skip navigation

More signal. Less noise.

Daily briefing.

CyberX offers further descriptions of BugDrop, a complex and sophisticated cyber espionage campaign in progress against a diverse array of Ukrainian targets. The malware in use is spread by phishing; the specific vector is the familiar one of malicious macros in attached documents. Once installed, the suite of attack tools takes control of infected device microphones and collects ambient audio; it also steals files and exfiltrates them to Dropbox. The malware is relatively quiet and unobtrusive. Its purpose appears to be reconnaissance only: there's no evidence of any destructive functionality. Beyond saying that the responsible threat actor appears to have considerable "field experience" and a great deal of money, CyberX declines to offer any attribution.

ESET reports that there's a new and unusually virulent strain of ransomware afflicting Macs. Called "Patcher," the malware is spread by torrent files offering license crackers. It's dangerous, according to ESET, in large part because it's incompetently coded: the authors left the victims with no way of recovering their files, even upon payment of ransom.

Other, more established forms of ransomware continue to circulate: Locky, Cryptowall, and Cerber account for 90% of current infestations, according to Check Point. Cryptoransomware isn't the only form of cyber extortion out there, either: a Bitdefender study concludes that fear of reputational damage is likely to motivate a significant fraction of IT executives to pay up.

In the US, NSA appears likely to continue its Vulnerabilities Equities Process essentially unchanged. The program governs the agency's disclosure of zero-days to industry.


Today's issue includes events affecting China, European Union, Germany, Iran, Russia, Saudi Arabia, Taiwan, Ukraine, Tthe United Kingdom, United States.

In today's podcast we hear from Emily Wilson, of our partners at Terbium Labs. She'll discuss how novel exploits eventually become a standard part of attackers' toolkits. And, of course, you can also listen to the special prognostication edition of our podcast. Hear industry experts and editors covering the cyber beat give their take on cyber in 2017.

Hacking The Home (Fulton, MD, USA, February 26, 2017) DataTribe, a startup crucible for entrepreneurs, is sponsoring a February 2017 Hacking the Home contest. Teams will be competing to develop new product functionality, integrations, skills, and/or exploits around the growing ecosystem of home automation devices.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.

How to Invest Your 2017 Cyber Security Training Budget for Maximum ROI (Webinar, March 2, 2017) When it comes to securing an organization’s network, most stakeholders understand that cyber security education and training are not a luxury – they're a necessity. In this webinar we will discuss how best to spend those precious training dollars to get a solid return on investment.

2nd Annual Billington International CyberSecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations and the US in an intensive day of knowledge exchange and relationship building.

Dateline RSA 2017

RSA Conference 2017: From Cryptography to Mysteries of the Universe (eWeek) This year’s RSA Conference drew over 43,000 people interested in the latest in security trends, products and services. Here are some highlights.

Cyberwar talk is getting real (ZDNet) The existential threat of cyberwar has shifted from hand-waving about 'Cyber Pearl Harbor' to hand-waving about 'digital atomic bombs'. Hype? Maybe. Either way, politicians are talking tough.

Iran Intensifies Its Cyberattack Activity (Dark Reading) Middle East targets - namely Saudi Arabia - are feeling the brunt of the attacks, but experts anticipate Iran will double down on hacking US targets.

Microsoft: Security Industry Must Be 'Neutral Digital Switzerland' (Entrepreneur) Brad Smith says the security industry must become a check against nation-state cyber attacks.

Live from RSA 2017: Nation states crafting ‘meticulous’ attack code (Sophos) In the latest installment of live videos beaming directly from San Fransisco Sophos security scribe Bill Brenner chats to Mark Loman, director of engineering for next-generation tech at Sophos, about how nation-state attackers meticulously craft their attack code to evade the most advanced security products.

U.S. Army Cyber Command’s Lt. Gen. Paul Nakasone from the RSA Conference (Government Matters) Government Matters’ Francis Rose traveled to RSA and sat down with U.S. Army Cyber Command’s Lt. Gen. Paul Nakasone. They discussed budget challenges, recruitment, and retention.

Cyber Attacks, Threats, and Vulnerabilities

Cyber-Espionage Group Uses Microphones and Dropbox to Spy on Ukrainian Targets (BleepingComputer) A well-organized cyber-espionage group is infecting computers at selected targets in Ukraine, turning on their microphone to record nearby audio, stealing documents, and storing exfiltrated data inside Dropbox accounts, according to security firm CyberX...

Manafort faced blackmail attempt, hacks suggest (POLITICO) Stolen texts appear to show threats to expose relations between Russia-friendly forces, Trump and his former campaign chairman.

New macOS Patcher Ransomware Locks Data for Good, No Way to Recover Your Files (BleepingComputer) A newly discovered ransomware family calling itself Patcher is targeting macOS users, but according to security researchers from ESET, who discovered the ransomware last week, Patcher bungles the encryption process and leaves affected users with no way of recovering their files.

New crypto-ransomware hits macOS (WeLiveSecurity) Early last week, we have seen a new ransomware campaign for Mac. Written in Swift, This new ransomware is distributed via BitTorrent distribution sites and calls itself “Patcher”.

Ransomware booms with Locky, Cryptowall and Cerber accounting for 90 per cent of infections (Computing) Perennial 'favourites' remain most dangerous forms of malware, warns Check Point

Rook Security on Online Extortion (Threatpost) Mat Gangwer, CTO, and Tom Gorup, Security Operations Lead, at Rook Security talk to Mike Mimoso about the aggressive rise in online extortion and how it threatens not only data but physical safety.

Survey: 14% Of IT Execs Would Pay $500K To Avoid 'Shaming' After A Breach - Dark Reading (Dark Reading) Bitdefender report shows how negative media headlines following an attack can cause financial damage, ruin business forecasts and severely damage reputations.

'Muck spreading' Mirai malware identified as skilled attacker based in China or Taiwan (Computing) Windows Malware designed to propagate Mirai malware the work of a "skilled" attacker, warns Kaspersky

Tarrant County 911's Swift Response to Attack (NBC 5 Dallas-Fort Worth) Tarrant County 911 officials said they learned valuable lessons after the 911 district fell victim to a cyber attack.

Internet blackout: real threat or corporate hype? (Osceola Sun) Imagine a world where the internet once existed but no longer does. What kind of chaos could ensue without the World Wide Web? There wouldn’t be social media, or email,

TrapX Discovers MEDJACK3, Updates DeceptionGrid Security Platform (eSecurity Planet) New form of medical device attack is underway, but there are already ways to defend against the new incursion.

Stolen Health Record Databases Sell For $500,000 In The Deep Web (Dark Reading) Electronic health record databases proving to be some of the most lucrative stolen data sets in cybercrime underground.

The devastating impact of healthcare data breaches (Help Net Security) Half of the victims of healthcare data breaches incurred out-of-pocket costs of $2,500, on average. The breaches were most likely to occur in hospitals.

Cyber Trends

Security interview: What if a motivated attacker targets your company? (MIS Asia) Computerworld Malaysia conducts a 'rapidfire' cybersecurity roundup interview with Kane Lightowler, APJ MD for Carbon Black.


Traditional defence players turn their attention to cybersecurity (GulfNews) The move comes admid an industry-wide move to more computer-driven interconnected defence platforms

BAE boss Ian King has skippered defence giant through stormy seas (The Telegraph) “Keeping the ship on an even keel” was how one veteran BAE Systems watcher described Ian King’s time at the tiller of the defence giant.

General Dynamics awarded DIA contract (C4ISRNET) "General Dynamics will provide a variety of technical, functional and managerial services, including cyber security engineering and incident detection and response and threat fusion services," according to a company announcement.

Accenture acquires iDefense Security Intelligence from VeriSig (Consultancy) Accenture has acquired iDefense Security Intelligence from VeriSign.

Axway Announces the Acquisition of Syncplicity (Sys-Con Media) Axway (Paris:AXW) (Euronext: AXW.PA), a catalyst for transformation, today announced the all-cash acquisition of Syncplicity, a leading enterprise file sync and share (EFSS) solution that provides users with the experience and tools they need for secure collaboration.

Report: Verint to sell cyberintelligence unit (Newsday) Verint Systems Inc., a maker of analytic software, plans to sell its cyberintelligence unit, according to a report published Wednesday.The unit is estimated to be

Tanium Adds Two Board Members, Appoints Executives to Key Posts (BusinessWire) Tanium announced today Aon Senior Vice President and Chief Security Officer Anthony Belfiore and former Frontier Communications CEO Maggie Wilderotter

Deepening its Cyber Bench, Team8 Adds David DeWalt, Former CEO and Chairman of McAfee and FireEye, to its Board of Directors (PRNewswire) Team8, Israel's leading cybersecurity think tank and venture creation...

Products, Services, and Solutions

Stethoscope spurs employees to implement better security practices (Help Net Security) Stethoscope is a web application that collects info about users' devices and provides them with recommendations to implement better security practices.

South River Technologies Provides HIPAA-Compliant File Storage and Transfer Solution to Pathways Home Health and Hospice (Marketwired) South River Technologies Inc. (SRT), an innovator in secure file sharing, has today announced that its Cornerstone Managed File Transfer Server has been deployed as part of Pathways Home Health and Hospice's HIPAA-compliant file sharing solution.

Cisco Rolls Out New Firepower Next-Gen Firewall Series, Bringing High Performance Security Appliances To The Midmarket (CRN) The Cisco Firepower 2100 Series is designed to bring higher performance and throughput to the midmarket, with sales incentives and profitability options for partners, the company said.

Technologies, Techniques, and Standards

Cyber warriors need constant training, says senior Navy official (C4ISRNET) According to the commander of Fleet Cyber Command, cyber warriors need constant training to prevent atrophy of skills.

Strike on ISIS Drone Cell Highlights Airman's Novel Intel Methods ( Using intel spotted by a US airman thousands of miles away, warplanes bombed sites where ISIS militants manufactured drones.

Microsoft commits to GDPR compliance in the cloud by 2018 deadline (SearchSecurity) Microsoft announces cloud GDPR compliance will be in place by the May 2018 deadline, though companies worldwide must still take action to avoid huge fines.

How SMBs Can Conquer Ransomware (Small Biz Technology) You don’t have to look far past the news headlines to see that ransomware is a big and growing problem today. And companies have a lot to lose — $1 billion per year, to be exact.

Overcome main challenges to prepare a cyber resilience (Infosecurity Magazine) How to overcome the main challenges, and prepare a cyber resilient state

How to hunt for attackers who don’t want to be found (Infosecurity Magazine) How CISOs can hunt for the attackers who don’t want to be found

When is it legitimate to hack back against an adversary? (Infosecurity Magazine) The UK cyber strategy made steps to legitimize hacking back against an adversary

Design and Innovation

IBM, Northern Trust partner on financial security blockchain tech (ZDNet) Can the cryptocurrency technology pave the way for more secure and transparent private equity funds?


Verizon joins forces with Nanyang Technology University's Business School on cybersecurity risk research (PRNewswire) Verizon Enterprise Solutions and Nanyang Technology University's (NTU)...

Legislation, Policy, and Regulation

Russia military adds new branch: Info warfare troops (Fifth Domain | Cyber) Russian military officials acknowledge existence of information warfare troops, which "protect the national defense interests and engage in information warfare."

Confronting the Russian cyber threats ( U.S. intelligence agencies face challenges meeting Russian threats and new administration’s doubts

A new era for information warfare (C4ISRNET) As the nature of warfare is changing, the services are looking toward new models of information operations.

Cyberwar is like a soccer game with fans on the field (C4ISRNET) Cyberwarfare is a chaotic environment that resembles a sporting event in which the spectators are on the field with the players.

NSA will continue to disclose zero-day bugs under Trump... for now (International Business Times UK) Intel officials say US president unlikely to change rules around disclosure of software vulnerabilities.

Navy officials: Buying the right amount of cyber [Commentary] (Fifth Domain | Cyber) No one wants to be caught flat-footed or seen as not taking cyber defense seriously. In this environment, it would be easy to overspend and foist a cost-imposition strategy on ourselves.

U.S. 10th Fleet commander encourages cyber partnerships (C4ISRNET) The head of U.S. Fleet Cyber Command/10th Fleet has stressed the importance of cyber partnerships to synchronize efforts and mitigate friendly fire.

Microsoft, Stripe Urge Federal Bank Regulators to Go Cautiously on Cyber Regs (National Law Journal) Microsoft and Stripe are urging federal banking regulators not to draw cybersecurity rules for the largest banks so narrowly that they exclude innovative tec...

CDO for Trump steps down amid business conflicts ( Sources say Gerrit Lansing did not want to give up his ties to an online donation platform he helped start.

Litigation, Investigation, and Law Enforcement

Indiana joins Idaho in claiming DHS tried to hack their election systems (Computerworld) Indiana claims DHS scanned the state's electoral system tens of thousands of times without permission.

FBI in the Dock Over iPhone Hack Details (Infosecurity Magazine) FBI in the Dock Over iPhone Hack Details. Media groups want to know who cracked phone

Terror threat posted on Whisper leads to arrest (Engadget) Feds got his IP address and coordinates from the anonymous app.

UK crime agency arrests suspect in Deutsche Telekom cyber attack (Reuters) Britain's National Crime Agency (NCA) has arrested a suspect in connection with last year's cyber attack which infected nearly 1 million Deutsche Telekom routers, German federal police said on Thursday.

INTERPOL's Michael Moran Receives 2017 M3AAWG Litynski Award; Urges Industry to Improve Defenses Against Child Abuse Materials (Benzinga) Michael "Mick" Moran, who has helped rescue thousands of child abuse material victims since he started working in the field in 1997, challenged the internet industry to do more to protect innocent children as he received the 2017 M3AAWG Mary Litynski Award today.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Inaugural Yorkshire and Humber Cyber Protect Business Conference (Leeds, England, UK, February 28, 2017) The aims and objectives of this conference are to raise cyber awareness built around the 10 steps to cyber security, provide an environment and opportunity for professionals to network and share experiences...

North American International Cyber Summit (Detroit, Michigan, USA, July 30, 2017) In its sixth year, the cyber summit brings together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic...

Upcoming Events

Risky Business (London, England, UK, February 23, 2017) How are you tackling Cyber Crime in the Property Transaction? Join our panel of expert speakers at the IET in London to find out more about cyber crime in the property transaction and the steps you can...

The 2nd China Automotive Cyber Security Summit 2017 (Shanghai, China, February 24, 2017) CACSS2017 will Provide a platform for Automotive OEMs, Tier 1 suppliers, Automotive security solution/ technology/products developers,Automotive electronics companies, IT companies, Mobile data suppliers,...

Second Annual International Security Conference (Riyadh, Saudi Arabia, February 27 - 28, 2017) The conference will facilitate national, regional and international collaboration between government, industry and critical infrastructure organizations. It will also feature investors who want to diversify...

SANS Dallas 2017 (Dallas, Texas, USA, February 27 - March 4, 2017) We are pleased to invite you to attend SANS Dallas 2017, on February 27- March 4 at The Westin Dallas Downtown, located in the heart of the city. We have selected several of our top information security...

Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, February 28 - March 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.

International Cyber Risk Management Conference (ICRMC) (Toronto, Ontario, Canada, March 2 - 3, 2017) The third annual International Cyber Risk Management Conference (ICRMC) brings together a world class roster of experts with cross-sector, global and multidisciplinary expertise to share knowledge, lessons ...

SANS San Jose 2017 (Milpitas, California, USA, March 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries...

Cybersecurity: Defense Sector Summit (Troy, Michigan, USA, March 7 - 8, 2017) Don’t miss out on the opportunity to be a part of the conversation regarding how cybersecurity is impacting not only ground vehicles, but air and maritime platforms. What are the synergies amony Army,...

15th annual e-Crime & Cybersecurity Congress (London, England, UK, March 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.

ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, March 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations...

Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, March 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will...

IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, March 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its...

Rail Cyber Security Summit (London, England, UK, March 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry,...

CyberUK 2017 (Liverpool, England, USA, March 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information...

Cybersecurity: The Leadership Imperative (New York, New York, USA, March 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed.

BSides Canberra (Canberra, Australia, March 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates.

Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, March 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing...

European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants,...

Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their...

SANS Pen Test Austin 2017 (Austin, Texas, USA, March 27 - April 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test...

IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused...

Insider Threat 2017 Summit (Monterey, California, USA, March 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical...

2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations...

Yale Cyber Leadership Forum: Bridging the divide between law, technology, and business (New Haven, Connecticut, USA, March 30 - April 1, 2017) The Yale Cyber Leadership Forum will take place on Yale University's campus and will focus on bridging the divide between law, technology and business in cybersecurity. With McKinsey & Company as our knowledge...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.