Kim-Trump summit concludes.
The US-DPRK summit this past Tuesday contained mostly, as expected, discussion of denuclearization, not cyber conflict (Seattle Times). It ended on a hopeful note, but most observers expect North Korea to resume large-scale cyber operations shortly. Indeed, shortly after the summit concluded the US Department of Homeland Security warned that it had seen a spike in TYPEFACE Trojan infestations from Pyongyang's Hidden Cobra threat group (CNN). A cyberspace modus vivendi, if any is to be achieved, seems to lie in the relatively remote future. Meantime, the US Administration is being advised to hold North Korea accountable for any bad behavior (TheHill).
Baba Yaga, cannibalistic malware.
Researchers at Defiant are tracking "Baba Yaga" malware, which generates spam links and redirections. It's also cannibalistic like its namesake: it removes competing malware from the devices it infects, effectively maintaining the WordPress sites it infects. The goal of BabaYaga is generating spam content. Defiant studied one particular campaign that had a commonly used theme and set of targets: essay writing services. The spam content BabaYaga generates is keyword heavy. Defiant calls it "meaningless word salad, designed to attract search engine traffic based on those keywords." The crooks get paid through affiliate marketing. They redirect site visitors to other sites selling things better left unpurchased (WordFence).
Dixons Carphone breached.
Dixons Carphone, the large British electronics retailer, has sustained a big data breach that it disclosed early this week. Data for almost 6 million customer's paycards were exposed in the incident. Dixons says the effect of the loss was limited (most of the cards were chip-and-pin, and the information loss was partial, not enough to be of much immediate use to criminals). Dixons says it notified the card companies promptly, and they've seen no evidence of fraud emerging from the breach so far. It's too early, however, to say that the people whose data were affected are out of the woods: criminals can try to build on the limited information they do have to work up usable profiles of the victims. Dixons also said that 1.2 million records with non-financial personal data—names, email addresses, physical addresses, and the like—were also exposed. They've seen no fraud resulting from these, either, but the same principle applies here: such information can find cumulatively more damaging uses.
The company is referring to the incident as an "attempted" hack, but British authorities, including the National Crime Authority, the National Cyber Security Centre, the Financial Conduct Authority, and the Information Commissioner's Office, are investigating. The complexity of the investigation and the number of different agencies involved suggests its importance. Not only are national regulations increasingly prescriptive, but this is also the first major breach since GDPR came fully into effect late last month. Fines could be heavy. How this case is handled may shape expectations for future enforcement actions (Naked Security).
Wiper serves as misdirection for fraudulent SWIFT transfers.
SWIFT, the international, interbank financial transfer system, was used against Banco de Chile to steal about $10 million. The bank said the losses occurred during a May attack, when hackers successfully took the money via electronic transfer (Computing). The criminals used wiper malware to corrupt the master boot records of some 9000 systems. This aspect of the attack was apparently misdirection intended to distract IT staff while the hackers accomplished their main objective: SWIFT transfer fraud (Bleeping Computer).
World Cup host red carded.
People are waiting for the expected cyberattacks to hit the World Cup, now being played at various venues in Russia (Infosecurity Magazine). US authorities warn anyone traveling to see the matches that they can be expected to be targeted by foreign espionage services, especially if they connect their devices through local Wi-Fi (TheHill).
Ukrainian artists have been giving Russia red cards for its recent actions in the Near Abroad, Syria, and Salisbury (Radio Free Europe | Radio Liberty).
Cryptocurrency draws criminals.
Coinrail, a cryptocurrency exchange based in South Korea, disclosed SUnday that it had been the victim of a cyberattack. It lost initial coin offering (ICO) tokens for Pundi X, NPER, and Aston. There's some possibility that tokens for Dent and Tron were stolen, too. The exchange estimates that between $30 million and $40 million were taken; it's working to freeze the stolen assets (Bleeping Computer). The incident spooked investors: cryptocurrency valuations took a significant hit as speculators dumped their holdings (City A.M.). Bitcoin itself dropped, down Monday from its 2017 high-water mark of $19.000 to $6785 (TechCrunch). CoinDesk put its value yesterday at $6547. Last year's highs may have been the result of price manipulation (New York Times), although the evidence is ambiguous (Bloomberg). And, of course, some see the fall-off in value as the dump side of pump-and-dump (CoinTelegraph).
Speculators did treat as good news a statement by senior members of the Securities and Exchange Commission that Ether and Bitcoin really weren't sufficiently like securities to be regulated in the same fashion. The cryptocurrencies will presumably receive less intense scrutiny from regulators (WIRED).
Artificial influencers.
The world needs more dank memes, right? Or so one might conclude from some work at Stanford, where an artificial intelligence was trained to produce them (TechCrunch). The researchers think their AI has trouble capturing humor (Arxiv) but actually the production doesn't look significantly less funny than what human jokesters come up with, so people who spend their time on Boromir memes may find themselves outside looking in, just the way fast food cashiers will soon be edged out by ordering kiosks. The AI is biased toward offensive, insulting stuff, too: a chip off the old block, eh?
US Treasury Department sanctions Russian companies and individuals.
The US Treasury Department Monday announced sanctions against five Russian organizations and three individuals it designated as being in violation of Executive Order 13694, which authorizes measures against entities engaging in "significant malicious cyber-enabled activities" (Fifth Domain). Here's the Treasury Department's brief summary of what the sanctioned entities have been up to:
"Examples of Russia’s malign and destabilizing cyber activities include the destructive NotPetya cyber-attack; cyber intrusions against the U.S. energy grid to potentially enable future offensive operations; and global compromises of network infrastructure devices, including routers and switches, also to potentially enable disruptive cyber-attacks. Today’s action also targets the Russian government’s underwater capabilities. Russia has been active in tracking undersea communication cables, which carry the bulk of the world’s telecommunications data" (US Department of the Treasury).
Treasury links the five organizations and three individuals to Russia's FSB. The sanctioned organizations include Digital Security, ERPScan (which Treasury says is controlled by Digital Security, a claim ERPScan denies), Embedi (also said to be under Digital Security's control), Kvant Scientific Research Institute (supervised by FSB, Treasury says), and Divetechnoservices (suspected of undersea cable tapping). The three named individuals, all sometime managers at Divetechnoservices, are Aleksandr Lvovich Tribun, Oleg Segeyevich Chirikov, and Vladimir Yakovlevich Kaganskiy (Bloomberg).
Digital Security, which Treasury holds to be the owner or controller of both ERPScan and Embedi, is singled out for providing technical support to the FSB, specifically, since 2015, technical support that "would increase Russia's offensive cyber capabilities."
ERPScan is a name that will be familiar to many, since they do business in at least thirty-five countries as a business application security provider. They have major offices in Palo Alto, Amsterdam, Prague, and Tel Aviv. The company said "It would be superfluous to say this, but of course, we have nothing to do with Russian Federal Security Service as well as other government agencies worldwide. We always tried to avoid any political issues and were outside of political events" (ERPScan). ERPScan's CEO, Alexander Polyakov, says the company is being sanctioned only because he was born in Russia (Motherboard).
Kvant is a research institute the Russian government placed under the supervision of the FSB in 2010. It provides material and technical support to that intelligence agency, and has recently served as the prime contractor on an FSB project.
Divetechnoservices has delivered various underwater equipment to the FSB since, Treasury says, 2007. Divetechnoservices also produced a submersible craft for that intelligence agency. They are suspected of having contributed to Russia's ability to tap undersea cables, a matter of concern not only to the US, but to the United Kingdom and other nations as well.
Other sanctions.
Other Chinese and Russian companies continue to face headwinds driven by security concerns in different national markets. Kaspersky was hit with a significant setback in Western Europe: the European Parliament this week voted overwhelmingly in favor of a ban on the company's security products from official networks (CSO). Kaspersky has responded by freezing its cooperation with Europol in criminal investigations (Dark Reading).
ZTE's recovery remains in doubt, and the company remains in very bad odor with the US Congress (Computing). Congress is also taking an unfriendly look at Huawei, for similar reasons. The Chinese view is to dismiss US security concerns about the company as veiled protectionism: Huawei's phones are affordable and well-made, and that's the only threat they pose (says they) (South China Morning Post).
Australia's government is very leery of Huawei (Business Insider), and, although Huawei says it's still very much in the bidding (Guardian), is considering excluding the company from any work related to the build-out of the national 5G system. The Chinese device-making giant is getting some industry love in the controversy from other companies who would be involved in the 5G build-out. They see Huawei as a plausible partner. If Huawei and ZTE were excluded, that would leave the field essentially to Ericsson and Nokia (AFR).
Justice IG reports.
Thursday afternoon the US Justice Department's Inspector General released the report on the FBI's investigations of "Various Actions by the Federal Bureau of Investigation and Department of Justice in Advance of the 2016 Election," that is, it's look at the FBI's inquiry into former Secretary of State Clinton's private server and her handling of sensitive and classified information. The report's 586 pages find more impropriety and insubordination than political bias (Politico). Five FBI Agents have been referred to the Bureau's internal discipline procedures.
Patching news.
Microsoft will end tech support for several products that have reached the end of their life (ZDNet). Redmond's Patch Tuesday also included mitigations for the speculative execution issue known as "Variant 4" of the Spectre family of vulnerabilities (SecurityWeek).
Not every vulnerability is patched as soon as it's discovered, of course. Microsoft has made a draft document available that explains how it decides what to patch, and when (Register).
Up your game, or you're out.
That's the US Department of Defense "philosophy", now, on contractor access to Defense networks. If their security isn't up to a recently somewhat more exacting snuff, they won't be allowed in. DoD officers this week called it a "cultural shift" and a "new philosophy" as opposed to a formal policy, but policy may well follow philosophy (Breaking Defense).
Industry notes.
Google's artificial intelligence principles have now been enunciated. We leave it as an exercise whether they're platitudinous in a good sense, like the Hippocratic Oath, or in the banal sense, or simply amount to the passing pieties of a corporate culture (Naked Security).
Industrial control systems security specialist Claroty has attracted a $60 million Series B round from a syndicate led by Temasek with participation by Rockwell Automation, Siemens, Schneider Electric, and other firms (Claroty). In addition to its investment, Siemens has also selected Claroty as a partner in advanced anomaly detection (Claroty).
Bluliv, known for its threat exchange community, intends to use the €4million it recently raised in a Series A round to expand into the UK market (Channel Eye).
Splunk will purchase devops incident management shop VictorOps for $120 million (Venture Beat).
Continuum has closed its acquisition of CARVIR, increasing the security offerings of its managed services solution (E2E).
Cyxtera has closed its acquisition of Immunity.
ZenMate is pursuing a £660,000 crowdfunding round through Crowdcube. ZenMate is a VPN provider owned by ZenGuard (Crowdfund Insider).
Software intelligence company CAST has acquired Antelink, a software composition analysis shop, with the intention of integrating the acquired company's technology into CAST's application portfolio analysis offering (GlobeNewsWire).
Zimperium has bought application security shop Mi3. The intention is to integrate Mi3’s Security RECON Platform into the Zimperium z3A application analysis solution (BusinessWire).
ViaSat makes further inroads into the military secure network market by acquiring Horsebridge Defence and Security, specialists in secure, deployable networks (C4ISR).
There were several bits of news about venture capital and business incubation to emerge this week. Lockheed Martin has significantly increased its venture fund, by about $100 million. It's not all cyber, of course, but there's enough cyber in it to make it interesting (IHS Jane's Defense Weekly).
Bitdefender announced its forming an incubator for cybersecurity start-ups in Romania (Romania Insider).
US Cyber Command has awarded the Maryland Innovation and Security Institute (MISI) a five-year Partnership Intermediary Agreement. The goal is to establish an ecosystem in Columbia, Maryland, that will marshal the talents and capabilities of small businesses, entrepreneurs, academia, traditional businesses and others. Work will be organized in a new facility, "DreamPort," intended to "foster collaboration and prototyping in highly configurable laboratories, co-working spaces, project rooms, and conference facilities." Partners in the venture include SINET, FBC, CyberPoint, the Johns Hopkins University, the University System of Maryland, and the George Washington University. CyberPoint's CEO and co-founder, Karl Gumtow, will serve as MISI's director (MISI).
Dreamit Ventures has opened a security vertical (TechCrunch). Bob Stasio, brought in to run Dreamit's cyber portfolio, told us that they're interested in finding promising pre-Series-A companies who have an actual offering that addresses real use cases. They work with their companies in a three-stage process. The first phase is an intensive boot camp for the start-ups. In the second phase the companies are introduced to major customers. Phase three is a roadshow in which they pitch to investors. Their key metric, Stasio says, is raising a funding round within six months. Dreamit will accept applications from companies wishing to participate up through July 1st. They expect to have their first cohort of start-ups on board by September 4th.
Ave atque vale (and semper fi, Marine).
One of the last of the Second World War's Navajo code talkers has died. Rest in peace, Samuel Tom Holiday, who left us Monday at the age of 94. We honor his memory (Japan Times).