skip navigation

More signal. Less noise.

Daily briefing.

The US cyber offensive against ISIS continues to report inroads against the terrorist group’s finances and command-and-control apparatus. ISIS’s information ops reach will be harder to shorten—hacktivists who find inspiration in the self-proclaimed Caliphate’s online murders have called for death to US drone pilots.

Anonymous has hit the Bank of Greece with a distributed-denial-of-service campaign which they’re calling OpIcarus. The goal is to force the world’s financial institutions to atone for what those in the Guy Fawkes masks characterize as bankers’ crimes against humanity.

Seculert finds more outbound malicious traffic from infected devices than anyone would like to see.

Ransomware continues to hold cybercrime pride-of-place. New techniques and variants aim to stay ahead of defenders. There’s a widespread perception in the underworld that cyber extortion offers easy money.

University of Michigan researchers find several vulnerabilities in Samsung’s SmartThings, the company’s smart home platform. Other IoT issues are also being discussed. Waterfall Security Solutions argues the futility of firewalls for protecting SCADA critical infrastructure. ICS maven Joe Weiss points out that if you think it would be easy to switch control systems to manual operations while recovering from a cyber attack, well, think again. And the US Department of Homeland Security is piloting AKUA’s secure logistics solution for cargo monitoring and tracking.

The US security clearance system may soon undergo a significant shift, moving toward a “FICO-like” insider threat scoring system.

A US judge has required someone to open her fingerprint-secured iPhone pursuant to a search warrant. (Cue Constitutional issues.)

Notes.

Today's issue includes events affecting Bangladesh, Brazil, Canada, China, Greece, India, Iran, Iraq, Mexico, Pakistan, Panama, Philippines, Russia, Syria, Turkey, Ukraine, United Kingdom, United States.

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Ever wondered why hackers go after medical records? They'd give the Willie-Suttonesque answer that there's money there. On today's podcast the Johns Hopkins University's Joe Carrigan explains the value of stolen medical data. And we'll finish our talk with Bob Hansmann of Forcepoint (formerly Raytheon|Websense) on his company's 2016 Global Threat report.

Cyber Security Summit (Dallas, Texas, USA, May 3, 2016) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security. Register with promo code cyberwire50 for half off your admission (Regular price $250)

Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Experienced government officials, general counsels, and cybersecurity practitioners offer insight into governance, preparedness, and resilience. Register Today, CyberWire readers receive a $100 DISCOUNT using code WIRE16.

Cyber Attacks, Threats, and Vulnerabilities

ISIS-linked hackers claim to release personal information of U.S. drone pilots (Air Force Times) Islamic State-linked hackers threatened the U.S. military once again by releasing photographs and addresses of drone pilots linked to the takedown of their members

The Cyber Threat: Cybercom’s War on ISIS (Washington Free Beacon) Cyber attacks targets command and control, finances

Anonymous Target Bank of Greece Website with Massive DDoS Attack (HackRead) The online hacktivist Anonymous recently relaunched operation OpIcarus directed towards banking sector in Europe and the United States — The first bank coming under the fire is the Bank of Greece who had their website under a series of distributed denial-of-service attacks (DDoS) forcing the servers to remain offline for more than 6 hours

Secure Web Gateways Fail to Prevent Malicious Attacks (eWeek) Of 200 billion total communications observed by Seculert, nearly five million attempted malicious outbound communications were from infected devices

Ransomware Spikes, Tries New Tricks (Dark Reading) Ransomware authors constantly upping their game, techniques, to stay ahead of security researchers

Roughly a quarter of UK cyber-attacks originate from ransomware (SC Magazine) Ransomware accounts for around a quarter of cyber-threats targeting internet users in the UK. According to research from ESET's LiveGrid, ransomware accounted for a third of threats that targeted UK computers during the third week of April

Investigation ongoing one week after BWL cyber attack (WLNS) On Monday the Lansing Board of Water and Light announced that their main customer phone line is back in service

Security tips after Better Business Bureau hit by cyber attack (KHON 2) A cyber attack that can cause headaches for Internet users and website owners has claimed the Better Business Bureau as a victim

Comment fonctionnent les Kits d’exploitation? (Global Security Mag) Ces dernières années, nous avons observé une augmentation massive de l’utilisation des kits d’exploitation de vulnérabilités. Aucun site web n’est de taille face à la puissance d’un grand nombre de ces kits, à l’image de celui d’un célèbre quotidien britannique, notoirement victime d’une campagne de publicité malveillante exposant des millions de lecteurs au ransomware CryptoWall

Researchers Hack Samsung's SmartThings Platform (CIO Today) Researchers at the University of Michigan have discovered multiple security flaws in Samsung’s SmartThings Internet of Things consumer platform, allowing them to hack into the platform's automation system and gain control over a user’s home system. The discovery casts significant doubt on the ability of IoT software to expand into broader markets where companies are more concerned security issues

Samsung Smart Home flaws let hackers make keys to front door (Ars Technica) Don't rely on SmartThings for anything security related, researchers warn

Why firewalls don’t cut it when protecting critical infrastructure (Defense Systems) Andrew Ginter is vice president of industrial security at Waterfall Security Solutions, a Tel Aviv-based company that since about 2008 has been installing its SCADA (Supervisory Control and Data Acquisition) Monitoring Enablers and Unidirectional Gateways in critical infrastructure systems such as Canada's New Brunswick Power

What would a cyber attack mean to control system recovery – is extended manual operation possible (Control) The prevailing view of SCADA/control system recovery following a cyber event/attack is having a valid stored image of the HMI will assure system integrity and result in a fairly quick turnaround (at most a few days). However, that notion needs to face reality which is entirely different

The Hidden Flaws Of Commercial Applications (Dark Reading) Open source components in commercial applications are more plentiful than organizations think -- and they're full of long-standing vulnerabilities

When security isn’t so SWIFT (CSO) There are times where I sit quietly in dumbfounded amazement at the world. When you’ve been working in the information security space for a couple decades one would think that you’ve seen it all. This has proven itself time and again as not the case

Election fraud feared as hackers target voter records (The Hill) A series of data breaches overseas are spurring concerns that hackers could manipulate elections in the United States

Alpha Payroll fires employee victimized by W-2 Phishing scam (CSO) BEC attack compromised all of the 2015 W-2 records produced by the firm for their clients

Facial recognition used to strip sex workers of anonymity (Naked Security) Need more reason to fear the privacy invasion of facial recognition? Here’s one, by way of Russia

10 Biggest Mega Breaches Of The Past 10 Years (Dark Reading) These data breaches from Dark Reading's 10-year history boggle the mind in terms of scale and fallout

Security Patches, Mitigations, and Software Updates

Google Patches More Trouble in Mediaserver (Threatpost) Google has re-branded its monthly patch release, bringing a new name and new scope to the newly renamed Android Security Bulletin. While that may be new, the content is definitely familiar

Microsoft to begin SHA-1 crypto shutoff with Windows 10's summer upgrade (Computerworld via CSO) IE11 and Edge will drop lock icon this summer, block access to sites by Feb. 14, 2017

Cyber Trends

Threat Watch: The Top 10 Hacking Techniques for 2015 (Samsung Insights) Every year, WhiteHat Security coordinates the development of the Top 10 Web Hacking Techniques list. Now in its tenth year, this year’s list was compiled from 39 submissions discovered during the year and published via papers, blogs or articles, or presented at conferences

Global Threat Intelligence report ahead of Government Cyber Security Summit (Stuff) A Wellington IT security agency report has found the retail sector had the highset number of cyber attacks last year and is warning businesses and consumers to be vigilant as global cybercrime becomes more sophisticated

Report: Third parties increasingly pose data security risk (CIO Dive) A report released Monday by the Ponemon Institute found that the risk associated with third party data sharing is growing, but the C-Suite is not adequately prioritizing the issue

ThreatMetrix Uncovers $14.9 Billion Yearly Loss Due to Consumer Friction and Fraud Attrition (Benzinga) Q1 2016 research study by First Annapolis quantifies economic impact and identifies actions to prevent friction and fraud across digital banking and commerce channels

Online Transaction Fraud to More than Double to $25bn by 2020, Finds Juniper Research (Juniper Research) Greater ‘card present’ security sees fraud activity switch to e-retail

Why Internet of Things matters (SC Magazine) Much like cloud, Big Data and mobility trends before it, the emerging Internet of Things (IoT) presents an amorphous concept. And as you'd expect in a promising yet loosely defined segment, marketers see opportunity, while security professionals get saddled with identifying murky threats and protecting against them

Blog: Connectivity Mayhem: Ensuring Data Security in an IoT World (SIGNAL) In World War I, the U.S. Army used lumbering GMC trucks for the first time in combat—revolutionary for its time. Today, these vehicles would be considered slow, cumbersome and archaic in comparison to today's fast, powerful and, most of all, constantly connected warfighting machines

Converged Security The Next Big Thing For CISOs (CXO Today) With more and more connected devices coming into play, security concerns are increasing

The Rise of Threat Intelligence Gateways (Network World) Network appliances designed to automatically block known threats, mitigate risk, and streamline security operations

Verizon Breach Report: Lessons for Asia (Inforisk Today) Ashish Thapar provides breach prevention insights

Marketplace

Educating boards (SC Magazine) C-suites and boards of directors are increasing their knowledge of IT security risks and needs – before a breach happens

What a Security Evangelist does, and why you need one (Help Net Security) Here is a simple truth: You can create the most revolutionary product ever, but if you can’t get word about it out, you’ll fail

Loss of confidential information key to understanding interactions between crime and cyber coverage: conference speaker (Canadian Underwriter) The loss of confidential information can be crucial to understanding the interactions between cyber and crime coverage, attendees to the NetDiligence Cyber Risk Summit heard on Friday

The Panama Effect: What Actions Will Law Firms Take on Cybersecurity? (Legaltech News) There is now an urgency that wasn’t there before, simply because events have called into question the very ability of law firms to protect data

Security Solution Provider Superstars: How Do The Biggest Partners Stack Up? (CRN) The security market is heating up, which inevitably means the market's largest solution providers are getting more competitive than ever, with companies such as SecureWorks, Optiv Security and Trustwave vying for the top spot in the market

Kudelski Group Acquires Milestone Systems (BusinessWire) The Kudelski Group (SIX:KUD.S) announced today the acquisition of Milestone Systems, Inc., a leading provider of cyber and network security solutions. The move expands the Kudelski Group’s focus on cybersecurity solutions and provides a springboard for further growth

Stock in Queue: Radware (NASDAQ:RDWR) (CWRU Observer) Radware Ltd. (RDWR) is expected to report Q1 earnings before market open (confirmed) on Tuesday 05/03/2016. The company operates in the Information Technology Services industry. Radware Ltd develops, manufactures and markets cyber security and application delivery solutions designed to ensure optimal service level for applications in virtual, cloud and software defined data centers

4 Reasons I Bought CyberArk Software Ltd. (Motley Fool) This little cybersecurity firm has a wide moat and solid bottom line growth

Oppenheimer Sees Upside Potential In Fireye Inc (FEYE) Following Quarterly Checks (Country Caller) FireEye Inc. (NASDAQ:FEYE) is a network security company incorporated in the United States. It was founded by Mr. Ashar Aziz in year 2004 and has since gained popularity as a network security solutions provider. Oppenheimer’s recent quarterly channel checks portray a helpful environment for the network security business and FireEye seems to be rightly positioned to take advantage. Analyst Shaul Eyal believes that there is a lot of upside potential in the stock as trends continue to get better

BitSight's Customer List Grows With High-Profile Vendor Cybersecurity Fails (BostInno) What do Target, T-Mobile and Home Depot have in common? Besides the fact that they have all had data breaches within the last three years. It’s the source of those breaches: third-party vendors

Exabeam Channel Chief: Here's Why Partners Should Boost Their Security Strategy With User Behavior Analytics (CRN) The market for User Behavior Analytics (UBA) is gaining steam in the security space, expected to jump to $200 million by the end of 2017

US Cyber Challenge: Cyber Quests April 2016 (US Cyber Challenge) Cyber Quests, the online qualifying competition for US Cyber Challenge's summer cyber camps, closes registration this Thursday & the competition closes this Friday. Compete to earn an invitation to one of the USCC camps this summer. USCC is dedicated to reducing the nation's cybersecurity workforce gap

Why I Signed on with an IT Security Vendor (Digital Guardian) Here's why I jumped to the vendor side of the fence after 12 years as a Fortune 100 incident responder and threat researcher

Tenable Network Security Wins Governor’s Award at Chesapeake Regional Tech Council TechAwards 2016 (Tenable) Global provider of next-generation cybersecurity software recognized as one of Maryland’s leading tech companies

Gigamon Names Tech Industry Veteran Fred Studer as CMO (Gigamon) Top NetSuite, Microsoft and Oracle marketing executive to help a rapidly growing global marketplace leverage the expansive promise of Gigamon

Products, Services, and Solutions

CyberPoint's AKUA Secure Logistics Solution Selected for DHS Pilot (Dark Reading) Persistent cargo monitoring and tracking will facilitate and bolster border security

Versasec, PrimeKey Formalize Working Relationship (Verasec) Government customers and others requiring advanced certificate authorities to see significant benefits

Dimension Data and Blue Coat release new Cloud security service (ARN) WebSaaS to be rolled out in Australia first

Okta offers Touch ID-based multifactor authentication for iPhones (PCWorld) The company also expanded its mobility management product to encompass third-party apps

Hexis HawkEye G 4.0 Now Available, Features Network Sandbox Capabilities Powered by a Partnership with Lastline, a Cloud Offering, and Extended 24/7 Managed Services (GlobeNewswire) Hexis Cyber Solutions Inc. (Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (NASDAQ:KEYW) and provider of advanced cybersecurity solutions for commercial companies and government agencies, announced today the general availability of HawkEye G 4.0

Microsoft Wants the Surface Phone to Be the Most Secure Smartphone in the World (Softpedia) The Surface Phone is expected to launch next year

Virtustream Launches Global Hyper-scale Storage Cloud For Seamless Enterprise Storage Extensibility, Backup and Cloud-Native Object Storage (PRNewswire) Syncplicity selects Virtustream Storage Cloud to meet customer mobility and security needs

Technologies, Techniques, and Standards

Cybersecurity Professionals Are Using Misdirection To Combat Hacking (Motherboard) Cyberwarfare operates on two assumptions: hackers are clever and their targets are honest. Every attempted or successful server breach or laptop hack occurs in order for the invader to steal some data that leverages power in the real world, be it credit card numbers, state secrets, nuclear access codes, or any other collection of sensitive data

5 Must Knows – How Cloud Security Can Greatly Improve Your Business (Ground Report) Does your business use the cloud? The cloud has become incredibly useful to businesses of all sizes and in all industries for a number of reasons

Defending Advanced Persistent Threats - Be Better Prepared to Face the Worst (Infosecurity Magazine) We often hear news about emerging cyber security threats and attacks impacting every industry. With advanced malwares, zero day exploits and persistent threats, cyber-attacks are now becoming very sophisticated in nature

8 Microsoft Office 365 Security Tips To Reduce Data Loss (Dark Reading) Even with a slew of new security tools and compliance guidance, there are still things you can do to protect this critical business system

A Decade of Exploit Database Data (Offensive Security) Managing the Exploit Database is one of those ongoing tasks that ends up taking a significant amount of time and often, we don’t take the time to step back and look at the trends as they occur over time. Have there been more exploits over the years? Perhaps fewer? Is there a shift in platforms being targeted? Has the bar for exploits indeed been raised with the increase in more secure operating system protections?

Design and Innovation

Who created bitcoin? The long search may not be over (Olympian) Who is Satoshi Nakamoto? For many in the tech world, the identity of bitcoin's elusive creator has been a long-running parlor game. And the speculation might not be over

Satoshi: how Craig Wright's deception worked (Errata Security) My previous post shows how anybody can verify Satoshi using a GUI. In this post, I'll do the same, with command-line tools (openssl). It's just a simple application of crypto (hashes, public-keys) to the problem

The future of smart data security is in AI and silicon, says AMD CTO (MIS Asia) Semiconductor company AMD has pointed to using a marriage between AI (artificial intelligence) and silicon as the future of smart data security strategies

Research and Development

Raytheon developing technology to make software "immortal" (Sys-Con Media) Apps could be viable for 100 years despite changes in technology

Jammers, Not Terminators: DARPA & The Future Of Robotics (Breaking Defense) Robophobes, relax. The robot revolution is not imminent. Machine brains have a lot to learn about the messy physical world, said DARPA director Arati Prabhakar

Academia

CSTA Launches Cybersecurity Professional Development Program for Teachers (THE Journal) The Computer Science Teachers Association (CSTA) has launched the Cyber Teacher Certificate professional development program designed to train teachers in cybersecurity education

UNG offering cyber security summer camp for high school students (Forsyth Couny News) The University of North Georgia is holding a free two-week residential National Cyber Warrior Academy on its Dahlonega Campus for high school students interested in cyber-related education and/or careers

Legislation, Policy, and Regulation

Is India Ready for an Email Privacy Act? (Inforisk Today) Citing Governance Issues, Leaders Cast Doubt on Prospects

Microsoft CEO Satya Nadella: Why the U.S. needs better laws to balance privacy and national security (GeekWire) Microsoft CEO Satya Nadella is calling for the U.S. government to establish a better framework of laws to create a “new equilibrium” between the privacy of personal data and the need for national security

What’s Your ‘Insider Threat Score?’ It Could Determine If You Keep Your Clearance (Defense One) The new National Background Investigation Bureau thinks screening people with classified access can determine their likelihood of going rogue

Feds Have Found ‘Unbelievable’ Amounts of Child Porn on National Security Computers. Is this the Solution? (Nextgov) A top National Security Agency official wants to keep tabs on national security personnel off-the-clock, in part by tracking their online habits at home. The aim is to spot behavior that might not be in America's best interests

How Multifactor Authentication Can Play a Role in the Cybersecurity National Action Plan (Nextgov) In February 2016, the White House announced the Cybersecurity National Action Plan, which aims to increase federal cybersecurity funding by more than a third to over $19 billion

Car hackers could get a life sentence under proposed anti-hacking law (Naked Security) Hacking a car in Michigan could become a felony with a life sentence, if proposed legislation introduced last week becomes law in the home state of the US auto industry

Litigation, Investigation, and Law Enforcement

WhatsApp blocked in Brazil again -- stupidity knows no limit (Computerworld) WhatsApp “can’t” give Brazil court drug evidence. Judge Marcel Montalvão doesn’t redeem himself

What Happens When Canadian Cops Find a Software Security Flaw? (Motherboard) When law enforcement and intelligence agencies in Canada discover flaws in computer software—say, a bug that could help hackers steal messages from a smartphone, or spy on unsuspecting victims via internet-connected webcams—do they disclose those holes to the software's creator so they can be plugged? Or do they keep such flaws secret for their own use in future investigations, with the hope that no one else will find and use them maliciously first?

LA judge forces woman to unlock iPhone with fingerprint (Naked Security) The forced use of fingerprints to unlock an iPhone is playing out again in Los Angeles

Why your iPhone-unlocking fingerprint is susceptible to FBI search warrants (Macworld via CSO) A judge is forcing a woman to unlock an iPhone with her fingerprints, but does this violate the Constitution?

Fingerprint Security Can Actually Make Data on Phone More Vulnerable to Government, Authorities (BizTek Mojo) Fingerprint security should keep data safer from everyone but the recent cases have shown that the government can actually force someone to use their own fingerprint to unlock their phone, possibly incriminating themselves in a case

Microsoft's CEO says company suing the U.S. government over privacy (IDG via CSO) The company's commitment to privacy drove it to fight gag orders, he says

Twitter suit over surveillance stats battered, but not dead (Politico) A federal judge delivered a blow Monday to Twitter's drive to release more details on surveillance orders it receives, but the tech firm won a chance to try to reformulate its case

Arsenal Consulting Reveals Sophisticated Evidence Tampering Involving Turkish Journalists (PRNewswire) Boston-based digital forensics expert describes his firm's work involving journalists accused of membership in a terrorist organization

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

CISO United States (Chicago, Illinois, USA, May 1 - 3, 2016) The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda...

SANS Security West 2016 (San Diego, California, USA, May 1 - 6, 2016) With cyber-attacks and data breaches on the rise, attacks becoming more frequent, sophisticated and costlier, the gap in the ability to defend has become wider and more time sensitive. Now is the perfect ...

CEBIT (Sydney, New South Wales, Australia, May 2 - 4, 2016) With the Australian Federal Government officially announcing its national cyber security policy, ahead of CeBit Australia’s business technology event, CeBIT is ultra strong on cyber security, too. CeBIT’s...

Cyber Investing Summit 2016 (New York, New York, USA, May 3, 2016) The Cyber Investing Summit is an all-day conference focusing on the investment opportunities, trends and strategies available in the $100+ billion cyber security sector. Network with investment professionals,...

SecureWorld Kansas City (Overland Park, Kansas, USA , May 4, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

National Oceanic Atmospheric Administration (NOAA) IT Security Conference (Silver Spring, Maryland, USA, May 4, 2016) The purpose of this event is to provide training and to educate NOAA and Department of Commerce personnel about various topics relating to Cyber Security. Attendance is open to NOAA and Department of Commerce...

SecureWorld Kansas City (Overland Park, Kansas, USA, May 4, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

2016 Cybersecurity Summit (Scottsdale, Arizona, USA, May 5, 2016) The Arizona Technology Council (AZTC), Arizona Commerce Authority (ACA) and Arizona Cyber threat Response Alliance (ACTRA)/Arizona InfraGard present the third annual Cybersecurity Summit on Thursday, May...

2016 Cybersecurity Summit (Scottsdale, Arizona, USA, May 5, 2016) The Arizona Technology Council (AZTC), Arizona Commerce Authority (ACA) and Arizona Cyber threat Response Alliance (ACTRA)/Arizona InfraGard present the third annual Cybersecurity Summit on Thursday, May...

Cyber Security Summit 2016 (Aukland, New Zealand, May 5, 2016) New Zealand’s first Cyber Security Summit will be held in Auckland on 5 May 2016. The theme is “Keeping New Zealand’s Economy Cyber Secure”. Hosted by the Minister for Communications Hon Amy Adams, the...

MCRCon 2016: Some Assembly Required (Ypsilanti, Michigan, USA, May 10, 2016) The annual conference focuses on hacking prevention, incident handling, forensics and post-event public relations, with presentations delivered by nationally-recognized experts, cybersecurity skills competitions,...

CISO UK (London, England, UK, May 10, 2016) We're in an historic transition — one marked by challenges, but filled with possibility. Preparing for the upturn and making the right decisions in times of change can better position your enterprise...

SecureWorld Houston (Houston, Texas, USA, May 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

International Conference on Business and Cyber Security (ICBCS) (London, England, UK, May 12 - 13, 2016) To date the vast majority of businesses have viewed cyber security as a peripheral issue that is the primary concern of the IT Department. Whilst this mind set is unlikely to change radically any time...

Guarding the Grid (Washington, DC, USA, May 12, 2016) Protecting the power grid from today's cyber threats has become one of the nation's top national security priorities. Nowhere was this more evident than in the aftermath of the cyberattack in Ukraine that...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.