skip navigation

More signal. Less noise.

Daily briefing.

Ransomware, especially Locky (distributed via malicious Word macros, like Dridex) but also PadCrypt (which picks up the trend set by CrytoWall 4.0, treating victims as if they're customers) continues to exercise researchers and security teams. Palo Alto believes it's discovered the revenant Dridex subnet that's pushing Locky. PadCrypt's "customer service" includes both an uninstaller — but it only uninstalls the malware, leaving files encrypted — and a "live chat" feature in which PadCrypt's controllers walk victims through their payment options.

Cyber extortion seems to pay. Hollywood Presbyterian said yesterday it paid its attackers $17,000 in Bitcoin to release control of some affected systems. A Bitdefender survey suggests paying up has become increasingly common, with victims in the UK willing to pay the highest levels of ransom.

In industry news, some retail investment advisors look upon the recent pullback in cyber security share prices as a buying opportunity.

Amid conflicting reports over how well private sector cooperation against ISIS is going — some say Twitter's giving ISIS troubles; others say account-blocking amounts to little more than a gesture — US Secretary of State Kerry asks Hollywood to help with counter-ISIS messaging.

Apple continues to fight the court order it received to assist the FBI in the Bureau's efforts to unlock an iPhone used by the San Bernardino jihadists. Apple receives support from Microsoft and Google, and also from both Ed Snowden and former NSA Director Michael Hayden. Observers agree the case's outcome will set important precedents. It's also likely to push Congress toward encryption legislation.


Today's issue includes events affecting China, Czech Republic, Denmark, France, Germany, Iran, Israel, Democratic Peoples Republic of Korea, Republic of Korea, Moldova, Romania, Russia, Syria, United States.

Today's CyberWire Daily Podcast will have more on what's at stake in the case of the jihadists' iPhone. Listen for the podcast later this afternoon.

Cyber Attacks, Threats, and Vulnerabilities

"Locky" ransomware: What you need to know (Naked Security) "Locky" feels like quite a cheery-sounding name

KnowBe4 Warns about New Ransomware Hidden in Word Docs (Benzinga) New "Locky" ransomware is loaded with professional grade malware

Dridex botnet alive and well, now also spreading ransomware (Help Net Security) Last October's disruption of the Dridex botnet by UK and US law enforcement agencies and the arrest of a Moldovan bot master have not lead to the death of the botnet

New ransomware comes with Live Chat feature, somewhat useless uninstaller (Graham Cluely) Researchers have spotted some new ransomware that comes with a Live Chat feature and a somewhat useless uninstaller program

PadCrypt: The first ransomware with Live Support Chat and an Uninstaller (Bleeping Computer) A new ransomware was discovered by and further analyzed by MalwareHunterTeam called PadCrypt that offers for the first time a live support chat feature and an uninstaller for its victims

Virtual extortion a big business for cyber criminals (CNBC) Extortion, one of the oldest tricks in the criminal bag, is wreaking havoc in the brave new digital world — and generating lots of money for cyber crooks

44% of ransomware victims in the UK have paid to recover their data (SC Magazine) A Bitdefender global study with respondents from the UK, the US, France, Germany, Denmark and Romania was conducted by iSense Solutions to discover what motivates victims to pay ransoms and how much they value their data

Los Angeles hospital paid $17,000 ransom in Bitcoin after cyber-attack (Raw Story) The president of Hollywood Presbyterian Medical Center said on Wednesday that his hospital paid hackers a ransom of $17,000 in bitcoins to regain control of their computer systems after a cyber attack

Hospital hack reveals digital risk in medical world (San Francisco Chronicle) A Southern California hospital fell victim to hackers last week — offering a glimpse at one of many digital threats facing health care

Backdoor in MVPower DVR Firmware Sends CCTV Stills to an Email Address in China (Softpedia) Firmware developer pulls project off GitHub when confronted

Malvertising campaign used Wajam browser extension to infect PCs (Graham Cluley) Researchers recently spotted a malvertising campaign that used the Wajam browser add-on to redirect users to the Angler exploit kit

Angler exploit kit generated by "admedia" gates (Internet Storm Center) On 2016-02-01, the Sucuri blog reported a spike in compromised WordPress sites generating hidden iframes with malicious URLs

Researchers leak phony data on dark web to track journey (SC Magazine) Researchers at Bitglass leaked the digital identity of a fictional bank employee on the dark web as part of its "Where's Your Data: Project Cumulus" experiment to help organizations understand what happens to sensitive data once it's stolen

What happens when Google Doc credentials are leaked on the Dark Web (IDG via CSO) Guess what? People start looking at your documents

Password cracking attacks on Bitcoin wallets net $103,000 (Ars Technica) "Active attacker community" often emptied accounts minutes after they went live

Seculert's Research Finds Critical Gaps in Leading Secure Web Gateways (MarketWired) Leading gateways allowed more than 40 percent of attempted malicious communication to succeed

VA sees massive drop for intrusion attempts in January (FierceGovernmentIT) The number of intrusion attempts blocked by the Veterans Affairs Department dropped drastically last month, from 181.1 million in December to 76.5 million in January

University of Greenwich exposes student data in major web gaffe (V3) The University of Greenwich has admitted that hundreds of students' names, addresses, signatures, dates of birth and mobile phone numbers were uploaded to its public website, making them discoverable via a Google search

The end of the line for Flash? Not so fast (Digital Guardian) Flash has long been a favorite target for attackers; but with Adobe revising strategy, how long before Flash-free is a reality?

Attackers Favor Old Exploits, Mobile Apps (eSecurity Planet) HPE's latest Cyber Risk Report finds a shift toward attackers targeting applications, especially mobile ones

ICIT Report: Know Your Enemies 2.0 — The Encyclopedia of the Most Prominent Hacktivists, Nation State and Mercenary Hackers (ICIT) Every device and network attached to the IoT possesses, within itself, a universe of vulnerabilities

Security Patches, Mitigations, and Software Updates

WordPress joins movement toward HTTPS encryption (Christian Science Monitor Passcode) Popular blogging platform WordPress is the latest in a growing number of sites that are enabling website encryption to protect their users

Instagram Adds Two-Step Authetication to Fight Account Hacking (Hot for Security) Facebook-owned Instagram started implementing the two-step authetication security feature to help prevent account hacking

Xen Project Explains Patch Snafu (Threatpost) Xen Project dropped the ball on two important security patches when it released a maintenance update for its popular hypervisor software on Tuesday

Cyber Trends

Spear Phishing Incident Average Cost is $1.6M (Infosecurity Magazine) Spear phishing has become an endemic scourge: 95% of US and 83% of UK respondents in a recent Cloudmark survey said that they have experienced spear phishing attacks (91% combined)

Cyber risks evolving to hit less traditional targets (Business Insurance) Last year was the year of collateral damage with respect to cyber risks with attacks touching people "who never dreamed they might be involved in a security breach," says Hewlett-Packard Co. in a report issued Wednesday


Cyber security seen climbing up corporate priority lists as danger escalates (Radio Praha) Cyber security is a significant issue now for governments and companies, and will becoming increasingly so for firms as they have to meet legal demands that they act fast and flag up attacks that could have far reaching consequences

2 Cyber Security Stocks You Should Buy (Guru Focus) Investors can buy beaten-down FireEye and Palo Alto Networks to profit from the booming cyber security industry

Who Gets Called In When a Company Is Hacked? (Motley Fool) A look at how one of the major players in the cybersecurity space handles threats and what it's done to set itself far apart from the competition

CyberArk Continues To Do What It Does Best, Opportunity Arises (Seeking Alpha) CyberArk handily beat analysts' 4Q15 estimates on both the top and bottom line, exceeding even my estimates

Nice-Systems Ltd (NICE) Increases Dividend to $0.16 Per Share (FInancial Market News) Nice-Systems Ltd (NASDAQ:NICE) declared a dividend on Thursday, February 11th, reports

Security startups vie for honors in RSA Innovation Sandbox (TechTarget) The RSA 2016 Innovation Sandbox competition highlights the top security startups, but only one will be awarded title of 'RSA Conference 2016's Most Innovative Startup'

ZeroFOX Strengthens Executive Team to Support Global Growth (ZeroFOX) Tim Bender, formerly at Motionsoft and Vocus, will serve as CFO, and Gabe Goldhirsh, formerly of Synerjent Ventures and Hexis Cyber Solutions, will serve as Vice President of Worldwide Services

Products, Services, and Solutions

CloudLock and FireEye Partner to Deliver Integrated CASB Cloud and On-Premise Security Intelligence (MarketWired) Solution combines CloudLock's Cloud Access Security Broker with FireEye's Security Data Analytics and Threat Intelligence for integrated orchestration against data breaches and cyber attacks

FAIR Institute Formed to Help Manage Information Security and Operational Risk from the Business Perspective (BusinessWire) A new expert forum to help information risk, cybersecurity and business executives collaborate on the development and sharing of industry-leading best practices for quantifying and managing information risk

DB Networks launches Layer 7 Database Sensor (Help Net Security) DB Networks introduced a product that provides OEM partners with real-time deep protocol analysis of database traffic

Akamai launches 'Akamai Bot Manager' for better Bot Management (Express Computer) Akamai claims 'Akamai Bot Manager' is designed to allow true management of bots vs. detection and blocking only

Cloud Security Gets a Boost From Deep Learning (Enterprise Tech) A range of new cyber security approaches is emerging that seek to shield cloud applications from attack

Exabeam Launches Threat Hunter to Root Out Cybercriminals on Corporate Networks (MarketWired) Behavioral search solution empowers any security professional to identify and stop cybercriminals

Security Startup Provider buguroo Launches New Threat Intelligence Platform (App Developer Magazine) Security provider buguroo, a U.S. startup and spinoff of Deloitte's European Security Operations Center (SOC), is launching bugThreats, a threat intelligence platform (TIP) that looks outside the enterprise infrastructure and focuses on useful intelligence gathered where the compromised end users, and their stolen data, are

ProtectWise Expands Capabilities Of Enterprise Security Platform With Next Generation, Deep File Analysis Solution (PR Newswire) ProtectWise File DVR is the industry's only automated retrospective file analysis solution

Radware, partenaire de Cisco pour l'intégration de solution de mitigation des attaques DDoS (Global Security Mag) Les récentes attaques de la banque HSBC au Royaume-Unis ou de l'ANSSI en France ont démontré l'importance de considérer les attaques DDoS dans l'élaboration d'un système de sécurité informatique

Zimperium Adds Self-Protecting Apps To Its Mobile Security Solution Platform (PR Newswire) 3.0 Mobile Threat Protection Suite introduces expanded protection, detection and remediation capabilities for iOS and Android

BitSight Announces BitSight Discover, A New Solution Designed to Automatically Map Risks Associated with Fourth Party Connections (PR Newswire) Security ratings company expands product suite with BitSight Discover for risk aggregation aimed at cyber insurers

Comparing the top big data security analytics tools (TechTarget) Expert Dan Sullivan compares how the top-rated big data security analytics tools measure up against each other to help you select the right one for your organization

Technologies, Techniques, and Standards

Coming Together in the Cloud: A 'Cloud Security Doctrine' for Law Firms (Legaltech News) When it comes to the cloud, the LCCA believes there should be standards for meeting the legal industry's 'unique security and confidential' needs

How is cryptography incorporated into PoS terminals? (We Live Security) When analyzing the security of PoS (Point of Sale) applications, we have to take into account the necessary involvement of magnetic stripes and cardholder data, which is extremely sensitive information, both for the holder and the financial institution that issued it

Threat Intelligence and SIEM (Part 3) — Combining for Better Security (Recorded Future) Previously, in part one and part two of this series, I explained how threat intelligence (TI) provides defenders better insight into the type of malware, delivery mechanisms, exploits, and overall situational awareness of threats and attack strategies faced by other companies


NSA to Kick Off National "Day of Cyber" at RSA 2016 (MarketWired) 2 million students to begin their cyber career LifeJourney

Legislation, Policy, and Regulation

Public companies should be obliged to report cyber attacks says security expert (Stuff) Publicly-listed companies should be obliged to report if they have fallen victim to cyber-attacks, such as ransomware attacks, says a visiting security expert

Israel prepares cyber battle against Pro-Palestinian boycott (Fox News) Israel is using its world-leading expertise in cyber security to take on the growing threat of the global pro-Palestinian movement to boycott Israel

HMRC to move away from 'dangerous dependency' on legacy mainframe operating systems in new IT strategy (Computing) HM Revenue & Customs (HMRC) has released an IT strategy document outlining its plans to move away from what it calls a "dangerous dependency on legacy mainframe operating systems"

Kerry enlists Hollywood's help to counter ISIS's messaging (The Hill) Secretary of State John Kerry enlisted the help of Hollywood studio executives in the fight against the Islamic State in Iraq and Syria (ISIS) during a meeting in Los Angeles this week

Twitter's takedown of ISIS accounts still unsatisfactory (CSO) The recent announcement that Twitter has taken down 125,000 counts in the last six or so months sounded like they are making substantial gains in stopping ISIS recruitment, fundraising, and planning efforts

ISIS's Twitter Campaign Faltering Amid Corruption (Newsweek) The success of the Islamic State militant group (ISIS) at spreading its English-language radical Islamist propaganda on Twitter is faltering, as the social media platform continues its crackdown on jihadi accounts, according to a new report released Thursday

NSA's director says Paris attacks "would not have happened" without crypto (Ars Technica) Tells Yahoo News encryption prevented "insights" that could have raised alarms

Opinion: Why cybersecurity needs a grass-roots solution (Christian Science Monitor Passcode) President Obama's Cybersecurity National Action Plan rightly aims to make digital security a higher priority. But Washington needs to work more with states and cities to boost awareness of cyberthreats and the adoption of best practices

See Something Suspicious Online? Homeland Security Wants to Know About It (Nextgov) The Department of Homeland Security wants an extra $1 million next year to develop a public-service campaign designed to increase awareness of online threats

DHS releases initial guidelines for cyber threat info-sharing (Federal Times) The Department of Homeland Security is moving forward with the biggest piece of cybersecurity legislation passed last year, issuing preliminary guidance on how the private sector and government will communicate threat data as part of the Cybersecurity Information Sharing Act

DHS touches nearly every aspect of Cybersecurity National Action Plan, says Johnson (FierceGovernmentIT) Almost every directive under the Cybersecurity National Action Plan, which the president announced last week, involves the Homeland Security Department in some way, said DHS Secretary Jeh Johnson

Obama Creates Cyber Panel, Says Long-Term Vigilance Needed (ABC News) President Barack Obama on Wednesday appointed his former national security adviser, Tom Donilon, to lead a new commission on cybersecurity that will make detailed recommendations on how the nation should better protect itself against computer attacks

Ex-White House aide and ex-IBM CEO to head cyber security panel (Reuters) Former White House national security adviser Tom Donilon and former IBM chief executive Sam Palmisano will lead a new commission to strengthen U.S. cyber defenses over the next decade, the White House said on Wednesday

DHS Official: US Digital Service Not Only a Fix-It Team (Nextgov) The White House's digital services team earned heaps of publicity after rushing to fix the botched roll-out, but its mission isn't necessarily to "fix broken things in government," according to one senior official

Broadband Industry Getting Nervous That The FCC Might Actually Protect User Privacy (Tech Dirt) Back in 2008, Verizon proclaimed that broadband services didn't need additional consumer privacy protections because "public shame" would keep the broadband industry honest

DoD revising job descriptions for all its IT personnel, adding cyber responsibilities (Federal News Radio) The Defense Department is in the midst of an ambitious effort to redefine the work roles, job descriptions, qualification standards and training requirements of all of its information technology personnel

Litigation, Investigation, and Law Enforcement

White House: FBI is not asking Apple for a 'backdoor' to the iPhone (CSO) The White House said it is not the aim of the government to compromise the security of Apple's iPhone, as it only wants the company to help in the case of one phone that was used by a terrorist in the San Bernardino, California attack on Dec. 2

Apple Fights Order to Unlock San Bernardino Gunman's iPhone (New York Times) Apple said on Wednesday that it would oppose and challenge a federal court order to help the F.B.I. unlock an iPhone used by one of the two attackers who killed 14 people in San Bernardino, Calif., in December

Why Apple is battling investigators over San Bernardino terrorists' iPhone (Los Angeles Times) Apple Inc. CEO Tim Cook's stand against having his firm help unlock encrypted data on the San Bernardino shooters' cellphone is part of a larger battle between the federal government and Silicon Valley

Apple Slams Order to Hack a Killer's iPhone, Inflaming Encryption Debate (Intercept) Apple CEO Tim Cook's open letter defying a court order to hack into an iPhone — and asking for an open discussion about data privacy — has dramatized and widened the debate over encryption as never before

Apple Unlocked iPhones for the Feds 70 Times Before (Daily Beast) A 2015 court case shows that the tech giant has been willing to play ball with the government before — and is only stopping now because it might "tarnish the Apple brand"

Apple can comply with the FBI court order (Trail of Bits Blog) Earlier today, a federal judge ordered Apple to comply with the FBI's request for technical assistance in the recovery of the San Bernardino gunmen's iPhone 5C

Apple Responds To Order To Help Decrypt Phone, As More Details Come To Light (Tech Dirt) Last night, we wrote about a judge's order commanding Apple to help the FBI effectively decrypt the contents of Syed Farook's iPhone 5C

Why Tim Cook is right to call court-ordered iPhone hack a "backdoor" (Ars Technica) Custom version of iOS could undo years of work Apple put into securing iPhones

How Apple will fight the DOJ in iPhone backdoor crypto case (Ars Technica) US government's position stands or falls on the All Writs Act of 1789

Apple's opposition to FBI request sets stage for broader fight over encryption (Christian Science Monitor Passcode) Security and privacy experts say a lot is riding on the outcome of a federal court order to bypass security functions on an iPhone used by one of the San Bernardino shooters, which would require Apple to build what CEO Tim Cook calls a 'dangerous' backdoor

The FBI's attack on Apple could force Congress to rule on encryption (Verge) A federal court is ordering Apple to break the security of its products by building a backdoor into one of its devices — an iPhone 5C belonging to one of the San Bernardino shooters

Apple hack order potential tipping point in privacy vs. security battle (Washington Times) A seminal showdown in the long-running fight over government access to private communication is brewing over the judicial order to compel tech giant Apple to help the FBI hack the cellphone of one of the San Bernardino jihadis

Ex-NSA, CIA chief Michael Hayden sides with Apple in FBI iPhone encryption fight (The Week) Apple and the U.S. government are gearing up for a public and legal battle over FBI Director James Comey's demand that Apple give the FBI a tool to break the passcode on San Bernardino shooter Syed Farook's iPhone, a tool Apple argues create a "backdoor" around the iPhone's security, putting customer privacy and safety at risk and setting a dangerous precedent in the U.S. and abroad

Google and Microsoft back Apple in iPhone encryption case with US government (V3) Google and Microsoft have come out in defence of Apple in response to demands from the US government that it unlock an iPhone belonging to one of the gunmen in the San Bernardino terrorist attack

Edward Snowden, Sundar Pichai back Apple in fight over iPhone (USA Today) Former National Security Agency contractor Edward Snowden has backed Apple's refusal to comply with a federal court order to help the FBI unlock an iPhone used by one of the assailants in the mass shootings in San Bernardino, Calif., in December

Apple's Noble Stand Against the FBI Is Also Great Business (Wired) Apple CEO Tim Cook has vowed to fight a court order demanding that the company help the FBI unlock the iPhone belonging to one of the San Bernardino shooters. The move is, to say the least, polarizing

The Hubris of Hacking the FBI (eWeek) Hackers who have the audacity to taunt American law enforcement should beware that the long arm of justice will find them — and fast

Russian bank licences revoked for using hackers to withdraw funds (SC Magazine) Russian banks have had licences revoked after being suspected of direct participation in using hackers or blaming cyber-attacks to withdraw funds illegally

Cary brothers charged in Wake Tech cyber attack (WRAL) Two brothers have been charged in connection with a cyber attack that shut down the Wake Technical Community College's computer system for several days last year

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Department of the Navy (DON) IT Conference, West Coast 2016 (San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that...

2016 Cyber Security Division R&D Showcase and Technical Workshop (Washington, DC, USA, February 17 - 19, 2016) The cybersecurity threat continues to evolve and in order to keep ahead of the threat; new cutting-edge cybersecurity technologies are needed. The Cyber Security Division (CSD) within the Department of...

National Insider Threat Special Interest Workding Group: Insider Threats From A Human Resources & Legal Perspective (Laurel, Maryland, USA, February 18, 2016) This meeting will be focused on "Insider Threats From A Human Resources & Legal Perspective." Mrs. Jordan C. Meadows, Security Program Analyst at Rolls-Royce North America will present from the Human Resources...

ICISSP 2016 (Rome, Italy, February 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information...

CISO Canada Summit (Montréal, Québec, Canada, February 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges...

Interconnect2016 (Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...

cybergamut Tech Tuesday: Neuro Cyber Analytics: Understanding the Patterns of Human Cognition in the Cyber Domain (Elkridge, Maryland, Middletown, February 23, 2016) This presentation will discuss Neuro Cyber Analytics. Humans use context-specific neurocognitive patterns for receiving and processing internal and external sensory information. Stated differently, people...

Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...

CISO New York Summit (New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

BSides San Francisco (San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...

CISO Summit Europe (London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...

RSA Conference 2016 (San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016

Cybersecurity: Defense Sector Summit (Troy, Michigan, USA, March 1 - 2, 2016) The National Defense Industrial Association (NDIA) Michigan Chapter Cybersecurity: Defense Sector Summit is to provide a forum to foster educational dialog between government, industry and academia in...

International Academic Business Conference (New Orleans, Louisiana, USA, March 6 - 10, 2016) The Clute Institute of Littleton Colorado sponsors six academic conferences annually that include sessions on all aspects of cybersecurity. Cybersecurity professionals from industry and academics are...

CISO Chicago Summit (Chicago, Illinois, USA, March 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.