skip navigation

More signal. Less noise.

Recorded Future

Get threat intelligence on hackers and vulnerabilities FREE every day with the Recorded Future Cyber Daily. Sign up today.

Daily briefing.

The US Government is said to be winding up an indictment of Iranian hackers, charging them with intrusions into networks controlling that small flood-control dam in Rye, New York. The intent is said to be to send a message to Tehran; the New York Congressional delegation appears to be front-running the attribution and calling for a vigorous response.

North Korean dudgeon aside, speculation about who's behind the OnionDog threat group and its attacks on South Korean targets is largely directed toward...North Korea. Chinese security firm Qihoo 360 is tracking OnionDog's activities.

Palo Alto's Unit 42 is reporting on the "digital quartermaster" phenomenon, which it perceives in an ongoing campaign against Mongolian government sites. (A digital quartermaster is a conjectured support service that maintains attack tools used in a variety of campaigns.) The tools that appear to be maintained by the digital quartermaster include the Cmstar downloader and the BBSRAT Trojan. Unit 42 thinks geolocation of attack traffic suggests the hackers are located in China. (Fun fact we learned at RSA, by the way: "Unit 42" got its name as Palo Alto's homage to the Hitchhiker's Guide to the Galaxy.)

Should there in fact be digital quartermasters, it would seem there are challenges in keeping criminals out of their supply chain. Reuters reports, on the basis of studies by Dell SecureWorks, Attack Research, InGuardians, and G-C Partners, that newly sophisticated ransomware hitting targets in the US and elsewhere is using "tactics and tools previously associated with Chinese government-supported computer network intrusions."


Today's issue includes events affecting China, India, Iran, Democratic Peoples Republic of Korea, Republic of Korea, Mongolia, Romania, Russia, United States.

2016 National Conference of Minority Cybersecurity Professionals (Washington, DC, March 23 - 24, 2016) The landmark ICMCP conference will elevate the national dialogue on the necessary measures needed to attract and develop minority cybersecurity practitioners to address the cross-industry cybersecurity skills shortage.

Women in Cybersecurity (WiCYS) 2016 (Dallas, TX, March 31 - April 2, 2016) The 3rd annual conference brings together women (students, faculty, researchers, professionals) in cybersecurity from academia, research organizations and industry for the sharing of knowledge and experience, networking and mentoring.

Cyber Attacks, Threats, and Vulnerabilities

Digital Quartermaster Scenario Demonstrated in Attacks Against the Mongolian Government (Palo Alto Networks) Unit 42 has collected multiple spear phishing emails, weaponized document files, and payloads that targeted various offices of the Mongolian government during the time period of August 2015 and February 2016

Korean Energy and Transportation Industries attacked by OnionDog APT (eHacking News) Chinese security researchers from cyber-security vendor, Qihoo 360 have blown the lid on a hacker group, ‘OnionDog’ which has been infiltrating and stealing information from the energy, transportation and other infrastructure industries of Korean-language countries through the Internet

Exclusive: Chinese hackers behind U.S. ransomware attacks - security firms (Reuters) Hackers using tactics and tools previously associated with Chinese government-supported computer network intrusions have joined the booming cyber crime industry of ransomware, four security firms that investigated attacks on U.S. companies said

Iran responsible for cyber attack on New York flood control structure: Senator (Canadian Underwriter) A cyberattack on a small dam in the New York City suburbs was a “shot across the bow” of the United States and should be met with tougher sanctions against Iran, U.S. Senator Charles Schumer said Friday

Why the OPM Hack Is Far Worse Than You Imagine (Lawfare) The Office of Personnel Management (“OPM”) data breach involves the greatest theft of sensitive personnel data in history. But, to date, neither the scope nor scale of the breach, nor its significance, nor the inadequate and even self-defeating response has been fully aired

Compromised data goes public as Staminus recovers from attack (CSO) Security firm responsible for anti-DDoS protection still recovering from last week's incident

Attacker leaves “SECURITY TIPS” after invading anti-DDoS firm Staminus (Naked Security) Staminus, a California-based internet hosting provider that specializes in helping sites stay online when distributed denial of service (DDoS) attackers try to elbow them off, was itself the target of a cyber broadside last week

Staminus Breach: Just How Bad Is It? (Risk-Based Security) In terms of data security, 2016 is off to a pretty grim start, as we have already tracked 510 data breaches exposing over 175 million records

Top websites affected by Angler exploit kit malvertising, security vendors say (IDG via CSO) The attacks delivered a backdoor called BEDEP and sometimes the TeslaCrypt ransomware

A history of ransomware (CSO) What ransomeware is, why it works, and what you need to do to protect against this top threat

Security vs convenience: The story of ransomware spread by spam email (Naked Security) Like many others, you’ve probably faced the ‘Security vs Convenience’ question many times

Ransomware author's bravado shot down by release of decryption keys (Graham Cluley) "You'll never be able to find me. Police will never be able to find me"

Bug in surveillance app opens Netgear NAS systems to compromise (Help Net Security) A security vulnerability in the ReadyNAS Surveillance Application can be exploited by unauthenticated, remote attackers to gain root access to Netgear NAS systems, Sysdream Labs researcher Nicolas Chatelain has found website leaked volunteers’ email addresses (Help Net Security), the non-profit organization dedicated to increasing diversity in computer science, has admitted its website has been leaking volunteer email addresses

Anonymous Announces Major Campaign Against Donald Trump for April 1, 2016 (Softpedia) The Anonymous hacker collective has put out a video threatening to "dismantle" Donald Trump's presidential campaign, announcing a series of cyber-attacks against a several of his personal and business websites on April 1, 2016

Typosquatters Target Mac Users With New ‘.om’ Domain Scam (Threatpost) Typosquatters are targeting Apple computer users with malware in a recent campaign that snares clumsy web surfers who mistakenly type .om instead of .com when surfing the web

What does Oman, the House of Cards, and Typosquatting Have in Common? The .om Domain and the Dangers of Typosquatting (Endgame) House of Cards Season 4 debuted on Netflix this past weekend, much to the joy of millions of fans, including many Endgamers. One particular Endgamer made an innocent, but potentially damaging mistake

Vulnerabilities on SoC-powered Android devices have implications for the IoT (Trend Micro: Simply Security) Trend Micro has discovered a new vulnerability that could bring into question the security of the Internet of Things

Hotel replaces light switches with insecure Android tablets (Help Net Security) Here’s another documented instance for the “insecure Internet of Things” annals, courtesy of CoreOS security developer Matthew Garrett

Music streaming has a nearly undetectable fraud problem (Quartz) Loud controversies are a hallmark of the music streaming industry

Shopping Apps: Pro's and Con's (Fox 45 News) Many consumers use shopping app's when they are buying items from their cell phones

One of the world’s most notorious hackers just revealed his identity to me (The Next Web) The man behind Team GhostShell — the hacker collective behind some of the biggest cyber attacks in recent memory, including attacks on the FBI, NASA and the Pentagon as well as a leak that saw 2.5 million Russian “government, educational, academic, political and law enforcement” accounts compromised — is ready to come clean and face the music

This hacker has doxxed himself to get a job (TechWorm) 24-year old Romanian claims he is notorious Hacker GhostShell to get a job!

Bulletin (SB16-074) Vulnerability Summary for the Week of March 7, 2016 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Cyber Trends

State of Automation in Security (Algosec) The “State of Automation in Security” survey uncovers key trends on the use of automation to manage security processes across today’s constantly-evolving environments


The risks of hedging your security bets on cyberinsurance (Information Security Buzz) Data breaches are expensive

Orange Cyberdefense to Acquire Threat Intelligence Provider Lexsi (Infosecurity Magazine) Orange enters into exclusive talks to acquire French threat intelligence services provider Lexsi

Bold Capital Partners Invests in Security Network Company BlueLine Grid (ExecutiveBiz) Security collaboration platform BlueLine Grid has received an additional round of investment funds from equity firm Bold Capital Partners for an undisclosed sum

Envistacom Lands Army Contract for Cyber Adversary Identification Tech (ExecutiveBiz) Atlanta, Georgia-based cybersecurity firm Envistacom has received a five-year, $90 million contract from the Army to provide cyber technology for U.S., coalition and regional military forces

Luthra & Luthra advises Quick Heal on IPO (Legal Era) Luthra & Luthra Law Offices recently acted for the underwriters on the Initial Public Offering of Quick Heal Technologies Limited, one of the leading IT security solutions company, first provider of security software products and solutions to begin an Initial Public Offering (IPO) in India

5 Hot Security Job Skills (Dark Reading) Cybersecurity job openings are looking for people with a blend of technical, security, and industry-specific talents -- and it helps to know Python, Hadoop, MongoDB, and other big-data analysis tools, too

Google has doubled its bounty for a Chromebook hack to $100,000 (IDG via CSO) The top reward is for someone who can attack a Chromebook in guest mode

Lastline Names Brian Stoner as VP of Global Alliances (Marketwired) Former FireEye executive joins leader in network-based cyber threat detection and defense

Products, Services, and Solutions

Cybersecurity Operations Growing at Port (Port San Antonio) Radiance Technologies launches first Texas location in support of region’s defense community

Symantec partners with hosting providers to offer free TLS certificates to website owners (CSO) Symantec's Encryption Everywhere program will offer basic SSL/TLS certificates to domain owners for free

Review: Consider VPN services for hotspot protection (Network World via CSO) We review 7 low-cost VPN services for when you’re out of the office or out of the country

Neue G DATA Business-Generation 14 schützt gegen Zero-Day-Attacken (Finanzen) G DATA stellt auf der CeBIT seine richtungsweisenden Unternehmenslösungen der Generation 14 vor

Teradata Completes Security and Compliance Audits for Teradata Cloud (PRNewswire) Demonstrates Teradata's commitment to protecting customer data

Technologies, Techniques, and Standards

Risk managers key to managing cyber exposures (Business Insurance) Risk managers play an integral role in ensuring that their companies adopt an enterprisewide approach to cyber security, the Federation of European Risk Management Associations told a European Commission consultation on public-private partnerships in cyber security

Follow the data to improve security preparedness, hospital CISO says (FierceHealthIT) Healthcare organizations must shift their thinking about security to improve their preparedness, according to Joey Johnson, chief information security officer at Premise Health in Brentwood, Tennessee

How to conduct a tabletop exercise (CSO) As you discovered in the first installment of this five-part series, tabletop exercises can be an important practical tool for reviewing and updating incident response plans

Defense in depth: Stop spending, start consolidating (CSO) How many tools are too many tools to have an efficient defense in depth security infrastructure?

Why outsource risk management to people who don’t care? (Help Net Security) The 2015 Cost of Cyber Crime Study by the Ponemon Institute reported that 50% of companies have implemented some sort of access governance technology. It fell 4th on the list in terms of ROI that people were getting from governance. The implementation trend is driven primarily by compliance

Data is a toxic asset, so why not throw it out? (CNN) Thefts of personal information aren't unusual. Every week, thieves break into networks and steal data about people, often tens of millions at a time. Most of the time it's information that's needed to commit fraud, as happened in 2015 to Experian and the IRS

It’s time to kill the static password (Help Net Security) How do you manage your passwords? Do you set them all to approximately the same value, for fear of forgetting them? Or do you write them down in a little book, or in a spreadsheet? Perhaps you use clever character combinations or a piece of software to manage them on your behalf?

Two-factor authentication (2FA) versus two-step verification (2SV) (Graham Cluley) What's the difference between 2FA and 2SV? And which is better?

Understanding The 2 Sides Of Application Security Testing (Dark Reading) Everybody likes to focus on the top 10 vulnerabilities, but I've never found a company with a top 10 vulnerabilities problem. Every company has a different top 10

Threat Intelligence Tweaks That’ll Take Your Security to the Next Level (Recorded Future) Addictive, isn’t it?

Design and Innovation

Open source encrypted app is key to security for Facebook (Electronics Weekly) Moxie Marlinspike, a co-developer of the Signal encrypted mobile messages app, is seeing his security technology used by Facebook’s messaging service, WhatsApp

Microsoft isn't betting on Bitcoin, others in e-commerce should take note (FierceCIO) Microsoft no longer accepts Bitcoin in its Windows Store – reversing a decision the tech giant made less than a year and a half ago to honor the payment method through a third-party provider called Bitpay

Research and Development

Mathematicians are geeking out about a bizarre discovery in prime numbers (Quartz) Prime numbers have both fascinated and boggled mathematicians for millennia. But a new study contends that one aspect of prime numbers’ core usefulness—the ability to appear random—may not be what we suspected it to be


Here's How Cyber Security, Big Data Are Edging Their Way Into Elite MBA Programs (BusinessBecause) Information management topics trendy at top business schools

AT&T Renews Support of AFA's Flagship STEM Program, CyberPatriot (PRNewswire) The Air Force Association today announced that long-time CyberPatriot supporter, AT&T, has renewed their support of the nationally recognized program

Legislation, Policy, and Regulation

Breach notification in Europe: The GDPR’s far-reaching implications Read more: (IT Pro Portal) In 1995, Iomega introduced the Zip Drive. Palm Pilots were two years from being introduced to the market. In technical terms, 1995 is a very, very long time ago. It was also the year the EU introduced the Data Protection Directive

Obama Makes Case For Mobile Device ‘Back Door' (TechWeek Europe) Governments must have access to encrypted devices in order to enforce basic security and tax laws, Obama says

Encryption, Privacy Are Larger Issues Than Fighting Terrorism, Clarke Says (NPR) David Greene talks to former national security official Richard Clarke about the fight between Apple and the FBI. The FBI wants an iPhone that was used by one of the San Bernardino shooters unlocked

President Obama Is Wrong On Encryption; Claims The Realist View Is 'Absolutist' (TechDirt) This is not all that surprising, but President Obama, during his SXSW keynote interview, appears to have joined the crew of politicians making misleading statements pretending to be "balanced" on the question of encryption

FCC pushes for ISP data-sharing disclosures (FierceCIO) The Federal Communications Commission issued proposed rules on Thursday that would require Internet Service Providers to obtain the consent of those using their services if they plan to share customer data with third parties

What the FCC privacy push means for consumers, Internet providers (Christian Science Monitor Passcode) The Federal Communications Commission has proposed new security and privacy standards for broadband providers. Industry groups complain the proposal goes too far

Litigation, Investigation, and Law Enforcement

FBI's Most Wanted Cybercriminals (Dark Reading) The Federal Bureau of Investigation has got millions of dollars worth of rewards waiting for those who can help them nab these accused cyber thieves, spies and fraudsters

White House set to send Iran cyber message (The Hill) The Obama administration is reportedly poised to indict the Iranian hackers responsible for infiltrating a New York dam in 2013

Why This Former U.S. Counterterrorism Chief Supports Apple (Fortune) You might think that as the senior counterterrorism official in the U.S. government for nine years, and the man whose warnings of an impending al-Qaida attack before 9/11 were famously ignored by the second Bush administration, Richard Clarke would be sympathetic to the FBI in its standoff with Apple AAPL 0.25% over access to a terrorist’s locked iPhone. You would be wrong

Why you should side with Apple, not the FBI, in the San Bernardino iPhone case (Washington Post) Either everyone gets security, or no one does

John Oliver explains why he's on Team Apple in the encryption debate (CSO) "There is no easy side to be on in this debate," Oliver said on Last Week Tonight. So he explained why Apple's side is right

In the FBI’s Crypto War, Apps May Be the Next Target (Wired) If there's anything the world has learned from the standoff over the encrypted iPhone of San Bernardino killer Syed Rizwan Farook, it’s that the FBI doesn’t take no for an answer

WhatsApp Encryption Said to Stymie Wiretap Order (New York Times) While the Justice Department wages a public fight with Apple over access to a locked iPhone, government officials are privately debating how to resolve a prolonged standoff with another technology company, WhatsApp, over access to its popular instant messaging application, officials and others involved in the case said

Feds ask for 5 years jail for journalist who handed over newspaper login (Naked Security) Federal prosecutors want a 5-year jail sentence for Matthew Keys – the journalist convicted of handing over login credentials for the Los Angeles Times’s parent company and then telling Anonymous to “go f**k some s**t up”

#Arrested: Md. man accused of using hashtags in bank robberies (Daily Record) Prince George's County authorities say they have arrested a robber who used hashtags in his notes to bank tellers, linking him to at least nine bank robberies in Maryland. County police spokeswoman Julie Parker announced Friday that 45-year-old Leroy Earl Daley, of Landover, likely will be charged with five bank robberies in the county

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Security & Counter Terror Expo 2016 (London, England, UK, April 19 - 20, 2016) Security & Counter Terror Expo (formerly Counter Terror Expo) is the event for any professional tasked with protecting assets, business, people and nations from terrorism. It brings over 9000 attendees...

4th Annual Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) At our 4th annual Institute, in the capital where cybersecurity regulations and enforcement decisions are made, you will be able to receive pragmatic advice from the most knowledgeable legal cybersecurity...

Upcoming Events

SANS 2016 (Orlando, Florida, USA, March 12 - 19, 2016) It is time we unite, join forces, and show that if we work together, we can make a measurable difference in security. It is our pleasure to announce that SANS 2016 is back in Orlando, Florida March 12-21 ...

CONAUTH/EKMS/COMSEC Information Sharing and Key Management Infrastructure (ISKMI) 2016 (Waikiki, Hawaii, USA, March 14 - 18, 2016) The ISKMI will draw global-wide participation and Allied (Five Eyes and NATO) attendees. Information sharing will be centralized to Key Management Infrastructure (KMI), Cryptographic Modernization (CM),...

Pwn2Own 2016 (Vancouver, British Columbia, Canada, March 16 - 17, 2016) Since its inception in 2007, Pwn2Own has increased the challenge level at each new competition, and this year is no different. While the latest browsers from Google, Microsoft, and Apple are still targets,...

Insider Threat Symposium & Expo™ (San Antonio, Texas, USA, March 17, 2016) The Insider Threat Symposium & Expo was created in the wake of the recent data breaches affecting the U.S. Government (WikiLeaks, NSA Breach), and the continued damaging and costly insider threat incidents...

ICCWS 2016 (Boston, Massachusetts, USA, March 17 - 18, 2016) ICCWS 2016 will cover the complex but exciting aspects of international cyber warfare and security

CISO Summit France (Paris, France, March 22, 2016) A forum for innovative IT thought leaders across France. Despite economic instability in the euro zone amid an on-going global financial crisis, IT spending worldwide is expected to increase in the coming...

cybergamut Tech Tuesday: Providing Consistent Security Across Virtual and Physical Workloads (Elkridge, MD, Calverton, March 22, 2016) Data centers today are being tasked with many more requirements. This has been increasing as companies leverage server virtualization in new ways. This has made the data center a rich source of information...

Risk Management Summit (New York, New York, USA, March 22 - 23, 2016) The Business Insurance Risk Management Summit is a unique two-day conference serving the information and networking needs of senior risk managers, benefits managers and related decision makers from the...

International Consortium of Minority Cybersecurity Professionals (ICMCP) Inaugural National Conference (Washington, DC, USA, March 23 - 24, 2016) The conference will focus on the public, private and academic imperatives necessary to closing the growing underrepresentation of women and minorities in cybersecurity through diversification of the workforce.

Artificial Intelligence and Autonomous Robotics (Clingendael, the Netherlands, March 23 - 24, 2016) Artificial Intelligence (AI) has been a feature of science fiction writing for almost a century, but it is only in more recent years that the prospect of truly autonomous robotics — even those that...

Commonwealth Cybersecurity Forum 2016 (London, England, UK, March 23 - 24, 2016) The Commonwealth, built on consensus and mutual support, is an ideal platform to build international cooperation on various aspects of cybersecurity. CTO's Commonwealth Cybersecurity Forum brings together...

Black Hat Asia 2016 (Singapore, March 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two...

TU-Automotive Cybersecurity USA 2016 (Novi, Michigan, USA, March 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.