ThyssenKrupp discloses that it lost steel production intellectual property to a cyberattack early this year. German authorities have the matter under investigation (and have for some time).
A recent distributed denial-of-service attack, "Sledgehammer," originated in Turkey and affected organizations the attackers regarded as unsympathetic to Turkish government policy, among them German and Turkish political parties as well as organizations devoted to memorializing the Armenian genocide and promoting Kurdish autonomy. The campaign is unusual, Forcepoint says, in its gamification of DDoS. Play with caution if play you must—the prize may backdoor the player.
Talos and Flashpoint report that Floki Bot, essentially an evolved Zeus Trojan, is for sale in dark web souks. It poses a threat to point-of-sale systems as well as banks and insurance companies.
RiskIQ warns of subdomain infringement risks.
Dridex is back, and circulating among Scottish banking systems.
US Congressional Democrats and others continue to advocate bipartisan investigation of Russian attempts to interfere with recent US elections.
The destructive cyberattack on Saudi systems, widely attributed to Iran as a second round of Shamoon, is said by a Middle East Eye op-ed to look like a false flag operation. Maybe—the possibility can't be ruled out a priori—but apparent action against interest wouldn't be a first either, as Iranian policy has sometimes followed a complex internal logic that appears strategically incoherent to Western eyes.
National Health Service facilities in the UK have come under cyberattack recently. Perhaps unsurprisingly, 90% of NHS Trusts are still using Windows XP.
Today's issue includes events affecting Armenia, Brazil, Canada, Germany, Iran, Israel, Democratic Peoples Republic of Korea, Russia, Saudi Arabia, Turkey, United Kingdom, United States.
A quick word to our readers about sponsoring the CyberWire—there are a few sponsor slots available for 2017, but they're going fast. Learn more here.
ON THE PODCAST
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from Joe Carrigan, representing our partners at the Johns Hopkins University. He'll be talking to us about the Grace Hopper Conference. Our guest, Deepen DeSai from ZScaler, will share some insight into the Stampado ransomware strain.
A special edition of our Podcast up is up as well—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.
As always, if you enjoy the podcasts, we invite you to please consider giving it an iTunes review.
ThyssenKrupp secrets stolen in 'massive' cyber attack(Reuters) Technical trade secrets were stolen from the steel production and manufacturing plant design divisions of ThyssenKrupp AG (TKAG.DE) in cyber attacks earlier this year, the German company said on Thursday
Sledgehammer - The Gamification of DDoS Attacks(Forcepoint) Operation Sledgehammer translated into Turkish is Balyoz Harekâtı, which was the name of a 2003 attempted military coup d'etat in Turkey. It’s also the name of a recent Distributed Denial of Service (DDoS) attack that targeted organizations with political affiliations that the attacker deems out of line with Turkey’s current government. These organizations include the German Christian Democratic Party (CDU), The People’s Democratic Party of Turkey, the Armenian Genocide Archive and the Kurdistan Workers Party (PKK)
Floki Bot Strikes, Talos and Flashpoint Respond(Talos) Floki Bot is a new malware variant that has recently been offered for sale on various darknet markets. It is based on the same codebase that was used by the infamous Zeus trojan, the source code of which was leaked in 2011. Rather than simply copying the features that were present within the Zeus trojan "as-is", Floki Bot claims to feature several new capabilities making it an attractive tool for criminals. As Talos is constantly monitoring changes across the threat landscape to ensure that our customers remain protected as threats continue to evolve, we took a deep dive into this malware variant to determine the technical capabilities and characteristics of Floki Bot
Dridex Targets Scotland(Infosecurity Magazine) Fujitsu CTI has been monitoring Dridex across our customers for a period of time. There have been evolving variants of the same campaigns attempting to deliver the Dridex banking trojan via malicious email attachments. Dridex recently targeted victims using a football lure in an attempt to deliver the malicious trojan
Mobile Ransomware: Pocket-Sized Badness(TrendLabs Security Intelligence Blog) A few weeks ago, I spoke at Black Hat Europe 2016 on Pocket-Sized Badness: Why Ransomware Comes as a Plot Twist in the Cat-Mouse Game
Nine in Ten NHS Trusts Still on Windows XP(Infosecurity Magazine) Security experts have warned that patient data is at risk after it was revealed that 90% of NHS Trusts in England are still running the unsupported Windows XP operating system
Good Cop; Bad Cop; Domain Cop?(SANS Internet Storm Center) When investigating events, like malware or spam hitting our systems, we often send notifications to parties from which the malicious traffic originates. One the other hand, it isn't terribly unusual, for us to receive malware notifications if some of the snippets of code we post match anti-virus patterns
Hacker Steals $300,000 from Major Cryptocurrency Investor(Bleeping Computer) An unknown hacker has stolen at least $300,000 in Augur and Ether cryptocurrency from Bo Shen, the founder of venture capital firm Fenbushi Capital, and one of the early adopters of many of today's cryptocurrencies
AirDroid Beta 220.127.116.11 fixes major security issues, official rollout expected soon(Android Police) A few days ago, independent security firm Zimperium released details about several major security flaws in the popular AirDroid application. In summary, attackers can easily intercept insecure requests to AirDroid's servers, as well as push malicious APKs to devices which appear as AirDroid add-on updates (which AirDroid then prompts the user to accept). Granted, the user has to be on an insecure Wi-Fi network for the attack to work, but it's still a major problem
323,000 pieces of malware detected daily(Help Net Security) According to Kaspersky Lab, the number of new malware files detected by its products in 2016 increased to 323,000 per day. This is an increase of 13,000 from the amount in 2015, and a significant jump from the 70,000 files per day identified in 2011
Fortinet predicts tipping point for cybersecurity as threats become difficult to detect(Data Quest) Fortinet has unveiled six predictions from the FortiGuard Labs threat research team about the threat landscape for 2017. These predictions reveal the methods and strategies that Fortinet researchers anticipate cyber criminals will employ in the near future and demonstrate the potential impact of cyber attacks to the global digital economy
Soft targets(Breaking Views) Splunk, Symantec or Twitter could end up in Masayoshi Son’s hands – maybe all three. The founder of Japan’s SoftBank is amassing a $100 billion fund with the backing of Saudi Arabia. This war chest will let Son make more big bets, like his $32 billion purchase of Britain’s ARM, while keeping them off SoftBank’s books
Silicon Valley Bank Provides $25 Million Line for A10 Networks(Silicon Valley Daily) Silicon Valley Bank has agreed to provide a $25 million revolving line of credit to publicly-traded A10 Networks (NYSE: ATEN), a leader in application networking and security. The credit facility provides A10 Networks with access to additional working capital when needed for general corporate purposes
Deloitte invests in SETL after year-long collaboration(IBS Intelligence) Deloitte has invested in blockchain startup SETL, the first time the firm has (publicly) funded the technology. The two had previously worked together, trialling a contactless payment card with Metro Bank which is expected to launch in 2017
Cisco's Cash Repatriation: Next Catalyst?(Seeking Alpha) Silicon Valley executives are scheduled to meet with President-elect Trump this month. On the agenda, cash repatriation could benefit tech behemoths, like Cisco. Cisco’s overseas cash pile could drive the stock’s next leg up through M&A, buybacks and dividend increases
Is Palo Alto Networks Stock Still Secure?(Investment U) It’s an exciting time to work at a cybersecurity firm like Palo Alto Networks (NYSE: PANW). Individual hackers continue to gain in numbers and sophistication. And recently, advanced state-sponsored hackers have joined the party. Amidst all these cyberthreats, demand for cybersecurity services has gone through the roof. And that should be great news for owners of Palo Alto Networks stock
BlackBerry hires former Coast Guard CIO for cyber center(CyberScoop) Retired Rear Admiral Robert Day, Jr., the man hired by BlackBerry last week to lead its federal certification and compliance efforts, knows all about the crisis in the cybersecurity workforce — and not just from his time as CIO of the U.S. Coast Guard
The Daily Record announces its 2016 Leading Women(Daily Record) The Daily Record has announced its 2016 Leading Women, honoring 50 women who are 40 years of age or younger for the accomplishments they have made so far in their careers [including security executive]....Tina C. Williams, president/CEO, TCecure LLC
Products, Services, and Solutions
Subdomain Infringement: An Unseen Threat(RiskIQ) Domain infringement is when threat actors use brand names within illegitimate web domains to imply affiliation with a brand to deceive end users about who’s behind the content they see on a site. They use this exploitation of trust as a lure to phish for sensitive data, distribute malware, promote scams, generate revenue from ads on parked domains, and drive monetizable traffic to other sites
LockPath wins 2016 GRC Value Award for Policy Management(Lockpath) LockPath, a leader in governance, risk management and compliance (GRC) solutions, today announced the company is being honored with the 2016 GRC Value Award in Policy Management. The GRC Value Awards program recognizes real-world implementations for GRC programs and processes that have returned significant and measurable value to an organization
New Secure Data Exchange from SecureDx.net Protects Electronic & Cloud Messaging and Communications(Yahoo! Finance) SecureDx.net has announced a new product, Secure Data Exchange (SDE) that provides what's been missing with other message security systems. For example, Cloud messages are used in patient/physician PHI (Patient Health Information) exchanges. These interactions are typically achieved using unsecure email notifications and data access links to cloud, which present an easy target for intrusive hackers
Radware Powers XO Communications New DDoS Mitigation Service(EconoTimes) Radware® (NASDAQ:RDWR), a leading provider of cyber security and application delivery solutions ensuring optimal service levels for applications in virtual, cloud, and software-defined data centers, announced that XO Communications (XO), a leading enterprise ISP, has launched a Distributed Denial of Service (DDoS) Mitigation Service as part of its Security Services product portfolio, based on Radware’s Attack Mitigation System. Radware will help protect XO’s data centers from network security threats and provide XO’s customers with value added DDoS Mitigation Service
BeyondTrust Announces Key Partnership with Simeio Solutions(Beyond Trust) BeyondTrust, the leading cyber security company dedicated to preventing privilege misuse and stopping unauthorized access, today announced a strategic partnership with Simeio Solutions. As BeyondTrust increases its track record of successful privileged access management (PAM) deployments, partnerships with trusted identity and access management (IAM) services providers, like Simeio, will enable more customers to expedite PAM initiatives and achieve faster ROI
Unisys Brings One Touch To Cyberfraud Fighting(PYMNTS) Global IT firm Unisys Corporation launched a new software application that enables organization to fight cybercrime with enterprise-wide, micro-segmentation security that can be deployed at the touch of a button
Here's How Much a StingRay Cell Phone Surveillance Tool Costs(Motherboard) Rochester Police Department in New York responded to our Cell Site Simulator Census with a rare look into the pricing and packaging of the cellphone surveillance tech: a completely unredacted quote list of Harris Corporation products
Technologies, Techniques, and Standards
Announced: Independent OpenVPN security audit(Help Net Security) VPN service Private Internet Access (PIA) has just announced that they have contracted noted and well-reputed cryptographer Dr. Matthew Green to perform a security audit of OpenVPN
Optiv Security’s Top 12 Tips for More Secure Business Practices During the 2016 Holiday Season(Optiv) Optiv Security, a market-leading provider of end-to-end cyber security solutions, today shared a list of a dozen tips for implementing more secure business practices during the 2016 holiday season. Optiv’s experienced team of security experts developed these recommendations to help security and IT teams better prepare their companies and employees to address the increase in cyber threats that occur during this time of year
Mitigating Insider Threats In Cloud Environments(Cybersecurity Association of Maryland) One of the most difficult cybersecurity threats to prevent is that posed by the insider. No amount of firewalls or penetration tests can stop someone with access to sensitive corporate information from sharing documents, installing malware, or simply abusing access privileges and leaking information
5 Things Security Can Learn From Operations’ Transition Into DevOps(B2C) Over the past couple of years, a discussion has been brewing in the Security community about the future of its work. On one hand, the need for security is more urgent than ever as all areas of business and personal computing are being impacted by cyber threats. On the other hand, the process of delivering software has changed: We have significantly streamlined the development process by reducing organizational silos through various implementations of a DevOps culture
What the rise of social media hacking means for your business(CSO) A product marketing manager at your company just posted a photo on LinkedIn. The problem? In the background of the image, there’s a Post-It note that contains his network passwords. You can barely see it, but using artificial intelligence algorithms, hackers can scan for the publicly available image, determine there are network passwords, and use them for data theft
After study, Google gives keysticks two thumbs up(CyberScoop) After a two-year study, Google is lauding the use of USB cryptographic keysticks as a way to authenticate identity online, preventing phishing and man-in-the-middle attacks and securing both individual accounts and the enterprise to which they belong
Cybersecurity gamification: A shortcut to learning(Help Net Security) Cybersecurity awareness trainings are usually a boring affair, so imagine my colleagues’ surprise when I exited the room in which I participated in a demonstration of the Kaspersky Interactive Protection Simulation (KIPS) game and told them: “You have to try this!”
DoD plans to bolster APT security(C4ISRNET) One of the DoD's biggest cybersecurity concerns is advanced persistent threats (APTs), attacks in which an unauthorized entity gains access to a network and remains there undetected for a long period of time. An APT attack's goal is to steal data rather than to cause outright damage to the network or organization
The legal exemption making life easier for ethical hackers(Christian Science Monitor Passcode) An exemption to the Digital Millennium Copyright Act allows hackers to conduct good will research into medical devices, automobiles, and other internet-connected devices without threat of lawsuits from manufacturers
Opinion: An automotive privacy collision(Christian Science Monitor Passcode) The National Highway Traffic Safety Administration owes it to motorists to set more robust and clearer privacy standards for connected cars
Protecting Whistleblowers with Access to Classified Information(IC on the Record) Under the Third Open Government National Action Plan, issued on October 27, 2015, the Director of National Intelligence committed to develop a common whistleblower training curriculum that can be adopted by all federal agencies covered under Presidential Policy Directive 19, Protecting Whistleblowers with Access to Classified Information
The Election Is Over. The Probe Into Russian Hacks Shouldn’t Be(Wired) From climate change denial to pizza-parlor pedophile conspiracy theories, 2016 has thoroughly shaken the groundwork of facts that Americans agree on. But there’s at least one story that the US can’t afford to let slide into the muck of conspiracy theories, fake news, and truthiness: whether the Russian government hacked America’s election
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cybersecurity of Critical Infrastructure Summit 2017(College Station, Texas, USA, January 11 - 13, 2017) An inaugural event to convene thought-leaders, experts, and strategic decision makers from government, industry, and academia to discuss the technology and policy implications of the ever-evolving cyber-threats...
Blockchain Protocol and Security Engineering(Stanford, California, USA, January 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary...
2nd Annual Billington International Cybersecurity Summit(Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations...
2nd Annual Billington Automotive Cybersecurity Summit(Detroit, Michigan, USA, July 18, 2017) The 2017 Billington Automotive Cybersecurity summit will build on the 2016 inaugural summit that brought together a who’s who of speakers including the CEO of GM and the Secretary of Transportation, prestigious...
8th Annual Billington CyberSecurity Summit(Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and...
Practical Privacy Series 2016(Washingto, DC, USA, December 7 - 8, 2016) This year, the Practical Privacy Series will return to Washington, DC, with its rapid, intensive education that arms you with the knowledge you need to excel on the job. We’re programming some stunningly...
CISO Southern Cal(Los Angeles, California, USA, December 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
SANS Cyber Defense Initiative 2016(Washington, DC, USA , December 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative...
Privacy, Security and Trust: 14th Annual Conference(Auckland, New Zealand, December 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.