skip navigation

More signal. Less noise.

Daily briefing.

Expanding Internet access in Africa is carrying ISIS information operations along with it. Nigeria seems particularly affected, as ISIS connects with local extremists, especially Boko Haram.

Proofpoint looks at CryptXXX ransomware (discovered last week) warning that the malware is well-positioned to extort Bitcoin payments.

Chip-and-PIN cards are spreading in the US, and cyber criminals are making a last minute push to compromise legacy magnetic-strip swipe systems before they’re superseded. FireEye and its recently acquired iSight unit are tracking the familiar carding gang FIN6, which is more active than usual in attacking vulnerable point-of-sale systems and selling paycard data on black market carding sites.

ESET looks at another familiar threat—the Dorkbot worm, whose infrastructure was taken down last December. It’s crippled but not eliminated: ESET warns that Dorkbot continues to circulate. It’s being used in attacks on bank accounts and to lock systems (unlocking them requires payment of ransom).

Researchers at Arbor Networks caution East Asian users against an APT group employing the “Four Element Sword” of known vulnerabilities. The campaign is infecting victims with an array of remote access Trojans (RATs).

The spread of encryption, most recently in WhatsApp, suggests that technology may soon render the ongoing round of the Crypto Wars moot. (Legislation is still being considered in the US Congress.)

Australia announced its national cyber strategy yesterday. It features a strong commitment to applied cyber research, development of a domestic security industry, and, joining two of the other Five Eyes, an open avowal of offensive cyber capabilities.


Today's issue includes events affecting Australia, China, Iran, Iraq, Democratic Republic of Korea, Libya, Nigeria, Russia, Syria, United Kingdom, United States.

We'll continue our coverage of the SINET ITSEF conference from Mountain View, California, with a final wrap-up in tomorrow's issue.

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day.

SINET IT Security Entrepreneurs Forum (ITSEF) 2016 (Mountain View, California, USA, April 19 - 20, 2016) ITSEF introduces entrepreneurs to government, business and investment leaders for open collaboration on cybersecurity challenges. Register today.

Cyber Security Summit (Dallas, Texas, USA, May 3, 2016) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security. Register with promo code cyberwire50 for half off your admission (Regular price $250)

Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Experienced government officials, general counsels, and cybersecurity practitioners offer insight into governance, preparedness, and resilience. Register Today, CyberWire readers receive a $100 DISCOUNT using code WIRE16.

Dateline SINET ITSEF 2016

SINET IT Security Entrepreneurs Forum (ITSEF) 2016: "Bridging the Gap Between Silicon Valley and the Beltway" (SINET) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on addressing the Cybersecurity challenge

SINET ITSEF 2016: Government Support for Cyber Security Innovation (The CyberWire) We heard from Canada's Minister of Defense, Australia's Data61, and the US Department of Homeland Security

Cyber Attacks, Threats, and Vulnerabilities

Disrupt ISIS’ Online Campaign in Africa (Defense One) As Internet access expands in Africa, so does the Islamic State's network-facilitated extremism

America Can’t Do Much About ISIS (Defense One) That leaves patience, containment, and humanitarian aid as the least-bad policies while waiting for this awful war to play itself out

CryptXXX set to become the worst bitcoin-stealing ransomware yet (Brave New Coin) Bitcoin has a new and potentially considerable threat to its reputation, if California cybersecurity firm Proofpoint is correct. Last week, the company warned that a previously undocumented ransomware sample that they found, CryptXXX, would not only be encrypting files locally and on all mounted drives, “it’s stealing Bitcoins and a large range of other data”

Follow The Money: Dissecting the Operations of the Cyber Crime Group FIN6 (iSight Partners) Cybercrime operations can be intricate and elaborate, with careful planning needed to navigate the various obstacles separating an attacker from a payout

Cyber-Thieves Rush to Steal Data Before Chip Technology Sets In (Bloomberg Technology) Cyber-thieves see new credit card chip technology being adopted by U.S. retailers closing a lucrative window of opportunity to steal your data. So they want to move fast

How One Cybercrime Gang Is Ratcheting Up PoS Attacks (Dark Reading) With magnetic-stripe payment card transactions gradually starting to disappear in the US, cybercriminals have been on a tear with PoS attacks against retail and hospitality targets that haven't yet adopted EMV card payment, FireEye researchers say

Dorkbot: 5 years since detection (We Liive Security) In the half-decade that has lapsed since Dorkbot was first identified, millions of innocent victims, going about their everyday business, have been affected in over 190 countries

The Four Element Sword, Weaponized Document Builder Used in APT Attacks (Security Newspaper) Experts analyzed a dozen attacks that leveraged on malicious RTF documents created using the same Four Element Sword builder

Is Homeland Security's threat intelligence sharing mechanism putting PII and PHI at risk? (Government Health IT) Cyber attacks and data breaches clog the newsfeeds. And for good reason, when you consider the proliferation of threats

Treasury CIO: No data stolen through backdoor in govt networks (The Hill) The Treasury Department’s chief information officer came under fire on Wednesday over the government’s use of a vulnerable technology that some fear could have let foreign governments snoop on encrypted U.S. communications

The app you're using to find stoner buddies could be broadcasting your location to the cops (Tech Insider) HighThere, the "Tinder for Tokers," is a stoner app for finding smoking buddies

Vast majority of tested applications have at least one vulnerability: cyber security report (Canadian Underwriter) Cyber criminals are increasingly making use of malware-as-a-service, an issue of concern given that 97% of applications tested by Trustwave in 2015 had at least one vulnerability, note findings from the 2016 Trustwave Global Security Report

Q1 2016 Global DDoS Threat Landscape Report (Imperva Incapsula) Every DDoS attack mitigated is an invitation for the attacker to try harder. This is the reality of DDoS protection business and the common motive for many of the trends we are observing in the DDoS threat landscape today

Reviewing the Threat Landscape With IBM X-Force: Serious Data Breaches, Major Attacks and New Vulnerabilities (IBM Security Intelligence Blog) Year after year, IBM X-Force assesses and examines the goings-on in the world of cybersecurity and cyberthreats. A broad survey of our entire data set often yields interesting results that lead to the discovery of underlying trends. After all, you cannot find the needle in the haystack if you are looking in the wrong hay field

SC Congress Amsterdam: Cyber-warfare - "we are all involved in this" (SC Magazine) Although some would argue that cyber-war is still in its infancy, it is - according to our panel of experts at the SC Congress Amsterdam - well under way across the globe

U.S. cyber officials worry 'milware' will target infrastructure (Defense Systems) It’s no secret cyber threats are becoming more widespread and advanced. Just look no further than Ukraine’s power grid that was knocked out in a first-of-its-kind coordinated cyber attack

Bureau of Meteorology target of 2015 cyber attack, Prime Minister Malcolm Turnbull confirms (Australian Broadcasting Corporation) The Federal Government has confirmed for the first time the Bureau of Meteorology was the target of a cyber attack

Cyber Trends

700 Million People Just Got Encryption That Congress Can’t Touch (Wired) Last month, WhatsApp, the hugely popular messaging service that Facebook owns, made end-to-end encryption the default for its 1 billion users. On Tuesday, Viber said it will do the same for the 700 million people who use it

Encryption delivers quantum of solace (SC Magazine) Data creation and transmission is growing exponentially, with 2.8 zettabytes of data created in 2012, forecast to reach 40 zettabytes (ZB) by 2020 (IDC), and currently encryption offers the best option to secure all that data says Roi Perez

End-Point Devices Pose Challenges to Healthcare Cybersecurity (Health IT Security) A recent study found that healthcare cybersecurity, as well as other areas of cybersecurity, could be impacted by end-point devices

Cybersecurity Implications of IoT Innovation with the Healthcare Industry (Tenable) he Internet of Things has the potential to revolutionize the world, including healthcare. But doctors, hospitals and medical experts might want to pause before adopting this technology and evaluate the cybersecurity challenges

Retailers now leading cyber-attack target, eclipsing financial sector (Retail Dive) Retailers now experience the most cyber attacks of any industry sector—three times as many as the previous top target, the financial industry—according to information and communications technology firm NTT Group's 2016 Global Threat Intelligence Report

Survey: Federal employees' confidence in agencies' cybersecurity plunges (FierceGovernmentIT) Confidence in agency cybersecurity among federal employees has dropped drastically over the past two years, according to a survey Dell conducted with the Government Business Council and released Wednesday


Global Cyber Security Market Size to Grow From USD 106.32 Billion in 2015 to USD 170.21 Billion by 2020 - Research and Markets (BusinessWire) Research and Markets has announced the addition of the "Cyber Security - M&A Partnerships 2014 - 2015" mergers & acquisitions to their offering

Security Appliance Market to See 11.38% CAGR: IP-Based Video Surveillance Driving Growth to 2020 (PRNewswire) According to the 2016 security appliance market report, there has been an increased adoption of monitoring solutions to prevent unauthorized access to property and information

Meet The World's Largest Pure-Play Cybersecurity Companies (Forbes) Looking for a list of the world’s largest pure-play cybersecurity companies by market capitalization? Look no further

Data breaches fueled valuations of cyber firms (SC Magazine) Stoked by headlines announcing major data breaches, the stock valuations of cybersecurity companies outperformed the Nasdaq and S&P 500 by double over the past three years, according to Bessemer Venture Partners' new Cyber Index, released on Tuesday

Why Palo Alto Will Exceed Street Expectations Again (MoneyShow) The need for data security solutions continues to increase but data security stocks have underperformed during 2016 says Michael Berger, Associate Editor of, who highlights his favorite stock in this sector, Palo Alto Networks

Dell's SecureWorks Set to Price First U.S. Tech IPO of the Year (Bloomberg Technology) SecureWorks Corp., the cybersecurity company owned by Dell Inc., is planning to go public this week in the first initial public offering of a U.S. technology company this year, after the slowest start for offerings since the recession

IBM's Big Investments Will Take Time To Mature (Forbes) IBM’s recent earnings announcement created quite the stir on Wall Street

IBM: An Ugly Quarter But A Beautiful Future Awaits The Patient Investor (Seeking Alpha) IBM reported its 16th consecutive quarter of decreasing revenue. Profits also fell from $2.91 to $2.35 but beat expectations (Zacks) of $2.09. IBM has unique resources available to exploit future business opportunities

Despite Currently Trading At A Premium, Cisco Offers Promising Upside (Seeking Alpha) Advancements into IT services and software have helped bring new growth and life into a very large, mature company. Aside from a safe and reliable business model, the software giant offers serviceable growth, strong free cash flow and a nice dividend. Strategic acquisitions play a big factor into this article's DCF analysis of Cisco.

Alert Logic Surpasses $100 Million in Annualized Revenue (MarketWired) Company exceeds $103 million run rate, 3,800 customers with Q1 2016 results

Check Point CEO Says Security Vendor Is Starting To See Benefits Of Shift To Subscription Services (CRN) Check Point Software Technologies is continuing its push toward a recurring revenue model with its software blades -- a push that CEO Gil Shwed said is starting to gain traction with customers

Bugcrowd, producer of tech-security platform, closes $15 mln Series B round (PE Hub Network) Bugcrowd Inc, the San Francisco developer of a crowdsourced tech-security platform, closed $15 million of Series B funding, led by Blackbird Ventures, the New South Wales, Australia, venture firm

Corero sees strong support for fund-raising Share (Proactive Investors) Shareholders will have the opportunity to participate in the share issue

With Cash in Hand, New DC VC Firm Opens Shop to Fund Cyber (DCInno) From 1717 Pennsylvania Ave NW, Tom Kellermann can nearly see the green grass on the White House's north lawn

DHS and Pentagon Race to Close Cyber Gap (GovTechWorks) The shortage of cyber security talent across the government and commercial sectors keeps expanding. No one knows how big that number is, but security firms and government officials regularly cite estimates of 1 million or more cyber job vacancies worldwide

Senate seeking sources for cyber support services (Federal Times) The Senate Office of the Sergeant at Arms and Doorkeeper (SSA) is building up the chamber’s cybersecurity posture and wants to know how the private sector can help

Chuck Brooks Selected Cybersecurity Marketer of the Year at The Cybersecurity Excellence Awards (Virtual Strategy Magazine) Chuck Brooks was selected as the Winner of the category "Cybersecurity Marketer of the Year" at the 2016 Cybersecurity Excellence Awards

Products, Services, and Solutions

ESET offers beta version of home internet security (GDN) ESET, a global pioneer in IT security for more than two decades, has announced the availability of its beta version of ESET Nod32 Antivirus 10 together with a brand new product designed for home users - ESET Internet Security

Generic Ransomware Detection Comes to OS X (Threatpost) With each new unrelenting ransomware sample, security researchers understand that no matter how quickly antivirus signatures are updated or how rapidly decryptors are built and shared, current defenses will continue to fall short. The problem is that most adequate defenses are sample-specific; Kaspersky Lab has built ransomware decryptors for CoinVault and Bitcryptor, and Cisco has a similar tool to unlock some TeslaCrypt infections, just to name two

Exostar Announces Solution to Facilitate Contractor Compliance with Latest DoD Cybersecurity Rules (BusinessWire) Defense contractors face action plan and compliance deadline for protection of covered Defense information throughout their subcontractor and supplier networks

Absolute Extends Persistence Technology to Secure Third Party Software Applications (CNW) Absolute® (TSX: ABT), the industry standard for persistent endpoint security and data risk management solutions, launched a new service that will persistently reinstall software agents from independent software vendors for existing Absolute customers

Illumio’s cyber assessment program helps find new attack surfaces ASAP (Network World) Program can reduce the number of possible paths malware can traverse, minimizing the blast radius of any breach

ThreatTrack centralizes malware and intrusion analysis with ThreatSecure Network update (FierceEnterpriseCommunications) In the latest incremental release of its security product, ThreatTrack has beefed up its ability to aggregate sensor data from a variety of locations across a network and deepened the integration with its own ThreatAnalyzer technology

Technologies, Techniques, and Standards

Tips for detecting ransomware and other malware before it cripples your network (Healthcare IT News) CISOs and security analysts from top-tier firms offer highly effective advice and tactics for rooting out and getting rid of malicious code

Crowdstrike CEO George Kurtz: Indicators of attack are the future (Fed Scoop) Organizations will continue to monitor indicators of compromise, but tracking IoAs allows security professionals to thwart an attack as it’s unfolding rather than after the fact, he said

Cyber threats coming from the inside (Security Brief) Awareness amongst business leaders around IT security, particularly within government, is on the rise, according to SolarWinds, who says company data leaks dominating news headlines is contributing to the increase

Combating ‘human nature’ security risks (IT Pro Portal) The phrase ‘it’s just human nature!’ is more than a cliché. Cybercriminals already appreciate this notion, as evident in the rise of successful phishing and other social engineering attacks

Can Moving to the Cloud Solve Your Cyber Labor Shortage? (GovTechWorks) Agencies and businesses have many reasons for moving to the cloud, from lower costs to simpler management and faster development, for example – but worries over security hold them back

Legislation, Policy, and Regulation

Australia admits to running offensive cyber-ops team (Register) New Cyber Security Strategy pours money on collaboration centres, industry

Government admits cyber attack capacity (AM) The Australian Government has admitted for the first time that it has the ability to launch cyber attacks. The statement is contained in a $230 million Cyber Security Strategy that will be launched by the Prime Minister today

Australian cybersecurity to take 'big science' approach (Out-Law) Australia should take advantage of cutting edge science to tackle cybersecurity issues, the head of the country's cyber defence group has said

Dell SecureWorks APJ head warns businesses need to act now on security (ARN) Liam Rowland welcomes government's new cyber security strategy

Rules For Cyberwarfare Still Unclear, Even As U.S. Engages In It (NPR) When Defense Secretary Ashton Carter landed in Iraq for a surprise visit this week, he came armed with this news: More than 200 additional U.S. troops are headed to that country. They'll join the fight to retake the Iraqi city of Mosul from the Islamic State. As that battle unfolds on the ground, a parallel war against ISIS is unfolding in cyberspace

Apple, FBI Encryption Debate Continues At Congressional Hearing (InformationWeek) The US House Energy & Commerce Committee hosted two panel discussions April 19, in the hope of advancing an open debate about government access to encrypted technologies. Representatives heard from Apple's top lawyers, as well as law enforcement

Microsoft, Facebook and Google Line Up Against New Encryption Bill (Fortune) Tech groups warn a proposed law would make devices like smartphones less secure

'The War on Cryptography Is a War on Online Banking' (American Banker) In the conclusion of a three-part interview, Ryan Singer, a blockchain-tech entrepreneur, explains why bankers should care about Washington's resurgent efforts to insert back doors into security systems

Is the FCC Inviting the World's Cyber Criminals into America's Living Rooms? (CircleID) In October 2012, the Chairman and Ranking Member of the House Intelligence Committee issued a joint statement warning American companies that were doing business with the large Chinese telecommunications companies Huawei and ZTE to "use another vendor."

Agencies of all sizes struggling to fix critical cyber vulnerabilities (Federal News Radio) In the 10 months since the Homeland Security Department started requiring agencies to fix all critical vulnerabilities within a month, 39 of the more than 360 at-risk cases remain unpatched

Air Force Updates Doctrine on Cyberspace Operations (Federation of American Scientists) Within living memory, even a passing mention of cyber weapons or U.S. offensive activities in cyberspace was deemed sufficient to justify national security classification

DISA director: ‘Gloves are off’ in cyber war, time for new defenses (Federal News Radio) In describing a handful of his agency’s top cybersecurity acquisition priorities, the director of the Defense Information Systems Agency said DoD needs new tools to grapple with the fact that cyber adversaries have become much more brazen in recent years, and are no longer concerned with whether or not they’re detected when trying to penetrate Defense networks

Release: Gov. Nixon announces statewide cybersecurity preparedness initiative (Missouri Times) Speaking to the State Emergency Management Agency’s 28th Annual Missouri Emergency Management Conference today, Gov. Jay Nixon announced the Missouri Office of Administration has been awarded a grant from the U.S. Department of Homeland Security for a statewide cybersecurity preparedness initiative

Indiana's New Cybersecurity Council Will Beef Up State's Cyber Infrastructure (Government Technology) The new council also will encourage economic development in the cybersecurity sector

Litigation, Investigation, and Law Enforcement

Public advocate: FBI’s use of PRISM surveillance data is unconstitutional (Washington Post) A public advocate appointed by the nation’s secretive surveillance court last year argued that a little-known provision of the PRISM program, which enables the FBI to query foreign intelligence information for evidence of domestic crime, violated the Constitution

Sixth arrest in Talk Talk cyber attack case (Belfast Telegraph) A teenager has become the sixth person to be arrested in connection with the alleged data theft from TalkTalk

Hacker of Army Reserve computer program indicted (Fayetteville Observer) An Atlanta-based defense contractor has been arrested in connection with the sabotaging of an Army Reserve computer program in 2014

Donald Trump: Clinton won't be indicted (Politico) Alleging that “she’s being protected,” Donald Trump said Wednesday he did not think Hillary Clinton would be indicted for the email controversy that the FBI is investigating

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SecureWorld Philadelphia (King of Prussia, Pennsylvania, USA, April 20 - 21, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

2016 Akamai Government Forum: Safeguarding a Dynamic Government — End–to–End Security for your Agency (Washington, DC, USA, April 21, 2016) Today's public demands a high performance — and safe — web experience from government and public organizations. And public IT leaders require flawless web protection to securely meet that...

2016 Akamai Government Forum: Safeguarding a Dynamic Government — End–to–End Security for your Agency (Washington, DC, USA, April 21, 2016) Today's public demands a high performance — and safe — web experience from government and public organizations. And public IT leaders require flawless web protection to securely meet that demand. Join...

Army SIGINT (Fort Meade, Maryland, USA, April 25, 2016) Approximately 500 attendees will come together to discuss future technologies in Signals Intelligence (SIGINT), focusing on applications for the actual users in the field (the soldiers). Most attendees...

6th European Data Protection Days (EDPD) (Berlin, Germany, April 25 - 26, 2016) The EDPD Conference will provide participants from the business side with all the important news and updates for the international data protection business at a high level. These include key developments...

CISO San Francisco (San Francisco, California, USA, April 26, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions...

Staying Ahead of the Curve - Securing a Nation Amid Change (Washington, DC, USA, April 26, 2016) A discussion of the changing cybersecurity landscape, featuring a keynote by General Keith Alexander, former Director, National Security Agency, and a panel discussion of the challenges facing Federal...

Are You Protecting Your Business? Why Cyber Threat is a C-Level Priority (Cerritos, California, USA, April 26, 2016) Whether you’re a company of five or 5000, join us for this educational workshop and learn innovative ways to protect your small business from #cybercrime. FBI Special Agent Joey Abelon will share FBI insights...

Assured Communications 2016 (Crystal City, Virginia, USA, April 27, 2016) A basic tenet of building an expeditionary fighting force that can respond to hot spots around the world is the ability to surge. That applies to satellite bandwidth as much as it does to personnel and...

CISO Houston (Houston, Texas, USA, April 28, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

Cybersecurity Futures 2020 (Washington, DC, USA, April 28, 2016) On April 28, some of the country's leading policymakers, hackers, and creative thinkers will join Passcode and UC Berkeley to discuss the Internet's alternate futures – and explore how unconventional thinking...

3rd East Africa Cyber Defense Convention 2016 (Nairobi, Kenya, April 29, 2016) Building on the success of previous conventions series in the last two years and with insights from cybersecurity experts, participants at this conferene learn how organisations should successfully respond.

CISO United States (Chicago, Illinois, USA, May 1 - 3, 2016) The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda...

SANS Security West 2016 (San Diego, California, USA, May 1 - 6, 2016) With cyber-attacks and data breaches on the rise, attacks becoming more frequent, sophisticated and costlier, the gap in the ability to defend has become wider and more time sensitive. Now is the perfect ...

CEBIT (Sydney, New South Wales, Australia, May 2 - 4, 2016) With the Australian Federal Government officially announcing its national cyber security policy, ahead of CeBit Australia’s business technology event, CeBIT is ultra strong on cyber security, too. CeBIT’s...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.