Looking for an introduction to AI for security professionals?
Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.
December 19, 2017.
By The CyberWire Staff
The US has publicly blamed North Korea for WannaCry, with White House Homeland Security Advisor Tom Bossert saying that "the attack was widespread and cost billions, and North Korea is directly responsible." The dots are being connected through the activities of the Lazarus Group. The US isn't alone; indeed, it's late to the party, as the UK and others have made this attribution as early as June. The British Foreign Office joined, again, in fingering Pyongyang for WannaCry. The strategy here seems to be to shame North Korea and stiffen international consensus against what Washington sees as an increasingly dangerous rogue regime.
The attribution comes on the heels of a US statement of strategic policy that identifies North Korea, Iran, China, and Russia as adversaries. North Korea and Iran get strong talk; China and Russia a more nuanced but still cold treatment (Chinese and Russian observers are quick to call the document a return to the Cold War). It's worth noting that the US hasn't, for all of its strong words, characterized WannaCry as an act of war.
GuardiCore has published the results of its look at an organized Chinese cyber gang. They're operating from a "coordinated infrastructure, and they're going after database-service servers. GuardiCore finds three attack variants, which they're calling "the Hex-Men": Hex, Hanako, and Taylor.
Netskope reports finding a RAT that uses Dropbox to host its payload and Telegram for command-and-control.
Security researchers and ISPs in Egypt and Latin America have successfully taken down the Satori botnet.
Today's issue includes events affecting China, European Union, France, Jordan, India, Iran, Israel, Democratic Peoples Republic of Korea, Republic of Korea, Russia, United Kingdom, United Nations, United States.
How are you handling your cloud monitoring and security?
Cloud providers offer many security measures, but you’re ultimately responsible for securing your own data. While 53% of organizations are training their staff to manage cloud security, 30% of organizations plan to partner with an MSP. In our white paper, we discuss the considerations you need to make before choosing a solution.
Earn a master’s degree in cybersecurity from SANS(Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.
U.S. blames North Korea for 'WannaCry' cyber attack(Reuters) The Trump administration has publicly blamed North Korea for unleashing the so-called WannaCry cyber attack that crippled hospitals, banks and other companies across the globe earlier this year.
US Blames North Korea For WannaCry -- But Are Trump's Cyber Sleuths Wrong?(Forbes) The Trump administration blamed North Korea for the massive WannaCry ransomware outbreak Monday night in an op-ed in the Wall Street Journal. The article was penned by Tom Bossert, key Trump cybersecurity adviser and assistant to the president for homeland security and counterterrorism.
Beware the Hex-Men(GuardiCore) In the last few months GuardiCore Labs has been investigating multiple attack campaigns conducted by an established Chinese crime group that operates worldwide.
Android Malware Will Destroy Your Phone. No Ifs and Buts About It(BleepingComputer) A malware strain known as Loapi will damage phones if users don't remove it from their devices. Left to its own means, this modular threat will download a Monero cryptocurrency miner that will overheat and overwork the phone's components, which will make the battery bulge, deform the phone's cover, or even worse.
Jack of all trades(Securelist) Among this array of threats we found a rather interesting sample – Trojan.AndroidOS.Loapi. This Trojan boasts a complicated modular architecture that means it can conduct a variety of malicious activities: mine cryptocurrencies, annoy users with constant ads, launch DDoS attacks from the affected device and much more.
Bitcoin exchange shuts down after being hacked twice in one year(HOTforSecurity) A South Korean Bitcoin exchange has collapsed after suffering its second hack in less than a year. As The Telegraph reports, YouBit has announced that it suffered a hack at 04:35am local time today, which saw criminals steal 17% of its total assets. As a... #bitcoin #bitcoinexchange #youbit
Collaborative Takedown Kills IoT Worm 'Satori'(eWEEK) A new version the Mirai IoT malware that used two exploits in popular routers to build a 700,000-node botnet in less than four days is shut down by security researchers and internet service providers.
Example of 'MouseOver' Link in a Powerpoint File(SANS Internet Storm Center) I really like Microsoft Office documents... They offer so many features that can be (ab)used to make them virtual bombs. Yesterday, I found a simple one but nicely prepared Powerpoint presentation: Payment_copy.ppsx (SHA256:7d6f3eb45c03a8c2fca4685e9f2d4e05c5fc564c3c81926a5305b6fa6808ac3f). It was still unknown on VT yesterday but it reached now a score of 1/61!. It was delivered to one of my catch-all mailboxes and contained just one slide.
The truth about RFID credit card fraud(CSO Online) Despite demonstrations to show it's possible, documented cases of RFID credit card fraud are unknown. And as security professionals know, there is a huge gulf between potential crime and actual crime.
The Market for Stolen Account Credentials(KrebsOnSecurity) Past stories here have explored the myriad criminal uses of a hacked computer, the various ways that your inbox can be spliced and diced to help cybercrooks ply their trade, and the value of a hacked company.
Iran Cybersecurity Profile(Anomali) Iran is one of the major powers in the Middle East, and currently seeks to gain influence in the global landscape.
Security Patches, Mitigations, and Software Updates
7 cyber security predictions for 2018(CSO Online) Let’s face it: 2017 was a terrible year for cyber security with more phishing scams, ransomware, state-sponsored attacks, and new attack vectors. Will 2018 be better?
Dispelling Cybersecurity Myths(Recorded Future) Chief Security Architect Gavin Reid discusses cybersecurity myths that need to be dispelled, including the notion that companies should “do more with less.”
Cybersecurity IPOs In 2018 Could Be Plentiful(Investor's Business Daily) Most cybersecurity stocks seem to be in a funk heading into 2018 but a pickup in initial public offerings — and, perhaps, mergers — next year might pique the interest of investors.
Asian Cybersecurity Futures(CLTC) This report explores diverse political, economic, and technological factors that will shape Asia’s future as the region becomes more connected.
Check Point CEO Wants Faster Growth(Forbes) Let's say you start a company in 1993, take it public in 1996, sell your product in 88 countries, and are still running it in December 2017. Why not take your billions and go yachting? Why are you still at the company's helm and eager to speed up its growth?
It’s a good time to be a federal IT nerd(FederalNewsRadio.com) With more pieces coming into focus, industry and former federal executives say the Trump administration’s plans for IT modernization have matured.
Pentagon Hacked in New U.S. Air Force Bug Bounty Program(Security Week) The Hack the Air Force 2.0 bug bounty program kicked off earlier this month with researchers finding a critical vulnerability that could have been exploited to gain access to a network of the U.S. Department of Defense.
Cylance Names Rahul Kashyap as Global Chief Technology Officer(Digital Journal) Cylance® Inc., the company that revolutionized the antivirus and endpoint protection industry with true AI-powered prevention that blocks malware, fileless attacks and today’s most advanced cyberthreats, today announced the promotion of Rahul Kashyap to Global Chief Technology Officer (CTO).
Products, Services, and Solutions
Janrain Delivers First Universal Integration of CIAM Event Data with SIEM Systems(markets.businessinsider.com) Janrain®, the company that pioneered the Customer Identity and Access Management (CIAM) category, today announced it is the first CIAM provider to deliver universal integration with major Security Information and Event Management (SIEM) systems such as IBM QRadar and others to provide Security Operations Center (SOC) analysts with early detection and response to a wider swath of suspicious activities and possible security threats.
SIA Announces RISE Scholarship Winners(Security Industry Association) Security Industry Association recognizes 2017 RISE scholarship winners; funds to support professional development of young security professionals.
Louisiana Tech gets $1.3M grant to enhance cybersecurity programs(Federal Times) The university, in a news release, says the grant was awarded by the National Science Foundation and will be used to support Tech’s proposed CyberCorps Scholarship for Service program to prepare cybersecurity professionals for entry into the government workforce.
Jordan can take the lead in cyber security(Jordan Times) The Great Wall of China was built thousands of years ago to prevent China’s enemies from entering. Well, they did as mentioned in historical references three or four times. The enemies bribed the guards to open a gate under darkness for the stealthy armoured enemy soldiers to sneak in.
Antiquated Policy Complicates Threat Intelligence Collection(Security Week) Before the world began sending over 500 million tweets and posting more than four million Facebook messages each day, the practice of Open Source Intelligence (OSINT) gathering, conducted by law enforcement and government agencies for the purpose of evaluating threats to national security, largely involved analyzing and subscribing to newspapers delivered from all over the world.
Whistleblowers worry about fate of spy agency ombudsman(Federal Times) A decision to put the man who handles whistleblower complaints at U.S. spy agencies on administrative leave has raised worries on Capitol Hill that it’s part of a plan to hamstring the program that helps intelligence workers report waste, fraud and abuse.
2018 Leadership Conference(Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.
Connected Medical Device & IOT Security Summit(Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...
CyberUSA(San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.