skip navigation

More signal. Less noise.

How are companies actually using machine learning for threat intelligence?

Artificial intelligence, and in particular machine learning, has seen huge strides in recent years and is now impacting all aspects of society and business. Learn the four ways machine learning is powering smarter threat intelligence with Recorded Future's latest white paper. Download your copy now.

Daily briefing.

Unrest and fighting in Ethiopia appear to have prompted the government to shut down most of the country's Internet access. Twitter and Facebook have been out since Tuesday; other services are affected as well.

Bitcoin is used for many legitimate purposes, but it has its dodgy uses, too. Many criminals demand ransom or other payments in Bitcoin. So do pariah states: North Korea, its finances crippled by international sanctions, increasingly turns to Bitcoin as a source of badly needed funds.

Investigation into the TRITON attack on a Middle Eastern industrial plant continue. FireEye's Mandiant unit is working on the incident, regarded as unusually dangerous because TRITON infects safety systems. A nation-state is widely suspected, with initial suspicion turning toward Iran.

The UK's senior military officer warns that Britain's undersea cables are vulnerable to disruption.

Synaptics wants everyone to be clear: that issue with its keypad on HP laptops involved a debugger. Synaptics isn't in the keylogger business.

Fortinet has patched a credential leaking flaw in its VPN client. Palo Alto Networks also has a patch out, theirs for a hole in its firewall that could permit remote attacks.

The Manhattan District Attorney has charged a New York resident, Louis Meza, with arranging a stick-up to relieve one of Mr. Meza's friends of valuables. The stick-up man specifically demanded the password to the victim's Ethereum wallet. 

A London man has received six years plus for his role in Dridex.

In the US, the FCC has cancelled net neutrality. Litigation to follow.

Notes.

Today's issue includes events affecting Ethiopia, Iran, Democratic Peoples Republic of Korea, Nigeria, Russia, Saudi Arabia, Slovenia, United Kingdom, United States.

A note to our readers, and especially to our Patrons: Patreon has decided not to roll out the increased fees they'd announced recently for their service. We're happy to say Patrons will no longer be charged a large processing fee for their pledges. And we'd like to take this opportunity to thank all of you who've signed up as Patrons. You help us keep the CyberWire up and running.

When 95% of breaches are human error, why is it on the last line of our security budget?

Probably because until now, you haven’t found a solution that works. NINJIO produces 3-4-minute-long animated Episodes that teach your end-users how not to get hacked. This is done through Hollywood story telling. A new Episode is produced every 30 days on the most current breaches. Your end-users emotionally connect with the first scene of every Episode, so they’re engaged throughout the Episode. NINJIO tells stories, not lectures and has a 98.5% renewal rate. NINJIO works. See a free in person demo.

In today's podcast, we hear from our partners at Terbium Labs, as Emily Wilson laments breach fatigue. Our guest is Colleen Huber from MediaPro, on their 2017 State of Privacy and Security Awareness Report.

Earn a master’s degree in cybersecurity from SANS (Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

Cyber Attacks, Threats, and Vulnerabilities

North Korea’s Bitcoin Play (Bloomberg.com) “It’s the perfect mechanism for North Korean money.”

As Violence Flares in Ethiopia, Internet Goes Dark (Voice of America) Internet shutdowns seen as common government tactic during times of civil strife

Unprecedented Malware Targets Industrial Safety Systems in the Middle East (WIRED) A rare and dangerous new form of malware targets the industrial safety control systems that protect human life.

TRITON Attacker Disrupts ICS Operations, While Botching Attempt to Cause Physical Damage (Dark Reading) TRITON malware is discovered after an attack on a safety monitoring system accidentally triggered the shutdown of an industrial process at an undisclosed organization.

Nation State Attackers Shut Down Industrial Plant with New ICS Malware (eSecurity Planet) The malware was designed specifically to target Triconex SIS controllers.

Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure (FireEye) Mandiant recently responded to an incident at a critical infrastructure organization where an attacker deployed malware designed to manipulate industrial safety systems. The targeted systems provided emergency shutdown capability for industrial processes.

Cyber security firm responds to ICS Attack framework dubbed Triton (Computing) Cyber crooks use Triton malware to compromise critical infrastructure

Synaptics Says Claims of a Keylogger in HP Laptops are False (Threatpost) Synaptics said reports that hundreds of HP laptops contained a secret keylogger that traced back to debugger software made by the company are inaccurate.

Permissions Flaw Found on Azure AD Connect (Threatpost) A permissions flaw in Microsoft’s Azure AD Connect software could allow a rogue admin to escalate account privileges and gain unauthorized universal access within a company’s internal network. 

Fox-IT reveals hackers hijacked its DNS records, spied on clients' files (Graham Cluley) Given the nature of Fox-IT's work there are likely to be some interesting theories as to who might have been behind this particular attack, and what they were attempting to spy upon.

Fortinet VPN Client Exposes VPN Creds, Palo Alto Firewalls Allow Remote Attacks (BleepingComputer) It's been a bad week for two of the world's biggest vendors of enterprise hardware and software — Fortinet and Palo Alto Networks. Both companies fixed security issues this week affecting some of their most popular products, with some bugs being quite intrusive and dangerous.

Popular Destinations Rerouted to Russia (BGPMon) Early this morning (UTC) our systems detected a suspicious event where many prefixes for high profile destinations were being announced by an unused Russian Autonomous System.

Air Chief Marshal Sir Stuart Peach fears crippling Russian attack on web cables (Times) Britain’s trade and internet are at risk of catastrophic damage from any Russian attack on underwater communications cables, the head of the armed forces has warned. Air Chief Marshal Sir Stuart...

Dissecting PRILEX and CUTLET MAKER ATM Malware Families (TrendLabs Security Intelligence Blog) For a while now, Trend Micro has focused its efforts on covering ATM malware, especially new families that come up with features that stealthily target banking customers. In this blog post, we're going to cover two that have recently come to our attention: Prilex and Cutlet Maker. Each of them is interesting in their own right, but for different reasons.

85 Credential-Stealing Apps Found on Google Play Store (HackRead) A couple of days ago HackRead exclusively reported on a Fidget spinner app that has been sending other apps data to a server in China. Now, IT security res

Misconfigured Amazon S3 buckets expose sensitive data (SearchStorage) When users fail to properly configure Amazon S3 buckets, they put data on the public cloud service at risk. Experts call for IT admins to keep a close watch.

A Very Malicious Christmas (Anomali) In 2017, Americans are projected to spend $906 million on gifts, up from $785 in 2016. A significant chunk of that total will be spent online. As consumers turn to the internet, those looking to exploit them are increasing at a similar rate.Over the last 5 years, the festive season has seen actors ramping up Christmas themed campaigns to directly target businesses and consumers. This post outlines a very small number of particularly prolific attacks that have been observed over

The Weather Online is Frightful: Holiday Scams Run Rampant on Social (ZeroFOX) Holiday scams on social media are on the rise, and ZeroFOX reports thousands of fake accounts distributing phishing, malware & fame farming.

Cyber Trends

Cybercrimes have become a business issue: Expert (Asian Age) Traditional methods such as antivirus, firewalls no longer effective.

More Than 90 Percent of Cybersecurity Professionals Concerned About Cybercriminals Using AI in Attacks (Webroot) Cybersecurity Experts Say AI Critical to Protect Digital Assets in the

From buzz to the battleground, AI is everywhere (CSO Online) An open letter to artificial intelligence.

Examining attitudes towards confidential data (Help Net Security) Industry analyst firm Quocirca surveyed 500 IT decision makers in the United States, Canada, United Kingdom, Australia and Japan, examining attitudes towar

Complex regulations and sophisticated cyberattacks inflate non-compliance costs (Help Net Security) Non-compliance costs have significantly increased over the past few years, and the issue could grow more serious in the near future.

List of Cloud Statistics (Clutch) In the past year, we released multiple reports featuring original data on the cloud industry. We’ve collected the most important data points here, offering insights into businesses’ opinions on cloud security trends, spending habits, and more in 2017.

A few cybersecurity predictions for 2018 (CSO Online) Look for cloud computing chaos, high-end services, technology consolidation/integration, machine learning ubiquity, and a GDPR mess.

Marketplace

Cybersecurity market slowdown? Not anytime soon (CSO Online) Despite some analyst speculations to the contrary, cybersecurity spending is rising sharply.

'Unsolicited and unhelpful': End users hounded by 40 IT supplier calls a day (CRN) VAR's research unveils industry's obsession with cold calling end users who are spending up to three hours a day fielding unwanted calls,Reseller ,Probrand,cold calling,Matt Royle

Northrop Grumman Wins Contract Extension to Provide UK’s Forensic and Biometric Capability (Northrop Grumman Newsroom) Northrop Grumman Corporation (NYSE: NOC) has been awarded an extension to its existing contract with the Home Office to continue providing services, systems operations and maintenance for the Forensic and Biometric Interim...

National Guard still struggling to fill cyber positions (FederalNewsRadio.com) Almost two years after the National Guard announced it was having trouble filling cyber positions, the military component is still stuck in the same spot.

i-House.com and McAfee Coin launch Presale of IHT Token for Real Estate Smart Contract Development (CoinSpeaker) According to the latest news, i-house.com has formed partnership with Mr. John McAfee, to build a blockchain cloud platform for global real estate industry.

Thales Regroups Its Digital Assets and Appoints New Talents (Thales) Beginning January 1, 2018, Thales will regroup its digital businesses and expertise under a transverse Digital Business Unit. David Jones is appointed Senior Vice-president Digital Business Unit, Thales, effective on 8 December 2017. He will be based in California.

Digital Shadows Strengthens Management Team as Business Continues to Expand (Channel EMEA) Digital Shadows, the leader in digital risk management and threat intelligence, today announced several key appointments to its management team designed to scale the business in support of company growth following Series C funding earlier in the year.

Products, Services, and Solutions

New infosec products of the week​: December 15, 2017 (Help Net Security) EventTracker 9: New UI and faster threat hunting EventTracker released a new version of its SIEM, which enables faster threat hunting and simplified compli

Best security software, 2017: How cutting-edge products fare against the latest threats (CSO Online) In these security software reviews, we go hands-on with some of the most innovative, useful and, arguably, best tools from today's most important cybersecurity technology categories.

The best antivirus? Kaspersky leads in latest tests, but that's only part of the story (CSO Online) Ransomware and other threats often get through signature-based antivirus protection, giving it a bad rap. However, antivirus tools still play an important role in the enterprise security strategy.

Silent Circle and WidePoint Team to Deliver Secure Mobile Solutions to the U.S. Federal Sector (Business Insider) WidePoint Corporation (NYSE: WYY), a leading provider of Trusted Mobility Management (TM2) specializing in Telecommunications Lifecycle Management (TLM) and Cybersecurity solutions, today announced a strategic partnership with Silent Circle, a pioneer in enterprise-class mobile security, privacy and compliance solutions.

VMware, Carbon Black partner to advance app security (RCR Wireless News) VMware and Carbon Black announced a joint app security solution, which combines three key elements to enhance cloud and data center security, including...

NH-ISAC Ditches Passwords, Links with Trusona (Healthcare Analytic News) The National Health Information Sharing and Analysis Center will use dynamic user authentication going forward.

FBI Cybersecurity Security Expert Abagnale On The Real Cause Of Blockbuster Security Breaches And The Breakthrough Technology That Could Eliminate Passwords (CRN) Frank Abagnale, the teenage check forger turned FBI security expert popularized in the film "Catch Me If You Can," spoke with CRN about the cause of blockbuster cybersecurity breaches, why Equifax is the worst breach he has ever seen, and the revolutionary technology that could eliminate passwords.

Technologies, Techniques, and Standards

Want to really understand how bitcoin works? Here’s a gentle primer (Ars Technica) Ars goes deep on the breakthrough online payment network.

Agencies cautious on blockchain applications (GCN) Agency execs caution that putting policy before technology could 'hijack' future efforts to deploy the technology.

NatWest overhauls web security after online confrontation (Computing) Natwest improves the security of its main website

Is Your Security Workflow Backwards? (Dark Reading) The pace at which information security evolves means organizations must work smarter, not harder. Here's how to stay ahead of the threats.

Tech alone can’t save your business from cyberattacks (The Next Web) Chris Young, CEO of McAfee just spoke at TNW New York. We’re sharing his views on the importance of company culture in cyber security. For a growing number of CEOs, security is now a top concern — but most aren’t doing enough to protect their companies from harm. Data breaches jumped 29 percent in the …

Laptop Security: Not Sexy, But A Real Cybersecurity Imperative (LinkedIn) As an executive at a cybersecurity company, I typically make the rounds to all of the industry’s “must attend” events to stay on top of the latest trends, learnings and industry buzz. These forums are where the good guys go to learn what the bad guys do.

Cyber Hunt Teams: A Necessary Augment to Traditional Security Practices (LookingGlass Cyber Solutions Inc.) “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” -Sun Tzu Cyber hunt teams are becoming an important part of o, December 14, 2017

Staying Safe While Accessing Online Banking (Infosecurity Magazine) MiTB attacks and trojans continue to be a problem for online banking.

Beginner's Guide to Admin Permissions (Business News Daily) Administrator accounts typically fall to IT, but not all small businesses have a dedicated person. Here's what you should know, plus tips for beginner admins.

A Simple Checklist To Help You Not Get Hacked (Fast Company) There are a lot of in-depth guides to staying safe online. Citizen Lab and a group of security gurus built an interactive tool to keep things simpler.

How to Make Adversaries Work Harder, While We Work Smarter, in 2018 (Security Week) 2018 should not be another year where attackers continue to exploit the known

Army eyeing options for long-range electronic attack (C4ISRNET) Army leaders are looking at alternative approaches to meet and field electronic warfare needs.

Design and Innovation

This Software Developer Is Making a Surveillance-Free Cell Phone Network (Motherboard) Denver Gingerich is the brains behind Sopranica, a DIY, surveillance free cell phone network he hopes will one day rival big telecom companies.

How Did Apple Inc. (AAPL) Suddenly Get So Bad At Security? (StockNews.com) A recent string of embarrassing security and other gaffes in iOS and macOS should be concerning for investors.

Why mobile game developers need to say “Game Over” to the man-in-the-middle (IT Pro Portal) Most of the mobile games, including those most popular among children and teens, are highly vulnerable to a breach.

Academia

Hyderabad students are planning to protect society from cyber attacks (Deccan Chronicle) Knowledge of Dark Web, Blue Whale and others also opens career prospects in cybersecurity, says a student.

Legislation, Policy, and Regulation

Cybersecurity bill features rare collaboration in House; now comes the Senate challenge (Washington Examiner) Prospect of DHS gobbing up jurisdiction at the expense of other departments has long been a source of concern on Capitol Hill.

Pentagon Delays Deadline For Military Suppliers to Meet Cybersecurity Rules (Nextgov.com) The goal of the new regulations is to secure sensitive data on the computers and networks at smaller companies.

Army vows to reinvigorate electronic warfare by combining it with cyber, intelligence functions (FederalNewsRadio.com) After years of frustrations, the Army says 2018 is the "year of delivery" for its electronic warfare force, which will be subsumed into its cyber branch.

Net Neutrality laws scrapped in US (Computing) Is the death of internet freedom upon us?

Litigation, Investigation, and Law Enforcement

Man gets friend kidnapped to steal $1.8 million worth of Ethereum (HackRead) As you might know, the value of Bitcoin suddenly increased this month and that motivated hackers to target cryptocurrency exchanges and steal user funds or

Barclays Bank Insider Sentenced for Role in Dridex Plot (Infosecurity Magazine) Barclays Bank Insider Sentenced for Role in Dridex Plot. Londoner gets over six years in jail

Business Email Compromise scammer sentenced to 41 months in prison (WeLiveSecurity) A US judge has sentenced a Nigerian man to three years and five months in a federal prison after he pleaded guilty to taking part in a business email compromise scam that targeted organisations around the world.

The FCC Just Killed Net Neutrality. Now What? (WIRED) Groups plan to contest the FCC decision's to repeal net neutrality rules.

FCC votes down Obama-era ‘net neutrality’ rules (The Washington Times) Not even a bomb threat and impromptu evacuation could stop the Federal Communications Commission from voting Thursday to repeal net neutrality, setting up another legal battle between the Trump administration and Democratic attorneys general.

Justice Department Announces Charges and Guilty Pleas in Three Computer Crime Cases Involving Significant DDoS Attacks (US Department of Justice Office of Public Affairs) Defendants responsible for creating “Mirai” and clickfraud botnets, infecting hundreds of thousands of IoT devices with malicious software

Former Botmaster, ‘Darkode’ Founder is CTO of Hacked Bitcoin Mining Firm ‘NiceHash’ (KrebsOnSecurity) On Dec. 6, 2017, approximately USD $52 million worth of Bitcoin mysteriously disappeared from the coffers of NiceHash, a Slovenian company that lets users sell their computing power to help others mine virtual currencies.

OSX.Pirrit Mac Adware Part III: The DaVinci Code (Cybereason) Cybereason researcher Amit Serper discovers a new variant of TargetingEdge's Mac OSX Pirrit malware, now this adware includes remote access tool RAT capabilities.

Senate may put off most anticipated Russian probe findings (Honolulu Star-Advertiser) With no firm conclusions yet on whether President Donald Trump’s campaign may have coordinated with Russia, the Senate intelligence committee could delay answering that question and issue more bipartisan recommendations early next year on protecting future elections from foreign tampering.

New Details Emerge About Discovery Of FBI Agent’s Anti-Trump Texts (The Daily Caller) The Justice Department's office of the inspector general revealed new details Wednesday about how it discovered the anti-Trump text messages that led to FBI agent Peter Strzok's removal from Special C

The FBI’s Trump ‘Insurance’ (Wall Street Journal) More troubling evidence of election meddling at the bureau.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

International Conference on Cyber Security: Forging Global Alliances for Cyber Resilience (New York, New York, USA, January 8 - 11, 2018) The Federal Bureau of Investigation and Fordham University will host the Seventh International Conference on Cyber Security (ICCS 2018) on January 8-11, 2018, in New York City. ICCS is held every eighteen...

2018 Leadership Conference (Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.

Connected Medical Device & IOT Security Summit (Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.