Security in the News – Week of November 25

Information Security

Computerworld

Blackshades Malware Still being Sold

November 25

Symantec has seen an uptick in infections as well as command-and-control servers.

 

Malware: War Without End

November 26

May be facing a stalemate, or evolving a new cyber biosphere.

 

Neverquest Trojan Threatens Online Banking Users

November 26

Attackers could start to aggressively distribute malware, Kaspersky Lab researchers warn.

 

InfoSecurity

Symantec CEO Declares IP Theft Greater Threat Than Cyber War

November 26

Threat of intellectual property theft is more dangerous than cyber war, bringing the potential to have a big negative impact on global economic growth.

 

Krebs on Security

Spam-Friendly Registrar Dynamic Dolphin Shuttered

November 25

Revoked charter of Dynamic Dolphin, a registrar that has long been closely associated with spam and cybercrime.

 

Security Affairs

Report on Commodities Value in the Cyber Criminal Underground Market

November 25

Security experts explore online underground marketplace for stolen data.

 

Chinese Hackers Targeting US Cloud Service Providers

November 26

US, China Economic and Security Review Commission reports cloud computing represents a potential espionage threat.

 

State of Security

Hackers Hit European Bitcoin Payment Processor BIPS for $1 Million

November 26

European Bitcoin payment processor BIPS was victim of cyberattack resulting in theft of 1,295 Bitcoin, worth $1 million.

 

Anonymous Claims Responsibility for Microsoft Website Crashes

November 27

Anonymous behind intermittent downtime of Microsoft websites, including Hotmail.com, Microsoft.com, Live.com, Outlook.com and MSN.com, part of Operation Killingbay.

 

We Live Security

Twitter Ramps up Security for Users, Approach Should be New Normal

November 25

Twitter unveiled serious security upgrade to protect its users’ data from cyber-snooping.

 

Security and Crisis Management

all Africa.com

Central African Republic Powerless to Resolve Crisis, Security Council Told, As Regional Leader Urges Stronger Mandate for Support Mission

November 25

Central African Republic was failed State headed by a fragile transitional government, powerless to bring country out of crisis.

 

al-Arabiya News

Army on Alert after Benghazi Clashes

November 25

Libya’s army declared state of alert, ordered troops to report for duty after clashes with militant group in Benghazi led to the death of nine soldiers.

 

Channel NewsAsia

China Faces Threat of More Terror Attacks

November 25

China faces a serious terror threat, the foreign ministry said Monday after a fiery attack in Tiananmen Square and domestic media reports of nearly 200 “terrorist” incidents in Xinjiang last year.

 

English.news.cn

Cambodian Opposition Urged to Avoid Violence in Protest

November 26

Cambodian Tourism Minister urged main opposition party to avoid violence when it holds a mass rally next month in tourist destination, Siem Reap.

France 24

French Police Train Brazil For Olympic Crowd Control

November 25

French riot police, accustomed to managing daily public demonstrations, are training Brazilian counterparts in anticipation of widespread public protests at 2014 World Cup, 2016 Olympics.

Security in the News – Week of November 18

Information Security

Analysis Intelligence

Measuring the Media Impact of Hacktivists

November 19

Seeking anon-zero metric, consider amount of media coverage an organization receives to be a yardstick for success.

 

Computerworld

Adoption, Privacy Biggest Topics as NIST Cybersecurity Framework Nears Deadline

November 18

Feedback from cybersecurity specialists, attorneys, policymakers, government employees; offer guidance in applying and updating.

 

Why Network Security is Foundation for Cyber Strategy

November 19

As government orgs continue to deal with increasing cyber threats, those who protect digital assets have no silver bullet.

 

Hackers Exploit JBoss Vulnerability to Compromise Servers

November 19

Hackers exploit exposed JBoss management interfaces and invokers to install Web shells on servers.

 

Targeted Internet Misdirection on Rise

November 19

Traffic from financial firms, government agencies, VoIP providers quietly hijacked and rerouted through ISPs in Iceland.

 

Kaspersky Labs

All You Need to Know About APTs

November 18

APTs one of the most dangerous in computing world; unravel attack characteristics and way organizations, individuals can protect.

 

Krebs on Securtiy

vBulletin Breach Prompts Password Reset

November 18

Attackers broke in using a zero-day flaw now being sold online, vBulletin aware of attacks against current versions of product.

 

Don’t Like Spam? Complain About It

November 19

Underground service designed for spammers seeking to avoid anti-spam activists.

 

Security Affairs

Energy Industry Warned Over Threat of Cyberattacks

November 19

Energy industry continues to be privileged target for cyber-attacks of hacktivists, state-sponsored hackers and cybercriminals.

 

State of Security

Unsecured Public Networks Putting Travelers at Risk

November 18

Travelers are aware of risk, but not taking steps to protect personal data, systems when accessing public WiFi.

 

Threat Post

CryptoLocker Email Attachments Sent to Tens of Millions in UK

November 18

UK online banking customers are targets of dangerous spam campaign enticing users to open attachment with ransomware.

 

EFF Scorecard Shows Crypto Leaders and Laggards

November 20

Article examines encryption capabilities of 18 leading Internet companies.

 

TrendMicro

Spike in Health-Themed Spam Marks September-October Spam Threats

November 19

In the past few weeks, we’ve seen drastic and noteworthy increases in the number of health-related spam in the wild.

 

We Live Security

Tens of Millions at Risk from Filecoder Due to Mass Email Spam Event Targeting Small Businesses

November 18

The malware is transmitted via emails that appear to come from banks, financial institutions, National Cyber Crime Unit warns.

 

Does Your Mouse Know it’s You?

November 20

Researchers claim patterns can “fingerprint” users – and lock out imposters.

 

Security and Crisis Management

Al Arabiya

Truck Bomb, Attacks Kill at Least 48 in Iraq

November 22

Truck bomb tore through outdoor market in NE Iraq, the deadliest of attacks.

 

Lebanon Army Defuses Car Bomb in Hezbollah Bastion

November 22

Lebanese army defused car bomb in Bekaa Valley, stronghold of Iranian-backed Hezbollah.

 

Rianovosti

Russian Neo-Nazis Jailed for Bombing Plot

November 22

Moscow court convicted white supremacists of planning to detonate bomb at antifascist concert.

 

Reuters

Guinea Clashes Kill One; Injure Nine after Journalist Targeted

November 18

One killed, nine others injured during clashes in Guinea’s capital after journalist critical of President targeted for assassination.

Security in the News – Week of November 11

Information Security

Computerworld

British Spies Reportedly Spoofed LinkedIn, Slashdot to Target Network Engineers

November 11

Key employees from telecommunication companies were redirected to pages that installed malware on computers.

 

Help Net Security

Cryptolocker Surge Directly Tied with Blackhole Downfall

November 11

Cryptolocker, most widespread, visible and deadly threats is directly tied to arrest of creator of Blackhole, Cool exploit kits.

 

Complexity of Android Malware is Increasing

November 11

259 new mobile threat families and variants of existing families were discovered by F-Secure Labs in third quarter of 2013.

 

GCHQ Hacks GRX Providers to Mount MitM Attacks on Smartphone Users

November 11

Government Communications Headquarters, UK equivalent of NSA, compromised Global Roaming Exchange providers.

 

Krebs on Security

Facebook Warns Users After Adobe Breach

November 11

Facebook is mining data leaked from recent breach at Adobe in an effort to help its users better secure their accounts.

 

Feds Charge Brothers in Cyberheists

November 14

Brothers charged with masterminding a series of cyberheists that siphoned millions of dollars from personal, commercial bank accounts at US banks and brokerages.

 

Network World

10 Mistakes Companies Make after Data Breach

November 13

Experian Data Breach Resolution outlines mistakes after a breach.

 

Research Shows Arms Dealer Used in Cyberespionage Attacks

November 14

Companies battling tireless cyberespionage campaigns may be against well-organized attackers fed steady stream of malware from talented developer of cyber-arms.

 

Security Affairs

Brazilian Banking Threatened by Malware Embedded Inside RTF File

November 11

Clients of Brazilian financial institutions hit by banking trojan embedded in RTF file, spread through spam campaign.

 

New Modular Malware Platform Sold Underground

November 14

Security researcher profiles new commercially modular malware platform recently released on the underground marketplace.

 

Security Dark Reading

Research Into BIOS Attacks Underscores Their Danger

November 14

Researcher attempts to track down digital ghost in network, whose presence is felt in strange anomalies, odd system behavior.

 

State of Security

Backdoors and Hardware Attacks

November 13

Capillary diffusion of technology has important consequence. Hardware has to be properly analyzed during acquisition and qualification phases of the supply chain.

 

The New York Times

Adobe Breach Inadvertently Tied to Other Accounts

November 12

Security breach at Adobe in which hackers gained access to tens of millions of encrypted passwords and email addresses.

 

TrendMicro

3Q Security Roundup: Invisible Web, One Million Mobile Malware

November 11

Third quarter of year shone spotlight on parts of hidden Internet that would have preferred to remain hidden.

 

We Live Security

More D-Link Routers are Vulnerable to Attacks

November 12

Vulnerabilities discovered in D-Link router, leaving device vulnerable to attacks via web interface, only weeks after discovery of a backdoor in other D-Link devices.

 

Massive War Game Batters London’s Banking System with Simulated Cyber Onslaught

November 12

War game scenario tested thousands of London’s investment banking staff against major cyber-attack on stock exchanges.

 

Big Banks Face High Risk Security Incidents Via Web Apps

November 14

Half of 50 biggest banks faced security incidents affecting web applications. 15 percent of incidents classified as high, critical risks.

 

Security and Crisis Management

BBC

French Priest Kidnapped in Cameroon

November 14

French priest kidnapped close to border with Nigeria.

 

Reuters

Three Killed in Clashes in Central African Republic’s Capital

November 13

Three killed, several wounded in Central African Republic’s capital Bangui in clashes between security forces, former rebel fighters.

 

The Washington Post

Attackers Throw Gasoline Bomb at Passenger Van in Nepal During Opposition Strike

November 13

Attackers hurled gasoline bomb at van in Nepal’s capital during opposition-called transport blockade.

Security in the News – Week of November 4

Information Security

Help Net Security

Most Users Don’t Trust App Developers with Data

November 5

1K employed consumers surveyed in the UK, only 4% named makers of mobile phone apps as entity they most trust with their personal data.

 

Most Visits to Login Page by Malicious Tools

November 6

Survey revealed 1K websites over a 90-day period recorded over 1.4 million unauthenticated access attempts and 20,376 authenticated logins.

 

Malware Peddlers Test New Infection Techniques

November 6

Ongoing malicious spam impersonating UPS has shown malware peddlers experimenting with different approaches for infecting hapless users.

 

Cybercrime Gangs Seek Victims in Untapped Markets

November 7

639 unique brands were targeted by phishing attacks, topping 614 seen in 4Q 2012.

 

Employees Stuck with Unauthorized File Sharing Services

November 7

81% employees access work documents on the go, in absence of enterprise-grade file sharing alternative.

 

Silk Road 2.0 Goes Online

November 7

Another Silk Road has been resurrected from the ashes of the old one, an infamous underground market.

 

Cybercriminals Opting for Real-Time Malware Campaigns and Phishing

November 7

3Q 2013 saw further use of real-time malware campaigns and a dramatic increase in phishing sites.

 

The Register

Off your Bikie Laws: Anonymous to Queensland Premier

November 4

Online threat, real-world d0x … makes a nice change from website defacing.

 

The State of Security

Data Breaches Correlate to Identity Theft and Fraud

November 4

If personal data is compromised, greater than 1 in 4 chance you will be victim of identity theft resulting in fraud within the year.

 

Server Security Survey Reveals Problems Detecting Advanced Attacks

November 5

Organizations having increasing difficulty detecting, mitigating advanced attacks aimed at network servers, relying on ineffective technologies.

 

Threat Post

US-CERT Warns CryptoLocker Infections on Rise

November 6

Devious evolution of now-familiar ransomware schemes in which malware encrypts files on a number of network resources and demands a ransom for decryption key.

 

We Live Security

Mysterious Malware Jumps Between Disconnected PCs

November 4

Mysterious, indestructible strain of malware can infect PCs, Macs and Linux machines, jump between machines with cables, Ethernet, WiFi and Bluetooth pulled out.

 

Adobe Breach Reveals Really Terrible Passwords Still Popular

November 5

Adobe’s security breach bare 38 million passwords to the world, 2 million are simple 123456.

 

Facts About Morris Worm, 25th Anniversary

November 6

Details on one of the most important pieces of malicious code in the history of malware.

Startup Rising

Another fantastic read involving Marc Andreessen:
Startup Rising – The Entrepreneurial Revolution Remaking the Middle East
Authored by Christopher M. Schroeder
Foreword by Marc Andreessen

A walk through of the Foreword reveals  brilliant insight to the potential entrepreneurial uprising of Middle East.

I sure hope Schroeder is right.  In many ways he clearly is.  That software has taken over and changed many aspects of the global economy in less than a decade is now clear.   Companies that are descriptively software enterprises – Google, Facebook (on whose board I serve), Twitter, Airbnb, Pintrest, and many others – have opened up human connections, access to knowledge, and new business models unforeseen before they existed.  Software-powered startups have disrupted almost every traditional consumer-facing experience from books to music to travel to video entertainment and gaming to shopping to telephony and beyond.

But, this is only part of the story.  Today almost every company is, in some form, a software company.  Look at the dashboard of your car and consider how today’s engines work.  Think about the sophistication that allows you to safely bank online.  Next time you buy a cup of coffee with a credit card, fill your car with gas, or shop at Wal-Mart, ask how remarkable innovation in software has allowed their logistics to scale.  In 2011, I wrote in the Wall Street Journal that “software is eating the world,” and software’s appetite has increased dramatically since then.  Traditional enterprises like Kodak and Borders that at best paid lip service to software innovation, at worst ignored it, and are in an existential crisis – not in some theoretical future, but right now.

Schroeder is also right in describing the three forces that are driving tech innovation from unexpected corners of the globe and that a new generation of entrepreneurs take for granted:
1. How technology offers an irreversible level of transparency, connectivity, and inexpensive access to capital and markets;
2. How over two decades of experience in navigating emerging market investment has made regional and global capital more comfortable with political risk and understanding local market distinctions;
3. That with rapidly increasing access to technology there are large, untapped markets of consumers and businesses seeking greater software solutions.

To his three I would add a fourth: after twenty years of hard work by many talented people, all the technology required to transform industries through software finally works and can be widely delivered at global scale.  And these are the earliest innings.  I believe within a decade there will be five billion people using smartphones worldwide – the equivalent computing capacity of a supercomputer and the full power of the internet on everyone’s person, all the time, everywhere.  Schroeder notes that experts tell him to expect 50 percent penetration across the Middle East in three to five years.  What this will yield in problem-solving and opportunity-building is limited only by one’s imagination.

Schroeder is provocative and likely right, that we in Silicon Valley risk being hyper-focused on ourselves and our own echo chambers.  There is no question that the network effect of talent – that world-class entrepreneurs, engineers, and design talent want to be with and are attracted by the best – has made Silicon Valley unique in the history of global innovation.  That we historically have through of emerging growth markets as either places to sell our products and services or relatively inexpensive outsourcing opportunities is limiting.  If everything I have written here is true, innovation will clearly come from surprising places when great talent has access to software.  Our answer has historically been to focus on such talents when we can bring them to Silicon Valley – which is why I have been an active supporter of the greater number of young entrepreneurs having access to the H-1B visa.  At the same time, we will need to think differently if talent progressively wants to stay home and innovate.

Whether the remarkably talented entrepreneurs in the Middle East can scale and build regionally and globally competitive software at scale is still, for me, however, the central question – certainly a billion-dollar question, and ultimately a trillion-dollar question.

The stories of great entrepreneurs and ideas Chris describes are inspiring and potentially game changing.  Middle Eastern entrepreneurs are spawning startups in education, crime prevention, traffic management, recycling, renewable energy, health, entertainment, education, and beyond, solving real challenges and finding new opportunities that can change societies.  And they may change the world.  Could, he asks, unique experiences in the region spawn globally adopted software in spaces like mobile, social networks, and solar energy?

Culture and ecosystem, however, mean everything, and these entrepreneurs face real headwinds.  There are  disappointingly few Middle Eastern governments and educational institutions seriously tackling the difficult decisions required to change downward trajectories in infrastructure at scale and speed.  In fact, with a recent increase in internet restrictions in the region, Schroeder rightly points out that governments are not only hindering communication and transparency, but the very platform of economic growth that I believe will drive any successful country in the coming decades.

He raises an intriguing idea that regional entrepreneurial ecosystems are being built anyway, bottom up, enabled by access to software.  There is a line that stands in my mind from one of the leading entrepreneurs in the region: there is no “wasta” – the system of favors and “Who do you know?” that has driven so much of life from getting into a good school to finding a good job – on the internet.  A similar sentiment was expressed by the new regional head of LinkedIn, who noted that platforms like theirs emphasize transparency connecting job seekers based on their real skills and performance.  Millions of people are using social networks, YouTube, and hundreds of startups in the region to take control of and improve their own lives.  Perhaps this new generation will build new models of economic success despite the daunting challenges caused by political and institutional neglect.

The demographics of the Middle East are most telling to me – and are a double-edged sword.  The vast numbers of young people coming into adulthood mean an unprecedented talent pool to create and innovate.  Traditional business models simply cannot absorb them, and entrepreneurship will have to be part of the answer.  If embraced by their societies, I’d rather have this challenge than countries now facing a decrease in youth.  Ignored, however, the ramifications could be more generationally catastrophic.  In many ways, emerging growth markets are making specific decisions about whether to embrace the new realities of the twenty-first century or hunker down in the missed opportunities often repeated in the twentieth.

I suppose if these entrepreneurs are not embraced at home, it’s good news for Silicon Valley people like me.  As Schroeder notes, there has never been a time in history where talent has been more mobile.  Our doors are always open to great entrepreneurs who want nothing more than to build what was not there before.

But a unique opportunity is at hand for any society that actively embraces it.  Startup Rising offers a remarkable narrative most of us don’t consider when thinking about the Middle East.  But it makes sense, and these courageous entrepreneurs and ecosystem builders are clearly on the right side of history.

Marc Andreessen
Palo Alto, California, 2013

Security in the News – Week of October 28

Information Security

Computerworld

ATM Malware May Spread from Mexico to English-Speaking World

October 28

Attacker can command an unidentified ATM brand to empty cash cassettes through keypad commands.

 

British Man Charged with Hacking NASA and US Military Computers

October 28

The man allegedly worked with others in Australia and Sweden to plant backdoors and steal confidential data.

 

Help Net Security

Traditional Security Models Becoming Exhausted

October 28

Gartner predicts traditional security models will be strained by 2020; 60 percent of enterprise IS budgets will be allocated for rapid detection and response approaches.

 

Buffer Hacked, Customer Accounts Misused to Send Out Spam

October 28

Buffer, popular online service for managing one’s social media presence by scheduling posts on Twitter, Facebook and LinkedIn, was hacked resulting in spam posts.

 

Characteristics of Effective Security Leaders

October 28

IBM study of security leaders reveals they are increasingly being called upon to address board-level security concerns; becoming more strategic voice within organization.

 

AmEx Users Targeted with Well-Crafted Phishing Scheme

October 29

Well-executed phishing campaign targeting AmEx users via fake “Fraud Alert: Irregular Card Activity” emails impersonating AmEx fraud department.

 

Big Data and Intelligence Driven Security

October 29

As we produce, consume an increasing amount of digital data, even casual user is becoming aware that the way we store and access this data will continue to shift and expand.

 

Photoshop Source Code Stolen, 38M Users Affected in Adobe Hack

October 29

The damage is larger than initially thought regarding the attack against Adobe’s networks earlier this month.

 

Counterfeit Money Detector Easily Hacked to Accept Fake Money

October 30

Simple electronic devices can be easily hacked, because security is at bottom of things to care about when creating them.

 

Network World

Five Styles of Advanced Threat Defense can Protect Enterprise from Targeted Attacks

October 31

To stop stealthy malware-based attacks, Gartner says use network traffic and payload analysis, forensics.

 

Threat Post

LinkedIn Defends Intro Security as Researcher Goes Phishing

October 28

LinkedIn new Intro app for iOS provides high-level transparency into how it handles communication between devices and its network.

 

We Live Security

Major Road Artery in Israel was Paralyzed by Cyberattack

October 28

Attackers used Trojan program to target security camera system in Carmel Tunnels toll road, shutting down road for hours, causing hundreds of thousands of dollars in damage.

 

Artificial Intelligence Firm Claims to Have Cracked CAPTCHAS

October 28

Company claims to have cracked CAPTCHAs, standard word tests used to tell humans and computers apart online.

 

President Obama’s Twitter and Facebook Accounts Hijacked by Hacktivist Group

October 29

President Twitter, Facebook accounts compromised this week, two Tweets and one post altered to send links to video montages of terrorist attacks.

 

Big Companies Still Fall for Social Engineering by Phone

October 31

Major companies are still handing out information to hackers using the most basic tool of all – the human voice.

 

Security and Crisis Management

Aljazeera

Four French Hostages are Freed

October 29

French hostages kidnapped by al Qaeda’s North African arm three years ago in Niger have been released.

 

BBC

Bomb Found at Stormont Castle in Belfast

October 29

Letter bomb addressed to Northern Ireland Secretary of State has been made safe by the Army at Stormont Castle in E. Belfast.

 

Reuters

Suicide Bombers Kill 11 military, Police in Iraq Dinner Attack-Police

October 30

Suicide bombers kill 11 military and police officers, wounded 19 by blowing themselves up outside a Sunni militia leader’s house in northern Baghdad as he was hosting dinner.

 

New York Times

Venezuela Seeks to Tame Wild West Motorcycle Chaos

October 31

Choking traffic, causing pileups and even ambushing drivers, Venezuela’s hordes of motorcyclists are increasingly high-profile problem for the new government.