skip navigation

More signal. Less noise.

Daily briefing.

WannaCry is today's news as well as yesterday's: an infestation of control systems on Monday forced Honda to shut down a production facility in Japan. Traffic cameras in the Australian state of Victoria were also infected—this infestation was traced to a third-party contractor's mistake. The industrial Internet-of-things may be inherently more susceptible to disruption by this strain of ransomware than are conventional IT enterprises. 

A Kaspersky study reports that industrial control systems are being infected at disturbingly high rates. Kaspersky also says that IoT devices manufactured in Taiwan and Vietnam are often accompanied by malware.

CrashOverride and its threat to the power grid is receiving attention at the highest levels of the US Government. Europe's power industry is also at work on defenses.

The Queen's Speech in the UK emphasizes data security.

US Congressional hearings on Russian election meddling conclude that many states were prospected, but vote counts were not manipulated. Senator Rubio points out that voter fraud was unnecessary: if the Russian objective was to undermine trust in the system, then mission accomplished. Former Homeland Security Secretary Johnson testified that the Democratic National Committee declined to cooperate with investigators.

Business email scams continue to bite. A New York State judge lost about a million dollars when an email spoofing her attorney induced her to transfer funds to an account in China. The scam was carefully crafted and its victim not notably clueless—the criminals knew she was negotiating the purchase of an apartment and baited the hook accordingly.

Notes.

Today's issue includes events affecting Afghanistan, Australia, Canada, European Union, France, Russia, Taiwan, United Kingdom, United States, and Vietnam.

A note to our readers: our coverage of the 2017 SINET Innovation Summit will wrap up tomorrow. We're currently at Borderless Cyber USA; we'll have reports on that conference early next week.

In today's podcast, we hear from our partners at the Johns Hopkins University, as Joe Carrigan describes the ins-and-outs of RF (radio frequency) monitoring. Our guest, Asaf Cidon from Barracuda Networks, talks about the rising threat of ransomware.

The Cyber Security Summit: DC (Washington, DC, USA, June 29, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, Cybraics, CenturyLink, Alert Logic and more. Register with promo code cyberwire50 for half off your admission (Regular price $350).

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Dateline SINET Innovation Summit 2017

The CISO's art of communicating with a board of directors (a live demonstration). (The CyberWire) What does a board do? Fundamentally, it's responsible for the health of the business. The CISO should help the board members understand how information security affects that health.

What CEOs should know about privacy. (Here's one big thing: GDPR will affect you.) (The CyberWire) You may not be interested in the GDPR, but the GDPR is interested in you.

Transitioning research to the market. (The CyberWire) One of the things the US Department of Homeland Security's Science and Technology Directorate takes to heart is transitioning the results of research to products and solutions. Dr. Douglas Maughan talked about how the S&T Directorate works to move research across the proverbial "valley of death" and into the hands of practitioners and operators. (And, of course, into the market.)

Cyber Attacks, Threats, and Vulnerabilities

American and Australian captives are seen in newly released Taliban video (Military Times) The Taliban released a new video on Wednesday showing an American and an Australian captive they abducted last August, the second such footage of the hostages.

Honda Forced to Shut Plant After WannaCry Returns (Infosecurity Magazine) Honda Forced to Shut Plant After WannaCry Returns. Carmaker tried to secure systems in mid-May

One Month Later, WannaCry Ransomware Is Still Shutting Down Factories (BleepingComputer) On Monday, Honda was forced to temporarily shut down its car plant in Sayama, Japan, after some of its computer systems were infected with the infamous WannaCry ransomware.

Traffic cameras in Victoria infected by WannaCry ransomware (The Guardian) State government says 55 cameras were affected after a contractor introduced the virus to the system by mistake

A quarter of enterprises worldwide affected by Wannacry or Fireball, Check Point report (SC Media US) The top three malware families in May impacted a quarter of the globe's organizations with zero-day attacks, according to Check Point's latest Global Threat Impact Index.

Half of industrial control systems suffered cyberattack last year, says Kaspersky survey (Fifth Domain | Cyber) A new survey from cybersecurity firm Kaspersky Lab and Business Advantage looks at the observed and perceived threats impacting the cybersecurity of critical industrial systems, as well as the challenges organizations face to mitigate financial and material damages.

Malware piggybacks on IoT devices from Vietnam and Taiwan - Kaspersky (SC Media UK) In Vietnam and Taiwan, malware is being mass produced alongside cheap web cameras, DVRs and other IoT devices, according to a report from Kaspersky Lab.

A Diabolical Way of Hacking a Chip with a Wave of Your Hand (WIRED) When you think of a standard hacker toolkit, software vulnerabilities and malware come to mind. But a pair of researchers are testing a different type of instrument: a physical tool that can break into devices with a wave of your hand.

Protecting corporate data in the age of point-and-click malware begins with a healthy dose of realism (TechRepublic) The tools for creating malware are getting easier to use as are the ways of buying and selling it. Terbium Labs' Emily Wilson discusses the evolving malware threat with TechRepublic.

'Stack Clash' Smashed Security Fix in Linux (Dark Reading) Linux, OpenBSD, Free BSD, Solaris security updates available to thwart newly discovered attack by researchers.

Breach at UK.gov's Cyber Essentials scheme exposes users to phishing attacks (Register) How does that rank on the Morissette Scale?

Largest US voter data leak shines light on many problems (Help Net Security) Successfully suing Deep Root Analytics, the company that inadvertently leaked US voter data, will likely be difficult, if not impossible.

SSH Key Misuse: Why Aren't We Protecting Our Machine Identities? (Newsfactor) Chris Vickery, a cyber risk analyst for UpGuard, recently revealed that a cache of documents related to a National Geospatial-Intelligence Agency (NGA) military project were left unprotected on an Amazon cloud storage server.

NY Supreme Court Judge Loses Over $1 Million in Email Scam (BleepingComputer) Acting New York State Supreme Court Justice Lori Sattler has lost over one million dollars after falling victim of an email scam, NY Daily News reports.

()

Social engineering… again? (CSO) Headline-grabbing hacks of email accounts belonging to celebrities, businesses and government officials are commonplace.

Hacker angered by officer's acquittal claims attack on state (Fifth Domain | Cyber) A hacker upset about last week's acquittal of a Minnesota police officer who shot and killed a black motorist claims to have stolen hundreds of email addresses from a state database.

Security Patches, Mitigations, and Software Updates

Mozilla ports simplified private browsing app to Android (Help Net Security) Less than a year since the release of Firefox Focus for iOS, Mozilla has ported the privacy-focused, tracker-stopping browser to Android.

Cyber Trends

Average data breach cost declines 10% globally (Help Net Security) This is the first time since the global study was created that there has been an overall decrease in the average data breach cost.

When it comes to trustworthy websites, banks drop the ball (Help Net Security) The percent of FDIC 100 banks making the Honor Roll saw the biggest drop in 2017, going from 55 percent in 2016 to 27 percent.

Consumer Businesses Have False Confidence in their Security: Deloitte (Dark Reading) Consumer business executives are confident in their ability to respond to cyberattacks but fail to document and test response plans.

Cyber-Threats Call for a New Secure Browsing Solution, and Fast (Infosecurity Magazine) Ransomware and other malware requires enterprises to think differently about internet security.

Over Half of UK Small to Medium Sized Businesses Uncertain of Brexit Impact on GDPR (PRNewswire) Half of UK SMBs Not Confident They Can Meet GDPR Requirements

Shipowners must do more to prevent cyber attacks (Marine Electronics and Communications) Ships have multiple cyber vulnerabilities and security issues that put them at risk from hackers and malware. Delegates at Riviera Maritime Media’s European Maritime Cyber Risk Management Summit, held in association with Norton Rose Fulbright in London, participated in an interactive presentation by DNV GL.

Lastline Survey: Nearly Half of Security Personnel Prefer Root Canal to Notifying their Board of a Data Breach - EconoTimes (EconoTimes) Lastline, Inc., the leader in advanced malware protection, today announced the results of a survey conducted at Infosecurity Europe 2017. It found that 44 percent of security...

Keeping up with the hackers’: Cybersecurity breaches bill not the only wake-up call for Australian businesses (CSO) Throughout 2017, Aussie businesses have seen the cyber security landscape shift tremendously. From the most recent WannaCry attacks, to changing legislation such as the breach notification laws, it is clear cyber security is front and centre of both government and business agendas.

Marketplace

Cyber due-diligence now forms an essential part of M&A planning (SC Media UK) As cyber-concerns make their way up the boardroom agenda, companies involved in mergers and acquisitions are increasingly conducting cyber due-diligence.

Aviation Industry Seeks to Strengthen Cybersecurity Defenses (Fox Business) Escalating concerns about cyberthreats are prompting the aviation industry to devise an unlikely new safeguard: real-time warnings to pilots about potential hacking attempts.

Inside Microsoft's AI Comeback (WIRED) Yoshua Bengio has never been one to take sides.

Microsoft Makes Edge Browser a Permanent Part of Its Bug Bounty Program (BleepingComputer) Microsoft promoted today the Edge browser to a permanent spot in its bug bounty program, in which, Edge was only part in a limited role.

Egnyte Achieves Profitability, But Growth Is Elusive (Seeking Alpha) Egnyte has managed to achieve profitability - a rare feat in its industry. Still, Egnyte needs to find some strategic levers of growth relatively soon, as it is

Palo Alto Networks Inc. in 5 Charts (The Motley Fool) Here's the cybersecurity specialist's business visualized through a few key trends investors will want to watch.

FireEye Inc. in 5 Charts (Madison) Cybersecurity software specialist FireEye (NASDAQ: FEYE) has big plans for 2017. Despite sharply slowing sales growth, the company aims to reach operating profitability while generating positive cash flow this year.

Better Buy: General Dynamics Corporation vs. Raytheon (The Motley Fool) Which defense contractor is smarter for investors right now? Find out here.

Intel Is Teaming With This Israeli Cybersecurity Incubator (Fortune) Israel is home to approximately 450 cyber startups.

Md. Commerce, UMBC to Launch International Cybersecurity Center (Southern Maryland Online) The center will provide an executive training session, a 12-month incubator program, and other support to companies from the United Kingdom and other allied nations, to help them establish a foothold in the U.S. market.

CACI, American Cyber Win DoD Award for Mentor-Protege Program (GovCon Executive) CACI International and American Cyber have received the Defense Department’s Nunn-Perry Award for th

Silent Circle Announces Vital Leadership Team Additions to Invigorate Enterprise Growth (Telecom Reseller) Continues to advance secure business communications through a unique suite of revolutionary solutions

SentinelOne Hires Former Cylance Head of Sales for Global Sales Leadership Role (Marketwired) "Nick has a deep understanding of the endpoint market, and shares our vision to continue and shape what cyber security will look like in the future.

Comodo Announces Former White House CIO Carlos Solari as New VP of Cyber Security Services (PRNewswire) Comodo, a global innovator and developer of cybersecurity solutions and...

Products, Services, and Solutions

Darktrace AI technology now applied to M&A cyber security due diligence process (Cambridge Network) News from Cambridge businesses. Network members upload news here about their products, services and achievements.

Flawless defence – how Glasswall protected itself from a cyber attack (Information Age) How can a business protect itself from a cyber attack? In a unique case study, Glasswall Solutions may have the answer

Sophos to Secure Konica Minolta's 'Workplace Hub' (News18) Global software security firm Sophos on Wednesday announced a partnership with Japan-based Konica Minolta to secure its popular platform "Workplace Hub".

GoDaddy Launches New Website Security Products Powered By Sucuri (PRNewswire) GoDaddy Inc. (NYSE: GDDY), the world's largest technology provider...

Quick Heal Technologies’ Seqrite unveils latest version of End-Point Security (Udaipur Kiran) Quick Heal Technologies’ Seqrite has launched more refined and enriched version of Seqrite End-Point...

New Illumio Technology Offers New Encryption Options To Protect Customers' Traffic In Hybrid Cloud Environments (PRNewswire) Illumio today announced its SecureConnect policy-based IPsec...

Technologies, Techniques, and Standards

Cyber security experts team up with grid to protect Europe (Energy Live News) A cyber security organisation and power grid operators have teamed up to protect Europe against cyber attacks.

Application Security in the Cloud: Who’s Responsible? (A10 Networks) We’ve all heard about the benefits of cloud infrastructure: improved productivity, cost savings, efficiency, agility and a host of other buzzwords that paint cloud as the be all, end all for IT.

Design and Innovation

This add-on could save millions of cars from hackers (Roadshow) A cyberdefense system that protects phones, printers and routers could soon help keep cars safe.

From Yelp reviews to mango shipments: IBM's CEO on how blockchain will change the world (Business Insider) Ginni Rometty says IBM's use of blockchain goes well beyond bitcoin and cryptocurrencies.

Research and Development

KT and KIST Establish Quantum Communication Application Research Center to Quickly Catch up to Advanced Technologies (ET News) KT officially declared development of quantum cryptography communication technology which is expected to contribute in forming an ecosystem of applicable South Korean industries for quantum cryptograp

Academia

More Universities Add Blockchain Courses to Meet Market Demand (NASDAQ) In recent months, there has been a surge in the demand for blockchain professionals . Data from the professional networking site LinkedIn has shown that blockchain related job postings have tripled in the last 12 months.

Legislation, Policy, and Regulation

Trump huddles with national security staff on how to protect the electric grid (Washington Examiner) Representatives from the European Union, Mexico and Canada will address the forum, in addition to energy and utility trade groups and state...

Queen’s Speech praised for certainty on data protection (ComputerWeekly) The Queen’s Speech has been praised for removing any doubt about the UK’s commitment to data protection.

Queen's Speech: UK tech reacts to Digital Charter, Brexit & data protection (Computer Business Review) CBR has compiled a list of reactions from professionals in the tech industry to the Queen's Speech that outlined the plans and priorities of the Government.

New French armed forces minister named day after Goulard's resignation (Defense News) The French president’s office has appointed a director of the state-owned SNCF railway operator as the minister of armed forces, replacing Sylvie Goulard, who unexpectedly resigned June 20.

Canada’s NSA is gaining the power to launch cyber attacks worldwide (Vice) New legislation will give CSE new powers to launch cyber attacks and tap the very core of the internet

Trump's cyber deterrence is a lot like Obama's (C4ISRNET) The Trump administration's approach to cyber deterrence closely mirrors that of the Obama administration's.

Job openings focusing on IT (Federal Times) CIO.gov has listed three available IT focused job openings.

DISA Describes Cyber Challenges, Requirements (IT Business Net) When it comes to security, a lot rides on the blossoming ecosystem known as the Internet of Things that will influence just about every part of society.

Litigation, Investigation, and Law Enforcement

Congress hears sinister tale of Russia election meddling (Fifth Domain | Cyber) Current and former government officials painted a sinister portrait Wednesday of Russian cyberattacks on the United States aimed at interfering in the U.S. presidential election last year.

DHS official: Election systems in 21 states were targeted in Russia cyber attacks (CBS News) In Senate Intel hearing, Homeland Security official says no systems targeted in the election were involved in vote tallying

US officials underscore Russia threat to 2016 elections (Military Times) U.S. officials sought Wednesday to underscore for lawmakers the threat Russia posed to the 2016 vote for the White House, outlining efforts to hack into election systems in 21 states and to fill the internet with misinformation during a divisive campaign season.

U.S. Elections Systems Vulnerable, Lawmakers Told In Dueling Hearings (NPR) Jeh Johnson, Homeland Security secretary during the 2016 election, testified before the House Intelligence Committee while the Senate Intelligence Committee heard from cybersecurity experts.

Former head of Homeland Security testifies on Russian interference in 2016 election (Los Angeles Times) Former Secretary of Homeland Security Jeh Johnson defended the Obama administration’s delay in revealing Russian attempts to interfere with the 2016 election in a Senate hearing Wednesday.

Watch: Former Homeland Security chief Jeh Johnson testifies on Russia meddling (Los Angeles Times) Update on 'Trump revels after Republicans eke out victories in Georgia and South Carolina House races'

Obama’s DHS Secretary Slams DNC Obstinance on Hacks (LifeZette) Former Secretary of Homeland Security Jeh Johnson hammered the Democratic National Committee on Wednesday for its failure to cooperate with the investigation into Russian hacking of its computer system.

Analysis | Obama’s homeland security secretary just unloaded on the DNC (Washington Post) “It would be easy for me to say that I should have bought a sleeping bag and camped out in front of the DNC in late summer,” Jeh Johnson said.

5 lessons from Senate hearing on election hacking, including whether Trump is really president (Fifth Domain | Cyber) The Senate Intelligence Committee gathered two expert panels on Thursday for a discussion of the past, present and future of Russian interference in elections

5 Questions Ahead Of The Election Hacking Hearings (NPR) Russia's efforts to interfere with last year's elections will be front and center during two hearings on Capitol Hill on Wednesday.

Microsoft admits Windows 10 disables third-party security software (ComputerWeekly) Microsoft has admitted Windows 10 disables some third-party security software, but claims this is purely because of compatibility issues.

Microsoft briefly disables anti-virus software for Windows 10 - BBC News (BBC News) The software giant responds to Kaspersky Lab's anti-trust complaint to the European Commission.

Microsoft Admits to One Kaspersky Allegation (Thurrott.com) Microsoft has posted a public response, of sorts, to recent allegations by Kaspersky Lab.

'Manufacturers must be liable for IoT data breaches', argues Malwarebytes (Computing) With IoT security still a low priority, should manufacturers change their approach?

Virginia sues Northrop Grumman for $300 million in dueling IT divorce suits (Richmond Times-Dispatch) The impending divorce between Virginia’s information technology agency and Northrop Grumman is getting more expensive, but the question is who will pay the bill.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Global Insider Threat Summit (London, England, UK, June 22, 2017) Companies are spending millions on cybersecurity, but breaches are still on the rise. Multinational enterprises, small businesses, healthcare organizations, and even national governments are all feeling...

Chertoff Group Security Series: Security in the Boardroom (East Palo Alto, California, USA, June 22, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the...

Cyber Week (Tel Aviv, Israel, June 25 - 29, 2017) Bringing together international cybersecurity experts and enthusiasts, Cyber Week provides the opportunity to gain insight into the latest global developments in cybersecurity. The conference welcomes...

cybergamut Tech Tuesday (Elkridge, Maryland, USA, June 27, 2017) The cyber security universe remains an increasing and dynamic threat to the American national infrastructure. This presentation provides a quantitative analysis of the attacks seen by IBM and the thousands...

O’Reilly Artificial Intelligence Conference (New York, New York, USA, June 27 - 29, 2017) From bots and agents to voice and IoT interfaces, learn how to implement AI in real-world projects, and explore what the future holds for applied artificial intelligence engineering.

SIA GovSummit (Washington, DC, USA, June 28 - 29, 2017) The 2017 SIA GovSummit focuses on how government leverages security technologies to drive success across a wide spectrum of missions. Held annually in Washington, the Security Industry Association's government...

2017 Community College Cyber Summit (C3S) (National Harbor, Maryland, USA, June 28 - 30, 2017) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Four tracks are available for college faculty and administrators, IT faculty who are involved or who...

Cyber Security Summit: DC (Washington, DC, USA, June 29, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: DC. Receive 50%...

SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives. (New York, New York, USA, June 29, 2017) SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.

CyberSecurity International Symposium (Chcago, Illinois, USA, July 10 - 11, 2017) The Symposium will take an in-depth look at the latest cyber security threats and trends, as well as real-world strategies for securing critical networks and data in enterprise, commercial, government...

East Midlands Cyber Security Conference and Expo (Leicester, England, UK, July 11, 2017) The conference and expo will bring together over 150 businesses, information security providers and key influencers to discuss the threats posed by online criminals and the practical ways in which business...

Electronic Warfare Olympics & Symposium (Colorado Springs, Colorado, USA, July 13 - 14, 2017) The 2017 Electronic Warfare Olympics & Symposium will improve the capability, and marketability, of spectrum warriors by building the local EW/IO community. and bringing awareness to the capabilities in...

3rd Edition CISO Summit India 2017 (Mumbai, India, July 14, 2017) Cyber security has gone through a tremendous change over the last couple of months. Ecosystem disruptions like demonetization, emergence of payment banks and fintech play have put technology as the sine...

CYBERCamp2017 (Herndon, Virginia, USA, July 17 - 28, 2017) Always wondered what “cyber attacks” really are? How a special group of cyber warriors protect and defend our banks, stores, and electric plants every second? Join experts from the FBI and the foremost...

National Insider Threat Special Interest Group - Insider Threat Symposium & Expo (Laurel, Maryland, USA, July 18, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce that it will hold a 1 day Insider Threat Symposium & Expo (ITS&E), on July 18, 2017, at the Johns Hopkins University Applied...

2nd Annual Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 18, 2017) The 2017 Billington Automotive Cybersecurity summit will build on the 2016 inaugural summit that brought together a who’s who of speakers including the CEO of GM and the Secretary of Transportation, prestigious...

SANSFIRE 2017 (Washington, DC, USA, July 22 - 29, 2017) Now is the time to advance your career and develop skills to better protect your organization. At SANSFIRE 2017, choose from over 45 hands-on, immersion-style security training courses taught by real-world...

ISSA CISO Executive Forum: Security Awareness and Training--Enlisting your entire workforce into your security team (Las Vegas, Nevada, USA, July 23 - 24, 2017) The gap in Security skills in the workforce have put the pinch on Security teams. Join us to learn how to get lean by empowering the rest of your organization to understand and manage security risks. We’ll...

AFA CyberCamp (Pittsburgh, Pennsylvania, USA, July 24 - 28, 2017) The AFA CyberCamp program is designed to excite students new to cybersecurity about STEM career opportunities and teach them important cyber defense skills through hands-on instruction and activities.

Cross Domain Support Element Summer Workshop 2017 (Laurel, Maryland, USA, July 25 - 26, 2017) The Unified Cross Domain Services Management Office (UCDSMO) is presenting a two-day workshop for the benefit of the Cross Domain Support Element (CDSE) Offices, and the personnel who support them. Topics...

Black Hat USA 2017 (Las Vegas, Nevada, USA, July 26 - 27, 2017) Now in its 20th year, Black Hat is the world’s leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2017 kicks off with four days...

RSA Conference 2017 Asia Pacific & Japan (Singapore, July 26 - 28, 2017) RSA Conference 2017 Asia Pacific & Japan is the leading information security event in the region. Join us for three days of high quality education, engaging content and valuable networking. Get exposure...

North American International Cyber Summit (Detroit, Michigan, USA, July 30, 2017) In its sixth year, the cyber summit brings together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic...

Cyber Texas (San Antonio, Texas, USA, August 1 - 2, 2017) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.