Pages

Thursday, April 18, 2019

IRS and Private Partners Tout Success in Combating Identity Theft

MEANWHILE, OVER AT VODKAPUNDIT: Abolish the Income Tax, Abolish the IRS. “Everybody hates income taxes. Some people say there are too many loopholes, or too few incentives, or that they’re too high, or too low, or that the system is rigged against (insert your favorite group here), or biased in favor of (insert your least favorite group here) or that the IRS is abusive, or the IRS is too lenient, and — almost everybody agrees — the whole thing is corrupt and corrupting.”





Denmark has reported the local operations of Ernst & Young and KPMG to the police amid a widening crackdown on money laundering 




Protesters bring inflatable Trump chicken to IRS building to demand ...


The Hill‎ 

We're HERE at the IRS Building to demand Trump's tax returns! pic.twitter.com/L23w3Fucam ... Mark Meadows (N.C.) and Jim Jordan (Ohio), who have accused their Democratic ...



Officials discuss the challenges and opportunities of tax administration in a more globalized and technologically advanced world, addressing data analytics and service delivery.






Federal News Network

April 12, 2019

The Government Accountability Office is on track to achieve its optimal workforce capacity of 3,250 full-time employees this year, but it’s still having trouble keeping up with the quantity of lawmaker requests around new technologies and cybersecurity. Comptroller General of the United States and head of the GAO Gene Dodaro told the Senate Appropriations Legislative Branch subcommittee that those are two of GAO’s four major priorities for 2020, where it needs to increase capacity to meet rising demand. The agency requested a funding increase of $57.8 million more than it received in fiscal 2019, for a total of $647.6 million, in order to build these capacities. Dodaro reminded lawmakers that in 2018, actions on GAO recommendations saved the government $75.1 billion, a return on investment of more than $124 for every $1 GAO received in funding 



FCW

April 11, 2019

Navy Secretary Richard Spencer says adding a new assistant secretary for cybersecurity and tightening contractors' security practices are top priorities for 2020. Spencer told Congress April 10 that a new assistant secretary for cyber would help centralize the service's current efforts and build an implementable cybersecurity policy structure. "When it comes to a fifth assistant secretary [for cyber]," Spencer told the House Armed Services Committee, "that will be a compilation of what we have in the organization already at the secretariat level." Spencer didn't provide many details on how the new position would work but expressed concern over security gaps in the defense industrial base.




Gov Info Security


Over the last four years, the Government Accountability Office has made hundreds of recommendations to the Department of Health and Human Services for improving its operations that have not been implemented. In a March 28 letter and report sent to HHS, GAO notes that among dozens of unimplemented "high priority" recommendations are four on health information technology and cybersecurity. "The nation's critical infrastructure provides the essential services - including healthcare - that underpin American society. The infrastructure relies extensively on computerized systems and electronic data to support its missions," GAO writes. "However, serious cybersecurity threats to the infrastructure continue to grow and represent a significant national security challenge. Additionally, recent data breaches have highlighted the importance of ensuring the security of health information, including Medicare beneficiary data." Such critical data is created, stored, and used by a wide variety of entities, such as healthcare providers, insurance companies, financial institutions, researchers and others, GAO notes. 



Nextgov


A bipartisan bill introduced on Monday would require the Homeland Security Department to fund efforts by state and local governments to boost their cyber defenses. The Cyber Resiliency Act would create a federal grant program to support cybersecurity upgrades for governments that often lack the resources to fund their own endeavors. It would also mandate states that participate in the program work to improve recruitment and retention in their cyber workforce. “As cyberattacks increase in frequency and gravity, we must ensure that our nation—from our local governments on up—is adequately prepared to protect public safety and combat cyber threats,” said Sen. Mark Warner, D-Va., who cosponsored the bill with Sen. Cory Gardner, R-Colo. “Nearly 70 percent of states have reported that they lack adequate funding to develop sufficient cybersecurity. This bill will aim to mitigate that need by providing grants to state and local jurisdictions so that they are better prepared to take on these emerging challenges.” Reps. Derek Kilmer, D-Wash., and Michael McCaul, R-Texas, introduced companion legislation in the House. A similar bill was introduced during the last Congress but never made it out of committee.



Gov Info Security


The lack of a strong security culture at Equifax - especially compared to its two main competitors - was a key factor contributing to its 2017 data breach that exposed the personal records of 145 million Americans, according to a 71-page Congressional report. The newly released report from the U.S. Senate Permanent Subcommittee on Investigations concluded, much like an earlier the Government Accountability Office report, that Equifax failed to follow its own cybersecurity policies, including those spelling out how and when to patch critical software vulnerabilities. Company executives did not prioritize security, and many key decisions were left to lower-level IT employees, the new report concludes. "Based on this investigation, the subcommittee concludes that Equifax's response to the March 2017 cybersecurity vulnerability that facilitated the breach was inadequate and hampered by Equifax's neglect of cybersecurity," the report states. "Equifax's shortcomings are longstanding and reflect a broader culture of complacency toward cybersecurity preparedness." The report also notes that due to missing documents and internal chat logs, a full understanding of what happened could not be achieved.



ADMINISTRATION



CyberScoop

April 12, 2019

The Department of Homeland Security on Friday alerted the public to a vulnerability in multiple virtual private network applications that could give a hacker access to other apps running on a VPN connection. The flaw involves the insecure storage of cookies in memory or in log files, and affects enterprise VPN apps made by Cisco, F5 Networks, Palo Alto Networks, and Pulse Secure. Other vendors could be affected because the configuration issue is likely “generic” to other VPN apps, according to an advisory cited by DHS from Carnegie Mellon University’s CERT Coordination Center. “If an attacker has persistent access to a VPN user’s endpoint or exfiltrates the cookie using other methods, they can replay the session and bypass other authentication methods,” CERT CC said. “An attacker would then have access to the same applications that the user does through their VPN session.” While Palo Alto Networks had patched its VPN product, the other vendors had not, according to CERT CC. The added attention brought by the advisory could change that.



StateScoop

April 12, 2019

North Dakota Gov. Doug Burgum signed a bill Friday making his state’s Information Technology Department the first in the country to manage cybersecurity operations across all of the state’s public organizations, including local governments, schools, courts and the state legislature. The law’s enactment leaves ITD with the broadest cybersecurity mission of any state government IT division in the country. North Dakota’s shared network, called STAGEnet, hosts more than 250,000 users in approximately 400 public-sector organizations across the state. Burgum, a former software executive who sold his company to Microsoft in 2001 for $1.1 billion, said in a press release that the change will help the state protect the state’s network amid the “growing nature of cybersecurity threats.”



The New York Times


The WikiLeaks founder Julian Assange was arrested on Thursday in London to face a charge in the United States of conspiring to hack into a Pentagon computer network in 2010, bringing to an abrupt end a seven-year saga in which he had holed up in Ecuador’s embassy in Britain to avoid capture. The Ecuadorean government suspended the citizenship it had granted Mr. Assange and evicted him on Thursday, clearing the way for his arrest. His hosts had displayed growing impatience, listing grievances including recent WikiLeaks releases they said interfered with other states’ internal affairs and personal discourtesies, like the failure of Mr. Assange to clean the bathroom and look after his cat. A bedraggled and shackled Mr. Assange, 47, was dragged out of the embassy. At a court hearing, a judge swiftly found him guilty of jumping bail, and he was detained partly in connection with an American extradition warrant. Mr. Assange indicated that he would fight extradition, and legal experts said that process could take years. He is likely to argue that the case is politically motivated rather than driven by legitimate legal concerns.



Wired

April 11, 2019

This week kicked off a new, chaotic era at the Department of Homeland Security, where the only certainty seems to be the president’s obsession with immigration. As former Customs and Border Protection commissioner and prominent family-separation advocate Kevin McAleenan takes over as acting secretary, it’s fair to wonder what will happen to the rest of DHS’ many essential responsibilities. The shakeup began last week, when President Trump announced he was withdrawing his nominee to head Immigration and Customs Enforcement, Ronald Vitiello, saying, “We’re going in a tougher direction.” Then on Sunday he ousted former secretary Kirstjen Nielsen, after months of rumors that he was unhappy with her performance. Secret Service director Randolph Alles and DHS undersecretary Claire Grady are also out, and there may still be more to come. But DHS’ mandate goes far beyond immigration, to concerns like cybersecurity, counterterrorism, monitoring critical infrastructure, border privacy, and the development of science and technology in defense of the country. While Trump’s Homeland Security purge may not mean an immediate danger of those areas being neglected, former government officials worry about the long-term consequences of the hollowing out and restructuring of DHS.



FCW

April 11, 2019

The Air Force is rolling out seven new competitive career categories for officers that will include cyber, intelligence, and space as a way to boost promotion, training and talent retention, the service announced April 11. "There needs to be different paths for the development of our career fields," Lt. Gen. Brian Kelly, Air Force deputy chief of staff for manpower, personnel, and services, told reporters at a media roundtable event. "The things that we value and the things that we need to emphasize between career fields might not always be the same." The initiative, which has been underway for nearly two years, will allow officers to compete for promotion against others in their career field who have similar duties and skills, rather than across the entire Air Force. "We can't have a one-size-fits-all developmental path," Kelly said, "to reach our potential in all of these areas." The new categories include cybersecurity, space, intelligence and others yet to be named. They're expected to debut later this spring at the earliest, Kelly said.



Ars Technica

April 10, 2019

A joint intelligence bulletin (JIB) has been issued by the Department of Homeland Security and Federal Bureau of Investigation to state and local authorities regarding Russian hacking activities during the 2016 presidential election. While the bulletin contains no new technical information, it is the first official report to confirm that the Russian reconnaissance and hacking efforts in advance of the election went well beyond the 21 states confirmed in previous reports. As reported by the intelligence newsletter OODA Loop, the JIB stated that, while the FBI and DHS "previously observed suspicious or malicious cyber activity against government networks in 21 states that we assessed was a Russian campaign seeking vulnerabilities and access to election infrastructure," new information obtained by the agencies "indicates that Russian government cyber actors engaged in research on—as well as direct visits to—election websites and networks in the majority of US states." While not providing specific details, the bulletin continued, "The FBI and DHS assess that Russian government cyber actors probably conducted research and reconnaissance against all US states’ election networks leading up to the 2016 Presidential elections."



Nextgov


The Internal Revenue Service, which has struggled for years to get a handle on the criminal theft of taxpayer identity information, on Monday released encouraging numbers on results of its Security Summit partnership with states and industry. “At a time when many in the private sector continue to struggle with these issues, the tax community has made major progress working together to stop identity theft and refund fraud,” Internal Revenue Commissioner Chuck Rettig said. “In 2018, our partnership protected more taxpayers and more tax dollars from tax-related identity theft.” The partnership with state tax agencies and private-sector cyber-specialists, launched in 2015, created a Theft Tax Refund Fraud Information Sharing and Analysis Center that now consists of 65 groups, the IRS noted. It has been tackling a problem that threatens individuals, companies and tax preparers, at a time when the agency’s programs to thwart identity theft have appeared on the high-risk list of the Government Accountability Office.



Fifth Domain


U.S. Cyber Command focuses on deterring cyberthreats from impacting the homeland, but could hold less direct authority if an internal threat targets the critical infrastructure of a state. That’s why 40 states have representatives in an annual large-scale cyber exercise that kicked off late last week. Cyber Shield 19, which runs until April 20, brings together members of the National Guard, who answer to the governors of their respective states, and has them work with industry to improve incident response to cyber events. “The purpose is to develop and train internal defensive measures, incident response, coordinate train and assist activities,” Brig. Gen. Jeffrey Burkett, vice director of domestic operations for the National Guard Bureau, told reporters April 9 during a briefing at the Pentagon. “It’s a collective training event for us. It will enhance our war-fighting skills and that’s very important to us.”



The Minneapolis Star Tribune

April 9, 2019

A data breach last year at the state agency that oversees Minnesota’s health and welfare programs may have exposed the personal information of approximately 11,000 individuals. The state Department of Human Services (DHS) notified lawmakers Tuesday that an employee’s e-mail account was compromised as a result of a cyberattack on or about March 26, 2018. A hacker unlawfully logged into a state e-mail account of a DHS employee and used it to send two e-mails to one of the employee’s co-workers, asking that co-worker to pay an “invoice” by wiring money. The agency has no evidence that personal information contained in the hacked e-mail account was “viewed, downloaded or misused in any way,” Human Services Commissioner Tony Lourey said in a letter to legislative leaders on Tuesday. Even so, the hacker would have had the ability to obtain some of the account’s contents during the cyberattack, officials said.



INDUSTRY



NPR

April 12, 2019

Technology theft and other unfair business practices originating from China are costing the American economy more than $57 billion a year, White House officials believe, and they expect that figure to grow. Yet an investigation by NPR and the PBS television show Frontline into why three successive administrations failed to stop cyberhacking from China found an unlikely obstacle for the government — the victims themselves. In dozens of interviews with U.S. government and business representatives, officials involved in commerce with China said hacking and theft were an open secret for almost two decades, allowed to quietly continue because U.S. companies had too much money at stake to make waves. Wendy Cutler, who was a veteran negotiator at the Office of the U.S. Trade Representative, says it wasn't just that U.S. businesses were hesitant to come forward in specific cases. She says businesses didn't want the trade office to take "any strong action." "We are not as effective if we don't have the U.S. business community supporting us," she says. "Looking back on it, in retrospect, I think we probably should have been more active and more responsive. We kind of lost the big picture of what was really happening."



Reuters

April 12, 2019

Norsk Hydro, one of the world’s largest aluminum makers, will postpone its first-quarter earnings report by more than a month as it struggles to recover from a March cyber attack, the company said on Friday. Hydro now aims to publish its results on June 5, five weeks later than planned, as it tries to gain access to administrative systems for reporting, billing and invoicing that were blocked by hackers demanding a ransom. The company has maintained it will not pay to regain access to its computers and servers, preferring instead to repair data from backup systems. “The revised date is conditional upon the planned timeline for restoring operational and reporting systems,” Hydro said in a statement. “With 35,000 employees, operations in 40 countries on all continents and several thousand servers in the company, full recovery is a complex and time-consuming process,” Chief Information Officer Jo De Vliegher said. “We are well on our way, but it will take time before we are fully back to normal IT operations,” he added.



CyberScoop

April 12, 2019

A popular form of crowdsourcing might have a problem with the size of its crowd. Most of the high-value digital security vulnerabilities reported to bug-bounty programs are found by just a fraction of the freelance researchers who participate in those contests, recent reports show, suggesting that there are not enough skilled bounty hunters to handle the available work. The trend has big implications for an industry that has come to expect regular growth over the past half-decade. For the companies, it means their customers — corporations such as Fiat Chrysler, LinkedIn, Starbucks and others — are paying to hear about lots of low-severity bugs while more critical problems potentially remain undiscovered. The latest numbers come from the 2019 Hacker Report by HackerOne, one of the leading bug bounty platforms along with Bugcrowd and Synack.



ZDNet

April 11, 2019

Google announced today that Gmail has become the first major email provider to support two new security standards, namely MTA-STS and TLS Reporting. Both are extensions to the Simple Mail Transfer Protocol (SMTP), the protocol through which all emails are sent today. The purpose of MTA-STS and TLS Reporting is to help email providers establish cryptographically secure connections between each other, with the main goal of thwarting SMTP man-in-the-middle attacks. SMTP man-in-the-middle attacks are a major problem for today's email landscape, where rogue email server operators can intercept, read, and modify the contents of people's emails. The two new standards will prevent this by allowing legitimate email providers to create a secure channel for exchanging emails.



Ars Technica

April 10, 2019

Sixteen months ago, researchers reported an unsettling escalation in hacks targeting power plants, gas refineries, and other types of critical infrastructure. Attackers who may have been working on behalf of a nation caused an operational outage at a critical-infrastructure site after deliberately targeting a system that prevented health- and life-threatening accidents. There had been compromises of critical infrastructure sites before. What was unprecedented in this attack—and of considerable concern to some researchers and critical infrastructure operators—was the use of an advanced piece of malware that targeted the unidentified site’s safety processes. Such safety instrumented systems (SIS) are a combination of hardware and software that many critical infrastructure sites use to prevent unsafe conditions from arising. When gas fuel pressures or reactor temperatures rise to potentially unsafe thresholds, for instance, a SIS will automatically close valves or initiate cooling processes to prevent health- or life-threatening accidents. Now, researchers at FireEye—the same security firm that discovered Triton and its ties to Russia—say they have uncovered an additional intrusion that used the same malicious software framework against a different critical infrastructure site. As was the case in the first intrusion, the attackers focused most of their resources on the facility’s OT, or operational technology, which are systems for monitoring and managing physical processes and devices.



CyberScoop

April 10, 2019

It’s just like the old saying: When you can’t hire them, offer to pay their student loan debt. Microsoft, Mastercard and Workday announced this week they’ve teamed with 11 federal government agencies as part of a Cybersecurity Talent Initiative meant to fill hundreds of thousands of open cybersecurity jobs. Graduating college students can apply for a two-year placement in a security role at the FBI, CIA or another agency. At the end of that two years they’ll be eligible for a position at one of those three companies, which will pay up to $75,000 of their student loan debt as part of their deal. The Cybersecurity Talent Initiative appears to be unique in the way it offers student loan assistance, but it’s hardly the only corporate effort meant to enhance an enterprise’s security posture.



The Wall Street Journal

April 9, 2019

DTE Energy Co., PG&E Corp. and a municipal utility in Missouri broke rules designed to protect the nation’s electric system from cyber and physical attacks and were sanctioned by federal regulators, according to newly released documents and people knowledgeable about the cases. Penalty cases are not uncommon, but what is unusual is that the public is learning the operators’ identities. Most violators’ names are kept confidential in a system designed to encourage self-disclosure of infractions by the utilities.



Reuters

April 9, 2019

Yahoo has struck a revised $117.5 million settlement with millions of people whose email addresses and other personal information were stolen in the largest data breach in history. The proposed class-action settlement made public on Tuesday was designed to address criticisms of U.S. District Judge Lucy Koh in San Jose, California. She rejected an earlier version of the accord on Jan. 28, and her approval is still required. Koh said the original settlement was not "fundamentally fair, adequate and reasonable" because it had no overall dollar value and did not say how much victims might expect to recover. She also said the legal fees appeared to be too high. Yahoo, now part of New York-based Verizon Communications Inc, had been accused of being slow to disclose three data breaches affecting about 3 billion accounts from 2013 to 2016.



Bloomberg

April 9, 2019

It helped Mexico track down El Chapo, but it’s also been accused of assisting Saudi Arabia spy on dissidents. Now NSO Group, hackers-for-hire likened to a private intelligence service, has become a strain for two Wall Street banks that helped fund a buyout of the Israel-based company last month. After struggling to find buyers for a $500 million loan that they agreed to provide, Jefferies Financial Group Inc. and Credit Suisse Group AG had to come up with the cash themselves and are now unloading the debt at a steep discount, according to people with knowledge of the matter. The banks were left holding the loan after increased public scrutiny of NSO’s most high-profile product: a smartphone-hacking tool known as Pegasus that has helped make the company hundreds of millions of dollars from licensing it to foreign governments and intelligence agencies. In recent weeks, NSO has sought to rebut accusations that Pegasus has been used by countries to spy on dissidents, including from one Saudi citizen who claims the software allowed the kingdom to monitor his communications with murdered journalist Jamal Khashoggi.



CyberScoop

April 9, 2019

If hackers managed to exploit vulnerabilities in widely used Verizon Fios routers, they would have full control of a wireless home network and access to devices connected to them, researchers said Tuesday. The new vulnerabilities, uncovered by cybersecurity company Tenable, point to underlying security issues in Verizon Fios Quantum Gateway routers, which are given to new customers unless they opt out. In tinkering with his Fios router, Chris Lyne, a Tenable researcher, showed how an attacker could change security settings on the router or capture login requests sent through the device.



Ars Technica

April 9, 2019

Mirai, the “botnet” malware that was responsible for a string of massive distributed denial of service (DDoS) attacks in 2016—including one against the website of security reporter Brian Krebs—has gotten a number of recent updates. Now, developers using the widely distributed "open" source code of the original have added a raft of new devices to their potential bot armies by compiling the code for four more microprocessors commonly used in embedded systems. Researchers at Palo Alto Networks’ Unit 42 security research unit have published details of new samples of the Mirai botnet discovered in late February. The new versions of the botnet malware targeted Altera Nios II, OpenRISC, Tensilica Xtensa, and Xilinx MicroBlaze processors. These processors are used on a wide range of embedded systems, including routers, networked sensors, base band radios for cellular communications and digital signal processors.



Wired

April 9, 2019

In March 2017, the Android security team was feeling pleased with itself. The group had detected, analyzed, and neutralized a sophisticated botnet built on tainted apps that all worked together to power ad and SMS fraud. Dubbed Chamois, the malware family had already cropped up in 2016 and was being distributed both through Google Play and third-party app stores. So the Android team started aggressively flagging and helping to uninstall Chamois until they were sure it was dead. Eight months later, though, in November 2017, Chamois roared back into the Android ecosystem, more ferocious than before. By March 2018, a year after Google thought it had been vanquished, Chamois hit an all-time high, infecting 20.8 million devices. Now, a year after that zenith, the Android team has whittled that number back down to fewer than 2 million infections. And at the Kaspersky Security Analyst Summit in Singapore this week, Android security engineer Maddie Stone is presenting a full post-mortem on how Google fought back against Chamois—again—and how personal the rivalry became.



CyberScoop

April 9, 2019

At a time when corporations are planning to blanket the heavens with high-tech hardware, the space industry is responding with the creation of an information sharing and analysis center — a nonprofit organization that helps to track cyberthreats for member companies and related government agencies. The Space Information Sharing and Analysis Center (S-ISAC) will be housed in Colorado Springs, Colorado, within the National Cybersecurity Center, itself a nonprofit, nongovernmental organization created to improve awareness about securing cyberspace. S-ISAC has not released much public information about how it plans to coordinate the space industry around its mission, but a news release from its founding company — Kratos Defense and Security Solutions — says the ISAC was created in response to long-recognized “information sharing gaps within the cybersecurity and space community.”



INTERNATIONAL



AP

April 11, 2019

Spanish Prime Minister Pedro Sánchez on Tuesday called on all political forces in the country to back a new national cybersecurity fight against "attempts to hack democracy and undermine citizens' trust in the political system." Spain's April 28 general election is seen as a testing ground for new measures that the European Union is adopting to shield elections to the European Parliament a month later. The Europe-wide efforts include a "rapid alert system" linking specialized coordination units in all EU member states and require internet companies to share regular updates on their efforts to eradicate disinformation campaigns. Spain joined the Europe-wide initiative in early March, establishing a high-level unit to coordinate the fight against cyberattacks and fake news. The experts report directly to Sánchez, who on Tuesday equated disinformation to attacks on "the quality of democracy."



CyberScoop

April 10, 2019

Department of Homeland Security and FBI officials are warning industry about what they say are new Trojan malware variants that North Korean-government-backed hackers have deployed as part of their global operations. The variants employ proxy applications to mask communications between the malicious programs and their operators, DHS said in a report published Wednesday. When executed, the malware collects information on the victim machine’s operating system and its system time, and uses a public SSL certificate for secure communication with its operators, the report said. DHS has dubbed the new malware HOPLIGHT. “This is continuing our campaign to put pressure on the DPRK as well as helping network defenders understand some of the tools and the capabilities that they are using,” Jeanette Manfra, assistant director for cybersecurity at DHS’s Cybersecurity and Infrastructure Security Agency, told CyberScoop.



The Washington Post

April 9, 2019

he Czech Republic’s highest court says a former justice minister violated the rights of an alleged Russian hacker by allowing his extradition to the U.S. before a separate asylum case was finalized. Yevgeniy Nikulin is accused of hacking computers at LinkedIn, Dropbox and other American companies in 2012, compromising the personal information of millions of Americans. The Constitutional Court said Tuesday that then Justice Minister Robert Pelikan allowed Nikulin’s extradition before his asylum request went through the court system. Nikulin was later denied asylum. He was extradited to the U.S. in March 2018. Pelikan is no longer justice minister and won’t face any punishment.



Fifth Domain

April 8, 2019

NATO’s cybersecurity arm is set to launch a four-day exercise April 9 that simulates the response to hackers sowing chaos in a fictitious country conducting national elections. The scenario places the country of Berylia in a “deteriorating security situation” as people go to the polls, according to a NATO statement. Hostile actors launch coordinated attacks against the country’s civilian communications infrastructure, causing disruptions in water purification systems, the power grid, 4G public safety networks and other essential services. Civil unrest spreads as the attacks twist the public perception of election results. The drill, dubbed Locked Shields 2019, is billed as a “live-fire” event, which means all actions by six teams of competing network defenders will have immediate effects in the game-like environment.



CSO

April 8, 2019

An attacker claiming to be ISIS took control of the official email account of the Saudi Embassy in the Netherlands in August, 2014 and sent emails to more than a dozen embassies at The Hague demanding $50 million for ISIS, or they would blow up a major diplomatic reception, documents seen by CSO reveal. The attack compromised the Saudi embassy's non-classified computer network. They deployed a garden-variety rootkit on the workstation of the ambassador’s secretary and took over the embassy's official email account. No one was ever formally held accountable, despite an internal investigation. Given the low sophistication of the attack, experts tell CSO it's impossible to say whether the attacker really was part of an organized effort by ISIS, a random supporter, or a nation-state intelligence agency masquerading as ISIS for motives unknown.



TECHNOLOGY



Ars Technica

April 11, 2019

The next-generation Wi-Fi Protected Access protocol released 15 months ago was once hailed by key architects as resistant to most types of password-theft attacks that threatened its predecessors. On Wednesday, researchers disclosed several serious design flaws in WPA3 that shattered that myth and raised troubling new questions about the future of wireless security, particularly among low-cost Internet-of-things devices. While a big improvement over the earlier and notoriously weak Wired Equivalent Privacy and the WPA protocols, the current WPA2 version (in use since the mid 2000s) has suffered a crippling design flaw that has been known for more than a decade: the four-way handshake—a cryptographic process WPA2 uses to validate computers, phones, and tablets to an access point and vice versa—contains a hash of the network password. Anyone within range of a device connecting to the network can record this handshake. Short passwords or those that aren’t random are then trivial to crack in a matter of seconds. One of WPA3’s most promoted changes was its use of “Dragonfly,” a completely overhauled handshake that its architects once said was resistant to the types of password guessing attacks that threatened WPA2 users. A research paper titled Dragonblood: A Security Analysis of WPA3’s SAE Handshake disclosed several vulnerabilities in WPA3 that open users to many of the same attacks that threatened WPA2 users.



Wired

April 9, 2019

It's not every day that security researchers discover a new state-sponsored hacking group. Even rarer is the emergence of one whose spyware has 80 distinct components, capable of strange and unique cyberespionage tricks—and who's kept those tricks under wraps for more than five years. In a talk at the Kaspersky Security Analyst Summit in Singapore Wednesday, Kaspersky security researcher Alexey Shulmin revealed the security firm's discovery of a new spyware framework—an adaptable, modular piece of software with a range of plugins for distinct espionage tasks—that it's calling TajMahal. The TajMahal framework's 80 modules, Shulmin says, comprise not only the typical keylogging and screengrabbing features of spyware, but also never-before-seen and obscure tricks. It can intercept documents in a printer queue, and keep track of "files of interest," automatically stealing them if a USB drive is inserted into the infected machine. And that unique spyware toolkit, Kaspersky says, bears none of the fingerprints of any known nation-state hacker group.



CyberScoop

April 9, 2019

Flame, the nation-state-developed malware kit that targeted computers in Iran, went quiet after researchers exposed it in 2012. The attackers tried to hide their tracks by scrubbing servers used to talk to infected computers. Some thought they had seen the last of the potent malware platform. Flame’s disappearance “never sat right with us,” said Juan Andres Guerrero-Saade and Silas Cutler, researchers with Alphabet’s Chronicle. On Tuesday at the Kaspersky Security Analyst Summit in Singapore, they showed that Flame hadn’t died, it had just been reconfigured. Tracing early components of Flame, Guerrero-Saade and Cutler found a new version of it that was likely used between 2014 and 2016. Flame 2.0 is “clearly built” from the original source code, but it has new measures aimed at eluding researchers, they wrote in a paper. The discovery shows how good source code dies hard, and that tracking its evolution can be a very long game for researchers.



Wired

April 9, 2019

Over the past few years, scammers have increasingly siphoned cash off of digital payment networks, stealing hundreds of millions of dollars so far. Not only is the problem hard to contain; new findings show that it's evolving and maturing, with new types of ATM malware on the rise. Researchers at the Kaspersky Security Analyst Summit in Singapore are presenting findings on Wednesday about a new wave of payment system scams. Beyond so-called jackpotting attacks, which cause individual ATMs to spit out money, hackers are manipulating ATM networks and the digital authentication checks in the machines to cash out fraudulent transfers they initiate around the globe. Hackers have hit a variety of financial platforms—including Mexico's domestic money transfer system SPEI—in payment systems frauds in recent years. But the majority of the scams target the international payment network SWIFT, which transfers trillions of dollars per day. Numerous notorious digital bank heists, like a whopping $81 million stolen in Bangladesh in 2016 and $10 million stolen in Chile last year, have shown how vulnerable digital payment networks can be. But attackers are now using the same types of transaction manipulations in unexpected places, like ATM networks, to get around new defenses while still using the same types of strategies that have already raked in a steady stream of cash.