Security incidents happen at the seams, between tools and teams. Unite your people, processes, and technologies behind an intelligence-driven defense. Attend this ThreatConnect webinar to learn how.
June 8, 2016.
By The CyberWire Staff
Akamai’s quarterly State of the Internet report sees a continuing rise in cheap-to-mount but disruptive DDoS attacks, many of them using stresser/booter-based botnets. Akamai also reports that account takeover attacks are particularly targeting financial and entertainment verticals.
Bogus Apple domains are the source of several phishing expeditions targeting users in the UK and China. FireEye says the phishers are after Apple IDs and passwords.
Victims of the Mount Gox cryptocurrency exchange collapse are being phished from the Kraken Exchange, Cyren warns.
Crysis crypto ransomware is overtaking both Locky and TeslaCrypt. ESET says Crysis is unusual in its indifference to file extensions.
Trend Micro warns that BlackShades ransomware also remains active.
Fortinet describes “Herbst,” apparently still in beta, but whose authors seem to be preparing for a ransomware campaign against German speakers (perhaps this fall).
The Facebook Messenger bug Check Point found is said to enable attackers to alter previously sent messages.
SecureWorks explains the recurrence of malware in cleaned systems: some malicious code exploits BITS, a native Windows tool used to retrieve updates.
As investigations into SWIFT-related fraudulent transfers proceed, US bank regulators, specifically those associated with the Federal Financial Institutions Examination Council (FFIEC), are warning financial institutions to pay attention to compliance, follow best security practices, and expect closer scrutiny.
In industry news, Fortinet buys SIEM shop AccelOps.
US Cyber Command finds retention more challenging than recruiting.
In a move to upgrade its security posture, Singapore will cut most civil servants’ workplace Internet access by May of next year.
Today's issue includes events affecting Bangladesh, Brazil, China, Germany, India, Iran, Iraq, Israel, Democratic People's Republic of Korea, Mexico, Russia, Singapore, United Kingdom, United States.
ON THE PODCAST
Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we welcome our newest research partner, Virginia Tech’s Hume Center. Charles Clancy, the Center's director, gives us an overview of his organization and its research interests. (Should you enjoy our podcast, please consider giving it an iTunes review.)
Cyber Attacks, Threats, and Vulnerabilities
Abu Azrael sends message from Fallujah(Threat Matrix) Iraqi Shiite militia commander and strongman Abu Azrael, or “father of the Angel of Death,” taped a message from Fallujah addressed to both the enemies and friends of Iran. The clip was posted by an Iranian hardline and pro-Islamic Revolutionary Guard Corps (IRGC) media outlet on June 4
Beyond TeslaCrypt: Crysis family lays claim to parts of its territory(WeLiveSecurity) It has been two weeks since ESET created a TeslaCrypt decryptor, which allows victims of the ransomware to get their files back. This came on the back of its developers ceasing operations. Since then, over 32,000 users around the globe have taken advantage of this opportunity and downloaded the tool
Cooking Up Autumn (Herbst) Ransomware(Fortinet) Fortiguard’s behaviour-based system designed to identify new malware has detected a German targeted ransomware. We named it Herbst, a German word which in English means Autumn
Malware exploits BITS to retain foothold on Windows systems(Help Net Security) If you’re sure that you have cleaned your system of malware, but you keep seeing malware-related network alerts, it’s possible that at some point you’ve been hit with malware that uses Windows’ BITS to schedule malicious downloads
US warns banks on cyber threat after Bangladesh heist(Reuters via Interaksyon) U.S. regulators on Tuesday told banks to review cyber-security protections against fraudulent money transfers in the wake of revelations that a hacking group used such messages to steal $81 million from the Bangladesh central bank
Software as Weaponry in a Computer-Connected World(New York Times) The internet was created nearly 40 years ago by men — and a few women — who envisioned an “intergalactic network” where humans could pull data and computing resources from any mainframe in the world and in the process free up their minds from mundane and menial tasks
Q1 2016 State of the Internet - Security Report (Akamai) DDoS and web application attack activity by vector. Analysis of repeat targets and DDoS as a diversion. Bot traffic analysis over 24 defined bot categories. DDoS spotlight: 100 Gbps+ mega attacks using increasingly simple attack vectors, Web application attack spotlight: Account Takeover (ATO) attacks targeting finance and entertainment sectors
Do companies take customers’ security seriously?(Help Net Security) 75 percent of adults in the UK would stop doing business with, or would cancel membership to, an organisation if it was hacked. This suggests, however, that a quarter would carry on using that company despite the security risk to both personal and financial information
Network defense must improve as hacking profession matures(GCN) Cybercrime is becoming a lucrative business, and the low cost of entry coupled with a potentially high return on investment has fueled the spread and sophistication of the hacking profession. And like any other business, it’s maturing as cybercriminals hone their skills and tools
Do You Have Vendors in These ‘Risky’ Countries?(Spend Matters) Procurement organizations working with suppliers in Brazil may be putting their companies at risk. A new report says companies operating in Brazil pose the highest cyber risks for vendors and business partners due to poor security practices
BAE Systems sets sights on Vietnam(IHS Jane's Defence Weekly) BAE Systems is undertaking a project to expand its understanding of Vietnam, with a view to potential market penetration. The move coincides with the United States' recent decision to lift its long-standing military embargo on the Southeast Asian count
NSFocus Launches Cloud Security Platform(Light Reading) NSFOCUS, a global network and application security provider, announced the launch of NSFOCUS Cloud, a world-wide cloud-deployed security platform. NSFOCUS Cloud provides customers with easy access to advanced security services and offers comprehensive, end-to-end protection from a single source when used in combination with NSFOCUS' on-premises equipment.
Threat Intelligence: When Straw Houses Don’t Suffice Against Big Wolves(Recorded Future) The following interview is with Chris Stouff and is from our Threat Intelligence Thought Leadership Series. Chris is manager of security incident response and forensics at Armor. What drives interest in threat intelligence in your community? What hole in your world does it fill?
Can you spot a strong password?(Naked Security) Security sophisticates tend to be plenty cynical about “typical users” – especially when it comes to choosing strong passwords. But, according to computer security researchers at CyLab, Carnegie Mellon’s Security and Privacy Institute, ordinary users aren’t quite as dumb as advertised. And their misunderstandings fall into just four specific categories. That’s actually a pretty manageable amount of education
Turning Zero-Day into D-Day for Cybersecurity Threats(IT Business Edge) "Zero-day" is a term used to describe the culprit behind many of the security breaches we hear about almost daily in the news. But what exactly does it mean? Zero-day — the first or "zeroth" day — refers to the point in time a security hole in code is revealed to hackers or cybersecurity professionals (e.g., a developer, researcher, software programmer)
Why the Economic Payoff From Technology Is So Elusive(New York Times) Your smartphone allows you to get almost instantaneous answers to the most obscure questions. It also allows you to waste hours scrolling through Facebook or looking for the latest deals on Amazon
Research and Development
IARPA exploring deceptive cyber defenses(Federal Times) Intelligence work is often as much about gathering information as it is about disseminating misinformation. To that end, the Intelligence Advanced Research Projects Activity (IARPA) is looking for innovative solutions around deceptive cyber defenses
Senate Dem calls for cybersecurity 'militia'(Washington Examiner) A Democratic senator on Monday called for the creation of a cybersecurity "militia" that would help the U.S. shore up its cybersecurity posture, even if it means recruiting people who don't measure up to traditional military recruiting standards
Report finds sweeping flaws with visa partners(The Hill) More than one-third of countries participating in a program allowing their citizens to enter the United States without visas are failing to live up to requirements for sharing information about suspected terrorists and criminals
F.B.I. Steps Up Use of Stings in ISIS Cases(New York Times) The F.B.I. has significantly increased its use of stings in terrorism cases, employing agents and informants to pose as jihadists, bomb makers, gun dealers or online “friends” in hundreds of investigations into Americans suspected of supporting the Islamic State, records and interviews show
Justice Dept. granted limited immunity to staffer in Clinton email probe(Washington Post) Attorneys for a former State Department staffer who helped set up Hillary Clinton’s private email server said Tuesday that he was granted limited immunity by federal prosecutors in an ongoing Justice Department investigation and not shielded from prosecution in connection with other matters
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
ISS World Europe(Prague, Czech Republic, June 7 - 9, 2016) ISS World Europe is the world's largest gathering of regional law enforcement, intelligence and homeland security analysts as well as telecom operators responsible for lawful interception, hi-tech electronic...
Data Breach & Fraud Prevention Summit Asia(Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the
New York State Cyber Security Conference(Albany, New York, USA, June 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The...
LegalSEC Summit 2016(Baltimore, Maryland, USA, June 9 - 10, 2016) Whatever your role in security, there’s something here for you! Hear from experts who will share their experiences related to information security, and develop takeaways to use in your organization. The...
SecureWorld Portland(Portland, Oregon, USA, June 9, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...
Cybersecurity and Financial Services: Understanding the Risks(San Diego, California, USA, June 9, 2016) Join San Diego's KCD PR for a conversation on a hot topic for every business operating in the Fintech and Financial Services space: Cybersecurity. The nature of cybersecurity breaches is continuously changing...
SIFMA Cyber Law Seminar(New York, New York, USA, June 9, 2016) During this full-day program attorneys and compliance professionals will gain insights and regulatory perspectives on cybersecurity law as well as strategies for how to take an active and valuable role...
Cleared Job Fair(Tysons Corner, Virginia, USA, June 9, 2016) ClearedJobs.net connects you with cleared facilities employers, including Federal Acquisition Strategies, Firebird Analytical Solutions & Technologies, Leidos, PAE, TRIAEM, Commonwealth Computer Research,...
SANSFIRE 2016(Washington, DC, USA , June 11 - 18, 2016) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2016 is our annual "ISC Powered" event. Evening talks tap into the expertise behind...
Show Me Con(St. Charles, Missouri, USA, June 13 - 14, 2016) SHOWMECON. The name says it all. Known as the Show Me State, Missouri is home to St. Louis-based ethical hacking firm, Parameter Security, and security training company, Hacker University. Together, they...
CISO DC(Washington, DC, USA, June 14, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and...
Cyber Security Opportunities in Turkey Webinar(Online, June 14, 2016) As in other countries, Turkey is a target of high profile attacks in the public and private sectors. Instability from neighboring countries increases their risk.
Since 2014 Turkey is working on a cyber security plan which includes not only government but private sector and NGOs as well. Per Cisco's 2014 Security Report, attacks occur in ICS-SCADA, web servers and malwares-6% respectively, applications-31%, infrastructure-18%, and end-users-9%.Topics include: industry drivers, trends, and key players. Open Q&A session at the conclusion of presentations. Confirmed speakers: Alper Cem Yilmaz, Founder, and Jade Y. Simsek, Mrktg Specialist, CrypTech. Learn about the Cyber Security Market in Turkey with the objective of finding sales opportunities. Turkey's Transportation, Maritime Affairs and Communications Ministry formed SOME (Cyber Incident Response Teams)for protection of cyber attacks. ...
The Security Culture Conference 2016(Oslo, Norway, June 14 - 15, 2016) The Security Culture Conference 2016 is the leading, global conference discussing how to build, measure and maintain security culture in organizations. The conference is a part of the Security Culture...
TECHEXPO Top Secret Hiring Event(Baltimore, Maryland, USA, June 15, 2016) Security-cleared professionals are invited to interview for new career opportunities on Wednesday, June 15 at the BWI Marriott in Baltimore, MD. Hot job opportunities are available in Cyber Security, Intelligence,...
2016 CyberWeek(Tel Aviv, Israel, June 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's...
Cyber Security for Critical Assets LATAM(Rio de Janeiro, Brazil, June 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency...
Cyber 7.0(Laurel, Maryland, USA, June 22, 2016) Cyber 7.0 delves into the cyber threat to the nation’s critical infrastructure—transportation, health care, utilities, and energy, to name a few. How can government and industry work together to battle...
Security of Things World(Berlin, Germany, June 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June...
SANS Salt Lake City 2016(Salt Lake City, Utah, USA , June 27 - July 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more...
DC / Metro Cyber Security Summit(Washington, DC, USA, June 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...
TECHEXPO Cyber Security Hiring Event(Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.