Print Page | Contact Us | Sign In | Register
News & Press: EWF News

Congressional Cybersecurity Caucus News Round-up by Nick Leiserson

Monday, May 1, 2017   (0 Comments)
Posted by: Mary Wei
Share |

Congressional Cybersecurity Caucus News Round-up

Clips from around the globe, web and Hill

 

April 28, 2017

 

HILL

MGT is back

Russia has a risky strategy for recruiting hackers — but it's also highly effective

McCaul: Expect a Major IT Modernization Push after Cyber Executive Order

Expert details ‘centrality of information’ to China’s cyber ops, security strategy

Dem senator fears Russian election interference could be ‘normalized’

Picture this: Senate staffers’ ID cards have photo of smart chip, no security

House cyber chairman wants to bolster workforce

Congress pushes DOD on IT acquisition agility

Warner defends Russia investigation amid rising criticism

Poll: 73% Back Independent Probe of Russian Election Interference

 

ADMINISTRATION

The Government Wants a Thriving Cyber Insurance Market. Here’s How It’s Getting Started

In DoD first, Air Force launches bug bounty open to foreign hackers

Government’s Biggest Cyber Problem Will Be Contractors’ Big Opportunity, Report Says

Integration, automation improves FDA response to cyber incidents

Cyber official: Feds, companies need better dialogue on security of self-driving cars

FBI allays some critics with first use of new mass-hacking warrant

White House Cyber Czar to Play Role in Kushner Innovation Office

Official: 'Silver Lining' in Hacker, Foreign Nation Alliance

A Cyber Threat Sharing Group for Mariachi Bands? Maybe One Day.

Can a voluntary framework deter cyberattacks?

 

INDUSTRY

An Obscure App Flaw Creates Backdoors In Millions of Smartphones

Microsoft Turns Off Wi-Fi Sense After Risk Revealed

Hackers exploited Word flaw for months while Microsoft investigated

A Clever Plan to Secure the Internet of Things Could Still Have Big Drawbacks

Firewall Pioneer Stakes Position as Car-Hack Guardian

‘World’s Most Secure’ Email Service Is Easily Hackable

Verizon data breach study finds cyber espionage on the rise

Zero day exploits are rarer and more expensive than ever, researchers say

Chipotle investigating breach of payment system

GE Fixing Bug in Software After Warning About Power Grid Hacks

NSA backdoor detected on >55,000 Windows boxes can now be remotely removed

A Week Later, Hacked Spyware Vendors Haven't Warned Their 130,000 Customers

 

INTERNATIONAL

Eugene Kaspersky opens up about Russia, hacking and the frontlines of cyberwar

How a cyber attack transformed Estonia

Russian-controlled telecom hijacks financial services’ Internet traffic

China tried to hack group linked to controversial missile defense system, US cybersecurity firm says

Shadow Brokers Attack Tools Light Up Chinese and Russian Darknet

TalkTalk Hack: Two Men Plead Guilty

Chinese hackers shift focus to Asia after US accord

Israeli Official Says First Wave of Cyber Hack Was Thwarted

As Dubai Focuses on Future, Cybersecurity a Growing Concern

Security Firm: Cyberattacks Against Saudi Arabia Continue

NATO hub hails major international cyber defense exercise

Cyber Spies Attacked German Think-Tanks Ahead of National Elections

Russian Hackers Who Targeted Clinton Appear to Attack France’s Macron

Interpol identifies 9,000 computers in Asia owned by hackers, used to launch ransomware

Russia hacked Danish defense for two years, minister tells newspaper

Australia to work with China on cybersecurity

 

TECHNOLOGY

A vigilante is putting a huge amount of work into infecting IoT devices

BrickerBot, the permanent denial-of-service botnet, is back with a vengeance

 

 

HILL

 

MGT is back

FCW

April 28, 2017

The Modernizing Government Technology Act is back. The bill, which gives agency CIOs access to funds to move legacy IT operations to managed services, has been revised to handle objections from the Congressional Budget Office and from some appropriators who think it risks handing over the power of the purse to unelected bureaucrats. The bill has some high-profile support and could see action in the House in a matter of weeks. At the White House, Reed Cordish and Chris Liddell, assistants to President Donald Trump and members of the Office of American Innovation, issued a statement saying the bill was "important bipartisan work" that "will enable significant progress to be made towards creating a more effective, efficient and accountable government for all Americans." A version of the MGT Act passed in 2016, but it stalled in the Senate because of a $9 billion Congressional Budget Office score that supporters, including chief sponsor Rep. Will Hurd (R-Texas), thought was unwarranted. The new bill calls for $500 million to go to a central fund to be administered by the Technology Transfer Service at the General Services Administration: $250 million in fiscal year 2018 and $250 million in fiscal year 2019.

 

Russia has a risky strategy for recruiting hackers — but it's also highly effective

Business Insider

April 28, 2017

The US needs to change how it hires hackers and other tech talent if it wants to stay competitive in the cyber arena, former FBI special agent Clint Watts told the Senate Armed Services Committee during a Thursday hearing on "cyber-enabled information operations." Watts, now a senior fellow at George Washington University's Center for Cyber and Homeland Security, argued that Russia's ability to hack into US political organizations last year and launch a sustained disinformation campaign — which it now appears to be replicating ahead of the French and German elections — stemmed not from its "employment of sophisticated technology, but through the employment of top talent." Many experts say Russia has harnessed some of the best tech talent in the world because of its willingness to hire hackers who would likely be passed over in the US — either because they aren't "technologists" in the traditional sense or because their records would preclude them from obtaining security clearance.  "Actual humans, not artificial intelligence, achieved Russia’s recent success in information warfare," Watts said, referring to Moscow's election-related meddling. "Rather than developing cyber operatives internally, Russia leverages an asymmetric advantage by which they co-opt, compromise or coerce components of Russia’s cyber criminal underground," he added. "Others in Russia with access to sophisticated malware, hacking techniques or botnets are compelled to act on behalf of the Kremlin."

 

McCaul: Expect a Major IT Modernization Push after Cyber Executive Order

Nextgov

April 27, 2017

A long-delayed cybersecurity executive order due out from the Trump administration could be a launching pad for a major push to replace outdated government technology, the House Homeland Security Chairman said Thursday. That modernization drive will likely be led by a modernizing government technology bill, sponsored by committee member Rep. Will Hurd, R-Texas, which passed the House last Congress but stalled in the Senate, Rep. Michael McCaul, R-Texas, said at a cybersecurity event hosted by the wireless industry group CTIA. Hurd is expected to reintroduce that bill soon. “I don’t want to get ahead of the White House, but my sense is you’re going to see a modernization act,” McCaul said. “Within the federal network system, we have these legacy systems that are very antiquated,” he said, “which makes us more vulnerable to an attack like the [Office of Personnel Management] breach.” That 2015 breach, linked to the Chinese government, compromised sensitive security clearance information about more than 20 million current and former federal employees and their families. McCaul expects the cyber executive order to be released “in the near future,” he said.

 

Expert details ‘centrality of information’ to China’s cyber ops, security strategy

Fifth Domain Cyber

April 27, 2017

An expert on China provided members of Congress a broad overview Wednesday of current Chinese military and strategic thinking, including China’s People’s Liberation Army (PLA) focus on “informationization” (xinxihua) and “informationized warfare” (xinxihua zhanzheng). The expert also outlined the Chinese “integrated” view of cyber, network, electronic, space and kinetic warfare. Dean Cheng, senior research fellow at The Heritage Foundation’s Asian Studies Center, gave oral and detailed written testimony to the U.S. House Foreign Affairs Subcommittee on Asia and the Pacific. The hearing occurred on World Intellectual Property Day, with opening remarks from Subcommittee Chair Ted Yoho, R-Fla., noting China’s “systematic and widespread theft” of American intellectual property. The hearing’s oral testimony leaned toward trade and economic issues in what Yoho characterized as the “most consequential bilateral relationship in the world,” but discussion regularly reverted to China’s ongoing cyber espionage and its continued use of soft-power tactics to outmaneuver the U.S.

 

Dem senator fears Russian election interference could be ‘normalized’

The Hill

April 27, 2017

Sen. Jeanne Shaheen (D-N.H.) said Thursday that Russian meddling in U.S. elections could become “normalized” if the government does not further respond to Moscow’s interference in the 2016 presidential contest. Shaheen doubled down on her push for an independent investigation of Russia’s actions and more sanctions on Moscow in a speech at the Center for American Progress Action Fund on Thursday afternoon. “If Russia gets a pass on 2016, it could interfere in future U.S. elections not only at the presidential level but at the House and Senate level,” Shaheen said. The New Hampshire Democrat is part of a bipartisan group of senators who introduced legislation in January that would impose further sanctions on Russia. The intelligence community has concluded that the Russian government orchestrated the hacking and release of emails of high-level Democratic officials to damage Democrat Hillary Clinton and had developed a preference for Donald Trump as president. Shaheen warned Thursday that “partisan divisions” could prevent Congress from agreeing on a response to Russia’s interference.

 

Picture this: Senate staffers’ ID cards have photo of smart chip, no security

Ars Technica

April 26, 2017

When Congress held hearings following the breach of the systems of the Office of Personnel Management (OPM) in 2015, one of the issues that caused great consternation among lawmakers was that the OPM had failed to implement two-factor authentication for employees, particularly when using virtual private networks. Federal information security standards in place at the time called for strong user authentication for any federal information system, but the OPM hadn't figured out how to implement two-factor authentication principles—something users know (a password), plus something they have (which, in government, is typically a "smartcard" ID with digital authentication keys programmed onto a chip). The OPM wasn't alone. While the Department of Defense began issuing Common Access Cards in 2008 to be used for two-factor authentication on DOD systems and to control physical access to DOD facilities, most of the civilian agencies of the US federal government still hadn't implemented their own smartcard (Personal Identity Verification, or PIV) systems at the time of the OPM breach. But apparently Congress never took its own advice. A letter from Senator Ron Wyden (D-Ore.) to the Senate's Committee on Rules and Administration last week pointed out that while many executive branch employees now have PIV cards with chips embedded in them, Senate employees get ID cards with a picture of a chip on them.

 

House cyber chairman wants to bolster workforce

The Hill

April 26, 2017

Congressional lawmakers are waiting on the White House to chart a path forward on cybersecurity. Rep. John Ratcliffe (R-Texas), who heads the subcommittee with oversight of the Department of Homeland Security’s cybersecurity and infrastructure protection efforts, wants to prioritize bolstering the department’s cyber workforce and improving cyber information sharing with the private sector in the new Congress. But the subcommittee’s agenda will be subject to change depending on the Trump administration’s plans for cybersecurity, which have been largely up in the air since a planned executive order was tabled at the end of January, Ratcliffe said in an interview with The Hill in his Capitol Hill office on Tuesday. “We very much want to be a willing, supportive partner for what we hope is going to be a bold agenda with regard to cybersecurity by this administration,” Ratcliffe said. “Depending on what we see from them, some of those priorities could get shuffled or adjusted, magnified, or there could be additions to those.”

 

Congress pushes DOD on IT acquisition agility

FCW

April 26, 2017

Members of Congress and panelists alike hinted to a certain sense of deja vu at an April 26 hearing on creating a flexible and effective information technology management and acquisition system in the Department of Defense. "For years, Congress, the executive branch and industry have attempted to bring DOD's IT programs and processes into the 21st Century," said Rep. Jim Langevin (D-R.I.) at the House Armed Services Committee Emerging Threats and Capabilities Subcommittee hearing. "Despite attempts like the Joint Information Environment and streamlining of acquisition processes, DOD's pace to improve its IT posture is not progressing with the desired speed to achieve serious efficiencies, increase security, and take advantage of enhanced capabilities that are readily available," he said. Recently retired DOD CIO Terry Halvorsen stressed the need for the Pentagon to buy commercial off the shelf IT systems and services in all cases unless a compelling argument is made otherwise. He and Levine argued that DOD often spends more on customizing commercial products than it did on the original purchase, and that DOD needs to change its culture to accept commercial products. Halvorsen, who now works for Samsung, said that also means the Pentagon needs to stop doing its own security testing of commercially proven products.

 

Warner defends Russia investigation amid rising criticism

Politico

April 25, 2017

Sen. Mark Warner has a simple message for critics who say his Russia probe is in shambles: It just isn’t so. The top Democrat on the Senate Intelligence Committee said in an interview Tuesday that he always wants to move faster in investigating Russian interference in the 2016 election. But real progress is taking place, he said, including scrutiny of ties between Moscow and President Donald Trump’s aides. “People who think we’re not looking at that now have not received an update,” Warner told Politico. The Virginia Democrat rejected criticism over the fact that the panel has yet to issue subpoenas or interview high-profile witnesses like former Trump advisers Roger Stone, Carter Page and Michael Flynn. It would be “very irresponsible,” he said, to bring in those witnesses “before you have all your information.” Warner added that the panel has conducted 27 interviews with intelligence analysts involved in the U.S. determination that Russia sought to tilt the presidential election toward Trump. The committee is also hiring two more staffers for the investigation, bringing the total to nine. Warner’s remarks come as Democratic senators on the Intelligence Committee grow increasingly dissatisfied with the pace of the investigation, which is being led by Chairman Richard Burr (R-N.C.) and Warner.

 

Poll: 73% Back Independent Probe of Russian Election Interference

NBC

April 24, 2017

Nearly three-quarters of Americans say they want an independent, non-partisan commission instead of Congress to investigate Russia's involvement in the 2016 election, according to the latest NBC News/Wall Street Journal poll. Seventy-three percent of respondents prefer the independent investigation, versus 16 percent who pick Congress. Still, a majority of Americans — 54 percent — believe that Congress should investigate whether there was contact between the Russian government and the Trump campaign, which is essentially unchanged from February's NBC/WSJ poll. That includes 84 percent of Democrats and 51 percent of independents who want to see this congressional investigation, but just 21 percent of Republican respondents who want it. Yet a combined 61 percent of Americans say they have little to no confidence in Congress conducting a fair and impartial investigation into Russia's involvement in the 2016 election.

 

 

ADMINISTRATION

 

The Government Wants a Thriving Cyber Insurance Market. Here’s How It’s Getting Started

Nextgov

April 28, 2017

Can the insurance industry offer cybersecurity policies that will help companies stay afloat even when they’re targeted with devastating cyberattacks that result in massive property damage or loss of life? That’s the question a Department of Homeland Security working group was tasked with answering back in 2012. Their conclusion: The cyber insurance market isn’t mature enough to even begin answering that question. Around the end of 2013, however, insurance agencies told the working group something that could set them on the right path: a repository of heavily detailed data covering what cyber protections companies have in place, whether those protections stopped cyber breaches or mitigated their effects and how much money breached companies ended up shelling out through repairs, upgrades, lost business, legal fees, settlements and reputational damage. The Cyber Incident Data and Analysis Repository working group got started in 2014, gathering feedback from insurers and companies. Now it’s at work building a proof of concept loaded with phony but believable data to show to companies. If the group can convince those companies the repository is secure enough to hold their anonymized data, it hopes to get to work on the real thing, said project leader Matt Shabat, strategist and performance manager for the DHS Office of Cybersecurity and Communications.

 

In DoD first, Air Force launches bug bounty open to foreign hackers

Federal News Radio

April 26, 2017

The Air Force on Wednesday became the second U.S. military service to move toward a crowdsourced approach to hunting down security holes in its systems, saying it would invite white hat hackers to try to penetrate some of its public websites in a bug bounty competition beginning in May. Much like the Hack the Army competition that ran for a month beginning last November, the Air Force edition will ask registered hackers to target one particular subset of the service’s public-facing websites, though officials declined to identify the precise targets for the competition ahead of its official launch on May 30. In a first for the Defense Department however, the bounties will be open to residents of Canada, the U.K., Australia and New Zealand. The Army edition and a previous pilot program called “Hack the Pentagon” a year ago were only open to U.S. citizens. DoD and the Air Force made the decision to expand the potential hacker pool to international participants because they said it provided a much more realistic picture of the variety of real-world threats military IT systems face, but for now, they are wary of extending the invitation beyond the so-called “five eye” nations with which the U.S. has extremely close military and intelligence relationships.

 

Government’s Biggest Cyber Problem Will Be Contractors’ Big Opportunity, Report Says

Nextgov

April 26, 2017

The federal government’s biggest challenge in defending its civilian, military and intelligence networks from hackers isn’t technology, it’s people. And nearing the 100-day mark of the Trump presidency, the new administration’s cybersecurity policies may be hindering the government’s cyber posture rather than helping it, according to research from Virginia-based data and analytics firm Govini. The Govini report suggests the new administration’s focus on reducing the federal workforce exacerbates the federal government’s existing shortage of qualified cybersecurity talent. President Trump’s hiring freeze, which puzzled some cyber experts, has ended but top White House officials have said most agencies will see reductions in overall workforce sizes. “The biggest gap is human capital,” said Arun Sankaran, managing director at Govini, in an interview with Nextgov. “It’s interesting that you have a hiring freeze and a desire to reduce headcount, but I think the premium cyber talent [the government] wants won’t grow organically in government. You have to rely on contractors.” Even agencies with sought-after cyber positions like the National Security Agency struggle to fill openings.

 

Integration, automation improves FDA response to cyber incidents

Federal News Radio

April 25, 2017

Discussions of cybersecurity and automation generally focus on digital spaces: networks, end points, databases, clouds. But the Food and Drug Administration is also taking physical spaces into account with its systems management center, placing its watch desk and engineering components side by side to facilitate communication. “The SMC gives us real time capability to not only detect, but respond,” Todd Simpson, FDA chief information officer, said on Cybersecurity Automation month. He said that with the personnel aligned in this way, while the help desk begins the process of opening tickets and bringing all of the appropriate people into the loop, the engineers are already responding to the problem. And considering the FDA received about 1.66 billion attempts to penetrate its system in March alone, that kind of responsiveness is key to keeping up with, or even getting ahead of, the bad actors. The SMC is part of FDA’s implementation of a continuous diagnostics and mitigation (CDM) phase two.

 

Cyber official: Feds, companies need better dialogue on security of self-driving cars

The Hill

April 25, 2017

The federal government needs to engage with private companies developing self-driving cars to make sure they are safe from cyber threats, a fellow at the National Institute of Standards and Technology (NIST) said Tuesday. Ron Ross said the issue of the federal government’s responsibility to secure autonomous vehicle systems is the “most important question of the day” at a government forum hosted by software company Cloudera. “Where do we fall on this balance point between regulation and free market?” Ross said. “We’re kind of in no man’s land right now. We have no carrots and there are no sticks.” The NIST is a nonregulatory agency under the Department of Commerce that develops optional standards for cybersecurity and information technology. Ross said that the federal government needs to have a dialogue with the private sector on the cybersecurity of autonomous vehicles and possibly explore standards or regulations for the security of their technology. He gave the example of a Silicon Valley startup developing an artificial intelligence program to power an autonomous vehicle. “I want to make sure they used secure coding techniques on that program,” Ross said. The Department of Transportation previously rolled out guidelines for autonomous vehicles to meet federal safety standards last September.

 

FBI allays some critics with first use of new mass-hacking warrant

Ars Technica

April 24, 2017

Mass hacking seems to be all the rage currently. A vigilante hacker apparently slipped secure code into vulnerable cameras and other insecure networked objects in the "Internet of Things" so that bad guys can't corral those devices into an army of zombie computers, like what happened with the record-breaking Mirai denial-of-service botnet. The Homeland Security Department issued alerts with instructions for fending off similar “Brickerbot malware,” so-named because it bricks IoT devices. And perhaps most unusual, the FBI recently obtained a single warrant in Alaska to hack the computers of thousands of victims in a bid to free them from the global botnet, Kelihos. On April 5, Deborah M. Smith, chief magistrate judge of the US District Court in Alaska, greenlighted this first use of a controversial court order. Critics have since likened it to a license for mass hacking. The FBI sought the 30-day warrant to liberate victims through a new procedural rule change that took effect in December amid worries among privacy advocates that the update would open a new door for government abuse. But the first use of the amendments to Rule 41 of the Federal Rules of Criminal Procedure has assuaged fears, at least for the moment, because the feds used their power to kill a botnet.

 

White House Cyber Czar to Play Role in Kushner Innovation Office

Nextgov

April 24, 2017

President Donald Trump’s top cybersecurity advisor will be pitching in on a government modernization program led by the president’s son-in-law Jared Kushner to ensure security is built into any new government tools from the beginning, he said Monday. Kushner’s Office of American Innovation has numerous tasks including combating opioid addiction and improving services to veterans but the president put a premium on the office’s government modernization role in early comments. White House Cybersecurity Coordinator Rob Joyce’s role will be ensuring “that innovation and cybersecurity are intertwined,” he said, and that neither takes a backseat to the other. Joyce listed securing government networks and technology as one of three main cyber priorities for the Trump administration during a speech at Georgetown University’s International Conference on Cyber Engagement, his first formal address since taking office. The administration’s other two cyber priorities are securing critical infrastructure and promoting good behavior and rules of the road in international cyberspace, he said.

 

Official: 'Silver Lining' in Hacker, Foreign Nation Alliance

AP

April 24, 2017

Foreign governments that rely on the services of private criminal hackers leave their operations vulnerable to being exposed and disrupted, creating something of a "silver lining" for U.S. law enforcement investigations of cyberattacks, a top Justice Department official said Monday. Criminal hackers hired by nations are more likely to travel and expose themselves to the risk of being arrested and prosecuted, and may be less savvy about evading detection than a sworn intelligence officer, Adam Hickey, a deputy assistant attorney general in the Justice Department's national security division, said during a cybersecurity panel discussion at Georgetown University. "That matters because apprehending them ... can give us the human intelligence into state-sponsored hacking that can be very, very valuable and supplement the technical insight," Hickey said. The blended model of foreign government official and hired criminal hacker was illustrated in a punishing 2014 hack of Yahoo's network that affected hundreds of thousands of user accounts. The Justice Department last month charged two officers of the Russian Federal Security Service, or FSB, and two criminal hackers in connection with the massive breach.

 

A Cyber Threat Sharing Group for Mariachi Bands? Maybe One Day.

Nextgov

April 24, 2017

In a 2015 executive order, President Barack Obama laid out a vision for a plethora of organizations dotting the nation that would share cyber threat information along with guidance, tips and best practices. The big idea for these cybersecurity “information sharing and analysis organizations” was basically to replicate “information sharing and analysis centers” that already existed for critical infrastructure sectors such as financial services and electricity but sized and tailored for specific states or regions, business sectors, nonprofit and advocacy groups or even mariachi bands (more on that later). The February 2015 executive order also called for an ISAO standards organization that would promulgate voluntary guidance for these new bodies and “create deeper and broader networks of information sharing nationally.” Two years later, the ISAO Standards Organization at the University of Texas-San Antonio, which won a competition to host the organization in September of that year, has published a quartet of documents to help newly formed ISAOs get up and running and is working on or considering more than a dozen others. It’s also planning an international information sharing conference in Washington later this year. The organization’s goal is twofold, Executive Director Greg White told Nextgov: to provide guidance that can be used by any ISAO across the U.S. or even internationally and to help ISAOs tailor the information they share and the services they provide to the specific needs of their members.

 

Can a voluntary framework deter cyberattacks?

FCW

April 24, 2017

In the context of increasing cyberattacks and espionage internationally, cyber experts wonder if the current voluntary framework is enough in the way of deterrence. For cyber instances that fall short of acts of war by international law, the United Nations' Group of Governmental Experts (UN GGE) maintains a list of norms to establish an agreed-upon framework for behavioral standards. At the Georgetown Conference on Cyber Engagement on April 24, Christopher Painter, the coordinator for cyber issues at the State Department, said that getting countries to agree to international norms is helpful for framing "the basis of a deterrence strategy in cyberspace" between countries. He added, though, that "not all the eggs are in that basket." However, UN GGE Chair Karsten Geier noted that while greater attribution and international law would be desired by some experts, reaching international consensus is difficult, and may not be wise to rush into. Sorin Ducaru, the head of NATO's Emerging Security Challenges Division, said that "it's better not to design any threshold" that would trigger a "collective defense response… because then you would entice the adversary to always go beyond it." Painter called for further confidence-building measures, and said the U.S. "would certainly be willing" to support – and even expand – the GGE process or other similar consensus-based, expert-driven ones with clear mandates.

 

 

INDUSTRY

 

An Obscure App Flaw Creates Backdoors In Millions of Smartphones

Wired

April 28, 2017

For hackers, scanning for an open “port”—a responsive, potentially vulnerable internet connection on a would-be victim’s machine—has long been one of the most basic ways to gain a foothold in a target company or agency. As it turns out, thanks to a few popular but rarely studied apps, plenty of smartphones have open ports, too. And those little-considered connections can just as easily give hackers access to tens of millions of Android devices. A group of researchers from the University of Michigan identified hundreds of applications in Google Play that perform an unexpected trick: By essentially turning a phone into a server, they allow the owner to connect to that phone directly from their PC, just as they would to a web site or another internet service. But dozens of these apps leave open insecure ports on those smartphones. That could allow attackers to steal data, including contacts or photos, or even to install malware. “Android has inherited this open port functionality from traditional computers, and many applications use open ports in a way that poses vulnerabilities,” says Yunhan Jia, one of the Michigan researchers who reported their findings at the IEEE European Symposium on Security and Privacy. “If one of these vulnerable open port apps is installed, your phone can be fully taken control of by attackers.”

 

Microsoft Turns Off Wi-Fi Sense After Risk Revealed

Gov Info Security

April 28, 2017

Remember Microsoft's Wi-Fi Sense? The Windows 10 feature shared encrypted passwords to Wi-Fi networks with user's Skype and Outlook contacts. The idea was that friends could then easily connect to other networks without needing login details. But it raised privacy and security concerns. Microsoft killed the password-sharing feature last year, ostensibly because it was difficult to maintain and not many people were using it. That wasn't the end of Wi-Fi Sense, however, and it's still in Windows. Now, a security researcher has found that Wi-Fi Sense could potentially be a helpful partner in a wireless attack. Wi-Fi Sense sends information to Microsoft about Wi-Fi networks that are not password protected. When a Windows user comes into range of a series of open networks, say, at an airport, the computer will automatically connect to whichever one Microsoft has determined is the highest-quality access point. The automatic connection feature was interesting to George Chatzisofroniou, a security engineer at Census Labs in Greece. Chatzisofroniou suspected that Wi-Fi Sense might help with an attack that aims to get a computer to connect to a malicious access point.

 

Hackers exploited Word flaw for months while Microsoft investigated

Reuters

April 27, 2017

To understand why it is so difficult to defend computers from even moderately capable hackers, consider the case of the security flaw officially known as CVE-2017-0199. The bug was unusually dangerous but of a common genre: it was in Microsoft software, could allow a hacker to seize control of a personal computer with little trace, and was fixed April 11 in Microsoft's regular monthly security update. But it had traveled a rocky, nine-month journey from discovery to resolution, which cyber security experts say is an unusually long time. Google's security researchers, for example, give vendors just 90 days' warning before publishing flaws they find. Microsoft Corp declined to say how long it usually takes to patch a flaw. While Microsoft investigated, hackers found the flaw and manipulated the software to spy on unknown Russian speakers, possibly in Ukraine. And a group of thieves used it to bolster their efforts to steal from millions of online bank accounts in Australia and other countries. Those conclusions and other details emerged from interviews with researchers at cyber security firms who studied the events and analyzed versions of the attack code. Microsoft confirmed the sequence of events.

 

A Clever Plan to Secure the Internet of Things Could Still Have Big Drawbacks

Wired

April 27, 2017

The Internet of Things security crisis continues apace. New botnets crop up to conscript routers and security cameras, hackers exploit medical devices to compromise entire hospital networks, and smart toys still creep on kids. Internet infrastructure company Cloudflare, though, has spent the last 18 months working on a fix. Cloudflare’s traditional offerings range from content delivery to DDoS defense, but today it’s announcing a service called Orbit, which it conceives as a new layer of defense for IoT. It has the potential to make connected devices more secure than ever—but also raises a few questions in the process.

 

Firewall Pioneer Stakes Position as Car-Hack Guardian

Bloomberg

April 27, 2017

The Israeli cybersecurity company that pioneered corporate firewalls is making deeper inroads with the auto industry. Check Point Software Technologies Ltd., the world’s second-biggest provider of network security, is positioning itself to increase sales in the global car market as autonomous-driving technology and connected cars place greater security demands on vehicle manufacturers. Check Point will lead a working group including Argus Cyber Security Ltd. and Valens Semiconductor Ltd. to set security standards that can be designed into the electronic architecture of vehicles. If technology the working group is looking to secure is ultimately adopted by automakers and suppliers, it could position Check Point to extend its reach in the sector beyond the cloud-to-car communication it already helps protect.

 

‘World’s Most Secure’ Email Service Is Easily Hackable

Vice Motherboard

April 27, 2017

A service that claims to be the only way to do email in a secure way is actually riddled with flaws, opening it up to hackers, according to a researcher. It's fair to say that perhaps emails aren't the most secure way of communicating among ourselves these days. That's why a startup called Nomx is trying to change the way we do email with something that, according to its website, "ensures absolute security and privacy." "DID YOU KNOW THAT EVERY SINGLE MAJOR EMAIL PROVIDER HAS BEEN HACKED?" shouts the site, whose tagline is "everything else is insecure." As it turns out, Nomx ain't that secure either. Nomx sells a $199 device that essentially helps you set up your own email server in an attempt to keep your emails away from mail exchange (or MX)—hence the brand name—servers, which the company claims to be inherently "vulnerable." Security researcher Scott Helme took apart the device and tried to figure out how it really works. According to his detailed blog post, what he found is that the box is actually just a Raspberry Pi with outdated software on it, and several bugs. So many, in fact, that Helme wrote Nomx's "code is riddled with bad examples of how to do things."

 

Verizon data breach study finds cyber espionage on the rise

The Hill

April 27, 2017

Cyber espionage is the most common form of attack targeting manufacturing companies, the public sector and education organizations, Verizon found in its annual investigative report on data breaches released Thursday. The company's latest report analyzed nearly 2,000 breaches around the world, identifying more than 300 as espionage-related. Verizon's study also found a 50 percent increase in ransomware attacks over the previous year. More than half of the data breaches analyzed used malware, with ransomware becoming the fifth-most commonly used variety. The top three industries targeted by data breaches were financial services, healthcare and the public sector, representing 25 percent, 15 percent and 12 percent of the breaches reviewed, respectively, according to the report. The study also found that nearly 7 in 10 healthcare threat actors were inside the targeted organization.

 

Zero day exploits are rarer and more expensive than ever, researchers say

Cyber Scoop

April 26, 2017

It’s basic economics: When supply drops but demand keeps rising, price goes up. It’s no different for pieces of information that give cyberattackers big advantages. The number of zero day exploits revealed in the wild fell for a third straight year in 2016, pushing the prices for them skyward and driving attackers to use alternative tactics, according to new research from Symantec. The total number of zero days exploited — a “zero day” is a software vulnerability that hasn’t been disclosed to the vendor and thus hasn’t been patched — dropped to 3,986 in 2016, Symantec said. That number was as high as 4,985 in 2014. Meanwhile, demand for zero days is as high as it’s ever been. Zero days discovered by security researchers are purchased by a wide variety of parties including militaries, intelligence agencies, law enforcement, software vendors, cybercriminals and military contractors. Their intentions also vary widely: Some buyers want to fix and defend software, others want to mount offensive cyber-operations via vulnerabilities. No matter the motivation of the buyer, however, it’s an increasingly worthwhile transaction when you can make it. “If [attackers] find something exploitable, there is now more value,” Symanetc’s Kevin Haley said.

 

Chipotle investigating breach of payment system

The Hill

April 26, 2017

Mexican food giant Chipotle is investigating a breach of the network that supports its credit card payment processing. Chipotle notified customers on Tuesday that it had recently detected “unauthorized activity” on a system used to help process payments for purchases made inside its restaurants, though offered no details on specific locations that may have been affected. The company is now soliciting help from cybersecurity experts and law enforcement officials to investigate the breach and has taken precautions to secure the system, it said. “We immediately began an investigation with the help of leading cybersecurity firms, law enforcement, and our payment processor,” Chipotle said in a statement. “We believe actions we have taken have stopped the unauthorized activity, and we have implemented additional security enhancements.” The ongoing investigation is focused on card transactions that occurred between March 24 and April 18. The company provided little details on the investigation or its findings thus far.

 

GE Fixing Bug in Software After Warning About Power Grid Hacks

Reuters

April 26, 2017

General Electric Co said on Wednesday it is fixing a bug in software used to control the flow of electricity in a utility's power systems after researchers found that hackers could shut down parts of an electric grid. The vulnerability could enable attackers to gain remote control of GE protection relays, enabling them to "disconnect sectors of the power grid at will," according to an abstract posted late last week on the Black Hat security conference website. Protection relays are circuit breakers that utilities program to open and halt power transmission when dangerous conditions surface. Three New York University security experts are scheduled to discuss the issue at the Las Vegas Black Hat hacking conference in July. They could not be reached immediately for comment.

 

NSA backdoor detected on >55,000 Windows boxes can now be remotely removed

Ars Technica

April 25, 2017

After Microsoft officials dismissed evidence that more than 10,000 Windows machines on the Internet were infected by a highly advanced National Security Agency backdoor, private researchers are stepping in to fill the void. The latest example of this open source self-help came on Tuesday with the release of a tool that can remotely uninstall the DoublePulsar implant. On late Friday afternoon, Microsoft officials issued a one-sentence statement saying that they doubted the accuracy of multiple Internet-wide scans that found anywhere from 30,000 to slightly more than 100,000 infected machines. The statement didn't provide any factual basis for the doubt, and officials have yet to respond on the record to requests on Tuesday for an update. Over the weekend, Below0day released the results of a scan that detected 56,586 infected Windows boxes, an 85-percent jump in the 30,626 infections the security firm found three days earlier. Both numbers are in the conservative end of widely ranging results from scans independently carried out by other researchers over the past week. On Monday, Rendition Infosec published a blog post saying DoublePulsar infections were on the rise and that company researchers are confident the scan results accurately reflect real-world conditions.

 

A Week Later, Hacked Spyware Vendors Haven't Warned Their 130,000 Customers

Vice Motherboard

April 25, 2017

Tens of thousands of people are in the dark. Motherboard recently reported hackers had targeted two companies that sell spyware to the everyday consumer—Retina-X and FlexiSpy. Hackers made off with a mix of over 130,000 customer records, as well as company documents and even text messages and photos captured by Retina-X's malware. A week later, and affected customers say neither company has informed them about the data breaches, with one company allegedly telling staff to lie to victims who inquired about the hack. Ten FlexiSpy and Retina-X customers told Motherboard via email that they had not received any notifications about the hacks.

 

 

INTERNATIONAL

 

Eugene Kaspersky opens up about Russia, hacking and the frontlines of cyberwar

International Business Times

April 28, 2017

Eugene Kaspersky welcomes IBTimes UK to the exclusive 5-star hotel with a firm handshake. He is, as usual, just passing through, but his topic of conversation – the dark and murky work of cybercrime – has arguably never been more relevant. For 20 years, experts from Kaspersky Lab, the Moscow-based cybersecurity firm, have fought gallantly to combat malware, spyware and viruses, often state-sponsored. Kaspersky, the firm's founder and chief executive has been on the frontlines of this cyberwar the entire time. His firm helped detail the computer worm that came to be known as 'Stuxnet' – a state-sponsored creation used to destabilise Iran's nuclear ambitions. Two years ago, it exposed The Equation Group, a hacking team allegedly linked to the National Security Agency (NSA). Kaspersky, as a result, is no longer surprised by developments in the cybersecurity industry that may appear shocking to those on the outside looking in. Only one scenario ruffles his otherwise calm demeanour: the danger posed by critical infrastructure hacking. In 2015, Ukraine suffered a major blackout. Upon investigation, Kaspersky's Global Research and Analysis Team (GReAT) linked the attack to a strain of malware known as BlackEnergy. Kaspersky has been warning about the dangers of such attacks ever since. "Cybersecurity issues, they are with consumers, businesses, governments, government services, internet of things and industry, so now we are everywhere," Kaspersky said about his organisation, which now boasts roughly 400 million users across the globe.

 

How a cyber attack transformed Estonia

BBC

April 27, 2017

Cyber-attacks, information warfare, fake news - exactly 10 years ago Estonia was one of the first countries to come under attack from this modern form of hybrid warfare. It is an event that still shapes the country today. Head bowed, one fist clenched and wearing a World War Two Red Army uniform, the Bronze Soldier stands solemnly in a quiet corner of a cemetery on the edge of the Estonian capital Tallinn. Flowers have been laid recently at his feet. It is a peaceful and dignified scene. But in April 2007 a row over this statue sparked the first known cyber-attack on an entire country. The attack showed how easily a hostile state can exploit potential tensions within another society. But it has also helped make Estonia a cyber security hotshot today.

 

Russian-controlled telecom hijacks financial services’ Internet traffic

Ars Technica

April 27, 2017

On Wednesday, large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services companies were briefly routed through a Russian government-controlled telecom under unexplained circumstances that renew lingering questions about the trust and reliability of some of the most sensitive Internet communications. Anomalies in the border gateway protocol—which routes large-scale amounts of traffic among Internet backbones, ISPs, and other large networks—are common and usually the result of human error. While it's possible Wednesday's five- to seven-minute hijack of 36 large network blocks may also have been inadvertent, the high concentration of technology and financial services companies affected made the incident "curious" to engineers at network monitoring service BGPmon. What's more, the way some of the affected networks were redirected indicated their underlying prefixes had been manually inserted into BGP tables, most likely by someone at Rostelecom, the Russian government-controlled telecom that improperly announced ownership of the blocks.

 

China tried to hack group linked to controversial missile defense system, US cybersecurity firm says

CNN

April 27, 2017

A cybersecurity firm in the United States believes state-sponsored Chinese hackers were trying to infiltrate an organization with connections to a US-built missile system in South Korea that Beijing firmly opposes. "China uses cyber espionage pretty regularly when Chinese interests are at stake to better understand facts on the ground," John Hultquist, the director of cyber espionage analysis at FireEye, told CNN's News Stream. "We have evidence that they targeted at least one party that has been associated with the missile placements." A spokesperson with South Korea's Ministry of Foreign Affairs told CNN there was an attempted cyber attack last month on their systems originating from China, but would not comment when asked if THAAD was targeted.

The official said "prompt defensive measures" blocked the hackers. China's Ministry of Foreign Affairs told CNN the Chinese government opposes any form of cyber attack, and fights against all form of hacker activity.

 

Shadow Brokers Attack Tools Light Up Chinese and Russian Darknet

Infosecurity Magazine

April 27, 2017

Russian and Chinese “cyber-communities” have been actively researching and sharing information on the recent Shadow Brokers leak of alleged NSA attack tools, suggesting cyber-criminals and state hackers could be looking to capitalize on unpatched systems around the world, according to new data. Recorded Future has been monitoring the darknet for mention of specific keywords associated with the new trove, which came to light a fortnight ago. It features codenames such as EternalBlue; EmeraldThread and EternalChampion, referring to exploits developed mainly to target Microsoft systems. Although Redmond claimed in a speedy response that none of the tools work against supported products, there’s still danger for organizations running either unsupported systems like XP or those who aren’t up-to-date with their patches. That danger was highlighted by intelligence from Recorded Future this week which revealed a lot of chatter in Russian and Chinese forums about the data dump. Several tools have already been reverse engineered, with exploit framework FuzzBunch, SMB malware EternalBlue and privilege escalation tool EternalRomance stoking particular interest, the firm claimed in a blog post.

 

TalkTalk Hack: Two Men Plead Guilty

Gov Info Security

April 27, 2017

Two men have pleaded guilty to hacking London-based telecommunications giant TalkTalk in October 2015. Matthew Hanley, 22, and Conner Douglas Allsopp, 20, both of Tamworth, England, have pleaded guilty to related offenses. Hanley pleaded guilty April 26 at London's Old Bailey courthouse to three offenses under the Computer Misuse Act, "including the hacking of the TalkTalk website, obtaining files that would enable the hacking of websites and supplying files to enable the hacking of websites to others," according to the Metropolitan Police Service in London. Hanley also pleaded guilty to supplying a spreadsheet - containing TalkTalk customer details - to someone else for the purpose of committing fraud. That someone else was Allsopp, who pleaded guilty on March 30 to supplying a computer file for the purpose of hacking, in violation of the Computer Misuse Act. Both men are due to be sentenced May 31 at the Old Bailey.

 

Chinese hackers shift focus to Asia after US accord

Financial Times

April 26, 2017

A Chinese hacker group known for targeting US defence and aerospace companies has shifted its focus to critical infrastructure across Asia following a US-China deal on electronic espionage, according to cyber security company FireEye. The group, known as the Conference Crew because of its use of email lures based on legitimate conferences, is targeting organisations that keep large amounts of data, as well as striking at telecommunications infrastructure in a number of countries on China’s periphery. Nations where attacks have been recorded include India, Indonesia, the Philippines and Vietnam, while organisations in Hong Kong and Macau have also been targeted, according to FireEye. In one case, hackers created a false email invitation to a cyber security summit in Jakarta in order to deceive their targets into downloading malicious software. The software the group deploys includes programmes that issue commands or gather information on a victim’s system.

 

Israeli Official Says First Wave of Cyber Hack Was Thwarted

Bloomberg

April 26, 2017

An extensive cyber attack that hit 120 Israeli organizations in recent days was aimed at collecting information, but the government thwarted it before any data was leaked, a senior government cyber official told Bloomberg News. “Four sectors were attacked -- government, health, academia, industry -- and when you look at all of them, the connecting thread is research and development,” said Rafi Franco, executive director of cyber regulation at the National Cyber Security Authority. Security breaches are becoming increasingly sophisticated, with Israel and the U.S. often targeted by some of the most advanced assaults, according to cyber experts. Israel is a global force in cyber security, drawing 15 percent of all capital the industry raised last year, according to Start-Up National Central, a group that promotes Israeli startups. The assailants impersonated legitimate organizations and sent what looked like authentic emails with attachments that contained the malware, said Franco. Only three of the targets opened the email, and they didn’t have access to important data, he added.

 

As Dubai Focuses on Future, Cybersecurity a Growing Concern

AP

April 26, 2017

As Dubai races toward a future of self-driving cars and drones filling up its high-rise-studded skyline, cybersecurity is becoming a growing concern in a region replete with examples of cyberattacks. The sheikhdom is hosting a cybersecurity conference this week and at it, a Dubai official involved in protecting the emirate from hacking and other electronic maliciousness offered a rare interview Wednesday describing its efforts. "It's relentless," said Amer Sharaf, the director of compliance at the Dubai Electronic Security Center. "You always have to be up and ahead of the game." The center, created by decree in 2014, has some 60 employees and hopes to hire another 30 this year, Sharaf said. It oversees government efforts to protect Dubai's government computer systems and infrastructure, as well as plan and respond to any threats or attacks.

 

Security Firm: Cyberattacks Against Saudi Arabia Continue

AP

April 26, 2017

Researchers at U.S. antivirus firm McAfee say the cyberattacks that have hit Saudi Arabia over the past few months are continuing, revealing new details about an unusually disruptive campaign. Speaking ahead of the blog post 's publication Wednesday, McAfee chief scientists Raj Samani said the latest intrusions were very similar, albeit even worse, to the malicious software that wrecked computers at Saudi Arabia's state-run oil company in 2012. "This campaign was a lot bigger," Samani said. "Way larger in terms of the amount of work that needed to be done." It's a striking claim. The 2012 intrusions against Saudi Aramco and Qatari natural gas company RasGas — data-wiping attacks that wrecked tens of thousands of computers — were among the most serious cyberattacks ever publicly revealed. At the time, the United States called it "the most destructive attack that the private sector has seen to date."

 

NATO hub hails major international cyber defense exercise

The Hill

April 26, 2017

A NATO hub focused on cyber defense is training network security experts from about two-dozen countries in how to defend the networks of a military air base in the event of severe cyberattacks. The 2017 “Locked Shields” exercise underway this week represents the largest international technical cyber defense exercise, according to the NATO Cooperative Cyber Defence Centre of Excellence, which has hosted the annual event since 2010. Locked Shields is a scenario-based exercise aimed at helping to train participating security experts in protecting national IT infrastructure. This year’s exercise scenario directs teams security experts to defend the networks of a fictional country’s military air base when its electric power grid, drones, military command and control systems and operational infrastructure fall under severe cyberattack. The exercise features about 800 participants from 25 different nations worldwide and also involves protecting several specialized IT systems, including a large-scale system that controls the power grid and a system used for military planning.

 

Cyber Spies Attacked German Think-Tanks Ahead of National Elections

Reuters

April 25, 2017

Two foundations tied to Germany’s ruling coalition parties were attacked by the same cyber spy group that targeted the campaign of French presidential favorite Emmanuel Macron, a leading cyber security expert said on Tuesday. The group, dubbed "Pawn Storm" by security firm Trend Micro, used email phishing tricks and attempted to install malware at think tanks tied to Chancellor Angela Merkel's Christian Democratic Union (CDU) party and coalition partner, the Social Democratic Party (SPD), Feike Hacquebord said. Hacquebord and other experts said the attacks, which took place in March and April, suggest Pawn Storm is seeking to influence the national elections in the two European Union powerhouses. "I am not sure whether those foundations are the actual target. It could be that they used it as a stepping stone to target, for example, the CDU or the SPD," Hacquebord said.

 

Russian Hackers Who Targeted Clinton Appear to Attack France’s Macron

The New York Times

April 24, 2017

The campaign of the French presidential candidate Emmanuel Macron has been targeted by what appear to be the same Russian operatives responsible for hacks of Democratic campaign officials before last year’s American presidential election, a cybersecurity firm warns in a new report. The report has heightened concerns that Russia may turn its playbook on France in an effort to harm Mr. Macron’s candidacy and bolster that of Mr. Macron’s rival, the National Front leader Marine Le Pen, in the final weeks of the French presidential campaign. Security researchers at the cybersecurity firm, Trend Micro, said that on March 15 they spotted a hacking group they believe to be a Russian intelligence unit turn its weapons on Mr. Macron’s campaign — sending emails to campaign officials and others with links to fake websites designed to bait them into turning over passwords.

 

Interpol identifies 9,000 computers in Asia owned by hackers, used to launch ransomware

Cyber Scoop

April 24, 2017

Nearly 9,000 computer servers based in southeast Asia are infected with or currently dispensing malware, according to a newly unveiled Interpol-led operation heavily supported by multiple private sector cybersecurity firms and domestic law enforcement agencies. Hundreds of compromised websites popularly used in Southeast Asia — including regional government portals — also were identified as under the control of hackers, Interpol announced Monday. The news underscores an increasingly international effort between national law enforcement agencies and the broader digital defense industry to collaborate on cybercrime fighting operations. An assistant attorney general for the Justice Department’s Criminal Division, Leslie Caldwell, said last year that the FBI would need to rely on foreign help to stop hackers in the future.

 

Russia hacked Danish defense for two years, minister tells newspaper

Reuters

April 24, 2017

Russia has hacked the Danish defense and gained access to employees' emails in 2015 and 2016, NATO member Denmark's defense minister told newspaper Berlingske on Sunday. The report comes at a time when several Western governments, including the United States, France and Britain, have accused Russia of resorting to hacking to influence elections -- allegations Moscow has repeatedly dismissed as baseless. A report from the Danish Defense Intelligence Service's unit for cyber security said "a foreign player" had spied against Danish authorities and gained access to non-classified documents. It did not name the country behind the espionage, but Foreign Minister Claus Hjort Frederiksen told Berlingske it was Russia. "It is linked to the intelligence services or central elements in the Russian government, and it is a constant battle to keep them away," Frederiksen told the newspaper. A spokeswoman from the Danish Defense Ministry confirmed that the minister had been quoted correctly but said he would give no further comments for the time being.

 

Australia to work with China on cybersecurity

ZDNet

April 24, 2017

The federal government has announced it has agreed to enhanced cybersecurity cooperation with China, following discussions between Prime Minister Malcolm Turnbull, Foreign Minister Julie Bishop, and Secretary of the Chinese Communist Party's Central Commission for Political and Legal Affairs Meng Jianzhu. During the discussions held last week in Sydney, Australia and China agreed that neither country would conduct or support cyber-enabled theft of intellectual property, trade secrets, or confidential business information with the intent of obtaining competitive advantage. Both countries also agreed to act in accordance with the reports of the United Nations Group of Governmental Experts on cyber, including the norms of responsible state behaviour in cyberspace identified by those reports, a statement from Turnbull said. In addition, the two countries agreed to establish a "mechanism" to discuss cybersecurity and cyber crime issues, in a bid to prevent cyber incidents that could create problems between Australia and China.

 

 

TECHNOLOGY

 

A vigilante is putting a huge amount of work into infecting IoT devices

Ars Technica

April 26, 2017

Last week, Ars introduced readers to Hajime, the vigilante botnet that infects IoT devices before blackhats can hijack them. A technical analysis published Wednesday reveals for the first time just how much technical acumen went into designing and building the renegade network, which just may be the Internet's most advanced IoT botnet. As previously reported, Hajime uses the same list of user name and password combinations used by Mirai, the IoT botnet that spawned several record-setting denial-of-service attacks last year. Once Hajime infects an Internet-connected camera, DVR, and other Internet-of-things device, the malware blocks access to four ports known to be the most widely used vectors for infecting IoT devices. It also displays a cryptographically signed message on infected device terminals that describes its creator as "just a white hat, securing some systems." But unlike the bare-bones functionality found in Mirai, Hajime is a full-featured package that gives the botnet reliability, stealth, and reliance that's largely unparalleled in the IoT landscape. Wednesday's technical analysis, which was written by Pascal Geenens, a researcher at security firm Radware, makes clear that the unknown person or people behind Hajime invested plenty of time and talent.

 

BrickerBot, the permanent denial-of-service botnet, is back with a vengeance

Ars Technica

April 24, 2017

BrickerBot, the botnet that permanently incapacitates poorly secured Internet of Things devices before they can be conscripted into Internet-crippling denial-of-service armies, is back with a new squadron of foot soldiers armed with a meaner arsenal of weapons. Pascal Geenens, the researcher who first documented what he calls the permanent denial-of-service botnet, has dubbed the fiercest new instance BrickerBot.3. It appeared out of nowhere on April 20, exactly one month after BrickerBot.1 first surfaced. Not only did BrickerBot.3 mount a much quicker number of attacks—with 1,295 attacks coming in just 15 hours—it used a modified attack script that added several commands designed to more completely shock and awe its targets. BrickerBot.1, by comparison, fired 1,895 volleys during the four days it was active, and the still-active BrickerBot.2 has spit out close to 12 attacks per day.

 

 

 

Nick Leiserson

Legislative Director

Office of Rep. James R. Langevin (RI-02)

(202) 225-2735

nick.leiserson@mail.house.gov