The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

6 New Cyber Awareness Videos: “Simple Steps to Online Safety” - CSIAC

These six short cyber awareness videos feature simple steps you and your organization can take to be more secure online.

Read the Latest CSIAC Journal – Tools & Testing Techniques for Assured Software – DoD Software Assurance Community of Practice: Volume 2 - CSIAC

This is volume 2 of 2 special edition issues on Software Assurance. This edition explores different aspects of software assurance competencies that can be used to improve software assurance functions and how to develop/deploy assured software throughout the lifecycle acquisition process. Articles are contributed by software assurance practitioners from the DoD and civil government that are devoted to the advancement of secure development principles in U.S government critical systems.

Free CSIAC Webinar Tomorrow Nov 15 @ 12:00PM EST – Software Defined WAN (SD-WAN): Security Implications and Design Solutions - CSIAC

Software Defined WAN (SD-WAN) is transforming Wide Area Networks (WANs) by providing a highly available Secure WAN Transport combined with Direct Internet Access in the branches. With SD-WAN, Enterprises can mix WAN service offerings from multiple providers (MPLS, Internet, Carrier Ethernet, 3G/4G, ...) to optimize their bandwidth costs and dynamically balance applications across the various links. This session will discuss the security implications of this new architecture.

The DoD Cybersecurity Policy Chart – Updated January 2018 - CSIAC

The goal of the DoD Cybersecurity Policy Chart is to capture the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme. The use of color, fonts and hyperlinks are all designed to provide additional assistance to cybersecurity professionals navigating their way through policy issues in order to defend their networks, systems and data.

RECENT HEADLINES:

Cyber Crime:

The Devil Targets Japan with Bad Rabbit-like Wiper-Ransomware - Infosecurity

The name ONI, can mean "devil" in Japanese, and it also appears in the email address found in its ransom note. Attacks observed by Cybereason suggest that the malware lives up to its name. Aside from encrypting files on the infected machines, ONI can encrypt files on removable media and network drives - and there's evidence that the true purpose of the attack is to exfiltrate and destroy data.

Silence Gang Borrows From CARBANAK to Steal From Banks - Threatpost

A cybercrime outfit stealing from as many as 10 banks in Russia, Armenia and Malaysia has borrowed heavily from one of the kingpins in this realm, Carbanak, which is alleged to have stolen possibly as much as $1 billion worldwide from financial organizations. The new group has been called Silence by researchers at Kaspersky Lab who today published a report about the criminals' activities, which bare a sharp resemblance to Carbanak. But the relationship apparently ends at imitation.

FEEDBACK FROM PREVIOUS DIGEST:

Cyberwarfare:

Russia’s Election Hackers Use D.C. Cyber Warfare Conference as Bait - The Daily Beast

The Russian military hackers behind last year's election meddling are using an upcoming cyber warfare conference in Washington D.C. as a lure to infect a new crop of victims with malware, security researchers said Sunday, effectively turning a high-level gathering packed with NATO and U.S. military cyber defenders into an opportunity for more attacks.

Cybercom Establishes Strategic Concepts to Mitigate Cyber Threats to Natl Security - Executive Gov

The U.S. Cyber Command has developed an operational approach to defensive cyber operations and strategic concepts which aim to help address a number of cyber threats to national security.

RECENT HEADLINES:

Data Security:

Analysis of 3,200 Phishing Kits Sheds Light on Attacker Tools and Techniques - SecurityWeek

Phishing kits are used extensively by cybercriminals to increase the efficiency of stealing user credentials. The basic kit comprises an accurate clone of the target medium's login-in page (Gmail, Facebook, Office 365, targeted banks, etc), and a pre-written php script to steal the credentials -- both bundled and distributed as a zip file. Successfully phished credentials are mailed by the script to the phisher, or gathered in a text file for later collection. This is commodity phishing; not spear-phishing. A legitimate website, often a Wordpress site with old and vulnerable add-ons, is compromised. An orphaned page with no internal links is created, and the kit uploaded and unzipped. It is largely unknown to the site's administrator and invisible to external search engines; and is ready to use. The criminal merely has to send out his phishing emails pointing to the spoofed login on the compromised website.
Tags: Phishing

Russia Hackers Pursued Putin Foes, Not Just US Democrats - The Associated Press

The hackers who disrupted the U.S. presidential election last year had ambitions that stretched across the globe, targeting the emails of Ukrainian officers, Russian opposition figures, U.S. defense contractors and thousands of others of interest to the Kremlin, according to a previously unpublished digital hit list obtained by The Associated Press.
Tags: Information Warfare

Estonia Government Locks Down ID Smartcards: Refresh or Else - The Register

The Estonian government is suspending the use of the Baltic country's identity smartcards in response to a recently discovered and wide-ranging security flaw.

Kaspersky: NSA Staffer’s Laptop Was Infected with Malware - CNET

The Russian cybersecurity company releases details from its internal investigation into an NSA hack, which it's accused of being behind.

Blockchain and Digital Currency:

D-Link Middle East “DLink-MEA” Website is Secretly Mining Cryptocurrencies - Seekurity Blog

Bitcoin mining websites became the new fashion of 2017 and there is no dust on that but when it comes to compromise websites to host such fashion it becomes a headache (well to the consumers at least). Have you heard about KRACK the WPA2 vulnerability? If you did you probably was searching for your device/router vendor's patch, no? if you are using D-Link products and living in the middle east and while looking for KRACK's cure and the search results led you to D-LINKMEA.com website unfortunately you were mining Monero cryptocurrency!
Tags: Cryptocurrency

Hundreds of Millions in Digital Currency Remains Frozen - Threatpost

Between $150 million and $300 million in digital currency called ether remains inaccessible today after a user said he "accidentally" triggered a vulnerability that froze the funds in the popular Parity wallet.
Tags: Cryptocurrency

Insider Threat:

The Human Element: Insider Behavior Facilitates Cyber Attacks, Erodes Business Trust - Security Magazine

The mysterious foreign villains striking the largest companies and political organizations from the dark corners of the Internet tend to get the splashy headlines. However, the network openings that allow outside cyber-attackers to burrow in, infect databases, and potentially take down an organization's file servers overwhelmingly originate with trusted insiders.

Internet-of-Things:

IOT is Insecure, Get Over it! Say Researchers - Threat Post

Noted security experts Charlie Miller and Chris Valasek said the Internet of Things can't be secure, but it can be tamed. Drawing from their car hacking experience, the two spent the morning contemplating the larger universe of IoT security and conceded that there will always be thousands of connected devices that will never be secure, and that industry should prioritize personal safety and the security of automobiles and medical devices, for example, over toothbrushes and door locks.

Machine Learning and Artificial Intelligence:

An AI Detected Colorectal Cancer With 86 Percent Accuracy - Engadget

We've heard of many different uses for AI within the medical field, including for prediction of heart attacks and detection of Alzheimer's. Now, it looks as though machine intelligence could be applied to early detection of cancer as well. A group of Japanese researchers has figured out a way to use AI to spot colorectal cancer tumors before they become malignant, according to Inverse. The team compiled a database of over 30,000 images of pre-cancerous and cancerous cells in order to help the AI detect the difference between the two. After the machine learning process had taken place, they fed it an image of a colorectal polyp that had its magnification increased by a factor of 500. The program was able to determine within a second whether that specific polyp was cancerous.
Tags: Artificial Intelligence (AI)

Mobile Security:

ToastAmigo Malware Uses New Twist to Attack Toast Overlay Vulnerability - SCMagazine

A new malware has been uncovered that uses an updated methodology to abuse the previously patched Android Toast overlay vulnerability, which once installed, can download additional malware as well as use various permissions to access the phone. The malware is called ToastAmigo, detected by Trend Micro as ANDROIDOS_TOASTAMIGO, and is believed to represent the first observed weaponized use of vulnerability CVE-2017-0752 in Toast, Trend Micro mobile threat analyst Lorin Wu reported. This type of attack was shown as possible in a proof of concept earlier this year and Google issued a patch for the flaw in September. Trend Micro found two apps, disguised as app lockers and both named Smart AppLocker, that are being used to spread ToastAmigo. One of the apps has been downloaded more than 500,000 times (Wu did not say which) as of November 6. The full extent of the malware's capabilities are not known, but it is thought to have ad-clicking, app-installing, and self-protecting/persistence capabilities.
Tags: Mobile Security

Private Sector:

Cybersecurity Skills Crisis Causing Rapidly Widening Business Problem - Security Magazine

The Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG) revealed trending data finding that the cybersecurity skills shortage is worsening and becoming a rapidly widening business problem. The majority of survey respondents (70 percent) continue to believe that the cybersecurity skills shortage has had an impact on their organization - yet these same organizations (62 percent, up almost 10 percent from last year) are falling behind in providing an adequate level of training for their cybersecurity professionals. Further, the report confirms that the cybersecurity skills shortage is exacerbating the number of data breaches: Forty-five percent of organizations experienced at least one security event over the past two years, and 91 percent of survey respondents believe most organizations are vulnerable to a significant cyber-attack or data breach. The cybersecurity skills shortage represents the top two contributing factors to these security events, with the first being a lack of adequate training of non-technical employees (31 percent) and the second being a lack of adequate cybersecurity staff (22 percent). These are followed by business executive management making cybersecurity a low priority (20 percent).

Quantum Computing:

Corkscrew Light Beams Could Lead to Practical Quantum Computers - Engadget

Who said light only had to travel in boring waves or particles? Not Harvard. Its researchers have found a way to spin light into complex states that promise breakthroughs in multiple fields. They've built metasurfaces whose elaborate optics combine two kinds of light momentum (orbital angular and spin angular) to send light into corkscrews, spirals or even fork-like shapes. If you want to change the light state, you just need to change the polarization of that light. They're not just for show, of course. The research team envisions these complex light states being very helpful for quantum optics and data, which could help quantum computers become a practical reality. They could also lead to high-powered imaging where a hole in the center of a light vortex could be changed to refocus on a subject. And it could also lead to better free-space optical communication that can transmit through turbulent air and other conditions that scatter light. While it's very early days for this exotic light manipulation, it could prove instrumental to computing in the long run.
Tags: Quantum Computing

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.