Visible to the public International News

SoS Newsletter- Advanced Book Block

International News

"Skeleton Key malware linked to backdoor Trojan: Symantec," Security Week, 30 January 2015. Symantec researchers have discovered that Skeleton Key, malware discovered earlier this month that targets Active Directory domain controllers may be connected to "Backdoor.Winnti," which has previously attacked Asian gaming companies. (ID# 14-70078) See

"Cybercriminals encrypt website databases in 'RansomWeb' attacks," Security Week, 29 January 2015. Known as "RansomWeb," these attacks are executed over a long period of time in order to avoid detection. The attackers compromise a company's web application, then manipulate server scripts in order to encrypt data before it's stored into the database. Once even backups are encrypted, with the attackers ensuring that the key is nearly impossible to obtain, company data is effectively held hostage until payment is made. (ID# 14-70079) See:

"What do China, FBI, and UK have in common? All three want backdoors in Western technology," The Register UK, 29 January 2015. The Chinese government is pressing for backdoors to be added to all imported technology, and they're not alone. Security experts see backdoors as a major vulnerability and condemn the notion as "unworkable." With China, the U.S. government, and the U.K. government all pushing for backdoor access to devices, the subsequent "international backdoor" would prove problematic. (ID# 14-70081) See:

"Regin super-malware has Five Eyes fingerprints all over it says Kaspersky," The Register UK, 28 January 2015. The malware "Regin," which evaded detection for up to six years, is often compared to Stuxnet and Duqu. Kaspersky analysts now say that Regin is the handiwork of a Five Eyes intelligence member nation (abbreviated FVEY, consisting of Australia, Canada, New Zealand, the U.K., and the U.S.). A discovered Regin plugin bears remarkable resemblance to source code produced by a Five Eyes nation. (ID# 14-70082) See:

"Estonia President wants China and Russia to help fight cyber crime", SC Mag.UK, 26 January 2015. At the "Fighting Shadows" convention in Switzerland, leaders from Kaspersky, Microsoft, and The United Nations met to discuss the appropriate response to cyber attacks, and the need for countries to stand united in an international coalition against cyber-crime. The failure of Russia and China, both countries notorious for cyber attacks, to sign the Budapest Convention is cited as an example that international anti-cyber-crime cooperation is not yet a reality. (ID# 14-70083) See:

"European govts. urge U.S. tech companies to remove terrorist-related postings from sites", Homeland Security News Wire, 22 January 2015. French and German authorities have requested aid from US tech firms in identifying and removing radical terrorist material from social media sites, such as hate speech and radical recruitment videos. Following the terrorist attacks in Paris, sites like Facebook and Twitter are being asked to cooperate in pre-emptive filtering. U.S. tech firms are calling this move ineffective. (ID# 14-70084) See:

"Skeleton Key Malware Analysis," Dell Secure Works, 12 January 2015. Dell SecureWorks Counter Threat Unit is reporting malware, dubbed Skeleton Key that bypasses authentication on Active Directory (AD) systems that implement single-factor authentication only. Attackers are able to gain access as any user by using a password of their choice, while the legitimate user can continue to authenticate as usual. Skeleton Key has since been deployed using stolen domain administrator credentials. (ID# 14-70085) See:

"The Centcom 'hack' that wasn't," The Washington Post, 12 January 2015. A hacker group calling itself "CyberCaliphate" claims to be responsible for the hijacking of several U.S. military Central Command social media channels. The group allegedly leaked "classified" military PowerPoints and data, which many observers have pointed out, are not classified at all. In fact, much of the "leaked" documents are publically available, and come from sources like MIT's Lincoln Library and Google. (ID# 14-70086) See:

"Surprise! North Korea's official news site delivers malware, too,", Ars technica, 12 January 2015. A security researcher recently discovered that North Korea's official news service, the Korean Central News Agency, also spreads malware. Disguised as a download entitled "," for the incredibly obsolete Flash Player 10, the executable file contains a familiar Windows malware dropper. (ID# 14-70087) See:

"WhatsApp and iMessage could be banned under new surveillance plans," The Independent UK, 12 January 2015. Prime Minister David Cameron, of the U.K., seeks to prohibit the use of communication that can circumvent security services, such as auto-encrypted Apple iMessafe and WhatsApp, following the recent Paris shootings. (ID# 14-70088) See:

"A cyberattack has caused confirmed physical damage for second time ever," Wired, 8 January 2015. In a case eerily mirroring Stuxnet, hackers have managed to cause the only second confirmed case of physical destruction of equipment by digital means. Hackers targeted an unnamed German steel mill, manipulating control systems to severely impede shut down of a blast furnace, effectively causing "massive" damage. The attackers executed a spear-fishing attack, and utilized the downloaded malware to gain access to one system. (ID# 14-70089) See:

"Fingerprint theft just a shutter click away." Tech News World, 7 January 2015. Biometrics used for authentication purposes is seen as a multiple factor. Initially seen as a more secure way to protect personal data, biometrics should be used as part of two-factor authentication, at the very least. German hackers known as the Chaos Computer Club have demonstrated a way to lift prints. Security consultant Catherine Pearce reminds users that at least compromised passwords can be easily changed, not so much with fingerprints. (ID# 14-70090) See:

"Pro-ISIS hackers target New Mexico newspapers and hit paywall." The Denver Post, 6 January 2015. An ISIS-sympathetic hacker group, under the moniker "CyberCaliphate", has hacked the Mountain View Telegraph, a newspaper from a small New Mexico town. "Infidels, New Year will make you suffer" reads the message, but in order to see more, readers must answer a Google questionnaire. (ID# 14-70091) See:

"U.S. firm finds malware targeting visitors to Afghan govt websites", Reuters, 21 December 2014. A newly discovered campaign, dubbed "Operation Poisoned Helmand," uses a watering-hole type attack to target users of trusted Afghan government websites. U.S. cybersecurity researchers say China, whose interests in Afghanistan have increased in light of U.S. and NATO decreased military presence, is the most likely threat actor. (ID# 14-70092) See:



Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.