

The New Hampshire Primary Might Be the Most Technophobic Election in the Country (Slate Magazine) No app problems here!

Cybereason Preps For The ‘Unthinkable’ With Election Hacking Exercise (CRN) Cybereason, a cybersecurity vendor, held its fifth election hacking exercise to help restore public trust in the election process.

Defending Local Government Agencies From Rising Threat Of Ransomware (Forbes) Local government agencies are increasingly targeted by ransomware attacks, but most have one thing in common: email. Better email security can help agencies avoid these attacks.

How cyber defenders can proactively prep networks (C4ISRNET) A National Security Agency veteran explains how to augment infrastructure to help trap attackers.

The future of DNS security: From extremes to a new equilibrium (Help Net Security) In anticipation of his keynote at HITB Security Conference 2020 in Amsterdam, we talked to internet pioneer Dr. Paul Vixie, Farsight Security Chairman and

EMV® 3DS: paving the way for seamless authentication (FIME) The growth of e-commerce, m-commerce and remote commerce transactions is showing no signs of slowing down.

Intelligence in the Enterprise (McAfee Blogs) Intelligence became an integral military discipline centuries ago. More recently, this practice evolved into what is called Intelligence Preparation of

Netskope CEO: Don’t Fall for SASE Washing (SDXCentral) Riding high on his company’s new $340 million investment, which puts Netskope at a nearly $3 billion valuation, CEO Sanjay Beri says the rest of the industry is finally coming around to his vision of cloud-delivered security. Eight years later, this vision that Beri drew on a napkin in 2012 has a name, and its name is SASE.

How to Rein In Your Unmanaged Cloud in 4 Steps (Orca Security) 'Cloud explosion' has led to uncertainty inside organizations' cloud environments. Here’s how you can conquer the side effects of the unmanaged cloud explosion.

Day in the Life of a Bot (Dark Reading) A typical workday for a bot, from its own point of view.

Academia

University to Unveil New Cybersecurity Center (University of New Haven) The Samuel S. Bergami Jr. Cybersecurity Center will be dedicated in honor of a longtime University supporter during a special event on February 11 that will bring together national and local cybersecurity experts. The state-of-art space will be the home of the only NSA-designated Center of Academic Excellence in Cyber Operations in the state of Connecticut.

Wisconsin university launches online cybersecurity course (The Daily Swig | Cybersecurity news and views) Higher education aims to fill the workforce gap

Legislation, Policy and Regulation

New federal strategy prioritizes defending US against foreign threats to elections, critical systems (TheHill) The National Counterintelligence and Security Center (NCSC) on Monday unveiled the new National Counterintelligence Strategy, which emphasizes the need to defend against foreign operations aimed at democratic system

National Counterintelligence Strategy of the United States of America 2020-2022 (Office of the Director of National Intelligence) Protecting our Nation’s security and continuing to enhance the prosperity of our citizens are my top priorities. Ensuring that the United States is protected against espionage and other damaging intelligence activities conducted by our foreign adversaries is essential to meeting those goals.

Protected: Heightened vigilance amid Iranian cyber threat ‘a new normal’ for agencies (Federal News Network) Heightened tensions between the U.S. and Iran last month kept agencies on high alert over the threat of an Iranian cyber-attack.

()

Chinese Indictments in Equifax Breach Show Need for Secure Digital Infrastructure, not Onerous Privacy Regulations, Says ITIF (ITIF) "Today’s indictment shows that the ongoing debate about consumer data privacy has been muddled and misguided from the outset—focusing the blame on corporate victims rather than on the perpetrators of state-directed cyber espionage."

Opinion | Chinese Hacking Is Alarming. So Are Data Brokers. (New York Times) Companies like Equifax threaten our personal privacy and our national security.

Why the UK Didn't Ban Huawei (The National Interest) A breakdown of the decision.

Is there a halfway for Huawei? Western allies can’t agree on role for Chinese giant in 5G networks (The Globe and Mail) Ward Elcock, a former director of the Canadian Security Intelligence Service, said allowing Huawei into 5G is not worth the risk

U.S. chip firms fear Trump's screws on Huawei is bad for business (POLITICO) The administration may have to pull back on how far it will restrict such business out of fear that U.S. industry will be harmed.

Pentagon cyber budget is flat in new request (Fifth Domain) The administration requested $9.8 billion for cyber activities in next year's budget for the Department of Defense.

DOD Budget Invests in Cyber, Interoperability (SIGNAL Magazine) Department officials request $705 billion for fiscal year 2021.

Richmond, Katko, Kilmer, McCaul, Ruppersberger, Thompson, Rogers Introduce Bipartisan Legislation to Help State and Local Governments Secure Their Networks (House Committee on Homeland Security) The Official Website of the House Committee on Homeland Security

State and Local Cyber5 security Improvement Act (US House of Representatives) To establish a program to make grants to States to address cybersecurity risks and cybersecurity threats to information systems of State, local, Tribal, or territorial governments, and for other purposes.

DoD has enduring role in election defense (Edwards Air Force Base) The Defense Department plays an important role in that whole-of-government partnership, spearheaded by the NSA and Cybercom's Election Security Group, formed in the wake of the successes of the Russia

‘The intelligence coup of the century’ (Washington Post) For decades, the CIA read the encrypted communications of allies and adversaries.

Litigation, Investigation, and Enforcement

Four Members of China’s Military Indicted Over Massive Equifax Breach (Wall Street Journal) Four members of China’s military have been indicted by the U.S. government on charges of hacking into credit-reporting agency Equifax and plundering sensitive data on nearly 150 million Americans, the DOJ said.

U.S. charges four members of Chinese military in connection with 2017 Equifax hack (Washington Post) The Justice Department has charged four members of the Chinese military with a 2017 hack at the credit reporting agency Equifax, a massive data breach that compromised the personal information of nearly half of all Americans.

How 4 Chinese Hackers Allegedly Took Down Equifax (Wired) The Department of Justice has pinned the hack on China. Here's how it was done, according to the indictment.

Equifax breach is the latest of many hacks linked to China (Star Tribune) In 2014, the Obama administration accused five Chinese military agents of targeting Pittsburgh-area industrial companies including Westinghouse Electric, Alcoa and U.S. Steel. Since then, the number of companies allegedly targeted by Chinese hackers has only grown.

Owner of dark web Freedom hosting pleads guilty to host child abuse content (HackRead) The hosting service contained well over 8.5 million child abuse images.

Microsoft tip led to discovery of more than 190 child porn images on Michigan man’s computer, police say (mlive) He recently pleaded no contest to one of his two child pornography possession charges.

US indicts 4 PLA operators in Equifax case. Israel's voter database leak. Kwampirs RAT in supply chains. Election security.

Bring your own context.

Coming soon: CyberWire Pro.