ISIS is back online, calling on its adherents to kill Shiites and Americans in Bahrain. US Secretary of Defense Carter's regional visit apparently prompted the inspiration.
Intrusions into South Korean defense networks continue to look like Pyongyang's work. The Republic of Korea is on alert for fresh cyberattacks from the North, especially in the wake of President Park Geun-hye's impeachment. (The President must step down today, at least temporarily, until her position is decided by the Constitutional Court.) But so far cyberspace has remained relatively quiet across the 38th parallel.
Germany's domestic intelligence service, BfV, said yesterday that Russian organs, specifically Fancy Bear, have begun their attempts to disrupt the coming year's German elections. The BfV's statement leads with charges of propaganda, disinformation, and false flag operations. German political parties are said to be hacking targets as well.
In the US, Congress shows little inclination to let Russian influence operations during last month's elections go uninvestigated. The State of Georgia has asked that the Department of Homeland Security explain what appears to be attempts by DHS to penetrate election systems on November 15. (Georgia was one of several states that declined DHS security help for the November 8 election—why systems were allegedly pinged a week later has raised Georgian eyebrows.)
In industry news, 3M is selling its biometric business to Gemalto.
Avalanche may be gone, but its alleged leader is on the lam. Ukrainian authorities have called BOLO for Gennady Kapkanov, captured in a shoot-out, then released, now missing.
Today's issue includes events affecting Bahamas, Bahrain, China, Germany, Ghana, Iraq, Democratic Peoples Republic of Korea, Republic of Korea, Russia, Syria, Trinidad and Tobago, Ukraine, United States..
ON THE PODCAST
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at Palo Alto Networks, as Rick Howard describes the Cybersecurity Canon. Our guest, Caleb Barlow of IBM, will review Big Blue's study of the "Global Cyber Resilience Gap."
A special edition of our Podcast up is up as well—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.
As always, if you enjoy the podcasts, we invite you to please consider giving it an iTunes review.
ISIS in the Caribbean(Atlantic) Trinidad has the highest rate of Islamic State recruitment in the Western hemisphere. How did this happen?
North Korea Has Done It Again: Hacks South Korean Cyber Command, No End To Bitter Rivalry(Science World Report) To add to its list of the seemingly erratic ventures and acts, North Korea has allegedly hacked the cyber command of South Korea. North Korea and its leaders are quite (in)famous globally for their tactics and policies. And it seems like there is no stopping as North Korea has done it again! It so appears that North Korea has recently leveled a cyber-attack against Seoul. This news has been reported by the Seoul military on December 6 and 7
The Botnet That Broke the Internet Isn’t Going Away(Wired) When the botnet named Mirai first appeared in September, it announced its existence with dramatic flair. After flooding a prominent security journalist’s website with traffic from zombie Internet of Things devices, it managed to make much of the internet unavailable for millions of people by overwhelming Dyn, a company that provides a significant portion of the US internet’s backbone. Since then, the number attacks have only increased. What’s increasingly clear is that Mirai is a powerfully disruptive force. What’s increasingly not? How to stop it
Crooks Start Deploying New "August" Infostealer(Bleeping Computer) During the month of November 2016, a cyber-crime group has started deploying a new malware family nicknamed "August," used mainly for information gathering and reconnaissance on the infected target's computer
'We could not deliver your parcel' email could be scam(USA Today) As Christmas approaches, experts suggest an extra dollop of caution before clicking on email package delivery notices. Fake notifications are proliferating, bringing not holiday cheer — but holiday ransomware
Phishing from the Middle: Social Engineering Refined(Guardian) Phishing attacks have long been associated with malicious emails that spoof well-known institutions in order to trick users into coughing up credentials to banks accounts, email accounts, or accounts for major online services. Phishes that exploit the good name of trusted brands familiar to users have also been known to deliver ransomware, backdoors, and other malicious software designed to compromise the companies and organizations those users work for
Researchers Question Security in AMD’s Upcoming Zen Chips(Threatpost) As more computing heads to the clouds, security researchers are questioning the security of virtual machine control panels called hypervisors. One of the first hardware-based solutions to address these concerns will be deployed by chip manufacturer AMD, called Secure Encrypted Virtualization. The feature is part of its upcoming x86 AMD Zen server family of microprocessors, slated to be released in the second quarter of 2017
Exploring data security in the legal sector and beyond(Help Net Security) BitSight analyzed the Security Ratings of more than 20,000 organizations in six industries – Finance, Legal, Healthcare, Retail, Government and Energy. The objective was to highlight quantifiable differences in security performance across industries from the past 12 months and identify areas of cybersecurity risks
Law Firms' Security Cross-Examined(Dark Reading) Legal sector earns a respectable score for its cybersecurity posture overall, but a large number of law firms remain weak when it comes to security
Cybersecurity advice for the nuclear industry(Help Net Security) Less complexity, an active defense, transformative research, and institutionalized cybersecurity should be nuclear industry’s key priorities to stem the rising tide of cyber threats
CISOs must assess risks and identify the real security budget(Help Net Security) Organizations spend an average of 5.6 percent of the overall IT budget on IT security and risk management, according to Gartner. However, IT security spending ranges from approximately 1 percent to 13 percent of the IT budget and is potentially a misleading indicator of program success, analysts said
Cyber in Business- addressing the cyber skills shortage(CSO) The health sector has been a major target for threat actors over the last year or so. Hospitals in the United States have been heavily targeted with the pathology department at Royal Melbourne Hospital bringing the problem onto our own shores
Fading anonymous social network Yik Yak is laying off most of its employees(TechCrunch) Yik Yak, the once universally recognized anonymous social network that virally took over college campuses back in 2014, is planning to lay off a “significant” number of employees, first noted by The Verge. The company is said to be retaining mostly engineers as it notified its team of about 50 employees earlier this morning
3M to sell identity management business to Gemalto(Reuters) 3M Co (MMM.N), the maker of Scotch tape and Post-it notes, said it had entered into agreements to sell its identity management business to Amsterdam-based digital security company Gemalto (GTO.AS) for $850 million
Accenture Acquires Defense Point Security LLC(Washington Executive) Accenture announced Dec. 2 its acquisition of Defense Point Security LLC. DPS is now a wholly owned subsidiary of Accenture Federal Services. Terms of the transaction are not being disclosed
McLean-based Haystax to use $4 million investment to identify insider threats(Washington Post) Haystax Technology, a McLean-based company that helps Super Bowl organizers and government agencies track security threats by analyzing millions of web-based data points, is embarking on a company-wide pivot towards helping organizations identify “insider threats;” employees who leak confidential information
Palo Alto, Fortinet: The ‘Binge’ Is Over, Says UBS, Tread Carefully(Barron's) UBS analyst Brent Thill today warns that most vendors of security technology are “feeling a pinch,” including Palo Alto Networks (PANW) Fortinet (FTNT), and Check Point (CHKP), as the big spending “binge,” by customers, in 2014 and 2015, is now definitely over
Threats of Tomorrow: Using AI to Predict Malicious Infrastructure Activity(Recorded Future) The ever-increasing scale and complexity of cyber threats is bringing us to a point where human threat analysts are approaching the limit of what they can handle. We believe the next-generation of cyber threats must be tackled by a combination of machines equipped with artificial intelligence (AI) and human analysts — what we call centaur threat analysts
New infosec products of the week: December 9, 2016(Help Net Security) Thales releases advanced encryption solutions for secure docker containers... Unisys Stealth(aware) automates implementation of micro-segmentation security... End-to-end IAM for physical and IT security... GO-Trust launches one touch login for cloud services... Bomgar makes remote support easier from any mobile device... Intel Security’s True Key integrates with Windows Hello... Arbor SP Insight expands and enhances network operators’ traffic analytics... Malwarebytes 3.0 combines four proprietary technologies
IBM to use AI to help banks with cybersecurity(Business Insider) IBM launched its IBM Watson for Cyber Security program in beta on Tuesday, and announced that it already has 40 clients signed up, including global leaders in the banking and insurance industries
Ixia Delivers Unprecedented Visibility into Virtual Data Center Traffic(Yahoo!) Ixia (XXIA), a leading provider of network testing, visibility, and security solutions, today announced that the company has extended the capabilities of CloudLens™, Ixia’s recently announced integrated cloud visibility platform, with CloudLens Virtual Packet Broker (vPB). CloudLens vPB is a software solution that delivers visibility into virtual data center traffic for enterprises leveraging private cloud deployments to support and expand their business
ESET launches new internet security products for home users(Data Quest) ESET has launched version10 of its premium line of security solutions for home users. ESET Smart Security Premium is built upon the award-winning NOD32 technology that offers the optimal mix of detection, speed and usability. In addition, the new product provides features including ESET Password Manager for easier and safer authentication, as well as ESET Secure Data for convenient and strong encryption
Scene and heard at the Insurance Executive Conference(Property Casualty 360) In the afternoon, National Underwriter Property & Casualty Editor-in-Chief Shawn Moynihan co-moderated a panel with Chris Lanzilotta, principal at Ernst & Young, titled “Best Practices for Controlling Your Cyber Risk.” The panel included Thomas Dunbar, senior vice president and head of information risk management at XL Catlin and Greg Vernaci, head of cyber, U.S. and Canada at American International Group
Six tips for practicing safe social media(Help Net Security) With Facebook now counting over 1.7 billion monthly users and LinkedIn another 467 million, it was only a matter of time until criminal hackers turned their attention to exploiting social media as an attack vector. The current attack is being waged to introduce ransomware into these environments. Dubbed “Imagegate”, it’s a clever way of sneaking malware into your environment
Is Machine to Machine Communication (M2M) Dead?(Nanalyze) The Internet of Things or IoT is this notion that everything around us is connected and intelligent. Your coffee maker talks to the cloud which in turn tells it when to start brewing coffee based on when your alarm clock (which also talks to the cloud) is set. But what if your alarm clock just talked directly to your coffee maker? That’s the basic idea behind “machine to machine” or M2M communications which is the latest buzzword everyone’s getting excited about. Just how excited are people getting about M2M? CB Insights uses their powerful artificial intelligence powered “CB Insights Trends” tool to show us
You're Probably Fine with SMS-Based Two-Factor Authentication(Motherboard) Using a phone to secure your email, Facebook, or other online accounts has got a lot of bad press recently. In June, hackers broke into the Twitter account of prominent Black Lives Matter activist DeRay McKesson, after tricking Verizon into redirecting his text messages to another SIM card. And then a month later, the US National Institute of Standards and Technology (NIST) advised companies to find an alternative to SMS two-factor authentication
How this analyst targeted a phisher(CSO) Not unlike any other threat analyst, Marc Laliberte's email inbox fills up minute by minute. Some of which has made its way past the spam filter. The WatchGuard employee decided to finally act upon a certain phishing attempt in hopes of teaching the bad guys a lesson
Hiring the Right Cyber Threat Intelligence Analyst for Your Organization(Security Week) With the coming new year comes new strategies to implement, new budgets to work with, and new threats to prevent from harming your business. I’ve personally seen a shift in the past year where more organizations are moving beyond the basic understanding of what threat intelligence is and moving into a planning and implementation process to start benefitting from the value that good intel can provide
Design and Innovation
Fingerprint passwords not theft-proof(AP via the Longview News-Journal) It sounds like a great idea: Forget passwords, and instead lock your phone or computer with your fingerprint. It's a convenient form of security — though it's also perhaps not as safe as you'd think
New Call to Regulate IoT Security By Design(Threatpost) A Washington, D.C. think tank whose mission is critical infrastructure security has joined the call for lawmakers to consider regulating the security of connected devices
'Avalanche’ Crime Ring Leader Eludes Justice(KrebsOnSecurity) The accused ringleader of a cyber fraud gang that allegedly rented out access to a criminal cloud hosting service known as “Avalanche” is now a fugitive from justice following a bizarre series of events in which he shot at Ukrainian police, was arrested on cybercrime charges and then released from custody
Trump, Russia and the U.S. Election(FactCheck: the Wire) President-elect Donald Trump again discounted the possibility that Russia was behind the hacking of U.S. political organizations, including the Democratic National Committee’s servers, despite evidence to the contrary
[Letter from Georgia's Secretary of State to the US Secretary of Homeland Security](State of Georgia, Office of the Secretary of Sate) On November 15, 2016, an IP address associated with the Department of Homeland Security made an unsuccessful attempt to penetrate the Georgia Secretary of State's firewall. I am writing you to ask whether DHS was aware of this attempt and, if so, why DHS was attempting to breach our firewall
Your Public Facebook Posts Might Still Be 'Private' In UK Cops' Eyes(Motherboard) Cops are all over social media, using monitoring tools to keep tabs on sporting events, protests, and more. These tools often aren't just about gathering public posts or tweets; sometimes, they're used to scrape metadata in aggregate and map out somebody's movements over time too
FBI will increasingly rely on foreign help to stop hackers, Assistant AG says(CyberScoop) The emergence of cybercrime as a global phenomenon is causing the FBI and Justice Department to increasingly rely on international law enforcement collaboration, legal treaties and informal agreements in addition to cooperation from the private sector, Assistant Attorney General for the Criminal Division Leslie Caldwell described, Thursday
Phone-Cracking Cellebrite Software Used to Prosecute Tortured Dissident(Intercept) The Israel-based firm Cellebrite, which specializes in software that breaches cellphones, enjoys a reputation as a silver bullet in 21st-century policing whose products are used only to beat terrorists and find abducted kids. Like any good, vaguely sinister corporate spy outfitter, the company has never publicly confirmed which governments are among its customers, and deflects questions about whether it would sell its infamously powerful software to a repressive, rights-violating regime
Man who hacked 130 celebrities jailed for five years(Naked Security) Maybe you’ll recall 24-year-old Bahamian Alonzo Knowles, who recently pleaded guilty to hacking the email accounts of some 130 media, sports and entertainment celebrities? And trying to sell everything from their confidential scripts to their sex tapes? The judge just threw the book at him: five years in federal prison
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SANS Cyber Defense Initiative 2016(Washington, DC, USA , December 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative...
Privacy, Security and Trust: 14th Annual Conference(Auckland, New Zealand, December 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.