skip navigation

More signal. Less noise.

Daily briefing.

The first week of 2017 continues to offer skeptical takes on various attributions. The conclusions being called into question range from the debunked (hacking of the Vermont power grid) through the newly controversial (Russian malware-enabled counterfire against Ukrainian guns) to the generally accepted (Russian intrusion into US political party networks).

KrebsOnSecurity has a particularly good round-up of the grid-hack-that-wasn't, with a reflective account of how the story gained currency.

Taia Global's Carr calls bunkum on CrowdStrike's "Danger Close" report on Android X-Agent targeting of artillery positions (more promised at Suits and Spooks—in the meantime SecurityWeek says that CrowdStrike stands by its report).

And many observers continue to express disappointment over the level of detailed evidence contained in the FBI-NCCIC Joint Analysis Report on Fancy Bear's election hacking (many of those same observers also note the difficulty of making such a case without disclosing more about sources and methods than would be prudent).

The Daily Beast has an account of how Islamist exploitation of social media and other online platforms for information operations has proven amphisbaenic: successful for recruiting and inspiration, but risky. Many leaders have been targeted when their phone chatter exposed their location.

Recorded Future publishes its forecast of ransomware's future—contra McAfee Labs, it sees digital extortion growing in 2017. Their first prediction is that "Ransomware will become just another tool in the hacker utility belt." Carbonite argues in its own study of ransomware trends that such attacks will serve increasingly as diversions (the way DDoS has).


Today's issue includes events affecting Brazil, China, Iran, Mozambique, Philippines, Russia, Ukraine, United Kingdom, United States.

In today's CyberWire podcast, we hear from our partners at Accenture Labs, as Malek Ben Salem discusses Deep Learning.

If you've been enjoying the podcasts, please consider giving us an iTunes review.

A special edition of our Podcast is also available. It covers buying cyber security. Every day there seems to be a new security product on the market, with many of them claiming to provide something that you simply can’t live without. Companies appear and disappear, and businesses are faced with difficult, confusing, and often expensive choices. In this CyberWire special edition, we explore how businesses are navigating the process of choosing products and technologies in a crowded marketplace. We talk to some key stakeholders to find out what drives their purchasing decisions, and what they wished their vendors knew before they came knocking on their doors.

Cyber Attacks, Threats, and Vulnerabilities

Fatal Attraction: ISIS Just Can’t Resist Social Media (Daily Beast) From the Taliban to the so-called Islamic State, computers, cellphones, and social media are used as vital weapons—and offer critical vulnerabilities

Doubts cast on claim that Russia hacked Ukraine's military via Trojanised Android app (Computing) CrowdStrike report described as "delusional" by Ukrainian artillery officer

Experts Doubt Russia Used Malware to Track Ukrainian Troops (SecurityWeek) Experts have cast doubt on a recent report claiming that hackers linked to a Russian military intelligence agency used a piece of Android malware to track Ukrainian artillery units

The GRU-Ukraine Artillery Hack That May Never Have Happened (LinkedIn) Crowdstrike’s latest report regarding Fancy Bear contains its most dramatic and controversial claim to date; that GRU-written mobile malware used by Ukrainian artillery soldiers contributed to massive artillery losses by the Ukrainian military. “It’s pretty high confidence that Fancy Bear had to be in touch with the Russian military,” Dmitri Alperovich told Forbes. “This is exactly what the mission is of the GRU”

Philippine Military Website Hacked and Defaced (HackRead) The hacker behind this defacement wants admin to implement proper security on the site

Lone Hacker Defaces Google Brazil Domain (HackRead) The defacer says he did it to show nothing is secure

Project Zero calls out Kaspersky AV for SSL interception practices (ZDNet) Using an SSL proxy that simplistically stored certificates, Kaspersky Anti-Virus left its users open TLS certificate collisions

Caution: Cybercriminals may use ransomware as a diversion (Carbonite) Ransomware computer viruses are becoming more sophisticated—and so are the attacks that make use of ransomware. In some cases, ransomware is used to disable access to a machine so criminals can perform further actions without being tracked. Criminals have also used ransomware to cause chaos and avoid detection after hacking into a network and stealing data

Ransomware on smart TVs is here and removing it can be a pain (CSO) This Christmas brought one of the first documented cases of an Android-based smart TV being infected with ransomware

Thugs developing cat-themed ransomware for androids and hitler ransomware for pcs _ computerworld bitcoin as a currency (Financial Handbook) Thugs developing cat-themed ransomware for androids and hitler ransomware for pcs _ computerworld bitcoin as a currency What do a cute cat and Hitler have in common? Both are featured in ransomware; Hitler targets PCs and the cat-themed ransomware targets Androids. Both are also considered to be under development at this time, meaning neither are currently big, bad boogeyman threats let loose in the wild to infect the masses. Accept bitcoin Things could change if either ransomware is fully developed

Leet IoT Botnet Bursts on the Scene with Massive DDoS Attack (Infosecurity Magazine) Just 10 days before the end of 2016, researchers from Imperva uncovered a massive 650Gbps DDoS attack generated by a new internet of things (IoT) botnet, dubbed “Leet” after a character string in the payload. It’s the first that can rival Mirai

Dyn DDoS: What It Means for Supply Chain Security (Tripwire: the State of Security) By now, you have probably heard about one, maybe two massive Distributed Denial of Service (DDoS) attacks that occurred near the end of 2016. The first was Brian Krebs being subjected to a 620 Gbps DDoS. The second, and more noticeable, attack targeted DNS provider Dyn and took down parts of Twitter, Amazon, and other Dyn clients’ infrastructure on the East Coast in the process

Kaspersky warning on Switcher Trojan that uses Android devices to compromise routers (Inquirer) Android malware? That's unusual, isn't it?

Ultrasound Tracking Could Be Used to Deanonymize Tor Users (Bleeping Computer) Ultrasounds emitted by ads or JavaScript code hidden on a page accessed through the Tor Browser can deanonymize Tor users by making nearby phones or computers send identity beacons back to advertisers, data which contains sensitive information that state-sponsored actors can easily obtain via a subpoena

Latest iMessage Hack Crashes iPhone within Minutes (HackRead) The hack targets iPhones on iOS8 to iOS10.2.1

Attacks on Phones of Bitcoin Moguls Continue with Recent KeepKey Security Breach (Bleeping Computer) On the last day of 2016, KeepKey, a vendor of Bitcoin hardware wallets, has notified users of a security breach that inadvertently exposed some of its customers' details

Topps Data Breach Exposes Months of Credit Card Data (eSecurity Planet) Customers who shopped at the company's website between July 30 and October 12 of 2016 may be affected

Pentagon subcontractor leaks classified personnel data (Federal Times) A security researcher at the MacKeeper Security Research Center has revealed a Pentagon subcontractor exposed sensitive U.S. military health care personnel data thanks to an insecure server backup protocol

LA Valley College Hit By Cyber Attack (CBS Los Angeles) Los Angeles Valley College in Valley Glen was subject to a cyber attack over the winter break but it is not known how large the breach was, officials said Tuesday

ICO ‘Breached Public Data’ Several Times Since 2013 (Infosecurity Magazine) Data protection watchdog the Information Commissioner’s Office (ICO) has been forced to take action several times over the past few years to prevent breaches at its own offices, according to a new investigation

Security Patches, Mitigations, and Software Updates

Mozilla to scrap Firefox support on Windows XP and Vista in 2017 (Computerworld) One of the last hold-outs finally sets retirement date for senior citizen XP

Box[.]com Plugs Account Data Leakage Flaw (Threatpost) has changed the way it handles publicly shared accounts and folders after a researcher found confidential documents and data belonging to users via Google, Bing and other search engines. While maintains this is a case of its customers unintentionally over-sharing, it says it has “fixed” the issue

Cyber Trends

7 Ransomware Trends to Watch for in 2017 (Recorded Future) In November McAfee Labs released its 2017 Threat Predictions report and one of the predictions that has gotten a lot of press is that McAfee expects ransomware attacks to decrease in 2017

Cloudmark Security Predictions for 2017 (Cloudmark) The Internet of Things will be an ever-increasing threat

Sophos cautions firms against increased cybercrimes menace (Guardian) Sophos Group, a security software and hardware company, has called on organisations to prepare adequately well against possible attacks from cyber criminals in 2017

Will the cloud be a safe haven for data in 2017? (CSO) Experts offer differing opinions on where cloud security is headed

CEOs Reveal Cyber Naiveté as Incidents Rise and Losses Mount (Information Management) A new cybersecurity study from RedSeal finds that more than 80 percent of CEOs are very confident in their firm’s cybersecurity strategies, despite the fact that security incidents have surged 66 percent since 2009 according to PricewaterhouseCoopers’ 2017 Global State of Information Security Survey

The Biggest Security Threats Coming in 2017 (Wired) Whether it was a billion compromised Yahoo accounts or state-sponsored Russian hackers muscling in on the US election, this past year saw hacks of unprecedented scale and temerity. And if history is any guide, next year should yield more of the same


Cybersecurity Stocks for 2017 (Investopedia) Investors were drawn to cybersecurity stocks in 2016 in light of headline-making data breaches and a heightened demand for cloud and Internet of Things (IoT) protection. But at the same time, many cybersecurity stocks suffered from increasing competition, slowing sales growth and low profitability as they evolved to meet the demands of a disrupted sector

Top 5 Vendors in the E-mail Encryption Market from 2017 to 2021: Technavio (BusinessWire) Technavio has announced the top five leading vendors in their recent global e-mail encryption market report. This research report also lists 12 other prominent vendors that are expected to impact the market during the forecast period

Why Verizon Could Press Yahoo for a Discount in Buyout Deal (Market Realist) Yahoo’s password reset move could trigger user outflow

Yahoo Customer Database Unaffected By Breaches (Dark Reading) Verto Analytics study reveals longtime users prefer sticking to Yahoo despite hacks to avoid switching hassles

Sirius Acquires Continuum Security Solutions (Military & Aerospace Electronics) Sirius Computer Solutions, Inc., a leading national IT solutions integrator, has acquired Continuum Worldwide Corporation, dba Continuum Security Solutions (Continuum), an information security company based in Omaha, Nebraska. The acquisition was finalized on December 30 and expands Sirius' security and compliance solutions portfolio

Clearlake Capital Buys Security Software Company LANDesk (Wall Street Journal) The private-equity firm is buying the security software company for more than $1.1 billion

Virginia cybersecurity firm keeps growing with deal to buy Linthicum company (Baltimore Business Journal) International cybersecurity company MacAulay-Brown Inc. acquired a Linthicum-based cloud engineering, software and data analytics firm, marking its third acquisition in four years

Intercede Raises £5M (Insider Media) Lutterworth-based digital identity software business Intercede Group has conditionally raised £5m through the issue of convertible loan notes

CYBERCOM setting up new acquisition office for rapid procurement funds (Federal News Radio) U.S. Cyber Command will soon be hiring an acquisition expert to handle the $75 million Congress afforded the command in last year’s defense authorization act

Cyber security career has massive potential (Belfast Telegraph) OWASP's AppSec EU conference coming to Belfast in May

Peerlyst to Sponsor Experts Building InfoSec Tools (PRNewswire) Peerlyst has launched a program that will pay up to $10,000 to information security professionals developing tools that will benefit others in the field

MetricStream Recognized as a Leader in Gartner 2016 Magic Quadrant for Operational Risk Management Solutions Report (PRNewswire) MetricStream is a leader in the Gartner 2016 ORMS Magic Quadrant for the third consecutive year

NextLabs Announces Industry Veteran Patrick Ball Joins Company as Senior Vice President of Global Sales (Le Lézard) NextLabs, a leading provider of data-centric security software to protect business critical data and applications, announced that Patrick Ball joined NextLabs to run global sales operations for the company. Ball's responsibilities will include day-to-day operations for all aspects of direct and indirect sales to enable NextLabs to continue its rapid growth on a global scale

Corero Network Security director Andrew Lloyd to take up executive roles (Proactive Investors) "We are delighted that Andrew has agreed to join Corero as president and executive vice president sales and marketing,” said chairman Jens Montanana

GlobalPlatform Announces 2017 Board of Directors (Bobsguide) Focus remains on safeguarding connected devices and establishing a security baseline for protection of digital assets

Products, Services, and Solutions

The Kudelski Group Launches IoT Security Center of Excellence to Address Demand for Increased Protection of Connected Devices (PRNewswire) Security pioneer leverages more than 20 years of expertise in protecting devices and content to bring customers end-to-end approach for overcoming emerging threats and capitalizing on lucrative IoT market

Dashlane and Intel Collaborate to Create Unrivaled Password Protection (PRNewswire) Dashlane's patented security architecture bolstered with addition of Intel SGX technology

Md. firm gets Verizon certification for ‘game-changing’ IoT device (Baltimore Record) An Annapolis company specializing in low-power networking has received certification for a device that lets manufacturers connect sensors or embedded apps to the internet through a cellular network. Link Labs Inc.'s low power LTE Cat-M1 sensor suite has been certified by Verizon for its 4G LTE Network

Symantec's Norton Core router aims to protect the connected home (Engadget) It looks like a disco ball

Bitdefender’s Box 2 promises to be the security solution for your smart home (Yahoo! Tech) Bitdefender on Tuesday announced the second-generation Box, a revamped security system for your home network and smart home devices. Promising to provide unparalleled protection from fraud, phishing, and network attacks, the Box 2 could be the security solution for your superconnected smart home

Fortinet’s Michael Xie: How to secure the cloud (Network World) Fortinet President and CTO Michael Xie discusses the challenges and the role of the security fabric for cloud environments

ClickSSL Announces Platinum Partnership with Comodo – #1 Certification Authority (Sat Press Releases) ClickSSL, a foremost leader in SSL certificate providers, today unveils its new gem named Comodo CA to be added to its authenticated certificate authorities — now becoming a platinum partner of Comodo certificate authority to support its current and potential customer base by providing vast SSL certificate products

FireMon Announces Future Support for Check Point R80 Devices (Marketwired) Company extends industry lead with most comprehensive support for large, complex networks

Attivo Networks and Check Point Software Team Up to Improve Detection and Accelerate the Incident Response of Advanced Threats (Marketwired) ThreatMatrix and Check Point R80 Integration automates the identification, blocking and data exfiltration of attacks

Gemalto helps AT&T for secure IoT applications (Business Standard) Digital security giant Gemalto is supplying American telecommunication giant AT&T with a remote subscription management solution that will enable its customers to deploy a secure Internet of Things (IoT) applications in the US and globally

Technologies, Techniques, and Standards

How to Build a Culture of Cybersecurity (Infosecurity Magazine) It is clear from the headlines about breaches that many people still do not take cybersecurity seriously. The majority of these breaches were enabled by an employee inadvertently taking an action that enabled the breach. In spite of the highest levels of management insisting that it is a priority to protect data, why is it that some of us take those enabling actions? Why isn't everyone on board with cybersecurity?

Design and Innovation

2017: The Year of Self-Driving Cars and Trucks (IEEE Spectrum) Connected cars and driverless fleet cars are on the way. How will we deal with them?

Ford and Toyota launch consortium to help developers build in-car apps (TechCrunch) Drivers expect their cars and smartphones to seamlessly work together. Both Apple and Google offer their respective services for connecting phones to a car’s infotainment system, but the car industry isn’t ready to completely cede the center console to Silicon Valley. Ford and Toyota have long been unlikely allies in this area. A few years ago, with AppLink, Ford started giving a select number of mobile app developers the ability to integrate their smartphone apps with its Sync infotainment system. It then open-sourced it under the SmartDeviceLink moniker back in 2013 and Toyota was one of the first third-party car manufacturers to adopt it for its cars

Ford to build hybrid Mustang, all-electric SUV and autonomous ride-sharing vehicle by 2021 (International Business Times) Electrified Mustang, Transit and F-150 to arrive by 2020 with 300-mile range electric SUV due a year later

FEV North America, Inc. becoming one-stop shop for smart vehicle technology (PRNewswire) Smart / connected vehicle development and cyber security to be a highlight of FEV exhibit at CES

You can’t unsee Tedlexa, the Internet of Things/AI bear of your nightmares (Ars Technica) A Teddy Ruxpin + an Arduino + a Raspberry Pi + Amazon Alexa = What could go wrong?

Backbytes: Samsung doubles-down on ghastly internet-connected fridges (Computing) Taking no notice of us, Samsung introduces connected refrigerators you can talk to

Legislation, Policy, and Regulation

Weaponized Narrative Is the New Battlespace (Defense One) And the U.S. is in the unaccustomed position of being seriously behind its adversaries

Chinese Information Warfare: The Panda That Eats, Shoots, and Leaves (Washnigton Free Beacon) Chinese hackers stole Google search engine secrets

The End of the End of the Cold War (Foreign Policy) Twenty-five years ago this week, the Soviet Union lost the Cold War. And 25 years later, Russia renegotiated the terms of surrender

Sen. Mike Rounds: Time for a real strategy to keep Americans safe from cyber threats (Fox News) It is alleged that in recent months, the Russian government conducted cyber hacks of the Democratic National Committee (DNC) server and attempted to hack the Republican National Committee (RNC) email system

Donald Trump uses Twitter to cast new doubt on US intelligence agencies ahead of meeting over alleged Russian hacking (Independent) President-elect has repeatedly attacked claims Russia interfered in election in his favour

Inside the Secret Service’s First Cyber Strategy (SIGNAL) The new action plan supports the protective agency’s high operational tempo

Watch out hackers: Deploying ransomware is now a crime in California (Ars Technica) Previously, prosecutors had to rely on the state's extortion statute

Litigation, Investigation, and Law Enforcement

Russian Election Hacking Allegations Top US Senate Agenda (Defense News) Russian hacking allegations will take center stage in the US Senate this week, and in the coming weeks, as Armed Services, Foreign Relations and Intelligence committee leaders meet to set an agenda for a series of cybersecurity hearings

The Download on the DNC Hack (KrebsOnSecurity) Over the past few days, several longtime readers have asked why I haven’t written about two stories that have consumed the news media of late: The alleged Russian hacking attacks against the U.S. Democratic National Committee (DNC) and, more recently, the discovery of malware on a laptop at a Vermont power utility that has been attributed to Russian hacker groups

Obama’s Disclosure About Russian Hacking Is A Cybersecurity Gold Mine (Huffington Post) Public disclosures like this enable collective cyber defense through information sharing

Ex-CIA head: More than one country could be behind hacking (The Hill) Former CIA Director James Woolsey says political hacks in the U.S. could be the work of more than one foreign country

What the Washington Post’s Hacked Electrical Grid Report Got Wrong (Fortune) A Washington Post report on Friday said that Russian hackers had breached the nation's power grid via a utility in Vermont, citing unnamed U.S. officials. Almost immediately, digital security experts panned the story, criticizing it as prematurely alarmist and lacking key details

Claims that Russia hacked the US election and power grid are ‘overblown’ (Naked Security) The Washington Post has walked back a story claiming Russian malware was found in the systems of a Vermont utility. The paper earlier linked it to the same operation US officials say was used to interfere with the 2016 presidential election, and flagged it as a potentially larger threat to the nation’s power grid

Washington Post backtracks on frenzied reporting of Russian hack attack against power grid (Graham Cluley) Don’t panic

Vermont Grid 'Hack' Latest Tumble Down Attribution Rabbit Hole (Threatpost) A Vermont utility was for a brief moment last week at the center of a geopolitical scandal in which the Russian government was implicated in an attack against a U.S. electric grid

Russia did not hack Vermont electric utility: report (The Hill) Russian hackers do not appear to be behind an attack on a Vermont electric utility, reports the Washington Post, citing officials close to the investigation of a potential activity first reported by the Post last week

Trump Says Intelligence Officials Delayed Briefing on Russian Hacking (New York Times) President-elect Donald J. Trump said Tuesday that intelligence officials had delayed briefing him on their conclusion that Russia interfered in the 2016 election and suggested, with no evidence, that they might be buying time to assemble a more substantial case

Donald Trump’s Team Now Says He Won’t Reveal Anything About Hacking (GQ) Which he knows “a lot” about, apparently!

Police mull gathering crime evidence from smart home devices (Naked Security) Detectives are being trained to process data gathered from Internet of Things (IoT) “smart” devices for use in criminal investigations, Scotland Yard’s forensic head Mark Stokes has told The Times

Washing machine will turn detective (Times) Fridges, coffee makers, washing machines and lightbulbs will soon provide alibis or important crime scene evidence, according to Scotland Yard’s head of digital forensics

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

S4X17 ICS Security Conference (Miami Beach, Florida, USA, January 10 - 12, 2017) Three Days of advanced ICS cybersecurity on three stages with the top 500 people in ICS security. Main Stage - The big names (Richard Clarke, Renee Tarun, ...) and forward looking topics (ICS certification,...

OWASP Annual AppSec EU Security Conference (Belfast, UK, May 8 - 12, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative...

Upcoming Events

CES® CyberSecurity Forum (Las Vegas, Nevada, USA, January 5, 2017) Now in its second year, the CES® CyberSecurity Forum presented by CyberVista is designed to ensure all stakeholders in developing high tech solutions understand the complexity and the need for action in...

SANS Security East 2017 (New Orleans, Louisiana, USA, January 9 - 14, 2017) Start the year off right by choosing from outstanding, cutting-edge courses presented by our top-rated instructors. SANS is looking forward to an exciting kickoff of 2017 with SANS Security East 2017 in...

Suits and Spooks DC 2017 (Arlington, Virginia, USA, January 11 - 12, 2017) “What we are creating now is a monster whose influence is going to change history, provided there is any history left.” (John von Neumann) When John von Neumann said those words in 1952, he didn’t mean...

Global Institute CISO Series Accelerating the Rise & Evolution of the 21st Century CISO (Scottsdale, Arizona, USA, January 11 - 12, 2017) These intimate workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise and organizational...

Cybersecurity of Critical Infrastructure Summit 2017 (College Station, Texas, USA, January 11 - 13, 2017) An inaugural event to convene thought-leaders, experts, and strategic decision makers from government, industry, and academia to discuss the technology and policy implications of the ever-evolving cyber-threats...

ShmooCon 2017 (Washington, DC, USA, January 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...

SANS Las Vegas 2017 (Las Vegas, Nevada, USA, January 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you...

BlueHat IL (Tel Aviv, Israel, January 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel. Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.

SANS Cyber Threat Intelligence Summit & Training 2017 (Arlington, Virginia, USA, January 25 - February 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but...

Blockchain Protocol and Security Engineering (Stanford, California, USA, January 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.