The CyberWire Daily Briefing, 2.21.20

Cyber Attacks, Threats, and Vulnerabilities

Georgia blames Russia for cyberattack, US, UK agree (Fifth Domain) Georgian authorities on Feb. 20 accused Russia's military intelligence of launching a large-scale cyberattack that targeted the government and private organizations with the goal of destabilizing the ex-Soviet nation.

Russia Blamed for ‘Paralyzing’ Georgia Cyber Attack in 2019 (Bloomberg) U.S., U.K., and EU nations join Georgia in implicating Russia. Russia’s GRU allegedly behind attack on president’s office.

Foreign minister issues statement over Russian cyberattacks on Georgia (ERR) Estonia stands with Georgia and several other countries over an October 2019 mass cyberattack which hit the Caucasus country and has been blamed on Russia, foreign minister Urmas Reinsalu says.

U.S. joins other nations in accusing Russia of cyber attack in Republic of Georgia (Washington Post) The United States joined several countries on Thursday in accusing Russia of a major cyberattack in the Republic of Georgia, pledging to hold the Kremlin accountable.

Pompeo, foreign partners condemn Russian cyberattack on country of Georgia (TheHill) Secretary of State Mike Pompeo, along with top foreign officials from almost a dozen other nations, on Thursday strongly condemned a major Russian cyberattack on the country of Georgia that significantly disrupted o

In rare move, State Department calls out Russia for attacks on Georgia last year (CyberScoop) In a rare public announcement, the State Department is formally blaming Russian intelligence for a cyber incident that disrupted thousands of websites in Georgia last year.

Why the US chose to ‘name and shame’ Russia over cyberattacks (Fifth Domain) Nearly a dozen countries, including the United States, attributed a 2019 cyberattack on the country of Georgia to Russia’s military, a move that experts said was the most high-profile example yet of an effort to establish acceptable behavior in cyberspace.

The Russian Trolls’ Next Favorite Candidate (The Atlantic) Americans don’t need Russia’s polarizing influence operations. They are plenty good enough at dividing themselves.

The Technology 202: Bernie Sanders draws criticism at Nevada debate for behavior of online supporters (Washington Post) Bernie Sanders came under fire for his supporters’ online vitriol in a fiery exchange during last night’s contentious Democratic debate. It could signal future scrutiny of the Vermont senator's unruly social media supporters as he surges in the polls.

U.S. agency responsible for Trump's secure communication suffered data breach: letter (Reuters) The U.S. defense agency responsible for secure White House communications said S...

Pentagon communications hub reports likely data breach (NBC News) The Defense Department said about 200,000 people could have been affected, but there was no indication anyone's data was misused.

Social Security numbers stolen in defense agency data breach (CNET) The hack targeted a system run by the Defense Information Systems Agency.

How many users were affected by the DISA breach? (Fifth Domain) Affected users are receiving letters from the Defense Information Systems Agency notifying them if their personally identifiable information might have been compromised.

Iranian-backed Fox Kitten APT Exploits VPN Vulnerabilities - Here’s Why it Should Matter to You (Safe-T) Fox Kitten Campaign - the attackers used a potent concoction of tools, including custom-made weapons and open-source code. But according to ClearSky, the initial infection was launched via RDP (Remote Desktop Protocol) and VPN (Virtual Private Network) vulnerabilities.

ObliqueRAT: New RAT hits victims' endpoints via malicious documents (Cisco Talos) A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

A ‘stalkerware’ app leaked phone data from thousands of victims (TechCrunch) Exclusive: KidsGuard siphoned off photos, videos, screenshots and call recordings to an unprotected server.

Bluetooth-Related Flaws Threaten Dozens of Medical Devices (Wired) Hundreds of smart devices—including pacemakers—are exposed thanks to a series of vulnerabilities in the Bluetooth Low Energy protocol.

Celeb Shout-Out App Cameo Exposes Private Videos and User Data (Vice) Motherboard wrote basic code to compile lists of videos that users had explicitly marked as private on the app.

B&R Industrial Automation Automation Studio and Automation Runtime (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: B&R Industrial Automation GmbH Equipment: Automation Studio and Automation Runtime Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a remote attacker to modify the configuration of affected devices.

Rockwell Automation FactoryTalk Diagnostics (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk Diagnostics Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to execute arbitrary code with SYSTEM level privileges.

Honeywell NOTI-FIRE-NET Web Server (NWS-3) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell Equipment: NOTI-FIRE-NET Web Server (NWS-3) Vulnerabilities: Authentication Bypass by Capture-replay, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker bypassing web server authentication methods.

Auto-Maskin RP210E, DCU210E, and Marine Observer Pro (Android App) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Auto-Maskin Equipment: RP 210E Remote Panels, DCU 210E Control Units, and Marine Observer Pro (Android App) Vulnerabilities: Cleartext Transmission of Sensitive Information, Origin Validation Error, Use of Hard-coded Credentials, Weak Password Recovery Mechanism for Forgotten Password, Weak Password Requirements 2.

Hackers clone ProtonVPN website to drop password stealer malware (HackRead) One of the easiest ways to lure users to install malware on their computers is to imitate legitimate websites. This is exactly what certain attackers have done as recently investigated by researchers at Kaspersky by targeting ProtonVPN.

Cybergang Favors G Suite and Physical Checks For BEC Attacks (Theatpost) Exaggerated Lion, a newly discovered cybercrime group, uses new and unique tactics to target U.S. companies in BEC attacks.

900 council tax payers' personal information widely shared in council gaffe (Somerset County Gazette) PERSONAL information belonging to 900 people has been widely shared by a council in a massive data protection breach.

Croatia's largest petrol station chain impacted by cyber-attack (ZDNet) A ransomware attack is believed to have impaired the chain's ability to issue invoices and accept loyalty cards.

Council cyber-attack effects 'could last weeks' (BBC News) Redcar and Cleveland Council was targeted by a suspected ransomware attack almost two weeks ago.

Paper Excellence, owner of Crofton mill, hit by malware (Cowichan Valley Citizen) Paper production in Crofton, and other mills, impacted by incident

Cyberattack on NRC Health sparks privacy concerns about private patient records stored by US hospitals (CNBC) NRC Health confirmed in a statement to CNBC that it shut down its "entire environment," including client-facing reporting portals, to contain a cyberattack that raised concerns about private patient records.

Michigan hospital alerts 2,400 patients of human error data breach (Becker's Hospital Review) Byron Center, Mich.-based Mercy Health Physician Partners Southwest began notifying 2,487 patients Feb. 10 that their information may have been exposed in a mailing error.

Data breach connected to Capital Region’s Community Care Physicians reported (The Daily Gazette) The situation stems from a December ransomware attack on an accounting firm used by Community Care Physicians

South Adams Schools hit with ransomware cyber-attack (WANE) The South Adams Schools district is dealing with a ransomware cyber-attack that took place overnight. Administrators informed staff Thursday morning according to a press …

Wawa Data Breach Could Impact 30 Million Payment Cards (The Legal Intelligencer) With more than half of Wawa’s stores located in Pennsylvania and New Jersey, the Wawa breach is one of the most important cybersecurity events in local history.

Over 2000 UK Government Devices Go Missing in a Year (Infosecurity Magazine) Viasat study finds scores of devices were unencrypted

Why Malicious Hackers Love To Make A Cryptocurrency Called Monero (Analytics India Magazine) The main feature of Monero is that the currency utilises an obfuscated public blockchain, which hackers love.

5 steps to take if you suspect you were affected by the MGM resort data breach (CNBC) The personal data of approximately 10.6 million consumers who stayed at MGM resorts appeared online this week, ranging from home addresses and contact information to driver's licenses and passport numbers in some cases.

Security Patches, Mitigations, and Software Updates

The mess behind Microsoft’s yanked UEFI patch KB 4524244 (Computerworld) Patch Tuesday’s truly odd Win10 patch KB 4524244 wreaked havoc before it was finally pulled last Friday night. Since then, accusations have flown about Kaspersky, in particular, and Microsoft’s complicity in signing a rootkit. There’s plenty of blame to go around — and much more to the story.

Huawei delists the Mate 10 and Mate 10 Pro from its security update schedule (Notebookcheck) Huawei released the Mate 10 and Mate 10 Pro over two years ago and the phones may just have reached the end of their support lifespans. While EMUI 10 will eventually be released for the flagships, Huawei has now removed them from its official security update page.

Cyber Trends

Data Protection Report (Barracuda Networks) Barracuda Networks is the worldwide leader in Security, Application Delivery and Data Protection Solutions.

Cybercriminals Netted US$3.5 Billion in 2019: IC3 Report (CISO MAG | Cyber Security Magazine) A report from the IC3 revealed that hackers secured US$3.5 billion from cybercrimes which are reported to the FBI alone in 2019.

Stuffing nonsense: Persistent cyberpunks are pummelling banks' public APIs, warns Akamai (Register) Security biz clocked 55 million malicious login attempts on a client

Marketplace

Coronavirus kills MWC, IBM withdraws from RSA: What about Kaspersky’s Security Analyst Summit? (ZDNet) Kaspersky has revealed its position on the potential cancellation of the Security Analyst Summit, due to take place in April.

RSA Conference loses one more abbreviated tech giant after AT&T disconnects over Wuhan coronavirus fears (Register) Alternative headline: Killer bio-nasty linked to former alien vault and cyber-hacker gathering

10 hot industry newcomers to watch at RSA Conference 2020 (Help Net Security) The RSA Conference Early Stage Expo is an innovation space dedicated to promoting emerging talent in the industry. Here are companies to watch this year.

Huawei says US push to create a 5G rival 'would be a challenge' (CNBC) There are rising calls from U.S. politicians to find alternatives to Chinese firm Huawei, given the fact that Washington believes the company is a national security risk.

After raising $74 million, ZeroFox eyes IPO (Maryland Daily Record) Baltimore cybersecurity firm ZeroFox announced the completion a $74 million funding round Thursday, and CEO James C. Foster said an initial public offering is likely in the company’s future. With the funding raised, ZeroFox hopes to continue its global expansion, setting the stage for the point where it can begin the IPO process. “We are preparing ourselves ...

Baltimore's ZeroFox raises one of Maryland's largest funding rounds for cyber firms (Baltimore Business Journal) Baltimore's ZeroFox has closed another big round of funding as it continues "sprinting" toward an IPO.

Polyverse Lands $8m in New Funding to Accelerate Security Push into Government, Enterprise and IoT (Benzinga) Funding round accelerates growth in new markets for groundbreaking cybersecurity technology provider. BELLEVUE, Wash. (PRWEB) February 20, 2020 Polyverse Corporation received $...

Got privacy? OneTrust doubles valuation to $2.7B as consumer data laws go global | PitchBook (Pitchbook) Privacy tech startup OneTrust has raised a $210 million round as the expansion of global data privacy laws helps create a new sector in software.

Fidelity’s Parent Company Is Spinning Out Its Akoya Personal-Data Startup (Wall Street Journal) Fidelity Investments’ parent company has sold stakes to other financial firms in its software startup that gives consumers more control over how their bank-account information is shared with online financial applications.

Machine learning threat intelligence to secure USCYBERCOM (Military Embedded Systems) Recorded Future, security intelligence company, announced it won a Production-Other Transaction Agreement (P-OTA) contract facilitated by the Defense Innovation Unit (DIU) for threat intelligence, tasking to company to provide real-time threat analysis to approved federal agencies on an expedited basis.

McKean Captures NAVWAR $249M Contract (MDJOnline.com) McKean Defense Group, LLC announced today that it was awarded a cost-plus-fixed-fee, firm-fixed-price contract to provide the Naval Information Warfare Center Pacific (NIWCPAC) integration,

Lockheed Martin Contracts With Guardtime Federal To Secure Software Supply Chain (Defense Daily) Lockheed Martin and its partner Guardtime Federal have signed a long-term contract to bring the cyber security company’s blockchain technology to Lockheed

The first information security ecosystem built by Vietnamese (Yahoo) Viettel Cyber Security Company, a member Viettel Group, launched a Managed Security Operation Center (SOC) service on a global scale capable of detecting, analyzing, responding, preventing and investigating traceability of information security incidents and ensuring security for IT systems. In Vietnam

Unisys offers $10,000 to those who compromise a target system protected by Stealth (Help Net Security) Unisys is offering $10,000 to participants who can capture data and credentials protected by the Unisys Stealth cybersecurity solution.

Arete Incident Response Adds Elite Incident Response and Forensic Investigators to its Canadian Cyber Response Team (Yahoo) Arete Incident Response, an elite team of cyber security experts and incident responders, announced today the addition of key personnel for its Canada operations. Together, the new team members bring years of experience leading challenging, cyber incident response

Products, Services, and Solutions

Idaptive Announces Adaptive Multi-Factor Authentication for Endpoint Login and Enhanced Support for Passwordless Authentication (Globe Newswire) Idaptive Next-Gen Access enables greater flexibility for IT teams and provides secure and frictionless access controls

XUMI Chooses nCipher Security to Reduce Mobile Payments Fraud (Yahoo) nCipher Security, an Entrust Datacard company and provider of trust, integrity and control for business-critical information and applications, announces that XUMI, a secure payments provider, is using nCipher nShield Connect hardware security modules (HSMs) to help strengthen the security embedded in

vArmour Announces Strategic Global Partnership with Tanium for Enhanced Application Visibility to Secure Endpoints (Globe Newswire) Partnership enables Continuous Application Relationship Management for endpoints on-premises and in the cloud

vArmour and Gigamon Partner to Provide Enterprise Networks With Elevated Application Visibility and Control (Globe Newswire) Joint customers gain access to Continuous Application Relationship Management for protecting applications across environments without endpoint agents

vArmour and Tufin Partner to Accelerate Policy Orchestration and Secure Applications Across On-Premise and Hybrid Cloud (Globe Newswire) Partnership enables real-time network visibility and change automation driven by Continuous Application Relationship Management for security and compliance

Cyberint Launches Managed Threat Hunting (PR Newswire) Cyberint, a leading service provider of intelligence-driven detection and response solutions to digital businesses, is now offering the Managed...

wolfSSL Announces the wolfJSSE Provider (PRWeb) wolfSSL, the leading provider of TLS cryptography and the world’s first commercial release of TLS 1.3, announces the wolfJSSE Provider. The Java Secure So

Kount Announces Email First Seen Capabilities as Part AI-Powered Identity Trust Global Network (MarTechSeries) Email First Seen allows customers to see the age of an email that appears in an interaction, enabling them to more quickly and accurately determine identity trust and further improve fraud prevention effectiveness Kount, the leading fraud prevention solution, announced the immediate availability of Email First Seen as an indicator of email trust, an integral part of the Identity Trust Global Network. Unveiled earlier this month, Kount’s Identity Trust Global Network includes fraud and trust signals from more than half a billion email addresses, 32 billion interactions and 17.5 billion devices reviewed annually, across more than 75 industries and 50+ payment

Prey Inc. Aids Schools and Universities Develop and Secure 1:1 Laptop Programs With New Device Loan Manager Solution (Yahoo) Prey Inc., provider of the cross-platform, open source device manager, reactive anti-theft and data protection platform that protects more than eight million mobile devices, today announced the Device Loan Manager, a new capability available to Enterprise and Education customers. Prey’s Device Loan

Payments Industry Turning Point - Coalfire First to Certify With New Software Security Standard (PR Newswire) Coalfire, a provider of cybersecurity advisory and assessment services, today became the first firm to be accredited by the Payment Card...

Gurucul Automates and Advances Threat Hunting with AI/ML for Intelligent Threat Detection and Faster Response Times (AP NEWS) Press release content from Business Wire. The AP news staff was not involved in its creation.

CrowdStrike Announces Automated Sensor Deployment for Falcon on Google Cloud (Yahoo) Announcement of automated sensor deployment of Google Cloud

Mimecast now integrated with IBM Security (ITP.net) Mimecast, announced a new integration with IBM Security Resilient solution.

Technologies, Techniques, and Standards

In Cybersecurity, Attribution’s a Red Herring (Built In) When your system’s under attack, does it matter who’s attacking?

Design and Innovation

Port San Antonio’s new toy: A real-time cyber security threat simulator (KSAT) The latest museum exhibit at the San Antonio Museum of Science and Technology is a new cybersecurity operations center (SOC), which provides students of all ages an opportunity to go through a simulation of a cyber threat.

Academia

Exabeam Unveils Cybersecurity Scholarship Program (Security Magazine) Exabeam announced the Exabeam Cybersecurity Scholarship Program, an initiative designed to support the next generation of professionals in pursuing an education and career in the security field.  

Minot State University offering new cybersecurity and operations degree (KX NEWS) Minot State University is offering a new major and minor in cybersecurity and operations, which will train students to combat cybersecurity risks and hazards beginning the 2020-21 school year. “Our…

George Mason University to Launch Cybersecurity Program in Response to Job Need (NBC4 Washington) State authorities have approved a new cybersecurity program at George Mason University

Southeast Cyber Defense Team Wins Eighth Straight State Championship (Southeast Missouri State University) For the eighth straight year, the Southeast Missouri State University Cyber Defense Team has won the Missouri Collegiate Cyber Defense Competition (CCDC).

How bad are cyberattacks for the economy? This professor helped the White House assess the damage (Brandeis) As a senior economist on the Council of Economic Advisers, Anna Scherbina used her expertise to shape policy in Washington, D.C.

Legislation, Policy and Regulation

Cybersecurity Threats Call for a Global Response (Sarajevo Times) Last March, Operation Taiex led to the arrest of the gang leader behind the Carbanak and Cobalt malware attacks on over 100 financial institutions worldwide. This law enforcement operation included the Spanish national police, Europol, FBI, the Romanian, Moldovan, Belarusian, and Taiwanese authorities, as well as private cybersecurity companies. …

WSJ News Exclusive | Global Terror-Finance Watchdog Set to Sanction Iran (Wall Street Journal) A global terror-finance watchdog agency is set to blacklist Iran, broadening a U.S. effort to isolate Tehran financially and potentially straining the already sanctions-battered Iranian economy.

U.S. Blacklists Five Senior Iranian Officials Ahead of Parliamentary Elections (Wall Street Journal) The sanctions came ahead of Iran’s parliamentary elections on Friday, for which the country’s leadership is trying to rally a large turnout to bolster itself against a rise in domestic discontent.

Home Affairs pushes back against encryption law proposals (ZDNet) Both Labor and Australia's Independent National Security Legislation Monitor have proposed judicial approvals before cops and spooks can access encrypted communications, but the Department of Home Affairs isn't keen.

Nothing’s ‘Irreversible,’ But the Pentagon’s New Bureaucracies Aim to Come Close (Defense One) As budget hearing season gets underway, expect to hear a lot about "irreversible implementation" of changes toward great power competition.

Samsung will be Putin dreaded Kremlin-approved shovelware on its phones, claims Russia (Register) Now Ru?

Senior intelligence official told lawmakers that Russia wants to see Trump reelected (Washington Post) A senior U.S. intelligence official told lawmakers last week that Russia wants to see President Trump reelected, viewing his administration as more favorable to the Kremlin’s interests, according to people who were briefed on the comments.

Russia is planning to interfere in 2020 presidential election: report (CyberScoop) Russia is working to interfere in the 2020 presidential election in an effort to get President Donald Trump re-elected, according to a briefing.

North Korea’s ultra-secretive ways can make the regime easier to track online (MIT Technology Review) A regime known for iron-fisted control can’t keep all its secrets on the global internet.

EU’s pragmatic approach to Huawei defies US threats (Global Times) Huawei's success in the European market still requires quality, cost-effectiveness and mutual trust with European governments and enterprises. But all in all, the US military cooperation network cannot restrict its allies or limit Huawei.

No Huawei gear in vital 5G project to bring virtual-reality Robin Hood to Sherwood Forest (Register) Rural trials will not use equipment 'from high risk vendors' says Ministry of Fun

US cyber-boss tells UK to 'think again' on Huawei (BBC News) America's top cyber-security official will continue to fight to stop the UK using Huawei kit.

Commerce Department Extends Huawei TGL License Until April 1, 2020 (Lexology) The U.S. Department of Commerce’s Bureau of Industry and Security (BIS) has issued a third extension of the Temporary General License (TGL) applied…

House Subcommittee Knocking at Amazon’s Door Over Ring Data (Nextgov.com) The chairman of a House Oversight panel wants a briefing with Amazon officials about the consumer security tool.

Trump’s New Intelligence Director Faces a Legal Countdown Clock on His Tenure (New York Times) Under federal law, Richard Grenell, the new acting director of national intelligence, may be able to serve only a few weeks unless the president nominates someone to take on the job permanently.

Litigation, Investigation, and Enforcement

How Governments Are Using Cybercrime Charges to Silence Journalists (The Sociable) Governments are cracking down on journalists worldwide, charging them with cybercrimes, but evidence suggests that the cybercrime charges are a means to silence real journalism.

Big Tech’s ‘buy and kill’ tactics come under scrutiny (Silicon Valley Business Journal) A Federal Trade Commission request raised the prospect of regulators wading into early-stage tech markets that until now have been beyond their reach.

WSJ News Exclusive | Google Resists Demand From States in Digital-Ad Probe (Wall Street Journal) The search-engine company is reluctant to surrender some documents sought by investigators looking into possible anticompetitive practices.

Former Pentagon Analyst Pleads Guilty to Sharing Classified Information (New York Times) Prosecutors said Henry Kyle Frese shared top secret information with two journalists, one of whom was his girlfriend.

Malindo Air hauled to court over data breach (Free Malaysia Today) The company claimed trial over the data leak of its passengers' details last year.

Dove Charter Schools Accused Of Illegally Obtaining Names, Addresses Of Okla. Students (Oklahoma City News 9) The State Department of Education said Dove Public Charter Schools illegally obtained the names and addresses of thousands of Oklahoma school children. The department said Dove then shared that information with a third party in an attempt to recruit new students to their school.

FTC Refunds Victims of Office Depot Tech Support Scam (BleepingComputer) The FTC has begun to issue refunds to people who were convinced into purchasing computer repair services at Office Depot based on fake malware scans.

Credit-score scandal fear as 15,000 given wrong rating during data breach (Independent) More than 15,000 people may be due substantial compensation after the State’s biggest financial credit rating body admitted mixing up sensitive credit scores during a data breach.

LifeLabs challenges tribunal over jurisdiction in cyberattack complaint (Vancouver Sun) LifeLabs, which was targeted in a cyber attack last year, wants the B.C. Supreme Court to hear the case of an alleged victim, not a tribunal.

Romanian Hackers Sentenced (Federal Bureau of Investigation) For nearly a decade, the Bayrob Group infected thousands of computers with malware and stole millions of dollars from victims. But with help from private sector and law enforcement partners, the FBI shut down their criminal operation.

New Mexico Sues Google for Mining Children's Data (BleepingComputer) Google is facing a new lawsuit for allegedly using its Google for Education platform to gather the personal and private data from students under the age of thirteen.

Bring your own context.

Coming soon: CyberWire Pro.